From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:39:24 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:39:24 +0000
Subject: [gnutls-devel] GnuTLS | tests/tls13-early-data-neg2: avoid a
 small memory leak (!1969)
In-Reply-To: <merge_request_394205991@gitlab.com>
References: <reply-f2e1f8fbf5d776528e384d6b27b65909@gitlab.com>
 <merge_request_394205991@gitlab.com>
Message-ID: <mailman.6243.1751380828.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on tests/tls13-early-data-neg2.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596816622

 >  
 >  		if (t < 2) {
 >  			/* get the session data size */
 > +			if (session_data.data)
 > +				gnutls_free(session_data.data);

I would prefer calling `gnutls_free` unconditionally without the check.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596816622
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/7d8cf743/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:43:08 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:43:08 +0000
Subject: [gnutls-devel] GnuTLS | tests/tls13-early-data-neg2: avoid a
 small memory leak (!1969)
In-Reply-To: <merge_request_394205991@gitlab.com>
References: <reply-71652e2e249c6d56c1e182e6e6bb3b17@gitlab.com>
 <merge_request_394205991@gitlab.com>
Message-ID: <mailman.6246.1751381053.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on tests/tls13-early-data-neg2.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596830985

 >  					fail("client: unexpected non-zero value of max_early_data_size = %d\n",
 >  					     (int)gnutls_record_get_max_early_data_size(
 >  						     session));
 > -				if (gnutls_record_send_early_data(
 > -					    session, EARLY_MSG,
 > -					    sizeof(EARLY_MSG)) >= 0)
 > +				do {
 > +					ret = gnutls_record_send_early_data(
 > +						session, EARLY_MSG,
 > +						sizeof(EARLY_MSG));
 > +				} while (ret == GNUTLS_E_AGAIN ||

I wonder if this test could be rewritten without fork, so such check would be not necessary in the first place.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1969#note_2596830985
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/abafdba3/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:44:30 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:44:30 +0000
Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to
 avoid memory leak (!1963)
In-Reply-To: <merge_request_384132145@gitlab.com>
References: <reply-77418408e304dbad4a68e88d9da1fe52@gitlab.com>
 <merge_request_384132145@gitlab.com>
Message-ID: <mailman.6247.1751381128.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1963 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1963

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/1d790b0e/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:44:15 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:44:15 +0000
Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to
 avoid memory leak (!1963)
In-Reply-To: <merge_request_384132145@gitlab.com>
References: <reply-b59f725d01825ddc0e642be42d772481@gitlab.com>
 <merge_request_384132145@gitlab.com>
Message-ID: <mailman.6248.1751381136.18299.gnutls-devel@lists.gnutls.org>



Merge request !1963 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963
Project:Branches: JiashengJiang/gnutls:patch13 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/84789cb8/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:44:34 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:44:34 +0000
Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to
 avoid memory leak (!1963)
In-Reply-To: <merge_request_384132145@gitlab.com>
References: <reply-83c07888edaa5e5c10ca2dda8fb9b9cf@gitlab.com>
 <merge_request_384132145@gitlab.com>
Message-ID: <mailman.6252.1751381145.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963#note_2596837838


Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963#note_2596837838
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/dcd9bf9e/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:45:12 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:45:12 +0000
Subject: [gnutls-devel] GnuTLS | src/danetool.c: Free str on error to
 avoid memory leak (!1963)
In-Reply-To: <merge_request_384132145@gitlab.com>
References: <reply-e2bf0a031d431a115ec27208640e10e8@gitlab.com>
 <merge_request_384132145@gitlab.com>
Message-ID: <mailman.6253.1751381149.18299.gnutls-devel@lists.gnutls.org>



Merge request !1963 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963
Project:Branches: JiashengJiang/gnutls:patch13 to gnutls/gnutls:master
Author: Jiasheng Jiang

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1963
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/4b695e64/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:48:06 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:48:06 +0000
Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system profile
 fallback (!1971)
References: <reply-138fb2e4f4cd16fd8b096feed3c60d0c@gitlab.com>
Message-ID: <mailman.6254.1751381321.18299.gnutls-devel@lists.gnutls.org>



Daniel P_ Berrang? created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971

Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master
Author:   Daniel P_ Berrang?




Docs for the system profile fallback syntax accidentally repeated
the "@" marker before each keyword. The "@" marker only indicates
the start of the profile field, and individual names are merely
separated by a comma, per the impl in 6b6d9dd44e.

Fixes 6f425b0fd7d860e9d78b7ba0d9c4d3165d824d7c

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/b4bce9ef/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:54:16 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:54:16 +0000
Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system
 profile fallback (!1971)
In-Reply-To: <merge_request_395389875@gitlab.com>
References: <reply-1b7a98966cab60333885acd631521996@gitlab.com>
 <merge_request_395389875@gitlab.com>
Message-ID: <mailman.6255.1751381689.18299.gnutls-devel@lists.gnutls.org>



Merge request !1971 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971
Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master
Author: Daniel P_ Berrang?
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/928009b1/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:54:25 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:54:25 +0000
Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system
 profile fallback (!1971)
In-Reply-To: <merge_request_395389875@gitlab.com>
References: <reply-74ce945ea37ef1d0c49fedacbe828a49@gitlab.com>
 <merge_request_395389875@gitlab.com>
Message-ID: <mailman.6258.1751381727.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971#note_2596885556


Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971#note_2596885556
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/c4df398c/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  1 16:54:56 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 01 Jul 2025 14:54:56 +0000
Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system
 profile fallback (!1971)
In-Reply-To: <merge_request_395389875@gitlab.com>
References: <reply-d1a1e39c8853e9128cd8594c775d00c8@gitlab.com>
 <merge_request_395389875@gitlab.com>
Message-ID: <mailman.6259.1751381758.18299.gnutls-devel@lists.gnutls.org>



Merge request !1971 was set to auto-merge by Daiki Ueno
Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971
Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master
Author: Daniel P_ Berrang?
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250701/080e108b/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  2 11:44:50 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 09:44:50 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA private
 keys in CHOICE format (!1972)
References: <reply-ad36744c3db35b92d499ed0ab5ae78fb@gitlab.com>
Message-ID: <mailman.6274.1751449554.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972

Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup2 to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This extends the acceptable formats of ML-DSA private keys to the
three formats defined in draft-ietf-lamps-dilithium-certificates-12,
section 6, namely: "seed", "expandedKey", and "both". The legacy
format compatible with liboqs/oqsprovider is still accepted and the
default output format for now.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/da651362/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  2 12:09:56 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 10:09:56 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-4a2c42f775da55cf537e24feb0eb5aa1@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6279.1751451084.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598449985

 >  		}
 >  	}
 >  
 > +	/* Append an empty publicKey field.
 > +	 */
 > +	result = asn1_write_value(*pkey_info, "publicKey", NULL, 0);

I don't think it's mandatory to include it...
I'm pretty sure that the test vectors don't have it...

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598449985
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/ee1ace25/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  2 12:15:39 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 10:15:39 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-8ffda21ff06681147e695d609f81a21a@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6280.1751451372.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) started a new discussion on lib/gnutls.asn: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598466472

 >      privkey         OCTET STRING
 >  }
 >  
 > +-- Legacy private key format defined in
 > +-- draft-ietf-lamps-dilithium-certificates-04, section 6

it's not that either, as the liboqs format puts both the private key and public key in the `privateKey` field?

Or will gnutls allow a fifth format?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598466472
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/cb04ebf5/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  2 12:17:11 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 10:17:11 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-fc2878d67f70825691fdfae7976be56b@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6281.1751451464.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598470657


I do see test keys, but how do we verify that all three result in the same expanded key after loading?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598470657
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/3b56fa63/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  2 12:59:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 10:59:20 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <note_2598449985@gitlab.com>
References: <reply-c521221fbfbd929453d05bb2257ffa02@gitlab.com>
 <merge_request_395591165@gitlab.com> <note_2598449985@gitlab.com>
Message-ID: <mailman.6286.1751454025.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598574402

 >  		}
 >  	}
 >  
 > +	/* Append an empty publicKey field.
 > +	 */
 > +	result = asn1_write_value(*pkey_info, "publicKey", NULL, 0);

This does not affect the output format, but just indicates that the "publicKey" field is empty.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598574402
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/095823ea/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  2 13:01:08 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 11:01:08 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <note_2598466472@gitlab.com>
References: <reply-644217e49ed306a51175956f9241d624@gitlab.com>
 <merge_request_395591165@gitlab.com> <note_2598466472@gitlab.com>
Message-ID: <mailman.6287.1751454138.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/gnutls.asn: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598578440

 >      privkey         OCTET STRING
 >  }
 >  
 > +-- Legacy private key format defined in
 > +-- draft-ietf-lamps-dilithium-certificates-04, section 6

That depends on whether the "version" field is 0 or 1. If 0, we used to concatenate a private key and a public key; if it is 1, a public key was stored in a separate field.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2598578440
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/6764fbb7/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  2 13:01:08 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 11:01:08 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-e38ca12f4d28577884d23466ff9aac30@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6288.1751454146.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1972 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1972

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/604cf496/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 01:51:39 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 23:51:39 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <note_2598470657@gitlab.com>
References: <reply-222ca3fa09d15482db65c7907850b723@gitlab.com>
 <merge_request_395591165@gitlab.com> <note_2598470657@gitlab.com>
Message-ID: <mailman.6337.1751500404.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2600059541


Oh, I forgot to commit the changes to tests/mldsa.sh. Should now be there.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2600059541
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/8db0843f/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 01:52:48 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 23:52:48 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-a9b53b37b40216eb1b62529b1e6d2f12@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6338.1751500426.18299.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1972

https://gitlab.com/gnutls/gnutls/-/merge_requests/1972

Daiki Ueno was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/b79b7064/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 01:53:05 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 23:53:05 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-95eef1b7ba4ac0ce6364ba17a6e8a2dc@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6339.1751500459.18299.gnutls-devel@lists.gnutls.org>



Alicja Kario (@mention me if you need reply) was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/2e2ad703/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 01:53:16 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 02 Jul 2025 23:53:16 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-64010ad2f28396b6c6b747c5e2ea7fed@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6340.1751500463.18299.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.10 (Feb 7, 2025?Jul 31, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/48 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250702/59f3d4f0/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 02:07:35 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 00:07:35 +0000
Subject: [gnutls-devel] GnuTLS | doc: fix typo in docs about system
 profile fallback (!1971)
In-Reply-To: <merge_request_395389875@gitlab.com>
References: <reply-60b293cb0270b2ad8b9303a6ea1ccbdb@gitlab.com>
 <merge_request_395389875@gitlab.com>
Message-ID: <mailman.6342.1751501351.18299.gnutls-devel@lists.gnutls.org>



Merge request !1971 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971
Project:Branches: berrange/gnutls:keyword-typo to gnutls/gnutls:master
Author: Daniel P_ Berrang?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1971
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/7b9a6d73/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 09:11:12 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 07:11:12 +0000
Subject: [gnutls-devel] GnuTLS | Draft: pubkey: fix byte/bit confusion in
 public key sizes of ML-DSA (!1973)
References: <reply-12e46a9d93a907e75b0e10e220bb191f@gitlab.com>
Message-ID: <mailman.6350.1751526737.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973

Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This is an encoding counterpart of !1972.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/47d17ff8/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 09:17:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 07:17:18 +0000
Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-4765b1652c3fd914d7dd6553f51a4b22@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6353.1751527082.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno marked merge request !1973 as draft

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/260e6fda/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 12:42:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 10:42:55 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-2c287c6f93d5c81e4a701ef980689b30@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6355.1751539413.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2601164994


LGTM

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972#note_2601164994
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/abc76622/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 12:42:54 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 10:42:54 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-2f6ef57b2acbd752150b325edc2c4ee8@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6356.1751539416.18299.gnutls-devel@lists.gnutls.org>



Merge request !1972 was approved by Alicja Kario (@mention me if you need reply)
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup2 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Alicja Kario (@mention me if you need reply)

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/64ce36b9/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 12:58:12 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 10:58:12 +0000
Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-60644885dc66d3cbf5a3ce4a135c02cd@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6357.1751540332.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 was reviewed by Alicja Kario (@mention me if you need reply)

--
  
Alicja Kario (@mention me if you need reply) started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2601200960

 > +	 * parse it manually */
 > +	if (raw_key->size == 34 && raw_key->data[0] == 0x80 &&
 > +	    raw_key->data[1] == 0x20) {

this is more on the level of a nit than an actual issue, but I think it would be nicer to check if the first byte is `0x80` as that indicates that this is the `[0]` context-specific implicit tag, and only then check for length, and reject it if it is wrong, with a more specific error message


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/b3f485bb/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 12:58:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 10:58:13 +0000
Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-564921d796641b7d93839893464da489@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6360.1751540341.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2601201014


LGTM, with the exception of that one nit

I haven't checked if the test vectors match the drafts or if it interoperates with openssl though

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2601201014
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/e000713c/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 12:58:12 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 10:58:12 +0000
Subject: [gnutls-devel] GnuTLS | Draft: x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-6494ed870e86daa79216b27a408aef81@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6361.1751540355.18299.gnutls-devel@lists.gnutls.org>



Merge request !1973 was approved by Alicja Kario (@mention me if you need reply)
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/0cece45f/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 22:16:43 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 20:16:43 +0000
Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust store
 configuration (#1720)
References: <reply-b94d1b329a85f302e09d7edc4aab1e74@gitlab.com>
Message-ID: <mailman.6388.1751573868.18299.gnutls-devel@lists.gnutls.org>



Sam Morris created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1720



## Description of the feature:
It would be useful if `gnutls-cli --list-config` would show what trust store option GnuTLS was configured with. Something like:

```
default-trust-store-pkcs11: pkcs11:
```

or

```
default-trust-store-file: /etc/ssl/certs/ca-certificates.crt
```

and so on.

## Applications that this feature may be relevant to:
User-facing feature. When I am configuring systems it's useful to be able to check how various TLS libraries are configured.

## Is this feature implemented in other libraries (and which)
N/A

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/8c9dcba7/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 22:51:56 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 20:51:56 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-1eb61c4eb1ac609e83375033be63e795@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6391.1751575950.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1972 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1972

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/a490c3ec/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul  3 23:14:21 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 03 Jul 2025 21:14:21 +0000
Subject: [gnutls-devel] GnuTLS | x509: support decoding of ML-DSA
 private keys in CHOICE format (!1972)
In-Reply-To: <merge_request_395591165@gitlab.com>
References: <reply-bf60c18b8cd5480321b6a2429e7e3fb5@gitlab.com>
 <merge_request_395591165@gitlab.com>
Message-ID: <mailman.6392.1751577324.18299.gnutls-devel@lists.gnutls.org>



Merge request !1972 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup2 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Alicja Kario (@mention me if you need reply)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1972
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250703/9de8ce25/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 05:51:30 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 03:51:30 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-5b8fca323eea21ad83b126a159370378@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6404.1751601154.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno marked merge request !1973 as ready

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/5075aaeb/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 05:52:40 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 03:52:40 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <note_2601201014@gitlab.com>
References: <reply-ce5951210e9ac55dc2ad47f7e86850bb@gitlab.com>
 <merge_request_395887520@gitlab.com> <note_2601201014@gitlab.com>
Message-ID: <mailman.6405.1751601193.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602647220


Added some roundtrip tests

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602647220
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/4b3e6c01/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 06:37:58 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 04:37:58 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-437653316a32ea13a5c367cafbcb0bfa@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6406.1751603911.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1973 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1973

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/b5e6743d/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 06:37:57 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 04:37:57 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <note_2601200960@gitlab.com>
References: <reply-25253b60f28d9aaea043bb807d9c8ea5@gitlab.com>
 <merge_request_395887520@gitlab.com> <note_2601200960@gitlab.com>
Message-ID: <mailman.6407.1751603919.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602678535

 >  	return ret;
 >  }
 >  
 > +static int decode_ml_dsa_inner_private_key(const gnutls_datum_t *raw_key,
 > +					   size_t raw_pub_size,
 > +					   size_t raw_priv_size,
 > +					   gnutls_x509_privkey_t pkey)
 > +{
 > +	int ret;
 > +	asn1_node inner_asn = NULL;
 > +
 > +	/* libtasn1 doesn't support encoding instructions in CHOICE,
 > +	 * parse it manually */
 > +	if (raw_key->size == 34 && raw_key->data[0] == 0x80 &&
 > +	    raw_key->data[1] == 0x20) {

I'm afraid that would make the control flow complicated as the other alternatives in the CHOICE is handled in the `else` branch. I'd leave it as is.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2602678535
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/fdd95301/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 08:39:31 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 06:39:31 +0000
Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to ML-DSA
 signature algorithms (!1974)
References: <reply-338a743cef014d825d0598237d581c82@gitlab.com>
Message-ID: <mailman.6410.1751611235.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974

Project:Branches: dueno/gnutls:wip/dueno/mldsa-tls-fixes to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

The _gnutls_sign_get_hash_strength function previously returned 0 for
ML-DSA algorithms, preventing the security level check in certificate
signatures. This assigns the collision strength for commitment hashes,
as defined in FIPS 204, section 4, table 1.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/750d5420/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 08:57:33 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 06:57:33 +0000
Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to
 ML-DSA signature algorithms (!1974)
In-Reply-To: <merge_request_396175425@gitlab.com>
References: <reply-d51567f475a29e6c8e734feaca2b99b3@gitlab.com>
 <merge_request_396175425@gitlab.com>
Message-ID: <mailman.6411.1751612305.18299.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1974

https://gitlab.com/gnutls/gnutls/-/merge_requests/1974

Daiki Ueno was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/85af3621/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 08:57:32 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 06:57:32 +0000
Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to
 ML-DSA signature algorithms (!1974)
In-Reply-To: <merge_request_396175425@gitlab.com>
References: <reply-b08d6fba1a31192b4f6b713e08b65260@gitlab.com>
 <merge_request_396175425@gitlab.com>
Message-ID: <mailman.6412.1751612320.18299.gnutls-devel@lists.gnutls.org>



Alicja Kario (@mention me if you need reply) was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/3ce229b0/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 08:57:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 06:57:55 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-6bbfa8dd715f478e1c0dddb92d7a3051@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6413.1751612337.18299.gnutls-devel@lists.gnutls.org>



Alicja Kario (@mention me if you need reply) was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/8fed787a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 08:57:58 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 06:57:58 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-5496153b0915b2d81d79bd9ce8e95157@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6416.1751612340.18299.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1973

https://gitlab.com/gnutls/gnutls/-/merge_requests/1973

Daiki Ueno was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/ae7d750a/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 10:39:15 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 08:39:15 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-53df438854cdd07ed9efa0aeb0c1aef8@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6418.1751618418.18299.gnutls-devel@lists.gnutls.org>



Merge request !1973 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Alicja Kario (@mention me if you need reply)

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/447507c7/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 10:39:41 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 08:39:41 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-6d222ef5082f28e09db3a6752b7a1ff6@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6419.1751618444.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603041167


Looks nice. No mistakes spotted.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603041167
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/751cacc0/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 10:52:53 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 08:52:53 +0000
Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to
 ML-DSA signature algorithms (!1974)
In-Reply-To: <merge_request_396175425@gitlab.com>
References: <reply-5bb19afc6e688a6fd1cf9e044898d287@gitlab.com>
 <merge_request_396175425@gitlab.com>
Message-ID: <mailman.6420.1751619237.18299.gnutls-devel@lists.gnutls.org>



Merge request !1974 was approved by Alicja Kario (@mention me if you need reply)
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974
Project:Branches: dueno/gnutls:wip/dueno/mldsa-tls-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Alicja Kario (@mention me if you need reply)

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/8af781c9/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 10:52:54 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 08:52:54 +0000
Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to
 ML-DSA signature algorithms (!1974)
In-Reply-To: <merge_request_396175425@gitlab.com>
References: <reply-a4b7ee41e3ab636ff017e810c187738c@gitlab.com>
 <merge_request_396175425@gitlab.com>
Message-ID: <mailman.6423.1751619245.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974#note_2603066655


LGTM

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974#note_2603066655
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/0cebb346/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 11:02:51 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 09:02:51 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-c00a3520e866933dededae5dff629520@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6424.1751619805.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1973 was reviewed by Alexander Sosedkin

--
  
Alexander Sosedkin started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089825

 > +
 > +	if (flags & GNUTLS_PKCS_MLDSA_SEED)
 > +		format |= 1 << 0;

maybe use enum values instead of magic constants?

--
  
Alexander Sosedkin started a new discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089835

 > +	ML_DSA_PRIVKEY_FORMAT_SEED,
 > +	ML_DSA_PRIVKEY_FORMAT_EXPANDED,
 > +	ML_DSA_PRIVKEY_FORMAT_BOTH

I'd find verifying `ML_DSA_PRIVKEY_FORMAT_BOTH == ML_DSA_PRIVKEY_FORMAT_EXPANDED | ML_DSA_PRIVKEY_FORMAT_SEED` easier if the numbers were spelled out.

--
  
Alexander Sosedkin started a new discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603089842

 > +          "long-option": "key-format",
 > +          "description": "Specify the key format to use on key generation",
 > +          "detail": "This option can be combined with --generate-privkey, to specify\nthe key format to be generated, when the key type is ML-DSA. Valid options are, 'seed', 'expanded', and 'both'.",

Should it error out when the key type is not ML-DSA? Just to reduce confusion and to not support ignoring it when it's not.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/0756c8f0/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 11:03:08 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 09:03:08 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-c3b1cf64ee61cfcca028d9fb352d82e9@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6425.1751619852.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603090423


still looks good :smile:

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603090423
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/97a877f6/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 11:16:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 09:16:55 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <note_2603140273@gitlab.com>
References: <reply-fc81586653a70e9b6f84e02122c54666@gitlab.com>
 <merge_request_395887520@gitlab.com> <note_2603089835@gitlab.com>
 <note_2603140273@gitlab.com>
Message-ID: <mailman.6428.1751620678.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/x509/privkey_pkcs8.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603142256

 >  #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
 >  #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
 >  
 > +typedef enum ml_dsa_privkey_format_t {
 > +	ML_DSA_PRIVKEY_FORMAT_UNKNOWN = 0,
 > +	ML_DSA_PRIVKEY_FORMAT_SEED,
 > +	ML_DSA_PRIVKEY_FORMAT_EXPANDED,
 > +	ML_DSA_PRIVKEY_FORMAT_BOTH

Good idea, rewrote in that way.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603142256
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/29eb771d/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 11:19:11 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 09:19:11 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-94f12e27f49968e2dc995730ea12d73e@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6429.1751620785.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1973 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1973

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/8a792773/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 11:19:14 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 09:19:14 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <note_2603089842@gitlab.com>
References: <reply-467c3e0de0d8965879554b0ec451356c@gitlab.com>
 <merge_request_395887520@gitlab.com> <note_2603089842@gitlab.com>
Message-ID: <mailman.6430.1751620787.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on src/certtool-options.json: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005

 >            "detail": "This option can be combined with --generate-privkey, to specify\nthe key type to be generated. Valid options are, 'rsa', 'rsa-pss', 'rsa-oaep', 'dsa', 'ecdsa', 'ed25519, 'ed448', 'x25519', and 'x448'.'.\nWhen combined with certificate generation it can be used to specify an\nRSA-PSS certificate when an RSA key is given.",
 >            "argument-type": "string"
 >          },
 > +        {
 > +          "long-option": "key-format",
 > +          "description": "Specify the key format to use on key generation",
 > +          "detail": "This option can be combined with --generate-privkey, to specify\nthe key format to be generated, when the key type is ML-DSA. Valid options are, 'seed', 'expanded', and 'both'.",

It would be too complicated to implement, as in some cases (e.g., `certtool -k`) the key type is known only after decoding the key itself. I'd leave it as-is, as most of the other options that don't take effect are simply ignored.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973#note_2603147005
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/a92ca03b/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 11:35:56 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 09:35:56 +0000
Subject: [gnutls-devel] GnuTLS | algorithms: assign hash strength to
 ML-DSA signature algorithms (!1974)
In-Reply-To: <merge_request_396175425@gitlab.com>
References: <reply-2780266ab6bf030cb5b4219d41f95ede@gitlab.com>
 <merge_request_396175425@gitlab.com>
Message-ID: <mailman.6433.1751621838.18299.gnutls-devel@lists.gnutls.org>



Merge request !1974 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974
Project:Branches: dueno/gnutls:wip/dueno/mldsa-tls-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Alicja Kario (@mention me if you need reply)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1974
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/2383d22f/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 13:49:04 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 11:49:04 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-b21f417a335a64d99ec07c5dfc1719af@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6434.1751629808.18299.gnutls-devel@lists.gnutls.org>



Merge request !1973 was approved by Alexander Sosedkin
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Alicja Kario (@mention me if you need reply)

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/2a0d6922/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul  4 14:13:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 04 Jul 2025 12:13:18 +0000
Subject: [gnutls-devel] GnuTLS | x509: support encoding of ML-DSA
 private keys in CHOICE format (!1973)
In-Reply-To: <merge_request_395887520@gitlab.com>
References: <reply-71104982e0eeb29fdcbd7b4994848045@gitlab.com>
 <merge_request_395887520@gitlab.com>
Message-ID: <mailman.6435.1751631260.18299.gnutls-devel@lists.gnutls.org>



Merge request !1973 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
Project:Branches: dueno/gnutls:wip/dueno/mldsa-followup3 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Alicja Kario (@mention me if you need reply)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1973
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250704/8b4bb818/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:01:11 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:01:11 +0000
Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider
 (!1975)
In-Reply-To: <merge_request_396368430@gitlab.com>
References: <reply-d68eb0778bee2a10bc549a3635bdf1f0@gitlab.com>
 <merge_request_396368430@gitlab.com>
Message-ID: <mailman.6466.1751673734.18299.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/68501d24/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:01:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:01:13 +0000
Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider
 (!1975)
References: <reply-70531e233cb67408fba0eb5b2507c6e9@gitlab.com>
Message-ID: <mailman.6469.1751673742.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975

Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-fixes to gnutls/gnutls:master
Author:   Daiki Ueno

Reviewer: Zolt?n Fridrich


<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* build: fix build with --with-included-libtasn1

As libminitasn1.la is always built a static library, linking it twice
makes linking fail because of duplicated symbols.

* pkcs11: stop including <nettle/bignum.h>

The header is unused and causing compile error on macOS homebrew:
```
  In file included from p11_pk.c:32:
  /opt/homebrew/Cellar/nettle/3.10.2/include/nettle/bignum.h:50:11: fatal error: 'gmp.h' file not found
  # include <gmp.h>
            ^~~~~~~
  1 error generated.
```
## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/6d42620e/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:47:17 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:47:17 +0000
Subject: [gnutls-devel] GnuTLS | src/common.c: Move gnutls_free() out of
 out lable to avoid double free (!1966)
In-Reply-To: <merge_request_387147656@gitlab.com>
References: <reply-a0f77d5597948aa6632c671c1659cbac@gitlab.com>
 <merge_request_387147656@gitlab.com>
Message-ID: <mailman.6470.1751676469.18299.gnutls-devel@lists.gnutls.org>



Merge request !1966 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966
Project:Branches: JiashengJiang/gnutls:patch14 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/68d46b18/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:47:30 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:47:30 +0000
Subject: [gnutls-devel] GnuTLS | src/common.c: Move gnutls_free() out of
 out lable to avoid double free (!1966)
In-Reply-To: <merge_request_387147656@gitlab.com>
References: <reply-9fbf559754abd92f67ba49acd123fc97@gitlab.com>
 <merge_request_387147656@gitlab.com>
Message-ID: <mailman.6471.1751676483.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966#note_2604423354


Closing as this seems like a non-issue.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1966#note_2604423354
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/458e50e2/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:48:51 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:48:51 +0000
Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback.c: Free p and
 certs on error to avoid memory leak (!1960)
In-Reply-To: <merge_request_384131831@gitlab.com>
References: <reply-647849fa658e808c05093c711dceea13@gitlab.com>
 <merge_request_384131831@gitlab.com>
Message-ID: <mailman.6472.1751676565.18299.gnutls-devel@lists.gnutls.org>



Merge request !1960 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1960
Project:Branches: JiashengJiang/gnutls:patch10 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/39d6ae87/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:49:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:49:10 +0000
Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback.c: Free p and
 certs on error to avoid memory leak (!1960)
In-Reply-To: <merge_request_384131831@gitlab.com>
References: <reply-7870be61296a86f05e4c3a61a40e57c6@gitlab.com>
 <merge_request_384131831@gitlab.com>
Message-ID: <mailman.6475.1751676614.18299.gnutls-devel@lists.gnutls.org>



Merge request !1960 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1960
Project:Branches: JiashengJiang/gnutls:patch10 to gnutls/gnutls:master
Author: Jiasheng Jiang

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1960
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/8d28779f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:49:58 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:49:58 +0000
Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback-ocsp.c: Free p
 and certs on error to avoid memory leak (!1958)
In-Reply-To: <merge_request_384130492@gitlab.com>
References: <reply-810f8efe15090879e25bd492bd03e125@gitlab.com>
 <merge_request_384130492@gitlab.com>
Message-ID: <mailman.6476.1751676631.18299.gnutls-devel@lists.gnutls.org>



Merge request !1958 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1958
Project:Branches: JiashengJiang/gnutls:patch8 to gnutls/gnutls:master
Author: Jiasheng Jiang

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1958
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/3546a033/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:49:48 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:49:48 +0000
Subject: [gnutls-devel] GnuTLS | tests/x509-cert-callback-ocsp.c: Free p
 and certs on error to avoid memory leak (!1958)
In-Reply-To: <merge_request_384130492@gitlab.com>
References: <reply-b82fe3c9942361bc46b9aa445f824a82@gitlab.com>
 <merge_request_384130492@gitlab.com>
Message-ID: <mailman.6477.1751676651.18299.gnutls-devel@lists.gnutls.org>



Merge request !1958 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1958
Project:Branches: JiashengJiang/gnutls:patch8 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/f63b7786/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:52:03 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:52:03 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <merge_request_383054299@gitlab.com>
References: <reply-a3b4b28d1d1a6d37e33d463f5b7ad8e6@gitlab.com>
 <merge_request_383054299@gitlab.com>
Message-ID: <mailman.6478.1751676756.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on lib/ext/srp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2604424109

 >  
 >  		priv->password = gnutls_strdup(cred->password);
 >  		if (priv->password == NULL) {
 > +			gnutls_free(priv->username);
 >  			gnutls_assert();

Not a fault of this MR, but shouldn't we also set `ret` here (e.g., `GNUTLS_E_MEMORY_ERROR`)?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2604424109
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/c895a404/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:54:27 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:54:27 +0000
Subject: [gnutls-devel] GnuTLS | lib/x509/x509_ext.c: Add gnutls_free()
 to avoid memory leak (!1954)
In-Reply-To: <merge_request_383029575@gitlab.com>
References: <reply-3b26f0ffb6b3a6519f9a0d924582cb04@gitlab.com>
 <merge_request_383029575@gitlab.com>
Message-ID: <mailman.6481.1751676899.18299.gnutls-devel@lists.gnutls.org>



Merge request !1954 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954
Project:Branches: JiashengJiang/gnutls:patch4 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/0122ec6e/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:55:12 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:55:12 +0000
Subject: [gnutls-devel] GnuTLS | lib/x509/x509_ext.c: Add gnutls_free()
 to avoid memory leak (!1954)
In-Reply-To: <merge_request_383029575@gitlab.com>
References: <reply-81a9bd2cace6ca90a3a164c57a146340@gitlab.com>
 <merge_request_383029575@gitlab.com>
Message-ID: <mailman.6482.1751676975.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954#note_2604424677


LGTM, thanks!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954#note_2604424677
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/b7eb39ed/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:55:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:55:20 +0000
Subject: [gnutls-devel] GnuTLS | lib/x509/x509_ext.c: Add gnutls_free()
 to avoid memory leak (!1954)
In-Reply-To: <merge_request_383029575@gitlab.com>
References: <reply-12fdb3b430b9f06dac48df688b5b4ce6@gitlab.com>
 <merge_request_383029575@gitlab.com>
Message-ID: <mailman.6483.1751676982.18299.gnutls-devel@lists.gnutls.org>



Merge request !1954 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954
Project:Branches: JiashengJiang/gnutls:patch4 to gnutls/gnutls:master
Author: Jiasheng Jiang

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1954
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/05d8f1b8/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:56:38 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:56:38 +0000
Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add gnutls_free() to
 avoid memory leak (!1955)
In-Reply-To: <merge_request_383048490@gitlab.com>
References: <reply-a781456232d7f742e1a310e0e92e8f32@gitlab.com>
 <merge_request_383048490@gitlab.com>
Message-ID: <mailman.6484.1751677029.18299.gnutls-devel@lists.gnutls.org>



Merge request !1955 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1955
Project:Branches: JiashengJiang/gnutls:patch5 to gnutls/gnutls:master
Author: Jiasheng Jiang

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1955
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/709bf881/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul  5 02:56:27 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 05 Jul 2025 00:56:27 +0000
Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add gnutls_free() to
 avoid memory leak (!1955)
In-Reply-To: <merge_request_383048490@gitlab.com>
References: <reply-3f46cb8e0740dd91dbd0f245a363945b@gitlab.com>
 <merge_request_383048490@gitlab.com>
Message-ID: <mailman.6487.1751677050.18299.gnutls-devel@lists.gnutls.org>



Merge request !1955 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1955
Project:Branches: JiashengJiang/gnutls:patch5 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250705/b426fb19/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Jul  6 17:33:50 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 06 Jul 2025 15:33:50 +0000
Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API
 [BASE+PSK] (!1976)
References: <reply-8098c0bd70b9c4dd97ada4234aaaab1c@gitlab.com>
Message-ID: <mailman.6542.1751816096.18299.gnutls-devel@lists.gnutls.org>



David Dudas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976

Project:Branches: d-Dudas/gnutls:dev/ddudas/hpke to gnutls/gnutls:master
Author:   David Dudas




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Porting HPKE - a new adaptation of !1749 by @poenix
* Expose HPKE through abstract key API - currently just base + psk.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [x] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250706/92ebd0d8/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 01:10:58 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 06 Jul 2025 23:10:58 +0000
Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust
 store configuration (#1720)
In-Reply-To: <issue_170041322@gitlab.com>
References: <reply-b19f891b4dfdc2403826d2b332cfb834@gitlab.com>
 <issue_170041322@gitlab.com>
Message-ID: <mailman.6558.1751843533.18299.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.10 (Feb 7, 2025?Jul 31, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/48 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250706/8dafe54f/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 01:10:54 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 06 Jul 2025 23:10:54 +0000
Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust
 store configuration (#1720)
In-Reply-To: <issue_170041322@gitlab.com>
References: <reply-eef4bb6e179f64067fc865661791eaff@gitlab.com>
 <issue_170041322@gitlab.com>
Message-ID: <mailman.6559.1751843537.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1720#note_2606447439


Thank you for the suggestion; that makes sense to me (and would be trivial to implement).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720#note_2606447439
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250706/fb9e28df/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 01:50:24 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 06 Jul 2025 23:50:24 +0000
Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API
 [BASE+PSK] (!1976)
In-Reply-To: <merge_request_396592980@gitlab.com>
References: <reply-2b23c92a558eefbf437cb5cd7adfc37b@gitlab.com>
 <merge_request_396592980@gitlab.com>
Message-ID: <mailman.6562.1751845888.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on lib/includes/gnutls/abstract.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2606457953

 >  			gnutls_certificate_print_formats_t format,
 >  			gnutls_datum_t *out);
 >  
 > +int gnutls_privkey_encap(gnutls_pubkey_t pkR, gnutls_datum_t psk,
 > +			 gnutls_hpke_mode_t mode, gnutls_pubkey_t *pkE,

Although this is suggested in the original issue, I would not hard-wire this API to HPKE, now that we also have ML-KEM. Perhaps `mode` could be turned into a flag, e.g., adding a `gnutls_pk_encapsulate_flags_t`? PSK might deserve a new API function though.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976#note_2606457953
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250706/dcdbd006/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 09:13:22 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 07:13:22 +0000
Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider
 (!1975)
In-Reply-To: <merge_request_396368430@gitlab.com>
References: <reply-8c202262fcdf7f92f55c94c5ab443e38@gitlab.com>
 <merge_request_396368430@gitlab.com>
Message-ID: <mailman.6564.1751872437.18299.gnutls-devel@lists.gnutls.org>



Merge request !1975 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975
Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewer: Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/7d6126f6/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 09:14:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 07:14:18 +0000
Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider
 (!1975)
In-Reply-To: <merge_request_396368430@gitlab.com>
References: <reply-ec55c0c02044b336c7fd11870b2f2385@gitlab.com>
 <merge_request_396368430@gitlab.com>
Message-ID: <mailman.6567.1751872522.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975#note_2607179250


Thanks for spotting these. Looks good.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975#note_2607179250
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/0c2e00d8/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 09:44:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 07:44:13 +0000
Subject: [gnutls-devel] GnuTLS | Minor build fixes for pkcs11-provider
 (!1975)
In-Reply-To: <merge_request_396368430@gitlab.com>
References: <reply-b1f819e68eaf52aeaa44eb9f1998cee0@gitlab.com>
 <merge_request_396368430@gitlab.com>
Message-ID: <mailman.6568.1751874287.18299.gnutls-devel@lists.gnutls.org>



Merge request !1975 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975
Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Reviewer: Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1975
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/5b609e37/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 10:10:48 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 08:10:48 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1977)
In-Reply-To: <merge_request_396777200@gitlab.com>
References: <reply-9d13f2e4219e8e5890c38d389713f2a5@gitlab.com>
 <merge_request_396777200@gitlab.com>
Message-ID: <mailman.6569.1751875882.18299.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1977

https://gitlab.com/gnutls/gnutls/-/merge_requests/1977

Zolt?n Fridrich was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/b5018433/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 10:10:50 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 08:10:50 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider
 (!1977)
References: <reply-411e6aed2e4d693baa582891dabe5cee@gitlab.com>
Message-ID: <mailman.6570.1751875891.18299.gnutls-devel@lists.gnutls.org>



Zolt?n Fridrich created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977

Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master
Author:   Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno


<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Add NEWS entry for the PKCS#11 provider

Signed-off-by: Zoltan Fridrich <zfridric at redhat.com>

* Add documentation for the pkcs#11-provider

Signed-off-by: Zoltan Fridrich <zfridric at redhat.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/6e1dee9b/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 10:10:48 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 08:10:48 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1977)
In-Reply-To: <merge_request_396777200@gitlab.com>
References: <reply-9ed3fab6d9c2c02cdd6f3d032d4562ec@gitlab.com>
 <merge_request_396777200@gitlab.com>
Message-ID: <mailman.6573.1751875910.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/bb8c277b/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 10:48:03 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 08:48:03 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1977)
In-Reply-To: <merge_request_396777200@gitlab.com>
References: <reply-c8aa614cc7298d8a459fbeaeeac728d0@gitlab.com>
 <merge_request_396777200@gitlab.com>
Message-ID: <mailman.6574.1751878121.18299.gnutls-devel@lists.gnutls.org>



Merge request !1977 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/0e6d7f50/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 10:48:11 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 08:48:11 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1977)
In-Reply-To: <merge_request_396777200@gitlab.com>
References: <reply-90ae61bbb6e6665057a36daf2ab6e42d@gitlab.com>
 <merge_request_396777200@gitlab.com>
Message-ID: <mailman.6575.1751878154.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2607597927


Thank you!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2607597927
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/8c0375d6/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 12:17:07 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 10:17:07 +0000
Subject: [gnutls-devel] Guile-GnuTLS | 32bit time_t fixes. (!41)
In-Reply-To: <merge_request_376171852@gitlab.com>
References: <reply-26853052bb0b99cd0ddc180246cda07d@gitlab.com>
 <merge_request_376171852@gitlab.com>
Message-ID: <mailman.6578.1751883492.18299.gnutls-devel@lists.gnutls.org>




Dariqq commented: https://gitlab.com/gnutls/guile/-/merge_requests/41#note_2607826173


Hi @jas,

What do you think of this generally?
I am happy to make adjustments but I am not a fan of the tests failing when the platform cannot handle 64bit time_t

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/41#note_2607826173
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/91f10d68/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 23:48:17 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 21:48:17 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the pkcs#11-provider
 (!1978)
References: <reply-fbbae38965fb2dafa70a0e98c592af4c@gitlab.com>
Message-ID: <mailman.6615.1751924961.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978

Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-docs to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This is identical to !1977, but skipping the CI.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [x] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/4eb64f00/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 23:49:52 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 21:49:52 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1977)
In-Reply-To: <merge_request_396777200@gitlab.com>
References: <reply-9ee47a1ec6eb7c98fc3fd55bce7c1581@gitlab.com>
 <merge_request_396777200@gitlab.com>
Message-ID: <mailman.6616.1751925026.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2609926080


As the CI is stall because of the usage quota, I've filed !1978 with "[skip ci]".

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977#note_2609926080
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/81133425/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 23:49:52 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 21:49:52 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1977)
In-Reply-To: <merge_request_396777200@gitlab.com>
References: <reply-1e8456d8a8ce8d4c881268aa2580d603@gitlab.com>
 <merge_request_396777200@gitlab.com>
Message-ID: <mailman.6617.1751925035.18299.gnutls-devel@lists.gnutls.org>



Merge request !1977 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977
Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master
Author: Zolt?n Fridrich
Assignee: Zolt?n Fridrich
Reviewer: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1977
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/7a87eadc/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 23:51:07 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 21:51:07 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1978)
In-Reply-To: <merge_request_397132091@gitlab.com>
References: <reply-8228f9244406fdca3eba27005a88864f@gitlab.com>
 <merge_request_397132091@gitlab.com>
Message-ID: <mailman.6618.1751925100.18299.gnutls-devel@lists.gnutls.org>



Merge request !1978 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978
Project:Branches: dueno/gnutls:wip/dueno/pkcs11-provider-docs to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/13eab4b5/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul  7 23:50:57 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 21:50:57 +0000
Subject: [gnutls-devel] GnuTLS | Add documentation for the
 pkcs#11-provider (!1978)
In-Reply-To: <merge_request_397132091@gitlab.com>
References: <reply-29f41afb6d3e070a30bf6a99a711a7c6@gitlab.com>
 <merge_request_397132091@gitlab.com>
Message-ID: <mailman.6621.1751925135.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978#note_2609928831


Merging without approval as it has already been reviewed in !1977.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1978#note_2609928831
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/db547c6b/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 01:54:16 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 07 Jul 2025 23:54:16 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
References: <reply-7564c2f67b301685d639ab265e0b1e0c@gitlab.com>
Message-ID: <mailman.6623.1751932490.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979

Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

Fixes: #1666, #1694, #1695, #1696, #1718, #1720

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [x] Test suite updated with negative tests
 * [x] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250707/8155ac4f/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 06:14:58 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 04:14:58 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-efa33a3bd64296eb6668f5e0797cf580@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6624.1751948136.18299.gnutls-devel@lists.gnutls.org>



Alexander Sosedkin and Zolt?n Fridrich were added as reviewers.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/97ffa466/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 06:15:02 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 04:15:02 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-5bfbd1141d696757fca5cc008a726f24@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6625.1751948173.18299.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1979

https://gitlab.com/gnutls/gnutls/-/merge_requests/1979

Daiki Ueno was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/081588ec/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 10:44:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 08:44:18 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-1c9f3c3457cb78c9bbfb51add2a5b869@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6629.1751964294.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1979 was reviewed by Zolt?n Fridrich

--
  
Zolt?n Fridrich started a new discussion on src/certtool-cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611127228

 >  			i = 0;                                             \
 > -			s_name = malloc(sizeof(char *) * MAX_ENTRIES);     \
 > +			s_name = malloc(MAX_ENTRIES + 1);                  \

Is this correct?
You have removed `sizeof(char *)` which means now you are allocating less, not more.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/01326866/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 11:48:02 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 09:48:02 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <note_2611292162@gitlab.com>
References: <reply-314838290292757e4a2f59a8427123a9@gitlab.com>
 <merge_request_397208332@gitlab.com> <note_2611127228@gitlab.com>
 <note_2611292162@gitlab.com>
Message-ID: <mailman.6630.1751968115.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on src/certtool-cfg.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611294166

 >  	if (val != NULL) {                                                 \
 >  		if (s_name == NULL) {                                      \
 >  			i = 0;                                             \
 > -			s_name = malloc(sizeof(char *) * MAX_ENTRIES);     \
 > +			s_name = malloc(MAX_ENTRIES + 1);                  \

Good catch; fixed it and added a test.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611294166
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/7cbcfe4f/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 11:48:04 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 09:48:04 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-798ce3db156a49b72466be491d8505dc@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6631.1751968148.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1979 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1979

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/da8a923f/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 12:13:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 10:13:10 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-8dac18b428296ab2457941c5d73a698e@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6632.1751969656.18299.gnutls-devel@lists.gnutls.org>



Merge request !1979 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/93d8b266/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 12:13:19 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 10:13:19 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-218813b74b92600e1b79ddf26d7a1aca@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6635.1751969691.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611375366


Looks good now

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2611375366
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/5054d72d/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 16:22:19 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 14:22:19 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-fda938864cb7429aa5bee45eaee697ea@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6641.1751984573.18299.gnutls-devel@lists.gnutls.org>



Merge request !1979 was approved by Alexander Sosedkin
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/ac74d684/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 18:35:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 16:35:10 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-aa8e3677eff503628968c7938bd87d8a@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6645.1751992580.18299.gnutls-devel@lists.gnutls.org>




Alicja Kario (@mention me if you need reply) commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2612311577


can't say that I know the C internals to review it properly, but looks good to me otherwise

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979#note_2612311577
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/f62d53d2/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul  8 18:35:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 08 Jul 2025 16:35:13 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-9c9d53d9826ff7892c3dcbfaef03d20f@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6646.1751992589.18299.gnutls-devel@lists.gnutls.org>



Merge request !1979 was approved by Alicja Kario (@mention me if you need reply)
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250708/0e5dac36/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 06:04:50 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 04:04:50 +0000
Subject: [gnutls-devel] GnuTLS | Release 3.8.10 (!1979)
In-Reply-To: <merge_request_397208332@gitlab.com>
References: <reply-5d97f160467e875694a075f3f53206d1@gitlab.com>
 <merge_request_397208332@gitlab.com>
Message-ID: <mailman.6689.1752033931.18299.gnutls-devel@lists.gnutls.org>



Merge request !1979 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
Project:Branches: dueno/gnutls:wip/dueno/release-3.8.10 to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewers: Alexander Sosedkin and Zolt?n Fridrich

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1979
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/8045a593/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 06:05:00 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 04:05:00 +0000
Subject: [gnutls-devel] GnuTLS | Add a way to show the default trust
 store configuration (#1720)
In-Reply-To: <issue_170041322@gitlab.com>
References: <reply-1b98c59704deceb4489c5c25a9ff1f1b@gitlab.com>
 <issue_170041322@gitlab.com>
Message-ID: <mailman.6690.1752033967.18299.gnutls-devel@lists.gnutls.org>



Issue was closed by Daiki Ueno with merge request !1979 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1979)
Issue #1720: https://gitlab.com/gnutls/gnutls/-/issues/1720

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1720
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/d42f8365/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 08:02:04 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 06:02:04 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from
 multiple threads due to TLS 1.3 rekeying (#1717)
In-Reply-To: <issue_168861302@gitlab.com>
References: <reply-b2c8230133750352c7a9e45b76acc43a@gitlab.com>
 <issue_168861302@gitlab.com>
Message-ID: <mailman.6695.1752040956.18299.gnutls-devel@lists.gnutls.org>



Milestone changed to Release of GnuTLS 3.8.11 (Jul 8, 2025?Sep 30, 2025) ( https://gitlab.com/gnutls/gnutls/-/milestones/49 )

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/35c46f38/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 08:04:26 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 06:04:26 +0000
Subject: [gnutls-devel] GnuTLS | [Security] Vulnerability in GnuTLS SCT
 extension parsing (#1695)
In-Reply-To: <issue_165824658@gitlab.com>
References: <reply-5b64c2e21de814d338b76e16893a2d62@gitlab.com>
 <issue_165824658@gitlab.com>
Message-ID: <mailman.6696.1752041130.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1695#note_2613217799


Fix released in 3.8.10 release.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1695#note_2613217799
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/bce33db5/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 08:05:59 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 06:05:59 +0000
Subject: [gnutls-devel] GnuTLS | [Security] Vulnerability in GnuTLS
 certtool template parsing (#1696)
In-Reply-To: <issue_165824673@gitlab.com>
References: <reply-a2b5f7fddb71dc2e54dfd4b5f5bc2253@gitlab.com>
 <issue_165824673@gitlab.com>
Message-ID: <mailman.6697.1752041192.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1696#note_2613219642


Fix released in 3.8.10.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1696#note_2613219642
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/b5e96fbc/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 08:05:35 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 06:05:35 +0000
Subject: [gnutls-devel] GnuTLS | [Security] Vulnerability in GnuTLS
 otherName SAN export (#1694)
In-Reply-To: <issue_165824628@gitlab.com>
References: <reply-78c3148a051f70441ccb491ff91a018c@gitlab.com>
 <issue_165824628@gitlab.com>
Message-ID: <mailman.6698.1752041197.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1694#note_2613218857


Fix released in 3.8.10.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1694#note_2613218857
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/7ec9287a/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 08:06:22 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 06:06:22 +0000
Subject: [gnutls-devel] GnuTLS | NULL pointer deref in
 _gnutls_figure_common_ciphersuite (#1718)
In-Reply-To: <issue_168922377@gitlab.com>
References: <reply-641919d2f6db27459108f9ba6e4721e6@gitlab.com>
 <issue_168922377@gitlab.com>
Message-ID: <mailman.6701.1752041244.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1718#note_2613220346


Fix released in 3.8.10.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1718#note_2613220346
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/9f8f18bb/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 14:08:00 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 12:08:00 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
References: <reply-b2c7019cf47ed28437b67bd0e08a968f@gitlab.com>
Message-ID: <mailman.6707.1752062914.18299.gnutls-devel@lists.gnutls.org>



Andreas Metzler created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1721



system-override-compress-cert fails for me:
```
FAIL: system-override-compress-cert
===================================

./compress-cert-conf expected to succeed
FAIL system-override-compress-cert.sh (exit status: 1)
```

Is the test unable to handle the case where gnutls is built without any of ZLIB / LIBBROTLI / LIBZSTD?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/daf8cc85/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 23:01:38 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 21:01:38 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-2b89a26bb46e7e514b7d5e58249550cd@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.6744.1752094962.18299.gnutls-devel@lists.gnutls.org>



Andreas Metzler was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/62de355b/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 23:01:38 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 21:01:38 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-42eeca4fc6083f90f63b3bac7e4d7451@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.6745.1752094970.18299.gnutls-devel@lists.gnutls.org>



Reassigned merge request 1980

https://gitlab.com/gnutls/gnutls/-/merge_requests/1980

Daiki Ueno was added as an assignee.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/3547ffd6/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul  9 23:02:04 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 09 Jul 2025 21:02:04 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
References: <reply-a0e99347ade7af71cfe4b4d0a0262395@gitlab.com>
Message-ID: <mailman.6746.1752094988.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980

Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master
Author:   Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Andreas Metzler


<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* tests: skip system-override-compress-cert.sh if no brotli nor zstd
* tests: distribute ktls_utils.h
* tests: make cert-tests/mldsa.sh work in VPATH build

Fixes: #1721

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250709/7c9b5068/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 11:22:24 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 09:22:24 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-848f47fc85ece2b01b8fd1b7c5a408ed@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.6774.1752139381.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1980 was reviewed by Andreas Metzler

--
  
Andreas Metzler started a new discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2617181312

 >  fi
 >  
 > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)*'; then

Due to the "*" at the end of the regex `^Compression: .*COMP-\(BROTLI\|ZSTD\)*` it matches "Compression: COMP-NULL" and the test is not skipped without brotli/zstd. This works for me:
`if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then`


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/25b4ca3b/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 13:03:33 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 11:03:33 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <note_2617397452@gitlab.com>
References: <reply-ee3907fad75a403ed51a4c499ecbb1f4@gitlab.com>
 <merge_request_398010946@gitlab.com> <note_2617181312@gitlab.com>
 <note_2617397452@gitlab.com>
Message-ID: <mailman.6779.1752145477.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2617399481

 >  	exit 77
 >  fi
 >  
 > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)*'; then

Good catch, I actually meant `.*` instead of `*`, but just trimming `*` should be better.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2617399481
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/1e6305bc/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 13:03:34 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 11:03:34 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-e35f635b8293cfc279ecd53dee322847@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.6780.1752145485.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1980 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1980

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/6c3ed59b/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 13:04:47 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 11:04:47 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
In-Reply-To: <issue_170219012@gitlab.com>
References: <reply-3ea93ddb5247204954b3383231faf113@gitlab.com>
 <issue_170219012@gitlab.com>
Message-ID: <mailman.6783.1752145549.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617402086


@ZoltanFridrich PTAL (also !1980)? I wonder if it might be possible to construct the test config file based on the result of `gnutls-cli --list`.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617402086
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/e50c9a95/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 13:25:07 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 11:25:07 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
In-Reply-To: <note_2617402086@gitlab.com>
References: <reply-f13866c22fa33e8c8d3a996c7a0f381a@gitlab.com>
 <issue_170219012@gitlab.com> <note_2617402086@gitlab.com>
Message-ID: <mailman.6784.1752146771.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617452495


Good point, current version will probably succeed with brotli and zstd enabled and skip when both are missing but will fail if only one of brotli/zstd is enabled.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617452495
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/7e6478cf/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 13:50:07 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 11:50:07 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
In-Reply-To: <note_2617452495@gitlab.com>
References: <reply-23dca567256839fb9f7d2605acc90911@gitlab.com>
 <issue_170219012@gitlab.com> <note_2617402086@gitlab.com>
 <note_2617452495@gitlab.com>
Message-ID: <mailman.6785.1752148270.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617513304


e.g. like this:
```diff
--- /tmp/system-override-compress-cert.sh	2025-07-10 13:30:26.254421764 +0200
+++ /tmp/system-override-compress-cert.sh.new	2025-07-10 13:49:34.130769458 +0200
@@ -30,16 +30,21 @@
 	exit 77
 fi
 
-if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then
-	echo "Not built with brotli and zstd, skipping" 1>&2
-	exit 77
-fi
-
 cat <<_EOF_ > ${CONF}
 [overrides]
-cert-compression-alg = brotli
-cert-compression-alg = zstd
 _EOF_
+CLICOMPLIST=`"$CLI" --list | grep '^Compression:'`
+
+if echo $CLICOMPLIST | grep COMP-BROTLI ; then
+	echo 'cert-compression-alg = brotli' >> ${CONF}
+	ANYCOMP=y
+fi
+if echo $CLICOMPLIST | grep COMP-ZSTD ; then
+	echo 'cert-compression-alg = zstd' >> ${CONF}
+elif [ "x$ANYCOMP" != "xy" ] ; then
+	echo "Not built with brotli or zstd, skipping" 1>&2
+	exit 77
+fi
 
 ${TEST}
 if [ $? != 0 ]; then
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2617513304
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/677de585/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 16:54:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 14:54:10 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from
 multiple threads due to TLS 1.3 rekeying (#1717)
In-Reply-To: <issue_168861302@gitlab.com>
References: <reply-b031583d51682125d286b8c62945b1b0@gitlab.com>
 <issue_168861302@gitlab.com>
Message-ID: <mailman.6786.1752159303.18299.gnutls-devel@lists.gnutls.org>




Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2617969375


Do you have any thoughts on how this issue will/should be resolved ?  Any insight on this problem may help me decide what short term countermeasures to apply in QEMU for historical gnutls releases

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2617969375
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/c9e21055/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 21:56:32 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 19:56:32 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <note_2604424109@gitlab.com>
References: <reply-c5cbc800eb1ffea3574aa4e1acff4d8f@gitlab.com>
 <merge_request_383054299@gitlab.com> <note_2604424109@gitlab.com>
Message-ID: <mailman.6793.1752177427.18299.gnutls-devel@lists.gnutls.org>




Jiasheng Jiang commented on a discussion on lib/ext/srp.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618618670

 >  
 >  		priv->password = gnutls_strdup(cred->password);
 >  		if (priv->password == NULL) {
 > +			gnutls_free(priv->username);
 >  			gnutls_assert();

Looks good. I have submitted a new commit to set ret here, as well as where priv->username == NULL.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618618670
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/cb3921bd/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 21:56:36 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 19:56:36 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <merge_request_383054299@gitlab.com>
References: <reply-e445c553e67b0c0b715e7c1885856916@gitlab.com>
 <merge_request_383054299@gitlab.com>
Message-ID: <mailman.6794.1752177436.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1956 were resolved by Jiasheng Jiang

https://gitlab.com/gnutls/gnutls/-/merge_requests/1956

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/6e7c9e13/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 10 23:40:34 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 10 Jul 2025 21:40:34 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <merge_request_383054299@gitlab.com>
References: <reply-9583deb19cb7b9c4db67cac7f8a0320d@gitlab.com>
 <merge_request_383054299@gitlab.com>
Message-ID: <mailman.6795.1752183667.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618756150


@JiashengJiang Thank you for the update; could you rebase this against the latest git master?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618756150
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250710/6a69a0d2/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 03:24:58 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 01:24:58 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <merge_request_383054299@gitlab.com>
References: <reply-47291d02d8c2a8ed6fcb45c26eec1dac@gitlab.com>
 <merge_request_383054299@gitlab.com>
Message-ID: <mailman.6804.1752197186.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1956 were resolved by Jiasheng Jiang

https://gitlab.com/gnutls/gnutls/-/merge_requests/1956

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/0f68c5a1/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 03:24:56 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 01:24:56 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <note_2618756150@gitlab.com>
References: <reply-dd7b66e030e72871d8ed3fd26f2baf23@gitlab.com>
 <merge_request_383054299@gitlab.com> <note_2618756150@gitlab.com>
Message-ID: <mailman.6805.1752197194.18299.gnutls-devel@lists.gnutls.org>




Jiasheng Jiang commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618932743


No problem. I have rebases this branch.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2618932743
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/682c02d0/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 08:03:30 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 06:03:30 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from
 multiple threads due to TLS 1.3 rekeying (#1717)
In-Reply-To: <note_2617969375@gitlab.com>
References: <reply-76921f6bb6a6c233c8d5682b57204bd3@gitlab.com>
 <issue_168861302@gitlab.com> <note_2617969375@gitlab.com>
Message-ID: <mailman.6811.1752213844.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2619430349


Thank you for the detailed report. I agree that this should eventually be addressed in GnuTLS with a private locking mechanism, though the record send state transitions are intricate; I suspect that we could utilize the atomic compare-and-swap pattern for that.

As for the workaround, yes, using a ChaCha20-Poly1305 ciphersuite sounds like a good short-term solution, and I can't think of anything else off-hand.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2619430349
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/3a9d9376/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 12:44:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 10:44:10 +0000
Subject: [gnutls-devel] GnuTLS | test sanity-lib.sh failed if tpm2 is built
 with linked (#1722)
References: <reply-afdc4df3a80ba0cb8f9dff39441e2e38@gitlab.com>
Message-ID: <mailman.6816.1752230713.18299.gnutls-devel@lists.gnutls.org>



fundawang created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1722



I'm currently building gnutls 3.8.10 with `--with-tpm2=link`. `sanity-lib.sh` test failed with:
```
2025-07-11 18:06:44 FAIL: sanity-lib
2025-07-11 18:06:44 ================
2025-07-11 18:06:44 
2025-07-11 18:06:44 	libcrypto.so.3 => /lib64/libcrypto.so.3 (0x00007f88d1606000)
2025-07-11 18:06:44 gnutls-cli-debug links to other crypto library
2025-07-11 18:06:44 FAIL sanity-lib.sh (exit status: 1)
```
I guess the the failure comes from the fact that tpm2-tss is linked with libcrypto by default.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1722
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/f5feb781/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 14:35:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 12:35:13 +0000
Subject: [gnutls-devel] GnuTLS | test sanity-lib.sh failed if gnutls
 3.8.10 is built with linked tpm2-tss (#1722)
In-Reply-To: <issue_170319084@gitlab.com>
References: <reply-86f1d4fc5c6e1e7ab48284bd44dd240f@gitlab.com>
 <issue_170319084@gitlab.com>
Message-ID: <mailman.6823.1752237377.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1722#note_2620365269


Yes, as for testing, we probably should skip the test if it's linked to tpm2-tss. Otherwise we could take advantage of the recent effort to make TPM2 support self-contained (!1946).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1722#note_2620365269
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/827d6573/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 15:07:23 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 13:07:23 +0000
Subject: [gnutls-devel] GnuTLS | GnuTLS doesn't support deriving the public
 key from the private one in ML-DSA (#1723)
References: <reply-dcb3f36040f321384f884bc7e3c8c3dd@gitlab.com>
Message-ID: <mailman.6827.1752239307.18299.gnutls-devel@lists.gnutls.org>



Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1723



## Description of problem:
When the operation requires presence of both public and private key, and only ML-DSA private key is present, the operation fails

## Version of gnutls used:
gnutls-3.8.10

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL

## How reproducible:

Steps to Reproduce:
```
openssl genpkey -algorithm mldsa44 -provparam 'ml-dsa.output_formats=priv-only' -out key.pem
cat > template.cfg <<EOF
organization = Example
dns_name = localhost
challenge_password =
EOF'
certtool --generate-request --load-privkey key.pem --outfile request.pem --template template.cfg
```
## Actual results:
```
Generating a PKCS #10 certificate request...
Could not determine the public key for the operation.
You must specify --load-privkey or --load-pubkey if missing.
```

## Expected results:
Certificate signing request created

## Additional information
Algorithm such as the one mentioned in https://github.com/aws/aws-lc/pull/2142 might be used to derive them

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1723
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/bc37cf88/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 20:52:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 18:52:18 +0000
Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add check
 for gnutls_malloc() (!1981)
References: <reply-06a29737587afa295f78c452e3457132@gitlab.com>
Message-ID: <mailman.6833.1752260003.18299.gnutls-devel@lists.gnutls.org>



Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981

Project:Branches: JiashengJiang/gnutls:patch16 to gnutls/gnutls:master
Author:   Jiasheng Jiang




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc()

Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference.

Fixes: 5bb8a18b0 ("fuzzer: Initial check in for improved fuzzing")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool at gmail.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/1f7562de/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 21:18:41 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 19:18:41 +0000
Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add gnutls_free()
 and gnutls_pcert_deinit() in the error paths (!1982)
References: <reply-471fd95c3de316d7a9569059386af8d9@gitlab.com>
Message-ID: <mailman.6835.1752261554.18299.gnutls-devel@lists.gnutls.org>



Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982

Project:Branches: JiashengJiang/gnutls:patch17 to gnutls/gnutls:master
Author:   Jiasheng Jiang




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths

Add gnutls_free() and gnutls_pcert_deinit() in the error paths to avoid potential memory leak.

Fixes: 565efaeac ("Implemented support for raw public-key functionality (RFC7250).")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool at gmail.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/763c22f2/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 22:05:31 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 20:05:31 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the
 error path (!1983)
References: <reply-eb78cbfd5b8f6ada7b18d1d3fa81485d@gitlab.com>
Message-ID: <mailman.6838.1752264395.18299.gnutls-devel@lists.gnutls.org>



Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983

Project:Branches: JiashengJiang/gnutls:patch18 to gnutls/gnutls:master
Author:   Jiasheng Jiang




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* lib/ext/srp.c: Add gnutls_free() in the error path

Add gnutls_free() in the error path to avoid potential memory leak if BUFFER_POP_DATUM fails.

Fixes: 8b038ab97 ("The auth_ and ext_ files were moved to respective directories.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool at gmail.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/72bc63dc/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 22:13:26 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 20:13:26 +0000
Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for gnutls_malloc()
 (!1984)
References: <reply-efd4d95e2e0673698b6c2c4803f8ed3f@gitlab.com>
Message-ID: <mailman.6839.1752264868.18299.gnutls-devel@lists.gnutls.org>



Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984

Project:Branches: JiashengJiang/gnutls:patch19 to gnutls/gnutls:master
Author:   Jiasheng Jiang




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* lib/file.c: Add check for gnutls_malloc()

Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference.

Fixes: d1428c0f9 ("helper.c -> file.c")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool at gmail.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/6a11e176/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 11 23:04:51 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 21:04:51 +0000
Subject: [gnutls-devel] Guile-GnuTLS | 32bit time_t fixes. (!41)
In-Reply-To: <merge_request_376171852@gitlab.com>
References: <reply-64fc0ef990cf3b6b3254f49f30d30daf@gitlab.com>
 <merge_request_376171852@gitlab.com>
Message-ID: <mailman.6845.1752267953.18299.gnutls-devel@lists.gnutls.org>



Merge request !41 was closed by Simon Josefsson
Merge request URL: https://gitlab.com/gnutls/guile/-/merge_requests/41
Project:Branches: Dariqq/guile:fix-32bit-time_t to gnutls/guile:master
Author: Dariqq
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/merge_requests/41
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/76a045b3/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 12 00:25:03 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 11 Jul 2025 22:25:03 +0000
Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for
 gnutls_strdup() (!1985)
References: <reply-f5c9c6d18c1af043ad6f3baf6013536c@gitlab.com>
Message-ID: <mailman.6849.1752272769.18299.gnutls-devel@lists.gnutls.org>



Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985

Project:Branches: JiashengJiang/gnutls:patch20 to gnutls/gnutls:master
Author:   Jiasheng Jiang




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* lib/hello_ext.c: Add check for gnutls_strdup()

Add check for the return value of gnutls_strdup() to avoid potential NULL pointer dereference.

Fixes: 5bba569b4 ("gnutls_session_ext_register: keep track of extension name")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool at gmail.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250711/1ce156c1/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 12 05:45:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 12 Jul 2025 03:45:10 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-9c2c86234b7ad7c3ed652f47f17ec2e3@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.6863.1752292006.18299.gnutls-devel@lists.gnutls.org>




Sam James started a new discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2623065262

 >  	exit 77
 >  fi
 >  
 > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then

I see a failure on one machine with your patch applied where I built gnutls with zlib, zstd, but not brotli:
```
FAIL: system-override-compress-cert                                                                                                                                        |
===================================                                                                                                                                        |
                                                                                                                                                                           |
Compression: COMP-NULL, COMP-ZLIB, COMP-ZSTD                                                                                                                               |
./compress-cert-conf expected to succeed                                                                                                                                   |
FAIL system-override-compress-cert.sh (exit status: 1)  
```

I think the grep just checks for _either_ BROTLI or _ZSTD_, it doesn't require both?

On another machine where I had zlib but not zstd or brotli, it failed before your patch, and works with it.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2623065262
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250712/7350bca2/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 12 13:11:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 12 Jul 2025 11:11:10 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
In-Reply-To: <note_2617513304@gitlab.com>
References: <reply-23eb72fe6f89367196c96d014d0f1efc@gitlab.com>
 <issue_170219012@gitlab.com> <note_2617402086@gitlab.com>
 <note_2617452495@gitlab.com> <note_2617513304@gitlab.com>
Message-ID: <mailman.6868.1752318726.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2623280040


Looking at tests/tls13/compress-cert-conf.c Line62
https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/test-fixes/tests/tls13/compress-cert-conf.c#L62
we find:
```c
/* check BROTLI number */
	if (msg->data[0] == 0x00 && msg->data[1] == 0x02)
		client_ok = 1;
```
which suggests that the test can only succeed if brotli is available and I think I am seeing this behavior.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2623280040
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250712/f157a89f/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 12 14:38:21 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 12 Jul 2025 12:38:21 +0000
Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for
 gnutls_malloc() (!1986)
References: <reply-0a76885d79484c8411ba01439f774e24@gitlab.com>
Message-ID: <mailman.6874.1752323965.18299.gnutls-devel@lists.gnutls.org>



Jiasheng Jiang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986

Project:Branches: JiashengJiang/gnutls:patch21 to gnutls/gnutls:master
Author:   Jiasheng Jiang




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* lib/nettle/pk.c: Add check for gnutls_malloc()

Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference.

Fixes: 1fb6d1b57 ("fips140-2: moved PCT-test in wrap_nettle_generate_keys")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool at gmail.com>

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250712/26f30463/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 12 22:01:33 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 12 Jul 2025 20:01:33 +0000
Subject: [gnutls-devel] GnuTLS | Expose HPKE through abstract key API
 [BASE+PSK] (!1976)
In-Reply-To: <merge_request_396592980@gitlab.com>
References: <reply-4b5f5e520a94dbbdba7d0a406c9fc317@gitlab.com>
 <merge_request_396592980@gitlab.com>
Message-ID: <mailman.6896.1752350557.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1976 were resolved by David Dudas

https://gitlab.com/gnutls/gnutls/-/merge_requests/1976

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1976
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250712/2ce84f31/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 12 23:57:49 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 12 Jul 2025 21:57:49 +0000
Subject: [gnutls-devel] GnuTLS | .github/workflows: use macos-latest
 runner (a641d468)
In-Reply-To: <commit_a641d468ec7de0449148904d459950e3a1fd15fd@gitlab.com>
References: <reply-01f5ec5c95ab8023e9000b939c064dab@gitlab.com>
 <commit_a641d468ec7de0449148904d459950e3a1fd15fd@gitlab.com>
Message-ID: <mailman.6905.1752357503.18299.gnutls-devel@lists.gnutls.org>




Sherxon Kenjayev commented: https://gitlab.com/gnutls/gnutls/-/commit/a641d468ec7de0449148904d459950e3a1fd15fd#note_2623477661


git at gitlab.com:gnutls/gnutls.git

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/commit/a641d468ec7de0449148904d459950e3a1fd15fd#note_2623477661
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250712/92351792/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Jul 13 11:01:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 13 Jul 2025 09:01:20 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss
 is dlopened (!1987)
References: <reply-e043d7be6aaae1029b8a32425c21ebd4@gitlab.com>
Message-ID: <mailman.6933.1752397322.18299.gnutls-devel@lists.gnutls.org>



fundawang created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987

Project:Branches: fundawang/gnutls:master to gnutls/gnutls:master
Author:   fundawang




* tests: only do sanity-lib test when tpm-tss is dlopened (#1722)


## Checklist

* [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
* [ ] Code modified for feature
* [x] Test suite updated with functionality tests
* [ ] Test suite updated with negative tests
* [ ] Documentation updated / NEWS entry present (for non-trivial changes)
* [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:

* [ ] Any issues marked for closing are addressed
* [ ] There is a test suite reasonably covering new functionality or modifications
* [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
* [ ] This feature/change has adequate documentation added
* [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250713/311aa2cc/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 13:04:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 11:04:18 +0000
Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22
 (#1724)
References: <reply-e4327028eab75c171c5cfd27c11ea7a5@gitlab.com>
Message-ID: <mailman.6970.1752491119.18299.gnutls-devel@lists.gnutls.org>



Karthikdasari0423 created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1724



## Description of problem:
Tried to build gnutls using 
./bootstrap
./configure
make

## Version of gnutls used:
Used master. Able to build on 3.8.10

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Ubunut
root at ubuntu:~/gnutls# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
root at ubuntu:~/gnutls#

## How reproducible:


Steps to Reproduce:

git clone https://gitlab.com/gnutls/gnutls.git
cd gnutls/
./bootstrap
./configure
 make

## Actual results:
  CC       vko.lo
  CC       tpm2/tpm2.lo
  CC       tpm2/tpm2_esys.lo
In file included from tpm2/tpm2_esys.c:90:
./dlwrap/tss2_esysfuncs.h:19:68: error: unknown type name 'ESYS_CRYPTO_CALLBACKS'
   19 | FUNC(TSS2_RC, Esys_SetCryptoCallbacks, (ESYS_CONTEXT *esysContext, ESYS_CRYPTO_CALLBACKS *callbacks), (esysContext, callbacks))
      |                                                                    ^~~~~~~~~~~~~~~~~~~~~
./dlwrap/tss2_esys.h:16:36: note: in definition of macro 'FUNC'
   16 |   ret gnutls_tss2_esys_func_##name args;
      |                                    ^~~~
make[4]: *** [Makefile:3704: tpm2/tpm2_esys.lo] Error 1
make[4]: Leaving directory '/root/gnutls/lib'
make[3]: *** [Makefile:3809: all-recursive] Error 1
make[3]: Leaving directory '/root/gnutls/lib'
make[2]: *** [Makefile:3280: all] Error 2
make[2]: Leaving directory '/root/gnutls/lib'
make[1]: *** [Makefile:2917: all-recursive] Error 1
make[1]: Leaving directory '/root/gnutls'
make: *** [Makefile:2842: all] Error 2
root at ubuntu:~/gnutls# git log
commit eba5229a603a989ab79b2111a74366b46e11d629 (HEAD -> master, origin/master, origin/HEAD)
Merge: 8a36455fd 017cab7da
Author: Daiki Ueno <ueno at gnu.org>
Date:   Fri Jul 11 18:29:22 2025 +0900

    Merge branch 'ddudas/tpm2-switch-crypto-backend' into 'master'

    Make TPM2 support self-contained

    See merge request gnutls/gnutls!1946


## Expected results:

Expected to build sucesfully.

Am I missing anything here?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/2d1e8a69/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 14:02:35 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 12:02:35 +0000
Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22
 (#1724)
In-Reply-To: <issue_170554662@gitlab.com>
References: <reply-422cf1c8ee18188feeee1fef4aab0935@gitlab.com>
 <issue_170554662@gitlab.com>
Message-ID: <mailman.6973.1752494590.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625582047


Thank you for the report. @d-Dudas could you take a look?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625582047
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/fc930bcb/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 14:06:28 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 12:06:28 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
In-Reply-To: <note_2623280040@gitlab.com>
References: <reply-687a5cde86ede4b4d7bc373912eab934@gitlab.com>
 <issue_170219012@gitlab.com> <note_2617402086@gitlab.com>
 <note_2617452495@gitlab.com> <note_2617513304@gitlab.com>
 <note_2623280040@gitlab.com>
Message-ID: <mailman.6974.1752494821.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2625590799


Yeah, thank you for tracking it down. In that case I would say it's simpler to just require brotli in the shell-script wrapper. I've updated !1980 along these lines.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2625590799
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/9309813d/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 14:39:48 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 12:39:48 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
References: <reply-4db7767baeaa6e125392be24dd94360b@gitlab.com>
Message-ID: <mailman.6981.1752496868.18299.gnutls-devel@lists.gnutls.org>



Karthik Das created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988

Project:Branches: devkdas/gnutls:fix-#1724 to gnutls/gnutls:master
Author:   Karthik Das




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Update 15 files

- /configure.ac
- /lib/dlwrap/tss2_esysfuncs.h
- /lib/tpm2/callbacks/aes/aes_callbacks.c
- /lib/tpm2/callbacks/aes/aes_callbacks.h
- /lib/tpm2/callbacks/ecdh/ecdh_callbacks.c
- /lib/tpm2/callbacks/ecdh/ecdh_callbacks.h
- /lib/tpm2/callbacks/esys_crypto_callbacks.c
- /lib/tpm2/callbacks/hash/hash_callbacks.c
- /lib/tpm2/callbacks/hash/hash_callbacks.h
- /lib/tpm2/callbacks/hmac/hmac_callbacks.c
- /lib/tpm2/callbacks/hmac/hmac_callbacks.h
- /lib/tpm2/callbacks/random/random_callbacks.c
- /lib/tpm2/callbacks/random/random_callbacks.h
- /lib/tpm2/callbacks/rsa/rsa_callbacks.c
- /lib/tpm2/callbacks/rsa/rsa_callbacks.h

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/b5ca8ce9/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 15:26:14 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 13:26:14 +0000
Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22
 (#1724)
In-Reply-To: <issue_170554662@gitlab.com>
References: <reply-1978ee31a094f859d2f036ab0f837155@gitlab.com>
 <issue_170554662@gitlab.com>
Message-ID: <mailman.6984.1752499606.18299.gnutls-devel@lists.gnutls.org>




Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625774457


Can you review https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 @d-Dudas

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2625774457
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/01d02d50/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 17:10:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 15:10:18 +0000
Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22
 (#1724)
In-Reply-To: <issue_170554662@gitlab.com>
References: <reply-2263177d70f4dd061d652a92dba66acc@gitlab.com>
 <issue_170554662@gitlab.com>
Message-ID: <mailman.6986.1752505851.18299.gnutls-devel@lists.gnutls.org>




David Dudas commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626052417


Yes, it seems like I should have done what @devkdas did in !1988 to make sure that the crypto callbacks API is available.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626052417
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/1ac0e1fd/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 18:10:06 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 16:10:06 +0000
Subject: [gnutls-devel] GnuTLS | Not able to build gnutls on ubuntu 22
 (#1724)
In-Reply-To: <issue_170554662@gitlab.com>
References: <reply-1ff7d774eb18b52ad4e04c2b054f1c04@gitlab.com>
 <issue_170554662@gitlab.com>
Message-ID: <mailman.6987.1752509469.18299.gnutls-devel@lists.gnutls.org>




Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626198802


Can you commit https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1724#note_2626198802
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/395d4f7f/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 14 18:16:33 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 16:16:33 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from
 multiple threads due to TLS 1.3 rekeying (#1717)
In-Reply-To: <issue_168861302@gitlab.com>
References: <reply-61456a9201f72abd604005174774caaf@gitlab.com>
 <issue_168861302@gitlab.com>
Message-ID: <mailman.6988.1752509856.18299.gnutls-devel@lists.gnutls.org>




Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2626211458


FYI, we have now identified a reliable way to get GNUTLS to cause a SEGV under QEMU, not merely an error return code from gnutls_record_send|recv - it requires QEMU to trigger a rekey *twice* in outbound data stream, before QEMU starts sending on the return data stream. I've not yet been able to figure out a reproducer for this in a standalone demo program unfortunately.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2626211458
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/5ece4028/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 15 01:06:46 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 14 Jul 2025 23:06:46 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-bcffe0cb95f841d35c6de94fa37fa46c@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7002.1752534438.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 was reviewed by Daiki Ueno

--
  
Daiki Ueno started a new discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2626918492

 > +    AC_CHECK_DECL([Esys_SetCryptoCallbacks], [
 > +        AC_DEFINE([HAVE_ESYS_SETCRYPTOCALLBACKS], 1, [Define if Esys_SetCryptoCallbacks is available])
 > +    ], [], [[#include <tss2/tss2_esys.h>]])

Can't we simply use `AC_CHECK_FUNCS`?
```suggestion:-2+0
    AC_CHECK_FUNCS([Esys_SetCryptoCallbacks])
```

--
  
Daiki Ueno started a new discussion on lib/tpm2/callbacks/aes/aes_callbacks.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2626918511

 >  #define GNUTLS_LIB_TPM2_AES_CALLBACKS_H
 >  
 > +#ifdef HAVE_ESYS_SETCRYPTOCALLBACKS

You might want to add an Automake conditional and exclude compilation of those *_callbacks.c at https://gitlab.com/gnutls/gnutls/-/blob/master/lib/Makefile.am?ref_type=heads#L140 something like:
```make
if ENABLE_TPM2
COBJECTS += tpm2/tpm2.c tpm2/tpm2.h tpm2/tpm2_esys.c
if NEED_ESYS_CRYPTO_CALLBACKS
COBJECTS += tpm2/callbacks/esys_crypto_callbacks.h tpm2/callbacks/esys_crypto_callbacks.c ...
endif
...
endif
```


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250714/6311cf52/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 15 04:24:57 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 15 Jul 2025 02:24:57 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <note_2627051589@gitlab.com>
References: <reply-a2310869456a9fea099437257feaea94@gitlab.com>
 <merge_request_399143675@gitlab.com> <note_2626918492@gitlab.com>
 <note_2627051589@gitlab.com>
Message-ID: <mailman.7005.1752546341.18299.gnutls-devel@lists.gnutls.org>




Karthik Das commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627052780

 >      CFLAGS="$save_CFLAGS"
 >  ])
 >  
 > +AS_IF([test -n "$tss2lib"], [
 > +    # Check for Esys_SetCryptoCallbacks availability
 > +    save_LIBS=$LIBS
 > +    save_CFLAGS=$CFLAGS
 > +    LIBS="$LIBS $TSS2_ESYS_LIBS"
 > +    CFLAGS="$CFLAGS $TSS2_ESYS_CFLAGS"
 > +    AC_CHECK_DECL([Esys_SetCryptoCallbacks], [
 > +        AC_DEFINE([HAVE_ESYS_SETCRYPTOCALLBACKS], 1, [Define if Esys_SetCryptoCallbacks is available])
 > +    ], [], [[#include <tss2/tss2_esys.h>]])

You are right.
```AC_CHECK_FUNCS``` would be simpler, cleaner and more appropriate

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627052780
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250715/1c45c571/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 15 06:54:17 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 15 Jul 2025 04:54:17 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-f5d0da0e739a6568d8a14ac7aa2bd17c@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7007.1752555321.18299.gnutls-devel@lists.gnutls.org>




Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627171034


Can you review again @dueno ?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627171034
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250715/acb74dec/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 15 07:39:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 15 Jul 2025 05:39:13 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-bdded90ff80a4422e513eec1729d3f71@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7008.1752558017.18299.gnutls-devel@lists.gnutls.org>




David Dudas started a new discussion on lib/tpm2/callbacks/aes/aes_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627205220

 >  
 >  #include "config.h"
 >  
 > +#ifdef HAVE_ESYS_SETCRYPTOCALLBACKS
 > +

Since these callbacks files won't be added to `COBJECT` in Makefile.am, we might not need to keep these condition in each callback file.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2627205220
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250715/6e8eb286/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 15 11:42:23 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 15 Jul 2025 09:42:23 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
In-Reply-To: <note_2625590799@gitlab.com>
References: <reply-73c911f447e260905196e2b901f379a2@gitlab.com>
 <issue_170219012@gitlab.com> <note_2617402086@gitlab.com>
 <note_2617452495@gitlab.com> <note_2617513304@gitlab.com>
 <note_2623280040@gitlab.com> <note_2625590799@gitlab.com>
Message-ID: <mailman.7012.1752572577.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2627728444


Hmm, this is still there:
```sh
if ! "$CLI" --list | grep '^Compression: .*COMP-ZSTD'; then
	echo "Not built with zstd, skipping" 1>&2
	exit 77
fi
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721#note_2627728444
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250715/80caf9ac/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 15 16:51:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 15 Jul 2025 14:51:55 +0000
Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for
 gnutls_malloc() (!1986)
In-Reply-To: <merge_request_398930369@gitlab.com>
References: <reply-88ea7e67990b7c328afde76cf45cf7d0@gitlab.com>
 <merge_request_398930369@gitlab.com>
Message-ID: <mailman.7018.1752591148.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2628595506

 >  		me = _gnutls_dsa_q_to_hash(params, &hash_len);
 >  		spki.dsa_dig = MAC_TO_DIG(me->id);
 >  		gen_data = gnutls_malloc(hash_len);
 > +		if (gen_data == NULL) {

I suspect we might not need to allocate this buffer in the first place, as it is 64-byte at maximum (see `MAX_HASH_SIZE`), and other branches in this function uses a statically allocated buffer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2628595506
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250715/90718151/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 15 16:52:59 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 15 Jul 2025 14:52:59 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <merge_request_383054299@gitlab.com>
References: <reply-306d86c7ff7149014f10e9b5ab7243ee@gitlab.com>
 <merge_request_383054299@gitlab.com>
Message-ID: <mailman.7019.1752591242.18299.gnutls-devel@lists.gnutls.org>



Merge request !1956 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956
Project:Branches: purdue-university1/gnutls:patch6 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250715/86da81c6/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 16 03:11:56 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 16 Jul 2025 01:11:56 +0000
Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: add function to get
 record_size_limit (!1989)
References: <reply-e6b863bdd2682cb8d52e938c25de303c@gitlab.com>
Message-ID: <mailman.7035.1752628380.18299.gnutls-devel@lists.gnutls.org>



Wilfred Mallawa created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989

Project:Branches: twilfredo/gnutls:wilfred/record-size-tls-test to gnutls/gnutls:master
Author:   Wilfred Mallawa




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* Add function to get record_size_limit

Currently the kernel has no way of receiving the record size limit specified by an endpoint, and as such, it defaults to
using the maximum 16K size. This is problematic if an endpoint specifies a lower limit during the handshake in the
record size limit extension, as the kernel will not respect this constraint.

This patch adds a new function to record_size_limit extension library to extract
the endpoints maximum record size limit if negotiated. This can be used
by tlshd [1] to pass this information to the kernel [2], such that the kernel
can respect record size constrains of the endpoint.

Signed-off-by: Wilfred Mallawa <wilfred.mallawa at wdc.com>

[1] tlshd integration: https://github.com/twilfredo/ktls-utils/commits/wilfred/record-size-tls-test/
[2] kernel integration: https://github.com/twilfredo/spdm-linux/commits/wilfred/record-size-tls-test/

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [x] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [x] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250716/1ec883cb/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 16 03:29:17 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 16 Jul 2025 01:29:17 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <merge_request_384239341@gitlab.com>
References: <reply-a6319c2d0fcc07e3f5d06fe9578d8000@gitlab.com>
 <merge_request_384239341@gitlab.com>
Message-ID: <mailman.7036.1752629390.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1964 were resolved by Maxim Cournoyer

https://gitlab.com/gnutls/gnutls/-/merge_requests/1964

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250716/c3cd964b/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 16 03:29:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 16 Jul 2025 01:29:18 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <note_2629696626@gitlab.com>
References: <reply-1bed726c19e37eecb73cbda9806410a9@gitlab.com>
 <merge_request_384239341@gitlab.com> <note_2527478828@gitlab.com>
 <note_2629696626@gitlab.com>
Message-ID: <mailman.7037.1752629399.18299.gnutls-devel@lists.gnutls.org>




Maxim Cournoyer commented on a discussion on bootstrap: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2629697464

 >  #! /bin/sh
 >  # Print a version string.
 > -scriptversion=2020-11-18.17; # UTC
 > +scriptversion=2025-02-08.16; # UTC

Thanks, I've submitted a patch including the above to bug-gnulib at gnu.org and dropped this change from this series.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2629697464
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250716/812a1efb/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 16 13:23:10 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 16 Jul 2025 11:23:10 +0000
Subject: [gnutls-devel] GnuTLS | gnutls-cli reports bad values for the
 "Ephemeral EC Diffie-Hellman parameters" with hybrid ML-KEM (#1725)
References: <reply-d1605ad09bc4bd42a8479d0f6d84cdb2@gitlab.com>
Message-ID: <mailman.7065.1752665054.18299.gnutls-devel@lists.gnutls.org>



Alicja Kario (@mention me if you need reply) created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1725



## Description of problem:
When `gnutls-cli` is used for a connection that negotiates one of the hybrid groups with ML-KEM, the values reported by it are invalid/incorrect

## Version of gnutls used:
gnutls-3.8.10-1.el10.x86_64

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
RHEL

## How reproducible:
1. Start TLS server with support for hybrid ML-KEM groups (like `x25519mlkem768`)
2. Connect with `gnutls-cli --resume`

## Actual results:
```
...
- Status: The certificate is trusted. 
- Description: (TLS1.3-X.509)-(HYBRID-X25519-MLKEM768)-(ML-DSA-44)-(AES-256-GCM)
- Session ID: EE:A3:8B:EA:49:5A:AB:86:89:29:D8:55:AB:E1:D4:8B:D8:22:90:52:E9:8C:98:E6:86:B6:00:A3:10:51:EA:CE
- Ephemeral EC Diffie-Hellman parameters
 - Using curve: (null)
 - Curve size: 0 bits
- Version: TLS1.3
- Server Signature: ML-DSA-44
- Cipher: AES-256-GCM
- MAC: AEAD
- Options:
- Channel bindings
 - 'tls-unique': not available
 - 'tls-server-end-point': 
 - 'tls-exporter': baa413b2c015a4ee708d1725a30bcf029c55a056cbad32d1f7e452589edbf4b2
- Handshake was completed
client hello
- Disconnecting


- Connecting again- trying to resume previous session
Resolving 'localhost:4433'...
Connecting to '::1:4433'...
- Description: (TLS1.3-X.509)--(AES-256-GCM)
- Session ID: EE:A3:8B:EA:49:5A:AB:86:89:29:D8:55:AB:E1:D4:8B:D8:22:90:52:E9:8C:98:E6:86:B6:00:A3:10:51:EA:CE
- Ephemeral EC Diffie-Hellman parameters
 - Using curve: (null)
 - Curve size: 0 bits
- Version: TLS1.3
- Cipher: AES-256-GCM
- MAC: AEAD
- Options:
- Channel bindings
 - 'tls-unique': not available
 - 'tls-server-end-point': 
 - 'tls-exporter': 95380f62755f0e45c75ae786a5fb77bf95e8a4323f9687eb81cb280d2d514f77
- Resume Handshake was completed
*** This is a resumed session

- Simple Client Mode:

- Sent: 13 bytes
- Received[13]: server hello
```

## Expected results:
1. Both connections should either omit the "Ephemeral EC Diffie-Hellman parameters" or update them so that they report the used KEX method correctly
2. the resumed session "Description:" field doesn't report that it is using `(HYBRID-X25519-MLKEM768)`, despite the server performing a `psk_dhe_ke` resumption, not a `psk_ke` (both `pre_shared_key` and `key_share` are present in the ServerHello message)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1725
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250716/8984f824/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 17 08:15:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 17 Jul 2025 06:15:18 +0000
Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: add function to
 get record_size_limit (!1989)
In-Reply-To: <merge_request_399632391@gitlab.com>
References: <reply-d69925d9597b8bc0097afd29906a29a7@gitlab.com>
 <merge_request_399632391@gitlab.com>
Message-ID: <mailman.7127.1752732981.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1989 was reviewed by Daiki Ueno

--
  
Daiki Ueno started a new discussion on lib/ext/record_size_limit.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989#note_2632603435

 > + * Since: 3.8.10
 > + **/
 > +int gnutls_record_get_record_size_limit(gnutls_session_t session, size_t *size)

Although `record_size_limit` is more recently introduced than `max_fragment_length` (in lib/ext/max_record.c), we already have a couple of accessors to the internal limits in lib/ext/max_record.c, e.g., `gnutls_record_get_max_size`. Can we add it there?

Also, as the maximum is 16K, I would return `ssize_t` instead of storing it through a pointer.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250717/507787b8/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 19 00:15:51 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 18 Jul 2025 22:15:51 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
References: <reply-aa3559cfbf1c8fee14d6d99fdc26efec@gitlab.com>
Message-ID: <mailman.7174.1752876997.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990

Project:Branches: dueno/gnutls:wip/dueno/rekey to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

While RFC 8446 4.6.3 says the sender of a KeyUpdate message should
only update its sending key and the receiving key should be updated
after receiving a KeyUpdate message from the peer, the previous
implementation assumed that the peer also requests a rekey and updated
the sending and receiving keys altogether.

This split the updating logic into 2 phases: when sending a KeyUpdate,
only update the sending key, and when receiving a KeyUpdate, only
updating the receiving key.  In both cases, KeyUpdate messages are
encrypted/decrypted in the old keys.

Partially fixes: #1717 

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250718/ee28dab5/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 19 00:20:51 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 18 Jul 2025 22:20:51 +0000
Subject: [gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from
 multiple threads due to TLS 1.3 rekeying (#1717)
In-Reply-To: <issue_168861302@gitlab.com>
References: <reply-1d7e396b006c415c6d7a441070ac4827@gitlab.com>
 <issue_168861302@gitlab.com>
Message-ID: <mailman.7175.1752877316.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2636736894


I took a closer look at it and now suspect a logic error in the current key update code, not related to threading. The "decryption failed" errors indicate that the receiver of the message doesn't have the correct decryption key yet, and this is the case when the peer sends a data encrypted with an old key, while the receiving key is already updated. I tried to rework the logic to be more in line with the RFC (!1990), and it seems to fix the errors in the reproducer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2636736894
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250718/948674f1/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 19 10:26:18 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 19 Jul 2025 08:26:18 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <merge_request_384239341@gitlab.com>
References: <reply-404408c97060e56eaadd70ba5d22be5c@gitlab.com>
 <merge_request_384239341@gitlab.com>
Message-ID: <mailman.7180.1752913614.18299.gnutls-devel@lists.gnutls.org>




Maxim Cournoyer commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637611547


I'm not sure why the last commit fails the commit check?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637611547
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250719/345d5cc7/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 19 13:55:04 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 19 Jul 2025 11:55:04 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <note_2637611547@gitlab.com>
References: <reply-1bb98142638c4bcc5dba97989c8117a3@gitlab.com>
 <merge_request_384239341@gitlab.com> <note_2637611547@gitlab.com>
Message-ID: <mailman.7184.1752926139.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637657144


Afaict it has not _failed_ the commit-check but the job is _stuck_ at "pending".
Gitlabs says:
```
This job is stuck because of one of the following problems. There are no active runners online, no runners for the protected branch , or no runners that match all of the job's tags: gnutls
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2637657144
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250719/f48b4f28/attachment.html>

From gnutls-devel at lists.gnutls.org  Sat Jul 19 15:38:24 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sat, 19 Jul 2025 13:38:24 +0000
Subject: [gnutls-devel] GnuTLS | Trying to access a certain subdomain
 results in a stack overflow. (#1726)
References: <reply-7d03618b9f17e46f2ab23887b9c8ac23@gitlab.com>
Message-ID: <mailman.7185.1752932339.18299.gnutls-devel@lists.gnutls.org>



Qriist created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1726



## Description of problem:
Note: I first became aware of this issue trying to solve a WolfSSL issue, and then I engaged with curl's devs to further diagnose the problem. I recommend reading them for full context.
https://github.com/wolfSSL/wolfssl/issues/9016
https://github.com/curl/curl/issues/17965

Somewhere between GnuTLS and libcurl there is an exception thrown when trying to access any url on [https://collectionapi.metmuseum.org](https://collectionapi.metmuseum.org). The curl devs alerted me to a broken SSL certificate chain via https://www.ssllabs.com/ssltest/analyze.html?d=collectionapi.metmuseum.org&latest

Unfortunately, it is not yet clear to me which side of the equation, libcurl or GnuTLS, is actually throwing the error. 

However, the error does not occur on the curl dev's macOS machine so it's likely something Windows-specific.

## Version of gnutls used:
3.8.7

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Windows vcpkg

## How reproducible:
100%

Steps to Reproduce:

 * use vcpkg to build libcurl with gnutls flag enabled
 * initialize libcurl with the gnutls backend
 * point libcurl at https://collectionapi.metmuseum.org and run the transfer

## Actual results:
GnuTLS/libcurl immediately generates Windows exception 0xc0000fd (`STATUS_STACK_OVERFLOW`).

I do have captured debug information that may help: 
```
Host collectionapi.metmuseum.org:443 was resolved.
IPv6: (none)
IPv4: 45.60.77.20
  Trying 45.60.77.20:443...
GnuTLS priority: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
ALPN: curl offers h2,http/1.1
found 143 certificates in C:\Projects\LibQurl\bin\curl-ca-bundle.crt
```
Based on my testing against another website, the error happens right before libcurl would record (something similar to) `SSL connection using TLS1.3 / ECDHE_RSA_AES_256_GCM_SHA384`.

## Expected results:
not that

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1726
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250719/e45dec65/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Jul 20 02:56:40 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 20 Jul 2025 00:56:40 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <note_2637657144@gitlab.com>
References: <reply-5c81b0c8f032ee046d6b2e177ecfbc2e@gitlab.com>
 <merge_request_384239341@gitlab.com> <note_2637611547@gitlab.com>
 <note_2637657144@gitlab.com>
Message-ID: <mailman.7188.1752973063.18299.gnutls-devel@lists.gnutls.org>




Maxim Cournoyer commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639521771


Indeed, I got confused with the result of earlier runs. I guess we just need to wait for someone to manually allocate/start the build?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639521771
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250720/32e8c3fe/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Jul 20 10:48:40 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 20 Jul 2025 08:48:40 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <note_2639521771@gitlab.com>
References: <reply-077034b6ad7689d2987a43c39269f345@gitlab.com>
 <merge_request_384239341@gitlab.com> <note_2637611547@gitlab.com>
 <note_2637657144@gitlab.com> <note_2639521771@gitlab.com>
Message-ID: <mailman.7193.1753001354.18299.gnutls-devel@lists.gnutls.org>




Maxim Cournoyer commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639763300


Hm, now it does fail at the commit check, but for unknown reasons: 
> There has been a timeout failure or the job got stuck. Check your timeout limits or try again

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2639763300
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250720/3848db35/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Sun Jul 20 15:36:03 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 20 Jul 2025 13:36:03 +0000
Subject: [gnutls-devel] GnuTLS | Trying to access a certain subdomain
 results in a stack overflow. (#1726)
In-Reply-To: <issue_170815691@gitlab.com>
References: <reply-a192674124d476f1c33f1ed330d1492a@gitlab.com>
 <issue_170815691@gitlab.com>
Message-ID: <mailman.7196.1753018626.18299.gnutls-devel@lists.gnutls.org>




Qriist commented: https://gitlab.com/gnutls/gnutls/-/issues/1726#note_2639942382


I managed to get a stack trace of the exception. Hope that helps. :)
```
Exception #:  0XC00000FD
Stack:        
	hogweed_6!nettle_ed448_shake256_verify+0x277
	hogweed_6!nettle_pss_verify_mgf1+0x7a
	hogweed_6!nettle_rsa_pss_sha256_verify_digest+0x6b
	gnutls!gnutls_session_ticket_enable_server+0x797e
	gnutls!gnutls_pubkey_encrypt_data+0x7d3
	gnutls!gnutls_pubkey_encrypt_data+0xe27
	gnutls!gnutls_pubkey_verify_data2+0x28d
	gnutls!gnutls_transport_set_errno_function+0x264c
	gnutls!gnutls_anti_replay_set_add_function+0x3051
	gnutls!gnutls_get_library_config+0xb67
	gnutls!gnutls_handshake_set_timeout+0x8cd
	gnutls!gnutls_handshake+0x208
	libcurl!curl_ws_send+0x7124
	libcurl!curl_ws_send+0x68ab
	libcurl!curl_ws_send+0x1357f
	libcurl!curl_free+0x9f1
	libcurl+0x7b4e
	libcurl+0xbff3
	libcurl!curl_multi_wakeup+0xe19
	libcurl!curl_multi_perform+0xda
	libcurl!curl_global_trace+0x1e4
	AutoHotkey64+0xc65d1
	AutoHotkey64+0x25de5
	AutoHotkey64+0x27ad3
	AutoHotkey64+0x7b217
	AutoHotkey64+0x9e8e4
	AutoHotkey64+0x78862
	AutoHotkey64+0x7c323
	AutoHotkey64+0x5f1c1
	AutoHotkey64+0x7be7a
	AutoHotkey64+0x7b412
	AutoHotkey64+0x9e8e4
	AutoHotkey64+0x9897b
	AutoHotkey64+0x9740e
	AutoHotkey64+0x78862
	AutoHotkey64+0x7c323
	AutoHotkey64+0x604fb
	AutoHotkey64+0x7be7a
	AutoHotkey64+0x7b412
	AutoHotkey64+0x9e8e4
	AutoHotkey64+0x9897b
	AutoHotkey64+0x9740e
	AutoHotkey64+0x78862
	AutoHotkey64+0x7c323
	AutoHotkey64+0x5f1c1
	AutoHotkey64+0x7be7a
	AutoHotkey64+0x7b412
	AutoHotkey64+0x9e8e4
	AutoHotkey64+0x9897b
	AutoHotkey64+0x9740e
	AutoHotkey64+0x78862
	AutoHotkey64+0x7c323
	AutoHotkey64+0x5f1c1
	AutoHotkey64+0x489e4
	AutoHotkey64+0x51c6
	AutoHotkey64+0x4e40
	AutoHotkey64+0xc6b16
	KERNEL32!BaseThreadInitThunk+0x14
	ntdll!RtlUserThreadStart+0x21
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1726#note_2639942382
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250720/052cd35b/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Jul 20 23:14:00 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 20 Jul 2025 21:14:00 +0000
Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for
 gnutls_malloc() (!1986)
In-Reply-To: <merge_request_398930369@gitlab.com>
References: <reply-321ca8d8348b4309a6f51d0319a6676a@gitlab.com>
 <merge_request_398930369@gitlab.com>
Message-ID: <mailman.7198.1753046074.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1986 were resolved by Jiasheng Jiang

https://gitlab.com/gnutls/gnutls/-/merge_requests/1986

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250720/fc83ed3c/attachment.html>

From gnutls-devel at lists.gnutls.org  Sun Jul 20 23:14:00 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Sun, 20 Jul 2025 21:14:00 +0000
Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for
 gnutls_malloc() (!1986)
In-Reply-To: <note_2640075149@gitlab.com>
References: <reply-ca0b0fb75e07cf698ff962e0f8f6ea93@gitlab.com>
 <merge_request_398930369@gitlab.com> <note_2628595506@gitlab.com>
 <note_2640075149@gitlab.com>
Message-ID: <mailman.7199.1753046103.18299.gnutls-devel@lists.gnutls.org>




Jiasheng Jiang commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2640075368

 >  		me = _gnutls_dsa_q_to_hash(params, &hash_len);
 >  		spki.dsa_dig = MAC_TO_DIG(me->id);
 >  		gen_data = gnutls_malloc(hash_len);
 > +		if (gen_data == NULL) {

Thank you. I have submitted a new commit to replace with a statically allocated buffer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2640075368
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250720/9bae8391/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 21 04:28:54 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 21 Jul 2025 02:28:54 +0000
Subject: [gnutls-devel] GnuTLS | ext/record_size_limit: add function to
 get record_size_limit (!1989)
In-Reply-To: <note_2640196893@gitlab.com>
References: <reply-341e42ff3c1f0ad455f8dfa4db5e46eb@gitlab.com>
 <merge_request_399632391@gitlab.com> <note_2632603435@gitlab.com>
 <note_2640196893@gitlab.com>
Message-ID: <mailman.7206.1753064998.18299.gnutls-devel@lists.gnutls.org>




Wilfred Mallawa commented on a discussion on lib/ext/record_size_limit.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989#note_2640197789

 > +
 > +/**
 > + * gnutls_record_get_record_size_limit:
 > + * @session: is a #gnutls_session_t type.
 > + * @size: is the new size
 > + *
 > + * Get the max record send size. The maximum record send size is
 > + * advertised by the server during a handshake.
 > + *
 > + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 > + *   If the server record size limit is not specified an error
 > + *   is returned.
 > + *
 > + * Since: 3.8.10
 > + **/
 > +int gnutls_record_get_record_size_limit(gnutls_session_t session, size_t *size)

@dueno thanks for the suggestions! I have applied those changes. Let me know if you have any further thoughts on this.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1989#note_2640197789
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250721/902eab94/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 21 16:25:40 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 21 Jul 2025 14:25:40 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-b8de273e9348ef301d570c56db93e7a8@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7212.1753108012.18299.gnutls-devel@lists.gnutls.org>




Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2641582799


I've tested this patch with QEMU and it fixes both problems I observed - the unexpected error codes when trying bidirectional I/O after the first rekey, and SEGVs when trying bidirectional I/O after the second rekey.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2641582799
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250721/56000fc2/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 03:54:41 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 01:54:41 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-b71e2e048c394577b02d61d08b8a25b7@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7224.1753149345.18299.gnutls-devel@lists.gnutls.org>



Franti?ek Kren?elok and Zolt?n Fridrich were added as reviewers.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/2068164a/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 03:56:03 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 01:56:03 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-ffde79890d86e20162a799530b37b8be@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7225.1753149396.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2642521660


Thank you for the confirmation, Daniel.

@FrantisekKrenzelok could you take a look? This also fixes a state transition in the KTLS code path.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2642521660
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/f242d6fe/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 03:56:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 01:56:55 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-9afafe841de6928e5fef9701d217e61c@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7226.1753149477.18299.gnutls-devel@lists.gnutls.org>



Alexander Sosedkin was added as a reviewer.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/3d8df7b6/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 10:21:33 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 08:21:33 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the number
 of builds (!1991)
References: <reply-85942c87d9bc5f9dcdb9f90bf3255e0f@gitlab.com>
Message-ID: <mailman.7229.1753172526.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991

Project:Branches: dueno/gnutls:wip/dueno/ci-optimize to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This attempts to lower the number of builds required in the CI pipeline, by:
- Make `AGGRESSIVE_REALLOC` controllable through an envvar, merging `UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc` into `UB+ASAN-Werror.Fedora.x86_64.gcc`
- In the sanitizer build, do not build twice with/without `--with-default-trust-store-pkcs11=pkcs11:`
- Pull in leancrypto from a COPR through build-images, rather than building it from git checkout
- Enable leancrypto in `fedora/build`, as it is the default in Fedora
- Drop `fedora-leancrypto/build-fips`, as `fedora/build` also has `--with-leancrypto`
- Drop `fedora-FIPS140-2/build`, as `fedora/build` also has `--enable-fips140-mode`
- Drop `fedora-notools/build`, as `fedora-minimal/build` would be sufficient
- Temporarily disable `fedora-nettle/build` and `fedora-nettle-minigmp/build`, as Nettle is currently pinned to 3.10 until GnuTLS supports Nettle 4 API

It would removes roughly 9 targets in the "build" stage.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/ea059f20/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 10:45:56 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 08:45:56 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-af9637c6f5a0e0bf87209ee92a8f74b8@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7232.1753174019.18299.gnutls-devel@lists.gnutls.org>




Franti?ek Kren?elok commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643050665


LGTM, tested kTLS rekey and it passes

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643050665
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/53738f89/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 10:52:09 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 08:52:09 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-a6f9bf590362ed0b1900c525eac9bcb5@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7233.1753174393.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 was reviewed by Alexander Sosedkin

--
  
Alexander Sosedkin started a new discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643064777

 >  #endif
 >  
 > +	e = secure_getenv("GNUTLS_BUFFER_RECLAIM");

Can we have rather hide this runtime selection itself behind some compile feature/define? I'd rather not have this behaviour and the switching overhead in the normal builds.

--
  
Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643064797

 > +        KTLS: [0, 1]
 > +      - GNUTLS_FORCE_FIPS_MODE: 0
 > +        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"

hope that won't leak into job names or something :sweat_smile: otherwise might need a shorter value and a bit of indirection

--
  
Alexander Sosedkin started a new discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643064806


> Pull in leancrypto from a COPR through build-images, rather than building it from git checkout

Could you please link to that change?


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/06e6f79a/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 11:25:06 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 09:25:06 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <note_2643064777@gitlab.com>
References: <reply-27faf633bc3e4a11582abef0493b114e@gitlab.com>
 <merge_request_401323303@gitlab.com> <note_2643064777@gitlab.com>
Message-ID: <mailman.7234.1753176339.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643146001

 >  	bindtextdomain(PACKAGE, LOCALEDIR);
 >  #endif
 >  
 > +	e = secure_getenv("GNUTLS_BUFFER_RECLAIM");

I don't think that would make much sense. The idea behind the whole rework is to reuse the default Fedora build as much as possible. If we introduce such compile option, we probably want to disable it in the default Fedora build, and that could create a divergence.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643146001
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/16ff8ae8/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 11:31:09 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 09:31:09 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <note_2643064806@gitlab.com>
References: <reply-d356baceaaf38a5868af6a68c68328f5@gitlab.com>
 <merge_request_401323303@gitlab.com> <note_2643064806@gitlab.com>
Message-ID: <mailman.7237.1753176761.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643161291


Sorry, I forgot to push the change to build-images, but just `podman push`ed to the registry. Here is the Dockerfile change:
https://gitlab.com/gnutls/build-images/-/commit/91a22e107d5ef97d31d14f5ca87661a14bbcc7f8

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643161291
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/e6324719/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 11:38:32 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 09:38:32 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-406738a24d7896dde26e8ac133234b6b@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7238.1753177145.18299.gnutls-devel@lists.gnutls.org>



Merge request !1990 was approved by Zolt?n Fridrich
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990
Project:Branches: dueno/gnutls:wip/dueno/rekey to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: Alexander Sosedkin, Franti?ek Kren?elok, and Zolt?n Fridrich

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/145ac6c9/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 11:39:00 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 09:39:00 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-db1fdff2aba771f3ae6aadac39180ef1@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7239.1753177172.18299.gnutls-devel@lists.gnutls.org>




Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643180375


Change looks nice, no issues found.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643180375
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/b1d8d620/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 11:41:26 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 09:41:26 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-605353b55da84c5aa5e52acd3f901d59@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7240.1753177318.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1991 was reviewed by Alexander Sosedkin

--
  
Alexander Sosedkin commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643185570

 >  #endif
 >  
 > +	e = secure_getenv("GNUTLS_BUFFER_RECLAIM");

How about having it compiled=on runtimedefault=off in fedora CI build and compiled=off in some other CI build?

--
  
Alexander Sosedkin commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643185595

 > +        KTLS: [0, 1]
 > +      - GNUTLS_FORCE_FIPS_MODE: 0
 > +        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"

and it did leak, and the `[0, 0]` / `[0, GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024]` names are rather unintuitive... WDYT about having variables with descriptive values like `FIPS=fips`, `KTLS=no-ktls` and then converting them to `GNUTLS_FORCE_FIPS_MODE=1` and `KTLS=0` in the shell script?


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/6f4508cf/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 11:41:26 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 09:41:26 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-4a5ef6d0e80264b91f984871c2096dce@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7243.1753177349.18299.gnutls-devel@lists.gnutls.org>



Merge request !1991 was approved by Alexander Sosedkin
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
Project:Branches: dueno/gnutls:wip/dueno/ci-optimize to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/3a504753/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 11:51:51 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 09:51:51 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-86dbea56511aab3ce90697c944254c71@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7244.1753177944.18299.gnutls-devel@lists.gnutls.org>




Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643207732


FYI, on longer tests with QEMU, I'm seeing a possible issue with a failure of the TLS session after transferring 480 GB of data. I'm trying to confirm whether it is definitely related to this patch or not, but it is a slow process as it takes about 1.5 hours to reproduce each time.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643207732
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/68ad59e0/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 12:00:16 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 10:00:16 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <note_2643199085@gitlab.com>
References: <reply-684a03b3b8808da3e4f17a6f92e73977@gitlab.com>
 <merge_request_401323303@gitlab.com> <note_2643064797@gitlab.com>
 <note_2643185595@gitlab.com> <note_2643199085@gitlab.com>
Message-ID: <mailman.7245.1753178479.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643228363

 > +        ktls = true
 > +        EOF
 > +      else
 > +        rm -f /etc/crypto-policies/local.d/gnutls-ktls.config
 > +      fi
 >        update-crypto-policies
 >        echo "SYSTEM=NORMAL" >> tests/system.prio
 >      - make -j$CHECKJOBS check
 > +  parallel:
 > +    matrix:
 > +      - GNUTLS_FORCE_FIPS_MODE: 0
 > +        KTLS: [0, 1]
 > +      - GNUTLS_FORCE_FIPS_MODE: 1
 > +        KTLS: [0, 1]
 > +      - GNUTLS_FORCE_FIPS_MODE: 0
 > +        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"

Thanks; updated along those lines.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643228363
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/9536b917/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 12:03:41 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 10:03:41 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-3e7501a9f90cb29869f9acc71eb46caf@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7248.1753178669.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1991 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1991

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/099b3f6d/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 12:03:40 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 10:03:40 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <note_2643185570@gitlab.com>
References: <reply-62df2862fbf190a634054cbaef96e8aa@gitlab.com>
 <merge_request_401323303@gitlab.com> <note_2643064777@gitlab.com>
 <note_2643146001@gitlab.com> <note_2643185570@gitlab.com>
Message-ID: <mailman.7249.1753178677.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on lib/global.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643237813

 >  	bindtextdomain(PACKAGE, LOCALEDIR);
 >  #endif
 >  
 > +	e = secure_getenv("GNUTLS_BUFFER_RECLAIM");

I would say that's too complicated; similar to `--enable-fips140-mode`, I don't see much benefit of turning it off in some builds.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643237813
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/13f567ee/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 12:20:06 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 10:20:06 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-bf7f47ad4a9dda753c65f34e5c4bb9d8@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7250.1753179671.18299.gnutls-devel@lists.gnutls.org>




Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283092

 >        fi
 >        update-crypto-policies
 >        echo "SYSTEM=NORMAL" >> tests/system.prio
 > +    - | case "$FIPS" in
 > +      fips)
 > +        GNUTLS_FORCE_FIPS_MODE=1
 > +        ;;
 > +      no-fips)
 > +        GNUTLS_FORCE_FIPS_MODE=0
 > +        ;;
 > +    - | case "$PQC" in
 > +      pqc)
 > +        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"

`=`, not `:`. also, `export`?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283092
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/49936bd2/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 12:20:32 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 10:20:32 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-4923359e5a170d36df912ca780f2bd1e@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7253.1753179715.18299.gnutls-devel@lists.gnutls.org>




Alexander Sosedkin started a new discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283957

 > +        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"
 > +        ;;
 > +      no-pqc)
 > +        ;;
 >      - make -j$CHECKJOBS check
 >    parallel:
 >      matrix:
 > -      - GNUTLS_FORCE_FIPS_MODE: 0
 > -        KTLS: [0, 1]
 > -      - GNUTLS_FORCE_FIPS_MODE: 1
 > -        KTLS: [0, 1]
 > -      - GNUTLS_FORCE_FIPS_MODE: 0
 > -        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"
 > -      - GNUTLS_FORCE_FIPS_MODE: 1
 > -        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"
 > +      - FIPS: [fips, no-fips]

it went from 6 combinations to 8, was that intended?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643283957
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/a735755b/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 12:43:29 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 10:43:29 +0000
Subject: [gnutls-devel] GnuTLS | Draft: .gitlab-ci.yml: optimize the
 number of builds (!1991)
In-Reply-To: <note_2643329651@gitlab.com>
References: <reply-ce47cc4d92fa114205e7808609534e1c@gitlab.com>
 <merge_request_401323303@gitlab.com> <note_2643283092@gitlab.com>
 <note_2643329651@gitlab.com>
Message-ID: <mailman.7254.1753181072.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643332860

 >        fi
 >        update-crypto-policies
 >        echo "SYSTEM=NORMAL" >> tests/system.prio
 > +    - | case "$FIPS" in
 > +      fips)
 > +        GNUTLS_FORCE_FIPS_MODE=1
 > +        ;;
 > +      no-fips)
 > +        GNUTLS_FORCE_FIPS_MODE=0
 > +        ;;
 > +    - | case "$PQC" in
 > +      pqc)
 > +        TESTS_ENABLED_GROUPS: "GROUP-X25519-MLKEM768 GROUP-SECP256R1-MLKEM768 GROUP-SECP384R1-MLKEM1024"

Indeed, fixed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2643332860
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/c65b9edb/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 13:39:07 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 11:39:07 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-943c3baa0314498ab5736bca4103d3c2@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7259.1753184381.18299.gnutls-devel@lists.gnutls.org>




Daniel P_ Berrang? commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643460573


Yes, while this MR fixes the stated bug, it also introduces a new regression.

In QEMU's migration flow, we have massive data volumes in one direction, and very very tiny data in the other direction. So with this MR applied, on the client side QEMU, GNUTLS will repeatedly initiate rekeying of the sending keys, but will never see a request from the server for rekey of the receiving key.

When GNUTLS tries to rekey the sending key for the 15th time, it will return `GNUTLS_E_INVALID_REQUEST` from `gnutls_record_send()`.

What is failing is the `epoch_get_slot` function

```
Epoch 18 out of range (idx: 16, max: 16)
```

IIUC, this suggests that `_gnutls_epoch_gc` is no longer working correctly, now that this MR has split the rekeying of sending vs receiving keys,  when you have very asymmetric data flows.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643460573
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/92e0c853/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 22 14:01:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 22 Jul 2025 12:01:20 +0000
Subject: [gnutls-devel] GnuTLS | key_update: rework the rekeying logic
 (!1990)
In-Reply-To: <merge_request_400516186@gitlab.com>
References: <reply-4656b40c1a913fd9b00ae563343a315d@gitlab.com>
 <merge_request_400516186@gitlab.com>
Message-ID: <mailman.7260.1753185743.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643523459


Thank you; indeed, if the client sends a KeyUpdate without expecting a reply, it should mark the previous write epoch as inactive, so it can be garbage collected.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1990#note_2643523459
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250722/ea99bb36/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 23 07:00:12 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 23 Jul 2025 05:00:12 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of
 builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-ec1ca495e5b5cb2108a48166bf884bae@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7267.1753246909.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno marked merge request !1991 as ready

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250723/7210bd7c/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 23 10:32:43 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 23 Jul 2025 08:32:43 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of
 builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-81c5419dcdbf657bacdb4767f42a70c0@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7269.1753259597.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1991 were resolved by Alexander Sosedkin

https://gitlab.com/gnutls/gnutls/-/merge_requests/1991

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250723/f239f0a9/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 24 13:25:05 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 24 Jul 2025 11:25:05 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of
 builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-ef0891af9153232fd58556223c034a3e@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7280.1753356395.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2648475204


@asosedkin thank you for the review and suggestions!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991#note_2648475204
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250724/d4106982/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 24 13:25:15 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 24 Jul 2025 11:25:15 +0000
Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: optimize the number of
 builds (!1991)
In-Reply-To: <merge_request_401323303@gitlab.com>
References: <reply-4751c6d966711bf9759ec436bc4e413e@gitlab.com>
 <merge_request_401323303@gitlab.com>
Message-ID: <mailman.7283.1753356398.18299.gnutls-devel@lists.gnutls.org>



Merge request !1991 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
Project:Branches: dueno/gnutls:wip/dueno/ci-optimize to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250724/036ac686/attachment.html>

From gnutls-devel at lists.gnutls.org  Thu Jul 24 23:51:09 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Thu, 24 Jul 2025 21:51:09 +0000
Subject: [gnutls-devel] GnuTLS | lib/psk: Add gnutls_psk_allocate_{client,
 server}_credentials2 (!1992)
References: <reply-ff56533556115f1c60dbd302eb926c5e@gitlab.com>
Message-ID: <mailman.7290.1753393906.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992

Project:Branches: dueno/gnutls:wip/hare1712/psk-sha384 to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

Add new functions gnutls_psk_allocate_client_credentials2() and
gnutls_psk_allocate_server_credentials2() which allow to specify
the hash algorithm for the PSK. This fixes a bug in the current
implementation where the binder is always calculated with SHA256.

Fixes: #386
Supersedes: !1939

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250724/8438aa87/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 25 09:23:44 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 25 Jul 2025 07:23:44 +0000
Subject: [gnutls-devel] libtasn1 | ci: Use debian10 from EOL repo. (!119)
References: <reply-fa1344e2deba6770d4d33a5467fa454a@gitlab.com>
Message-ID: <mailman.7298.1753428265.18299.gnutls-devel@lists.gnutls.org>



Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119

Branches: ci-fix-debian10 to master
Author:   Simon Josefsson






-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250725/023c52e5/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 25 09:24:28 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 25 Jul 2025 07:24:28 +0000
Subject: [gnutls-devel] libtasn1 | ci: Use debian10 from EOL repo. (!119)
In-Reply-To: <merge_request_402327921@gitlab.com>
References: <reply-2bf6e7622d23ddcf6d5bb856f65e5632@gitlab.com>
 <merge_request_402327921@gitlab.com>
Message-ID: <mailman.7299.1753428307.18299.gnutls-devel@lists.gnutls.org>



Merge request !119 was merged
Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119
Branches: ci-fix-debian10 to master
Author: Simon Josefsson

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/119
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250725/8f8187d3/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 25 09:38:30 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 25 Jul 2025 07:38:30 +0000
Subject: [gnutls-devel] GnuTLS | lib/psk: Add
 gnutls_psk_allocate_{client, server}_credentials2 (!1992)
In-Reply-To: <merge_request_402255313@gitlab.com>
References: <reply-69e655473725fcf6d21e5ad5b29f0884@gitlab.com>
 <merge_request_402255313@gitlab.com>
Message-ID: <mailman.7302.1753429158.18299.gnutls-devel@lists.gnutls.org>



Merge request !1992 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992
Project:Branches: dueno/gnutls:wip/hare1712/psk-sha384 to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250725/02b7f5f1/attachment.html>

From gnutls-devel at lists.gnutls.org  Fri Jul 25 09:38:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Fri, 25 Jul 2025 07:38:20 +0000
Subject: [gnutls-devel] GnuTLS | lib/psk: Add
 gnutls_psk_allocate_{client, server}_credentials2 (!1992)
In-Reply-To: <merge_request_402255313@gitlab.com>
References: <reply-d2097a5fe42b64216792b0d147179324@gitlab.com>
 <merge_request_402255313@gitlab.com>
Message-ID: <mailman.7303.1753429162.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992#note_2650436079


Merging without approval, as the patch has already been reviewed in !1939.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1992#note_2650436079
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250725/fadd364d/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:17:28 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:17:28 +0000
Subject: [gnutls-devel] GnuTLS | Fix memleaks and handle allocation error
 (!1993)
References: <reply-f021212f52906cc137b84f6860d1ffd6@gitlab.com>
Message-ID: <mailman.7322.1753676282.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993

Project:Branches: dueno/gnutls:wip/purdue-university1/memleaks to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This includes the following fixes from Jiasheng Jiang, origianlly in !1981, !1982, !1983, !1984, !1985, !1986, and !1956.

* Replace with statically allocated buffer

Replace with statically allocated buffer to avoid potential NULL pointer
dereference.

Fixes: 1fb6d1b5 ("fips140-2: moved PCT-test in wrap_nettle_generate_keys")

* lib/hello_ext.c: Add check for gnutls_strdup()

Add check for the return value of gnutls_strdup() to avoid potential NULL pointer dereference.

Fixes: 5bba569b4 ("gnutls_session_ext_register: keep track of extension name")

* lib/file.c: Add check for gnutls_malloc()

Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference.

Fixes: d1428c0f9 ("helper.c -> file.c")

* lib/ext/srp.c: Add gnutls_free() to avoid memory leak

Add gnutls_free() to free priv->username if the allocation of priv->password fails to avoid memory leak.
Moreover, replace "return" with "goto" to avoid memory leak.

Fixes: a1a15422 ("Fixes and memory leak elimination in SRP authentication.")

* lib/ext/srp.c: Add gnutls_free() in the error path

Add gnutls_free() in the error path to avoid potential memory leak if BUFFER_POP_DATUM fails.

Fixes: 8b038ab97 ("The auth_ and ext_ files were moved to respective directories.")

* lib/cert-cred-rawpk.c: Add gnutls_free() and gnutls_pcert_deinit() in the error paths

Add gnutls_free() and gnutls_pcert_deinit() in the error paths to avoid potential memory leak.

Fixes: 565efaeac ("Implemented support for raw public-key functionality (RFC7250).")

* fuzz/gnutls_srp_server_fuzzer.c: Add check for gnutls_malloc()

Add check for the return value of gnutls_malloc() to avoid potential NULL pointer dereference.

Fixes: 5bb8a18b0 ("fuzzer: Initial check in for improved fuzzing")

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/85010d9c/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:17:49 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:17:49 +0000
Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add
 check for gnutls_malloc() (!1981)
In-Reply-To: <merge_request_398746409@gitlab.com>
References: <reply-6f444389ff03f802d4c7132caeef469d@gitlab.com>
 <merge_request_398746409@gitlab.com>
Message-ID: <mailman.7325.1753676302.18299.gnutls-devel@lists.gnutls.org>



Merge request !1981 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981
Project:Branches: purdue-university1/gnutls:patch16 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/644850fa/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:18:42 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:18:42 +0000
Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add
 check for gnutls_malloc() (!1981)
In-Reply-To: <merge_request_398746409@gitlab.com>
References: <reply-638902dcd37b7ba5fac804e76023f668@gitlab.com>
 <merge_request_398746409@gitlab.com>
Message-ID: <mailman.7326.1753676355.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981#note_2652919890


Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981#note_2652919890
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/84a73787/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:18:44 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:18:44 +0000
Subject: [gnutls-devel] GnuTLS | fuzz/gnutls_srp_server_fuzzer.c: Add
 check for gnutls_malloc() (!1981)
In-Reply-To: <merge_request_398746409@gitlab.com>
References: <reply-7194b6fc2352de0fbcda04dbee35aa67@gitlab.com>
 <merge_request_398746409@gitlab.com>
Message-ID: <mailman.7327.1753676363.18299.gnutls-devel@lists.gnutls.org>



Merge request !1981 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981
Project:Branches: purdue-university1/gnutls:patch16 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1981
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/6f7b9b7a/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:19:05 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:19:05 +0000
Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add
 gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982)
In-Reply-To: <merge_request_398758976@gitlab.com>
References: <reply-a741fff75e64daab3f1e7d122fb80694@gitlab.com>
 <merge_request_398758976@gitlab.com>
Message-ID: <mailman.7328.1753676377.18299.gnutls-devel@lists.gnutls.org>



Merge request !1982 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982
Project:Branches: purdue-university1/gnutls:patch17 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/7dc595e0/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:19:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:19:13 +0000
Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add
 gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982)
In-Reply-To: <merge_request_398758976@gitlab.com>
References: <reply-cb5e31cd1bb00508f3e864967dba314c@gitlab.com>
 <merge_request_398758976@gitlab.com>
Message-ID: <mailman.7331.1753676385.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982#note_2652920743


Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982#note_2652920743
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/ae7cd7b1/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:19:13 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:19:13 +0000
Subject: [gnutls-devel] GnuTLS | lib/cert-cred-rawpk.c: Add
 gnutls_free() and gnutls_pcert_deinit() in the error paths (!1982)
In-Reply-To: <merge_request_398758976@gitlab.com>
References: <reply-5bdd1260e95a60507041f206330c0959@gitlab.com>
 <merge_request_398758976@gitlab.com>
Message-ID: <mailman.7332.1753676395.18299.gnutls-devel@lists.gnutls.org>



Merge request !1982 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982
Project:Branches: purdue-university1/gnutls:patch17 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1982
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/3ff03735/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:19:27 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:19:27 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the
 error path (!1983)
In-Reply-To: <merge_request_398780561@gitlab.com>
References: <reply-bd8ed2e163e034a76ea575903c14b842@gitlab.com>
 <merge_request_398780561@gitlab.com>
Message-ID: <mailman.7333.1753676399.18299.gnutls-devel@lists.gnutls.org>



Merge request !1983 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983
Project:Branches: purdue-university1/gnutls:patch18 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/47728a9e/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:19:31 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:19:31 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the
 error path (!1983)
In-Reply-To: <merge_request_398780561@gitlab.com>
References: <reply-93b601acd1e2d5d16d2d84c52d80b69b@gitlab.com>
 <merge_request_398780561@gitlab.com>
Message-ID: <mailman.7334.1753676403.18299.gnutls-devel@lists.gnutls.org>



Merge request !1983 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983
Project:Branches: purdue-university1/gnutls:patch18 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/f67bde16/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:19:31 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:19:31 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() in the
 error path (!1983)
In-Reply-To: <merge_request_398780561@gitlab.com>
References: <reply-ed5bc39795dfafb9d36847cc947ec5a3@gitlab.com>
 <merge_request_398780561@gitlab.com>
Message-ID: <mailman.7337.1753676414.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983#note_2652921334


Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1983#note_2652921334
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/424c7262/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:19:52 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:19:52 +0000
Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for
 gnutls_malloc() (!1984)
In-Reply-To: <merge_request_398784746@gitlab.com>
References: <reply-f201313f882d005518ee6eceb05889b4@gitlab.com>
 <merge_request_398784746@gitlab.com>
Message-ID: <mailman.7338.1753676426.18299.gnutls-devel@lists.gnutls.org>



Merge request !1984 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984
Project:Branches: purdue-university1/gnutls:patch19 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/91c2ec3a/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:01 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:01 +0000
Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for
 gnutls_malloc() (!1984)
In-Reply-To: <merge_request_398784746@gitlab.com>
References: <reply-184d9991567240bcf5509a661b8b994d@gitlab.com>
 <merge_request_398784746@gitlab.com>
Message-ID: <mailman.7339.1753676433.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984#note_2652922300


Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984#note_2652922300
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/4c3a2edd/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:01 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:01 +0000
Subject: [gnutls-devel] GnuTLS | lib/file.c: Add check for
 gnutls_malloc() (!1984)
In-Reply-To: <merge_request_398784746@gitlab.com>
References: <reply-804726afe15e8eb387d045b7597a7f88@gitlab.com>
 <merge_request_398784746@gitlab.com>
Message-ID: <mailman.7340.1753676441.18299.gnutls-devel@lists.gnutls.org>



Merge request !1984 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984
Project:Branches: purdue-university1/gnutls:patch19 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1984
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/6f080820/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:16 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:16 +0000
Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for
 gnutls_strdup() (!1985)
In-Reply-To: <merge_request_398821351@gitlab.com>
References: <reply-bc7f04c1e55627889c4c79213ecf3b1e@gitlab.com>
 <merge_request_398821351@gitlab.com>
Message-ID: <mailman.7343.1753676448.18299.gnutls-devel@lists.gnutls.org>



Merge request !1985 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985
Project:Branches: purdue-university1/gnutls:patch20 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/391d47d4/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:20 +0000
Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for
 gnutls_strdup() (!1985)
In-Reply-To: <merge_request_398821351@gitlab.com>
References: <reply-ef63218549dfc52170ac77b77f07db19@gitlab.com>
 <merge_request_398821351@gitlab.com>
Message-ID: <mailman.7344.1753676451.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985#note_2652922909


Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985#note_2652922909
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/a578ad3f/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:19 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:19 +0000
Subject: [gnutls-devel] GnuTLS | lib/hello_ext.c: Add check for
 gnutls_strdup() (!1985)
In-Reply-To: <merge_request_398821351@gitlab.com>
References: <reply-767ac24692a788512bf58ec492f8cf8e@gitlab.com>
 <merge_request_398821351@gitlab.com>
Message-ID: <mailman.7345.1753676454.18299.gnutls-devel@lists.gnutls.org>



Merge request !1985 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985
Project:Branches: purdue-university1/gnutls:patch20 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1985
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/de8cbbd6/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:47 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:47 +0000
Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for
 gnutls_malloc() (!1986)
In-Reply-To: <merge_request_398930369@gitlab.com>
References: <reply-722d80e59650a6b5ed9527d5c79fbf98@gitlab.com>
 <merge_request_398930369@gitlab.com>
Message-ID: <mailman.7346.1753676478.18299.gnutls-devel@lists.gnutls.org>



Merge request !1986 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986
Project:Branches: purdue-university1/gnutls:patch21 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/0a4d953e/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:48 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:48 +0000
Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for
 gnutls_malloc() (!1986)
In-Reply-To: <merge_request_398930369@gitlab.com>
References: <reply-5bde03bd5ba3821a9157da678e313e1f@gitlab.com>
 <merge_request_398930369@gitlab.com>
Message-ID: <mailman.7349.1753676483.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2652923914


Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986#note_2652923914
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/31f08e4e/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:20:58 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:20:58 +0000
Subject: [gnutls-devel] GnuTLS | lib/nettle/pk.c: Add check for
 gnutls_malloc() (!1986)
In-Reply-To: <merge_request_398930369@gitlab.com>
References: <reply-2922c09ec756c1f8abefceefa13e2846@gitlab.com>
 <merge_request_398930369@gitlab.com>
Message-ID: <mailman.7350.1753676489.18299.gnutls-devel@lists.gnutls.org>



Merge request !1986 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1986
Project:Branches: purdue-university1/gnutls:patch21 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/4cb8a3e8/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:21:29 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:21:29 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <merge_request_383054299@gitlab.com>
References: <reply-8b1f16b198613398a255b97e2bb40a11@gitlab.com>
 <merge_request_383054299@gitlab.com>
Message-ID: <mailman.7351.1753676521.18299.gnutls-devel@lists.gnutls.org>



Merge request !1956 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956
Project:Branches: purdue-university1/gnutls:patch6 to gnutls/gnutls:master
Author: Jiasheng Jiang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/09fc3033/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:21:29 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:21:29 +0000
Subject: [gnutls-devel] GnuTLS | lib/ext/srp.c: Add gnutls_free() to
 avoid memory leak (!1956)
In-Reply-To: <merge_request_383054299@gitlab.com>
References: <reply-383c2afcb7e10b7a1436a357d6559879@gitlab.com>
 <merge_request_383054299@gitlab.com>
Message-ID: <mailman.7352.1753676529.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2652925333


Thank you; the change looks good to me. As we are currently facing some limitation in CI pipeline, so I included this in a new MR (!1993).

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1956#note_2652925333
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/7ba4862b/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:22:25 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:22:25 +0000
Subject: [gnutls-devel] GnuTLS | Fix memleaks and handle allocation
 error (!1993)
In-Reply-To: <merge_request_402646090@gitlab.com>
References: <reply-3aebddaccc8f2049ce0eb50d6be63536@gitlab.com>
 <merge_request_402646090@gitlab.com>
Message-ID: <mailman.7355.1753676579.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993#note_2652927412


Merging this without approval, as the changes have already been reviewed in the original MRs.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993#note_2652927412
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/5732b5b0/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:22:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:22:55 +0000
Subject: [gnutls-devel] GnuTLS | Fix memleaks and handle allocation
 error (!1993)
In-Reply-To: <merge_request_402646090@gitlab.com>
References: <reply-91313c12be76305b4efaa7a5137ca8e2@gitlab.com>
 <merge_request_402646090@gitlab.com>
Message-ID: <mailman.7356.1753676607.18299.gnutls-devel@lists.gnutls.org>



Merge request !1993 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993
Project:Branches: dueno/gnutls:wip/purdue-university1/memleaks to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1993
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/cb5af3b8/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:54:06 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:54:06 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more portable
 shebangs. (!1994)
References: <reply-927ad6b969a7ffd00b7b0fbcc8ba4425@gitlab.com>
Message-ID: <mailman.7357.1753678479.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994

Project:Branches: dueno/gnutls:wip/apteryks/portability-improvements to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

This includes the following fixes from @apteryks, originally filed as !1964.

* tests: Remove dependency on `which' command.
* tests: Lookup softhsm tools from PATH.
* Makefile.am: Hint at libdane requirement for distcheck target.
* scripts: Use /usr/bin/env for more portable shebangs.

## Checklist
 * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)
 * [ ] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/4a04e4ee/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:55:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:55:20 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <merge_request_384239341@gitlab.com>
References: <reply-12a0316951fbad86802d403862a483fc@gitlab.com>
 <merge_request_384239341@gitlab.com>
Message-ID: <mailman.7358.1753678552.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2652986574


Sorry, we are facing some limitations in the CI pipeline; I've filed a new MR (!1994) to work around that.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964#note_2652986574
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/cfc4d70c/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 06:55:21 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 04:55:21 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1964)
In-Reply-To: <merge_request_384239341@gitlab.com>
References: <reply-dbbb1456fe41500d5a8b0b303624b954@gitlab.com>
 <merge_request_384239341@gitlab.com>
Message-ID: <mailman.7361.1753678561.18299.gnutls-devel@lists.gnutls.org>



Merge request !1964 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964
Project:Branches: apteryks/gnutls:portability-improvements to gnutls/gnutls:master
Author: Maxim Cournoyer
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1964
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/af4b15aa/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 10:08:51 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 08:08:51 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1994)
In-Reply-To: <merge_request_402651622@gitlab.com>
References: <reply-8b3b82fd90f41b253ebcd7ef7633d4b4@gitlab.com>
 <merge_request_402651622@gitlab.com>
Message-ID: <mailman.7362.1753690183.18299.gnutls-devel@lists.gnutls.org>



Merge request !1994 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994
Project:Branches: dueno/gnutls:wip/apteryks/portability-improvements to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/61669843/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 10:08:42 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 08:08:42 +0000
Subject: [gnutls-devel] GnuTLS | scripts: Use /usr/bin/env for more
 portable shebangs. (!1994)
In-Reply-To: <merge_request_402651622@gitlab.com>
References: <reply-9a724d0c0d8117b8ecd7b3d3fcd5370e@gitlab.com>
 <merge_request_402651622@gitlab.com>
Message-ID: <mailman.7363.1753690190.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994#note_2653317475


Merging without approval, as the original MR has already been reviewed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1994#note_2653317475
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/74c89aa7/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 10:13:37 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 08:13:37 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <note_2625311952@gitlab.com>
References: <reply-90652a3da0164a9f8512f423355c775d@gitlab.com>
 <merge_request_398010946@gitlab.com> <note_2623065262@gitlab.com>
 <note_2625311952@gitlab.com>
Message-ID: <mailman.7364.1753690449.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on tests/system-override-compress-cert.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2653329917

 >  	exit 77
 >  fi
 >  
 > +if ! "$CLI" --list | grep '^Compression: .*COMP-\(BROTLI\|ZSTD\)'; then

Right, let's split the `if` for brotli and zstd.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2653329917
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/8b0b0244/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 10:13:38 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 08:13:38 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-7c32c40124b14c2cd94e12899c29003a@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.7365.1753690458.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1980 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1980

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/ba10ce4d/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 16:03:30 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 14:03:30 +0000
Subject: [gnutls-devel] libtasn1 | Fix CI (!120)
References: <reply-363fd0f3ffdc10918a5a03a9ca5d9b9d@gitlab.com>
Message-ID: <mailman.7372.1753711443.18299.gnutls-devel@lists.gnutls.org>



Simon Josefsson created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120

Branches: ci-fix-winnt to master
Author:   Simon Josefsson






-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/6383811f/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 16:04:06 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 14:04:06 +0000
Subject: [gnutls-devel] libtasn1 | Fix CI (!120)
In-Reply-To: <merge_request_402844033@gitlab.com>
References: <reply-b42f1af07e02408d9d3822aefcb55ef7@gitlab.com>
 <merge_request_402844033@gitlab.com>
Message-ID: <mailman.7373.1753711480.18299.gnutls-devel@lists.gnutls.org>



Merge request !120 was merged
Merge request URL: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120
Branches: ci-fix-winnt to master
Author: Simon Josefsson

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/120
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/4abe97e5/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 18:46:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 16:46:55 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-92d8a82a22cdeb639a35f87254454a66@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.7383.1753721248.18299.gnutls-devel@lists.gnutls.org>




Andreas Metzler commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2654631991


LGTM

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980#note_2654631991
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/4ac21841/attachment.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 18:46:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 16:46:55 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-cc70645d77c987aa078c0695a86a68d9@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.7384.1753721256.18299.gnutls-devel@lists.gnutls.org>



Merge request !1980 was approved by Andreas Metzler
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Andreas Metzler

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/43486e25/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Mon Jul 28 18:46:55 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 16:46:55 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-3016bcc925b5c220fa29c04fe74e7665@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.7387.1753721263.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1980 were resolved by Andreas Metzler

https://gitlab.com/gnutls/gnutls/-/merge_requests/1980

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/3a7f201c/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 00:09:50 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 22:09:50 +0000
Subject: [gnutls-devel] GnuTLS | Fixes for 3.8.10 testsuite (!1980)
In-Reply-To: <merge_request_398010946@gitlab.com>
References: <reply-aa8ff299dec4a52a613e74887edf093c@gitlab.com>
 <merge_request_398010946@gitlab.com>
Message-ID: <mailman.7389.1753740622.18299.gnutls-devel@lists.gnutls.org>



Merge request !1980 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
Project:Branches: dueno/gnutls:wip/dueno/test-fixes to gnutls/gnutls:master
Author: Daiki Ueno
Assignee: Daiki Ueno
Reviewer: Andreas Metzler

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1980
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/8d8884a6/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 00:09:50 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 22:09:50 +0000
Subject: [gnutls-devel] GnuTLS | system-override-compress-cert testsuite
 error with 3.8.10 (#1721)
In-Reply-To: <issue_170219012@gitlab.com>
References: <reply-f10b7ba8a56a6b2cdca250dcc380ecb7@gitlab.com>
 <issue_170219012@gitlab.com>
Message-ID: <mailman.7390.1753740630.18299.gnutls-devel@lists.gnutls.org>



Issue was closed by Daiki Ueno with merge request !1980 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1980)
Issue #1721: https://gitlab.com/gnutls/gnutls/-/issues/1721

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1721
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/c236cdd7/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 00:27:57 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 22:27:57 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when
 tpm-tss is dlopened (!1987)
In-Reply-To: <merge_request_398961568@gitlab.com>
References: <reply-1e045bacd98f26a3f3a21a61a86630d3@gitlab.com>
 <merge_request_398961568@gitlab.com>
Message-ID: <mailman.7391.1753741712.18299.gnutls-devel@lists.gnutls.org>



Merge request !1987 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987
Project:Branches: fundawang/gnutls:master to gnutls/gnutls:master
Author: fundawang
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/84cf4874/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 00:31:33 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Mon, 28 Jul 2025 22:31:33 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when
 tpm-tss is dlopened (!1987)
In-Reply-To: <merge_request_398961568@gitlab.com>
References: <reply-bf27c68b4ab0750d8bd1a1f6dab7d112@gitlab.com>
 <merge_request_398961568@gitlab.com>
Message-ID: <mailman.7394.1753741926.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655105498


@fundawang thank you, the change looks good to me. Could you add `Signed-off-by:` to the commit message so we can merge it?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655105498
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250728/523bcdf4/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 08:43:36 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 06:43:36 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when tpm-tss
 is dlopened (!1995)
References: <reply-858e6215cdffc3a874854708f349f337@gitlab.com>
Message-ID: <mailman.7399.1753771451.18299.gnutls-devel@lists.gnutls.org>



Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995

Project:Branches: dueno/gnutls:wip/fundawang/sanity-lib to gnutls/gnutls:master
Author:   Daiki Ueno




<!-- Add a description of the new feature/bug fix. Reference any relevant bugs. -->

* tests: only do sanity-lib test when tpm-tss is dlopened

Signed-off-by: Funda Wang <fundawang at yeah.net>

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [ ] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/4b9078bd/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 08:46:24 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 06:46:24 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when
 tpm-tss is dlopened (!1987)
In-Reply-To: <merge_request_398961568@gitlab.com>
References: <reply-88d553a7aa4024d5138a2ec8d6880bd3@gitlab.com>
 <merge_request_398961568@gitlab.com>
Message-ID: <mailman.7400.1753771616.18299.gnutls-devel@lists.gnutls.org>



Merge request !1987 was closed by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987
Project:Branches: fundawang/gnutls:master to gnutls/gnutls:master
Author: fundawang
Assignees: 
Reviewers: 

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/29c77e2e/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 08:46:24 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 06:46:24 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when
 tpm-tss is dlopened (!1987)
In-Reply-To: <merge_request_398961568@gitlab.com>
References: <reply-10dfe655c5a543d42a3d6caae54d5f07@gitlab.com>
 <merge_request_398961568@gitlab.com>
Message-ID: <mailman.7401.1753771619.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655557539


Thank you for the update; due to the recent CI limitation, I've created a separate MR with the identical content at !1995.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1987#note_2655557539
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/7914f0fe/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 08:47:06 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 06:47:06 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when
 tpm-tss is dlopened (!1995)
In-Reply-To: <merge_request_402995647@gitlab.com>
References: <reply-d8817facb9b6a049ee2085bcdbd45f53@gitlab.com>
 <merge_request_402995647@gitlab.com>
Message-ID: <mailman.7404.1753771659.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995#note_2655559019


Merging without approval, as the original MR has already been reviewed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995#note_2655559019
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/07fea5b8/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 08:47:14 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 06:47:14 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when
 tpm-tss is dlopened (!1995)
In-Reply-To: <merge_request_402995647@gitlab.com>
References: <reply-d25ba26afcab38b8fb5284abbd79c966@gitlab.com>
 <merge_request_402995647@gitlab.com>
Message-ID: <mailman.7405.1753771666.18299.gnutls-devel@lists.gnutls.org>



Merge request !1995 was set to auto-merge by Daiki Ueno
Merge request url: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995
Project:Branches: dueno/gnutls:wip/fundawang/sanity-lib to gnutls/gnutls:master
Author: Daiki Ueno
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/710d54e7/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 12:47:20 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 10:47:20 +0000
Subject: [gnutls-devel] GnuTLS | tests: only do sanity-lib test when
 tpm-tss is dlopened (!1995)
In-Reply-To: <merge_request_402995647@gitlab.com>
References: <reply-7cb2356a800f3dd69664cefe70ce5d28@gitlab.com>
 <merge_request_402995647@gitlab.com>
Message-ID: <mailman.7408.1753786073.18299.gnutls-devel@lists.gnutls.org>



Merge request !1995 was merged
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995
Project:Branches: dueno/gnutls:wip/fundawang/sanity-lib to gnutls/gnutls:master
Author: Daiki Ueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1995
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/6ce4443c/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 12:47:22 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 10:47:22 +0000
Subject: [gnutls-devel] GnuTLS | test sanity-lib.sh failed if gnutls
 3.8.10 is built with linked tpm2-tss (#1722)
In-Reply-To: <issue_170319084@gitlab.com>
References: <reply-56939c6a1cb7ea5e0795cf4c47fa5d0d@gitlab.com>
 <issue_170319084@gitlab.com>
Message-ID: <mailman.7409.1753786082.18299.gnutls-devel@lists.gnutls.org>



Issue was closed by Daiki Ueno with merge request !1995 (https://gitlab.com/gnutls/gnutls/-/merge_requests/1995)
Issue #1722: https://gitlab.com/gnutls/gnutls/-/issues/1722

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1722
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/e5be1029/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 15:36:50 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 13:36:50 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-00ef23378aaed8fb12a1d4097977027a@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7413.1753796243.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 was reviewed by Daiki Ueno

--
  
Daiki Ueno started a new discussion on lib/tpm2/callbacks/hash/hash_callbacks.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656617281

 >  #include "config.h"
 >  
 > +#include "gnutls_int.h"

I guess this is no longer needed?

--
  
Daiki Ueno started a new discussion on lib/tpm2/callbacks/esys_crypto_callbacks.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656617314

 > +#else
 > +/* Crypto callbacks not supported - provide empty inline implementation */
 > +static inline int _gnutls_setup_tss2_callbacks(ESYS_CONTEXT *ctx) { return 0; }

Instead of providing a stub implementation of this internal function, I would rather add `#ifdef` ... `#endif` to the caller so it only calls `_gnutls_setup_tss2_callbacks` when crypto callbacks are usable.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/759de77d/attachment.html>

From gnutls-devel at lists.gnutls.org  Tue Jul 29 15:41:24 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Tue, 29 Jul 2025 13:41:24 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <note_2627052780@gitlab.com>
References: <reply-1d1d3c6f7310c9c8e9ce17e46cb46782@gitlab.com>
 <merge_request_399143675@gitlab.com> <note_2626918492@gitlab.com>
 <note_2627051589@gitlab.com> <note_2627052780@gitlab.com>
Message-ID: <mailman.7414.1753796520.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented on a discussion on configure.ac: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656633264

 >      CFLAGS="$save_CFLAGS"
 >  ])
 >  
 > +AS_IF([test -n "$tss2lib"], [
 > +    # Check for Esys_SetCryptoCallbacks availability
 > +    save_LIBS=$LIBS
 > +    save_CFLAGS=$CFLAGS
 > +    LIBS="$LIBS $TSS2_ESYS_LIBS"
 > +    CFLAGS="$CFLAGS $TSS2_ESYS_CFLAGS"
 > +    AC_CHECK_DECL([Esys_SetCryptoCallbacks], [
 > +        AC_DEFINE([HAVE_ESYS_SETCRYPTOCALLBACKS], 1, [Define if Esys_SetCryptoCallbacks is available])
 > +    ], [], [[#include <tss2/tss2_esys.h>]])

Thanks!

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2656633264
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250729/1b5efd90/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 30 07:03:14 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 30 Jul 2025 05:03:14 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-3d59bd0c56bf535537961020cf4ecfd4@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7431.1753851827.18299.gnutls-devel@lists.gnutls.org>



Merge request !1988 was approved by Daiki Ueno
Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988
Project:Branches: devkdas/gnutls:fix-#1724 to gnutls/gnutls:master
Author: Karthik Das
Assignees: 
Reviewers: 

-- 
You're receiving this email because of your account on gitlab.com.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250730/b1522ea9/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 30 07:03:25 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 30 Jul 2025 05:03:25 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-699eaaab407c2c41b94db5eb2849065e@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7432.1753851837.18299.gnutls-devel@lists.gnutls.org>



All discussions on merge request !1988 were resolved by Daiki Ueno

https://gitlab.com/gnutls/gnutls/-/merge_requests/1988

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250730/babc0634/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 30 07:05:36 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 30 Jul 2025 05:05:36 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-4d88105db8079cd5e5fe85c8bafca0a7@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7433.1753851969.18299.gnutls-devel@lists.gnutls.org>




Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657957265


Thank you @devkdas, it looks good to me! Would it be possible to squash the commits and add a `Signed-off-by:` line in the commit message so we can merge it?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657957265
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250730/97dba46b/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 30 07:47:32 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 30 Jul 2025 05:47:32 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-31e556a6c337ab9b02a854b6cda407f2@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7434.1753854487.18299.gnutls-devel@lists.gnutls.org>




Karthik Das commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657989776


@dueno Pipeline is not running.
This job is stuck because of one of the following problems. There are no active runners online, no runners for the protected branch, or no runners that match all of the job's tags: 
gnutls

Go to project CI settings

Am I missing anything?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2657989776
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250730/37dd69ec/attachment-0001.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 30 08:53:52 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 30 Jul 2025 06:53:52 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <note_2657957265@gitlab.com>
References: <reply-9f097212f5f6d294fdf4af37bc51e04e@gitlab.com>
 <merge_request_399143675@gitlab.com> <note_2657957265@gitlab.com>
Message-ID: <mailman.7437.1753858470.18299.gnutls-devel@lists.gnutls.org>




Karthik Das commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658073285


I used webIDE to fix this issue and I was not able to rebase as it dosen't have terminal support.
Shall I close this PR and re-open new PR with same changes from new branch and with a single commit and adding a `Signed-off-by:` line in the commit message ?
@dueno

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658073285
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250730/b2d0b673/attachment.html>

From gnutls-devel at lists.gnutls.org  Wed Jul 30 12:02:42 2025
From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities)
Date: Wed, 30 Jul 2025 10:02:42 +0000
Subject: [gnutls-devel] GnuTLS | Fix for 1724 (!1988)
In-Reply-To: <merge_request_399143675@gitlab.com>
References: <reply-bb3766e2c4152f89544798b096e272a4@gitlab.com>
 <merge_request_399143675@gitlab.com>
Message-ID: <mailman.7438.1753869817.18299.gnutls-devel@lists.gnutls.org>



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1988 was reviewed by Daiki Ueno

--
  
Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658535466


We are currently facing some limitation in GitLab CI, where it can run on forks owned by the project members. I can clone this MR, but to credit you correctly, we need a `Signed-off-by:` in the commit.

--
  
Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988#note_2658535507


Looks like the web IDE still doesn't [support](https://gitlab.com/gitlab-org/gitlab/-/issues/368890) `Signed-off-by:`, so I would rather suggest doing it manually and attach the patch here, with the following steps:
```console
cd /tmp
git clone --depth=1 https://gitlab.com/gnutls/gnutls.git
cd gnutls
wget https://gitlab.com/gnutls/gnutls/-/merge_requests/1988.patch
patch -p1 < 1988.patch
git add -u
git commit -s -m "build: check if Esys_SetCryptoCallbacks is available"
git format-patch -1
```

and then attach the generated patch to a comment here.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1988
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250730/3c9caf01/attachment.html>