From gnutls-devel at lists.gnutls.org Tue Jul 1 16:39:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:39:24 +0000 Subject: [gnutls-devel] GnuTLS | tests/tls13-early-data-neg2: avoid a small memory leak (!1969) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/tls13-early-data-neg2.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596816622 > > if (t < 2) { > /* get the session data size */ > + if (session_data.data) > + gnutls_free(session_data.data); I would prefer calling `gnutls_free` unconditionally without the check. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596816622 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:43:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:43:08 +0000 Subject: [gnutls-devel] GnuTLS | tests/tls13-early-data-neg2: avoid a small memory leak (!1969) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/tls13-early-data-neg2.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596830985 > fail("client: unexpected non-zero value of max_early_data_size = %d\n", > (int)gnutls_record_get_max_early_data_size( > session)); > - if (gnutls_record_send_early_data( > - session, EARLY_MSG, > - sizeof(EARLY_MSG)) >= 0) > + do { > + ret = gnutls_record_send_early_data( > + session, EARLY_MSG, > + sizeof(EARLY_MSG)); > + } while (ret == GNUTLS_E_AGAIN || I wonder if this test could be rewritten without fork, so such check would be not necessary in the first place. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596830985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:44:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:44:30 +0000 Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to avoid memory leak (!1963) In-Reply-To: References: Message-ID: All discussions on merge request !1963 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1963 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:44:15 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:44:15 +0000 Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to avoid memory leak (!1963) In-Reply-To: References: Message-ID: Merge request !1963 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963 Project:Branches: JiashengJiang/gnutls:patch13 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:44:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:44:34 +0000 Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to avoid memory leak (!1963) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963#note_2596837838 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963#note_2596837838 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:45:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:45:12 +0000 Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to avoid memory leak (!1963) In-Reply-To: References: Message-ID: Merge request !1963 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963 Project:Branches: JiashengJiang/gnutls:patch13 to gnutls/gnutls:master Author: Jiasheng Jiang -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:48:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:48:06 +0000 Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system profile fallback (!1971) References: Message-ID: Daniel P_ Berrang? created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971 Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master Author: Daniel P_ Berrang? Docs for the system profile fallback syntax accidentally repeated the "@" marker before each keyword. The "@" marker only indicates the start of the profile field, and individual names are merely separated by a comma, per the impl in 6b6d9dd44e. Fixes 6f425b0fd7d860e9d78b7ba0d9c4d3165d824d7c ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:54:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:54:16 +0000 Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system profile fallback (!1971) In-Reply-To: References: Message-ID: Merge request !1971 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971 Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master Author: Daniel P_ Berrang? Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:54:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:54:25 +0000 Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system profile fallback (!1971) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971#note_2596885556 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971#note_2596885556 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 1 16:54:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 01 Jul 2025 14:54:56 +0000 Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system profile fallback (!1971) In-Reply-To: References: Message-ID: Merge request !1971 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971 Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master Author: Daniel P_ Berrang? Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 2 11:44:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 09:44:50 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup2 to gnutls/gnutls:master Author: Daiki Ueno This extends the acceptable formats of ML-DSA private keys to the three formats defined in draft-ietf-lamps-dilithium-certificates-12, section 6, namely: "seed", "expandedKey", and "both". The legacy format compatible with liboqs/oqsprovider is still accepted and the default output format for now. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 2 12:09:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 10:09:56 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598449985 > } > } > > + /* Append an empty publicKey field. > + */ > + result = asn1_write_value(*pkey_info, "publicKey", NULL, 0); I don't think it's mandatory to include it... I'm pretty sure that the test vectors don't have it... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598449985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 2 12:15:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 10:15:39 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) started a new discussion on lib/gnutls.asn: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598466472 > privkey OCTET STRING > } > > +-- Legacy private key format defined in > +-- draft-ietf-lamps-dilithium-certificates-04, section 6 it's not that either, as the liboqs format puts both the private key and public key in the `privateKey` field? Or will gnutls allow a fifth format? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598466472 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 2 12:17:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 10:17:11 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598470657 I do see test keys, but how do we verify that all three result in the same expanded key after loading? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598470657 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 2 12:59:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 10:59:20 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598574402 > } > } > > + /* Append an empty publicKey field. > + */ > + result = asn1_write_value(*pkey_info, "publicKey", NULL, 0); This does not affect the output format, but just indicates that the "publicKey" field is empty. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598574402 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 2 13:01:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 11:01:08 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/gnutls.asn: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598578440 > privkey OCTET STRING > } > > +-- Legacy private key format defined in > +-- draft-ietf-lamps-dilithium-certificates-04, section 6 That depends on whether the "version" field is 0 or 1. If 0, we used to concatenate a private key and a public key; if it is 1, a public key was stored in a separate field. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598578440 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 2 13:01:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 11:01:08 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: All discussions on merge request !1972 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 01:51:39 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 23:51:39 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2600059541 Oh, I forgot to commit the changes to tests/mldsa.sh. Should now be there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2600059541 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 01:52:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 23:52:48 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Reassigned merge request 1972 https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 01:53:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 23:53:05 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 01:53:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 02 Jul 2025 23:53:16 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.10 (Feb 7, 2025?Jul 31, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/48 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 02:07:35 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 00:07:35 +0000 Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system profile fallback (!1971) In-Reply-To: References: Message-ID: Merge request !1971 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971 Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master Author: Daniel P_ Berrang? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 09:11:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 07:11:12 +0000 Subject: [gnutls-devel] GnuTLS | Draft: pubkey: fix byte/bit confusion in public key sizes of ML-DSA (!1973) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master Author: Daiki Ueno This is an encoding counterpart of !1972. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 09:17:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 07:17:18 +0000 Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !1973 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 12:42:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 10:42:55 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2601164994 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2601164994 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 12:42:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 10:42:54 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Merge request !1972 was approved by Alicja Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup2 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alicja Kario (@mention me if you need reply) -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 12:58:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 10:58:12 +0000 Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 was reviewed by Alicja Kario (@mention me if you need reply) -- Alicja Kario (@mention me if you need reply) started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2601200960 > + * parse it manually */ > + if (raw_key->size == 34 && raw_key->data[0] == 0x80 && > + raw_key->data[1] == 0x20) { this is more on the level of a nit than an actual issue, but I think it would be nicer to check if the first byte is `0x80` as that indicates that this is the `[0]` context-specific implicit tag, and only then check for length, and reject it if it is wrong, with a more specific error message -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 12:58:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 10:58:13 +0000 Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2601201014 LGTM, with the exception of that one nit I haven't checked if the test vectors match the drafts or if it interoperates with openssl though -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2601201014 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 12:58:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 10:58:12 +0000 Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Merge request !1973 was approved by Alicja Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 22:16:43 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 20:16:43 +0000 Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust store configuration (#1720) References: Message-ID: Sam Morris created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1720 ## Description of the feature: It would be useful if `gnutls-cli --list-config` would show what trust store option GnuTLS was configured with. Something like: ``` default-trust-store-pkcs11: pkcs11: ``` or ``` default-trust-store-file: /etc/ssl/certs/ca-certificates.crt ``` and so on. ## Applications that this feature may be relevant to: User-facing feature. When I am configuring systems it's useful to be able to check how various TLS libraries are configured. ## Is this feature implemented in other libraries (and which) N/A -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 22:51:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 20:51:56 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: All discussions on merge request !1972 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 3 23:14:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 03 Jul 2025 21:14:21 +0000 Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private keys in CHOICE format (!1972) In-Reply-To: References: Message-ID: Merge request !1972 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup2 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alicja Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 05:51:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 03:51:30 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !1973 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 05:52:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 03:52:40 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602647220 Added some roundtrip tests -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602647220 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 06:37:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 04:37:58 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: All discussions on merge request !1973 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 06:37:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 04:37:57 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602678535 > return ret; > } > > +static int decode_ml_dsa_inner_private_key(const gnutls_datum_t *raw_key, > + size_t raw_pub_size, > + size_t raw_priv_size, > + gnutls_x509_privkey_t pkey) > +{ > + int ret; > + asn1_node inner_asn = NULL; > + > + /* libtasn1 doesn't support encoding instructions in CHOICE, > + * parse it manually */ > + if (raw_key->size == 34 && raw_key->data[0] == 0x80 && > + raw_key->data[1] == 0x20) { I'm afraid that would make the control flow complicated as the other alternatives in the CHOICE is handled in the `else` branch. I'd leave it as is. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602678535 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 08:39:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 06:39:31 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to ML-DSA signature algorithms (!1974) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 Project:Branches: dueno/gnutls:wip/dueno/mldsa-tls-fixes to gnutls/gnutls:master Author: Daiki Ueno The _gnutls_sign_get_hash_strength function previously returned 0 for ML-DSA algorithms, preventing the security level check in certificate signatures. This assigns the collision strength for commitment hashes, as defined in FIPS 204, section 4, table 1. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 08:57:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 06:57:33 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to ML-DSA signature algorithms (!1974) In-Reply-To: References: Message-ID: Reassigned merge request 1974 https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 08:57:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 06:57:32 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to ML-DSA signature algorithms (!1974) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 08:57:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 06:57:55 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 08:57:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 06:57:58 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Reassigned merge request 1973 https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 10:39:15 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 08:39:15 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Merge request !1973 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alicja Kario (@mention me if you need reply) -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 10:39:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 08:39:41 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603041167 Looks nice. No mistakes spotted. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603041167 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 10:52:53 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 08:52:53 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to ML-DSA signature algorithms (!1974) In-Reply-To: References: Message-ID: Merge request !1974 was approved by Alicja Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 Project:Branches: dueno/gnutls:wip/dueno/mldsa-tls-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alicja Kario (@mention me if you need reply) -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 10:52:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 08:52:54 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to ML-DSA signature algorithms (!1974) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974#note_2603066655 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974#note_2603066655 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 11:02:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 09:02:51 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089825 > + > + if (flags & GNUTLS_PKCS_MLDSA_SEED) > + format |= 1 << 0; maybe use enum values instead of magic constants? -- Alexander Sosedkin started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089835 > + ML_DSA_PRIVKEY_FORMAT_SEED, > + ML_DSA_PRIVKEY_FORMAT_EXPANDED, > + ML_DSA_PRIVKEY_FORMAT_BOTH I'd find verifying `ML_DSA_PRIVKEY_FORMAT_BOTH == ML_DSA_PRIVKEY_FORMAT_EXPANDED | ML_DSA_PRIVKEY_FORMAT_SEED` easier if the numbers were spelled out. -- Alexander Sosedkin started a new discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089842 > + "long-option": "key-format", > + "description": "Specify the key format to use on key generation", > + "detail": "This option can be combined with --generate-privkey, to specify\nthe key format to be generated, when the key type is ML-DSA. Valid options are, 'seed', 'expanded', and 'both'.", Should it error out when the key type is not ML-DSA? Just to reduce confusion and to not support ignoring it when it's not. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 11:03:08 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 09:03:08 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603090423 still looks good :smile: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603090423 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 11:16:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 09:16:55 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603142256 > #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY" > #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY" > > +typedef enum ml_dsa_privkey_format_t { > + ML_DSA_PRIVKEY_FORMAT_UNKNOWN = 0, > + ML_DSA_PRIVKEY_FORMAT_SEED, > + ML_DSA_PRIVKEY_FORMAT_EXPANDED, > + ML_DSA_PRIVKEY_FORMAT_BOTH Good idea, rewrote in that way. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603142256 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 11:19:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 09:19:11 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: All discussions on merge request !1973 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 11:19:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 09:19:14 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005 > "detail": "This option can be combined with --generate-privkey, to specify\nthe key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'rsa-oaep', 'dsa', 'ecdsa', 'ed25519, 'ed448', 'x25519', and 'x448'.'.\nWhen combined with certificate generation it can be used to specify an\nRSA-PSS certificate when an RSA key is given.", > "argument-type": "string" > }, > + { > + "long-option": "key-format", > + "description": "Specify the key format to use on key generation", > + "detail": "This option can be combined with --generate-privkey, to specify\nthe key format to be generated, when the key type is ML-DSA. Valid options are, 'seed', 'expanded', and 'both'.", It would be too complicated to implement, as in some cases (e.g., `certtool -k`) the key type is known only after decoding the key itself. I'd leave it as-is, as most of the other options that don't take effect are simply ignored. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 11:35:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 09:35:56 +0000 Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to ML-DSA signature algorithms (!1974) In-Reply-To: References: Message-ID: Merge request !1974 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 Project:Branches: dueno/gnutls:wip/dueno/mldsa-tls-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alicja Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 13:49:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 11:49:04 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Merge request !1973 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alicja Kario (@mention me if you need reply) -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 4 14:13:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 04 Jul 2025 12:13:18 +0000 Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA private keys in CHOICE format (!1973) In-Reply-To: References: Message-ID: Merge request !1973 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Alicja Kario (@mention me if you need reply) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:01:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:01:11 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider (!1975) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:01:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:01:13 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider (!1975) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975 Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-fixes to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich * build: fix build with --with-included-libtasn1 As libminitasn1.la is always built a static library, linking it twice makes linking fail because of duplicated symbols. * pkcs11: stop including The header is unused and causing compile error on macOS homebrew: ``` In file included from p11_pk.c:32: /opt/homebrew/Cellar/nettle/3.10.2/include/nettle/bignum.h:50:11: fatal error: 'gmp.h' file not found # include ^~~~~~~ 1 error generated. ``` ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:47:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:47:17 +0000 Subject: [gnutls-devel] GnuTLS | src/common.c: Move gnutls_free() out of out lable to avoid double free (!1966) In-Reply-To: References: Message-ID: Merge request !1966 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966 Project:Branches: JiashengJiang/gnutls:patch14 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:47:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:47:30 +0000 Subject: [gnutls-devel] GnuTLS | src/common.c: Move gnutls_free() out of out lable to avoid double free (!1966) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966#note_2604423354 Closing as this seems like a non-issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966#note_2604423354 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:48:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:48:51 +0000 Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback.c: Free p and certs on error to avoid memory leak (!1960) In-Reply-To: References: Message-ID: Merge request !1960 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1960 Project:Branches: JiashengJiang/gnutls:patch10 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:49:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:49:10 +0000 Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback.c: Free p and certs on error to avoid memory leak (!1960) In-Reply-To: References: Message-ID: Merge request !1960 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1960 Project:Branches: JiashengJiang/gnutls:patch10 to gnutls/gnutls:master Author: Jiasheng Jiang -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1960 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:49:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:49:58 +0000 Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback-ocsp.c: Free p and certs on error to avoid memory leak (!1958) In-Reply-To: References: Message-ID: Merge request !1958 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1958 Project:Branches: JiashengJiang/gnutls:patch8 to gnutls/gnutls:master Author: Jiasheng Jiang -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1958 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:49:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:49:48 +0000 Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback-ocsp.c: Free p and certs on error to avoid memory leak (!1958) In-Reply-To: References: Message-ID: Merge request !1958 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1958 Project:Branches: JiashengJiang/gnutls:patch8 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:52:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:52:03 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/ext/srp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2604424109 > > priv->password = gnutls_strdup(cred->password); > if (priv->password == NULL) { > + gnutls_free(priv->username); > gnutls_assert(); Not a fault of this MR, but shouldn't we also set `ret` here (e.g., `GNUTLS_E_MEMORY_ERROR`)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2604424109 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:54:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:54:27 +0000 Subject: [gnutls-devel] GnuTLS | lib/x509/x509_ext.c: Add gnutls_free() to avoid memory leak (!1954) In-Reply-To: References: Message-ID: Merge request !1954 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954 Project:Branches: JiashengJiang/gnutls:patch4 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:55:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:55:12 +0000 Subject: [gnutls-devel] GnuTLS | lib/x509/x509_ext.c: Add gnutls_free() to avoid memory leak (!1954) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954#note_2604424677 LGTM, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954#note_2604424677 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:55:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:55:20 +0000 Subject: [gnutls-devel] GnuTLS | lib/x509/x509_ext.c: Add gnutls_free() to avoid memory leak (!1954) In-Reply-To: References: Message-ID: Merge request !1954 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954 Project:Branches: JiashengJiang/gnutls:patch4 to gnutls/gnutls:master Author: Jiasheng Jiang -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:56:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:56:38 +0000 Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add gnutls_free() to avoid memory leak (!1955) In-Reply-To: References: Message-ID: Merge request !1955 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1955 Project:Branches: JiashengJiang/gnutls:patch5 to gnutls/gnutls:master Author: Jiasheng Jiang -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1955 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 5 02:56:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 05 Jul 2025 00:56:27 +0000 Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add gnutls_free() to avoid memory leak (!1955) In-Reply-To: References: Message-ID: Merge request !1955 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1955 Project:Branches: JiashengJiang/gnutls:patch5 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 6 17:33:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Jul 2025 15:33:50 +0000 Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API [BASE+PSK] (!1976) References: Message-ID: David Dudas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976 Project:Branches: d-Dudas/gnutls:dev/ddudas/hpke to gnutls/gnutls:master Author: David Dudas * Porting HPKE - a new adaptation of !1749 by @poenix * Expose HPKE through abstract key API - currently just base + psk. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 01:10:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Jul 2025 23:10:58 +0000 Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust store configuration (#1720) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.10 (Feb 7, 2025?Jul 31, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/48 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 01:10:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Jul 2025 23:10:54 +0000 Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust store configuration (#1720) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1720#note_2606447439 Thank you for the suggestion; that makes sense to me (and would be trivial to implement). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720#note_2606447439 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 01:50:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 06 Jul 2025 23:50:24 +0000 Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API [BASE+PSK] (!1976) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/includes/gnutls/abstract.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2606457953 > gnutls_certificate_print_formats_t format, > gnutls_datum_t *out); > > +int gnutls_privkey_encap(gnutls_pubkey_t pkR, gnutls_datum_t psk, > + gnutls_hpke_mode_t mode, gnutls_pubkey_t *pkE, Although this is suggested in the original issue, I would not hard-wire this API to HPKE, now that we also have ML-KEM. Perhaps `mode` could be turned into a flag, e.g., adding a `gnutls_pk_encapsulate_flags_t`? PSK might deserve a new API function though. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2606457953 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 09:13:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 07:13:22 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider (!1975) In-Reply-To: References: Message-ID: Merge request !1975 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975 Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 09:14:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 07:14:18 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider (!1975) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975#note_2607179250 Thanks for spotting these. Looks good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975#note_2607179250 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 09:44:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 07:44:13 +0000 Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider (!1975) In-Reply-To: References: Message-ID: Merge request !1975 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975 Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-fixes to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 10:10:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 08:10:48 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1977) In-Reply-To: References: Message-ID: Reassigned merge request 1977 https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 Zolt?n Fridrich was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 10:10:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 08:10:50 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1977) References: Message-ID: Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno * Add NEWS entry for the PKCS#11 provider Signed-off-by: Zoltan Fridrich * Add documentation for the pkcs#11-provider Signed-off-by: Zoltan Fridrich ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 10:10:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 08:10:48 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1977) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 10:48:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 08:48:03 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1977) In-Reply-To: References: Message-ID: Merge request !1977 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 10:48:11 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 08:48:11 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1977) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2607597927 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2607597927 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 12:17:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 10:17:07 +0000 Subject: [gnutls-devel] Guile-GnuTLS | 32bit time_t fixes. (!41) In-Reply-To: References: Message-ID: Dariqq commented: https://gitlab.com/gnutls/guile/-/merge_requests/41#note_2607826173 Hi @jas, What do you think of this generally? I am happy to make adjustments but I am not a fan of the tests failing when the platform cannot handle 64bit time_t -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/41#note_2607826173 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 23:48:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 21:48:17 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1978) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978 Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-docs to gnutls/gnutls:master Author: Daiki Ueno This is identical to !1977, but skipping the CI. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 23:49:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 21:49:52 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1977) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2609926080 As the CI is stall because of the usage quota, I've filed !1978 with "[skip ci]". -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2609926080 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 23:49:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 21:49:52 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1977) In-Reply-To: References: Message-ID: Merge request !1977 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 23:51:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 21:51:07 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1978) In-Reply-To: References: Message-ID: Merge request !1978 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978 Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-docs to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 7 23:50:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 21:50:57 +0000 Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider (!1978) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978#note_2609928831 Merging without approval as it has already been reviewed in !1977. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978#note_2609928831 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 01:54:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 07 Jul 2025 23:54:16 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master Author: Daiki Ueno Fixes: #1666, #1694, #1695, #1696, #1718, #1720 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [x] Test suite updated with functionality tests * [x] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 06:14:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 04:14:58 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Alexander Sosedkin and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 06:15:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 04:15:02 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Reassigned merge request 1979 https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 10:44:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 08:44:18 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 was reviewed by Zolt?n Fridrich -- Zolt?n Fridrich started a new discussion on src/certtool-cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611127228 > i = 0; \ > - s_name = malloc(sizeof(char *) * MAX_ENTRIES); \ > + s_name = malloc(MAX_ENTRIES + 1); \ Is this correct? You have removed `sizeof(char *)` which means now you are allocating less, not more. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 11:48:02 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 09:48:02 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on src/certtool-cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611294166 > if (val != NULL) { \ > if (s_name == NULL) { \ > i = 0; \ > - s_name = malloc(sizeof(char *) * MAX_ENTRIES); \ > + s_name = malloc(MAX_ENTRIES + 1); \ Good catch; fixed it and added a test. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611294166 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 11:48:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 09:48:04 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: All discussions on merge request !1979 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 12:13:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 10:13:10 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Merge request !1979 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 12:13:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 10:13:19 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611375366 Looks good now -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611375366 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 16:22:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 14:22:19 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Merge request !1979 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 18:35:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 16:35:10 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2612311577 can't say that I know the C internals to review it properly, but looks good to me otherwise -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2612311577 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 8 18:35:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 08 Jul 2025 16:35:13 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Merge request !1979 was approved by Alicja Kario (@mention me if you need reply) Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 06:04:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 04:04:50 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979) In-Reply-To: References: Message-ID: Merge request !1979 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewers: Alexander Sosedkin and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 06:05:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 04:05:00 +0000 Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust store configuration (#1720) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1979 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1979) Issue #1720: https://gitlab.com/gnutls/gnutls/-/issues/1720 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 08:02:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 06:02:04 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from multiple threads due to TLS 1.3 rekeying (#1717) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 08:04:26 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 06:04:26 +0000 Subject: [gnutls-devel] GnuTLS | [Security] Vulnerability in GnuTLS SCT extension parsing (#1695) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1695#note_2613217799 Fix released in 3.8.10 release. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1695#note_2613217799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 08:05:59 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 06:05:59 +0000 Subject: [gnutls-devel] GnuTLS | [Security] Vulnerability in GnuTLS certtool template parsing (#1696) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1696#note_2613219642 Fix released in 3.8.10. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1696#note_2613219642 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 08:05:35 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 06:05:35 +0000 Subject: [gnutls-devel] GnuTLS | [Security] Vulnerability in GnuTLS otherName SAN export (#1694) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1694#note_2613218857 Fix released in 3.8.10. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1694#note_2613218857 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 08:06:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 06:06:22 +0000 Subject: [gnutls-devel] GnuTLS | NULL pointer deref in _gnutls_figure_common_ciphersuite (#1718) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1718#note_2613220346 Fix released in 3.8.10. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1718#note_2613220346 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 14:08:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 12:08:00 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) References: Message-ID: Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1721 system-override-compress-cert fails for me: ``` FAIL: system-override-compress-cert =================================== ./compress-cert-conf expected to succeed FAIL system-override-compress-cert.sh (exit status: 1) ``` Is the test unable to handle the case where gnutls is built without any of ZLIB / LIBBROTLI / LIBZSTD? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 23:01:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 21:01:38 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Andreas Metzler was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 23:01:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 21:01:38 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Reassigned merge request 1980 https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 9 23:02:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 09 Jul 2025 21:02:04 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Andreas Metzler * tests: skip system-override-compress-cert.sh if no brotli nor zstd * tests: distribute ktls_utils.h * tests: make cert-tests/mldsa.sh work in VPATH build Fixes: #1721 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 11:22:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 09:22:24 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 was reviewed by Andreas Metzler -- Andreas Metzler started a new discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2617181312 > fi > > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)*'; then Due to the "*" at the end of the regex `^Compression: .*COMP-\(BROTLI\|ZSTD\)*` it matches "Compression: COMP-NULL" and the test is not skipped without brotli/zstd. This works for me: `if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 13:03:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 11:03:33 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2617399481 > exit 77 > fi > > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)*'; then Good catch, I actually meant `.*` instead of `*`, but just trimming `*` should be better. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2617399481 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 13:03:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 11:03:34 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: All discussions on merge request !1980 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 13:04:47 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 11:04:47 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617402086 @ZoltanFridrich PTAL (also !1980)? I wonder if it might be possible to construct the test config file based on the result of `gnutls-cli --list`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617402086 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 13:25:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 11:25:07 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617452495 Good point, current version will probably succeed with brotli and zstd enabled and skip when both are missing but will fail if only one of brotli/zstd is enabled. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617452495 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 13:50:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 11:50:07 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617513304 e.g. like this: ```diff --- /tmp/system-override-compress-cert.sh 2025-07-10 13:30:26.254421764 +0200 +++ /tmp/system-override-compress-cert.sh.new 2025-07-10 13:49:34.130769458 +0200 @@ -30,16 +30,21 @@ exit 77 fi -if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then - echo "Not built with brotli and zstd, skipping" 1>&2 - exit 77 -fi - cat <<_EOF_ > ${CONF} [overrides] -cert-compression-alg = brotli -cert-compression-alg = zstd _EOF_ +CLICOMPLIST=`"$CLI" --list | grep '^Compression:'` + +if echo $CLICOMPLIST | grep COMP-BROTLI ; then + echo 'cert-compression-alg = brotli' >> ${CONF} + ANYCOMP=y +fi +if echo $CLICOMPLIST | grep COMP-ZSTD ; then + echo 'cert-compression-alg = zstd' >> ${CONF} +elif [ "x$ANYCOMP" != "xy" ] ; then + echo "Not built with brotli or zstd, skipping" 1>&2 + exit 77 +fi ${TEST} if [ $? != 0 ]; then ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617513304 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 16:54:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 14:54:10 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from multiple threads due to TLS 1.3 rekeying (#1717) In-Reply-To: References: Message-ID: Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2617969375 Do you have any thoughts on how this issue will/should be resolved ? Any insight on this problem may help me decide what short term countermeasures to apply in QEMU for historical gnutls releases -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2617969375 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 21:56:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 19:56:32 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Jiasheng Jiang commented on a discussion on lib/ext/srp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618618670 > > priv->password = gnutls_strdup(cred->password); > if (priv->password == NULL) { > + gnutls_free(priv->username); > gnutls_assert(); Looks good. I have submitted a new commit to set ret here, as well as where priv->username == NULL. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618618670 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 21:56:36 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 19:56:36 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: All discussions on merge request !1956 were resolved by Jiasheng Jiang https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 10 23:40:34 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 10 Jul 2025 21:40:34 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618756150 @JiashengJiang Thank you for the update; could you rebase this against the latest git master? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618756150 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 03:24:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 01:24:58 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: All discussions on merge request !1956 were resolved by Jiasheng Jiang https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 03:24:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 01:24:56 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Jiasheng Jiang commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618932743 No problem. I have rebases this branch. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618932743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 08:03:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 06:03:30 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from multiple threads due to TLS 1.3 rekeying (#1717) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2619430349 Thank you for the detailed report. I agree that this should eventually be addressed in GnuTLS with a private locking mechanism, though the record send state transitions are intricate; I suspect that we could utilize the atomic compare-and-swap pattern for that. As for the workaround, yes, using a ChaCha20-Poly1305 ciphersuite sounds like a good short-term solution, and I can't think of anything else off-hand. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2619430349 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 12:44:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 10:44:10 +0000 Subject: [gnutls-devel] GnuTLS | test sanity-lib.sh failed if tpm2 is built with linked (#1722) References: Message-ID: fundawang created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1722 I'm currently building gnutls 3.8.10 with `--with-tpm2=link`. `sanity-lib.sh` test failed with: ``` 2025-07-11 18:06:44 FAIL: sanity-lib 2025-07-11 18:06:44 ================ 2025-07-11 18:06:44 2025-07-11 18:06:44 libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007f88d1606000) 2025-07-11 18:06:44 gnutls-cli-debug links to other crypto library 2025-07-11 18:06:44 FAIL sanity-lib.sh (exit status: 1) ``` I guess the the failure comes from the fact that tpm2-tss is linked with libcrypto by default. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 14:35:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 12:35:13 +0000 Subject: [gnutls-devel] GnuTLS | test sanity-lib.sh failed if gnutls 3.8.10 is built with linked tpm2-tss (#1722) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1722#note_2620365269 Yes, as for testing, we probably should skip the test if it's linked to tpm2-tss. Otherwise we could take advantage of the recent effort to make TPM2 support self-contained (!1946). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1722#note_2620365269 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 15:07:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 13:07:23 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS doesn't support deriving the public key from the private one in ML-DSA (#1723) References: Message-ID: Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1723 ## Description of problem: When the operation requires presence of both public and private key, and only ML-DSA private key is present, the operation fails ## Version of gnutls used: gnutls-3.8.10 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: Steps to Reproduce: ``` openssl genpkey -algorithm mldsa44 -provparam 'ml-dsa.output_formats=priv-only' -out key.pem cat > template.cfg < From gnutls-devel at lists.gnutls.org Fri Jul 11 20:52:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 18:52:18 +0000 Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc() (!1981) References: Message-ID: Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981 Project:Branches: JiashengJiang/gnutls:patch16 to gnutls/gnutls:master Author: Jiasheng Jiang * fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc() Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference. Fixes: 5bb8a18b0 ("fuzzer: Initial check in for improved fuzzing") Signed-off-by: Jiasheng Jiang ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 21:18:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 19:18:41 +0000 Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982) References: Message-ID: Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982 Project:Branches: JiashengJiang/gnutls:patch17 to gnutls/gnutls:master Author: Jiasheng Jiang * lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths Add gnutls_free() and gnutls_pcert_deinit() in the error paths to avoid potential memory leak. Fixes: 565efaeac ("Implemented support for raw public-key functionality (RFC7250).") Signed-off-by: Jiasheng Jiang ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 22:05:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 20:05:31 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the error path (!1983) References: Message-ID: Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983 Project:Branches: JiashengJiang/gnutls:patch18 to gnutls/gnutls:master Author: Jiasheng Jiang * lib/ext/srp.c: Add gnutls_free() in the error path Add gnutls_free() in the error path to avoid potential memory leak if BUFFER_POP_DATUM fails. Fixes: 8b038ab97 ("The auth_ and ext_ files were moved to respective directories.") Signed-off-by: Jiasheng Jiang ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 22:13:26 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 20:13:26 +0000 Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for gnutls_malloc() (!1984) References: Message-ID: Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984 Project:Branches: JiashengJiang/gnutls:patch19 to gnutls/gnutls:master Author: Jiasheng Jiang * lib/file.c: Add check for gnutls_malloc() Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference. Fixes: d1428c0f9 ("helper.c -> file.c") Signed-off-by: Jiasheng Jiang ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 11 23:04:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 21:04:51 +0000 Subject: [gnutls-devel] Guile-GnuTLS | 32bit time_t fixes. (!41) In-Reply-To: References: Message-ID: Merge request !41 was closed by Simon Josefsson Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/41 Project:Branches: Dariqq/guile:fix-32bit-time_t to gnutls/guile:master Author: Dariqq Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/41 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 12 00:25:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 11 Jul 2025 22:25:03 +0000 Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for gnutls_strdup() (!1985) References: Message-ID: Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985 Project:Branches: JiashengJiang/gnutls:patch20 to gnutls/gnutls:master Author: Jiasheng Jiang * lib/hello_ext.c: Add check for gnutls_strdup() Add check for the return value of gnutls_strdup() to avoid potential NULL pointer dereference. Fixes: 5bba569b4 ("gnutls_session_ext_register: keep track of extension name") Signed-off-by: Jiasheng Jiang ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 12 05:45:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Jul 2025 03:45:10 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Sam James started a new discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2623065262 > exit 77 > fi > > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then I see a failure on one machine with your patch applied where I built gnutls with zlib, zstd, but not brotli: ``` FAIL: system-override-compress-cert | =================================== | | Compression: COMP-NULL, COMP-ZLIB, COMP-ZSTD | ./compress-cert-conf expected to succeed | FAIL system-override-compress-cert.sh (exit status: 1) ``` I think the grep just checks for _either_ BROTLI or _ZSTD_, it doesn't require both? On another machine where I had zlib but not zstd or brotli, it failed before your patch, and works with it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2623065262 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 12 13:11:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Jul 2025 11:11:10 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2623280040 Looking at tests/tls13/compress-cert-conf.c Line62 https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/test-fixes/tests/tls13/compress-cert-conf.c#L62 we find: ```c /* check BROTLI number */ if (msg->data[0] == 0x00 && msg->data[1] == 0x02) client_ok = 1; ``` which suggests that the test can only succeed if brotli is available and I think I am seeing this behavior. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2623280040 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 12 14:38:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Jul 2025 12:38:21 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for gnutls_malloc() (!1986) References: Message-ID: Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986 Project:Branches: JiashengJiang/gnutls:patch21 to gnutls/gnutls:master Author: Jiasheng Jiang * lib/nettle/pk.c: Add check for gnutls_malloc() Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference. Fixes: 1fb6d1b57 ("fips140-2: moved PCT-test in wrap_nettle_generate_keys") Signed-off-by: Jiasheng Jiang ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 12 22:01:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Jul 2025 20:01:33 +0000 Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API [BASE+PSK] (!1976) In-Reply-To: References: Message-ID: All discussions on merge request !1976 were resolved by David Dudas https://gitlab.com/gnutls/gnutls/-/merge_requests/1976 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 12 23:57:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 12 Jul 2025 21:57:49 +0000 Subject: [gnutls-devel] GnuTLS | .github/workflows: use macos-latest runner (a641d468) In-Reply-To: References: Message-ID: Sherxon Kenjayev commented: https://gitlab.com/gnutls/gnutls/-/commit/a641d468ec7de0449148904d459950e3a1fd15fd#note_2623477661 git at gitlab.com:gnutls/gnutls.git -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/a641d468ec7de0449148904d459950e3a1fd15fd#note_2623477661 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 13 11:01:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 13 Jul 2025 09:01:20 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1987) References: Message-ID: fundawang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987 Project:Branches: fundawang/gnutls:master to gnutls/gnutls:master Author: fundawang * tests: only do sanity-lib test when tpm-tss is dlopened (#1722) ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [x] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 13:04:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 11:04:18 +0000 Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22 (#1724) References: Message-ID: Karthikdasari0423 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1724 ## Description of problem: Tried to build gnutls using ./bootstrap ./configure make ## Version of gnutls used: Used master. Able to build on 3.8.10 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubunut root at ubuntu:~/gnutls# cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.5 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.5 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy root at ubuntu:~/gnutls# ## How reproducible: Steps to Reproduce: git clone https://gitlab.com/gnutls/gnutls.git cd gnutls/ ./bootstrap ./configure make ## Actual results: CC vko.lo CC tpm2/tpm2.lo CC tpm2/tpm2_esys.lo In file included from tpm2/tpm2_esys.c:90: ./dlwrap/tss2_esysfuncs.h:19:68: error: unknown type name 'ESYS_CRYPTO_CALLBACKS' 19 | FUNC(TSS2_RC, Esys_SetCryptoCallbacks, (ESYS_CONTEXT *esysContext, ESYS_CRYPTO_CALLBACKS *callbacks), (esysContext, callbacks)) | ^~~~~~~~~~~~~~~~~~~~~ ./dlwrap/tss2_esys.h:16:36: note: in definition of macro 'FUNC' 16 | ret gnutls_tss2_esys_func_##name args; | ^~~~ make[4]: *** [Makefile:3704: tpm2/tpm2_esys.lo] Error 1 make[4]: Leaving directory '/root/gnutls/lib' make[3]: *** [Makefile:3809: all-recursive] Error 1 make[3]: Leaving directory '/root/gnutls/lib' make[2]: *** [Makefile:3280: all] Error 2 make[2]: Leaving directory '/root/gnutls/lib' make[1]: *** [Makefile:2917: all-recursive] Error 1 make[1]: Leaving directory '/root/gnutls' make: *** [Makefile:2842: all] Error 2 root at ubuntu:~/gnutls# git log commit eba5229a603a989ab79b2111a74366b46e11d629 (HEAD -> master, origin/master, origin/HEAD) Merge: 8a36455fd 017cab7da Author: Daiki Ueno Date: Fri Jul 11 18:29:22 2025 +0900 Merge branch 'ddudas/tpm2-switch-crypto-backend' into 'master' Make TPM2 support self-contained See merge request gnutls/gnutls!1946 ## Expected results: Expected to build sucesfully. Am I missing anything here? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 14:02:35 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 12:02:35 +0000 Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22 (#1724) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625582047 Thank you for the report. @d-Dudas could you take a look? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625582047 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 14:06:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 12:06:28 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2625590799 Yeah, thank you for tracking it down. In that case I would say it's simpler to just require brotli in the shell-script wrapper. I've updated !1980 along these lines. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2625590799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 14:39:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 12:39:48 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) References: Message-ID: Karthik Das created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 Project:Branches: devkdas/gnutls:fix-#1724 to gnutls/gnutls:master Author: Karthik Das * Update 15 files - /configure.ac - /lib/dlwrap/tss2_esysfuncs.h - /lib/tpm2/callbacks/aes/aes_callbacks.c - /lib/tpm2/callbacks/aes/aes_callbacks.h - /lib/tpm2/callbacks/ecdh/ecdh_callbacks.c - /lib/tpm2/callbacks/ecdh/ecdh_callbacks.h - /lib/tpm2/callbacks/esys_crypto_callbacks.c - /lib/tpm2/callbacks/hash/hash_callbacks.c - /lib/tpm2/callbacks/hash/hash_callbacks.h - /lib/tpm2/callbacks/hmac/hmac_callbacks.c - /lib/tpm2/callbacks/hmac/hmac_callbacks.h - /lib/tpm2/callbacks/random/random_callbacks.c - /lib/tpm2/callbacks/random/random_callbacks.h - /lib/tpm2/callbacks/rsa/rsa_callbacks.c - /lib/tpm2/callbacks/rsa/rsa_callbacks.h ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 15:26:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 13:26:14 +0000 Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22 (#1724) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625774457 Can you review https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 @d-Dudas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625774457 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 17:10:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 15:10:18 +0000 Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22 (#1724) In-Reply-To: References: Message-ID: David Dudas commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626052417 Yes, it seems like I should have done what @devkdas did in !1988 to make sure that the crypto callbacks API is available. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626052417 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 18:10:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 16:10:06 +0000 Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22 (#1724) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626198802 Can you commit https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626198802 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 14 18:16:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 16:16:33 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from multiple threads due to TLS 1.3 rekeying (#1717) In-Reply-To: References: Message-ID: Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2626211458 FYI, we have now identified a reliable way to get GNUTLS to cause a SEGV under QEMU, not merely an error return code from gnutls_record_send|recv - it requires QEMU to trigger a rekey *twice* in outbound data stream, before QEMU starts sending on the return data stream. I've not yet been able to figure out a reproducer for this in a standalone demo program unfortunately. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2626211458 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 15 01:06:46 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 14 Jul 2025 23:06:46 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2626918492 > + AC_CHECK_DECL([Esys_SetCryptoCallbacks], [ > + AC_DEFINE([HAVE_ESYS_SETCRYPTOCALLBACKS], 1, [Define if Esys_SetCryptoCallbacks is available]) > + ], [], [[#include ]]) Can't we simply use `AC_CHECK_FUNCS`? ```suggestion:-2+0 AC_CHECK_FUNCS([Esys_SetCryptoCallbacks]) ``` -- Daiki Ueno started a new discussion on lib/tpm2/callbacks/aes/aes_callbacks.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2626918511 > #define GNUTLS_LIB_TPM2_AES_CALLBACKS_H > > +#ifdef HAVE_ESYS_SETCRYPTOCALLBACKS You might want to add an Automake conditional and exclude compilation of those *_callbacks.c at https://gitlab.com/gnutls/gnutls/-/blob/master/lib/Makefile.am?ref_type=heads#L140 something like: ```make if ENABLE_TPM2 COBJECTS += tpm2/tpm2.c tpm2/tpm2.h tpm2/tpm2_esys.c if NEED_ESYS_CRYPTO_CALLBACKS COBJECTS += tpm2/callbacks/esys_crypto_callbacks.h tpm2/callbacks/esys_crypto_callbacks.c ... endif ... endif ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 15 04:24:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Jul 2025 02:24:57 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Karthik Das commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627052780 > CFLAGS="$save_CFLAGS" > ]) > > +AS_IF([test -n "$tss2lib"], [ > + # Check for Esys_SetCryptoCallbacks availability > + save_LIBS=$LIBS > + save_CFLAGS=$CFLAGS > + LIBS="$LIBS $TSS2_ESYS_LIBS" > + CFLAGS="$CFLAGS $TSS2_ESYS_CFLAGS" > + AC_CHECK_DECL([Esys_SetCryptoCallbacks], [ > + AC_DEFINE([HAVE_ESYS_SETCRYPTOCALLBACKS], 1, [Define if Esys_SetCryptoCallbacks is available]) > + ], [], [[#include ]]) You are right. ```AC_CHECK_FUNCS``` would be simpler, cleaner and more appropriate -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627052780 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 15 06:54:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Jul 2025 04:54:17 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627171034 Can you review again @dueno ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627171034 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 15 07:39:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Jul 2025 05:39:13 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: David Dudas started a new discussion on lib/tpm2/callbacks/aes/aes_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627205220 > > #include "config.h" > > +#ifdef HAVE_ESYS_SETCRYPTOCALLBACKS > + Since these callbacks files won't be added to `COBJECT` in Makefile.am, we might not need to keep these condition in each callback file. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627205220 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 15 11:42:23 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Jul 2025 09:42:23 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2627728444 Hmm, this is still there: ```sh if ! "$CLI" --list | grep '^Compression: .*COMP-ZSTD'; then echo "Not built with zstd, skipping" 1>&2 exit 77 fi ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2627728444 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 15 16:51:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Jul 2025 14:51:55 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for gnutls_malloc() (!1986) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2628595506 > me = _gnutls_dsa_q_to_hash(params, &hash_len); > spki.dsa_dig = MAC_TO_DIG(me->id); > gen_data = gnutls_malloc(hash_len); > + if (gen_data == NULL) { I suspect we might not need to allocate this buffer in the first place, as it is 64-byte at maximum (see `MAX_HASH_SIZE`), and other branches in this function uses a statically allocated buffer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2628595506 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 15 16:52:59 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 15 Jul 2025 14:52:59 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Merge request !1956 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 Project:Branches: purdue-university1/gnutls:patch6 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 16 03:11:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Jul 2025 01:11:56 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: add function to get record_size_limit (!1989) References: Message-ID: Wilfred Mallawa created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989 Project:Branches: twilfredo/gnutls:wilfred/record-size-tls-test to gnutls/gnutls:master Author: Wilfred Mallawa * Add function to get record_size_limit Currently the kernel has no way of receiving the record size limit specified by an endpoint, and as such, it defaults to using the maximum 16K size. This is problematic if an endpoint specifies a lower limit during the handshake in the record size limit extension, as the kernel will not respect this constraint. This patch adds a new function to record_size_limit extension library to extract the endpoints maximum record size limit if negotiated. This can be used by tlshd [1] to pass this information to the kernel [2], such that the kernel can respect record size constrains of the endpoint. Signed-off-by: Wilfred Mallawa [1] tlshd integration: https://github.com/twilfredo/ktls-utils/commits/wilfred/record-size-tls-test/ [2] kernel integration: https://github.com/twilfredo/spdm-linux/commits/wilfred/record-size-tls-test/ ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 16 03:29:17 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Jul 2025 01:29:17 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: All discussions on merge request !1964 were resolved by Maxim Cournoyer https://gitlab.com/gnutls/gnutls/-/merge_requests/1964 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 16 03:29:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Jul 2025 01:29:18 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: Maxim Cournoyer commented on a discussion on bootstrap: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2629697464 > #! /bin/sh > # Print a version string. > -scriptversion=2020-11-18.17; # UTC > +scriptversion=2025-02-08.16; # UTC Thanks, I've submitted a patch including the above to bug-gnulib at gnu.org and dropped this change from this series. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2629697464 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 16 13:23:10 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 16 Jul 2025 11:23:10 +0000 Subject: [gnutls-devel] GnuTLS | gnutls-cli reports bad values for the "Ephemeral EC Diffie-Hellman parameters" with hybrid ML-KEM (#1725) References: Message-ID: Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1725 ## Description of problem: When `gnutls-cli` is used for a connection that negotiates one of the hybrid groups with ML-KEM, the values reported by it are invalid/incorrect ## Version of gnutls used: gnutls-3.8.10-1.el10.x86_64 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) RHEL ## How reproducible: 1. Start TLS server with support for hybrid ML-KEM groups (like `x25519mlkem768`) 2. Connect with `gnutls-cli --resume` ## Actual results: ``` ... - Status: The certificate is trusted. - Description: (TLS1.3-X.509)-(HYBRID-X25519-MLKEM768)-(ML-DSA-44)-(AES-256-GCM) - Session ID: EE:A3:8B:EA:49:5A:AB:86:89:29:D8:55:AB:E1:D4:8B:D8:22:90:52:E9:8C:98:E6:86:B6:00:A3:10:51:EA:CE - Ephemeral EC Diffie-Hellman parameters - Using curve: (null) - Curve size: 0 bits - Version: TLS1.3 - Server Signature: ML-DSA-44 - Cipher: AES-256-GCM - MAC: AEAD - Options: - Channel bindings - 'tls-unique': not available - 'tls-server-end-point': - 'tls-exporter': baa413b2c015a4ee708d1725a30bcf029c55a056cbad32d1f7e452589edbf4b2 - Handshake was completed client hello - Disconnecting - Connecting again- trying to resume previous session Resolving 'localhost:4433'... Connecting to '::1:4433'... - Description: (TLS1.3-X.509)--(AES-256-GCM) - Session ID: EE:A3:8B:EA:49:5A:AB:86:89:29:D8:55:AB:E1:D4:8B:D8:22:90:52:E9:8C:98:E6:86:B6:00:A3:10:51:EA:CE - Ephemeral EC Diffie-Hellman parameters - Using curve: (null) - Curve size: 0 bits - Version: TLS1.3 - Cipher: AES-256-GCM - MAC: AEAD - Options: - Channel bindings - 'tls-unique': not available - 'tls-server-end-point': - 'tls-exporter': 95380f62755f0e45c75ae786a5fb77bf95e8a4323f9687eb81cb280d2d514f77 - Resume Handshake was completed *** This is a resumed session - Simple Client Mode: - Sent: 13 bytes - Received[13]: server hello ``` ## Expected results: 1. Both connections should either omit the "Ephemeral EC Diffie-Hellman parameters" or update them so that they report the used KEX method correctly 2. the resumed session "Description:" field doesn't report that it is using `(HYBRID-X25519-MLKEM768)`, despite the server performing a `psk_dhe_ke` resumption, not a `psk_ke` (both `pre_shared_key` and `key_share` are present in the ServerHello message) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1725 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 17 08:15:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 17 Jul 2025 06:15:18 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: add function to get record_size_limit (!1989) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1989 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/ext/record_size_limit.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989#note_2632603435 > + * Since: 3.8.10 > + **/ > +int gnutls_record_get_record_size_limit(gnutls_session_t session, size_t *size) Although `record_size_limit` is more recently introduced than `max_fragment_length` (in lib/ext/max_record.c), we already have a couple of accessors to the internal limits in lib/ext/max_record.c, e.g., `gnutls_record_get_max_size`. Can we add it there? Also, as the maximum is 16K, I would return `ssize_t` instead of storing it through a pointer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 19 00:15:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 18 Jul 2025 22:15:51 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990 Project:Branches: dueno/gnutls:wip/dueno/rekey to gnutls/gnutls:master Author: Daiki Ueno While RFC 8446 4.6.3 says the sender of a KeyUpdate message should only update its sending key and the receiving key should be updated after receiving a KeyUpdate message from the peer, the previous implementation assumed that the peer also requests a rekey and updated the sending and receiving keys altogether. This split the updating logic into 2 phases: when sending a KeyUpdate, only update the sending key, and when receiving a KeyUpdate, only updating the receiving key. In both cases, KeyUpdate messages are encrypted/decrypted in the old keys. Partially fixes: #1717 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 19 00:20:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 18 Jul 2025 22:20:51 +0000 Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from multiple threads due to TLS 1.3 rekeying (#1717) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2636736894 I took a closer look at it and now suspect a logic error in the current key update code, not related to threading. The "decryption failed" errors indicate that the receiver of the message doesn't have the correct decryption key yet, and this is the case when the peer sends a data encrypted with an old key, while the receiving key is already updated. I tried to rework the logic to be more in line with the RFC (!1990), and it seems to fix the errors in the reproducer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2636736894 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 19 10:26:18 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 19 Jul 2025 08:26:18 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: Maxim Cournoyer commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637611547 I'm not sure why the last commit fails the commit check? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637611547 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 19 13:55:04 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 19 Jul 2025 11:55:04 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637657144 Afaict it has not _failed_ the commit-check but the job is _stuck_ at "pending". Gitlabs says: ``` This job is stuck because of one of the following problems. There are no active runners online, no runners for the protected branch , or no runners that match all of the job's tags: gnutls ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637657144 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Jul 19 15:38:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 19 Jul 2025 13:38:24 +0000 Subject: [gnutls-devel] GnuTLS | Trying to access a certain subdomain results in a stack overflow. (#1726) References: Message-ID: Qriist created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1726 ## Description of problem: Note: I first became aware of this issue trying to solve a WolfSSL issue, and then I engaged with curl's devs to further diagnose the problem. I recommend reading them for full context. https://github.com/wolfSSL/wolfssl/issues/9016 https://github.com/curl/curl/issues/17965 Somewhere between GnuTLS and libcurl there is an exception thrown when trying to access any url on [https://collectionapi.metmuseum.org](https://collectionapi.metmuseum.org). The curl devs alerted me to a broken SSL certificate chain via https://www.ssllabs.com/ssltest/analyze.html?d=collectionapi.metmuseum.org&latest Unfortunately, it is not yet clear to me which side of the equation, libcurl or GnuTLS, is actually throwing the error. However, the error does not occur on the curl dev's macOS machine so it's likely something Windows-specific. ## Version of gnutls used: 3.8.7 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Windows vcpkg ## How reproducible: 100% Steps to Reproduce: * use vcpkg to build libcurl with gnutls flag enabled * initialize libcurl with the gnutls backend * point libcurl at https://collectionapi.metmuseum.org and run the transfer ## Actual results: GnuTLS/libcurl immediately generates Windows exception 0xc0000fd (`STATUS_STACK_OVERFLOW`). I do have captured debug information that may help: ``` Host collectionapi.metmuseum.org:443 was resolved. IPv6: (none) IPv4: 45.60.77.20 Trying 45.60.77.20:443... GnuTLS priority: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0 ALPN: curl offers h2,http/1.1 found 143 certificates in C:\Projects\LibQurl\bin\curl-ca-bundle.crt ``` Based on my testing against another website, the error happens right before libcurl would record (something similar to) `SSL connection using TLS1.3 / ECDHE_RSA_AES_256_GCM_SHA384`. ## Expected results: not that -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1726 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 20 02:56:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Jul 2025 00:56:40 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: Maxim Cournoyer commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639521771 Indeed, I got confused with the result of earlier runs. I guess we just need to wait for someone to manually allocate/start the build? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639521771 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 20 10:48:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Jul 2025 08:48:40 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: Maxim Cournoyer commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639763300 Hm, now it does fail at the commit check, but for unknown reasons: > There has been a timeout failure or the job got stuck. Check your timeout limits or try again -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639763300 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 20 15:36:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Jul 2025 13:36:03 +0000 Subject: [gnutls-devel] GnuTLS | Trying to access a certain subdomain results in a stack overflow. (#1726) In-Reply-To: References: Message-ID: Qriist commented: https://gitlab.com/gnutls/gnutls/-/issues/1726#note_2639942382 I managed to get a stack trace of the exception. Hope that helps. :) ``` Exception #: 0XC00000FD Stack: hogweed_6!nettle_ed448_shake256_verify+0x277 hogweed_6!nettle_pss_verify_mgf1+0x7a hogweed_6!nettle_rsa_pss_sha256_verify_digest+0x6b gnutls!gnutls_session_ticket_enable_server+0x797e gnutls!gnutls_pubkey_encrypt_data+0x7d3 gnutls!gnutls_pubkey_encrypt_data+0xe27 gnutls!gnutls_pubkey_verify_data2+0x28d gnutls!gnutls_transport_set_errno_function+0x264c gnutls!gnutls_anti_replay_set_add_function+0x3051 gnutls!gnutls_get_library_config+0xb67 gnutls!gnutls_handshake_set_timeout+0x8cd gnutls!gnutls_handshake+0x208 libcurl!curl_ws_send+0x7124 libcurl!curl_ws_send+0x68ab libcurl!curl_ws_send+0x1357f libcurl!curl_free+0x9f1 libcurl+0x7b4e libcurl+0xbff3 libcurl!curl_multi_wakeup+0xe19 libcurl!curl_multi_perform+0xda libcurl!curl_global_trace+0x1e4 AutoHotkey64+0xc65d1 AutoHotkey64+0x25de5 AutoHotkey64+0x27ad3 AutoHotkey64+0x7b217 AutoHotkey64+0x9e8e4 AutoHotkey64+0x78862 AutoHotkey64+0x7c323 AutoHotkey64+0x5f1c1 AutoHotkey64+0x7be7a AutoHotkey64+0x7b412 AutoHotkey64+0x9e8e4 AutoHotkey64+0x9897b AutoHotkey64+0x9740e AutoHotkey64+0x78862 AutoHotkey64+0x7c323 AutoHotkey64+0x604fb AutoHotkey64+0x7be7a AutoHotkey64+0x7b412 AutoHotkey64+0x9e8e4 AutoHotkey64+0x9897b AutoHotkey64+0x9740e AutoHotkey64+0x78862 AutoHotkey64+0x7c323 AutoHotkey64+0x5f1c1 AutoHotkey64+0x7be7a AutoHotkey64+0x7b412 AutoHotkey64+0x9e8e4 AutoHotkey64+0x9897b AutoHotkey64+0x9740e AutoHotkey64+0x78862 AutoHotkey64+0x7c323 AutoHotkey64+0x5f1c1 AutoHotkey64+0x489e4 AutoHotkey64+0x51c6 AutoHotkey64+0x4e40 AutoHotkey64+0xc6b16 KERNEL32!BaseThreadInitThunk+0x14 ntdll!RtlUserThreadStart+0x21 ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1726#note_2639942382 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 20 23:14:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Jul 2025 21:14:00 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for gnutls_malloc() (!1986) In-Reply-To: References: Message-ID: All discussions on merge request !1986 were resolved by Jiasheng Jiang https://gitlab.com/gnutls/gnutls/-/merge_requests/1986 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Jul 20 23:14:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 20 Jul 2025 21:14:00 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for gnutls_malloc() (!1986) In-Reply-To: References: Message-ID: Jiasheng Jiang commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2640075368 > me = _gnutls_dsa_q_to_hash(params, &hash_len); > spki.dsa_dig = MAC_TO_DIG(me->id); > gen_data = gnutls_malloc(hash_len); > + if (gen_data == NULL) { Thank you. I have submitted a new commit to replace with a statically allocated buffer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2640075368 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 21 04:28:54 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Jul 2025 02:28:54 +0000 Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: add function to get record_size_limit (!1989) In-Reply-To: References: Message-ID: Wilfred Mallawa commented on a discussion on lib/ext/record_size_limit.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989#note_2640197789 > + > +/** > + * gnutls_record_get_record_size_limit: > + * @session: is a #gnutls_session_t type. > + * @size: is the new size > + * > + * Get the max record send size. The maximum record send size is > + * advertised by the server during a handshake. > + * > + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, > + * If the server record size limit is not specified an error > + * is returned. > + * > + * Since: 3.8.10 > + **/ > +int gnutls_record_get_record_size_limit(gnutls_session_t session, size_t *size) @dueno thanks for the suggestions! I have applied those changes. Let me know if you have any further thoughts on this. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989#note_2640197789 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 21 16:25:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 21 Jul 2025 14:25:40 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2641582799 I've tested this patch with QEMU and it fixes both problems I observed - the unexpected error codes when trying bidirectional I/O after the first rekey, and SEGVs when trying bidirectional I/O after the second rekey. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2641582799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 03:54:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 01:54:41 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Franti?ek Kren?elok and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 03:56:03 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 01:56:03 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2642521660 Thank you for the confirmation, Daniel. @FrantisekKrenzelok could you take a look? This also fixes a state transition in the KTLS code path. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2642521660 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 03:56:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 01:56:55 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 10:21:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 08:21:33 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 Project:Branches: dueno/gnutls:wip/dueno/ci-optimize to gnutls/gnutls:master Author: Daiki Ueno This attempts to lower the number of builds required in the CI pipeline, by: - Make `AGGRESSIVE_REALLOC` controllable through an envvar, merging `UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc` into `UB+ASAN-Werror.Fedora.x86_64.gcc` - In the sanitizer build, do not build twice with/without `--with-default-trust-store-pkcs11=pkcs11:` - Pull in leancrypto from a COPR through build-images, rather than building it from git checkout - Enable leancrypto in `fedora/build`, as it is the default in Fedora - Drop `fedora-leancrypto/build-fips`, as `fedora/build` also has `--with-leancrypto` - Drop `fedora-FIPS140-2/build`, as `fedora/build` also has `--enable-fips140-mode` - Drop `fedora-notools/build`, as `fedora-minimal/build` would be sufficient - Temporarily disable `fedora-nettle/build` and `fedora-nettle-minigmp/build`, as Nettle is currently pinned to 3.10 until GnuTLS supports Nettle 4 API It would removes roughly 9 targets in the "build" stage. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 10:45:56 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 08:45:56 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Franti?ek Kren?elok commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643050665 LGTM, tested kTLS rekey and it passes -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643050665 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 10:52:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 08:52:09 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643064777 > #endif > > + e = secure_getenv("GNUTLS_BUFFER_RECLAIM"); Can we have rather hide this runtime selection itself behind some compile feature/define? I'd rather not have this behaviour and the switching overhead in the normal builds. -- Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643064797 > + KTLS: [0, 1] > + - GNUTLS_FORCE_FIPS_MODE: 0 > + TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" hope that won't leak into job names or something :sweat_smile: otherwise might need a shorter value and a bit of indirection -- Alexander Sosedkin started a new discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643064806 > Pull in leancrypto from a COPR through build-images, rather than building it from git checkout Could you please link to that change? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 11:25:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 09:25:06 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643146001 > bindtextdomain(PACKAGE, LOCALEDIR); > #endif > > + e = secure_getenv("GNUTLS_BUFFER_RECLAIM"); I don't think that would make much sense. The idea behind the whole rework is to reuse the default Fedora build as much as possible. If we introduce such compile option, we probably want to disable it in the default Fedora build, and that could create a divergence. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643146001 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 11:31:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 09:31:09 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643161291 Sorry, I forgot to push the change to build-images, but just `podman push`ed to the registry. Here is the Dockerfile change: https://gitlab.com/gnutls/build-images/-/commit/91a22e107d5ef97d31d14f5ca87661a14bbcc7f8 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643161291 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 11:38:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 09:38:32 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Merge request !1990 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990 Project:Branches: dueno/gnutls:wip/dueno/rekey to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Alexander Sosedkin, Franti?ek Kren?elok, and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 11:39:00 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 09:39:00 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643180375 Change looks nice, no issues found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643180375 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 11:41:26 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 09:41:26 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 was reviewed by Alexander Sosedkin -- Alexander Sosedkin commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643185570 > #endif > > + e = secure_getenv("GNUTLS_BUFFER_RECLAIM"); How about having it compiled=on runtimedefault=off in fedora CI build and compiled=off in some other CI build? -- Alexander Sosedkin commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643185595 > + KTLS: [0, 1] > + - GNUTLS_FORCE_FIPS_MODE: 0 > + TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" and it did leak, and the `[0, 0]` / `[0, GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024]` names are rather unintuitive... WDYT about having variables with descriptive values like `FIPS=fips`, `KTLS=no-ktls` and then converting them to `GNUTLS_FORCE_FIPS_MODE=1` and `KTLS=0` in the shell script? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 11:41:26 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 09:41:26 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Merge request !1991 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 Project:Branches: dueno/gnutls:wip/dueno/ci-optimize to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 11:51:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 09:51:51 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643207732 FYI, on longer tests with QEMU, I'm seeing a possible issue with a failure of the TLS session after transferring 480 GB of data. I'm trying to confirm whether it is definitely related to this patch or not, but it is a slow process as it takes about 1.5 hours to reproduce each time. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643207732 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 12:00:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 10:00:16 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643228363 > + ktls = true > + EOF > + else > + rm -f /etc/crypto-policies/local.d/gnutls-ktls.config > + fi > update-crypto-policies > echo "SYSTEM=NORMAL" >> tests/system.prio > - make -j$CHECKJOBS check > + parallel: > + matrix: > + - GNUTLS_FORCE_FIPS_MODE: 0 > + KTLS: [0, 1] > + - GNUTLS_FORCE_FIPS_MODE: 1 > + KTLS: [0, 1] > + - GNUTLS_FORCE_FIPS_MODE: 0 > + TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" Thanks; updated along those lines. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643228363 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 12:03:41 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 10:03:41 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: All discussions on merge request !1991 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 12:03:40 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 10:03:40 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643237813 > bindtextdomain(PACKAGE, LOCALEDIR); > #endif > > + e = secure_getenv("GNUTLS_BUFFER_RECLAIM"); I would say that's too complicated; similar to `--enable-fips140-mode`, I don't see much benefit of turning it off in some builds. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643237813 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 12:20:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 10:20:06 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283092 > fi > update-crypto-policies > echo "SYSTEM=NORMAL" >> tests/system.prio > + - | case "$FIPS" in > + fips) > + GNUTLS_FORCE_FIPS_MODE=1 > + ;; > + no-fips) > + GNUTLS_FORCE_FIPS_MODE=0 > + ;; > + - | case "$PQC" in > + pqc) > + TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" `=`, not `:`. also, `export`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283092 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 12:20:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 10:20:32 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283957 > + TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" > + ;; > + no-pqc) > + ;; > - make -j$CHECKJOBS check > parallel: > matrix: > - - GNUTLS_FORCE_FIPS_MODE: 0 > - KTLS: [0, 1] > - - GNUTLS_FORCE_FIPS_MODE: 1 > - KTLS: [0, 1] > - - GNUTLS_FORCE_FIPS_MODE: 0 > - TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" > - - GNUTLS_FORCE_FIPS_MODE: 1 > - TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" > + - FIPS: [fips, no-fips] it went from 6 combinations to 8, was that intended? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283957 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 12:43:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 10:43:29 +0000 Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643332860 > fi > update-crypto-policies > echo "SYSTEM=NORMAL" >> tests/system.prio > + - | case "$FIPS" in > + fips) > + GNUTLS_FORCE_FIPS_MODE=1 > + ;; > + no-fips) > + GNUTLS_FORCE_FIPS_MODE=0 > + ;; > + - | case "$PQC" in > + pqc) > + TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024" Indeed, fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643332860 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 13:39:07 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 11:39:07 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643460573 Yes, while this MR fixes the stated bug, it also introduces a new regression. In QEMU's migration flow, we have massive data volumes in one direction, and very very tiny data in the other direction. So with this MR applied, on the client side QEMU, GNUTLS will repeatedly initiate rekeying of the sending keys, but will never see a request from the server for rekey of the receiving key. When GNUTLS tries to rekey the sending key for the 15th time, it will return `GNUTLS_E_INVALID_REQUEST` from `gnutls_record_send()`. What is failing is the `epoch_get_slot` function ``` Epoch 18 out of range (idx: 16, max: 16) ``` IIUC, this suggests that `_gnutls_epoch_gc` is no longer working correctly, now that this MR has split the rekeying of sending vs receiving keys, when you have very asymmetric data flows. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643460573 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 22 14:01:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 22 Jul 2025 12:01:20 +0000 Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic (!1990) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643523459 Thank you; indeed, if the client sends a KeyUpdate without expecting a reply, it should mark the previous write epoch as inactive, so it can be garbage collected. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643523459 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 23 07:00:12 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Jul 2025 05:00:12 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !1991 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 23 10:32:43 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 23 Jul 2025 08:32:43 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: All discussions on merge request !1991 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 24 13:25:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Jul 2025 11:25:05 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2648475204 @asosedkin thank you for the review and suggestions! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2648475204 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 24 13:25:15 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Jul 2025 11:25:15 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of builds (!1991) In-Reply-To: References: Message-ID: Merge request !1991 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 Project:Branches: dueno/gnutls:wip/dueno/ci-optimize to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Jul 24 23:51:09 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 24 Jul 2025 21:51:09 +0000 Subject: [gnutls-devel] GnuTLS | lib/psk: Add gnutls_psk_allocate_{client, server}_credentials2 (!1992) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992 Project:Branches: dueno/gnutls:wip/hare1712/psk-sha384 to gnutls/gnutls:master Author: Daiki Ueno Add new functions gnutls_psk_allocate_client_credentials2() and gnutls_psk_allocate_server_credentials2() which allow to specify the hash algorithm for the PSK. This fixes a bug in the current implementation where the binder is always calculated with SHA256. Fixes: #386 Supersedes: !1939 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 25 09:23:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Jul 2025 07:23:44 +0000 Subject: [gnutls-devel] libtasn1 | ci: Use debian10 from EOL repo. (!119) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119 Branches: ci-fix-debian10 to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 25 09:24:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Jul 2025 07:24:28 +0000 Subject: [gnutls-devel] libtasn1 | ci: Use debian10 from EOL repo. (!119) In-Reply-To: References: Message-ID: Merge request !119 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119 Branches: ci-fix-debian10 to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 25 09:38:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Jul 2025 07:38:30 +0000 Subject: [gnutls-devel] GnuTLS | lib/psk: Add gnutls_psk_allocate_{client, server}_credentials2 (!1992) In-Reply-To: References: Message-ID: Merge request !1992 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992 Project:Branches: dueno/gnutls:wip/hare1712/psk-sha384 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Jul 25 09:38:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 25 Jul 2025 07:38:20 +0000 Subject: [gnutls-devel] GnuTLS | lib/psk: Add gnutls_psk_allocate_{client, server}_credentials2 (!1992) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992#note_2650436079 Merging without approval, as the patch has already been reviewed in !1939. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992#note_2650436079 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:17:28 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:17:28 +0000 Subject: [gnutls-devel] GnuTLS | Fix memleaks and handle allocation error (!1993) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993 Project:Branches: dueno/gnutls:wip/purdue-university1/memleaks to gnutls/gnutls:master Author: Daiki Ueno This includes the following fixes from Jiasheng Jiang, origianlly in !1981, !1982, !1983, !1984, !1985, !1986, and !1956. * Replace with statically allocated buffer Replace with statically allocated buffer to avoid potential NULL pointer dereference. Fixes: 1fb6d1b5 ("fips140-2: moved PCT-test in wrap_nettle_generate_keys") * lib/hello_ext.c: Add check for gnutls_strdup() Add check for the return value of gnutls_strdup() to avoid potential NULL pointer dereference. Fixes: 5bba569b4 ("gnutls_session_ext_register: keep track of extension name") * lib/file.c: Add check for gnutls_malloc() Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference. Fixes: d1428c0f9 ("helper.c -> file.c") * lib/ext/srp.c: Add gnutls_free() to avoid memory leak Add gnutls_free() to free priv->username if the allocation of priv->password fails to avoid memory leak. Moreover, replace "return" with "goto" to avoid memory leak. Fixes: a1a15422 ("Fixes and memory leak elimination in SRP authentication.") * lib/ext/srp.c: Add gnutls_free() in the error path Add gnutls_free() in the error path to avoid potential memory leak if BUFFER_POP_DATUM fails. Fixes: 8b038ab97 ("The auth_ and ext_ files were moved to respective directories.") * lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths Add gnutls_free() and gnutls_pcert_deinit() in the error paths to avoid potential memory leak. Fixes: 565efaeac ("Implemented support for raw public-key functionality (RFC7250).") * fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc() Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference. Fixes: 5bb8a18b0 ("fuzzer: Initial check in for improved fuzzing") ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:17:49 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:17:49 +0000 Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc() (!1981) In-Reply-To: References: Message-ID: Merge request !1981 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981 Project:Branches: purdue-university1/gnutls:patch16 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:18:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:18:42 +0000 Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc() (!1981) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981#note_2652919890 Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981#note_2652919890 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:18:44 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:18:44 +0000 Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc() (!1981) In-Reply-To: References: Message-ID: Merge request !1981 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981 Project:Branches: purdue-university1/gnutls:patch16 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:19:05 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:19:05 +0000 Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982) In-Reply-To: References: Message-ID: Merge request !1982 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982 Project:Branches: purdue-university1/gnutls:patch17 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:19:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:19:13 +0000 Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982#note_2652920743 Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982#note_2652920743 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:19:13 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:19:13 +0000 Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982) In-Reply-To: References: Message-ID: Merge request !1982 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982 Project:Branches: purdue-university1/gnutls:patch17 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:19:27 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:19:27 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the error path (!1983) In-Reply-To: References: Message-ID: Merge request !1983 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983 Project:Branches: purdue-university1/gnutls:patch18 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:19:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:19:31 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the error path (!1983) In-Reply-To: References: Message-ID: Merge request !1983 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983 Project:Branches: purdue-university1/gnutls:patch18 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:19:31 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:19:31 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the error path (!1983) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983#note_2652921334 Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983#note_2652921334 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:19:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:19:52 +0000 Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for gnutls_malloc() (!1984) In-Reply-To: References: Message-ID: Merge request !1984 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984 Project:Branches: purdue-university1/gnutls:patch19 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:01 +0000 Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for gnutls_malloc() (!1984) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984#note_2652922300 Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984#note_2652922300 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:01 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:01 +0000 Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for gnutls_malloc() (!1984) In-Reply-To: References: Message-ID: Merge request !1984 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984 Project:Branches: purdue-university1/gnutls:patch19 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:16 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:16 +0000 Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for gnutls_strdup() (!1985) In-Reply-To: References: Message-ID: Merge request !1985 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985 Project:Branches: purdue-university1/gnutls:patch20 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:20 +0000 Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for gnutls_strdup() (!1985) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985#note_2652922909 Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985#note_2652922909 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:19 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:19 +0000 Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for gnutls_strdup() (!1985) In-Reply-To: References: Message-ID: Merge request !1985 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985 Project:Branches: purdue-university1/gnutls:patch20 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:47 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:47 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for gnutls_malloc() (!1986) In-Reply-To: References: Message-ID: Merge request !1986 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986 Project:Branches: purdue-university1/gnutls:patch21 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:48 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:48 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for gnutls_malloc() (!1986) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2652923914 Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2652923914 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:20:58 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:20:58 +0000 Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for gnutls_malloc() (!1986) In-Reply-To: References: Message-ID: Merge request !1986 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986 Project:Branches: purdue-university1/gnutls:patch21 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:21:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:21:29 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Merge request !1956 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 Project:Branches: purdue-university1/gnutls:patch6 to gnutls/gnutls:master Author: Jiasheng Jiang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:21:29 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:21:29 +0000 Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to avoid memory leak (!1956) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2652925333 Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2652925333 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:22:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:22:25 +0000 Subject: [gnutls-devel] GnuTLS | Fix memleaks and handle allocation error (!1993) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993#note_2652927412 Merging this without approval, as the changes have already been reviewed in the original MRs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993#note_2652927412 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:22:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:22:55 +0000 Subject: [gnutls-devel] GnuTLS | Fix memleaks and handle allocation error (!1993) In-Reply-To: References: Message-ID: Merge request !1993 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993 Project:Branches: dueno/gnutls:wip/purdue-university1/memleaks to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:54:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:54:06 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1994) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994 Project:Branches: dueno/gnutls:wip/apteryks/portability-improvements to gnutls/gnutls:master Author: Daiki Ueno This includes the following fixes from @apteryks, originally filed as !1964. * tests: Remove dependency on `which' command. * tests: Lookup softhsm tools from PATH. * Makefile.am: Hint at libdane requirement for distcheck target. * scripts: Use /usr/bin/env for more portable shebangs. ## Checklist * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:55:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:55:20 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2652986574 Sorry, we are facing some limitations in the CI pipeline; I've filed a new MR (!1994) to work around that. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2652986574 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 06:55:21 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 04:55:21 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1964) In-Reply-To: References: Message-ID: Merge request !1964 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964 Project:Branches: apteryks/gnutls:portability-improvements to gnutls/gnutls:master Author: Maxim Cournoyer Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 10:08:51 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 08:08:51 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1994) In-Reply-To: References: Message-ID: Merge request !1994 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994 Project:Branches: dueno/gnutls:wip/apteryks/portability-improvements to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 10:08:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 08:08:42 +0000 Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable shebangs. (!1994) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994#note_2653317475 Merging without approval, as the original MR has already been reviewed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994#note_2653317475 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 10:13:37 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 08:13:37 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2653329917 > exit 77 > fi > > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then Right, let's split the `if` for brotli and zstd. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2653329917 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 10:13:38 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 08:13:38 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: All discussions on merge request !1980 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 16:03:30 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 14:03:30 +0000 Subject: [gnutls-devel] libtasn1 | Fix CI (!120) References: Message-ID: Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120 Branches: ci-fix-winnt to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 16:04:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 14:04:06 +0000 Subject: [gnutls-devel] libtasn1 | Fix CI (!120) In-Reply-To: References: Message-ID: Merge request !120 was merged Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120 Branches: ci-fix-winnt to master Author: Simon Josefsson -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 18:46:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 16:46:55 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2654631991 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2654631991 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 18:46:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 16:46:55 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Merge request !1980 was approved by Andreas Metzler Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Andreas Metzler -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Jul 28 18:46:55 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 16:46:55 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: All discussions on merge request !1980 were resolved by Andreas Metzler https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 00:09:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 22:09:50 +0000 Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980) In-Reply-To: References: Message-ID: Merge request !1980 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignee: Daiki Ueno Reviewer: Andreas Metzler -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 00:09:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 22:09:50 +0000 Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite error with 3.8.10 (#1721) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1980 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1980) Issue #1721: https://gitlab.com/gnutls/gnutls/-/issues/1721 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 00:27:57 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 22:27:57 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1987) In-Reply-To: References: Message-ID: Merge request !1987 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987 Project:Branches: fundawang/gnutls:master to gnutls/gnutls:master Author: fundawang Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 00:31:33 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 28 Jul 2025 22:31:33 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1987) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655105498 @fundawang thank you, the change looks good to me. Could you add `Signed-off-by:` to the commit message so we can merge it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655105498 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 08:43:36 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 06:43:36 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1995) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995 Project:Branches: dueno/gnutls:wip/fundawang/sanity-lib to gnutls/gnutls:master Author: Daiki Ueno * tests: only do sanity-lib test when tpm-tss is dlopened Signed-off-by: Funda Wang ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 08:46:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 06:46:24 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1987) In-Reply-To: References: Message-ID: Merge request !1987 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987 Project:Branches: fundawang/gnutls:master to gnutls/gnutls:master Author: fundawang Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 08:46:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 06:46:24 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1987) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655557539 Thank you for the update; due to the recent CI limitation, I've created a separate MR with the identical content at !1995. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655557539 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 08:47:06 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 06:47:06 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1995) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995#note_2655559019 Merging without approval, as the original MR has already been reviewed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995#note_2655559019 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 08:47:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 06:47:14 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1995) In-Reply-To: References: Message-ID: Merge request !1995 was set to auto-merge by Daiki Ueno Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995 Project:Branches: dueno/gnutls:wip/fundawang/sanity-lib to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 12:47:20 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 10:47:20 +0000 Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss is dlopened (!1995) In-Reply-To: References: Message-ID: Merge request !1995 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995 Project:Branches: dueno/gnutls:wip/fundawang/sanity-lib to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 12:47:22 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 10:47:22 +0000 Subject: [gnutls-devel] GnuTLS | test sanity-lib.sh failed if gnutls 3.8.10 is built with linked tpm2-tss (#1722) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !1995 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1995) Issue #1722: https://gitlab.com/gnutls/gnutls/-/issues/1722 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1722 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 15:36:50 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 13:36:50 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/tpm2/callbacks/hash/hash_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656617281 > #include "config.h" > > +#include "gnutls_int.h" I guess this is no longer needed? -- Daiki Ueno started a new discussion on lib/tpm2/callbacks/esys_crypto_callbacks.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656617314 > +#else > +/* Crypto callbacks not supported - provide empty inline implementation */ > +static inline int _gnutls_setup_tss2_callbacks(ESYS_CONTEXT *ctx) { return 0; } Instead of providing a stub implementation of this internal function, I would rather add `#ifdef` ... `#endif` to the caller so it only calls `_gnutls_setup_tss2_callbacks` when crypto callbacks are usable. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Jul 29 15:41:24 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 29 Jul 2025 13:41:24 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656633264 > CFLAGS="$save_CFLAGS" > ]) > > +AS_IF([test -n "$tss2lib"], [ > + # Check for Esys_SetCryptoCallbacks availability > + save_LIBS=$LIBS > + save_CFLAGS=$CFLAGS > + LIBS="$LIBS $TSS2_ESYS_LIBS" > + CFLAGS="$CFLAGS $TSS2_ESYS_CFLAGS" > + AC_CHECK_DECL([Esys_SetCryptoCallbacks], [ > + AC_DEFINE([HAVE_ESYS_SETCRYPTOCALLBACKS], 1, [Define if Esys_SetCryptoCallbacks is available]) > + ], [], [[#include ]]) Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656633264 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 30 07:03:14 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Jul 2025 05:03:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Merge request !1988 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 Project:Branches: devkdas/gnutls:fix-#1724 to gnutls/gnutls:master Author: Karthik Das Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 30 07:03:25 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Jul 2025 05:03:25 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: All discussions on merge request !1988 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 30 07:05:36 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Jul 2025 05:05:36 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657957265 Thank you @devkdas, it looks good to me! Would it be possible to squash the commits and add a `Signed-off-by:` line in the commit message so we can merge it? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657957265 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 30 07:47:32 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Jul 2025 05:47:32 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657989776 @dueno Pipeline is not running. This job is stuck because of one of the following problems. There are no active runners online, no runners for the protected branch, or no runners that match all of the job's tags: gnutls Go to project CI settings Am I missing anything? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657989776 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 30 08:53:52 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Jul 2025 06:53:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Karthik Das commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658073285 I used webIDE to fix this issue and I was not able to rebase as it dosen't have terminal support. Shall I close this PR and re-open new PR with same changes from new branch and with a single commit and adding a `Signed-off-by:` line in the commit message ? @dueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658073285 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Jul 30 12:02:42 2025 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 30 Jul 2025 10:02:42 +0000 Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658535466 We are currently facing some limitation in GitLab CI, where it can run on forks owned by the project members. I can clone this MR, but to credit you correctly, we need a `Signed-off-by:` in the commit. -- Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658535507 Looks like the web IDE still doesn't [support](https://gitlab.com/gitlab-org/gitlab/-/issues/368890) `Signed-off-by:`, so I would rather suggest doing it manually and attach the patch here, with the following steps: ```console cd /tmp git clone --depth=1 https://gitlab.com/gnutls/gnutls.git cd gnutls wget https://gitlab.com/gnutls/gnutls/-/merge_requests/1988.patch patch -p1 < 1988.patch git add -u git commit -s -m "build: check if Esys_SetCryptoCallbacks is available" git format-patch -1 ``` and then attach the generated patch to a comment here. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: