From gnutls-devel at lists.gnutls.org Wed Sep 4 12:22:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Sep 2024 10:22:03 +0000 Subject: [gnutls-devel] GnuTLS | configure issues: syntax error during faketime detection, --without-brotli not working (#1576) References: Message-ID: Tim Kosse created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1576 Both issues observed in GnuTLS 3.8.7 1. Missing quotes around backtick expansion results in a syntax error if faketime exists but is not working): ``` ./configure: line 12286: test: =: unary operator expected ``` 2. Even with --without-brotli, the HAVE_LIBBROTLI automake conditional is still set, resulting in a compile error later on if there is no libbrotli The attached patch to configure.ac addresses both issues, please use it as you see fit. [configure.ac.diff](/uploads/f9b7e05d73c97a472402f6d129e792e4/configure.ac.diff) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1576 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Sep 5 13:14:17 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Sep 2024 11:14:17 +0000 Subject: [gnutls-devel] GnuTLS | SEGFAULT in libgnutls30 during multithreaded call of `gnutls_record_send` (#1567) In-Reply-To: References: Message-ID: Moritz Schneider commented: https://gitlab.com/gnutls/gnutls/-/issues/1567#note_2091862824 @dueno Thank you for your comment! I've initialized gnuTLS with `GNUTLS_NO_AUTO_REKEY` and since then I've seen no SEGFAULT yet. So I guess we can close this issue. If I will see a SEGFAULT again ? which I currently not expect ? I can reopen this issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1567#note_2091862824 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 7 13:57:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Sep 2024 11:57:06 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2095005634 > [[void *handle = dlopen("$M_LIBRARY_SONAME", RTLD_LAZY | RTLD_GLOBAL); > return handle != NULL ? 0 : 1; > ]])], > - [ac_cv_dlopen_soname_works=yes], > - [ac_cv_dlopen_soname_works=no], > + [ac_cv_dlopen_soname_works=yes] > + [AC_MSG_RESULT(yes)], OK -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2095005634 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 7 13:57:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Sep 2024 11:57:06 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: All discussions on merge request !1870 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 7 14:12:15 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Sep 2024 12:12:15 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Andreas Metzler marked merge request !1870 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 7 17:39:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Sep 2024 15:39:26 +0000 Subject: [gnutls-devel] GnuTLS | configure issues: syntax error during faketime detection, --without-brotli not working (#1576) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/issues/1576#note_2095097246 Part 2 of the patch was superseded by !1870. I have now also integrated the first part there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1576#note_2095097246 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 9 08:29:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Sep 2024 06:29:50 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2095702781 > fi > -AM_CONDITIONAL(HAVE_ZLIB, test "$ac_zlib" != "no") > +AM_CONDITIONAL(HAVE_LIBZ, test "$ac_zlib" != "no") I would prefer the other way around; spell ZLIB everywhere instead of LIBZ. The only reason why it was written as LIBZ is that Gnulib's havelib module [uses](https://git.savannah.gnu.org/cgit/gnulib.git/plain/m4/lib-link.m4) that convention, though we are switching away from it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 9 08:29:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Sep 2024 06:29:50 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Merge request !1870 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 Project:Branches: ametzler/gnutls:2024-tmp-choose-dlopen to gnutls/gnutls:master Author: Andreas Metzler Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 9 08:29:49 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Sep 2024 06:29:49 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2095702788 Looks good to me, except a minor nit; thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2095702788 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 9 09:16:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Sep 2024 07:16:07 +0000 Subject: [gnutls-devel] GnuTLS | SEGFAULT in libgnutls30 during multithreaded call of `gnutls_record_send` (#1567) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1567: https://gitlab.com/gnutls/gnutls/-/issues/1567 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1567 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 9 09:16:06 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Sep 2024 07:16:06 +0000 Subject: [gnutls-devel] GnuTLS | SEGFAULT in libgnutls30 during multithreaded call of `gnutls_record_send` (#1567) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1567#note_2095770498 Thanks for confirming. Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1567#note_2095770498 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 9 19:54:26 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Sep 2024 17:54:26 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2096910048 > AC_DEFINE([HAVE_LIBZ], 1, [Define if ZLIB compression is enabled.]) > need_ltlibdl=yes > fi > -AM_CONDITIONAL(HAVE_ZLIB, test "$ac_zlib" != "no") > +AM_CONDITIONAL(HAVE_LIBZ, test "$ac_zlib" != "no") I flipped a coin ... the wrong way. ;-) Will change. ZLIB is a little bit nicer indeed, `grep HAVE_ZLIB` will not match HAVE_LIBZSTD like HAVE_LIBZ did. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2096910048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 10 13:13:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Sep 2024 11:13:54 +0000 Subject: [gnutls-devel] GnuTLS | TEST FOR PR (!1874) References: Message-ID: SATHISHKUMAR E created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1874 Project:Branches: sathishadhirav/gnutls:master to gnutls/gnutls:master Author: SATHISHKUMAR E * TEST FOR PR ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1874 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 10 14:59:35 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Sep 2024 12:59:35 +0000 Subject: [gnutls-devel] GnuTLS | TEST FOR PR (!1874) In-Reply-To: References: Message-ID: Merge request !1874 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1874 Project:Branches: sathishadhirav/gnutls:master to gnutls/gnutls:master Author: SATHISHKUMAR E Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1874 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 10 15:36:43 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Sep 2024 13:36:43 +0000 Subject: [gnutls-devel] GnuTLS | Investigate the performance of FIPS self-tests (#1577) References: Message-ID: Zolt?n Fridrich created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1577 The FIPS self-tests seem to be running for too long. Approximately 10x longer then openssl self-tests. Investigate what is causing such a long running time in gnutls self-tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1577 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Sep 12 20:24:16 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Sep 2024 18:24:16 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) References: Message-ID: David Meliksetyan created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1578 ## Potential problem In **/src/benchmark-tls.c** the value `total_diffs_size` is used as an index when accessing an element of array `total_diffs`, which size is 32768. https://gitlab.com/gnutls/gnutls/-/blob/3.8.3/src/benchmark-tls.c#L568 At the same time we check, that the index value is not greater than 32768, but the problem is, that we do so after accessing an array element. https://gitlab.com/gnutls/gnutls/-/blob/3.8.3/src/benchmark-tls.c#L570-572 This means that a situation may arise in which the index value will be equal to 32768, and the program will not have time to react, and we will try to access outside the array, which can lead to unpredictable results. ## Possible solution Given that in your implementation of the code, the index value is incremented by 1 immediately after accessing the array, the problem can be solved by simply adding one character to the conditional test statement: `if (total_diffs_size >= sizeof(total_diffs) / sizeof(total_diffs[0]))` In that case maximum allowed value of `total_diffs_size` will be 32767. Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE. Author D. Meliksetyan. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Sep 12 21:22:42 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Sep 2024 19:22:42 +0000 Subject: [gnutls-devel] GnuTLS | Dereference of null at privkey.c (gnutls version - 3.8.3) (#1579) References: Message-ID: David Meliksetyan created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1579 ## Potential problem By defining `p` in **/lib/privkey.c**, we dereference the `privkey` pointer. https://gitlab.com/gnutls/gnutls/-/blob/3.8.3/lib/privkey.c#L1922 At the same time there is a check that `privkey` is not `NULL`, but it is located after the dereference. This carries the risk of null dereferencing. https://gitlab.com/gnutls/gnutls/-/blob/3.8.3/lib/privkey.c#L1924-1927 ## Possible solution If I correctly assumed this as a mistake, to fix it, it will be enough to replace the dereference line and the check in places. Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE. Author D. Meliksetyan. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 13 02:29:35 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Sep 2024 00:29:35 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2103009543 Thank you for reporting this; the proposed solution makes sense. Would you like to file a merge request? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2103009543 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 13 02:31:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Sep 2024 00:31:07 +0000 Subject: [gnutls-devel] GnuTLS | Dereference of null at privkey.c (gnutls version - 3.8.3) (#1579) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1579#note_2103010319 Thank you for the report; yes, the solution makes sense. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1579#note_2103010319 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 13 02:32:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Sep 2024 00:32:55 +0000 Subject: [gnutls-devel] GnuTLS | Dereference of null at privkey.c (gnutls version - 3.8.3) (#1579) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1579 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 13 02:32:24 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Sep 2024 00:32:24 +0000 Subject: [gnutls-devel] GnuTLS | configure issues: syntax error during faketime detection, --without-brotli not working (#1576) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1576 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 13 02:32:42 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Sep 2024 00:32:42 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 13 10:03:45 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Sep 2024 08:03:45 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) In-Reply-To: References: Message-ID: David Meliksetyan commented: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2103480802 Good afternoon, yes, I will create merge request within a day. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2103480802 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 13 14:12:50 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 13 Sep 2024 12:12:50 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) In-Reply-To: References: Message-ID: David Meliksetyan commented: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2103913591 Sorry to bother you, but I don't really have an experience at working with merge requests. I tried to commit my changes, but got an error, could you please explain me what am I doing wrong? ![image](/uploads/dba7ed3b5d743753e446dbbecdcfdc1e/image.png){width=355 height=74} -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2103913591 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 14 14:40:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Sep 2024 12:40:39 +0000 Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c (!1875) References: Message-ID: David Meliksetyan created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875 Project:Branches: d.meliksetyan/gnutls:master to gnutls/gnutls:master Author: David Meliksetyan * Fixed the check at src/benchmark-tls.c (related issue - #1578 ) Sign-off-by: David Meliksetyan ## Checklist * [*] Commits have `Signed-off-by:` with name/author being identical to the commit author * [*] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 14 14:44:32 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Sep 2024 12:44:32 +0000 Subject: [gnutls-devel] GnuTLS | Overflow at benchmark-tls.c (gnutls version - 3.8.3) (#1578) In-Reply-To: References: Message-ID: David Meliksetyan commented: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2104955865 Created a merge request from a fork project. I haven't work with merge requests before, so i hope I did everything correctly. https://gitlab.com/gnutls/gnutls/-/merge_requests/1875 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1578#note_2104955865 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 15 04:39:39 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Sep 2024 02:39:39 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file() moves file descriptor offset while sending (#1580) References: Message-ID: Brian Denton created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1580 ## Description of problem: gnutls_record_send_file() moves file descriptor offset while sending, this impacts multi-threading applications that hold a single file descriptor open with multiple concurrent sendfile()s. I thought about creating a patch to change read() to pread(), however win32 does not have pread() available so I don't know what the desired approach would be. ## Version of gnutls used: 3.8.0 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Gentoo Linux -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1580 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 15 04:43:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Sep 2024 02:43:47 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file() moves file descriptor offset while sending (#1580) In-Reply-To: References: Message-ID: Brian Denton commented: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2105176178 To clarify I mean with a non-NULL offset, and without KTLS, the traditional fallback is broken. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2105176178 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 16 00:07:36 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 15 Sep 2024 22:07:36 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file() (non-NULL offset) moves file descriptor offset while sending without KTLS (#1580) In-Reply-To: References: Message-ID: Brian Denton commented: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2111151694 Adding random thought to further clarify this bug. Using ReadFile() on windows with a synchronous non-NULL lpOverlapped would work for win32, so it is not like it is impossible, I just don't know what approach would be favoured (i.e. make some header inlined pread() for windows which uses ReadFile() or something). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2111151694 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 17 14:20:15 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Sep 2024 12:20:15 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file() (non-NULL offset) moves file descriptor offset while sending without KTLS (#1580) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2114808201 Hello, could you please be more specific on what properties are you trying to achieve? The issue confuses me. My understanding is that you pass a single fd to multiple gnutls_record_send_file in a multithreaded scenario. What is actually written in this case? What's the order? What's your expectation on (not) advancing the fd? What is it rooted in, does sendfile(2) have guarantees on such multithreaded usage? Where can I read more about them? If it's somehow well-defined behaviour and fd should not be advanced, that sounds like it's gonna be very limiting wrt the gnutls_record_send_file implementation, to say the least. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2114808201 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 17 19:50:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Sep 2024 17:50:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file() (non-NULL offset) moves file descriptor offset while sending without KTLS (#1580) In-Reply-To: References: Message-ID: Brian Denton commented: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2115433664 >My understanding is that you pass a single fd to multiple gnutls_record_send_file in a multithreaded scenario. Exactly! >What's your expectation on (not) advancing the fd? What is it rooted in, does sendfile(2) have guarantees on such multithreaded usage? This is covered in the man page for sendfile() (see "If offset is not NULL"), since you know it is in section 2 and are still skeptical I went above and beyond and made a test program that can confirm the syscall works with multithreading (I can post a link here later today). What happens with gnutls is I was straceing my server to see if the async IO is working properly https://www.bernmern.ca/programs/linux/bernweb/ and noticed read() and lseek() syscalls originating from gnutls(). I expect gnutls_record_send_file() to work like sendfile(), and like the documentation implies: >If offset is NULL then file offset is incremented by number of bytes send, otherwise file offset remains unchanged. https://www.gnutls.org/reference/gnutls-gnutls.html#gnutls-record-send-file -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2115433664 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 17 20:08:45 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Sep 2024 18:08:45 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file() (non-NULL offset) moves file descriptor offset while sending without KTLS (#1580) In-Reply-To: References: Message-ID: Brian Denton commented: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2115457346 Also there is an obvious difference in behaviour between gnutls_record_send_file() in /lib/record.c and _gnutls_ktls_send_file() in /lib/system/ktls.c Also I just now realized that you would have to pass in a posix file descriptor on windows (from open() or _open() not a file handle) and I don't know how many people are using that. (still workable to support win32 with _get_osfhandle()) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2115457346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 18 12:59:41 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Sep 2024 10:59:41 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_record_send_file() (non-NULL offset) moves file descriptor offset while sending without KTLS (#1580) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2116790085 Thanks for the explanation, I see now. Didn't click for me that offset-the-argument is being passed. Indeed, if not advancing fd is being claimed, then concurrency doesn't matter and multiple concurrent sendfiles with the offset passed should work and the fd should not be advanced. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1580#note_2116790085 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 20 16:06:10 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Sep 2024 14:06:10 +0000 Subject: [gnutls-devel] GnuTLS | nettle: fail OAEP decryption on unknown hash (!1876) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876 Project:Branches: asosedkin/gnutls:oaep-unkn-hash to gnutls/gnutls:master Author: Alexander Sosedkin nettle: fail OAEP decryption on unknown hash _rsa_oaep_decrypt() "returns 1 on success; 0 otherwise", but here we've returned non-zero on using an unsupported hash. This confused the error reporting into thinking gnutls_privkey_decrypt_data() has succeeded, while it hasn't. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 20 23:06:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Sep 2024 21:06:21 +0000 Subject: [gnutls-devel] GnuTLS | nettle: fail OAEP decryption on unknown hash (!1876) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876#note_2122730867 Good catch, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876#note_2122730867 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 20 23:06:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Sep 2024 21:06:09 +0000 Subject: [gnutls-devel] GnuTLS | nettle: fail OAEP decryption on unknown hash (!1876) In-Reply-To: References: Message-ID: Merge request !1876 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876 Project:Branches: asosedkin/gnutls:oaep-unkn-hash to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 21 13:08:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Sep 2024 11:08:57 +0000 Subject: [gnutls-devel] GnuTLS | nettle: fail OAEP decryption on unknown hash (!1876) In-Reply-To: References: Message-ID: Merge request !1876 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876 Project:Branches: asosedkin/gnutls:oaep-unkn-hash to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 21 13:09:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Sep 2024 11:09:05 +0000 Subject: [gnutls-devel] GnuTLS | nettle: fail OAEP decryption on unknown hash (!1876) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1876 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 21 13:13:46 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Sep 2024 11:13:46 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2123123048 > AC_DEFINE([HAVE_LIBZ], 1, [Define if ZLIB compression is enabled.]) > need_ltlibdl=yes > fi > -AM_CONDITIONAL(HAVE_ZLIB, test "$ac_zlib" != "no") > +AM_CONDITIONAL(HAVE_LIBZ, test "$ac_zlib" != "no") Changed to HAVE_ZLIB in latest revision. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2123123048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 21 13:13:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 21 Sep 2024 11:13:48 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: All discussions on merge request !1870 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 22 03:36:07 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Sep 2024 01:36:07 +0000 Subject: [gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877) References: Message-ID: Jeff Mattson created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877 Project:Branches: sei-jmattson/gnutls:fix-ocsp-checking-when-multiple-records to gnutls/gnutls:master Author: Jeff Mattson * check all ocsp response records for cert serial number Signed-off-by: Jeff Mattson ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code ## Discussion OCSP verification fails when the certificate in question does not match the first response record of a stapled OCSP response. Some servers return a stapled ocsp response with multiple certificate status records, and this codebase only compares the certificate with the first response record. Since Ubuntu builds `git` with `gnuTLS`, this leaves a large population needing to rebuild git with OpenSSL or turning off ssl verification in order to work with some (well established) server's that staple multiple cert status in an OSCP response. This MR changes the ocsp checking behavior by ignoring the `indx` parameter (which in this codebase is always set to 0) and instead iterating through the responses for a record with a matching certificate serial number. The `indx` parameter remains in order to preserve the api, but ignoring it is not a breaking change since the new behavior matches the previous behavior (where it was working). For external clients of this api that do actually pass in an index, it might cost negligible performance iterating to find the same index that was passed in. This issue was also reported in #1372. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 22 07:24:49 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Sep 2024 05:24:49 +0000 Subject: [gnutls-devel] GnuTLS | configure issues: syntax error during faketime detection, --without-brotli not working (#1576) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with commit 5a810a4654cdfd20b82afd22c6764bc8b1bd2193 Issue #1576: https://gitlab.com/gnutls/gnutls/-/issues/1576 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1576 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 22 07:24:45 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Sep 2024 05:24:45 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2123535284 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870#note_2123535284 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 22 07:24:49 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Sep 2024 05:24:49 +0000 Subject: [gnutls-devel] GnuTLS | Choose whether to link or dlopen helper libraries (!1870) In-Reply-To: References: Message-ID: Merge request !1870 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 Project:Branches: ametzler/gnutls:2024-tmp-choose-dlopen to gnutls/gnutls:master Author: Andreas Metzler -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1870 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 24 03:35:24 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 01:35:24 +0000 Subject: [gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2125808464 Thank you for the patch, though I'm not sure if it is a good idea to modify the API behavior. Looking at the current `gnutls_ocsp_resp_check_crt`, it returns `GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE` iff the `indx` is out of range, so we could let the caller iterate by its own: ```c for (indx = 0; ; indx++) { ret = gnutls_ocsp_resp_check_crt(resp, indx, cert); if (ret == 0 || ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; } if (ret < 0) /* error: no matching response */ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2125808464 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 24 17:00:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 15:00:21 +0000 Subject: [gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877) In-Reply-To: References: Message-ID: Jeff Mattson commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2127322149 Sounds good to me, thanks. I've applied that throughout. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2127322149 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 24 21:23:09 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 19:23:09 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.8.7 needs dlwrap (so rust and clang) (#1581) References: Message-ID: Ross Burton created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1581 I'd like to object to the use of dlwrap by gnutls. I understand the utility of dynamically loading libraries but this implementation: 1) Isn't listed in the NEWS file at all 2) Means a build-time dependency on rust and clang 3) Means we can't statically link to these libraries at all (1) means that what looks like a small point release is a vastly larger undertaking. (2) is a big deal for source-based distributions. (3) can be a big problem for people who want a self-contained library that isn't dependent on other files on disk. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 24 22:25:01 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 20:25:01 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.8.7 needs dlwrap (so rust and clang) (#1581) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1581#note_2127816964 I would say (2) is a misunderstanding; dlwrap is a passive code generator and you don't need it at build-time (as in [parse-autogen](https://gitlab.com/dueno/parse-autogen) we used to migrate away from AutoGen). dlwrap generates 3 files: loader implementation (e.g., [brotlidec.c](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/dlwrap/brotlidec.c?ref_type=heads) and [brotlidec.h](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/dlwrap/brotlidec.h?ref_type=heads)), and function list (e.g., [brotlidecfuncs.h](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/dlwrap/brotlidecfuncs.h?ref_type=heads)). The former is a copy from the [templates](https://github.com/ueno/dlwrap/tree/main/templates) with symbol renaming, while the latter is merely a list of function prototypes which *could* be built manually (like Go OpenSSL binding [shims](https://github.com/golang-fips/openssl/blob/731002f4e0696e1731d4a94b5cd1205980a30f4b/shims.h#L173)); all of those files are committed to the repository and included in the tarball. (3) is being fixed with !1870. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1581#note_2127816964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 24 23:13:35 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 21:13:35 +0000 Subject: [gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877) In-Reply-To: References: Message-ID: Merge request !1877 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877 Project:Branches: sei-jmattson/gnutls:fix-ocsp-checking-when-multiple-records to gnutls/gnutls:master Author: Jeff Mattson Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 24 23:13:57 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 21:13:57 +0000 Subject: [gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2127884370 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877#note_2127884370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Sep 24 23:14:03 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 21:14:03 +0000 Subject: [gnutls-devel] GnuTLS | check all ocsp response records for cert serial number (!1877) In-Reply-To: References: Message-ID: Merge request !1877 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877 Project:Branches: sei-jmattson/gnutls:fix-ocsp-checking-when-multiple-records to gnutls/gnutls:master Author: Jeff Mattson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1877 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 00:30:02 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 22:30:02 +0000 Subject: [gnutls-devel] GnuTLS | Check all OCSP responses (#1372) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1372: https://gitlab.com/gnutls/gnutls/-/issues/1372 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 00:30:02 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 22:30:02 +0000 Subject: [gnutls-devel] GnuTLS | Check all OCSP responses (#1372) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1372#note_2127936183 Fixed in !1877. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1372#note_2127936183 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 00:30:32 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Sep 2024 22:30:32 +0000 Subject: [gnutls-devel] GnuTLS | Check all OCSP responses (#1372) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 04:31:17 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 02:31:17 +0000 Subject: [gnutls-devel] GnuTLS | devel/generate-dlwrap.sh: remove --clang-resource-dir option (!1878) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878 Project:Branches: dueno/gnutls:wip/dueno/dlwrap-doc to gnutls/gnutls:master Author: Daiki Ueno This makes it clear that dlwrap is not a build-time dependency but a one-time passive code generator. Fixes: #1581 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1878 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 08:05:55 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 06:05:55 +0000 Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c (!1875) In-Reply-To: References: Message-ID: Merge request !1875 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875 Project:Branches: d.meliksetyan/gnutls:master to gnutls/gnutls:master Author: David Meliksetyan Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 08:09:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 06:09:40 +0000 Subject: [gnutls-devel] GnuTLS | Fixed the check at src/benchmark-tls.c (!1875) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875#note_2128342543 Thank you! Seems like the CI pipeline is stuck because of user verification (as in https://gitlab.com/gnutls/gnutls/-/merge_requests/1871#note_2077089645). Would it be possible to overcome it by following the [guide](https://docs.gitlab.com/ee/security/identity_verification.html), or I can create a separate MR (with the same commit) for you? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1875#note_2128342543 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 09:07:37 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 07:07:37 +0000 Subject: [gnutls-devel] GnuTLS | tests/ktls: skip CHACHA20-POLY1305 in FIPS mode (!1879) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879 Project:Branches: asosedkin/gnutls:tests-ktls-fips-skip-chacha to gnutls/gnutls:master Author: Alexander Sosedkin * tests/ktls: skip CHACHA20-POLY1305 in FIPS mode Signed-off-by: Alexander Sosedkin ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 09:49:20 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 07:49:20 +0000 Subject: [gnutls-devel] GnuTLS | tests/ktls: skip CHACHA20-POLY1305 in FIPS mode (!1879) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879#note_2128487372 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879#note_2128487372 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 09:49:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 07:49:27 +0000 Subject: [gnutls-devel] GnuTLS | tests/ktls: skip CHACHA20-POLY1305 in FIPS mode (!1879) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 09:48:52 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 07:48:52 +0000 Subject: [gnutls-devel] GnuTLS | tests/ktls: skip CHACHA20-POLY1305 in FIPS mode (!1879) In-Reply-To: References: Message-ID: Merge request !1879 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879 Project:Branches: asosedkin/gnutls:tests-ktls-fips-skip-chacha to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 09:49:11 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 07:49:11 +0000 Subject: [gnutls-devel] GnuTLS | tests/ktls: skip CHACHA20-POLY1305 in FIPS mode (!1879) In-Reply-To: References: Message-ID: Merge request !1879 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879 Project:Branches: asosedkin/gnutls:tests-ktls-fips-skip-chacha to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 11:33:33 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 09:33:33 +0000 Subject: [gnutls-devel] GnuTLS | tests/ktls: skip CHACHA20-POLY1305 in FIPS mode (!1879) In-Reply-To: References: Message-ID: Merge request !1879 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879 Project:Branches: asosedkin/gnutls:tests-ktls-fips-skip-chacha to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 13:33:40 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 11:33:40 +0000 Subject: [gnutls-devel] GnuTLS | tests/key-material-set-dtls: retry send/recv on E_AGAIN/E_INTERRUPTED (!1880) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1880 Project:Branches: asosedkin/gnutls:tests-key-material-set-dtls-eagain to gnutls/gnutls:master Author: Alexander Sosedkin * tests/key-material-set-dtls: retry send/recv on E_AGAIN/E_INTERRUPTED ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1880 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 13:39:45 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 11:39:45 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.8.7 needs dlwrap (so rust and clang) (#1581) In-Reply-To: References: Message-ID: Ross Burton commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1581#note_2128907146 Re (2), I apologise for the misunderstanding. Thank you for clarifying. Is there a timeline for the release of 3.8.7 with !1870? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1581#note_2128907146 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 14:08:00 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 12:08:00 +0000 Subject: [gnutls-devel] GnuTLS | Use ELF notes to indicate what libraries will be dlopen()'d (#1582) References: Message-ID: Ross Burton created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1582 With the recent change to use dlwrap() for loading compression libraries, the gnutls library packages will no longer depend on the compression libraries. systemd has recently done the same thing with its core library and they attempted to solve the dependency issue by embedding ELF notes into the library which lists what libraries may be opened, so they can be recommended on at the package manager level. https://github.com/systemd/systemd/blob/main/docs/ELF_DLOPEN_METADATA.md Could you consider doing the same for gnutls? (although I imagine this would actually be done in dlwrap itself) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 14:10:38 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 12:10:38 +0000 Subject: [gnutls-devel] GnuTLS | Impossible to use dlwrap when cross compiling (#1583) References: Message-ID: Ross Burton created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1583 `configure.ac` uses `AC_TRY_RUN` to determine if `dlopen` works: ``` AC_RUN_IFELSE( [AC_LANG_PROGRAM( [[#include #include ]], [[void *handle = dlopen("$M_LIBRARY_SONAME", RTLD_LAZY | RTLD_GLOBAL); return handle != NULL ? 0 : 1; ]])], [ac_cv_dlopen_soname_works=yes], [ac_cv_dlopen_soname_works=no], [ac_cv_dlopen_soname_works=cross-compiling]) AM_CONDITIONAL([ENABLE_DLOPEN], [test "$ac_cv_dlopen_soname_works" = yes]) ``` This means that it's impossible to use dlwrap in cross-compilation environments. I suggest a `--with-dlwrap` option to explicitly select whether it should be enable or disabled, and fallback to detection. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1583 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 15:46:47 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 13:46:47 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.8.7 needs dlwrap (so rust and clang) (#1581) In-Reply-To: References: Message-ID: Ross Burton commented: https://gitlab.com/gnutls/gnutls/-/issues/1581#note_2129180627 I'm happy to close this, thanks for the response. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1581#note_2129180627 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 15:46:48 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 13:46:48 +0000 Subject: [gnutls-devel] GnuTLS | gnutls 3.8.7 needs dlwrap (so rust and clang) (#1581) In-Reply-To: References: Message-ID: Issue was closed by Ross Burton Issue #1581: https://gitlab.com/gnutls/gnutls/-/issues/1581 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1581 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Sep 25 17:34:54 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Sep 2024 15:34:54 +0000 Subject: [gnutls-devel] GnuTLS | tests/key-material-set-dtls: retry send/recv on E_AGAIN/E_INTERRUPTED (!1880) In-Reply-To: References: Message-ID: Merge request !1880 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1880 Project:Branches: asosedkin/gnutls:tests-key-material-set-dtls-eagain to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 09:50:17 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 07:50:17 +0000 Subject: [gnutls-devel] GnuTLS | bad_certificate instead of decode_error alert in compressed certificate (#1584) References: Message-ID: George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1584 ## Description of problem: When we send a compressed certificate message and we have additional bytes at the begging or end of the message that is not reflected in the compressed_certificate_message size then we get a bad_certificate alert instead of a decode_error alert. ## Version of gnutls used: gnutls-3.8.7 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL and Fedora ## How reproducible: Always Steps to Reproduce: * Run https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-client-certificate-compression.py against an GnuTLS server. ## Actual results: Tests "Additional bytes, *" from test-tls13-client-certificate-compression.py fail ## Expected results: Tests "Additional bytes, *" from test-tls13-client-certificate-compression.py will pass -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 09:53:32 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 07:53:32 +0000 Subject: [gnutls-devel] GnuTLS | bad_certificate instead of illegal_parameter alert in compressed certificate (#1585) References: Message-ID: George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1585 ## Description of problem: When a compressed certificate is used we send the following compressed certificate message: struct { CertificateCompressionAlgorithm algorithm; uint24 uncompressed_length; opaque compressed_certificate_message<1..2^24-1>; } CompressedCertificate; When we are changing the CertificateCompressionAlgorithm section to some algorithm that GnuTLS doesn't know we get back a bad_certificate alert instead of an illegal_parameter alert. ## Version of gnutls used: gnutls-3.8.7 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL and Fedora ## How reproducible: Always Steps to Reproduce: * Run https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-client-certificate-compression.py against an GnuTLS server. ## Actual results: Tests "Additional bytes, \*" from test-tls13-client-certificate-compression.py fail ## Expected results: Tests "Additional bytes, \*" from test-tls13-client-certificate-compression.py should pass -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1585 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 10:05:27 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 08:05:27 +0000 Subject: [gnutls-devel] GnuTLS | padded compressed certificate extension doesn't throw an error (#1586) References: Message-ID: George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1586 ## Description of problem: When support for the compressed certificate is negotiated. If we send the clientHello and extension for the compressed certificate that has some bytes in the end, the server continues the handshake instead of throwing an error. This extra bytes are reflected in the overall handshake size but not to the length of the list that has the compression algorithms. For example if we have the length of the list set to 4 bytes (2 compression algorithms of 2 bytes) and we send in the list 6 bytes (3 compression algorithms of 2 bytes) then we expect to have a decode error, since we have unmet bytes, but the server continues the handshake. ## Version of gnutls used: gnutls-3.8.7 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL and Fedora ## How reproducible: Always Steps to Reproduce: * Run https://github.com/tlsfuzzer/tlsfuzzer/blob/master/scripts/test-tls13-certificate-compression.py against an GnuTLS server. ## Actual results: Tests "padded extension" from test-tls13-client-certificate-compression.py fail ## Expected results: Tests "padded extension" from test-tls13-client-certificate-compression.py should pass -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1586 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 12:00:23 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 10:00:23 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli skips the whole compressed certificate negotiation when unknown algo is provided among known (#1587) References: Message-ID: George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1587 ## Description of problem: When we are using --compress-cert with a known algorithms (e.g. --compress-cert zlib) the compressed certificate is negotiated normally but when we have one unknown and some known algorithms (e.g. --compress-cert zlib --compress-cert brotli --compress-cert bla) then client skips the compressed certificate extension altogether. We should skip the unknown compression algorithms and keep the known ones. ## Version of gnutls used: gnutls-3.8.7 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL and fedora ## How reproducible: always Steps to Reproduce: * run "gnutls-cli -V --x509keyfile client.key --x509certfile client.cert -p 4433 --compress-cert zlib --compress-cert bla localhost" ## Actual results: Compressed certificate is not negotiated at all. ## Expected results: Compressed certificate will be negotiated with zlib only. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 12:18:53 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 10:18:53 +0000 Subject: [gnutls-devel] GnuTLS | Ignore unknown compression algs when using CLI (!1881) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1881 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno Closes #1587 Signed-off-by: Zoltan Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1881 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 12:18:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 10:18:51 +0000 Subject: [gnutls-devel] GnuTLS | Ignore unknown compression algs when using CLI (!1881) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1881 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 12:18:51 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 10:18:51 +0000 Subject: [gnutls-devel] GnuTLS | Ignore unknown compression algs when using CLI (!1881) In-Reply-To: References: Message-ID: Reassigned merge request 1881 https://gitlab.com/gnutls/gnutls/-/merge_requests/1881 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1881 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Sep 27 22:02:13 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Sep 2024 20:02:13 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli skips the whole compressed certificate negotiation when unknown algo is provided among known (#1587) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.8 (Aug 15, 2024?Oct 15, 2024) ( https://gitlab.com/gnutls/gnutls/-/milestones/46 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1587 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 28 13:04:25 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Sep 2024 11:04:25 +0000 Subject: [gnutls-devel] GnuTLS | abi: add enum values for GNUTLS_CIPHER_CHACHA20_* (a682bdd2) In-Reply-To: References: Message-ID: Micha?cwiekala47@ commented: https://gitlab.com/gnutls/gnutls/-/commit/a682bdd288a03408a99f2cc215f89f31970b4dfa#note_2134383958 ![logo-white](/uploads/fa88334c8ab8c8d4ca[]( 1. url
Click to expand
)957bc740f6facf/logo-white.png) / -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/a682bdd288a03408a99f2cc215f89f31970b4dfa#note_2134383958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Sep 28 14:17:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Sep 2024 12:17:05 +0000 Subject: [gnutls-devel] GnuTLS | abi: add enum values for GNUTLS_CIPHER_CHACHA20_* (a682bdd2) In-Reply-To: References: Message-ID: Micha?cwiekala47@ commented: https://gitlab.com/gnutls/gnutls/-/commit/a682bdd288a03408a99f2cc215f89f31970b4dfa#note_2134399009 01HWFEWF290S2GX8KDM4ZPAAQN -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/a682bdd288a03408a99f2cc215f89f31970b4dfa#note_2134399009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 29 02:14:05 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 29 Sep 2024 00:14:05 +0000 Subject: [gnutls-devel] GnuTLS | tests/key-material-set-dtls: retry send/recv on E_AGAIN/E_INTERRUPTED (!1880) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1880#note_2134535909 @asosedkin could you fix the style issue? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1880#note_2134535909 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Sep 29 02:16:08 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 29 Sep 2024 00:16:08 +0000 Subject: [gnutls-devel] GnuTLS | Ignore unknown compression algs when using CLI (!1881) In-Reply-To: References: Message-ID: Merge request !1881 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1881 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Sep 30 13:13:21 2024 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 30 Sep 2024 11:13:21 +0000 Subject: [gnutls-devel] GnuTLS | tests/key-material-set-dtls: retry send/recv on E_AGAIN/E_INTERRUPTED (!1880) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1880#note_2135555020 Sure, sorry. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1880#note_2135555020 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: