From gnutls-devel at lists.gnutls.org Tue Apr 7 07:56:12 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Apr 2026 05:56:12 +0000 Subject: [gnutls-devel] GnuTLS | ML-DSA: --key-info fails on expanded-only key encoding (ML-DSA-44, 65, 87) (#1830) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/work_items/1830#note_3225871496 I think this is the same issue as #1723. Once a private key is expanded, it is not trivial to derive a public key and one would need [this](https://github.com/aws/aws-lc/pull/2142) kind of recalculation, which leancrypto doesn't support. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1830#note_3225871496 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-8fhdfda6dlotrnu0bgke2f2ud-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 7 07:56:34 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Apr 2026 05:56:34 +0000 Subject: [gnutls-devel] GnuTLS | ML-DSA: --key-info fails on expanded-only key encoding (ML-DSA-44, 65, 87) (#1830) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno Issue #1830: https://gitlab.com/gnutls/gnutls/-/work_items/1830 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1830 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-7rigjc5uzkfnw8iv0ssnv0esg-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 7 16:41:52 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 07 Apr 2026 14:41:52 +0000 Subject: [gnutls-devel] =?utf-8?q?GnuTLS_=7C_OCSP_Staple_Index_Confusion_?= =?utf-8?q?=E2=80=94_Certificate_Revocation_Bypass_=28=231837=29?= References: Message-ID: Zou Dikai created an issue: https://gitlab.com/gnutls/gnutls/-/work_items/1837 ## Description of problem: When processing a stapled OCSP response during TLS certificate verification, `check_ocsp_response()` first searches the OCSP response for the `SingleResponse` entry that matches the peer certificate. The matching search is performed by iterating `resp_indx`: ```c for (resp_indx = 0;; resp_indx++) { ret = gnutls_ocsp_resp_check_crt(resp, resp_indx, cert); if (ret == 0 || ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; } ``` At that point, `resp_indx` identifies the `SingleResponse` record whose certificate identifier matches the certificate currently being verified. However, the subsequent status lookup does not use the matched index. Instead, it always reads record `0`: ```c ret = gnutls_ocsp_resp_get_single(resp, 0, NULL, NULL, NULL, NULL, &cert_status, &vtime, &ntime, &rtime, NULL); ``` As a result, the code can match certificate status information using one `SingleResponse` entry, but then read revocation and freshness information from another entry. This affects the handshake certificate verification path. The values returned by `gnutls_ocsp_resp_get_single()` are used to decide: * whether the certificate is revoked * whether the OCSP response is too old * whether the stapled OCSP check succeeds In other words, if a stapled OCSP response contains multiple `SingleResponse` records and the matching certificate record is not at index `0`, GnuTLS may apply the status of the wrong record to the certificate being verified. One concrete scenario is: * `SingleResponse[0]` corresponds to a different certificate and has status `GOOD` * `SingleResponse[1]` corresponds to the actual peer certificate and has status `REVOKED` * the search loop finds the peer certificate at `resp_indx == 1` * the later lookup still reads status from index `0` This can cause the peer certificate to be evaluated using the wrong OCSP status and timing data. ## Version of gnutls used: 3.8.12-73-g8b6731064-dirty ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Not distributor-specific in this report. ## How reproducible: Steps to Reproduce: * Inspect `check_ocsp_response()` and confirm that it first searches all `SingleResponse` entries using `resp_indx` and `gnutls_ocsp_resp_check_crt()`. * Confirm that after the matching index is found, the code still calls `gnutls_ocsp_resp_get_single(resp, 0, ...)` instead of using `resp_indx`. * Construct a valid stapled OCSP response containing multiple `SingleResponse` entries where the peer certificate matches an entry at index `1` or later, and make the first entry carry different certificate status or validity times. ## Actual results: The code identifies the `SingleResponse` entry matching the peer certificate, but later reads `cert_status`, `thisUpdate`, `nextUpdate`, and `revocationTime` from entry `0` regardless of which entry actually matched. This can lead to the wrong revocation or freshness result being applied to the peer certificate during the TLS handshake. ## Expected results: Once the matching `SingleResponse` entry is identified, all subsequent OCSP status and validity reads should use that same matched index. That is, the code should read certificate status and timing data from `resp_indx`, not from a hardcoded `0`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1837 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-49zbtg7kjim4b955myg6jvixx-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 9 08:17:18 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Apr 2026 06:17:18 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 Project:Branches: dueno/gnutls:wip/dueno/mldsa-pk-from-sk to gnutls/gnutls:master Author: Daiki Ueno This enables to derive ML-DSA public key from a secret key, using the new `lc_dilithium_pk_from_sk` function in leancrypto, through the following commits: * gnutls_x509_privkey_get_key_id: derive ML-DSA public key if needed * nettle: support deriving ML-DSA public key from expanded secret key * crypto-backend: turn privkey_to_pubkey into a backend API * privkey_to_pubkey: use constants to access public key parameters Fixes: #1723 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-4zzryyzuobp3gosfcf1wjv1ln-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 9 10:45:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Apr 2026 08:45:41 +0000 Subject: [gnutls-devel] GnuTLS | certtool fails to handle truncated SHA-512 variants (SHA-512/224 and SHA-512/256) in PKCS#12 and PBES2 (#1831) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/work_items/1831#note_3234570087 GnuTLS doesn't support the truncated variants (SHA512/224 and SHA512/256) at all, and this is not specific to PKCS#12. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1831#note_3234570087 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-5y6q5bgbg8b5o96z3ep87f4gu-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 9 15:08:48 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 09 Apr 2026 13:08:48 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix unset $SEED (!2089) References: Message-ID: Ricardo M_ Correia created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2089 Project:Branches: wizeman/gnutls:fix-seed to gnutls/gnutls:master Author: Ricardo M_ Correia A test script was using a shell variable `$SEED` without setting it first. This led to `certtool` using a random seed value rather than the intended fixed seed, which in turn led to random (rare) failures when generating 2048-bit DSA keys during the test, since random DSA key generation does not always succeed. Fixed the test by setting `$SEED` to the same fixed values that are set in `provable-privkey.sh`. ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2089 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-03wv2ythomm83mkire65v6hoc-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 03:55:18 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Apr 2026 01:55:18 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3238535956 After discussion, it turned out to be easier to do the expansion at `pk_fixup` upon import, rather than adding `privkey_to_pubkey` backend function. I've reworked along these lines. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3238535956 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6dv6zv204w9gog5vdij6f6b89-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 04:11:08 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Apr 2026 02:11:08 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-7eyhv6d3bqwhqgyeet9gl0ujz-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 11:44:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Apr 2026 09:44:05 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: Zolt?n Fridrich started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3239525189 > } > break; > > + case GNUTLS_PK_MLDSA44: > + case GNUTLS_PK_MLDSA65: > + case GNUTLS_PK_MLDSA87: > + if (params->raw_pub.data == NULL) { > + ret = ml_dsa_privkey_to_pubkey(algo, ¶ms->raw_priv, > + ¶ms->raw_pub); > + if (ret < 0 && ret != GNUTLS_E_UNIMPLEMENTED_FEATURE) Just making sure. Is it correct for the function to return 0 when GNUTLS_E_UNIMPLEMENTED_FEATURE is returned from ml_dsa_privkey_to_pubkey? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3239525189 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-802i9qbzt3otvd65z1u123wjv-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 11:45:59 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Apr 2026 09:45:59 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3239531593 Looks nice. No issues found. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3239531593 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6xnfis63xt07tfbww1weqo0v6-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 11:46:00 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Apr 2026 09:46:00 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: Merge request !2088 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 Project:Branches: dueno/gnutls:wip/dueno/mldsa-pk-from-sk to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 10 20:45:47 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 10 Apr 2026 18:45:47 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#11 Auto-Initialization Not Working (#1798) In-Reply-To: References: Message-ID: Claudio Ferreira commented: https://gitlab.com/gnutls/gnutls/-/work_items/1798#note_3241197019 @dueno, need any other info? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1798#note_3241197019 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-c0f5pk4x6d5767qkhcssrp2y9-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 01:34:49 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Apr 2026 23:34:49 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: All discussions on merge request !2088 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-7h17iinfperzln7gieqlnzxcq-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 01:34:48 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Apr 2026 23:34:48 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3243318549 > } > break; > > + case GNUTLS_PK_MLDSA44: > + case GNUTLS_PK_MLDSA65: > + case GNUTLS_PK_MLDSA87: > + if (params->raw_pub.data == NULL) { > + ret = ml_dsa_privkey_to_pubkey(algo, ¶ms->raw_priv, > + ¶ms->raw_pub); > + if (ret < 0 && ret != GNUTLS_E_UNIMPLEMENTED_FEATURE) Yes, that is intentional. Since `pk_fixup` is called upon importing private key, failing here means to prevent subsequent operations with expanded-only ML-DSA private keys. I added a debug log there. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088#note_3243318549 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-2d3ld5pwunsc2aa8a10w0jkex-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 01:36:09 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Apr 2026 23:36:09 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_3243319131 Thank for fixing the git history. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_3243319131 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-1i6iq4r1n75zwxutph3nkfgbh-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 01:36:22 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 12 Apr 2026 23:36:22 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) In-Reply-To: References: Message-ID: Merge request !2038 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038 Project:Branches: ggardet/gnutls:master to gnutls/gnutls:master Author: GUILLAUME GARDET -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-4bezx6jnlwx2g52lcy0oe6rkm-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 03:56:57 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Apr 2026 01:56:57 +0000 Subject: [gnutls-devel] GnuTLS | nettle: support deriving ML-DSA public key from expanded secret key (!2088) In-Reply-To: References: Message-ID: Merge request !2088 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 Project:Branches: dueno/gnutls:wip/dueno/mldsa-pk-from-sk to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2088 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-21is13xelh6fraff1u94fpz9m-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 09:16:11 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Apr 2026 07:16:11 +0000 Subject: [gnutls-devel] GnuTLS | GnuTLS Security Disclosure: Non-Zeroizing Free of Shared Secret Buffers in Hybrid Key Exchange (#1841) References: Message-ID: liyue created an issue: https://gitlab.com/gnutls/gnutls/-/work_items/1841 ## Description of problem: GnuTLS Security Disclosure: Non-Zeroizing Free of Shared Secret Buffers in Hybrid Key Exchange ## Affected branch: master We are researchers conducting a systematic security study of hybrid post-quantum KEM implementations across open-source projects. During our analysis of GnuTLS's hybrid key share extension, we identified that shared secret buffers are freed using `_gnutls_free_datum()` instead of the secure `_gnutls_free_key_datum()` in two functions in `lib/ext/key_share.c`. ## Summary In `server_use_key_share_single()` and `client_use_key_share_single()`, KEM/ECDH shared secrets are stored in a local `gnutls_datum_t key` variable. After the shared secret is copied to `session->key.key` via `append_key_datum()`, the original buffer is freed with `_gnutls_free_datum(&key)`, which calls `gnutls_free()` without first clearing the buffer contents. The secure alternative `_gnutls_free_key_datum(&key)` calls `zeroize_key()` before `gnutls_free()`. ## Affected Code **Function `server_use_key_share_single()`** ? 3 locations: ```c // Line 464-465 (ECDH P-256/P-384 shared secret) ret = append_key_datum(&session->key.key, &key); _gnutls_free_datum(&key); // should be _gnutls_free_key_datum(&key) // Line 508-509 (X25519/X448 shared secret) ret = append_key_datum(&session->key.key, &key); _gnutls_free_datum(&key); // should be _gnutls_free_key_datum(&key) // Line 605-606 (ML-KEM/Kyber shared secret from _gnutls_pk_encaps) ret = append_key_datum(&session->key.key, &key); _gnutls_free_datum(&key); // should be _gnutls_free_key_datum(&key) ``` **Function `client_use_key_share_single()`** ? 4 locations: ```c // Lines 703, 742, 779, 800 ? same pattern for ECDH, X25519, DH, ML-KEM ret = append_key_datum(&session->key.key, &key); _gnutls_free_datum(&key); // should be _gnutls_free_key_datum(&key) ``` ## The Difference >From `lib/datum.h`: ```c // _gnutls_free_datum: does NOT clear buffer contents inline static void _gnutls_free_datum(gnutls_datum_t *dat) { gnutls_free(dat->data); // free only dat->size = 0; } // _gnutls_free_key_datum: clears buffer BEFORE freeing inline static void _gnutls_free_key_datum(gnutls_datum_t *dat) { zeroize_key(dat->data, dat->size); // zero first gnutls_free(dat->data); // then free dat->size = 0; } ``` ## Impact After `_gnutls_free_datum(&key)`, the shared secret bytes remain in freed heap memory until overwritten by a future allocation. In a hybrid key exchange (e.g., `mlkem768nistp256`), both the ECDH and ML-KEM shared secrets are affected. An attacker with memory read access (e.g., via a separate memory disclosure vulnerability, cold boot attack, or core dump) could recover the shared secret from freed heap pages. We note that this issue also affects non-hybrid key exchanges (pure ECDH, X25519, FFDHE) in the same functions, since the same `_gnutls_free_datum(&key)` pattern is used for all key agreement types. ## Suggested Fix Replace `_gnutls_free_datum(&key)` with `_gnutls_free_key_datum(&key)` at the 7 identified locations. The secure variant is already available in GnuTLS and is used elsewhere in the codebase for handling sensitive key material. ## Standard Reference - NIST SP 800-227: "Intermediate values used in any given KEM algorithm SHALL be destroyed before the algorithm terminates" -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1841 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-bmyu10f248po2yhf3bwnzfcpv-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 13 21:58:13 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 13 Apr 2026 19:58:13 +0000 Subject: [gnutls-devel] GnuTLS | Fixed some compilation warnings (!2090) References: Message-ID: David Dudas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2090 Project:Branches: d-Dudas/gnutls:dev/ddudas/debug/compilation-warnings to gnutls/gnutls:master Author: David Dudas * Fixed some compilation warnings, such as: - analyzer-possible-null-argument - zero-as-null-pointer-constant ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2090 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-cth4p0pabwgl6had801kq1kh1-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 02:26:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 00:26:05 +0000 Subject: [gnutls-devel] cligen | pacify -Wzero-as-null-pointer-constant (!8) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/cligen/-/merge_requests/8#note_3247380332 Looks good, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/8#note_3247380332 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0t4vnjbsyeebfhay1lqav2p7n-a0ait/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 02:25:58 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 00:25:58 +0000 Subject: [gnutls-devel] cligen | pacify -Wzero-as-null-pointer-constant (!8) In-Reply-To: References: Message-ID: Merge request !8 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/cligen/-/merge_requests/8 Project:Branches: asosedkin/cligen:Wzero-as-null-pointer-constant to gnutls/cligen:main Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 02:26:08 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 00:26:08 +0000 Subject: [gnutls-devel] cligen | pacify -Wzero-as-null-pointer-constant (!8) In-Reply-To: References: Message-ID: Merge request !8 was merged Merge request URL: https://gitlab.com/gnutls/cligen/-/merge_requests/8 Project:Branches: asosedkin/cligen:Wzero-as-null-pointer-constant to gnutls/cligen:main Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/cligen/-/merge_requests/8 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-coss5wly6awb2t2vxk4kxxw9x-a0ait/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 02:52:44 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 00:52:44 +0000 Subject: [gnutls-devel] GnuTLS | Fixed some compilation warnings (!2090) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2090#note_3247404439 Thanks! You might want to update `cligen` git submodule to pull in https://gitlab.com/gnutls/cligen/-/merge_requests/8, which should fix the issues in the generated code in `src/`. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2090#note_3247404439 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-bn59pz08pkfnri6n2ehfjf6ta-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 08:25:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 06:25:41 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix unset $SEED (!2089) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2089 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on tests/cert-tests/provable-privkey-dsa2048.sh: https://gitlab.com/gnutls/gnutls/-/merge_requests/2089#note_3247851094 > fi > > +if test "${FIPS140}" = 1; then I suspect we don't need to use a different seed depending on "FIPS140" value, given this test doesn't use any fixture. Maybe you could embed either value to the --generate-privkey command line, as in provable-privkey-rsa2048.sh? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2089 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-1yomc3roznjjjj5c4tlzwxzub-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 08:25:40 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 06:25:40 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix unset $SEED (!2089) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2089#note_3247851168 Thank you for catching this! This would work but I'd suggest using the same seed for both FIPS and non-FIPS cases. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2089#note_3247851168 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-9ium1zwzkgidvql356bgqsjbc-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 08:49:10 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 06:49:10 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: add entries for 3.8.13 [ci skip] (!2091) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091 Project:Branches: dueno/gnutls:wip/dueno/news-3.8.13 to gnutls/gnutls:master Author: Daiki Ueno * NEWS: add entries for 3.8.13 [ci skip] ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0uox8gx1qyrx750cnka5pa2pz-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 14 09:10:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 14 Apr 2026 07:10:05 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: add entries for 3.8.13 [ci skip] (!2091) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-enf8nls63jhhqcd33ccziyi5p-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 08:21:35 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Apr 2026 06:21:35 +0000 Subject: [gnutls-devel] GnuTLS | Fixed some compilation warnings (!2090) In-Reply-To: References: Message-ID: Merge request !2090 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2090 Project:Branches: d-Dudas/gnutls:dev/ddudas/debug/compilation-warnings to gnutls/gnutls:master Author: David Dudas -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2090 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-amna8oc5q3vb0bckxlpsq23u1-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 08:21:16 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Apr 2026 06:21:16 +0000 Subject: [gnutls-devel] GnuTLS | Fixed some compilation warnings (!2090) In-Reply-To: References: Message-ID: Merge request !2090 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2090 Project:Branches: d-Dudas/gnutls:dev/ddudas/debug/compilation-warnings to gnutls/gnutls:master Author: David Dudas Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 11:30:33 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Apr 2026 09:30:33 +0000 Subject: [gnutls-devel] GnuTLS | x509/name_constraints: minor fixes after !2083 (!2092) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2092 Project:Branches: dueno/gnutls:wip/dueno/nc-tree-followup to gnutls/gnutls:master Author: Daiki Ueno * x509/name_constraints: use stdbool more * x509/name_constraints: remove unnecessary manual cleanup There was a duplicate cleanup logic at the exit from namename_constraints_init: one done manually and the other with name_constraints_deinit. Remove the former as it's redundant. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2092 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6rr4i9hogusgsosi5h6bnsgr2-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 11:39:10 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Apr 2026 09:39:10 +0000 Subject: [gnutls-devel] GnuTLS | nettle: sanity check ML-DSA private key in pk_fixup (!2093) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2093 Project:Branches: dueno/gnutls:wip/dueno/mldsa-pk-from-sk-followup to gnutls/gnutls:master Author: Daiki Ueno * nettle: sanity check ML-DSA private key in pk_fixup The caller should set raw_priv properly before calling pk_fixup. Add a sanity check following the EdDSA case. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2093 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-8guaiyno7vwgwdqcm7jsdu095-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 11:58:27 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Apr 2026 09:58:27 +0000 Subject: [gnutls-devel] GnuTLS | x509/name_constraints: minor fixes after !2083 (!2092) In-Reply-To: References: Message-ID: Merge request !2092 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2092 Project:Branches: dueno/gnutls:wip/dueno/nc-tree-followup to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 15 12:57:27 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 15 Apr 2026 10:57:27 +0000 Subject: [gnutls-devel] GnuTLS | x509/name_constraints: minor fixes after !2083 (!2092) In-Reply-To: References: Message-ID: Merge request !2092 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2092 Project:Branches: dueno/gnutls:wip/dueno/nc-tree-followup to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2092 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-8el5j6xmqmm7qirxb6i9zvehr-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 16 11:31:55 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Apr 2026 09:31:55 +0000 Subject: [gnutls-devel] GnuTLS | nettle: sanity check ML-DSA private key in pk_fixup (!2093) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2093 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-10a3q12ftrlbxcul6zjy8gb1j-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 16 13:01:39 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Apr 2026 11:01:39 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11-provider/pkcs11-provider-hmac: uncomment SHA-3 tests (!2094) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2094 Project:Branches: asosedkin/gnutls:tests-kryoptic-sha3 to gnutls/gnutls:master Author: Alexander Sosedkin kryoptic supports SHA-3 now, uncommenting the tests in hopes that they'll just work. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2094 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-30w42oaubazzw6ap39f792n5k-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 16 13:47:58 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Apr 2026 11:47:58 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11-provider/pkcs11-provider-hmac: uncomment SHA-3 tests (!2094) In-Reply-To: References: Message-ID: Merge request !2094 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2094 Project:Branches: asosedkin/gnutls:tests-kryoptic-sha3 to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 00:24:14 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Apr 2026 22:24:14 +0000 Subject: [gnutls-devel] GnuTLS | Client Authentication broken with Java 17.0.17+ (and recent versions of Java) (#1842) References: Message-ID: Romain Tarti?re created an issue: https://gitlab.com/gnutls/gnutls/-/work_items/1842 ## Description of problem: A few months ago, after a regular package update on our Debian systems from openjdk-17 (17.0.16+8-1 -> 17.0.17~5ea-1), our monitoring system stopped receiving logs from all our log clients (logs sent by a C program) but kept receiving metrics (from the same node) sent by our metric clients (metrics sent by a ruby program). Both systems are suing the same mTLS certificates to authenticate clients against the server. The ruby clients where fine, but the C client could not establish a TLS connection because handshake systematically failed. After reverting the java package to the previous version (17.0.17~5ea-1 -> 17.0.16+8-1), everything was working back as expected. ## More context Thanks to some git-bisect, the commit in openjdk that break authentication has been identified and is: https://github.com/openjdk/jdk17u/commit/fe850da38a3fc0c9ce6cf9348efca3c846e97143 It relates to this issue: https://bugs.openjdk.org/browse/JDK-8349583 Other versions of openjdk which include this change also trigger the issue with GnuTLS (tested with openjdk 21 and a few other versions). ## Version of gnutls used: Our production systems use the version of GnuTLS packaged in Debian (libgnutls30:amd64 3.7.9-2+deb12u6). The issue has also been reproduced on FreeBSD with the latest version of GnuTLS. ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) System packages from Debian and FreeBSD. ## How reproducible: Steps to Reproduce: * Setup a java service that offer mTLS authentication; * Use a GnuTLS client that rely on `gnutls_certificate_set_x509_key_file()` to setup client-side TLS key and certificate; * Attempt to connect with different versions of Java. ## Actual results: Handshake fails when using a version of Java that include the above code (newer versions of Java) but succeeds with older versions of Java. ## Expected results: Handshake should succeed regardless of the version of Java used. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1842 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-5rivylgycn5arjgwmj27u3egw-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 00:31:04 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 16 Apr 2026 22:31:04 +0000 Subject: [gnutls-devel] GnuTLS | Client Authentication broken with Java 17.0.17+ (and recent versions of Java) (#1842) In-Reply-To: References: Message-ID: Romain Tarti?re commented: https://gitlab.com/gnutls/gnutls/-/work_items/1842#note_3259201612 > Use a GnuTLS client that rely on `gnutls_certificate_set_x509_key_file()` to setup client-side TLS key and certificate; This seems important as I could workaround the issue in the library that use GnuTLS by replacing the call to this function with the corresponding code used by `gnutls-cli(1)` (dozens of lines): https://git.madhouse-project.org/algernon/riemann-c-client/pulls/20/files (link to this workaround patch) Another workaround consist in passing `GNUTLS_FORCE_CLIENT_CERT` to `gnutls_init(3)`: https://git.madhouse-project.org/algernon/riemann-c-client/pulls/19/files (link to this workaround patch) But the issue seems to be in GnuTLS itself as other TLS implementation work the same way with all versions of java (tested with GnuTLS, OpenSSL and WolfSSL). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1842#note_3259201612 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-03phxfxjv6wc1er4vxelqhi9g-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 02:52:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 00:52:41 +0000 Subject: [gnutls-devel] GnuTLS | Fix TLS 1.3 handshake (!2095) References: Message-ID: Romain Tarti?re created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095 Project:Branches: smortex/gnutls:fix-tls-1.3-handshake to gnutls/gnutls:master Author: Romain Tarti?re Add the signature_algorithms_cert to the list of allowed algorithms if present, and fallback to the signature_algorithms otherwise. This better fit [RFC8446 section 4.2.3][1]: > If no "signature_algorithms_cert" extension is present, then the "signature_algorithms" extension also applies to signatures appearing in certificates. This fix TLS 1.3 handshake with Java after [JDK-8349583][2]. Closes: #1842 [1]: https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.3 [2]: https://bugs.openjdk.org/browse/JDK-8349583 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-54ssqsm39jmvrgzac9y2xj4ml-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 03:36:31 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 01:36:31 +0000 Subject: [gnutls-devel] GnuTLS | Fix TLS 1.3 handshake (!2095) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2095 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/tls13/certificate_request.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095#note_3259476712 > continue; > > + gnutls_pk_algorithm_t algo = se->cert_pk || se->pk; I don't think this is correct; `algo` always end up with either `GNUTLS_PK_RSA` (= 1) or `GNUTLS_PK_UNKNOWN` (= 0). See https://www.open-std.org/jtc1/sc22/WG14/www/docs/n1256.pdf#page=101 for the explanation. Something like `se->cert_pk != GNUTLS_PK_UNKNOWN ? se->cert_pk : se->pk` should work. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-csb49qwaqd5aj9jw3rg7ehjp7-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 05:43:38 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 03:43:38 +0000 Subject: [gnutls-devel] GnuTLS | Client Authentication broken with Java 17.0.17+ (and recent versions of Java) (#1842) In-Reply-To: References: Message-ID: Romain Tarti?re commented: https://gitlab.com/gnutls/gnutls/-/work_items/1842#note_3259697071 Tracing execution, in [parse_cert_extension()](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/tls13/certificate_request.c#L115) the following algorithms are added to `ctx->pk_algos`: * 4 (`GNUTLS_PK_ECDSA`); * 7 (`GNUTLS_PK_EDDSA_ED25519`); * 12 (`GNUTLS_PK_EDDSA_ED448`); * 6 (`GNUTLS_PK_RSA_PSS`). Algorithm 1 (`GNUTLS_PK_RSA`, present in `cert_pk`) is not added to this list, which seems to be the root cause of the issue. I opened !2095 to fix it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1842#note_3259697071 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-10i2g6ao71hutk5ujfkjcayfq-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 05:45:32 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 03:45:32 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11-provider/pkcs11-provider-hmac: uncomment SHA-3 tests (!2094) In-Reply-To: References: Message-ID: Merge request !2094 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2094 Project:Branches: asosedkin/gnutls:tests-kryoptic-sha3 to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2094 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-bh1yh2l8lohh80jg5lib8w0gc-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 09:34:23 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 07:34:23 +0000 Subject: [gnutls-devel] GnuTLS | Fix TLS 1.3 handshake (!2095) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095#note_3260134885 Note that the `signature_algorithms_cert` extension is not widely used; none of OpenSSL, NSS, and GnuTLS handles the extension (OpenSSL does send it, but doesn't recognize it). In the [parse_cert_extension](https://gitlab.com/gnutls/gnutls/-/blob/master/lib/tls13/certificate_request.c#L115) function you mentioned in #1842, the values come from the `signature_algorithms` extension (not the `signature_algorithms_cert` extension) attached to Certificate Request message, meaning that the server requests a cert signed with an algorithm listed in the extension, while the client has only RSA signed certificate. According to your comment on #1842, the server wants either ecdsa_*, ed25519, ed448, or rsa_pss*. If the server is indicating rsa_pss_rsae_* (not rsa_pss_pss_*), the client should be able to present the (non-restricted) RSA certificates. Could you check that, maybe using wireshark (see https://wiki.wireshark.org/TLS)? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095#note_3260134885 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-8x4fsx2piqvw7g5bhrahc8pmu-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 20:57:24 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 18:57:24 +0000 Subject: [gnutls-devel] GnuTLS | Fix TLS 1.3 handshake (!2095) In-Reply-To: References: Message-ID: All discussions on merge request !2095 were resolved by Romain Tarti?re https://gitlab.com/gnutls/gnutls/-/merge_requests/2095 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-27gajk666inikabuaadq61tcp-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 20:57:20 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 18:57:20 +0000 Subject: [gnutls-devel] GnuTLS | Fix TLS 1.3 handshake (!2095) In-Reply-To: References: Message-ID: Romain Tarti?re commented on a discussion on lib/tls13/certificate_request.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095#note_3262591755 > if (se == NULL) > continue; > > + gnutls_pk_algorithm_t algo = se->cert_pk || se->pk; Wow! Happy incident `GNUTLS_PK_RSA` is 1 :rofl:. Fixed, thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095#note_3262591755 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0u7brx0gql0s5uyaecx7ak2r9-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 17 21:53:52 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 17 Apr 2026 19:53:52 +0000 Subject: [gnutls-devel] GnuTLS | Fix TLS 1.3 handshake (!2095) In-Reply-To: References: Message-ID: Romain Tarti?re commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095#note_3262702957 > Note that the `signature_algorithms_cert` extension is not widely used; none of OpenSSL, NSS, and GnuTLS handles the extension (OpenSSL does send it, but doesn't recognize it). Ah? That is the kind of basic things I am not aware of, I may have followed tracks that don't make sense during my investigation, and I also feel like I am mixing-up a lot of stuff, so all this is quite tough to me :sweat: > According to your comment on #1842, the server wants either `ecdsa_*`, `ed25519`, `ed448`, or `rsa_pss*`. If the server is indicating `rsa_pss_rsae_*` (not `rsa_pss_pss_*`), the client should be able to present the (non-restricted) RSA certificates. Could you check that, maybe using wireshark (see https://wiki.wireshark.org/TLS)? If I am looking at the right thing, I see both: ![screenshot-2026-04-17T09_51_02-1000](/uploads/824ea6345116cc9a975a7eacdc522578/screenshot-2026-04-17T09_51_02-1000.png){width=607 height=600} In order to make it easier for anybody to test, I setup a public-facing riemann server that can be used against the client to reproduce the issue. [Also, all certificates are available here](https://agrajag.blogreen.org/~romain/riemann) in case there is an issue with them. If it can help, this should put you on track: ``` git clone https://git.madhouse-project.org/algernon/riemann-c-client/ cd riemann-c-client autoreconf -is mkdir build cd build ../configure make curl https://agrajag.blogreen.org/~romain/riemann/ca.crt > /tmp/ca.crt curl https://agrajag.blogreen.org/~romain/riemann/gnutls-client.crt > /tmp/gnutls-client.cr curl https://agrajag.blogreen.org/~romain/riemann/gnutls-client.key > /tmp/gnutls-client.key ./src/riemann-client send -D hello --tls -o cafile=/tmp/ca.crt -o certfile=/tmp/gnutls-client.crt -o keyfile=/tmp/gnutls-client.key agrajag.blogreen.org 5555 ``` No output and and exit code of 0 means it is fine. Otherwise, you will probably have a return code of 1 and a message "Error when asking for a message receipt: Protocol error". -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2095#note_3262702957 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-9cx7tkiphe91t5a4xbivyex8o-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 19 13:10:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 19 Apr 2026 11:10:26 +0000 Subject: [gnutls-devel] GnuTLS | Replace strcmp with streq in src/ and lib/ (!2096) References: Message-ID: David Dudas created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2096 Project:Branches: d-Dudas/gnutls:dev/ddudas/strcmp_to_streq to gnutls/gnutls:master Author: David Dudas Replace strcmp with streq in src/ and lib/ #1829 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2096 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-50bc88ot80ak8yopf6k9ujryw-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 20 09:06:28 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Apr 2026 07:06:28 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) In-Reply-To: References: Message-ID: GUILLAUME GARDET commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_3265361275 I think assembler needs to be regenerated in `lib/accelerated/aarch64/` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_3265361275 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0p4zxr24x5hgpk8wwaz7mkv3e-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 20 16:12:40 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Apr 2026 14:12:40 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 Project:Branches: dueno/gnutls:wip/dueno/hpke2 to gnutls/gnutls:master Author: Daiki Ueno This is an assorted cleanups to the new HPKE API. Mainly: - limit the number of public functions - make encap/decap stateless for auth and PSK to avoid copying keys - make it possible to toggle HPKE support with `--disable-hpke` ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [x] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6jiblk0up7nh1afp9xrsmdbqu-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 20 16:14:30 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Apr 2026 14:14:30 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3266999695 @d-Dudas could you check this? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3266999695 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0gcp8dkl4ln02sty4n5xqmtw3-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 20 17:21:56 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 20 Apr 2026 15:21:56 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: David Dudas commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3267322309 lgtm -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3267322309 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-1cwcsj6e63e8yfd5w2oonjtit-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 16:29:15 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Apr 2026 14:29:15 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3271072035 Thank you. One more thing I would like to introduce is a split of `gnutls_hpke_context_t` into two: sender's and receiver's. That way, any misuses of the API, such as calling a sender operation, e.g., `gnutls_hpke_encap`, on a receiver's context will be caught at compile time instead of run time, though it might be too complicated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3271072035 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0ekdbirb2ruvlthwniobwecvf-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 17:07:48 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Apr 2026 15:07:48 +0000 Subject: [gnutls-devel] GnuTLS | Replace strcmp with streq in src/ and lib/ (!2096) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2096#note_3271226220 Thanks for picking this up, David. Looks generally good, though probably we might need to postpone this to the next release, as 3.8.13 is in preparation. One suggestion until then: the Gnulib `streq` module seems to be transitively pulled in; could it be more explicit by adding it to `common_modules` in `bootstrap.conf`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2096#note_3271226220 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6ar1g2m04xcc5x6u8kb2gajxs-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 21 17:30:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 21 Apr 2026 15:30:05 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: David Dudas commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3271316322 My first draft implementation was like that, with two contexts, one for each role. However, for me it seemed to be overkill and later I preferred to have just one context, with role validation in the setters, as it seemed cleaner this way. But I didn't considered the advantage of "validating" the role for each operation at compile time. I think having just one context is a cleaner approach, but feel free to do the split if you want, or just open an issue and I will work on it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3271316322 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-aea0jye196qw6l9h9d2dharoj-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 23 10:12:12 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Apr 2026 08:12:12 +0000 Subject: [gnutls-devel] GnuTLS | Use streq and memeq from Gnulib (#1829) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.14 ( https://gitlab.com/gnutls/gnutls/-/milestones/52 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1829 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-cicqf0iih1jc4zeczas1gvyws-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 23 10:40:58 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Apr 2026 08:40:58 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278404103 Note also that docdist is failing with `Cannot understand prototype`; IDK what it means. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278404103 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-9qiyurkig9tg28fj7hn21ppe7-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 23 10:41:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 23 Apr 2026 08:41:05 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on doc/cha-crypto.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278403972 > + at funcref{gnutls_hpke_seal} and can be decrypted using > + at funcref{gnutls_hpke_open}. Applications can also export the keying > +material without actually encrypting or decryption, using nit: s/decryption/decrypting/ -- Alexander Sosedkin started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278403993 > + contributed by David Dudas. Given this is a technology preview, the > + implementation might suffer modification in the following > + period. (#1506) should we be more blunt and say "API might change in the future"? -- Alexander Sosedkin started a new discussion on m4/hooks.m4: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278404011 > AM_CONDITIONAL([ENABLE_CRYPTO_AUDITING], [test "$enable_crypto_auditing" = "yes"]) > > + AC_MSG_CHECKING([whether to disable HPKE support]) if we declare API unstable, should it be off by default for a few releases? -- Alexander Sosedkin started a new discussion on lib/hpke/hpke-key-management.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278404034 > - ret = be_lt(sk.data, order, sk.size); > - if (!ret) { > + if (memcmp(sk.data, order, sk.size) > 0) { I have very little idea what's happening, but _lt lumped `==` together with `>`, but here you're using `>`. Was it supposed to be `>=`? -- Alexander Sosedkin started a new discussion on doc/cha-crypto.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278404043 > +secret. This can be done using a given key encapsulation mechanism > +(KEM), with the encapsulation and decapsulation operations. > + at showfuncB{gnutls_hpke_encap,gnutls_hkpe_decap} s/hkpe/hpke/ -- Alexander Sosedkin started a new discussion on doc/cha-crypto.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3278404061 > +material without actually encrypting or decryption, using > + at funcref{gnutls_hpke_export}. > + at showfuncB{gnutls_hpke_seal,gnutls_hkpe_open,gnutls_hpke_export} s/hkpe/hpke/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0c87b3lfkzqiw51baawud2nh5-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 09:46:44 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Apr 2026 07:46:44 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: add entries for 3.8.13 [ci skip] (!2091) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091#note_3282660487 I took the liberty to rebase it, resolve a conflict and fix two minuscule things. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091#note_3282660487 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-ddab5i0q7svdqmwtvs8zirq7y-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 09:46:49 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Apr 2026 07:46:49 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: add entries for 3.8.13 [ci skip] (!2091) In-Reply-To: References: Message-ID: Merge request !2091 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091 Project:Branches: dueno/gnutls:wip/dueno/news-3.8.13 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 09:47:16 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Apr 2026 07:47:16 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: add entries for 3.8.13 [ci skip] (!2091) In-Reply-To: References: Message-ID: Merge request !2091 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091 Project:Branches: dueno/gnutls:wip/dueno/news-3.8.13 to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2091 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-376rx0vj9s6auj6q3zi8tel1f-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 10:45:46 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Apr 2026 08:45:46 +0000 Subject: [gnutls-devel] GnuTLS | hpke/hpke-builders: use a relative include (!2098) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098 Branches: hpke-fix-include to master Author: Alexander Sosedkin I don't know how it works for others, but apparently my usual compilation does not have the project root in the include path list, so it fails to find `lib/num.h`. Switching to a relative import fixes that. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-bk12pr6h17xwi7qnrtbwpf72y-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Apr 24 20:55:51 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 24 Apr 2026 18:55:51 +0000 Subject: [gnutls-devel] GnuTLS | Replace strcmp with streq in src/ and lib/ (!2096) In-Reply-To: References: Message-ID: David Dudas commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2096#note_3285403170 Updated the common_modules list. Thanks! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2096#note_3285403170 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-exyuai3ncs7qf35r77t35zity-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 03:33:52 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 01:33:52 +0000 Subject: [gnutls-devel] GnuTLS | hpke/hpke-builders: use a relative include (!2098) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098#note_3286125918 Picked in !2097. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098#note_3286125918 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-4y7txko6dh73ikjxv3u921xsd-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 03:32:56 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 01:32:56 +0000 Subject: [gnutls-devel] GnuTLS | hpke/hpke-builders: use a relative include (!2098) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2098 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on lib/hpke/hpke-builders.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098#note_3286125172 > #include "hpke-builders.h" > -#include "lib/num.h" > +#include "../num.h" I don't think we even need `..`; I'm including the change in !2097. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-3qtyrz8exllcvyqnulpeopwvl-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 03:33:52 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 01:33:52 +0000 Subject: [gnutls-devel] GnuTLS | hpke/hpke-builders: use a relative include (!2098) In-Reply-To: References: Message-ID: Merge request !2098 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098 Branches: hpke-fix-include to master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2098 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-c5xbvyk1yd6v3968m9z6sy70u-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 03:34:23 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 01:34:23 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286126304 OK, let's keep the current interface. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286126304 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-9cnz581qw842m6xj1bfnqeszu-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 03:43:18 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 01:43:18 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on m4/hooks.m4: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286133713 > [AC_DEFINE([ENABLE_CRYPTO_AUDITING], [1], [enable crypto-auditing trace])]) > AM_CONDITIONAL([ENABLE_CRYPTO_AUDITING], [test "$enable_crypto_auditing" = "yes"]) > > + AC_MSG_CHECKING([whether to disable HPKE support]) Switched to off by default -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286133713 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-bc9qae0pyxq5qrwh4p2jcmy9h-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 03:43:19 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 01:43:19 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: All discussions on merge request !2097 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-8rksexsyr6n7jn89t2cnms68x-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 10:33:37 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 08:33:37 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286393763 > (DER). Previously, loading a private key in the former format > resulted in a failure, which is now fixed (#1749). > > -** libgnutls: Added HPKE (RFC 9180) implementation as a technology > - preview. The implementation and the related API might suffer > - modification in the following period (#1506). > +** libgnutls: HPKE (RFC 9180) is now supported as a technology preview > + The Hybrid Public Key Encryption (HPKE) is a flexible cryptographic > + scheme which covers both key transport and encryption by combining > + key encapsulation mechanism (KEM) and authentcated encryption with s/authentcated/authenticated/ -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286393763 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6hcxsh5ufgalf9juahsd736zl-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 12:24:01 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 10:24:01 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: All discussions on merge request !2097 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-dif6z9yfd91ox94o0oijvmd8d-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Apr 25 13:00:32 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 25 Apr 2026 11:00:32 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286495648 I don't know how to solve the docdist issue. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3286495648 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-a3u9aj5kqihbqv9svw3n9a6cm-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 12:04:32 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Apr 2026 10:04:32 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes for 3.8.13 release (!2099) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099 Project:Branches: dueno/gnutls:wip/dueno/minor-fixes to gnutls/gnutls:master Author: Daiki Ueno * doc/Makefile: add stamp_error_codes to EXTRA_DIST This also moves stamp_* to MAINTAINERCLEANFILES from DISTCLEANFILES, which should not include what's in the tarball. Fixes: #1797 * tests: match automake variables for pkcs11-obj-get-pk-algorithm * build: switch to using static_assert instead of verify Gnulib now emulates static_assert in C23, prefer it over verify. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-9yfydoe9p21jv5qogvvtl7kdj-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 12:06:53 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Apr 2026 10:06:53 +0000 Subject: [gnutls-devel] GnuTLS | Draft: doc/Makefile: add stamp_error_codes to EXTRA_DIST, move more files to MAINTAINERCLEANFILES (!2071) In-Reply-To: References: Message-ID: Merge request !2071 was closed by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071 Project:Branches: asosedkin/gnutls:stamp-error-codes-fix to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-3mk7whkb0fdzunq43e1qt1cb7-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 12:06:46 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Apr 2026 10:06:46 +0000 Subject: [gnutls-devel] GnuTLS | Draft: doc/Makefile: add stamp_error_codes to EXTRA_DIST, move more files to MAINTAINERCLEANFILES (!2071) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071#note_3287354331 I'm picking this in !2099. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071#note_3287354331 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-932q7qim4zsz93h21ao5692kg-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 12:06:48 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Apr 2026 10:06:48 +0000 Subject: [gnutls-devel] GnuTLS | Draft: doc/Makefile: add stamp_error_codes to EXTRA_DIST, move more files to MAINTAINERCLEANFILES (!2071) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2071 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on doc/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071#note_3287354324 > gnutls_TEXINFOS += $(ENUMS) $(FUNCS) $(AUTOGENED_DOC) > -DISTCLEANFILES += $(ENUMS) errcodes printlist alert-printlist > +MAINTAINERCLEANFILES = $(gnutls_TEXINFOS) This is wrong in two ways: `MAINTAINERCLEANFILES` is overridden, and `$(gnutls_TEXINFOS)` contains non-generated contents. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-ef6yy4tnll0ymsds6fusi7t05-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 12:10:37 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Apr 2026 10:10:37 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3287356637 The docdist issue should be fixed now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3287356637 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-de4yzhaysft2i0hyo7sjiig8i-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 14:59:40 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Apr 2026 12:59:40 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes for 3.8.13 release (!2099) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-3pkaty2a3w8sfo32hpivqi9fo-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Apr 26 14:59:55 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 26 Apr 2026 12:59:55 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-by227ddfa26dwiamwh1rqm7nt-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 04:14:54 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 02:14:54 +0000 Subject: [gnutls-devel] GnuTLS | aarch64: Enable GCS (!2038) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.13 (Feb 9, 2026?Apr 30, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/51 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2038 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-489gk5jzpxkljpah4elgonwoz-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 04:16:25 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 02:16:25 +0000 Subject: [gnutls-devel] GnuTLS | Undefined reference to _gnutls_hmac_sha_aarch64 when building with nettle v4 patch (#1804) In-Reply-To: References: Message-ID: Reassigned Issue 1804 https://gitlab.com/gnutls/gnutls/-/issues/1804 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1804 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-bdl2xe4oyfvts3du0x6qt54qy-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 04:19:11 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 02:19:11 +0000 Subject: [gnutls-devel] GnuTLS | stamp_error_codes missing from doc/Makefile.am EXTRA_DIST (#1797) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.13 (Feb 9, 2026?Apr 30, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/51 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1797 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-3ae84b88p27i3e3hadnhvo5g0-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 04:43:43 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 02:43:43 +0000 Subject: [gnutls-devel] GnuTLS | stamp_error_codes missing from doc/Makefile.am EXTRA_DIST (#1797) In-Reply-To: References: Message-ID: Reassigned Issue 1797 https://gitlab.com/gnutls/gnutls/-/issues/1797 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1797 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-5astjrw2ux3cimd0ttmdm8a21-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 07:04:33 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 05:04:33 +0000 Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test (!2100) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100 Project:Branches: dueno/gnutls:wip/dueno/pct to gnutls/gnutls:master Author: Daiki Ueno pct_test inside fips uses low-level, separate primitves for some hasing and signing. Replace them with high-level, more specific APIs. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-d347ptzpuncmoo1xahwljuivd-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 10:19:24 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 08:19:24 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes for 3.8.13 release (!2099) In-Reply-To: References: Message-ID: Merge request !2099 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099 Project:Branches: dueno/gnutls:wip/dueno/minor-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 10:19:33 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 08:19:33 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes for 3.8.13 release (!2099) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099#note_3288645520 All changes look good. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099#note_3288645520 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-7oxf8p8bh105a7sby0ozn39xl-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 10:27:06 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 08:27:06 +0000 Subject: [gnutls-devel] GnuTLS | stamp_error_codes missing from doc/Makefile.am EXTRA_DIST (#1797) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !2099 (https://gitlab.com/gnutls/gnutls/-/merge_requests/2099) Issue #1797: https://gitlab.com/gnutls/gnutls/-/work_items/1797 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1797 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-43b418237vaq5csizcq0rdqxx-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 10:27:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 08:27:05 +0000 Subject: [gnutls-devel] GnuTLS | Minor fixes for 3.8.13 release (!2099) In-Reply-To: References: Message-ID: Merge request !2099 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099 Project:Branches: dueno/gnutls:wip/dueno/minor-fixes to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2099 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-5zj4h1zhnsp83lz78m3qvl75m-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 10:48:02 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 08:48:02 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Merge request !2097 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 Project:Branches: dueno/gnutls:wip/dueno/hpke2 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 10:48:16 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 08:48:16 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Merge request !2097 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 Project:Branches: dueno/gnutls:wip/dueno/hpke2 to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-7o4tknenvb07me4m4hl8qryy4-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 10:48:28 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 08:48:28 +0000 Subject: [gnutls-devel] GnuTLS | Minor cleanup of HPKE API (!2097) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3288749950 Thank you for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2097#note_3288749950 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-c9ru5ya0gl2ms1sjmcptuunnf-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 19:52:30 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 17:52:30 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in skip message (!2101) References: Message-ID: Sam James created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2101 Project:Branches: thesamesam/gnutls:typo-test-fix to gnutls/gnutls:master Author: Sam James * tests: fix typo in skip message Otherwise we try to execute the skip message which results in noise in the log. Copy the other places we skip and echo to stderr. Signed-off-by: Sam James -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2101 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-4a84i138gyq7kfp5n55cjagse-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 20:00:47 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 18:00:47 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 Project:Branches: asosedkin/gnutls:release-3.8.13 to gnutls/gnutls:master Author: Alexander Sosedkin * NEWS: mention a few more 3.8.13 changes * Release 3.8.13 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-4s3opqjle2idf44y66xawswhd-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Apr 27 22:09:40 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 20:09:40 +0000 Subject: [gnutls-devel] GnuTLS | can't send mlkem768x25519 and x25519 key shares together; would rather see both sent with x25519 value reused (#1763) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.14 ( https://gitlab.com/gnutls/gnutls/-/milestones/52 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1763 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-2qrwiw5yrluktl5iim2o5ehp0-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 01:20:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 23:20:05 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in skip message (!2101) In-Reply-To: References: Message-ID: Merge request !2101 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2101 Project:Branches: thesamesam/gnutls:typo-test-fix to gnutls/gnutls:master Author: Sam James Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 01:20:18 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 23:20:18 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in skip message (!2101) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2101#note_3291801031 Thanks for catching this! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2101#note_3291801031 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-ao6q4mbdbzcvyjcwznajgbtce-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 01:38:54 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 27 Apr 2026 23:38:54 +0000 Subject: [gnutls-devel] GnuTLS | tests: fix typo in skip message (!2101) In-Reply-To: References: Message-ID: Merge request !2101 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2101 Project:Branches: thesamesam/gnutls:typo-test-fix to gnutls/gnutls:master Author: Sam James -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2101 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-72zmym0dihy6unjpwjaqa306w-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 04:34:16 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 02:34:16 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: regenerate assembly files after AArch64 GCS support (!2103) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103 Project:Branches: dueno/gnutls:wip/dueno/asm to gnutls/gnutls:master Author: Daiki Ueno As suggested by @ggardet in https://gitlab.com/gnutls/gnutls/-/merge_requests/2038#note_3265361275 * accelerated: regenerate assembly files after AArch64 GCS support * cfg.mk: suppress file locations from cpp output ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-262fad0aa3l1zhx44091na0lz-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 07:51:52 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 05:51:52 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 was reviewed by Daiki Ueno -- Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3292763479 > > +** libgnutls: Fix TLS 1.3 client certificate selection > + For servers that send a signature_algorithms_cert extension This is not correct; `signature_algorithms_cert` is not involved, but `signature_algorithms` with `rsa_pss_rsae_*` but without legacy `rsa_pkcs1_*` prevents the client to select an RSA cert while it should be usable. -- Daiki Ueno started a new discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3292763505 > gnutls_hpke_derive_keypair: New function > gnutls_hpke_export: New function > gnutls_pkcs11_obj_get_pk_algorithm: New function Maybe good to mention this change as well, something like: ``` ** libgnutls: New function that allows fetching object type metadata for PKCS#11 keys A new library function, gnutls_pkcs11_obj_get_pk_algorithm, has been added to check the public key algorithms of PKCS#11 key objects, contributed by Ghadi Elie Rahme (!2102). Object types other than CKO_PRIVATE_KEY are currently not supported. ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-1xzr5lxk4qtu8lnzv3klgzxve-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 08:13:38 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 06:13:38 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: regenerate assembly files after AArch64 GCS support (!2103) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/accelerated/aarch64/elf/aes-aarch64.s: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3292821130 > # > # *** This file is auto-generated *** > # > -# 0 "lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S" > -# 1 "/home/zfridric/upstream/gnutls//" > -# 0 "" > -# 0 "" > -# 1 "lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S" > -# 1 "lib/accelerated/aarch64/aarch64-common.h" 1 > -# 2 "lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S" 2 > - > - > +#define __STDC__ 1 how did that appear, why are we commiting somebody's machine's defines? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3292821130 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-16p1zrgrqvnnft3quvtyfvsn9-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 08:20:29 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 06:20:29 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: regenerate assembly files after AArch64 GCS support (!2103) In-Reply-To: References: Message-ID: Alexander Sosedkin started a new discussion on lib/accelerated/aarch64/macosx/sha512-armv8.s: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3292840184 > # > # *** This file is auto-generated *** > # > -# 0 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" > -# 0 "" > -# 0 "" > -# 1 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" > -# 58 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" > -# 1 "lib/accelerated/aarch64/aarch64-common.h" 1 > -# 59 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" 2 > - > - > +.pushsection .note.gnu.property, "a"; What made this appear on macosx? Should it be conditioned on `__ELF__`? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3292840184 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-16b5ut9offgihqdb3mtw8u0cl-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 10:42:45 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 08:42:45 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: regenerate assembly files after AArch64 GCS support (!2103) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2103 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on lib/accelerated/aarch64/elf/aes-aarch64.s: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3293399573 > - > - > +#define __STDC__ 1 They were from `gcc -E`, now they are suppressed with `-E -P`. -- Daiki Ueno commented on a discussion on lib/accelerated/aarch64/macosx/sha512-armv8.s: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3293399614 > - > - > +.pushsection .note.gnu.property, "a"; Good catch. For some reason the generation rule uses `aarch64-linux-gnu-gcc` which expands `__ELF__`; I'd rather not touch macosx/*.s. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-012hk2rcco2zuk27wsgtdckyk-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 11:09:00 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 09:09:00 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: regenerate assembly files after AArch64 GCS support (!2103) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/accelerated/aarch64/elf/aes-aarch64.s: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3293519271 > # > # *** This file is auto-generated *** > # > -# 0 "lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S" > -# 1 "/home/zfridric/upstream/gnutls//" > -# 0 "" > -# 0 "" > -# 1 "lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S" > -# 1 "lib/accelerated/aarch64/aarch64-common.h" 1 > -# 2 "lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S" 2 > - > - > +#define __STDC__ 1 no, I'm not asking about the `# 0 "lib/accelerated/aarch64/elf/aes-aarch64.s.tmp.S"` line indicators, I'm fine with them going away I'm asking about `#define __STDC__ 1` defines that I don't think should be there -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3293519271 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-ddc6051wcxag8yb1blryygmp0-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 11:11:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 09:11:26 +0000 Subject: [gnutls-devel] GnuTLS | accelerated: regenerate assembly files after AArch64 GCS support (!2103) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on lib/accelerated/aarch64/macosx/sha512-armv8.s: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3293530669 > # > # *** This file is auto-generated *** > # > -# 0 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" > -# 0 "" > -# 0 "" > -# 1 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" > -# 58 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" > -# 1 "lib/accelerated/aarch64/aarch64-common.h" 1 > -# 59 "lib/accelerated/aarch64/macosx/sha512-armv8.s.tmp.S" 2 > - > - > +.pushsection .note.gnu.property, "a"; OK, but isn't that a bit of a timebomb until we miss it on the next regeneration? We should at least file a ticket to fix it later. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103#note_3293530669 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-9dmljg61ghpyg4athjye3j2yn-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 11:31:25 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 09:31:25 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3293620875 > modification in the following period. Use --enable-hpke to turn on > this feature. (#1506) > > +** libgnutls: Fix TLS 1.3 client certificate selection > + For servers that send a signature_algorithms_cert extension updated -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3293620875 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-azvfchgomlrfd88ci8pag3h59-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 11:31:57 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 09:31:57 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion on NEWS: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3293623034 > gnutls_hpke_open: New function > gnutls_hpke_derive_keypair: New function > gnutls_hpke_export: New function > gnutls_pkcs11_obj_get_pk_algorithm: New function Applied with a few modifications. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3293623034 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-8ewmcg4vok5s5uo269jblintz-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 11:33:24 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 09:33:24 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-812xckpa2dshlbbunx6rn6dlh-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 13:07:19 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 11:07:19 +0000 Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test (!2100) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2100 was reviewed by Clemens Lang -- Clemens Lang started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100#note_3294076855 > + return gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); > + > + /* Do we still care GOST in FIPS mode? */ We don't. Have we ever? We shouldn't. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-e9w7lr84hk23jppb2owuz2fog-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 14:49:03 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 12:49:03 +0000 Subject: [gnutls-devel] GnuTLS | Draft: accelerated: regenerate assembly files after AArch64 GCS support (!2103) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !2103 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-agr89sgzuyfiist1e76uor8p2-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 14:49:09 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 12:49:09 +0000 Subject: [gnutls-devel] GnuTLS | Draft: accelerated: regenerate assembly files after AArch64 GCS support (!2103) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.14 ( https://gitlab.com/gnutls/gnutls/-/milestones/52 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2103 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-c0edizpyfpc31ve8oeb11nqws-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 14:53:28 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 12:53:28 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3294621376 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102#note_3294621376 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-5hskuy27u9lp4divqh9ymkb51-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 14:53:29 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 12:53:29 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Merge request !2102 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 Project:Branches: asosedkin/gnutls:release-3.8.13 to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 20:00:34 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 18:00:34 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/work_items/1768#note_3295995042 https://gitlab.com/gnutls/gnutls/-/merge_requests/2076 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1768#note_3295995042 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-1l5gruyyvqx08ubvhfwjxtzx8-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Apr 28 23:53:49 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 28 Apr 2026 21:53:49 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: All discussions on merge request !2102 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-afvezgbvs3hqttd29tvsp0a1a-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 02:33:42 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 00:33:42 +0000 Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test (!2100) In-Reply-To: References: Message-ID: Conor Tull was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-djcqcpd9pqcr92v5o5il39won-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 02:50:32 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 00:50:32 +0000 Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test (!2100) In-Reply-To: References: Message-ID: All discussions on merge request !2100 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2100 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-dllgb6owcb1xdsojgixd3bntq-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 02:50:21 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 00:50:21 +0000 Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test (!2100) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100#note_3297023832 > + const gnutls_x509_spki_st *spki, > + const gnutls_datum_t *data) > +{ > + gnutls_privkey_t privkey = NULL; > + gnutls_pubkey_t pubkey = NULL; > + gnutls_x509_privkey_t xprivkey = NULL; > + gnutls_datum_t sig = { NULL, 0 }; > + gnutls_sign_algorithm_t sign_algo; > + unsigned vflags = 0; > + int ret; > + > + sign_algo = pct_pk_to_sign(algo, spki); > + if (sign_algo == GNUTLS_SIGN_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); > + > + /* Do we still care GOST in FIPS mode? */ For some reason we exercise GOST under FIPS mode in tests/x509sign-verify-gost. Maybe we can skip the test, but I just added `#if ENABLE_GOST ... #endif` for now so the code (and the test) is compiled out if `--disable-gost` is given (which is the case with RHEL at least). -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100#note_3297023832 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6y5kx1lynyht3py9x7d3mhnux-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 10:48:01 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 08:48:01 +0000 Subject: [gnutls-devel] GnuTLS | Use full hash+sign operations in pct_test (!2100) In-Reply-To: References: Message-ID: Clemens Lang commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100#note_3298323752 > + const gnutls_x509_spki_st *spki, > + const gnutls_datum_t *data) > +{ > + gnutls_privkey_t privkey = NULL; > + gnutls_pubkey_t pubkey = NULL; > + gnutls_x509_privkey_t xprivkey = NULL; > + gnutls_datum_t sig = { NULL, 0 }; > + gnutls_sign_algorithm_t sign_algo; > + unsigned vflags = 0; > + int ret; > + > + sign_algo = pct_pk_to_sign(algo, spki); > + if (sign_algo == GNUTLS_SIGN_UNKNOWN) > + return gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); > + > + /* Do we still care GOST in FIPS mode? */ I see, thanks for checking. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2100#note_3298323752 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6xsxiondafkw3udt9xzz6j7cn-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 18:01:20 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 16:01:20 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Alexander Sosedkin marked merge request !2102 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-416oo994v3hspl0tdtgdp2e9p-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 19:08:59 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 17:08:59 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Renaud commented: https://gitlab.com/gnutls/gnutls/-/work_items/1768#note_3300503026 Thank you @asosedkin for fixing the mingw builds. I'll check the availability of the Windows builds one the official website once v3.8.13 is released, and close the issue then. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1768#note_3300503026 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-34h3pew5333irstseyhatuodi-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 19:14:19 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 17:14:19 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/work_items/1768#note_3300523509 @c0bw3b yeah, about that, the index files might not be regenerated yet, but the files themselves should already be there: https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.13-w32.zip \ https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.13-w64.zip -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1768#note_3300523509 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-aplwvpgjkzrz3zzmlmrc21qq3-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 19:14:45 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 17:14:45 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Reassigned Issue 1768 https://gitlab.com/gnutls/gnutls/-/issues/1768 Alexander Sosedkin was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1768 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-9bxfda72ege5g7e754tccwdbj-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 19:17:57 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 17:17:57 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.13 (!2102) In-Reply-To: References: Message-ID: Merge request !2102 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 Project:Branches: asosedkin/gnutls:release-3.8.13 to gnutls/gnutls:master Author: Alexander Sosedkin Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2102 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-78sibzssuq9bvpm68jwhp7ylx-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 19:28:48 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 17:28:48 +0000 Subject: [gnutls-devel] GnuTLS | prohibit CN fallback on any SAN? (#1877) References: Message-ID: Alexander Sosedkin created an issue: https://gitlab.com/gnutls/gnutls/-/work_items/1877 As discussed in https://gitlab.com/gnutls/gnutls/-/issues/1802#note_3270511716, we might want to prohibit fallback to Common Name on encountering a Subject Alternative Name of any kind, not just the ones we support. An even more radical alternative could be prohibiting all CN fallback. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1877 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-98cao09ja31l9wmmt1ppi692f-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 20:04:04 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 18:04:04 +0000 Subject: [gnutls-devel] GnuTLS | OCSP stapling may use the wrong SingleResponse for revocation status (#1812) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1812 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-ez6helu20s7s03f8p9akz72f5-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 20:03:59 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 18:03:59 +0000 Subject: [gnutls-devel] GnuTLS | OCSP stapling may use the wrong SingleResponse for revocation status (#1812) In-Reply-To: References: Message-ID: Reassigned Issue 1812 https://gitlab.com/gnutls/gnutls/-/issues/1812 Alexander Sosedkin was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1812 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-2r2hzzm3f98gi2a9ib8ted75l-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 20:03:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 18:03:05 +0000 Subject: [gnutls-devel] GnuTLS | DTLS zero-length fragment for non-empty handshake can trigger out-of-bounds read (#1811) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1811 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0exzif3kjlrfkhmzgviex6ool-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 20:16:03 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 18:16:03 +0000 Subject: [gnutls-devel] GnuTLS | DTLS zero-length fragment for non-empty handshake can trigger out-of-bounds read (#1811) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.13 (Feb 9, 2026?Apr 30, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/51 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1811 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-2qng4mb4eg29aw547znay9frk-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 20:21:47 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 18:21:47 +0000 Subject: [gnutls-devel] GnuTLS | OCSP stapling may use the wrong SingleResponse for revocation status (#1812) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.13 (Feb 9, 2026?Apr 30, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/51 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1812 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-6dio19j8hj3xpi64a9kv4ejja-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Apr 29 20:26:44 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 29 Apr 2026 18:26:44 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin Issue #1768: https://gitlab.com/gnutls/gnutls/-/work_items/1768 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1768 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-a1ho5w5d3rhkck1z7r9j4hep9-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:00:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 11:00:41 +0000 Subject: [gnutls-devel] GnuTLS | [HIGH] gnutls x509 nameconstraints: excluded dns/email subtree bypass via case-sensitive comparison (security report) (#1803) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1803#note_3303260975 I'd like to apologize for the confusion about the severity of this one, I guess I've forgot to act on the discussion above and claimed the severity to be High in NEWS and on the website. I'll change it to Moderate on the website (https://gitlab.com/gnutls/web-pages/-/commit/995d4e7da329f1efbb5d59735fc8a0fd5dab40a1), and will send a follow-up to the announcement email clarifying the severity. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1803#note_3303260975 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-2nmn7e2zs2cewqqysd6iaz8ph-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:03:56 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 11:03:56 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: change CVE-2025-61727 severity to Moderate... (!2104) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2104 Project:Branches: asosedkin/gnutls:CVE-2025-61727-severity-NEWS to gnutls/gnutls:master Author: Alexander Sosedkin * NEWS: change CVE-2025-61727 severity to Moderate... ... as discussed in #1803 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2104 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-0ipql0mtrzzsegs6o7yernuqc-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:04:53 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 11:04:53 +0000 Subject: [gnutls-devel] web-pages | make data in security announcements more consistent (!16) References: Message-ID: Rolf Eike Beer created a merge request: https://gitlab.com/gnutls/web-pages/-/merge_requests/16 Project:Branches: DerDakon/gnutls-web-pages:sa-data to gnutls/web-pages:master Author: Rolf Eike Beer We try to consume the data with a script, having things more consisent results in less code on our side. Any everyone else may benefit as well. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/web-pages/-/merge_requests/16 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-cxczkb3ikywq0t4sfhfihamud-ba1im/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:09:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 11:09:41 +0000 Subject: [gnutls-devel] GnuTLS | Draft: tests/mini-dtls-framents: link to gnulib (!2105) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2105 Project:Branches: asosedkin/gnutls:tests-dtls-mini-fragments-gnulib to gnutls/gnutls:master Author: Alexander Sosedkin * tests/mini-dtls-framents: link to gnulib * tests/mini-dtls-fragments: don't skip on WIN32 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2105 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-33t8l4vynh7x0jjf3g8cqekt7-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:37:34 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 11:37:34 +0000 Subject: [gnutls-devel] GnuTLS | Draft: tests/mini-dtls-framents: link to gnulib (!2105) In-Reply-To: References: Message-ID: Merge request !2105 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2105 Project:Branches: asosedkin/gnutls:tests-dtls-mini-fragments-gnulib to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:41:45 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 11:41:45 +0000 Subject: [gnutls-devel] GnuTLS | tests/mini-dtls-framents: link to gnulib (!2105) In-Reply-To: References: Message-ID: Alexander Sosedkin marked merge request !2105 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2105 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-eyiik9oqet61efeiz5ke2hbzz-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 13:41:59 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 11:41:59 +0000 Subject: [gnutls-devel] GnuTLS | tests/mini-dtls-framents: link to gnulib (!2105) In-Reply-To: References: Message-ID: Merge request !2105 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2105 Project:Branches: asosedkin/gnutls:tests-dtls-mini-fragments-gnulib to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2105 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-91b2ihw6vy4fdr67bakdmi4nc-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 14:32:21 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 12:32:21 +0000 Subject: [gnutls-devel] GnuTLS | Build failure error: expected ')' in crau/crau.h (#1880) References: Message-ID: Marius Schamschula created an issue: https://gitlab.com/gnutls/gnutls/-/work_items/1880 ## Description of problem: See https://trac.macports.org/ticket/73942 ``` In file included from audit.c:26: In file included from ./audit.h:22: ./crau/crau.h:263:60: error: expected ')' void crau_push_context(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:263:23: note: to match this '(' void crau_push_context(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:263:6: error: conflicting types for 'crau_push_context' void crau_push_context(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:86:6: note: previous declaration is here void crau_push_context(struct crau_context_stack_st *stack, ^ ./crau/crau.h:269:54: error: expected ')' crau_pop_context(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED) ^ ./crau/crau.h:269:17: note: to match this '(' crau_pop_context(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED) ^ ./crau/crau.h:275:58: error: expected ')' crau_current_context(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED) ^ ./crau/crau.h:275:21: note: to match this '(' crau_current_context(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED) ^ ./crau/crau.h:280:71: error: expected ')' void crau_push_context_with_datav(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:280:34: note: to match this '(' void crau_push_context_with_datav(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:280:6: error: conflicting types for 'crau_push_context_with_datav' void crau_push_context_with_datav(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:109:6: note: previous declaration is here void crau_push_context_with_datav(struct crau_context_stack_st *stack, ^ ./crau/crau.h:286:70: error: expected ')' void crau_push_context_with_data(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:286:33: note: to match this '(' void crau_push_context_with_data(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:286:6: error: conflicting types for 'crau_push_context_with_data' void crau_push_context_with_data(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:106:6: note: previous declaration is here void crau_push_context_with_data(struct crau_context_stack_st *stack, ^ ./crau/crau.h:291:53: error: expected ')' void crau_datav(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:291:16: note: to match this '(' void crau_datav(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:291:6: error: conflicting types for 'crau_datav' void crau_datav(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ^ ./crau/crau.h:140:6: note: previous declaration is here void crau_datav(struct crau_context_stack_st *stack, va_list ap); ^ ./crau/crau.h:296:52: error: expected ')' void crau_data(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ...) ^ ./crau/crau.h:296:15: note: to match this '(' void crau_data(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ...) ^ ./crau/crau.h:296:6: error: conflicting types for 'crau_data' void crau_data(struct crau_context_stack_st *stack CRAU_MAYBE_UNUSED, ...) ^ ./crau/crau.h:138:6: note: previous declaration is here void crau_data(struct crau_context_stack_st *stack, ...); ^ 12 errors generated. ``` ## Version of gnutls used: 8.3.13 (also reproduced on 8.3.12) ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) MacPorts ## How reproducible: Steps to Reproduce: Normal build process on platforms with clang older than version 17 (or Apple equivalent). ## Actual results: See above ## Expected results: Clean build ## Workaround Require newer compiler, i.e. clang-17 or more recent -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/work_items/1880 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-8p3mjaq2bjuftp2osviakkzr7-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 15:22:01 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 13:22:01 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: change CVE-2026-3833 severity to Moderate... (!2104) In-Reply-To: References: Message-ID: Merge request !2104 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2104 Project:Branches: asosedkin/gnutls:CVE-2025-61727-severity-NEWS to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2104 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-a1xud7ufdpza4a0sx3uarryco-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Apr 30 15:22:08 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 30 Apr 2026 13:22:08 +0000 Subject: [gnutls-devel] GnuTLS | NEWS: change CVE-2026-3833 severity to Moderate... (!2104) In-Reply-To: References: Message-ID: Merge request !2104 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2104 Project:Branches: asosedkin/gnutls:CVE-2025-61727-severity-NEWS to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: