From gnutls-devel at lists.gnutls.org Thu Apr 3 06:05:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Apr 2025 04:05:38 +0000 Subject: [gnutls-devel] GnuTLS | Fails to link shared `gnutls-openssl` due to `undefined reference to '_gnutls_lib_state'` when compiled with Clang and no optimization (#1690) References: Message-ID: Doekin created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1690 ## Description of problem: When building the shared `gnutls-openssl` library with Clang and `CFLAGS` that override the default `-g -O2` but don't set an optimization level (effectively compiling with `-O0`), linking fails with the following error: ``` /usr/bin/ld: ../extra/.libs/libgnutls-openssl.so: undefined reference to `_gnutls_lib_state' ``` ## Version of gnutls used: 3.8.9 from https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/ ## Steps to Reproduce: 1. Set environment variables: ``` export CC="/usr/bin/clang" export CFLAGS="-m64" ``` 2. Configure: ``` ./configure --disable-doc --disable-nls --with-tpm2=no --with-idn --with-brotli --with-zstd --enable-openssl-compatibility --with-default-trust-store-pkcs11=pkcs11: --enable-shared=yes --with-pic --disable-dependency-tracking ``` 3. Attempt to build: ``` make check ``` ## Actual results: The test fails with the following error: ``` make[3]: 'pkcs11-obj-raw' is up to date. make[3]: 'pkcs11-import-url-privkey-caps' is up to date. make[3]: 'ocsp' is up to date. /bin/sh ../libtool --tag=CC --mode=link /usr/bin/clang -Wall -Wbad-function-cast -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wextra -Winit-self -Winvalid-pch -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wpacked -Wpointer-arith -Wshadow -Wstrict-prototypes -Wuninitialized -Wunknown-pragmas -Wvariadic-macros -Wwrite-strings -Wformat=2 -Wthread-safety -Wno-missing-field-initializers -Wno-unused-parameter -Wno-format-truncation -fdiagnostics-show-option -fno-builtin-strcmp -m64 -no-install -o openssl openssl.o ../extra/libgnutls-openssl.la ../lib/libgnutls.la libutils.la -lseccomp -lrt libtool: link: /usr/bin/clang -Wall -Wbad-function-cast -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wextra -Winit-self -Winvalid-pch -Wmissing-declarations -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnull-dereference -Wold-style-definition -Wpacked -Wpointer-arith -Wshadow -Wstrict-prototypes -Wuninitialized -Wunknown-pragmas -Wvariadic-macros -Wwrite-strings -Wformat=2 -Wthread-safety -Wno-missing-field-initializers -Wno-unused-parameter -Wno-format-truncation -fdiagnostics-show-option -fno-builtin-strcmp -m64 -o openssl openssl.o ../extra/.libs/libgnutls-openssl.so ../lib/.libs/libgnutls.so ./.libs/libutils.a /run/media/leemu/D8C48579C4855B20/projects/gnutls-llvm/source/lib/.libs/libgnutls.so -lp11-kit -lidn2 -lunistring -ldl -ltasn1 -lhogweed -lnettle -lgmp -lseccomp -lrt -Wl,-rpath -Wl,/run/media/leemu/D8C48579C4855B20/projects/gnutls-llvm/source/extra/.libs -Wl,-rpath -Wl,/run/media/leemu/D8C48579C4855B20/projects/gnutls-llvm/source/lib/.libs -Wl,-rpath -Wl,/usr/local/lib /usr/bin/ld: ../extra/.libs/libgnutls-openssl.so: undefined reference to `_gnutls_lib_state' clang: error: linker command failed with exit code 1 (use -v to see invocation) make[3]: *** [Makefile:7885: openssl] Error 1 make[3]: Leaving directory '/run/media/leemu/D8C48579C4855B20/projects/gnutls-llvm/source/tests' make[2]: *** [Makefile:13595: check-am] Error 2 make[2]: Leaving directory '/run/media/leemu/D8C48579C4855B20/projects/gnutls-llvm/source/tests' make[1]: *** [Makefile:10111: check-recursive] Error 1 make[1]: Leaving directory '/run/media/leemu/D8C48579C4855B20/projects/gnutls-llvm/source/tests' make: *** [Makefile:2922: check-recursive] Error 1 ``` ## Expected results: The `gnutls-openssl` shared library should build successfully with Clang, even when compiled without optimization. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 3 15:09:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Apr 2025 13:09:29 +0000 Subject: [gnutls-devel] GnuTLS | Draft: mark ML-DSA as FIPS-unapproved, enable FIPS+leancrypto in CI (!1945) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945 Project:Branches: asosedkin/gnutls:ml-dsa-not-approved to gnutls/gnutls:master Author: Alexander Sosedkin .gitlab-ci.yml: enable building/testing with leancrypto in FIPS mode nettle/pk: mark ML-DSA as FIPS-unapproved * public key validation should ideally be performed within gnutls, not inside the back-end * ML-DSA needs a self-test (FIPS 140-3 IG 10.3.A) Supersedes: https://gitlab.com/gnutls/gnutls/-/merge_requests/1944 Related: https://gitlab.com/gnutls/gnutls/-/issues/1689 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 08:49:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 06:49:05 +0000 Subject: [gnutls-devel] libtasn1 | ci: Bump macOS image versions. (!117) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/117 Branches: ci-fix-macos to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/117 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 09:14:37 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 07:14:37 +0000 Subject: [gnutls-devel] libtasn1 | ci: Bump macOS image versions. (!117) In-Reply-To: References: Message-ID: Merge request !117 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/117 Branches: ci-fix-macos to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/117 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 12:14:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 10:14:53 +0000 Subject: [gnutls-devel] libtasn1 | Modernize code coverage generation and outputs. (!118) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/118 Project:Branches: gnutls/libtasn1-security:ci-improve-coverage to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/118 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 12:31:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 10:31:54 +0000 Subject: [gnutls-devel] libtasn1 | Modernize code coverage generation and outputs. (!118) In-Reply-To: References: Message-ID: Merge request !118 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/118 Project:Branches: gnutls/libtasn1-security:ci-improve-coverage to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/118 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 12:58:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 10:58:38 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) References: Message-ID: David Dudas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946 Project:Branches: d-Dudas/gnutls:ddudas/tpm2-switch-crypto-backend to gnutls/gnutls:master Author: David Dudas **Make TPM2 support self-contained** #1462 Setup GnuTLS based callbacks for TPM2 using ESYS API's Esys_SetCryptoCallbacks function. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 13:01:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 11:01:29 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) In-Reply-To: References: Message-ID: David Dudas started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2434819455 > # for the target will cause the test suite to fail when p11-kit is enabled. > - setarch i686 -- ./configure --disable-gcc-warnings > --cache-file $CCACHE_FILE --disable-doc --disable-cxx > - --without-p11-kit --disable-full-test-suite > + --without-p11-kit --disable-full-test-suite --without-tpm2 This job was failing because of the missing openssl check from tests/tpm2.sh It was failing even without configuring the callbacks, so I guess the failure it's not related to the changes from this MR. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2434819455 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 13:01:35 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 11:01:35 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) In-Reply-To: References: Message-ID: All discussions on merge request !1946 were resolved by David Dudas https://gitlab.com/gnutls/gnutls/-/merge_requests/1946 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 4 14:18:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Apr 2025 12:18:01 +0000 Subject: [gnutls-devel] GnuTLS | mark ML-DSA as FIPS-unapproved, enable FIPS+leancrypto in CI (!1945) In-Reply-To: References: Message-ID: Alexander Sosedkin marked merge request !1945 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 5 11:47:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Apr 2025 09:47:52 +0000 Subject: [gnutls-devel] GnuTLS | mark ML-DSA as FIPS-unapproved, enable FIPS+leancrypto in CI (!1945) In-Reply-To: References: Message-ID: Merge request !1945 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945 Project:Branches: asosedkin/gnutls:ml-dsa-not-approved to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 5 11:48:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Apr 2025 09:48:17 +0000 Subject: [gnutls-devel] GnuTLS | mark ML-DSA as FIPS-unapproved, enable FIPS+leancrypto in CI (!1945) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945#note_2436105154 Thank you; looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945#note_2436105154 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 7 13:17:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Apr 2025 11:17:55 +0000 Subject: [gnutls-devel] GnuTLS | mark ML-DSA as FIPS-unapproved, enable FIPS+leancrypto in CI (!1945) In-Reply-To: References: Message-ID: Merge request !1945 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945 Project:Branches: asosedkin/gnutls:ml-dsa-not-approved to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1945 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 8 09:55:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Apr 2025 07:55:21 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439306764 Wow, this looks great! Have you had a chance to test the TPM2 functionality with this patch? Last time we gave up with that because of some issues in the key format of tpm2-tss-engine iirc. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439306764 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 8 10:13:26 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Apr 2025 08:13:26 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) In-Reply-To: References: Message-ID: David Dudas commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439345576 I only used test/tpm2.sh for testing, on [fedora40](https://gitlab.com/gnutls/build-images/-/tree/master/docker-fedora40). It confirmed that it is using the hash callbacks, and the test passed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439345576 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 8 13:29:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Apr 2025 11:29:48 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1946 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/tpm2/callbacks/aes/aes_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799925 > +{ > + if (mode != TPM2_ALG_CFB) > + return GNUTLS_CIPHER_NULL; `GNUTLS_CIPHER_NULL` indicates "no encryption", wouldn't it make more sense to return `GNUTLS_CIPHER_UNKNOWN` instead? -- Daiki Ueno started a new discussion on lib/tpm2/callbacks/ecdh/ecdh_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799964 > + goto fail; > + > + ret = gnutls_pubkey_import_ecc_raw(peerkey, GNUTLS_ECC_CURVE_SECP256R1, Can we assume a specific curve here? Maybe better inspect `tpm_key->publicArea.parameters.eccDetail.curveID`? -- Daiki Ueno started a new discussion on lib/tpm2/callbacks/ecdh/ecdh_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799974 > + > +fail: > + gnutls_free(shared.data); Good to use `zeroize_temp_key`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 8 13:29:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Apr 2025 11:29:48 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799993 Adding first round of comments. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2439799993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 9 16:37:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Apr 2025 14:37:18 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance:GnuTLS parsed a CRL file with the authorityCertSerialNumber set to 0. (#1692) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1692 ## Description of problem: Hello Developer: I have a CRL file where the authorityCertSerialNumber field in the AKI extension is set to 0. GnuTLS successfully parsed the authorityCertSerialNumber field without any errors. However, according to RFC5280, the authorityCertSerialNumber field stores the certificate serial number, which must be a positive integer.So, is this a bug? ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile crl_aki_serial_0.der ## Actual results: The Gnutls successfully printed this CRL ## Expected results: Test Case: [crl_aki_serial_0.der](/uploads/b498301c5ad585a8f570bbe3a3056648/crl_aki_serial_0.der) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1692 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 10 12:30:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Apr 2025 10:30:21 +0000 Subject: [gnutls-devel] GnuTLS | Make TPM2 support self-contained (!1946) In-Reply-To: References: Message-ID: David Dudas commented on a discussion on lib/tpm2/callbacks/ecdh/ecdh_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2444540420 > + gnutls_datum_t shared = { 0 }; > + int ret; > + > + ret = gnutls_privkey_init(&privkey); > + if (ret < 0) > + return TSS2_ESYS_RC_GENERAL_FAILURE; > + > + ret = gnutls_privkey_generate(privkey, GNUTLS_PK_EC, 256, 0); > + if (ret < 0) > + goto fail; > + > + ret = gnutls_pubkey_init(&peerkey); > + if (ret < 0) > + goto fail; > + > + ret = gnutls_pubkey_import_ecc_raw(peerkey, GNUTLS_ECC_CURVE_SECP256R1, You are right, thanks for pointing this out. I've created a converter but only mapped the TPM2_ECC_NIST_P* curves. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1946#note_2444540420 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 10 19:27:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Apr 2025 17:27:39 +0000 Subject: [gnutls-devel] GnuTLS | enabling padding for TLS 1.3 (RFC-8446 TLS Rev 1.3 spec) (#1693) References: Message-ID: Sekar Srinivasan created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1693 Hi, Trying to find a way to enable RFC-8446 TLS Rev 1.3 spec general description of padding for all TLS records. Is there is a way to configure this via priority string and/or /etc/gnutls/config ? Is this currently supported ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1693 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 11 04:14:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Apr 2025 02:14:19 +0000 Subject: [gnutls-devel] GnuTLS | fips.h: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1947) References: Message-ID: Doekin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947 Project:Branches: Doekin/gnutls:clean-fips to gnutls/gnutls:master Author: Doekin This PR fixes linking failures that occur when building shared `gnutls-openssl` with Clang at optimization level -O0, where an undefined reference to `_gnutls_lib_state` error would appear (issue #1690). The root cause is a duplicate `_gnutls_switch_lib_state` declaration that overrides the preceding `inline static` definition. When compiling with Clang -O0, this causes the symbol to be treated as an external reference rather than being inlined. Reproduction case: ```c extern int _state; inline static void set_state(int state) { _state = state; } /* void set_state(int state); */ /* removing this avoids the issue */ void foo(void){} ``` Compilation behavior: 1. Without the duplicate declaration: - Both Clang and GCC produce no undefined symbols 2. With the duplicate declaration: - Clang produces `U _state` in symbol table - GCC still produces no undefined symbols -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 11 08:14:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Apr 2025 06:14:40 +0000 Subject: [gnutls-devel] GnuTLS | enabling padding for TLS 1.3 (RFC-8446 TLS Rev 1.3 spec) (#1693) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1693#note_2446335874 There is no global option to enable it, but you can make your application use the feature, with the API described [here](https://www.gnutls.org/manual/html_node/On-Record-Padding.html#On-Record-Padding). I agree that it might be a good enhancement if we could enable it through priority string or a config variable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1693#note_2446335874 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 11 10:10:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Apr 2025 08:10:39 +0000 Subject: [gnutls-devel] GnuTLS | fips.h: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1947) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2446505504 @Doekin thank you for tracking it down; looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2446505504 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 11 13:56:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Apr 2025 11:56:30 +0000 Subject: [gnutls-devel] GnuTLS | fips.h: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1947) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2447027554 @Doekin The CI pipeline is failing because of "Identity verification is required in order to run CI jobs". Would it be possible to work around that, following https://docs.gitlab.com/ee/security/identity_verification.html ? Otherwise, I can create a separate MR for merge. Also please include `Signed-off-by:` line in the commit message, as described in https://gitlab.com/gnutls/gnutls/-/blob/master/CONTRIBUTING.md?ref_type=heads#git-commits -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2447027554 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 11 14:14:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Apr 2025 12:14:49 +0000 Subject: [gnutls-devel] GnuTLS | fips.h: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1947) In-Reply-To: References: Message-ID: Doekin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2447098220 Apologies for the inconvenience. I've updated the commit to include the `Signed-off-by` information. However, I'm unable to complete the identity verification due to regional limitations. Could you provide some guidance or suggest an alternative solution? Thank you for your assistance! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2447098220 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 12 02:31:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Apr 2025 00:31:21 +0000 Subject: [gnutls-devel] GnuTLS | fips: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1948) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1948 Project:Branches: dueno/gnutls:wip/clean-fips to gnutls/gnutls:master Author: Daiki Ueno * fips: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 Signed-off-by: Chan Lee Fixes: #1690 This is the same as !1947, but filed for CI purposes. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1948 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 12 02:32:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Apr 2025 00:32:32 +0000 Subject: [gnutls-devel] GnuTLS | fips.h: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1947) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2448101848 Thank you; I've cloned this as !1948 to pass the CI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2448101848 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 12 02:32:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Apr 2025 00:32:41 +0000 Subject: [gnutls-devel] GnuTLS | fips.h: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1947) In-Reply-To: References: Message-ID: Merge request !1947 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947 Project:Branches: Doekin/gnutls:clean-fips to gnutls/gnutls:master Author: Doekin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 12 02:40:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Apr 2025 00:40:39 +0000 Subject: [gnutls-devel] GnuTLS | fips.h: remove duplicate _gnutls_switch_lib_state declaration breaking inline linkage in clang -O0 (!1947) In-Reply-To: References: Message-ID: Doekin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2448104048 Appreciate your help! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1947#note_2448104048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 12 14:46:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Apr 2025 12:46:53 +0000 Subject: [gnutls-devel] Guile-GnuTLS | test failure on 32 bit systems (#35) References: Message-ID: Dariqq created an issue: https://gitlab.com/gnutls/guile/-/issues/35 With dbab8a01b11c90f886507e9a52394ca9919291a4 I broke the certificate-generation.scm test on systems where a long is only 32 bits. Also there is currently the assumption that long and time_t always have the same size which may or may not hold true. In https://gitlab.com/gnutls/guile/-/merge_requests/33 I shared a snippet to use the right size int for the conversion but I don't know how I would make the test less demanding when time_t is only 32 bits. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/35 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 12 16:40:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Apr 2025 14:40:11 +0000 Subject: [gnutls-devel] Guile-GnuTLS | 32bit time_t fixes. (!41) References: Message-ID: Dariqq created a merge request: https://gitlab.com/gnutls/guile/-/merge_requests/41 Project:Branches: Dariqq/guile:fix-32bit-time_t to gnutls/guile:master Author: Dariqq Fixes https://gitlab.com/gnutls/guile/-/issues/35 First commit defines the alias scm_to/from_time_t (maybe this should have a gnutls prefix instead of the guile prefix but idk) to the correct size integer conversion function and errors if it is not 4 or 8. Second commit is a bit of hack to get the SIZEOF_TIME_T value into the scheme test via an environment variable and restores the previous test values in case it is 32 bit. Don't know if there is a better to achieve the same result. I built and ran the tests successfully on a 32bit machine and with `guix build -f guix.scm -s i686-linux` (apart from the SRP test.) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/41 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 14 09:58:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Apr 2025 07:58:10 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS parsed the '<>' symbols stored in PrintableString. (#1698) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1698 ## Description of problem: Hello Developer, ASN.1 specifies that PrintableString can only store a subset of characters from ASCII, including letters, digits, spaces, and some specific symbols: ' () + , - ./ : = ?'. However, I parsed a CRL file using GnuTLS ,and when I tried to parse this CRL using Go, I received the error "x509: invalid RDNSequence: invalid attribute value: invalid PrintableString." Could you please clarify if this is a bug?The issuer field of this CRL is ```CN=``` ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile crl_edited.der ## Actual results: The issuer field is parsed as Issuer:OU=test,CN=\,O=test,L=test,ST=test,C=CN ## Expected results: [crl_edited.der](/uploads/9850f167dd370e764ff57bc20b33b10a/crl_edited.der) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1698 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 16 11:04:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Apr 2025 09:04:38 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance:GnuTLS incorrectly parsed the authorityCertSerialNumber value. (#1700) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1700 ## Description of problem: Hello Developer, I have a CRL file, and its AKI extension's authorityCertSerialNumber field value is -36. However, when I use GnuTLS to parse this CRL file, GnuTLS parses the authorityCertSerialNumber as dc,which is 220 in decimal. Is this a parsing error? ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile crl_aki_serial-36.der ## Actual results: The GnuTLS successfully printed this CRL, but the value of the authorityCertSerialNumber is "dc", which is 220 in decimal. ## Expected results: RFC5280 specifies that the certificate serial number should be a positive integer, so -36 is an invalid authorityCertSerialNumber. GnuTLS should likely reject the authorityCertSerialNumber field with an error or correctly parse the valid authorityCertSerialNumber value. [crl_aki_serial-36.der](/uploads/039c21422cc7e556ac560e7208965d3b/crl_aki_serial-36.der) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1700 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 19 04:55:59 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 19 Apr 2025 02:55:59 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance:GeneralizedTime parser accepts incorrect time values. (#1702) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1702 ## Description of problem: The RFC standard for X.509 CRL restricts the revocationDate field to only two formats: UTCTime (YYMMDDHHMMSSZ) in ASN.1 representation and GeneralizedTime (YYYYMMDDHHMMSSZ). However, GnuTLS 3.8.9 accepts the revocationDate field with a value like GeneralizedTime("201213122547Z") in the CRL. ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile crl_revoked_rev_date_gn_14.der ## Actual results: The revocationDate value of the CRL is printed as "Revoked at: Wed Dec 31 23:59:59 UTC 1969". ## Expected results: It should reject a CRL with a revocationDate field with a value like GeneralizedTime("201213122547Z"). [crl_revoked_rev_date_gn_14.der](/uploads/f7d4887476edd8974c0831cf6ca7e83b/crl_revoked_rev_date_gn_14.der) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1702 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 20 07:30:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Apr 2025 05:30:00 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS static library wrongly exports private symbols (#1703) References: Message-ID: Paul Eggert created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1703 ## Description of problem: GNU Emacs cannot be linked to GnuTLS statically, because GnuTLS mistakenly exports the private symbols `hash_string` and `hash_lookup`, and Emacs wants to use these symbols for its own purposes. This bug was reported to Emacs as [Bug#77476 [PATCH] Rename various hash functions to avoid clashing with GnuTLS](https://bugs.gnu.org/77476) and I installed a [workaround by renaming Emacs functions](https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=c8eed90eb4d0583dc3463edfad176b9d3f98d11f), but the original problem really should be fixed in GnuTLS. ## Version of gnutls used: 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Fedora 42 ## How reproducible: ``` wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.9.tar.xz xz -d From gnutls-devel at lists.gnutls.org Sun Apr 20 13:31:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Apr 2025 11:31:00 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance: GnuTLS accepts CRL files with duplicate revoked entries or duplicate certificate serial numbers. (#1704) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1704 ## Description of problem: Hello developer, I successfully parsed a CRL file with duplicate revocation entries or duplicate serial numbers using GnuTLS. ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile crl_revoked_dublicate.der certtool --crl-info --inder --infile crl_revoked_dublicate_serial.der ## Actual results: GnuTLS successfully parsed all the revoked entries from this CRL file. ## Expected results: [crl_revoked_dublicate.der](/uploads/b62c62dec541b9efe3523d7f38cbc825/crl_revoked_dublicate.der) [crl_revoked_dublicate_serial.der](/uploads/c4766ece3d25f4bc8c5a84458463f71a/crl_revoked_dublicate_serial.der) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1704 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 03:00:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 01:00:27 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS static library wrongly exports private symbols (#1703) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2461054654 Thank you for forwarding this. I'm afraid the `lib-symbol-visibility` module wouldn't help, as it only works with shared libraries (as documented), where we already make use of a linker version [script](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/libgnutls.map?ref_type=heads) to selectively export symbols. Afaik we have little control on what symbols are exposed from a static library, though perhaps we could avoid exposing `hash_*` symbols by switching to the [`linkedhash-list`](https://www.gnu.org/software/gnulib/MODULES.html#module=linkedhash-list), which defines all public symbols with the `gl_` prefix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2461054654 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 08:44:43 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 06:44:43 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: stop using "hash" module (!1949) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949 Project:Branches: dueno/gnutls:wip/dueno/hash to gnutls/gnutls:master Author: Daiki Ueno To minimize the number of dependencies on Gnulib, this migrates the uses of the "hash" module to gl_linkedhash_list, which we extensively use as a generic hash-table. Fixes: #1703 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 08:46:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 06:46:21 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS static library wrongly exports private symbols (#1703) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2461321646 I created !1949 which might help with this specific issue, though I think ultimately this kind of linking issue should be resolved outside GnuTLS; i.e., the use of Gnulib from both Emacs and GnuTLS are somehow coordinated to share the code. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2461321646 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 14:16:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 12:16:42 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: stop using "hash" module (!1949) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 14:17:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 12:17:04 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: stop using "hash" module (!1949) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949#note_2461981657 Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949#note_2461981657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 14:16:47 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 12:16:47 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: stop using "hash" module (!1949) In-Reply-To: References: Message-ID: Merge request !1949 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949 Project:Branches: dueno/gnutls:wip/dueno/hash to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 19:20:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 17:20:44 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS static library wrongly exports private symbols (#1703) In-Reply-To: References: Message-ID: Paul Eggert commented: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2462799471 Thanks for the fix. On the Emacs side I installed into Emacs master a [patch](https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=c8eed90eb4d0583dc3463edfad176b9d3f98d11f) that renames the Emacs functions `hash_lookup` and `hash_string` so that they no longer collide with the like-named Gnulib functions that GnuTLS brings in when linked statically. So this means the problem goes away if you either (a) use bleeding-edge Emacs, (b) use bleeding-edge GnUTLS with !1949 or (c) use dynamic linking which almost everybody uses anyway. >From my point of view this is good enough, so I'll close the GnuTLS issue (I already closed the [Emacs bug report](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=77476)). As for future coordination, if I understand correctly this would mean that Emacs should not use any symbol exported from any Gnulib module, even modules that Emacs developers don't use and don't know about. That's probably a bridge too far. I expect we'll settle for what we have now, which is ad hoc fixes whenever problems like this turn up in practice. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2462799471 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 22 19:20:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 17:20:42 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS static library wrongly exports private symbols (#1703) In-Reply-To: References: Message-ID: Issue was closed by Paul Eggert Issue #1703: https://gitlab.com/gnutls/gnutls/-/issues/1703 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1703 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 23 00:40:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 22:40:40 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: stop using "hash" module (!1949) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949#note_2463345232 Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949#note_2463345232 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 23 00:40:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 22:40:50 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: stop using "hash" module (!1949) In-Reply-To: References: Message-ID: Merge request !1949 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949 Project:Branches: dueno/gnutls:wip/dueno/hash to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1949 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 23 01:36:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Apr 2025 23:36:13 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS static library wrongly exports private symbols (#1703) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2463380944 Totally untested, but another approach might be to emit name mangling macros to `config.h`, through `AH_VERBATIM`, something like: ``` AH_VERBATIM([gnutls_lib_rename_gnulib_hash], [ #define hash_string _gnutls_internal_hash_string ... ]) ``` though it would be cumbersome to identify any usage of "utility" functions provided by Gnulib. Maybe Gnulib could provide a built-in facility to do this kind of renaming? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1703#note_2463380944 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 23 04:58:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Apr 2025 02:58:18 +0000 Subject: [gnutls-devel] GnuTLS | I get an error with X25519. (#1705) References: Message-ID: Jennifer-first created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1705 ## Description of problem: When I use the command "certtool --generate-privkey --ecc --curve=X25519 --outfile X25519.key", I get this result: "Generating a 256 bit EC/ECDSA private key (X25519)... privkey_generate: The request is invalid.? But gnutls have returned to me that this is usable, the picture is below? ![image](/uploads/30f61ab669bc1d0aef35fb2ef6204aaf/image.png) ![image](/uploads/32000cbd3182568f132e171c1119b331/image.png) ## Version of gnutls used: gnutls 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * certtool --generate-privkey --ecc --curve=X25519 --outfile X25519.key ## Actual results: The request is invalid ## Expected results: Generating a private key. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1705 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 23 09:21:15 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Apr 2025 07:21:15 +0000 Subject: [gnutls-devel] GnuTLS | I get an error with X25519. (#1705) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1705#note_2463798231 To get it to work, please kindly use `--key-type`, as in `certtool --generate-privkey --ecc --key-type x25519 --outfile X25519.key`, [as documented in certtool manpage since 3.7.3](https://gitlab.com/gnutls/gnutls/-/merge_requests/1428/diffs#62a1253e20f207bb552ed62a52c5b52f279acd78_204_203). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1705#note_2463798231 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 24 11:55:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Apr 2025 09:55:50 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance:GnuTLS incorrectly handles the CRL Number field (#1684) In-Reply-To: References: Message-ID: One happy person commented: https://gitlab.com/gnutls/gnutls/-/issues/1684#note_2466874834 Related issue[1700](https://gitlab.com/gnutls/gnutls/-/issues/1700) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1684#note_2466874834 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 24 11:57:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Apr 2025 09:57:20 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance:GnuTLS incorrectly parsed the authorityCertSerialNumber value. (#1700) In-Reply-To: References: Message-ID: One happy person commented: https://gitlab.com/gnutls/gnutls/-/issues/1700#note_2466877746 Related issue[1684](https://gitlab.com/gnutls/gnutls/-/issues/1684) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1700#note_2466877746 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: