From gnutls-devel at lists.gnutls.org Wed Jan 1 10:56:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Jan 2025 09:56:05 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add cmake (!1908) In-Reply-To: References: Message-ID: Sam James commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1908#note_2278113879 > (is it not also extendable via pure Python scripting?) No, it's not. It's quite easy to audit. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1908#note_2278113879 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 1 12:18:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Jan 2025 11:18:23 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2278134207 For completeness the gpg issue is [gnupg issue T6965](https://dev.gnupg.org/T6965) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2278134207 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 1 14:20:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 01 Jan 2025 13:20:51 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process thisUpdate field according to RFC5280 (#1638) References: Message-ID: Qianxin Cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1638 ## Description of problem: The RFC standard for X.509 CRLs restricts the thisUpdate field to only two formats, namely UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 representation, which are 13 and 15 characters wide, respectively. However, GnuTLS 3.7.11 accepts certificates with a thisUpdate field of length 11 ("0103010100Z"). ## Version of gnutls used: GnuTLS3.7.11 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to reproduce: Use the following command: certtool --crl-info --inder --infile crl_file.der to reproduce the issue. crl_file.der is a CRL with a thisUpdate field length of 11. ## Actual results: The CRL is trusted and printed ## Expected results: The RFC standard for X.509 CRLs limits the thisUpdate field to only two formats: UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 encoding, which are 13 and 15 characters wide, respectively. Therefore, it should reject a CRL file with a thisUpdate field length of 11 (e.g., "0103010100Z").[crl_file.der](/uploads/a0678daac2315cae8d57fc74b8886b81/crl_file.der) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1638 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 2 09:27:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 02 Jan 2025 08:27:42 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add meson step 10 (!1914) In-Reply-To: References: Message-ID: Tal Regev marked merge request !1914 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 3 16:29:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Jan 2025 15:29:53 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: David Dudas commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280769625 Unfortunately, the values for "version" come from nowhere. Back then, I was not able to find any specification mentioning the versions. I have associated 44 with 4, 65 with 6, and 87 with 8. But perhaps 1, 2, and 3 would be better? I should have mentioned this next to `_gnutls_get_pqc_alg_version`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280769625 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 3 17:05:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 03 Jan 2025 16:05:08 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Geert Hendrickx commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280814618 Will you add support for hybrid SecP384r1MLKEM1024 as well? [IANA has assigned `0x11ed`](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8), from [draft-kwiatkowski-tls-ecdhe-mlkem-03](https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-03.html). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2280814618 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 15:15:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 14:15:33 +0000 Subject: [gnutls-devel] GnuTLS | trust-store test not finding certificates when using p11-kit as default trust store (#1639) References: Message-ID: Maxim Cournoyer created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1639 Hello! I'm trying to debug why gnutls (as seen in the trust-store test) doesn't find p11-kit provided certificates when configured with `--with-default-trust-store-pkcs11=pkcs11:`. There is no /etc/ssl/* directory on the system, and p11-kit is configured to have the nss provided certificates on its trust_paths (`-Dtrust_paths=/gnu/store/bxwlna9pk9f4rh161a9hjbxrabd3ayyh-nss-certs-3.99/etc/ssl/certs`), and something like `p11-kit list-objects pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs` confirms it has access to these certificates: ``` p11-kit list-objects pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs Object: #0 class: nss-builtin-root-list label: Trust Anchor Roots flags: token Object: #1 class: nss-builtin-root-list label: Trust Anchor Roots flags: token Object: #2 class: nss-builtin-root-list label: Trust Anchor Roots flags: token Object: #3 class: nss-trust label: Atos TrustedRoot 2011 id: a7:a5:06:b1:2c:a6:09:60:ee:d1:97:e9:70:ae:bc:3b:19:6c:db:21 flags: token Object: #4 uri: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs;id=%73%7A%6B%96%DB%42%07%8B%52%66%C2%64%32%17%FE%E0%67%90%2E%AD;object=DigiCert%20SMIME%20ECC%20P384%20Root%20G5;type=cert class: certificate certificate-type: x-509 certificate-category: authority label: DigiCert SMIME ECC P384 Root G5 id: 73:7a:6b:96:db:42:07:8b:52:66:c2:64:32:17:fe:e0:67:90:2e:ad start-date: 2021.01.15 end-date: 2046.01.14 flags: token Object: #5 class: nss-trust label: DigiCert SMIME ECC P384 Root G5 id: 73:7a:6b:96:db:42:07:8b:52:66:c2:64:32:17:fe:e0:67:90:2e:ad flags: token Object: #6 uri: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=certs;id=%35%0F%C8%36%63%5E%E2%A3%EC%F9%3B%66%15%CE%51%52%E3%91%9A%3D;object=OISTE%20WISeKey%20Global%20Root%20GB%20CA;type=cert class: certificate certificate-type: x-509 certificate-category: authority label: OISTE WISeKey Global Root GB CA id: 35:0f:c8:36:63:5e:e2:a3:ec:f9:3b:66:15:ce:51:52:e3:91:9a:3d start-date: 2014.12.01 end-date: 2039.12.01 flags: token [...] ``` Now the problem is that running the `tests/trust-store` test in that environment produces: ``` doit:63: no certificates were found in system trust store! ``` It seems it doesn't consider the p11-kit certs, although my reading of the code is that it should. Any ideas? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1639 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 16:52:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 15:52:04 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1918) References: Message-ID: Loganaden Velvindron created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 Project:Branches: loganaden1/gnutls:SecP384r1MLKEM1024 to gnutls/gnutls:master Author: Loganaden Velvindron Add MLKEM-1024 and SecP384r1MLKEM1024. Signed-off-by: Loganaden Velvindron Signed-off-by: Jaykishan Mutkawoa Signed-off-by: Kavish Nadan -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 16:55:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 15:55:39 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1918) In-Reply-To: References: Message-ID: Merge request !1918 was closed by Loganaden Velvindron Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 Project:Branches: loganaden1/gnutls:SecP384r1MLKEM1024 to gnutls/gnutls:master Author: Loganaden Velvindron Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1918 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 16:56:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 15:56:53 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) References: Message-ID: Loganaden Velvindron created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 Project:Branches: loganaden1/gnutls:SecP384r1MLKEM1024 to gnutls/gnutls:master Author: Loganaden Velvindron * Add MLKEM-1024 and SecP384r1MLKEM1024. Signed-off-by: Loganaden Velvindron Signed-off-by: Jaykishan Mutkawoa Signed-off-by: Kavish Nadan ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 4 17:23:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 04 Jan 2025 16:23:06 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281796167 I'm not sure why it's failing commit-check. Can someone please help ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281796167 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 01:51:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 00:51:14 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281863012 Thank you. As for plumbing ML-KEM-1024, see also https://gitlab.com/gnutls/gnutls/-/merge_requests/1916/diffs?commit_id=1e493f2f92329fd1dca534e8ba83e70c7f1126d5 which also includes update for documentation and tests. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281863012 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 01:51:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 00:51:14 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/algorithms/groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281863010 > + .id = GNUTLS_GROUP_EXP_SECP384R1, GNUTLS_GROUP_EXP_MLKEM1024, > + GNUTLS_GROUP_INVALID }, > + .tls_id = 0x11ED }, Notice the separate `.id` and `.ids` fields in this structure, where the former assigns a unique ID for this key share group, while the latter specifies the subgroups compositing this hybrid group. The correct entry should look like: ```suggestion:-3+0 { .name = "SECP384R1-MLKEM1024", .id = GNUTLS_GROUP_EXP_SECP384R1_MLKEM1024, .ids = { GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_EXP_MLKEM1024, GNUTLS_GROUP_INVALID }, .tls_id = 0x11ED }, ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 08:11:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 07:11:29 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion on lib/algorithms/groups.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900655 > .ids = { GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_EXP_MLKEM768, > GNUTLS_GROUP_INVALID }, > .tls_id = 0x11EB }, > + { .name = "SECP384R1-MLKEM1024", > + .id = GNUTLS_GROUP_EXP_SECP384R1, GNUTLS_GROUP_EXP_MLKEM1024, > + GNUTLS_GROUP_INVALID }, > + .tls_id = 0x11ED }, Thanks for pointing this out. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 08:12:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 07:12:42 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900839 Can we take over the ML-KEM-1024 work or do you prefer to do it yourself then we wait for your commit and push our code for SecP384r1MLKEM1024 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281900839 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 11:42:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 10:42:22 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281930852 I'd prefer you to take it over, so I can just drop the commit from my MR and rebase against yours. Please feel free to go ahead and be sure to update the docs and tests (it would also be a good idea to add an entry to the NEWS file). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281930852 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 5 17:56:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 05 Jan 2025 16:56:52 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281992322 got it. We shall follow your guidance. Thank you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2281992322 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 02:13:37 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 01:13:37 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2282085374 Thanks for the clarification. Given that the used algorithm is indicated through `privateKeyAlgorithm.algorithm` as OID, maybe we should always use 0 to be compatible with OneAsymmetricKey or PKCS#8 PrivateKeyInfo. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2282085374 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 07:14:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 06:14:19 +0000 Subject: [gnutls-devel] GnuTLS | What is the command to print a PEM format CRL using GnuTLS? (#1636) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1636: https://gitlab.com/gnutls/gnutls/-/issues/1636 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1636 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 07:21:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 06:21:54 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process thisUpdate field according to RFC5280 (#1638) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1638#note_2282218038 Yes, the current implementation treats seconds field in UTCTime as optional. This might be another candidate to be fixed in `--enable-strict-x509`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1638#note_2282218038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:03:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:03:55 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1640) References: Message-ID: Qianxin Cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1640 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:04:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:04:18 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1641) References: Message-ID: Qianxin Cheng created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1641 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:53:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:53:58 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1640) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1640#note_2282577281 Looks like a duplicate of #1641. Closing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1640#note_2282577281 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:53:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:53:57 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1640) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1640: https://gitlab.com/gnutls/gnutls/-/issues/1640 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1640 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:56:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:56:50 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1641) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1641#note_2282609857 No need to open a separate issue, as it has the same cause as #1638; our UTCTime handling tolerates a missing SS field, which can appear anywhere. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1641#note_2282609857 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 10:56:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 09:56:50 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS3.7.11 cannot process nextUpdate field according to RFC5280 (#1641) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1641: https://gitlab.com/gnutls/gnutls/-/issues/1641 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1641 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 11:33:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 10:33:20 +0000 Subject: [gnutls-devel] GnuTLS | support: DTLS connection ID (#801) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2282788129 Hey @valdaarhun, This issue was originally created for DTLS1.2 and the support for it would be still a nice addition, I would suggest you look at the DTLS1.2 implementation first. In the meantime I will identify the difference between the 1.2 and 1.3 version of the extension if any, we could then incorporate your DTLS1.2 implementation into DTLS1.3 and make modification accordingly. If you find any obstacles not concerning the issue directly, then feel free to contact me at dev at fkrenzel.cz -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2282788129 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 11:48:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 10:48:12 +0000 Subject: [gnutls-devel] GnuTLS | Documentation for gnutls_record_send_file() does not mention sendfile() limits (0x7ffff000 SSIZE_MAX) (#1568) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1568#note_2282835715 Hello @mrblarg64, nice catch, If you are still on this, the latter seems much better yet the former would be much less work and we could always fix it using the former later. I will leave that on you. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1568#note_2282835715 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 13:50:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 12:50:02 +0000 Subject: [gnutls-devel] GnuTLS | Differences in certificate verification results (#1642) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1642 ## Description of problem: GnuTLS has different results than OpenSSL when performing certificate verification. According to RFC5280 and the content of the test case itself, I think it is a gnutls verification error. RFC5280 states: When the keyUsage extension appears in a certificate, at least one of the bits MUST be set to 1. The keyusage value of this test case is empty, that is, there is no bit set to 1. ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * one certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784164244D1.pem * two openssl verify -CAfile RootCA.pem Cert1732784164244D1.pem ## Actual results: openssl?error:1100009E:X509 V3 routines:ossl_x509v3_cache_extensions:invalid certificate gnutls?Verified. The certificate is trusted. ## Expected results: gnutls?Not verified. The certificate is NOT trusted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 6 13:57:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 06 Jan 2025 12:57:30 +0000 Subject: [gnutls-devel] GnuTLS | Policy Mappings Critical Identification (#1643) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1643 ## Description of problem: Gnutls verification failed with a policy map marked as critical openssl verification passed with a policy map marked as critical RFC5280 states:This extension MAY be supported by CAs and/or applications. Conforming CAs SHOULD mark this extension as critical. ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * one certtool --verify --load-ca-certificate RootCA.pem --infile Cert1732784232101M2.pem * two openssl verify -CAfile RootCA.pem Cert1732784232101M2.pem [Cert1732784232101M2.pem](/uploads/581e0c336700905790aa14f6032f7f06/Cert1732784232101M2.pem) [RootCA.pem](/uploads/f94a40431d9580b04f537dd9f530a799/RootCA.pem) ## Actual results: OpenSSL:Cert1732784232101M2.pem: OK GnuTLS:Not verified. The certificate is NOT trusted. The certificate contains an unknown critical extension. ## Expected results: GnuTLS?Verified. The certificate is trusted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1643 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 06:06:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 05:06:28 +0000 Subject: [gnutls-devel] GnuTLS | support: DTLS connection ID (#801) In-Reply-To: References: Message-ID: Sahil Siddiq commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2284045281 Hi. Thank you for your reply. > Hey @valdaarhun, This issue was originally created for DTLS1.2 and the support for it would be still a nice addition, I would suggest you look at the DTLS1.2 implementation first. In the meantime I will identify the difference between the 1.2 and 1.3 version of the extension if any, we could then incorporate your DTLS1.2 implementation into DTLS1.3 and make modification accordingly. Understood. I'll begin with implementing the DTLS1.2 extension in that case. > If you find any obstacles not concerning the issue directly, then feel free to contact me at dev at fkrenzel.cz Sure thing! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/801#note_2284045281 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 08:01:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 07:01:00 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: All discussions on merge request !1919 were resolved by Loganaden Velvindron https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 10:25:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 09:25:50 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add meson step 11 (!1914) In-Reply-To: References: Message-ID: Tal Regev marked merge request !1914 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 13:41:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 12:41:01 +0000 Subject: [gnutls-devel] GnuTLS | Use ELF notes to indicate what libraries will be dlopen()'d (#1582) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284678137 @rossburton Hello, thank you for the feature suggestion. Do you know whether there are currently any tools that use these ELF notes? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284678137 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 13:55:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 12:55:55 +0000 Subject: [gnutls-devel] GnuTLS | Use ELF notes to indicate what libraries will be dlopen()'d (#1582) In-Reply-To: References: Message-ID: Ross Burton commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284701759 If you mean reading them, then the packaging tools in Fedora (thus future RHEL), Debian (thus Ubuntu), OpenEmbedded and (I'm 90% sure) Gentoo and Arch all read those notes to create package dependencies automatically. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1582#note_2284701759 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:15:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:15:50 +0000 Subject: [gnutls-devel] GnuTLS | Certificate Validation Differences (#1631) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2284734017 Looking at https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.2 I don't see any requirement for the SKI to have a non-zero length... Where did you find that requirement? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2284734017 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:28:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:28:41 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284756094 It looks to me like the server is buggy: in the log.txt case it asks for a X25519 key share in the HelloRetryRequest, the gnutls provides it, and then the server rejects the connection with illegal_parameter in the log-192.txt case the server picks the Secp384r1 key share and continues with that. It looks like it has a buggy HRR implementation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284756094 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:41:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:41:31 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284780311 The current drafts require seeds as private keys, but liboqs doesn't support it yet: https://github.com/open-quantum-safe/liboqs/issues/2032 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284780311 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:48:37 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:48:37 +0000 Subject: [gnutls-devel] GnuTLS | Differences in certificate verification results (#1642) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1642#note_2284797062 This should be covered by strict-x509. Try to build gnutls with --enable-strict-x509 configure option and the behavior should be as expected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1642#note_2284797062 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:49:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:49:16 +0000 Subject: [gnutls-devel] GnuTLS | Policy Mappings Critical Identification (#1643) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1643#note_2284798369 I believe this too should be covered by strict-x509. Try to build gnutls with --enable-strict-x509 configure option and the behavior should be as expected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1643#note_2284798369 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 14:52:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 13:52:21 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284805136 @dueno any idea what could be causing the build to fail on some OS targets ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284805136 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:06:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:06:08 +0000 Subject: [gnutls-devel] GnuTLS | Draft: add meson step 11 (!1914) In-Reply-To: References: Message-ID: Tal Regev commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914#note_2284840701 @dueno I manage to compile nettle and libtasn1 with meson. also some part in lib of gnutls. I am doing this step by step. Can I have a special branch in this repository that I can collaborate with others as you suggested? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914#note_2284840701 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:08:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:08:34 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284847180 Yeah, that's why we stick to -04 for now. When we switch to the native implementation in Nettle, we should take it into account of the API design. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2284847180 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:11:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:11:18 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284855737 Sorry, it's just an annual annoyance of manually updating copyright year in some files. This [commit](https://gitlab.com/gnutls/gnutls/-/merge_requests/1915/diffs?commit_id=314671262a9830f2053308533002ccc11f249cdd) fixes the issue; you can include it in this MR or wait for !1915 is merged. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2284855737 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:14:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:14:41 +0000 Subject: [gnutls-devel] GnuTLS | Assorted minor improvements to the build infrastructure (!1915) In-Reply-To: References: Message-ID: Merge request !1915 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915 Project:Branches: dueno/gnutls:wip/dueno/minor-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:17:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:17:08 +0000 Subject: [gnutls-devel] GnuTLS | Assorted minor improvements to the build infrastructure (!1915) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915#note_2284874659 sanitylib.sh fails but the changes look fine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915#note_2284874659 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:20:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:20:41 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284885058 Server is nginx. Still, it is interesting that everything from browsers to curl to sequoia all work while gnutls fails. I'm just a user and tls handshake details are outside my expertise. Is it possible, say, that whatever gnutls client provides (e.g. the transcript hash) is somehow causing the server to reject it with illegal parameter rather than nginx is buggy? Ignore if I am off base here but for example, RFC 8446 says: ``` Note: The handshake transcript incorporates the initial ClientHello/HelloRetryRequest exchange; it is not reset with the new ClientHello ``` So as a wild guess, this could go sideways if the transcript hash was was reset instead of retained with the new ClientHello. But as I said, not my area. I defer to others. @tomato42 thanks for sharing your thoughts. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284885058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 15:39:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 14:39:27 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284934048 technically, there are valid reasons why a server can reject the second client hello, but I'm afraid I'd need packet capture to be able o tell if gnutls is actually RFC compliant... would you be able to provide that? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2284934048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 7 16:36:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Jan 2025 15:36:49 +0000 Subject: [gnutls-devel] GnuTLS | Bug Connecting to a TLS1.3 Only Server (#1637) In-Reply-To: References: Message-ID: Gene commented: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2285216840 Sort of - here is summary of tcpdump - note that since I am on the internal network now I have replaced the IPs with client/server below and I am unable to share the full pcap file(s) for this reason. But of course you can also run gnutle-cli client along with tcpdump on your end and compare with what happens using other clients. I ran twice once with gnutls-cli and once with curl www.sapience.com/sitemap.xml The first difference is at step 6 where server issues HRR to gnutls while for curl it replies with 'Server Hello'. Within that client hello packet curl is sending key_share X25519 while gnutls sends 'secp256r1, x25519'. There are other differences too. My apologies for not being able to share more but you can get a pcap on your client side too, though more work for you - sorry. This is the summary of gnutls: ``` No Time Source Dest Proto Length Info ------------------------------------------------------------ 1 0.000000 client server TCP 74 50170 ? 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=644306766 TSecr=0 WS=128 2 0.002485 server client TCP 74 443 ? 50170 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM TSval=1428335904 TSecr=644306766 WS=128 3 0.002526 client server TCP 66 50170 ? 443 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=644306769 TSecr=1428335904 4 0.002931 client server TLSv1.3 464 Client Hello (SNI=www.sapience.com) 5 0.004983 server client TCP 66 443 ? 50170 [ACK] Seq=1 Ack=399 Win=64768 Len=0 TSval=1428335907 TSecr=644306769 6 0.005294 server client TLSv1.3 159 Hello Retry Request 7 0.005295 server client TLSv1.3 72 Change Cipher Spec 8 0.005325 client server TCP 66 50170 ? 443 [ACK] Seq=399 Ack=94 Win=64256 Len=0 TSval=644306771 TSecr=1428335907 9 0.005346 client server TCP 66 50170 ? 443 [ACK] Seq=399 Ack=100 Win=64256 Len=0 TSval=644306772 TSecr=1428335907 10 0.005561 client server TLSv1.3 395 Client Hello (SNI=www.sapience.com) 11 0.008015 server client TLSv1.3 73 Alert (Level: Fatal, Description: Illegal Parameter) 12 0.008017 server client TCP 66 443 ? 50170 [FIN, ACK] Seq=107 Ack=728 Win=64512 Len=0 TSval=1428335910 TSecr=644306772 13 0.008122 client server TCP 66 50170 ? 443 [FIN, ACK] Seq=728 Ack=108 Win=64256 Len=0 TSval=644306774 TSecr=1428335910 14 0.009992 server client TCP 66 443 ? 50170 [ACK] Seq=108 Ack=729 Win=64512 Len=0 TSval=1428335912 TSecr=644306774 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1637#note_2285216840 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 8 09:56:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Jan 2025 08:56:31 +0000 Subject: [gnutls-devel] GnuTLS | tls13/compress-cert-neg2 test fails only when run inside Guix build container (#1634) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/issues/1634#note_2286569425 Hello, it seems that the zlib is present on the system which is why the test isn't skipped. But when gnutls tries to initialize zlib it fails to `dlopen` it (call to `gnutls_zlib_ensure_library` fails). There are a couple options I see that might be the cause of the problem: either the `Z_LIBRARY_SONAME` was not generated correctly or wasn't generated at all by gnutls in which case the `dlopen` would fail to find the file or the zlib library is present but not accessible which would cause `dlopen` to fail. However I am not sure there is a way for you to check which one of these options it is without actually running a debugger or modifying the code. To further understand what is going on it would be necessary to find out what the `Z_LIBRARY_SONAME` value is and what error code is returned from `gnutls_zlib_ensure_library`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1634#note_2286569425 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 8 17:07:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Jan 2025 16:07:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Reassigned merge request 1920 https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 8 17:07:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 08 Jan 2025 16:07:08 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Closes #957 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 07:25:46 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 06:25:46 +0000 Subject: [gnutls-devel] GnuTLS | Assorted minor improvements to the build infrastructure (!1915) In-Reply-To: References: Message-ID: Merge request !1915 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915 Project:Branches: dueno/gnutls:wip/dueno/minor-fixes to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1915 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 12:14:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 11:14:12 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 13:34:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 12:34:30 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289035328 https://gitlab.com/gnutls/gnutls/-/merge_requests/1916/diffs?commit_id=69cf4fb1938582a9ee5097b713b1f342e52257b2 is my attempt to use 0 or 1 for version. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289035328 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 13:37:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 12:37:33 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 15:22:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 14:22:31 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Merge request !1916 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 15:23:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 14:23:11 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289266682 All of the changes look good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2289266682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 9 22:28:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Jan 2025 21:28:31 +0000 Subject: [gnutls-devel] GnuTLS | Add meson step 11 (!1914) In-Reply-To: References: Message-ID: Tal Regev marked merge request !1914 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:01:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:01:25 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: All discussions on merge request !1916 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:01:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:01:40 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2290023501 Thank you for the review. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916#note_2290023501 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:01:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:01:49 +0000 Subject: [gnutls-devel] GnuTLS | Follow-up on ML-KEM and ML-DSA support (!1916) In-Reply-To: References: Message-ID: Merge request !1916 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1916 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 03:05:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 02:05:09 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290025077 Now that !1915 (and also !1916) has been merged, could you rebase? Also consider updating `tests/hybrid-pqc-kx.sh` to cover the new key exchange. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290025077 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 06:10:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 05:10:11 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290231562 We will. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290231562 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 09:32:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 08:32:09 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: All discussions on merge request !1919 were resolved by Loganaden Velvindron https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 11:01:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 10:01:27 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290598503 @dueno rebase done, variables renamed to adhere to the convention and tests updated. Only issue is on one target platform, it's failing. Any idea what might be causing this ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290598503 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 11:39:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 10:39:39 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290686016 @dueno we found a bug and are fixing it to make it build on fedora. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290686016 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 13:10:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 12:10:30 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290869605 @dueno it is now building properly for Fedora. Are there other issues we need to look into or is it ready ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290869605 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 13:42:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 12:42:05 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Geert Hendrickx commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290916233 I tested this SecP384r1MLKEM1024 implementation against openssl 3.5 (feature/ml-kem branch) and oqs-provider, but it interoperates with neither: ``` *** Fatal error: A TLS fatal alert has been received. *** Received alert [40]: Handshake failed ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290916233 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 10 14:05:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Jan 2025 13:05:07 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290957721 @ghen2 thanks. we also found another test issue. We are looking into this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2290957721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 11 09:10:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 11 Jan 2025 08:10:50 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292090111 @ghen2 @dueno I'm able to get interop with OpenSSL 3.5 now: |<4>| HSK[0x5e0aef04de60]: SERVER HELLO (2) was received. 08:06:17 [265/1978] frag offset 0, frag length: 1751, sequence: 0 |<3>| ASSERT: buffers.c[get_last_packet]:1130 |<3>| ASSERT: buffers.c[_gnutls_handshake_io_recv_int]:1374 |<4>| HSK[0x5e0aef04de60]: Server's version: 3.3 |<4>| EXT[0x5e0aef04de60]: Parsing extension 'Supported Versions/43' (2 bytes ) |<4>| EXT[0x5e0aef04de60]: Negotiated version: 3.4 |<4>| HSK[0x5e0aef04de60]: Selected cipher suite: GNUTLS_AES_256_GCM_SHA384 |<4>| EXT[0x5e0aef04de60]: Parsing extension 'Key Share/51' (1669 bytes) |<4>| HSK[0x5e0aef04de60]: Selected group SECP384R1-MLKEM1024 (518) |<2>| EXT[0x5e0aef04de60]: client generated SECP384R1-MLKEM1024 shared key |<11>| HWRITE: enqueued [CHANGE CIPHER SPEC] 1. Total 1 bytes. |<11>| HWRITE FLUSH: 1 bytes in buffer. |<5>| REC[0x5e0aef04de60]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292090111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 11 11:16:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 11 Jan 2025 10:16:39 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Geert Hendrickx commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292145713 Yes, I also tested successfully with both OpenSSL 3.5 and oqsprovider, in both directions (as a client and as a server). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292145713 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 11 13:05:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 11 Jan 2025 12:05:45 +0000 Subject: [gnutls-devel] GnuTLS | Add MLKEM-1024 and SecP384r1MLKEM1024. (!1919) In-Reply-To: References: Message-ID: Loganaden Velvindron commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292253239 @ghen2 thanks for putting time into testing this MR thoroughly. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1919#note_2292253239 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 12 10:49:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Jan 2025 09:49:44 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno * gnulib: update gnulib submodule * doc: update copy of LGPLv2.1 to the latest, without FSF address * gnulib: work around misinteractions between close and fchdir modules This caused a build failure on mingw. The workaround was suggested by Bruno Haible in: * build: define GNUTLS_BUILDING_LIB while compiling sources in lib/ * configure: run autoupdate This fixes the warnings generated by autoupdate: configure.ac:55: warning: AC_PROG_CC_C99 is obsolete; use AC_PROG_CC configure.ac:139: warning: The preprocessor macro `STDC_HEADERS' is obsolete. Except in unusual embedded environments, you can safely include all ISO C90 headers unconditionally. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 02:16:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 01:16:06 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Simon Josefsson was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 02:16:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 01:16:14 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 02:56:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 01:56:28 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911#note_2295288991 @apteryks The failure in fedora-static-analyzers/build should be fixed in the latest git master. Could you rebase? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911#note_2295288991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 03:32:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 02:32:05 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: rename GNUTLS_PK_ML_KEM_* to GNUTLS_PK_MLKEM* (!1922) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 Project:Branches: dueno/gnutls:wip/dueno/mlkem-followup to gnutls/gnutls:master Author: Daiki Ueno * algorithms: centrally define KEM algorithm sizes in group entries This switches to define the public key and ciphertext sizes of ML-KEM algorithms in gnutls_group_entry_st, instead of deriving those from the algorithm name at the usage in the TLS key shares. Signed-off-by: Daiki Ueno * algorithms: rename GNUTLS_{PK,SIGN}_ML_DSA_* to GNUTLS_*_MLDSA* To be consistent with ML-KEM algorithms, omit underscores in ML-DSA gnutls_pk_algorithm_t and gnutls_sign_algorithm_t enum definitions, while keeping hyphens in the human readable names. Signed-off-by: Daiki Ueno * algorithms: rename GNUTLS_PK_ML_KEM_* to GNUTLS_PK_MLKEM* To be consistent with the naming of hybrid groups, omit underscores in the enum definition, while keeping hyphens in human readable names. Signed-off-by: Daiki Ueno ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 03:36:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 02:36:44 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295308453 @d-Dudas I'm leaning to name all ML-KEM/ML-DSA constants without hyphens to match our naming of hybrid groups. Is it OK for you? @loganaden1 This also includes a minor cleanup of key_share extension handling. Could you check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295308453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 04:45:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 03:45:24 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295349257 @dueno we will check it today. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295349257 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 06:22:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 05:22:32 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295407889 @dueno OK from our side. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295407889 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 07:39:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 06:39:03 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:11:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:11:01 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Merge request !1922 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 Project:Branches: dueno/gnutls:wip/dueno/mlkem-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:11:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:11:19 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295547235 No mistakes spotted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922#note_2295547235 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:11:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:11:57 +0000 Subject: [gnutls-devel] GnuTLS | Rename ML-KEM and ML-DSA constants without underscore (!1922) In-Reply-To: References: Message-ID: Merge request !1922 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 Project:Branches: dueno/gnutls:wip/dueno/mlkem-followup to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1922 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:24:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:24:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920#note_2295565681 > + /* Even though the PKCS#11 3.1 spec defines EC_POINT as > + * "Public key bytes in little endian order". > + * Previous version of the spec caused confusion and lot of Shouldn't this sentence be a continuation of the previous one, i.e., `Even though the PKCS#11 3.1 spec defines EC_POINT as "Public key bytes in little endian order", previous version of ...`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:24:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:24:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Merge request !1920 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 09:24:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 08:24:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920#note_2295565690 Looks good to me. Would it be possible to include a test data under tests/cert-tests/data and update tests/cert-tests/certtool-eddsa.sh to cover both formats? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920#note_2295565690 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 10:41:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 09:41:28 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Merge request !1911 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 Project:Branches: apteryks/gnutls:fix-doc-parallel-build to gnutls/gnutls:master Author: Maxim Cournoyer Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 10:41:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 09:41:24 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Merge request !1911 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 Project:Branches: apteryks/gnutls:fix-doc-parallel-build to gnutls/gnutls:master Author: Maxim Cournoyer Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:00:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:00:00 +0000 Subject: [gnutls-devel] GnuTLS | doc: Avoid failures in a parallel build. (!1911) In-Reply-To: References: Message-ID: Merge request !1911 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 Project:Branches: apteryks/gnutls:fix-doc-parallel-build to gnutls/gnutls:master Author: Maxim Cournoyer -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1911 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:49:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:49:12 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Merge request !1921 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Simon Josefsson and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:49:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:49:12 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/minitasn1/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2295846089 > > -AM_CPPFLAGS = -DASN1_BUILDING \ > +AM_CPPFLAGS += -DASN1_BUILDING \ should this be appended with `=1` just like `-DGNUTLS_BUILDING_LIB=1`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:49:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:49:14 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2295846115 Overall looks good -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2295846115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:52:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:52:05 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: All discussions on merge request !1921 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:54:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:54:05 +0000 Subject: [gnutls-devel] GnuTLS | Parallel build failures in doc: mv: cannot stat '.deps/common.Tpo': No such file or directory (#1635) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1635: https://gitlab.com/gnutls/gnutls/-/issues/1635 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1635 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 11:54:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 10:54:06 +0000 Subject: [gnutls-devel] GnuTLS | Parallel build failures in doc: mv: cannot stat '.deps/common.Tpo': No such file or directory (#1635) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2295857777 Should be fixed through !1911. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2295857777 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 13:07:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 12:07:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: All discussions on merge request !1920 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 13:17:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 12:17:42 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Merge request !1921 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 Project:Branches: dueno/gnutls:wip/dueno/gnulib-update to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 14:26:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 13:26:07 +0000 Subject: [gnutls-devel] GnuTLS | Use ELF notes to indicate what libraries will be dlopen()'d (#1582) In-Reply-To: References: Message-ID: Reassigned Issue 1582 https://gitlab.com/gnutls/gnutls/-/issues/1582 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1582 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 14:48:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 13:48:06 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2296219171 Looks good to me. I assume the `fchdir` stuff is needed, I didn't understand that part. It would be nice to put the LGPLv2 in top-level COPYING because then GitLab license information becomes more correct (I would move current LICENSE file content to README). But that could be done separately. /Simon -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2296219171 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 14 16:45:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Jan 2025 15:45:10 +0000 Subject: [gnutls-devel] GnuTLS | Optimize FIPS power-on self-tests (!1907) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/fips.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1907#note_2296471660 > } > > /* PK */ > - if (_gnutls_config_is_rsa_pkcs1_encrypt_allowed()) { > - ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA); > - if (ret < 0) { > - return gnutls_assert_val(GNUTLS_E_SELF_TEST_ERROR); > - } > + ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA_PSS); @smuellerDD could you confirm if it is acceptable to have only RSA-PSS coverage? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1907#note_2296471660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 03:18:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 02:18:02 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 Project:Branches: dueno/gnutls:wip/dueno/license-files to gnutls/gnutls:master Author: Daiki Ueno * maint: consolidate licensing information to top-level directory ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 03:18:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 02:18:49 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update gnulib submodule (!1921) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2297349099 That makes sense; thank you for the suggestion. Filed !1923 for that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1921#note_2297349099 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 03:19:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 02:19:06 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Simon Josefsson was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 09:45:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 08:45:48 +0000 Subject: [gnutls-devel] GnuTLS | Certificate Validation Differences (#1631) In-Reply-To: References: Message-ID: dulanshuangqiao commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2297692147 My report is why the verification result of gnutls shows two situations: passed and failed, while the openssl results are consistent. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1631#note_2297692147 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 15 13:51:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Jan 2025 12:51:06 +0000 Subject: [gnutls-devel] GnuTLS | Fix Edwards EC_POINT encoding (!1920) In-Reply-To: References: Message-ID: Merge request !1920 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1920 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 16 01:02:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Jan 2025 00:02:44 +0000 Subject: [gnutls-devel] GnuTLS | Parallel build failures in doc: mv: cannot stat '.deps/common.Tpo': No such file or directory (#1635) In-Reply-To: References: Message-ID: Maxim Cournoyer commented: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2299238453 Thanks, Daiki! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1635#note_2299238453 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 16 03:49:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Jan 2025 02:49:55 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 Project:Branches: dueno/gnutls:wip/dueno/liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno * pkcs8: remove HAVE_LIBOQS ifdefs The key encoding and decoding operations currently do not use liboqs functions. Remove unnecessary HAVE_LIBOQS ifdefs so it will be easier to port to other implementations. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 18 17:29:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 18 Jan 2025 16:29:55 +0000 Subject: [gnutls-devel] GnuTLS | fuzz mlkem (#1647) References: Message-ID: Loganaden Velvindron created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1647 @dueno Can we adapt the handshake fuzz target to include ML-KEM hybrids for fuzzying the ML-KEM code ? Would you be willing to review it ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 19 02:10:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Jan 2025 01:10:00 +0000 Subject: [gnutls-devel] GnuTLS | Enable test-tls13-mlkem.py in tests/suite/tls-fuzzer (#1648) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1648 Now that we have support for all proposed key exchanges from [draft-kwiatkowski-tls-ecdhe-mlkem](https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/), it would be nice to enable the [test-tls13-mlkem.py](https://github.com/tlsfuzzer/tlsfuzzer/blob/f6390eb40cac8cdf9018de0aa1013cbbd69a4907/scripts/test-tls13-mlkem.py) tlsfuzzer script in our CI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1648 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 19 02:11:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Jan 2025 01:11:19 +0000 Subject: [gnutls-devel] GnuTLS | fuzz mlkem (#1647) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1647#note_2304628018 Do you have any existing effort on this? If yes, I'd be happy to review and integrate it. Otherwise, it might make more sense to enable tlsfuzzer tests for ML-KEM in tests/suite/tls-fuzzer, which is not really a fuzzing but should cover most of the scenarios at the handshake level. I've filed #1648 for that; feel free to take it if you are interested. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1647#note_2304628018 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jan 19 05:03:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Jan 2025 04:03:50 +0000 Subject: [gnutls-devel] GnuTLS | Enable test-tls13-mlkem.py in tests/suite/tls-fuzzer (#1648) In-Reply-To: References: Message-ID: Loganaden Velvindron commented: https://gitlab.com/gnutls/gnutls/-/issues/1648#note_2304760467 We are working on it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1648#note_2304760467 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 03:42:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 02:42:08 +0000 Subject: [gnutls-devel] libtasn1 | run out of memory (#53) References: Message-ID: Fanny-wen created an issue: https://gitlab.com/gnutls/libtasn1/-/issues/53 ## Description of problem: run out of memory at asn1Coding _asn1_add_single_node ## Version of libtasn1 used: version:4.19.0.39-99e3 ## Distributor of libtasn1 (e.g., Ubuntu, Fedora, RHEL) env: ubuntu20.04 ## How reproducible: Steps to Reproduce: * one ?use afl-gcc compile libasan1 with AFL_USE_ASAN=1 * tow ?asn1Coding poc /path/to/libasan1/example/asn1Coding_test.asg --output=/dev/null ## Actual results: ==1837==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0x98 bytes #0 0x7f0e170b9a06 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153 #1 0x5586fcfb1867 in _asn1_add_single_node /home/compiler/libtasn1-asan/lib/structure.c:52 #2 0x5586fcfb1867 in _asn1_copy_structure3 /home/compiler/libtasn1-asan/lib/structure.c:458 ==1837==HINT: if you don't care about these errors you may set allocator_may_return_null=1 SUMMARY: AddressSanitizer: out-of-memory ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153 in __interceptor_calloc ==1837==ABORTING ## Expected results: ## poc? [poc.zip_c9b49f41-24d6-42ac-9e5c-c016928bfed1.zip](/uploads/304efcdb1442e2575708592bc0000163/poc.zip_c9b49f41-24d6-42ac-9e5c-c016928bfed1.zip) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/issues/53 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 06:37:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 05:37:58 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdef (!1925) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 Project:Branches: dueno/gnutls:wip/dueno/lc to gnutls/gnutls:master Author: Daiki Ueno * leancrypto: support leancrypto for post-quantum algorithms This adds support for leancrypto as an additional and the preferred backend for now, until Nettle gains the proper support for PQC algorithms. There are a few advantages over liboqs, namely: - It already has required input validations for ML-KEM as in FIPS 203, such as Modulus check, which are currently missing in liboqs - It provides an API to generate ML-KEM/ML-DSA key pairs from a seed, which is required to support the seed-only private key format proposed in draft-ietf-lamps-dilithium-certificates-05 and later - No need to avoid undesired OpenSSL dependency; all the symmetric algorithms are implemented by leancrypto itself The supposed use-case of this is to statically link to leancrypto, though that would slightly increase the installation footprint. Signed-off-by: Daiki Ueno * pkcs8: remove HAVE_LIBOQS ifdefs The key encoding and decoding operations currently do not use liboqs functions. Remove unnecessary HAVE_LIBOQS ifdefs so it will be easier to port to other implementations. Signed-off-by: Daiki Ueno ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 06:39:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 05:39:23 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2305270038 Note: this includes changes from !1924. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2305270038 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 13:11:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 12:11:11 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2305896200 Looks good. No issues found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2305896200 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 13:10:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 12:10:45 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: Merge request !1924 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 Project:Branches: dueno/gnutls:wip/dueno/liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 15:03:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 14:03:18 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107878 Looks nice overall, but I found some issues. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107878 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 15:03:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 14:03:18 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107847 > + if (ret < 0) { > + _gnutls_free_datum(ciphertext); > + _gnutls_free_key_datum(shared_secret); I think this could invalid free if `ciphertext` allocation fails and `shared_secret` datum is not zeroized. -- Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306107863 > + if (ret < 0) { > + _gnutls_free_key_datum(raw_priv); > + _gnutls_free_key_datum(raw_pub); again possible invalid free as I mentioned previously, there might be more of these. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 15:39:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 14:39:45 +0000 Subject: [gnutls-devel] GnuTLS | tls-interop: update (!1926) References: Message-ID: Stanislav ?idek created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926 Project:Branches: ep69/gnutls:interop-update to gnutls/gnutls:master Author: Stanislav ?idek * tls-interop: update Signed-off-by: Stanislav Zidek ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 20 18:09:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Jan 2025 17:09:05 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306471446 > the supposed use-case of this is to statically link leancrypto The homepage says > extractable: the algorithms can be extracted and compiled as part of a separate project, Wouldn't this mode of use be a better fit for GnuTLS than statically linking against the full library? I suspect there is tradeoff here and you have already thought about it. (Like "This is a lot less work and we only want to use this as a stop-gap measure for testing") -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2306471446 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 10:25:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 09:25:58 +0000 Subject: [gnutls-devel] GnuTLS | tls-interop: update (!1926) In-Reply-To: References: Message-ID: Stanislav ?idek commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926#note_2307247519 @dueno @ZoltanFridrich this should be fairly easy to review if you have a minute, just updated interoperability tests to fresh version we use in downstream. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926#note_2307247519 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 10:28:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 09:28:30 +0000 Subject: [gnutls-devel] libtasn1 | libtasn1.texi: fix typos in the example (!107) References: Message-ID: Masatake YAMATO created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/107 Project:Branches: masatake/libtasn1:fix-typos-in-doc to gnutls/libtasn1:master Author: Masatake YAMATO Add a description of the new feature/bug fix. Reference any relevant bugs. ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/107 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 10:57:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 09:57:21 +0000 Subject: [gnutls-devel] libtasn1 | libtasn1.texi: fix typos in the example (!107) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/merge_requests/107#note_2307315247 Looks good to me! Thanks. I'll try to get the pipeline green... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/107#note_2307315247 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 12:04:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 11:04:27 +0000 Subject: [gnutls-devel] GnuTLS | tls-interop: update (!1926) In-Reply-To: References: Message-ID: Merge request !1926 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926 Project:Branches: ep69/gnutls:interop-update to gnutls/gnutls:master Author: Stanislav ?idek Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 12:04:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 11:04:48 +0000 Subject: [gnutls-devel] GnuTLS | tls-interop: update (!1926) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926#note_2307458203 Thanks; looks good to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926#note_2307458203 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 12:05:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 11:05:12 +0000 Subject: [gnutls-devel] GnuTLS | tls-interop: update (!1926) In-Reply-To: References: Message-ID: Merge request !1926 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926 Project:Branches: ep69/gnutls:interop-update to gnutls/gnutls:master Author: Stanislav ?idek -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1926 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 12:13:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 11:13:45 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2307476914 > */ > > gnutls_pk_params_init(&pkey->params); > + pkey->params.algo = algo; was the previous intention to defer modifying pkey until after the checks? or this is not a concern here? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2307476914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 12:51:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 11:51:17 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2307547431 1. needs a CI job to exercise this new code 2. would it make sense to have leancrypto and liboqs defines mutually exclusive on the configure level? as in, if there's leancrypto, do not define HAVE_LIBOQS and do not attempt loading it -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2307547431 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 13:12:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 12:12:23 +0000 Subject: [gnutls-devel] GnuTLS | Interaction between enabled curves, key exchanges and signature algorithms (#1625) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1625#note_2307586027 It sounds like having three controls is the cleanest way, primitive, TLS groups and cert. >From the perspective of generating configs for gnutls as part of crypto-policies, enabling any of the high-level usages will then also generate the line to trust the primitive. 1. higher-level controls should not be treating groups as composite algorithms: enabling hybrid groups must be orthogonal to enabling pure algorithms, e.g for SECP256R1 and MLKEM768: 1. tls-enabled-group = SECP256R1-MLKEM768 must not enable neither SECP256R1 nor MLKEM768 in isolation 2. enabling SECP256R1 and MLKEM768 must not enable SECP256R1-MLKEM768 2. but it's fine for lower-level controls meant to disable entire primitives to disable all TLS groups using it 3. introducing some separate cert-enabled-curve for chain validation seems OK to me, and it sounds like it should not auto-enable the primitive control curve-enabled, while not having curve-enabled on should override it off. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1625#note_2307586027 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 15:00:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 14:00:09 +0000 Subject: [gnutls-devel] libtasn1 | Support for longer values and escaped strings (!108) References: Message-ID: Hogan Myers created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/108 Project:Branches: hogan.myers/libtasn1:Escaped_Strings_and_Longer_Values to gnutls/libtasn1:master Author: Hogan Myers - Support in asn1Coding for longer values and whitespace in values - Added support for processing backslash escape codes when values are written as null terminated strings with len zero - Added asn1_remove_default to allow apps to remove default value exclusion behavior, put call in asn1Coding ## Checklist * [X] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/108 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 21 23:34:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Jan 2025 22:34:08 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2308717389 > */ > > gnutls_pk_params_init(&pkey->params); > + pkey->params.algo = algo; For some reason, the convention of these `_decode_pkcs8_*_key` functions are to pass a partially filled `pkey` (i.e., `pkey->params.algo` is set) and then fill the rest. I would rather change this to take an algorithm ID as an argument. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924#note_2308717389 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 22 03:13:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Jan 2025 02:13:34 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: Merge request !1924 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 Project:Branches: dueno/gnutls:wip/dueno/liboqs-followup to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 22 03:13:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Jan 2025 02:13:23 +0000 Subject: [gnutls-devel] GnuTLS | pkcs8: remove HAVE_LIBOQS ifdefs (!1924) In-Reply-To: References: Message-ID: All discussions on merge request !1924 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1924 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 22 07:21:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Jan 2025 06:21:48 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: All discussions on merge request !1925 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 22 07:21:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Jan 2025 06:21:50 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2308993939 > + if (ret < 0) { > + _gnutls_free_datum(ciphertext); > + _gnutls_free_key_datum(shared_secret); Good catch. I added a helper function and rewrote using it in https://gitlab.com/gnutls/gnutls/-/merge_requests/1925/diffs?commit_id=76dcb0129e4d3b4e2ec0881747ac1fb0634456f3 -- Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2308993947 > + if (ret < 0) { > + _gnutls_free_key_datum(raw_priv); > + _gnutls_free_key_datum(raw_pub); Fixed similarly. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 22 07:25:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Jan 2025 06:25:20 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2308996957 I'm actually not sure whether the "extractable" claim is still valid, though I suppose it would require the consuming project needs to be using meson. Anyway, as you mention that this is meant to be a interim solution until Nettle grows their own implementation, I would not include code from external library into GnuTLS source distribution. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2308996957 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 22 07:25:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Jan 2025 06:25:51 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2308997549 Thanks; added a CI job for (1) and extra check in configure for (2). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2308997549 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 22 11:28:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 22 Jan 2025 10:28:01 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Stephan Mueller started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2309447484 > { > - mpz_t p; > int ret; > + enum lc_kyber_type type; > + struct lc_kyber_sk sk; > + struct lc_kyber_pk pk; > + gnutls_datum_t tmp_raw_priv = { NULL, 0 }; > + gnutls_datum_t tmp_raw_pub = { NULL, 0 }; > + uint8_t *ptr; > + size_t len; > + > + type = ml_kem_pk_to_lc_kyber_type(algo); > + if (type == LC_KYBER_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); > + > + ret = lc_kyber_keypair(&pk, &sk, lc_seeded_rng, type); Allow me to add one remark: the lc_seeded_rng is used here and for MLKEM enc as well as for MLDSA/SLHDSA sign. The current implementation uses its own DRNG which should be added to SP800-90A soon, but is not yet. Further it has its own seed source. Would it make sense to replace this one with one that GnuTLS provides? I.e. add a different implementation for lc_seeded_rng that pulls from GnuTLS? DRBG? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2309447484 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 23 08:41:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Jan 2025 07:41:55 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Stephan Mueller started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311225276 > if (type == LC_KYBER_UNKNOWN) > return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); > > - ret = lc_kyber_keypair(&pk, &sk, lc_seeded_rng, type); > + ret = lc_kyber_keypair(&pk, &sk, &seeded_rng_for_key_ctx, type); The definitions of the RNG look good. But there is one case that these calls do not cover (and FIPS made me hide it): ML-KEM enc requires a DRNG that generates the shared secret key. To help with that, I just pushed another patch adding lc_rng_set_seeded to globally replace the seeded RNG with a provided one. I suggest you call that early on with the generate_for_key definition. After doing that you may revert the changes for keygen. The change for siggen may stay as FIPS204 allows weaker RNGs, since this counters side channels ?only?. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311225276 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 23 08:58:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Jan 2025 07:58:27 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311244682 > { > - mpz_t p; > int ret; > + enum lc_kyber_type type; > + struct lc_kyber_sk sk; > + struct lc_kyber_pk pk; > + gnutls_datum_t tmp_raw_priv = { NULL, 0 }; > + gnutls_datum_t tmp_raw_pub = { NULL, 0 }; > + uint8_t *ptr; > + size_t len; > + > + type = ml_kem_pk_to_lc_kyber_type(algo); > + if (type == LC_KYBER_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); > + > + ret = lc_kyber_keypair(&pk, &sk, lc_seeded_rng, type); Thank you for the suggestion; I thought that the applications were recommended to use the `lc_seeded_rng`. I added some boilerplate implementation using GnuTLS RNG [here](https://gitlab.com/gnutls/gnutls/-/merge_requests/1925/diffs?commit_id=8cfbb0b30990b92e84e190b9ad7348f466f0983a#a12c2516cc2f8f9aefdb4bc2ef880b780cefa74d_131_134). Could you check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311244682 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 23 09:17:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Jan 2025 08:17:41 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311275629 > { > - mpz_t p; > int ret; > + enum lc_kyber_type type; > + struct lc_kyber_sk sk; > + struct lc_kyber_pk pk; > + gnutls_datum_t tmp_raw_priv = { NULL, 0 }; > + gnutls_datum_t tmp_raw_pub = { NULL, 0 }; > + uint8_t *ptr; > + size_t len; > + > + type = ml_kem_pk_to_lc_kyber_type(algo); > + if (type == LC_KYBER_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); > + > + ret = lc_kyber_keypair(&pk, &sk, lc_seeded_rng, type); The lc_seeded_rng provides a fully seeded RNG. My remarks were about the following considerations: If you use the already provided lc_seeded_rng, your overall implementation now uses two distinct RNG implementations with two distinct seeding operations and possibly different seed sources. All I was suggesting a means to make sure that your GnuTLS RNG where you manage the state/seed sources according to your rules is used throughout the leancrypto code as well. Thus, from a crypto point of view, there should be no issue to use lc_seeded_rng out of the box. But from a formal point of view (and perhaps the FIPS 140 view point), you may only want to have one RNG and one seed source assessment instead of two. That said, your boiler plate RNG implementation is correct, and good and covers the suggestion above. But it does NOT cover one important aspect: https://github.com/smuellerDD/leancrypto/blob/master/ml-kem/src/kyber_kem_api_c.c#L43 shows that internal to the leancrypto library the lc_seeded_rng is used for ML-KEM enc. As this RNG is used to generate the shared secret key, it is a key RNG that is in scope for, say, FIPS as well as the consideration above. Initially this RNG instance was controllable by the caller, but my FIPS colleagues made me hide it. Thus, to cover the discussion above for this very call, you need to replace the lc_seeded_rng callback using the lc_rng_set_seeded. lc_seeded_rng is a pointer and is changed with the lc_rng_set_seeded call to your implementation. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311275629 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 23 12:44:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Jan 2025 11:44:54 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311713185 > { > - mpz_t p; > int ret; > + enum lc_kyber_type type; > + struct lc_kyber_sk sk; > + struct lc_kyber_pk pk; > + gnutls_datum_t tmp_raw_priv = { NULL, 0 }; > + gnutls_datum_t tmp_raw_pub = { NULL, 0 }; > + uint8_t *ptr; > + size_t len; > + > + type = ml_kem_pk_to_lc_kyber_type(algo); > + if (type == LC_KYBER_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); > + > + ret = lc_kyber_keypair(&pk, &sk, lc_seeded_rng, type); Oh, we can certainly call `lc_rng_set_seeded` at the library initialization, though I wonder why the ML-KEM API can't simply take an RNG as a parameter as you say; in my proposed ML-KEM implementation in Nettle the caller [does](https://git.lysator.liu.se/nettle/nettle/-/merge_requests/62/diffs#303b595a0f2d1faadfcc6ce459a2909c30310bc5_0_77) need to provide an RNG. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311713185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 23 13:50:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Jan 2025 12:50:24 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Stephan Mueller commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311848476 > { > - mpz_t p; > int ret; > + enum lc_kyber_type type; > + struct lc_kyber_sk sk; > + struct lc_kyber_pk pk; > + gnutls_datum_t tmp_raw_priv = { NULL, 0 }; > + gnutls_datum_t tmp_raw_pub = { NULL, 0 }; > + uint8_t *ptr; > + size_t len; > + > + type = ml_kem_pk_to_lc_kyber_type(algo); > + if (type == LC_KYBER_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); > + > + ret = lc_kyber_keypair(&pk, &sk, lc_seeded_rng, type); For internal calls within a FIPS module, that is no problem. But if you have a module which provides an API with this capability, this is an issue. FIPS requires that any algorithm performs the DRBG-call internally if there is a need for such. Already the key-gen API with the RNG-callback parameter took a long discussion to allow it (leancrypto offers it to perform a transparent key derivation - e.g. an SP800-108 KDF can be easily wrapped as an RNG-provider and thus you can deterministically derive, say, an ML-KEM key from some other data by furnishing a KDF-"RNG" instead of lc_seeded_rng). But this argument does not work with the shared secret key gen. Thus, the FIPS-folks want to have an ML-KEM API that does not offer the means to provide the DRBG reference. As I said, in previous instances of the API, the caller was able to provide the RNG provider to the ML-KEM enc API. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2311848476 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 23 23:55:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Jan 2025 22:55:55 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2312846314 > { > - mpz_t p; > int ret; > + enum lc_kyber_type type; > + struct lc_kyber_sk sk; > + struct lc_kyber_pk pk; > + gnutls_datum_t tmp_raw_priv = { NULL, 0 }; > + gnutls_datum_t tmp_raw_pub = { NULL, 0 }; > + uint8_t *ptr; > + size_t len; > + > + type = ml_kem_pk_to_lc_kyber_type(algo); > + if (type == LC_KYBER_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); > + > + ret = lc_kyber_keypair(&pk, &sk, lc_seeded_rng, type); Thank you for the explanation; that makes sense. I switched back to use `lc_seeded_rng` everywhere but changed the library to call `lc_rng_set_seeded` at the initialization time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925#note_2312846314 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 08:24:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 07:24:34 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 08:24:59 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 07:24:59 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 08:25:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 07:25:09 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 08:25:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 07:25:40 +0000 Subject: [gnutls-devel] GnuTLS | leancrypto: support leancrypto for post-quantum algorithms (!1925) In-Reply-To: References: Message-ID: All discussions on merge request !1925 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1925 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 17:11:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 16:11:13 +0000 Subject: [gnutls-devel] GnuTLS | bad_certificate instead of decode_error alert when empty compress certificate message (#1593) In-Reply-To: References: Message-ID: Reassigned Issue 1593 https://gitlab.com/gnutls/gnutls/-/issues/1593 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 17:18:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 16:18:05 +0000 Subject: [gnutls-devel] GnuTLS | Add check for empty compressed certificate (!1927) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno By RFC8879 compressed_certificate_message field of CompressedCertificate structure MUST be at least 1 byte long. fixes #1593 ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 17:18:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 16:18:02 +0000 Subject: [gnutls-devel] GnuTLS | Add check for empty compressed certificate (!1927) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 24 17:18:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Jan 2025 16:18:02 +0000 Subject: [gnutls-devel] GnuTLS | Add check for empty compressed certificate (!1927) In-Reply-To: References: Message-ID: Reassigned merge request 1927 https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 25 23:59:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Jan 2025 22:59:00 +0000 Subject: [gnutls-devel] GnuTLS | Add check for empty compressed certificate (!1927) In-Reply-To: References: Message-ID: Merge request !1927 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 25 23:59:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Jan 2025 22:59:02 +0000 Subject: [gnutls-devel] GnuTLS | bad_certificate instead of decode_error alert when empty compress certificate message (#1593) In-Reply-To: References: Message-ID: Issue was closed by Zolt?n Fridrich with merge request !1927 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1927) Issue #1593: https://gitlab.com/gnutls/gnutls/-/issues/1593 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1593 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jan 25 23:59:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Jan 2025 22:59:02 +0000 Subject: [gnutls-devel] GnuTLS | Add check for empty compressed certificate (!1927) In-Reply-To: References: Message-ID: Merge request !1927 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel2 to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 09:06:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 08:06:25 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315480407 Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315480407 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 09:06:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 08:06:11 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Merge request !1923 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 Project:Branches: dueno/gnutls:wip/dueno/license-files to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Simon Josefsson and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 09:37:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 08:37:19 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315535400 Looks good except that `README` now refers to `COPYING.LESSER` but the file is called `COPYING.LESSERv2`. I suggest to change README to use `COPYING.LESSERv2` since that is the file-name that appears to be used in gnulib and elsewhere in the FSF ecosystem. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315535400 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 10:00:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 09:00:02 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315569647 Good catch, fixed. I also slightly changed the wording so it sounds that license notices on individual files have precedence over the project wide license notice. Could you check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315569647 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 10:04:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 09:04:01 +0000 Subject: [gnutls-devel] GnuTLS | Remove build option with liboqs (#1649) References: Message-ID: Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1649 Now that leancrypto support has been merged, we might want to remove support for liboqs to lower maintenance burden. We could also remove the round 3 Kyber768 support altogether, now that GnuTLS supports ML-KEM-768 based key exchange groups. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1649 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 10:08:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 09:08:07 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315582858 Looks good to me! Some additional markup could be added, and links to COPYING files, but not very important and this change improve the GitLab landing page so I'm +1 on merging now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923#note_2315582858 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 11:24:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 10:24:34 +0000 Subject: [gnutls-devel] GnuTLS | maint: consolidate licensing information to top-level directory (!1923) In-Reply-To: References: Message-ID: Merge request !1923 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 Project:Branches: dueno/gnutls:wip/dueno/license-files to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Simon Josefsson and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1923 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jan 27 23:12:47 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Jan 2025 22:12:47 +0000 Subject: [gnutls-devel] GnuTLS | Remove build option with liboqs (#1649) In-Reply-To: References: Message-ID: Geert Hendrickx commented: https://gitlab.com/gnutls/gnutls/-/issues/1649#note_2317039323 Are there plans to add X25519MLKEM768 to the default priority strings? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1649#note_2317039323 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 28 09:50:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Jan 2025 08:50:31 +0000 Subject: [gnutls-devel] GnuTLS | Failing tests on macOS osx64 architecture (#1539) In-Reply-To: References: Message-ID: Serhii Kupriienko commented: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317633072 The test `gnutls-cli-debug.sh` fails on `osx-64` and `osx-arm64` for **v3.8.7**: `FAIL: gnutls-cli-debug.sh` Is it an issue with a timeout? Or is or something else? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317633072 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 28 11:50:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Jan 2025 10:50:24 +0000 Subject: [gnutls-devel] GnuTLS | Failing tests on macOS osx64 architecture (#1539) In-Reply-To: References: Message-ID: Sacha commented: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317919185 Hi, You can find the logs there https://dev.azure.com/conda-forge/feedstock-builds/_build/results?buildId=1162982&view=logs&j=e0208569-136d-54da-4ec5-14d0e8771cbc&t=25992e30-3e2a-5788-2b3e-e373b0534bf7&l=10573 The error is ``` Checking output of gnutls-cli-debug for TLS1.1 and TLS1.2 server reserved port 10192 Failure: gnutls-cli-debug run should have succeeded! unreserved port 10192 FAIL gnutls-cli-debug.sh (exit status: 1) ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317919185 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 28 12:16:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Jan 2025 11:16:06 +0000 Subject: [gnutls-devel] GnuTLS | Failing tests on macOS osx64 architecture (#1539) In-Reply-To: References: Message-ID: skupr commented: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317972830 If I run `make -j${CPU_COUNT} check gl_public_submodule_commit= TIMEOUT=gtimeout` locally, it succeeds, but it fails on our CI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317972830 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 28 12:21:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Jan 2025 11:21:04 +0000 Subject: [gnutls-devel] GnuTLS | Failing tests on macOS osx64 architecture (#1539) In-Reply-To: References: Message-ID: Sacha commented: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317982048 Also to correct, in the conda-forge CI, only osx-64 fails, osx-arm64 is successful : https://dev.azure.com/conda-forge/feedstock-builds/_build/results?buildId=1162982&view=logs&j=d6b58996-039f-5e48-56bf-c3a016e5cd7f -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1539#note_2317982048 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 28 22:06:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Jan 2025 21:06:32 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) References: Message-ID: Tal Regev created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 Project:Branches: tal.regev/libtasn1:TalR/meson to gnutls/libtasn1:master Author: Tal Regev Add meson build with ci ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jan 28 22:16:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Jan 2025 21:16:42 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) In-Reply-To: References: Message-ID: Tal Regev commented: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2319136825 I cannot run the ci from forked repo. Any help will be appreciate. I checked it on my PR on my repo, and it worked. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2319136825 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 29 04:07:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Jan 2025 03:07:44 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.9 (!1928) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1928 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.9 to gnutls/gnutls:master Author: Daiki Ueno * Release 3.8.9 Signed-off-by: Daiki Ueno * key_share: send illegal_parameter when parsing EC key share fails When the received EC key share is malformed, _gnutls_ecc_ansi_x962_import returns GNUTLS_E_PARSING_ERROR or GNUTLS_E_MEMORY_ERROR, which maps to an internal_error alert. This explicitly return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER to send illegal_parameter instead, in compliance with the RFC. Signed-off-by: Daiki Ueno * m4: update ax_code_coverage.m4 from autoconf-archive Signed-off-by: Daiki Ueno * tests: remove unmatched GCC pragma in tests/test-chains-issuer-aia.h Signed-off-by: Daiki Ueno * build: don't redefine AM_CPPFLAGS in libdane/Makefile.am Signed-off-by: Daiki Ueno ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1928 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 29 10:18:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Jan 2025 09:18:17 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) In-Reply-To: References: Message-ID: Merge request !109 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 Project:Branches: tal.regev/libtasn1:TalR/meson to gnutls/libtasn1:master Author: Tal Regev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 29 10:18:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Jan 2025 09:18:17 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2319864960 We are not going to take on the maintenance cost of having to support another build system. Fixing CI is a good idea, but getting CI to build with both autotools and meson is harder than getting CI to build with autotools. So adding meson only make things harder. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2319864960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 29 20:40:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Jan 2025 19:40:58 +0000 Subject: [gnutls-devel] libtasn1 | Fix pipeline (!110) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/110 Branches: wip to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jan 29 20:41:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Jan 2025 19:41:29 +0000 Subject: [gnutls-devel] libtasn1 | Fix pipeline (!110) In-Reply-To: References: Message-ID: Merge request !110 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/110 Branches: wip to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/110 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 30 10:27:46 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Jan 2025 09:27:46 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) In-Reply-To: References: Message-ID: Tal Regev commented: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2322084299 @jas May I propose to merge this changes to different branch in this repo, that other can use these changes, and when they replace complitly the meson build with autoconf / automake build, you can merge it to master. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2322084299 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 30 10:27:45 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Jan 2025 09:27:45 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) In-Reply-To: References: Message-ID: Merge request !109 was reopened by Tal Regev Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 Project:Branches: tal.regev/libtasn1:TalR/meson to gnutls/libtasn1:master Author: Tal Regev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 30 10:43:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Jan 2025 09:43:55 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) In-Reply-To: References: Message-ID: Merge request !109 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 Project:Branches: tal.regev/libtasn1:TalR/meson to gnutls/libtasn1:master Author: Tal Regev Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jan 30 10:43:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Jan 2025 09:43:55 +0000 Subject: [gnutls-devel] libtasn1 | Add meson build with ci (!109) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2322113984 We are not going to add meson builds without significant upside for doing so, so please maintain such branches externally. The pipeline is now green btw. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/109#note_2322113984 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 00:18:46 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Jan 2025 23:18:46 +0000 Subject: [gnutls-devel] libtasn1 | Fixes (!111) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/111 Branches: wip to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 00:19:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Jan 2025 23:19:50 +0000 Subject: [gnutls-devel] libtasn1 | Fixes (!111) In-Reply-To: References: Message-ID: Merge request !111 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/111 Branches: wip to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/111 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 00:41:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Jan 2025 23:41:33 +0000 Subject: [gnutls-devel] libtasn1 | Fixes (!112) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/112 Branches: wip to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/112 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 01:04:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Jan 2025 00:04:28 +0000 Subject: [gnutls-devel] libtasn1 | Minor fixes for code readability (!113) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/113 Project:Branches: dueno/libtasn1:wip/minor-fixes to gnutls/libtasn1:master Author: Daiki Ueno This is not meant for immediate merge, but maybe a candidate after the next release. ## Checklist * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/113 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 10:32:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Jan 2025 09:32:03 +0000 Subject: [gnutls-devel] libtasn1 | Test merge request for pipeline workflow (!114) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/114 Project:Branches: gsasl/libtasn1:wip to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/114 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 10:43:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Jan 2025 09:43:41 +0000 Subject: [gnutls-devel] libtasn1 | Test merge request for pipeline workflow (!114) In-Reply-To: References: Message-ID: Merge request !114 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/114 Project:Branches: gsasl/libtasn1:wip to gnutls/libtasn1:master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/114 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 10:45:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Jan 2025 09:45:06 +0000 Subject: [gnutls-devel] libtasn1 | Test merge request to rework workflow rules (!115) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/115 Project:Branches: gsasl/libtasn1:wip2 to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 10:52:59 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Jan 2025 09:52:59 +0000 Subject: [gnutls-devel] libtasn1 | Fixes (!112) In-Reply-To: References: Message-ID: Merge request !112 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/112 Branches: wip to master Author: Simon Josefsson Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/112 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 11:06:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Jan 2025 10:06:56 +0000 Subject: [gnutls-devel] GnuTLS | TAG check for extensions (#1652) References: Message-ID: dulanshuangqiao created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1652 ## Description of problem: When importing a certificate with incorrect extension (incorrect TAG) using gnutls_x509_crt_import, only the Subject Alternative Name extension will be processed with a "Error in TAG". Other extensions with incorrect TAG will still be accepted without a "Error in TAG". ## Version of gnutls used: gnutls-cli 3.7.3 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: Steps to Reproduce: * one gnutls_x509_crt_import ## Actual results: Except for SAN, other extensions are not checked ## Expected results: For extensions with incorrect TAG, an error "Error in TAG" is thrown -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1652 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jan 31 11:31:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 31 Jan 2025 10:31:51 +0000 Subject: [gnutls-devel] libtasn1 | Test merge request to rework workflow rules (!115) In-Reply-To: References: Message-ID: Merge request !115 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/115 Project:Branches: gsasl/libtasn1:wip2 to gnutls/libtasn1:master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/115 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: