From gnutls-devel at lists.gnutls.org Mon Feb 2 12:55:00 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Feb 2026 11:55:00 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap fails when using gettext (autopoint) v. 1.0 (#1792) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1792#note_3051405009 I admit I have been away from the gettext development for a long time, but that reminds me of https://lists.gnu.org/archive/html/bug-gettext/2013-07/msg00002.html and I suspect it might be fixed if autopoint used `func_trace_autoconf` instead of `func_trace_sed` for that. @bhaible What do you think? Given gettext 0.19 is already over a decade old, I guess we could simply drop the `m4_ifdef` anyway. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1792#note_3051405009 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 2 13:57:12 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 02 Feb 2026 12:57:12 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap fails when using gettext (autopoint) v. 1.0 (#1792) In-Reply-To: References: Message-ID: Bruno Haible commented: https://gitlab.com/gnutls/gnutls/-/issues/1792#note_3051633223 I would suggest to - either change that `0.19` to `0.19.6` and eliminate the m4_ifdef test, - or hide the m4_ifdef test from `autopoint`, similar to what is done in https://sources.debian.org/src/wget2/2.2.0+ds-3/debian/patches/configure-ac.patch -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1792#note_3051633223 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 3 05:34:03 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Feb 2026 04:34:03 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: hide m4_ifdef from autopoint (!2061) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2061 Project:Branches: dueno/gnutls:wip/dueno/gettext-1.0 to gnutls/gnutls:master Author: Daiki Ueno * configure.ac: hide m4_ifdef from autopoint The recent version of autopoint warns about multiple invocation of AM_GNU_GETTEXT_REQUIRE_VERSION, without evaluating m4_ifdef. This obfuscates the first occurrence with a quote to work around that. Suggested by Bruno Haible. Fixes: #1792 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2061 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 3 17:10:07 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Feb 2026 16:10:07 +0000 Subject: [gnutls-devel] GnuTLS | GOST crypto according to RFC9558 support (#1793) References: Message-ID: Igor created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1793 Hello, dear colleagues! Are there any plans for support GOST2012 with elliptic curve id-tc26-gost-3410-2012-256-paramSet as discribed in RFC9558? There is the comment in lib/x509/key_encode.c: ```c /* For compatibility per R 1323565.1.023?2018 provide digest OID only * for GOST-2001 keys or GOST-2012 keys with CryptoPro curves. Do not * set this optional parameter for TC26 curves */ ``` But the document has been greatly updated and for now elliptic curves from TC26 are used, for example, in openssl. Or maybe this is a question of nettle software patching? Thank you in advence for your answer! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1793 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 3 18:29:17 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 03 Feb 2026 17:29:17 +0000 Subject: [gnutls-devel] GnuTLS | GOST crypto according to RFC9558 support (#1793) In-Reply-To: References: Message-ID: Simon Josefsson commented: https://gitlab.com/gnutls/gnutls/-/issues/1793#note_3055511267 If we don't have support for it, I don't think it is useful to add now. X25519 is a good ECC curve, and working on adding old pre-PQ crypto now seems odd. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1793#note_3055511267 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 4 09:07:55 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 04 Feb 2026 08:07:55 +0000 Subject: [gnutls-devel] GnuTLS | GOST crypto according to RFC9558 support (#1793) In-Reply-To: References: Message-ID: Igor commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1793#note_3057004523 Thank you for reply, Simon! Ok, i got you. But i would like to ask you, is there any framework that halps to integrate new cryptos in your GNUTLS project? For example i know such project as ECCKiila for generating C-sources for openssl lib. And in case of GOST there is separate module known gost-engine. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1793#note_3057004523 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 05:08:42 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 04:08:42 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testdane.sh: try to make it more stable (!2054) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2054#note_3059635620 LGTM! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2054#note_3059635620 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 05:08:45 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 04:08:45 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testdane.sh: try to make it more stable (!2054) In-Reply-To: References: Message-ID: Merge request !2054 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2054 Project:Branches: asosedkin/gnutls:testdane-stability to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 05:09:11 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 04:09:11 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap fails when using gettext (autopoint) v. 1.0 (#1792) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.12 (Nov 18, 2025?Jan 18, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/50 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 08:25:25 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 07:25:25 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance: GnuTLS accepts the CRL containing an OU field with the tag value of 0xFD. (#1794) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1794 ## Description of problem: Hello developers, I have successfully parsed a CRL containing an OU field tagged 0xFD using GnuTLS. ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile issuer_253_tag_ou.der ## Actual results: [issuer_253_tag_ou.der](/uploads/ae8a3d8e573973f89e8a4832508eb886/issuer_253_tag_ou.der) ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1794 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 12:49:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 11:49:26 +0000 Subject: [gnutls-devel] GnuTLS | tests/suite/testdane.sh: try to make it more stable (!2054) In-Reply-To: References: Message-ID: Merge request !2054 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2054 Project:Branches: asosedkin/gnutls:testdane-stability to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2054 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 14:52:25 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 13:52:25 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance: GnuTLS accepted the CRL file with an incorrect inner algorithm identifier. (#1795) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1795 ## Description of problem: Hello developers, I successfully parsed a CRL file with an inner algorithm identifier of 1.2.840.98445.1.1.11 using GnuTLS, although GnuTLS did not display the specific information of the inner algorithm identifier in the parsing results. When Go parsed this CRL file, it displayed the error: "inner and outer signature algorithm identifiers don't match". ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile crl_wrong_inner_signature_oid.der ## Actual results: [crl_wrong_inner_signature_oid.der](/uploads/28ee3b442af58491839a61c5dd69f71a/crl_wrong_inner_signature_oid.der) ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1795 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 18:39:22 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 17:39:22 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: hide m4_ifdef from autopoint (!2061) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.12 (Nov 18, 2025?Feb 18, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/50 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2061 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 18:40:39 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 17:40:39 +0000 Subject: [gnutls-devel] GnuTLS | can't send mlkem768x25519 and x25519 key shares together; would rather see both sent with x25519 value reused (#1763) In-Reply-To: References: Message-ID: Milestone removed -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1763 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 18:42:43 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 17:42:43 +0000 Subject: [gnutls-devel] GnuTLS | can't send mlkem768x25519 and x25519 key shares together; would rather see both sent with x25519 value reused (#1763) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.13 ( https://gitlab.com/gnutls/gnutls/-/milestones/51 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1763 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 19:43:31 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 18:43:31 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.12 (!2062) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 5 19:43:34 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 05 Feb 2026 18:43:34 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.12 (!2062) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062 Project:Branches: asosedkin/gnutls:wip/asosedkin/release-3.8.12 to gnutls/gnutls:master Author: Alexander Sosedkin Reviewer: Daiki Ueno * Release 3.8.12 * NEWS: mention 3.8.12 changes ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 10:56:51 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 09:56:51 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.12 (!2062) In-Reply-To: References: Message-ID: Merge request !2062 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062 Project:Branches: asosedkin/gnutls:wip/asosedkin/release-3.8.12 to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewer: Daiki Ueno -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 10:57:20 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 09:57:20 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Release 3.8.12 (!2062) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062#note_3063785603 Speculatively approving, so you can create a release without me :-) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062#note_3063785603 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 11:25:00 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 10:25:00 +0000 Subject: [gnutls-devel] GnuTLS | p11tool stopped showing token (#1774) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.12 (Nov 18, 2025?Feb 18, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/50 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1774 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 11:25:47 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 10:25:47 +0000 Subject: [gnutls-devel] GnuTLS | `gnutls_hash_output(..., NULL)` leads to SIGSEGV (#1769) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.12 (Nov 18, 2025?Feb 18, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/50 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1769 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 14:54:49 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 13:54:49 +0000 Subject: [gnutls-devel] GnuTLS | RFC 5280 compliance: GnuTLSaccepts the Issuer field with invalid UTF-8 values. (#1796) References: Message-ID: One happy person created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1796 ## Description of problem: Hello developers, I have successfully parsed a CRL file with an invalid UTF-8 value in the Issuer field using GnuTLS.The 5th byte of the L (LocalityName) attribute in the Issuer field is 0xFF, and 0xFF is an illegal byte in UTF-8 encoding. ## Version of gnutls used: GnuTLS 3.8.9 ## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL) Ubuntu ## How reproducible: certtool --crl-info --inder --infile crl_fuzz_L_field_0xFF.der ## Actual results: [crl_fuzz_L_field_0xFF.der](/uploads/8e4c4549d5954ef535a5c96023e3a638/crl_fuzz_L_field_0xFF.der) ## Expected results: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1796 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 16:09:09 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 15:09:09 +0000 Subject: [gnutls-devel] GnuTLS | tests/Makefile: specify overlooked pkcs11-long-label dependencies (!2063) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2063 Project:Branches: asosedkin/gnutls:pkcs11-long-label-dependencies to gnutls/gnutls:master Author: Alexander Sosedkin tests/Makefile: specify overlooked pkcs11-long-label dependencies I don't remember anyone complaining about them missing; still better have them, I guess. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2063 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 18:47:37 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 17:47:37 +0000 Subject: [gnutls-devel] GnuTLS | cligen: update submodule (!2064) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2064 Project:Branches: asosedkin/gnutls:update-cligen to gnutls/gnutls:master Author: Alexander Sosedkin cligen: update submodule Picks https://gitlab.com/gnutls/cligen/-/merge_requests/6 and https://gitlab.com/gnutls/cligen/-/merge_requests/7 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2064 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 18:52:50 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 17:52:50 +0000 Subject: [gnutls-devel] GnuTLS | Use matching allocator/deallocator (!2058) In-Reply-To: References: Message-ID: All discussions on merge request !2058 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 18:55:25 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 17:55:25 +0000 Subject: [gnutls-devel] GnuTLS | Use matching allocator/deallocator (!2058) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058#note_3065088358 at least the ones mentioned in https://gitlab.com/gnutls/gnutls/-/merge_requests/2058#note_3031254571 are not addressed, but the ones that fixed look good, so, merging -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058#note_3065088358 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 18:55:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 17:55:26 +0000 Subject: [gnutls-devel] GnuTLS | Use matching allocator/deallocator (!2058) In-Reply-To: References: Message-ID: Merge request !2058 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 Project:Branches: dueno/gnutls:wip/dueno/gcc-analyzer-fixes to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewer: Alexander Sosedkin -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 18:55:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 17:55:26 +0000 Subject: [gnutls-devel] GnuTLS | Use matching allocator/deallocator (!2058) In-Reply-To: References: Message-ID: All discussions on merge request !2058 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 18:55:45 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 17:55:45 +0000 Subject: [gnutls-devel] GnuTLS | Use matching allocator/deallocator (!2058) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.12 (Nov 18, 2025?Feb 18, 2026) ( https://gitlab.com/gnutls/gnutls/-/milestones/50 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 18:55:51 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 17:55:51 +0000 Subject: [gnutls-devel] GnuTLS | Use matching allocator/deallocator (!2058) In-Reply-To: References: Message-ID: Merge request !2058 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 Project:Branches: dueno/gnutls:wip/dueno/gcc-analyzer-fixes to gnutls/gnutls:master Author: Daiki Ueno Reviewer: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2058 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 19:00:03 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 18:00:03 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: hide m4_ifdef from autopoint (!2061) In-Reply-To: References: Message-ID: Merge request !2061 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2061 Project:Branches: dueno/gnutls:wip/dueno/gettext-1.0 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 19:00:11 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 18:00:11 +0000 Subject: [gnutls-devel] GnuTLS | configure.ac: hide m4_ifdef from autopoint (!2061) In-Reply-To: References: Message-ID: Merge request !2061 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2061 Project:Branches: dueno/gnutls:wip/dueno/gettext-1.0 to gnutls/gnutls:master Author: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2061 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 6 19:00:12 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 06 Feb 2026 18:00:12 +0000 Subject: [gnutls-devel] GnuTLS | bootstrap fails when using gettext (autopoint) v. 1.0 (#1792) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin with merge request !2061 (https://gitlab.com/gnutls/gnutls/-/merge_requests/2061) Issue #1792: https://gitlab.com/gnutls/gnutls/-/issues/1792 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1792 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 7 02:28:13 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Feb 2026 01:28:13 +0000 Subject: [gnutls-devel] GnuTLS | tests/Makefile: specify overlooked pkcs11-long-label dependencies (!2063) In-Reply-To: References: Message-ID: Merge request !2063 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2063 Project:Branches: asosedkin/gnutls:pkcs11-long-label-dependencies to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 7 02:28:21 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Feb 2026 01:28:21 +0000 Subject: [gnutls-devel] GnuTLS | tests/Makefile: specify overlooked pkcs11-long-label dependencies (!2063) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2063#note_3065659370 Good catch! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2063#note_3065659370 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 7 02:28:56 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 07 Feb 2026 01:28:56 +0000 Subject: [gnutls-devel] GnuTLS | cligen: update submodule (!2064) In-Reply-To: References: Message-ID: Merge request !2064 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2064 Project:Branches: asosedkin/gnutls:update-cligen to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 07:16:00 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 06:16:00 +0000 Subject: [gnutls-devel] GnuTLS | tests/Makefile: specify overlooked pkcs11-long-label dependencies (!2063) In-Reply-To: References: Message-ID: Merge request !2063 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2063 Project:Branches: asosedkin/gnutls:pkcs11-long-label-dependencies to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2063 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 07:16:28 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 06:16:28 +0000 Subject: [gnutls-devel] GnuTLS | cligen: update submodule (!2064) In-Reply-To: References: Message-ID: Merge request !2064 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2064 Project:Branches: asosedkin/gnutls:update-cligen to gnutls/gnutls:master Author: Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2064 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 15:16:44 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 14:16:44 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.12 (!2062) In-Reply-To: References: Message-ID: Alexander Sosedkin marked merge request !2062 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 15:29:15 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 14:29:15 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1768#note_3069489507 I've tried the suggestion above, and it turned out to be significantly harder than that, so, I'm afraid, this will have to be deferred for another release. Sorry. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1768#note_3069489507 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 15:29:28 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 14:29:28 +0000 Subject: [gnutls-devel] GnuTLS | Windows builds unavailable for v3.8.11 (#1768) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.13 ( https://gitlab.com/gnutls/gnutls/-/milestones/51 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1768 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 16:36:53 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 15:36:53 +0000 Subject: [gnutls-devel] GnuTLS | Release 3.8.12 (!2062) In-Reply-To: References: Message-ID: Merge request !2062 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062 Project:Branches: asosedkin/gnutls:wip/asosedkin/release-3.8.12 to gnutls/gnutls:master Author: Alexander Sosedkin Reviewer: Daiki Ueno -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2062 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 16:36:54 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 15:36:54 +0000 Subject: [gnutls-devel] GnuTLS | Security issue: NULL pointer dereference in PSK binder verification (gnutls 3.8.11) (#1790) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin with commit acf67a4a68bc6d9ab7b882469c67f6cf28db56a0 Issue #1790: https://gitlab.com/gnutls/gnutls/-/issues/1790 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1790 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 16:36:54 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 15:36:54 +0000 Subject: [gnutls-devel] GnuTLS | Verifying Certificates with large amout of name constraints and subject alternative names makes GnuTLS vulnerable to DoS attacks (#1773) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin with commit d6054f0016db05fb5c82177ddbd0a4e8331059a1 Issue #1773: https://gitlab.com/gnutls/gnutls/-/issues/1773 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1773 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 17:21:35 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 16:21:35 +0000 Subject: [gnutls-devel] GnuTLS | Buffer overflow in _gnutls_bin2hex() (#1786) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1786#note_3069867265 !2062 contains a fix. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1786#note_3069867265 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 17:22:21 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 16:22:21 +0000 Subject: [gnutls-devel] GnuTLS | Buffer overflow in _gnutls_bin2hex() (#1786) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin Issue #1786: https://gitlab.com/gnutls/gnutls/-/issues/1786 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1786 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 17:22:33 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 16:22:33 +0000 Subject: [gnutls-devel] GnuTLS | Possible vulnerabilty via str_escape() in lib/x509/common.c (#1783) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin Issue #1783: https://gitlab.com/gnutls/gnutls/-/issues/1783 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1783 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 9 18:57:06 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 09 Feb 2026 17:57:06 +0000 Subject: [gnutls-devel] GnuTLS | devel/release-steps.md: extend (!2065) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2065 Project:Branches: asosedkin/gnutls:update-release-steps to gnutls/gnutls:master Author: Alexander Sosedkin devel/release-steps.md: propose a few details in the wake of 3.8.12 release ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2065 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 10 13:16:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Feb 2026 12:16:05 +0000 Subject: [gnutls-devel] GnuTLS | devel/release-steps.md: extend (!2065) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2065#note_3072186373 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2065#note_3072186373 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 10 13:19:50 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 10 Feb 2026 12:19:50 +0000 Subject: [gnutls-devel] GnuTLS | devel/release-steps.md: extend (!2065) In-Reply-To: References: Message-ID: Merge request !2065 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2065 Project:Branches: asosedkin/gnutls:update-release-steps to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 11 03:04:52 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Feb 2026 02:04:52 +0000 Subject: [gnutls-devel] GnuTLS | devel/release-steps.md: extend (!2065) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on devel/release-steps.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/2065#note_3074153290 > Create a detached GPG signature. > Upload zip and signature files to ftp.gnupg.org. > Do the same analogically for `mingw64/archive`. > +1. Reveal and close the security issues addressed in the release. > +1. Close the security fixes merge requests addressed in the release. > 1. Create and send announcement email based on previously sent email Might make sense to link to the actual mailing lists we send the announcement email? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2065#note_3074153290 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 11 12:45:43 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 11 Feb 2026 11:45:43 +0000 Subject: [gnutls-devel] GnuTLS | stamp_error_codes missing from doc/Makefile.am EXTRA_DIST (#1797) References: Message-ID: Adam Sampson created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1797 Building gnutls 3.8.12 from the source tarball causes the `stamp_error_codes` rule in `doc/Makefile.am` to run. This isn't the intent, since the files it generates are shipped in the tarball (and it breaks crossbuilding because `errcodes` etc. aren't built for the build machine's architecture). Looking at the contents of the tarball, the `stamp_enums` and `stamp_functions` files are included, but `stamp_error_codes` isn't. This appears to be because 251ba80dde601b9e4f9bc7a860c72044034f95a6 added `stamp_error_codes` to `DISTCLEANFILES` but didn't add it to `EXTRA_DIST`. I guess it should be in `MAINTAINERCLEANFILES` too. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1797 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 12 17:20:30 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 12 Feb 2026 16:20:30 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Single shot signing (!2066) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066 Project:Branches: dueno/gnutls:wip/dueno/single-shot-signing to gnutls/gnutls:master Author: Daiki Ueno This makes the single-shot signing behavior (on the contrary to prehashed) the primary signing interface of crypto-backend. * pk: rely on single-shot signing behavior of crypto backend Now that hashing is done in crypto backend by default, stop doing that at the abstract key API level and just pass the original data to crypto backend. This also removes privkey_sign_and_hash_data as it would be identical to privkey_sign_raw_data. * pk, nettle: use and honor GNUTLS_PK_FLAG_PREHASHED This sets GNUTLS_PK_FLAG_PREHASHED to signing parameters where appropriate, and make the nettle crypto backend respect the flag. * crypto-backend: add GNUTLS_PK_FLAG_PREHASHED flag The flag indicates that the input to .sign and .verify backend functions are provided with hashed data, instead of the entire data. * algorithms: move no_prehashed flag from pubkey to sign That way we can add prehashed signing algorithms without adding the corresponding pubkey algorithms. * pk: move DigestInfo encoding into crypto backend Previously, the conversion of hash into PKCS#1 DigestInfo was done in the abstract key API. To give the crypto backend, such as nettle and PKCS#11, move the logic there. * pk: inline pk_hash_data This function is only used by privkey_sign_and_hash_data, where it provides a wrapper around _gnutls_hash_fast. Better inline it at the caller and avoid pre-allocation of the buffer. * nettle: fix comment indentation These were a left-over when we previously reformatted the code using GNU indent; clang-format doesn't take into account of comments. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 14 02:57:23 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Feb 2026 01:57:23 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Single shot signing (!2066) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066#note_3083717011 I'm a bit busy this month, so deferring this to the next month. Here are some notes (for myself) to continue working on this: - The signing logic has actually 3 backends: X.509 (i.e., Nettle or the new pkcs11-provider), external callbacks, and the legacy PKCS#11 private key support. Currently all of them do "raw" signing with a given public key algorithm. To support single-shot signing, the latter two still need pre-hashing for backward compatibility - The low level signing functions (e.g., _gnutls_pk_sign) should take a signing algorithm instead of a public key algorithm to support single-shot operation naturally. Then we can remove `*_dig` fields in `gnutls_x509_spki_st` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2066#note_3083717011 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 14 18:08:39 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 14 Feb 2026 17:08:39 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#11 Auto-Initialization Not Working (#1798) References: Message-ID: Claudio Ferreira created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1798 ## Context This issue was discovered while investigating OpenConnect VPN client authentication failures with PKCS#11 tokens. **OpenConnect issue #835**: "GnuTLS backend does not initialize PKCS#11 modules" - URL: https://gitlab.com/openconnect/openconnect/-/issues/835 - OpenConnect maintainer (Dimitri Papadopoulos) suggested this is a GnuTLS bug - OpenConnect calls multiple `gnutls_pkcs11_*()` functions but auto-init doesn't trigger - Workaround being implemented in OpenConnect pending GnuTLS fix ## Summary GnuTLS 3.8.12 does not automatically initialize PKCS#11 modules when applications call `gnutls_pkcs11_*()` functions, despite documentation stating that `gnutls_pkcs11_init()` is called automatically since version 3.3.0. ## Environment - **GnuTLS**: 3.8.12-2 - **p11-kit**: 0.25.10 - **OS**: Debian GNU/Linux Sid - **Application**: OpenConnect 9.12 - **Token**: G&D StarSign CUT S (SafeSign IC driver) - **Certificate**: ICP-Brasil A3 ## Expected Behavior According to GnuTLS documentation: > Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly called. It is being called during the first request PKCS 11 operation. When an application calls `gnutls_pkcs11_*()` functions (e.g., when processing a PKCS#11 URI), GnuTLS should automatically initialize PKCS#11 modules. ## Actual Behavior PKCS#11 modules are **not** initialized automatically. Applications must explicitly call `gnutls_pkcs11_init()` or PKCS#11 operations fail silently. ## Reproduction ### Test Case 1: OpenConnect (Real-World Application) OpenConnect calls multiple `gnutls_pkcs11_*()` functions when processing PKCS#11 URIs, but PKCS#11 modules are never initialized. **Command:** ```bash export GNUTLS_DEBUG_LEVEL=3 openconnect --protocol=gp -c "pkcs11:token=MyToken" vpn.example.com ``` **Result WITHOUT explicit `gnutls_pkcs11_init()`:** ``` gnutls[2]: Enabled GnuTLS 3.8.12 logging... gnutls[2]: getrandom random generator was selected ... (zero PKCS#11-related messages) ... Valid client certificate is required Failed to complete authentication ``` No PKCS#11 initialization occurs, even though OpenConnect calls `gnutls_pkcs11_*()` functions. **Result WITH explicit `gnutls_pkcs11_init()`:** ``` gnutls[2]: Enabled GnuTLS 3.8.12 logging... gnutls[2]: Initializing all PKCS #11 modules gnutls[2]: p11: Initializing module: p11-kit-trust gnutls[2]: p11: Initializing module: safesign gnutls[2]: p11: Module safesign is initialized in a thread-safe mode PIN required for MyToken Enter PIN: ``` PKCS#11 modules are loaded and authentication succeeds. ### Test Case 2: Minimal Reproduction (Suggested) ```c #include #include #include int main(void) { int ret; // Initialize GnuTLS (but NOT PKCS#11) gnutls_global_init(); // Try to use PKCS#11 - should trigger auto-init according to docs gnutls_pkcs11_token_get_info( "pkcs11:token=MyToken", GNUTLS_PKCS11_TOKEN_LABEL, NULL, NULL ); // Check if PKCS#11 was initialized // Expected: modules loaded automatically // Actual: no initialization occurs gnutls_global_deinit(); return 0; } ``` **Expected**: First `gnutls_pkcs11_*()` call triggers automatic initialization. **Actual**: No initialization occurs, PKCS#11 operations fail. ## Analysis ### Code Flow in OpenConnect 1. `openconnect_init_ssl()` calls `gnutls_global_init()` only 2. Later, certificate loading code calls various `gnutls_pkcs11_*()` functions 3. These functions should trigger auto-initialization per documentation 4. But they don't - no PKCS#11 modules are loaded ### Which Functions Are Called OpenConnect calls (at minimum): - `gnutls_pkcs11_obj_*()` functions for certificate operations - `gnutls_pkcs11_privkey_*()` functions for private key operations - Other PKCS#11-related GnuTLS APIs These should qualify as "PKCS 11 operations" that trigger auto-init. ## Impact This affects any application that: 1. Calls `gnutls_global_init()` but not `gnutls_pkcs11_init()` 2. Relies on documented automatic PKCS#11 initialization 3. Uses PKCS#11 tokens for authentication Real-world affected applications: - OpenConnect VPN client - Potentially other VPN clients using GnuTLS - Any application following GnuTLS documentation ## Workaround Applications must explicitly call `gnutls_pkcs11_init()`: ```c int openconnect_init_ssl(void) { if (gnutls_global_init()) return -EIO; // Workaround for GnuTLS auto-init not working #if defined(HAVE_P11KIT) if (gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_AUTO, NULL) < 0) { // Handle error } #endif return 0; } ``` ## Questions 1. Is automatic PKCS#11 initialization still supposed to work in GnuTLS 3.8.x? 2. Which specific GnuTLS functions should trigger auto-initialization? 3. Is there a specific initialization order or condition required? 4. Should this be considered a regression or documentation issue? ## References - GnuTLS PKCS#11 docs: https://gnutls.org/manual/html_node/PKCS11-Initialization.html - OpenConnect issue #835: https://gitlab.com/openconnect/openconnect/-/issues/835 - RFC 7512 (PKCS#11 URI): https://tools.ietf.org/html/rfc7512 ## Related Issues - **GnuTLS #1784** - "SafeSign token compatibility: CKR_ARGUMENTS_BAD with threading flags" (January 2026) - URL: https://gitlab.com/gnutls/gnutls/-/issues/1784 - Our previous report about SafeSign driver rejecting PKCS#11 threading flags - Patch submitted to add fallback for `CKR_ARGUMENTS_BAD` with `flags=0` - This current issue is different but related: auto-initialization not working - **GnuTLS #1060** - "Uninitialized lock when using pkcs11 private key for signing" (August 2020) - URL: https://gitlab.com/gnutls/gnutls/-/issues/1060 - Similar symptom: "Thread locking error" in single-threaded application - Context: Lock not initialized when using PKCS#11 private key - May be related to PKCS#11 initialization issues ## Additional Information I can provide: - Complete debug logs (with `GNUTLS_DEBUG_LEVEL=9`) - Minimal test case if needed - Testing on different GnuTLS versions - p11-kit configuration details -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1798 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 16 05:50:25 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 Feb 2026 04:50:25 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#11 Auto-Initialization Not Working (#1798) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1798#note_3085364052 Thank you for the report. I tried to reproduce it with your provided test case 2, but it worked as expected against SoftHSM2: ```console $ cat softhsm2.conf directories.tokendir = ./tokens $ export SOFTHSM2_CONF=$PWD/softhsm2.conf $ softhsm2-util --init-token --free --label MyToken --pin 1234 --so-pin 1234 Slot 0 has a free/uninitialized token. The token has been initialized and is reassigned to slot 832855648 $ GNUTLS_DEBUG_LEVEL=10 ./test gnutls[2]: Enabled GnuTLS 3.8.12 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator (AVX) was detected gnutls[2]: cfg: unable to access: /usr/local/etc/gnutls/config: 2 gnutls[2]: Initializing all PKCS #11 modules gnutls[2]: p11: Initializing module: p11-kit-trust gnutls[2]: p11: Module p11-kit-trust is initialized in a thread-safe mode gnutls[2]: p11: Initializing module: kryoptic gnutls[2]: p11: Module kryoptic is initialized in a thread-safe mode gnutls[2]: p11: Initializing module: opensc gnutls[2]: p11: Module opensc is initialized in a thread-safe mode gnutls[2]: p11: Initializing module: softhsm2 gnutls[2]: p11: Module softhsm2 is initialized in a thread-safe mode gnutls[2]: Loading PKCS #11 libraries from /etc/gnutls/pkcs11.conf gnutls[2]: Could not load /etc/gnutls/pkcs11.conf: Error while reading file. 8 ``` I modified the program to print the `output_size` returned by `gnutls_pkcs11_token_get_info`, which should be 8 in this case (= `strlen("MyToken") + 1 /*NUL*/`): ```c #include #include #include int main(void) { int ret; size_t size = 0; // Initialize GnuTLS (but NOT PKCS#11) gnutls_global_init(); // Try to use PKCS#11 - should trigger auto-init according to docs gnutls_pkcs11_token_get_info( "pkcs11:token=MyToken", GNUTLS_PKCS11_TOKEN_LABEL, NULL, &size ); printf("%zu\n", size); // Check if PKCS#11 was initialized // Expected: modules loaded automatically // Actual: no initialization occurs gnutls_global_deinit(); return 0; } ``` I suspect that your issue might be specific to the token "G&D StarSign CUT S (SafeSign IC driver)", which may not support thread-safe initialization (see !2014 and !2049). Could you run the test under `GNUTLS_DEBUG_LEVEL=10` to gather more information? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1798#note_3085364052 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 16 19:04:01 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 16 Feb 2026 18:04:01 +0000 Subject: [gnutls-devel] GnuTLS | Draft: key_share: allow key share reuse with hybrids (!2067) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067 Project:Branches: asosedkin/gnutls:key-share-reuse to gnutls/gnutls:master Author: Alexander Sosedkin The idea is to address https://gitlab.com/gnutls/gnutls/-/issues/1763 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 17 02:48:27 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Feb 2026 01:48:27 +0000 Subject: [gnutls-devel] GnuTLS | Draft: key_share: allow key share reuse with hybrids (!2067) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on lib/ext/key_share.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067#note_3088140139 > > case GNUTLS_PK_ECDH_X25519: > case GNUTLS_PK_ECDH_X448: > - gnutls_pk_params_release(&session->key.kshare.ecdhx_params); > - gnutls_pk_params_init(&session->key.kshare.ecdhx_params); > + /* try reusing existing values */ > + if (session->key.kshare.ecdhx_params.curve == group->curve && > + session->key.kshare.ecdhx_params.algo == group->pk && > + session->key.kshare.ecdhx_params.raw_pub.data != NULL) { The GNUTLS_PK_EC branch also needs this treatment for SecP256r1MLKEM768 etc., right? To make it easier to follow, I would rather make the entire logic in multiple passes: first determine which groups to send, dissect hybrids and uniquify standalones, generate key share for each standalone group, and finally combine them. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2067#note_3088140139 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 17 13:09:25 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 17 Feb 2026 12:09:25 +0000 Subject: [gnutls-devel] GnuTLS | PKCS#11 Auto-Initialization Not Working (#1798) In-Reply-To: References: Message-ID: Claudio Ferreira commented: https://gitlab.com/gnutls/gnutls/-/issues/1798#note_3089295584 Thank you for your patience and for the detailed investigation! After extensive testing with your suggested test case, I have important findings to report. ## Summary Auto-initialization **does work** (modules are loaded), but there's a **timing/state issue** that prevents certificate discovery when initialization happens automatically vs. explicitly. ## Test Results ### Environment - **GnuTLS**: 3.8.12-2 (with MRs !2014 and !2049 applied) - **OpenConnect**: 9.12-3.3 (Debian package) - **Token**: G&D StarSign CUT S (SafeSign IC driver) - **Certificate**: ICP-Brasil A3 ### Test 1: OpenConnect WITHOUT explicit init (stock Debian package) ```bash GNUTLS_DEBUG_LEVEL=10 /usr/sbin/openconnect --protocol=gp \ -c "pkcs11:id=%XX%XX%XX%XX" [VPN_SERVER] ``` **Result:** ``` gnutls[2]: p11: Initializing module: safesign gnutls[2]: p11: Module safesign is initialized in a thread-safe mode ... gnutls[3]: ASSERT: ../../../lib/auth/cert.c[find_x509_client_cert]:229 ... Valid client certificate is required ``` ? PKCS#11 auto-initialization **works** (SafeSign loaded) ? Certificate discovery **fails** (`find_x509_client_cert` assertion) ? Empty certificate sent to server (7 bytes) ? Authentication fails ### Test 2: OpenConnect WITH explicit init (patched version) Same command, but OpenConnect calls `gnutls_pkcs11_init()` explicitly in `openconnect_init_ssl()`: **Result:** ``` PIN necess?rio para [TOKEN_NAME] Insira o PIN: Usando certificado "[USER_NAME]:[CPF_MASKED]" do cliente Pr?xima AC "AC SOLUTI Multipla v5 G2" obtida de PKCS#11 ... Conectado ao HTTP no [VPN_SERVER] ``` ? PKCS#11 initialized explicitly ? PIN prompt appears ? Certificate **found and loaded** successfully ? Full certificate chain retrieved from token ? VPN connection succeeds ## Analysis The MRs !2014 and !2049 successfully fixed the **initialization** problem, but there's a subtle **timing/state issue**: 1. **Auto-init (late)**: When GnuTLS initializes PKCS#11 automatically during the first PKCS#11 operation, something in the internal state causes `find_x509_client_cert()` to fail 2. **Explicit init (early)**: When OpenConnect initializes PKCS#11 explicitly in `openconnect_init_ssl()` before any certificate operations, everything works correctly ## Possible Causes 1. **State initialization order**: Auto-init may not fully initialize some internal state needed for certificate discovery 2. **Module registration timing**: Modules registered during auto-init may not be properly available for subsequent operations 3. **p11-kit interaction**: The interaction between GnuTLS and p11-kit may have different behavior depending on initialization timing ## Conclusion This is **not a false report**, but the problem is more subtle than initially described: - ? Auto-initialization works (modules load) - ? But certificate discovery fails with auto-init - ? Explicit initialization works perfectly **Question**: Is this expected behavior, or should auto-init guarantee the same state as explicit init? ## Logs Available I can provide complete debug logs (GNUTLS_DEBUG_LEVEL=10) for both scenarios if helpful. --- Thank you for your time investigating this. The MRs !2014 and !2049 definitely improved the situation, but there seems to be a remaining issue with certificate discovery timing. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1798#note_3089295584 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 18 14:35:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Feb 2026 13:35:26 +0000 Subject: [gnutls-devel] GnuTLS | Tests: Memory leak in pkcs11/long-label.c (missing gnutls_free ) (#1799) References: Message-ID: Conor Tull created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1799 In `tests/pkcs11/long-label.c`, the test iterates through tokens using `gnutls_pkcs11_token_get_url()`. According to the documentation (https://man7.org/linux/man-pages/man3/gnutls_pkcs11_token_get_url.3.html) , `gnutls_pkcs11_token_get_url` allocates memory for the `url` string which must be released using **`gnutls_free()`**. Currently, the loop checks the content and continues to the next iteration if it doesn't match the target, overwriting the pointer and leaking the memory allocated in the previous iteration. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1799 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 18 18:43:16 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Feb 2026 17:43:16 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11/long-label: fix a leak (!2068) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068 Project:Branches: asosedkin/gnutls:test-long-label-fix-leak to gnutls/gnutls:master Author: Alexander Sosedkin tests/pkcs11/long-label: fix a memory leak Fixes: #1799 Signed-off-by: Alexander Sosedkin ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 18 19:01:01 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Feb 2026 18:01:01 +0000 Subject: [gnutls-devel] GnuTLS | Tests: Memory leak in pkcs11/long-label.c (missing gnutls_free ) (#1799) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1799#note_3094335493 Thanks for reporting. Filed a !2068, but now I'm gonna get sidetracked on why didn't upstream CI catch that... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1799#note_3094335493 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 18 19:06:02 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Feb 2026 18:06:02 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update to 2026-02-16 cfdf3467ac (!2069) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069 Project:Branches: asosedkin/gnutls:update-gnulib to gnutls/gnutls:master Author: Alexander Sosedkin * gnulib: update to 2026-02-16 cfdf3467ac ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 18 19:06:31 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Feb 2026 18:06:31 +0000 Subject: [gnutls-devel] GnuTLS | .gitlab-ci.yml: make docdist and cross jobs always run (!2070) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2070 Project:Branches: asosedkin/gnutls:ci-run-cross-docdist to gnutls/gnutls:master Author: Alexander Sosedkin * .gitlab-ci.yml: make docdist and cross jobs always run Partially reverts 52188f2fe24ec3ac0874f2ea32a514090a5ab008 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2070 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 18 20:24:56 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Feb 2026 19:24:56 +0000 Subject: [gnutls-devel] GnuTLS | Draft: doc/Makefile: add stamp_error_codes to EXTRA_DIST, move more files to MAINTAINERCLEANFILES (!2071) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071 Project:Branches: asosedkin/gnutls:stamp-error-codes-fix to gnutls/gnutls:master Author: Alexander Sosedkin * doc/Makefile: move more files to MAINTAINERCLEANFILES * doc/Makefile: move stamp_* to MAINTAINERCLEANFILES... ... instead of DISTCLEANFILES, which should not include what's in the tarball. * doc/Makefile: add stamp_error_codes to EXTRA_DIST Fixes: #1797 ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 18 20:25:19 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 18 Feb 2026 19:25:19 +0000 Subject: [gnutls-devel] GnuTLS | stamp_error_codes missing from doc/Makefile.am EXTRA_DIST (#1797) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1797#note_3094784731 Thank you for the report. https://www.gnu.org/software/automake/manual/html_node/Clean.html > If configure built it, then distclean should delete it. It's all a sprawling mess, and I'm getting unsure DISTCLEANFILES are the right place to have them. How about we put these (and more) into MAINTAINERCLEANFILES instead? Something like this: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1797#note_3094784731 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 12:39:08 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 11:39:08 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3097364845 rewrote Conors downstream test into gnutls test -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3097364845 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 12:39:08 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 11:39:08 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: All discussions on merge request !2060 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 12:45:09 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 11:45:09 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Reassigned merge request 2060 https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 Alexander Sosedkin was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 12:45:14 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 11:45:14 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Reassigned merge request 2060 https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 Alexander Sosedkin was removed as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 12:45:21 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 11:45:21 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Alexander Sosedkin was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 14:20:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 13:20:41 +0000 Subject: [gnutls-devel] GnuTLS | Please enable PQ hybrid algorithms on NORMAL (#1800) References: Message-ID: George Pantelakis created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1800 It seems like hybrid PQ algorithms are not enabled by default on the NORMAL set. It will be good to enable them so they can be negotiated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1800 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-6bzcgppfezc7rdc5b5ivs8bkq/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:05:08 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:05:08 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3097844467 > + GNUTLS_E_ASN1_DER_ERROR); > + > + /* skip first byte of data (number of unused bits at the end) */ should there be a check for its value to be zero? -- Alexander Sosedkin started a new discussion on tests/pkcs11/eddsa-ecpoint-encodings.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3097844492 > + const gnutls_datum_t *ecpoint); > + > +static const unsigned char ecpoint_raw_data[] = { nit: maybe macro out the repeating part so that it's easier to see how these differ? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-6xlhb7ev7mmn194cxt33islqs/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:22:17 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:22:17 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on lib/pubkey.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3097910444 > return gnutls_assert_val(_gnutls_asn2err(ret)); > > switch (tag) { > - case 0x03: > - etype = ASN1_ETYPE_BIT_STRING; > + case 0x03: /* BIT STRING */ > + data_len = asn1_get_length_der(ecpoint->data + tag_len, > + ecpoint->size - tag_len, > + &len_len); > + if (data_len < 0) > + return gnutls_assert_val( > + GNUTLS_E_ASN1_DER_ERROR); > + > + /* skip first byte of data (number of unused bits at the end) */ Pointless. If its 0 it will fail with GNUTLS_E_ILLEGAL_PARAMETER because `raw_point.size != curve_size` would fail -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3097910444 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-dp6e7k2bnsk7m9mnmi4ff6vc8/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:27:19 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:27:19 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 Project:Branches: asosedkin/gnutls:leak-related-tweaks to gnutls/gnutls:master Author: Alexander Sosedkin * tests/gnutls-asan.supp: tighten up - this one is the one I doubt, as I'm not sure why suppress so much * tests/slow: remove ASAN suppression file * tests/tls13-early-data-neg2: add an overlooked free * tests/resume-with-*: add a few overlooked frees * tests/resume-with-previous-*: turn functions w/o retval void The idea is to try and catch #1799 -type leaks in CI. It should fail without !2068 and pass with it. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-7ujn5aq3c82gu4lshui20xbqm/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:50:10 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:50:10 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented on a discussion on tests/pkcs11/eddsa-ecpoint-encodings.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3098015015 > + * along with GnuTLS. If not, see . > + */ > + > +#ifdef HAVE_CONFIG_H > +#include "config.h" > +#endif > + > +#include > + > +#include "utils.h" > + > +int _gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key, > + const gnutls_datum_t *parameters, > + const gnutls_datum_t *ecpoint); > + > +static const unsigned char ecpoint_raw_data[] = { Good idea. Sadly the gnutls-indent makes the macro really ugly -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060#note_3098015015 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-dectysfz0e5loroasp5rkqcop/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:50:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:50:41 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: All discussions on merge request !2060 were resolved by Zolt?n Fridrich https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-b3olly3jqrhh6flf69rqbfibw/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:52:11 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:52:11 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update to 2026-02-16 cfdf3467ac (!2069) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069#note_3098022790 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069#note_3098022790 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-ehcfm2a5r374kwyjfle5yeicu/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:52:37 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:52:37 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update to 2026-02-16 cfdf3467ac (!2069) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-cclja48hojr1ts6jyv0c64qw1/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:53:17 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:53:17 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update to 2026-02-16 cfdf3467ac (!2069) In-Reply-To: References: Message-ID: Merge request !2069 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069 Project:Branches: asosedkin/gnutls:update-gnulib to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:54:11 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:54:11 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11/long-label: fix a leak (!2068) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068#note_3098029615 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068#note_3098029615 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-0v4dn3fblcrt0fcsftsb647lz/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:54:39 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:54:39 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11/long-label: fix a leak (!2068) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-5vew2wnz6glvkhxrfqafcm8qo/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 15:55:44 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 14:55:44 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11/long-label: fix a leak (!2068) In-Reply-To: References: Message-ID: Merge request !2068 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068 Project:Branches: asosedkin/gnutls:test-long-label-fix-leak to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 16:05:13 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 15:05:13 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Zolt?n Fridrich was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-bk4fx5yul19owzkyf85703ads/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 16:05:29 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 15:05:29 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Zolt?n Fridrich commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3098073427 The changes look fine to me. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3098073427 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-4kshywcbiibgwyl5vistxp7mf/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 16:07:45 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 15:07:45 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Merge request !2072 was approved by Zolt?n Fridrich Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 Project:Branches: asosedkin/gnutls:leak-related-tweaks to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewer: Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 16:21:32 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 15:21:32 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: All discussions on merge request !2060 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-2ffleht704plmjtm1s5tywhec/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 16:21:54 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 15:21:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Merge request !2060 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Alexander Sosedkin -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 16:49:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 15:49:26 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4.0 (#1791) In-Reply-To: References: Message-ID: Satadru Pramanik commented: https://gitlab.com/gnutls/gnutls/-/issues/1791#note_3098275267 Nettle 4.0 was released on 2026-02-05: https://git.lysator.liu.se/nettle/nettle/-/tags Is there a recommended way of building gnutls 3.8.x against a bundled lower version of nettle if nettle 4.0 is installed? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1791#note_3098275267 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-8vbykpj71prajd67ap89ppg06/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 17:41:38 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 16:41:38 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3098454132 nice, https://gitlab.com/asosedkin/gnutls/-/pipelines/2337234107 catches it in both sanitizer jobs, and it's the only failure. now let's merge !2068 and rebase past it... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3098454132 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-9vwnjq9m59w4l4vu9ygxuk0d4/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 17:42:02 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 16:42:02 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11/long-label: fix a leak (!2068) In-Reply-To: References: Message-ID: Merge request !2068 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068 Project:Branches: asosedkin/gnutls:test-long-label-fix-leak to gnutls/gnutls:master Author: Alexander Sosedkin Reviewer: Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-e2spbd2niub34ofi6fgkuy14g/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 17:42:40 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 16:42:40 +0000 Subject: [gnutls-devel] GnuTLS | Tests: Memory leak in pkcs11/long-label.c (missing gnutls_free ) (#1799) In-Reply-To: References: Message-ID: Issue was closed by Alexander Sosedkin with commit 517b8278939fa93a4fa9026bc9d1b7af2cc3d115 Issue #1799: https://gitlab.com/gnutls/gnutls/-/issues/1799 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1799 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-7f8308rdy04cxgco0s8jhqs89/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 18:23:15 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 17:23:15 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3098592345 a-and now passes. Guess the unsresolved open question is whether the suppressions I've removed served any purpose outside of the CI. They're even in the tarball for some reason. Daiki, do you know whether it's save to remove/tighten them? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3098592345 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-9zfwdycq3no4dtoujk416kh1l/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 19 18:24:11 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 19 Feb 2026 17:24:11 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Daiki Ueno was added as a reviewer. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-2obtn113sjquh8ue088f7gobp/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 20 09:56:33 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Feb 2026 08:56:33 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update to 2026-02-16 cfdf3467ac (!2069) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069#note_3100218346 Do mingw jobs still work with this change? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069#note_3100218346 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-7rnx0apjwt101kmfztj4shjdi/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 20 10:01:35 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Feb 2026 09:01:35 +0000 Subject: [gnutls-devel] GnuTLS | tests/pkcs11/long-label: fix a leak (!2068) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on tests/pkcs11/long-label.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068#note_3100231359 > fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret)); > } > > + char *url = NULL; > for (i = 0;; i++) { > - char *url = NULL; nit: I would keep the variable scope as minimal as possible -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2068#note_3100231359 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-dguwt85zzt1he532cjpv2hjls/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 20 10:07:38 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 20 Feb 2026 09:07:38 +0000 Subject: [gnutls-devel] GnuTLS | Draft: doc/Makefile: add stamp_error_codes to EXTRA_DIST, move more files to MAINTAINERCLEANFILES (!2071) In-Reply-To: References: Message-ID: Daiki Ueno started a new discussion on doc/Makefile.am: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071#note_3100247632 > mv -f $@-tmp $@ > > gnutls_TEXINFOS += $(ENUMS) $(FUNCS) $(AUTOGENED_DOC) > -DISTCLEANFILES += $(ENUMS) stamp_enums stamp_error_codes stamp_functions \ > - errcodes printlist alert-printlist > +MAINTAINERCLEANFILES = $(gnutls_TEXINFOS) > +DISTCLEANFILES = errcodes printlist alert-printlist Shouldn't those be moved to MAINTAINERCLEANFILES as well? Also there is an `EXTRA_PROGRAMS` definition above. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2071#note_3100247632 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-9vlacgufjhy75bctqe3i31jiv/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 22 10:50:51 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Feb 2026 09:50:51 +0000 Subject: [gnutls-devel] GnuTLS | Fix discard const qualifier (!2073) References: Message-ID: Rudi Heitbaum created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073 Project:Branches: rudi20/gnutls:const to gnutls/gnutls:master Author: Rudi Heitbaum * Fix discard const qualifier Since glibc-2.43 and ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return pointers into their input arrays now have definitions as macros that return a pointer to a const-qualified type when the input argument is a pointer to a const-qualified type. additional and p pointer returns are only being used for comparisons so declare them as const, which matches the input hexchars variable. fixes: ``` ../../../lib/x509/hostname-verify.c: In function 'gnutls_x509_crt_check_hostname2': ../../../lib/x509/hostname-verify.c:165:17: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 165 | ((p = strchr(hostname, ':')) != NULL || | ^ ../../../lib/x509/ip.c: In function 'gnutls_x509_cidr_to_rfc5280': ../../../lib/x509/ip.c:233:11: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 233 | p = strchr(cidr, '/'); | ^ ../../lib/priority.c: In function '_gnutls_resolve_priorities': ../../lib/priority.c:2534:20: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 2534 | additional = strchr(ss, ':'); | ^ ../../lib/str.c: In function '_gnutls_hostname_compare': ../../lib/str.c:722:19: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 722 | p = strrchr(certname, '.'); | ^ ``` ## Checklist * [X] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code Additional warnings will be PRed in upstream. ``` ../../../lib/minitasn1/parser_aux.c: In function 'asn1_find_node': ../../../lib/minitasn1/parser_aux.c:148:13: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 148 | n_end = strchr (n_start, '.'); /* search the first dot */ | ^ ../../../lib/minitasn1/parser_aux.c:189:13: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 189 | n_end = strchr (n_start, '.'); /* search the next dot */ | ^ ``` -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-dhyz3plr2e1exf9reagvdkwmg/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 22 11:11:45 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Feb 2026 10:11:45 +0000 Subject: [gnutls-devel] libtasn1 | Fix discard const qualifier (!123) References: Message-ID: Rudi Heitbaum created a merge request: https://gitlab.com/gnutls/libtasn1/-/merge_requests/123 Project:Branches: rudi20/libtasn1:const to gnutls/libtasn1:master Author: Rudi Heitbaum ## description Since glibc-2.43 and ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return pointers into their input arrays now have definitions as macros that return a pointer to a const-qualified type when the input argument is a pointer to a const-qualified type. n_end pointer returns are only being used for comparisons so declare them as const, which matches the input variable. n_start was already declares as const, so matching logic. Fixes: ``` ../../../lib/minitasn1/parser_aux.c: In function 'asn1_find_node': ../../../lib/minitasn1/parser_aux.c:148:13: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qu alifiers] 148 | n_end = strchr (n_start, '.'); /* search the first dot */ | ^ ../../../lib/minitasn1/parser_aux.c:189:13: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qu alifiers] 189 | n_end = strchr (n_start, '.'); /* search the next dot */ | ^ ``` This PR is in addition to https://gitlab.com/gnutls/gnutls/-/merge_requests/2073 ## Checklist * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated ## Reviewer's checklist: * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent with other code * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/-/merge_requests/123 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-8v4x1b8i5vuynl876ewe9r1u4/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sun Feb 22 11:12:15 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sun, 22 Feb 2026 10:12:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix discard const qualifier (!2073) In-Reply-To: References: Message-ID: Rudi Heitbaum commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073#note_3103517750 - Additional fix in: https://gitlab.com/gnutls/libtasn1/-/merge_requests/123 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073#note_3103517750 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-8x0q6wotaxiwa6gbixue71tz0/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 23 04:06:54 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Feb 2026 03:06:54 +0000 Subject: [gnutls-devel] GnuTLS | Fix discard const qualifier (!2073) In-Reply-To: References: Message-ID: Merge request !2073 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073 Project:Branches: rudi20/gnutls:const to gnutls/gnutls:master Author: Rudi Heitbaum Assignees: Reviewers: -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 23 04:07:05 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Feb 2026 03:07:05 +0000 Subject: [gnutls-devel] GnuTLS | Fix discard const qualifier (!2073) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073#note_3104092721 Thank you! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073#note_3104092721 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-ecl4w4uptyq7lmxjcwdp5w9tg/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 23 04:07:15 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Feb 2026 03:07:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix discard const qualifier (!2073) In-Reply-To: References: Message-ID: Merge request !2073 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073 Project:Branches: rudi20/gnutls:const to gnutls/gnutls:master Author: Rudi Heitbaum -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2073 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-7szj210o0ce8kw4xr5h9s4841/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 23 11:00:15 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Feb 2026 10:00:15 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: All discussions on merge request !2060 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-evlry67ae73mjgqyp6kq21am1/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 23 11:00:20 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Feb 2026 10:00:20 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Merge request !2060 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Alexander Sosedkin -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Mon Feb 23 13:54:39 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Mon, 23 Feb 2026 12:54:39 +0000 Subject: [gnutls-devel] GnuTLS | Fix parsing of BIT STRING encoded EdDSA keys (!2060) In-Reply-To: References: Message-ID: Merge request !2060 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 Project:Branches: ZoltanFridrich/gnutls:zfridric_devel to gnutls/gnutls:master Author: Zolt?n Fridrich Assignee: Zolt?n Fridrich Reviewers: Daiki Ueno and Alexander Sosedkin -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2060 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-45rgmms2ygewxo59o74qsf3rx/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 24 13:06:30 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Feb 2026 12:06:30 +0000 Subject: [gnutls-devel] GnuTLS | Please enable PQ hybrid algorithms on NORMAL (#1800) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1800#note_3108502247 Note to self: might be a minor compat break for the saner world if GROUPS-ALL starts including PQ (IIRC, it's defined as everything in NORMAL) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1800#note_3108502247 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-cd3li2k08olvi2k0d6wv8j99g/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 24 17:08:16 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Feb 2026 16:08:16 +0000 Subject: [gnutls-devel] GnuTLS | [RFC]Add new API to fetch privkey type (!2074) References: Message-ID: Ghadi Rahme created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2074 Project:Branches: ghadi.rahme/gnutls:fix-p11tool-same-url to gnutls/gnutls:master Author: Ghadi Rahme Added a new library API that allows fetching object type metadata for private keys. Without this API call, there is no link between pkcs11 objects and private keys other than the URL. However using the URL to retrieve the private key metadata is not reliable as multiple objects can share the same URL (see #1467) To fix this, retrieve private key metadata on object creation and call \`gnutls_pkcs11_get_privkey_type\` to retrieve the data in a usable format. Looking for feedback on the addition of this new GnuTLS-Lib API before working tests. Tested on Ubuntu 25.10. * p11tool: use object reference to list data Closes #1467 Signed-off-by: Ghadi Elie Rahme ghadi.rahme at canonical.com * lib/pkcs11.c: fix dangling pointer in pkcs11_read_pubkey Fixes a dangling pointer affecting CKK_EC_EDWARD. if \_gnutls_pubkey_parse_ecc_eddsa_params or \_gnutls_ecc_curve_get_params fail, the cleanup section will be executed freeing tmpX and leaving the datum in pobj dangling. Signed-off-by: Ghadi Elie Rahme ghadi.rahme at canonical.com * lib/pkcs11: Add new API to fetch privkey type Signed-off-by: Ghadi Elie Rahme ghadi.rahme at canonical.com ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [x] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2074 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-5w8fo1sluqf8pnpgd0x9oraru/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 24 19:02:09 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Feb 2026 18:02:09 +0000 Subject: [gnutls-devel] GnuTLS | Draft: [RFC]Add new API to fetch privkey type (!2074) In-Reply-To: References: Message-ID: Ghadi Rahme marked merge request !2074 as draft -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2074 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-9gfkcxm75gbs557mj28n7l6d6/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Tue Feb 24 22:27:31 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Tue, 24 Feb 2026 21:27:31 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4.0 (#1791) In-Reply-To: References: Message-ID: Randy MacLeod commented: https://gitlab.com/gnutls/gnutls/-/issues/1791#note_3110355416 I'm encountering this while doing a nettle-4.0 upgrade in Yocto/oe-core from: https://git.openembedded.org/openembedded-core/tree/meta/recipes-support/nettle/nettle_3.10.2.bb I guess the nettle-4.0 update will have to wait for our next release since we're at feature freeze in early March. I know that's not your problem, just FYI. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1791#note_3110355416 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-4shvequy4p8m4yt5mo54ak9ml/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 25 09:18:42 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Feb 2026 08:18:42 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Merge request !2072 was approved by Daiki Ueno Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 Project:Branches: asosedkin/gnutls:leak-related-tweaks to gnutls/gnutls:master Author: Alexander Sosedkin Assignees: Reviewers: Daiki Ueno and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 25 09:22:36 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Feb 2026 08:22:36 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3111293987 I guess it's probably safe as it's from 2016 to suppress leaks in OpenSSL; if there are no leaks anymore, we can safely remove it. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3111293987 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-dlrt3j727b2pceb167ql0mm30/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Wed Feb 25 09:22:43 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Wed, 25 Feb 2026 08:22:43 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3111294371 LGTM -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072#note_3111294371 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-92xqc0njw9zmug5e68opefr77/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 26 04:30:23 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Feb 2026 03:30:23 +0000 Subject: [gnutls-devel] GnuTLS | Draft: Support building with Nettle 4 (!2075) References: Message-ID: Daiki Ueno created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 Project:Branches: dueno/gnutls:wip/dueno/nettle-4 to gnutls/gnutls:master Author: Daiki Ueno * rnd-fips: use Nettle 4 digest interface We should switch to the drbg-ctr-aes256 module provided by Nettle. * tls1-prf: use Nettle 4 digest interface * nettle: support Nettle 4 cipher interface * nettle: support Nettle 4 hash and MAC interfaces * dsa-fips: omit digest_size argument for sha384_digest with Nettle 4 * accelerated: provide compatibility macro for GCM_DIGEST * accelerated: give up on defining nettle HMAC interface Nettle 4 doesn't provide a way to define custom HMAC instances. * nettle: include instead of deprecated * nettle: use SHA*_BLOCK_SIZE instead of deprecated SHA*_DATA_SIZE ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-d6hj5egs22aqqsg0pdxh90ljf/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 26 10:44:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Feb 2026 09:44:41 +0000 Subject: [gnutls-devel] GnuTLS | Draft: fix mingw (!2076) References: Message-ID: Alexander Sosedkin created a merge request: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076 Project:Branches: asosedkin/gnutls:fix-mingw to gnutls/gnutls:master Author: Alexander Sosedkin Fedora 43 Wine moved to WoW64, which is royally broken in multilib. Trying to unbreak it. ## Checklist * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author * [ ] Code modified for feature * [ ] Test suite updated with functionality tests * [ ] Test suite updated with negative tests * [ ] Documentation updated / NEWS entry present (for non-trivial changes) ## Reviewer's checklist: * [ ] Any issues marked for closing are addressed * [ ] There is a test suite reasonably covering new functionality or modifications * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` * [ ] This feature/change has adequate documentation added * [ ] No obvious mistakes in the code -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-4a9sbu3w0bwh1j3tkkvg1uw4q/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Thu Feb 26 10:45:29 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Thu, 26 Feb 2026 09:45:29 +0000 Subject: [gnutls-devel] GnuTLS | gnulib: update to 2026-02-16 cfdf3467ac (!2069) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069#note_3115291190 Answering this question has sent me into a multi-day long rabbit hole, since I'd first have to fix mingw builds: https://gitlab.com/gnutls/gnutls/-/issues/1768#note_3069489507 But I finally have some progress: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2069#note_3115291190 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-75qjtaywfofcbs4vwufzpe0m7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 01:43:56 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 00:43:56 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Daiki Ueno marked merge request !2075 as ready -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-2i26kmx1q1s1qhydw9a6o1hlz/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 01:59:56 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 00:59:56 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4.0 (#1791) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1791#note_3117941695 As there is an increasing demand for this, I gave it a try (!2075). If anyone can check/review the changes, that would be appreciated. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1791#note_3117941695 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-1ammeg3aw05cs80s2lc2t37fo/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 02:00:20 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 01:00:20 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Niels M?ller, Alexander Sosedkin, and Zolt?n Fridrich were added as reviewers. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-9bfev7djwzpetj8lok7obquum/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 02:00:35 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 01:00:35 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4.0 (#1791) In-Reply-To: References: Message-ID: Reassigned Issue 1791 https://gitlab.com/gnutls/gnutls/-/issues/1791 Daiki Ueno was added as an assignee. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1791 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-bf3jopx7p9bdmfenmahztftvq/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 02:00:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 01:00:41 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4.0 (#1791) In-Reply-To: References: Message-ID: Milestone changed to Release of GnuTLS 3.8.13 ( https://gitlab.com/gnutls/gnutls/-/milestones/51 ) -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1791 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-1bjomgccmyvwxegt4nzssugb1/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 10:53:26 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 09:53:26 +0000 Subject: [gnutls-devel] GnuTLS | Draft: fix mingw (!2076) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3118859432 Looks good to me in general, though I'm not sure why pqc-hybrid-kx.sh is failing in both mingw32/mingw64. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3118859432 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-8td0y2lq9nj0kaawdtiuyo0wf/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 11:19:47 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 10:19:47 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: All discussions on merge request !2072 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-4lm9tt1563ct9b58uhb7d0pop/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 11:19:51 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 10:19:51 +0000 Subject: [gnutls-devel] GnuTLS | leak related tweaks, trying to catch #1799 in CI (!2072) In-Reply-To: References: Message-ID: Merge request !2072 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 Project:Branches: asosedkin/gnutls:leak-related-tweaks to gnutls/gnutls:master Author: Alexander Sosedkin Reviewers: Daiki Ueno and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2072 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-d4jl32lfot71cu627seg3l02r/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 12:05:18 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 11:05:18 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 was reviewed by Alexander Sosedkin -- Alexander Sosedkin started a new discussion on lib/accelerated/x86/aes-gcm-padlock.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3119085012 > +#if NETTLE_VERSION_MAJOR >= 4 > +#define _GCM_DIGEST(ctx, encrypt, length, digest) \ > + GCM_DIGEST(ctx, encrypt, digest) I'm not sure how discarding the `tag_size` OK. It is exposed in `gnutls_aead_cipher_encrypt`, so it can be anything. Don't we need that trick with writing to a full-size buffer and copying back? -- Alexander Sosedkin started a new discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3119085041 on top of the inline comment: ddf5cd31 has Signed-off-by twice over -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-bccmmn6bk3vtl6x1m3agck28t/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 12:40:44 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 11:40:44 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: All discussions on merge request !2075 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-3eqg0o7xcjig0nof8012s1z9y/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 12:40:43 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 11:40:43 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 was reviewed by Daiki Ueno -- Daiki Ueno commented on a discussion on lib/accelerated/x86/aes-gcm-padlock.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3119175672 > +#if NETTLE_VERSION_MAJOR >= 4 > +#define _GCM_DIGEST(ctx, encrypt, length, digest) \ > + GCM_DIGEST(ctx, encrypt, digest) Good catch, fixed. -- Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3119175728 Fixed. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-43yp2p5uvf80i9ghc2vmhqhg5/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 13:51:58 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 12:51:58 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3119451688 I don't see any more mistakes in there, but I'm uneasy about " accelerated: give up on defining nettle HMAC interface". What are the alternatives? Some dispatch to accelerated code on a higher level than nettle? Implement HMAC ourselves, bypassing nettle hmac interface? And, if we do neither, is the performance hit significant? -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3119451688 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-c8nff9f4p6ytuvad6kcp152z1/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 13:52:06 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 12:52:06 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: All discussions on merge request !2075 were resolved by Alexander Sosedkin https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-9t56nq9x46itki5xrac9auo4y/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 13:52:04 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 12:52:04 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Merge request !2075 was approved by Alexander Sosedkin Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 Project:Branches: dueno/gnutls:wip/dueno/nettle-4 to gnutls/gnutls:master Author: Daiki Ueno Assignees: Reviewers: Niels M?ller, Alexander Sosedkin, and Zolt?n Fridrich -- You're receiving this email because of your account on gitlab.com. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 16:04:37 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 15:04:37 +0000 Subject: [gnutls-devel] GnuTLS | Draft: fix mingw (!2076) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3119897924 AFAICS, it's failing because it's killed, and it just happens to be the last test. Guess I need to squeeze some performance out of somewhere. The one that seems to genuinely fail is the 64-bit `name-constraints-ip.exe`, looking into this... -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3119897924 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-a9da92ub0a0ozp4z64oirjq7r/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 16:32:00 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 15:32:00 +0000 Subject: [gnutls-devel] GnuTLS | Draft: fix mingw (!2076) In-Reply-To: References: Message-ID: Alexander Sosedkin commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3119987186 and, of course, once I've finally arranged to run it locally in isolation, it has passed :eyeroll: -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3119987186 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-83wu3kzugv9e22alm567kwkiy/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Fri Feb 27 18:45:47 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 17:45:47 +0000 Subject: [gnutls-devel] GnuTLS | Draft: fix mingw (!2076) In-Reply-To: References: Message-ID: Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3120527193 I've noticed that test runtime seems to be mostly constant for all tests and mostly overhead, so I've made a silly attempt to save execution time by disabling ctests that are then skipped on WIN32 anyway. Let's see whether this brings it back under 3h and CI will give us logs. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2076#note_3120527193 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-6y36co6u4yid7nev1r0ymku41/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 28 00:50:36 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Fri, 27 Feb 2026 23:50:36 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3121292078 > if we do neither, is the performance hit significant? I don't think so; the nettle version provides comparable performance (or even outperforms) the CRYPTOGAMS version: ```console $ gnutls-cli --benchmark-ciphers [...] Checking MAC algorithms, payload size: 16384 SHA1 1.05 GB/sec SHA256 0.46 GB/sec SHA512 0.68 GB/sec $ GNUTLS_CPUID_OVERRIDE=0x1 gnutls-cli --benchmark-ciphers [...] Checking MAC algorithms, payload size: 16384 SHA1 2.06 GB/sec SHA256 1.93 GB/sec SHA512 0.58 GB/sec ``` We may even want to drop the CRYPTOGAMS derived assembly for hashes and macs in 4.0. I've added the topic at https://gitlab.com/gnutls/gnutls/-/wikis/Planning-for-4.0. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3121292078 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-3m68xbxzu9yw5gx5zy6xcpy07/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 28 01:37:54 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Feb 2026 00:37:54 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: All discussions on merge request !2075 were resolved by Daiki Ueno https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-78ci03u3b90f9bei6tn9iz730/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 28 01:40:32 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Feb 2026 00:40:32 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4.0 (#1791) In-Reply-To: References: Message-ID: Issue was closed by Daiki Ueno with merge request !2075 (https://gitlab.com/gnutls/gnutls/-/merge_requests/2075) Issue #1791: https://gitlab.com/gnutls/gnutls/-/issues/1791 -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1791 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-2xcjkjzjjq60531m34qjl07tp/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 28 01:40:30 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Feb 2026 00:40:30 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Merge request !2075 was merged Merge request URL: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 Project:Branches: dueno/gnutls:wip/dueno/nettle-4 to gnutls/gnutls:master Author: Daiki Ueno Reviewers: Niels M?ller, Alexander Sosedkin, and Zolt?n Fridrich -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-euuc4ysou6bxqknivwodvtw6z/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 28 01:40:22 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Feb 2026 00:40:22 +0000 Subject: [gnutls-devel] GnuTLS | Support building with Nettle 4 (!2075) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3121337379 Thanks for the review! -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2075#note_3121337379 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-d94qerb7lkjr4cft2m94hvfwz/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: From gnutls-devel at lists.gnutls.org Sat Feb 28 03:49:41 2026 From: gnutls-devel at lists.gnutls.org (Read-only notification of GnuTLS library development activities) Date: Sat, 28 Feb 2026 02:49:41 +0000 Subject: [gnutls-devel] GnuTLS | Please enable PQ hybrid algorithms on NORMAL (#1800) In-Reply-To: References: Message-ID: Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1800#note_3121439844 This would need to wait until we can have built-in PQ support, i.e., those algorithms are implemented in Nettle. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1800#note_3121439844 You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/3-3nt1swqkon5zwtrdof2d3u1al/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: