http://blog.gmane.org/gmane.comp.encryption.gpg.gnutls.devel hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2995 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Simon Josefsson 2008-08-18T23:07:57 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2987 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Simon Josefsson 2008-08-14T08:37:44 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2985 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Daniel Kahn Gillmor 2008-08-14T02:15:37 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2980 Hello, [sorry to reposting on the same topic as in help-gnutls, but the content is slightly different] I am wanting to use the gnutls library to achieve TLS over a multi-stream SCTP connection, as detailed in RFC 3436. Unfortunately it seems that the current support in gnutls for providing custom transport functions is not sufficient to achieve this. For people who are not familiar with SCTP, I'll now give a short introduction on this protocol. SCTP is a reliable transport protocol (as TCP), message-oriented (as UDP), which provides the capability to create multiple streams inside one connection. The messages in one stream are ordered, but each stream is independent from the others. This allows (in some applications) to avoid head-of-the-line blocking problem that occurs in TCP when some data is lost during a transmission. SCTP also provides other interesting features such as support for multihoming. On an API point of view, one socket object is created, and the number of streams is negotia Sebastien Decugis 2008-08-01T05:26:17 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2977 Ok, I've made some updates, firstly removing specific references to DNS since this is no longer specifically meant to be for DNS and other changes to remove references to using the user id field, and instead using user attributes to have the information in a format much more suitable for computers, this makes more sense to me than a blob of string doesn't need to be split up and parsed to extract the information. http://open-pgp.info/wiki/index.php?title=Standardisation_of_OpenPGP_Keys_for_Server_Purposes Is there anything I've missed or overlooked at all? Duane 2008-07-27T00:27:49 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2972 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Duane 2008-07-24T05:07:44 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2963 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Simon Josefsson 2008-07-08T15:44:08 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2960 Hello, I've found out this via valgrind: ==5806== 7,698 (504 direct, 7,194 indirect) bytes in 9 blocks are definitely lost in loss record 175 of 248 ==5806== at 0x4C220BC: calloc (vg_replace_malloc.c:397) ==5806== by 0xED2FE11: _asn1_add_node_only (structure.c:54) ==5806== by 0xED2FFF2: _asn1_copy_structure3 (structure.c:398) ==5806== by 0xED3038D: asn1_create_element (structure.c:690) ==5806== by 0x9733F7A: _gnutls_x509_decode_octet_string (common.c:832) ==5806== by 0x9734243: _gnutls_x509_read_value (common.c:912) ==5806== by 0x974756E: _decode_pkcs12_auth_safe (pkcs12.c:76) ==5806== by 0x9748A67: gnutls_pkcs12_get_bag (pkcs12.c:598) Attached is a patch which fixes it. HTH, Colin Leroy 2008-07-04T12:07:11 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2952 The GnuTLS 2.5.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. This release should contain no changes other than the result of 'make indent' compared to v2.5.0. Here are the compressed sources: http://alpha.gnu.org/gnu/gnutls/gnutls-2.5.1.tar.bz2 ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.5.1.tar.bz2 Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. /Simon * Version 2.5.1 (released 2008-07-02) ** Indent code. ** API and ABI modifications: No changes since la Simon Josefsson 2008-07-02T15:53:27 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2951 The GnuTLS 2.5.x branch is NOT what you want for your stable system. It is intended for developers and experienced users. This release contains a merge of Nikos' gnutls_with_mpi branch. It should now be possible to replace the libgcrypt calls to your own callbacks. A lot of low-level code has changed since 2.4.x, so expect this to be unstable. I intend to release 2.5.1 shortly after this release, to indent all code to conform to the GNU Coding Standards. Here are the compressed sources: http://alpha.gnu.org/gnu/gnutls/gnutls-2.5.0.tar.bz2 ftp://alpha.gnu.org/gnu/gnutls/gnutls-2.5.0.tar.bz2 Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently fundin Simon Josefsson 2008-07-02T15:52:08 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2949 Hi Ludovic, On the master trunk there has been some heavy internal changes recently, but no incompatible API changes as far as I understand, and now the guile self-tests fails: make[3]: Entering directory `/home/jas/src/gnutls/guile/tests' guile: uncaught throw to gnutls-error: (#<gnutls-error-enum The Diffie Hellman prime sent by the server is not acceptable (not long enough).> handshake) make[3]: *** [check-TESTS] Interrupt Actually I need to ctrl-c it to cancel it. Do you have any idea? How would I debug this, anyway? I am a bit at a loss when running into any guile problem. Thanks, /Simon Simon Josefsson 2008-06-30T22:23:56 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2948 Below is my analysis of the problem. The patch is short: From 0fee3917077e191dea3c9787c95c072979532086 Mon Sep 17 00:00:00 2001 From: Simon Josefsson <simon< at >josefsson.org> Date: Mon, 30 Jun 2008 22:44:47 +0200 Subject: [PATCH] (_gnutls_handshake_hash_buffers_clear): Make sure deinitialized MAC hashes are initialized. Report and tiny patch from Tomas Mraz <tmraz< at >redhat.com>. --- lib/gnutls_handshake.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index d798180..0192c9f 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c < at >< at > -69,11 +69,12 < at >< at > int _gnutls_server_select_comp_method (gnutls_session_t session, /* Clears the handshake hash buffers and handles. */ -inline static void +static void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session) { _gnutls_hash_deinit (&session->internals.handshake_mac_handle_md5, NULL); _gnutls_hash_deinit (&session->internals.handshake_mac_handle_sha, NULL); + se Simon Josefsson 2008-06-30T21:42:18 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Simon Josefsson 2008-06-30T21:36:52 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2944 Hi, this fixes a problem in srptool, where the passwords never match (--verify check) on some architectures (I think I have observed this only on i386). It is for 1.6.1, but still applies to 2.4.0. Matthias Index: gnutls-1.6.1/src/crypt.c =================================================================== --- gnutls-1.6.1.orig/src/crypt.c +++ gnutls-1.6.1/src/crypt.c < at >< at > -220,6 +220,7 < at >< at > _verify_passwd_int (const char *username /* encode the verifier into _salt */ salt_size = sizeof (_salt); + memset(_salt, '\0', salt_size); if (gnutls_srp_base64_encode (&new_verifier, _salt, &salt_size) < 0) { fprintf (stderr, "Encoding error\n"); Matthias Koenig 2008-06-30T08:21:43 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2938 I'm chasing a complaint from valgrind that I'm leaking memory. Here's valgrind's complaint: ==26738== 257 bytes in 1 blocks are definitely lost in loss record 2 of 4 ==26738== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==26738== by 0x35068328F6: _gnutls_mpi_dprint_lz (gnutls_mpi.c:146) ==26738== by 0x350683E47C: _gnutls_dh_set_peer_public (gnutls_state.c:474) ==26738== by 0x3506843819: _gnutls_proc_dh_common_server_kx (auth_dh_common.c:297) ==26738== by 0x350683BB4F: proc_dhe_server_kx (auth_dhe.c:199) ==26738== by 0x350682AF81: _gnutls_recv_server_kx_message (gnutls_kx.c:339) ==26738== by 0x35068273DF: _gnutls_handshake_client (gnutls_handshake.c:2311) ==26738== by 0x3506827F77: gnutls_handshake (gnutls_handshake.c:2193) Here's what I've been able to figure out. I'm running gnutls 2.0.4, but I checked 2.4.0, and the affected bits have not changed, the following should still be applicable. _gnutls_mpi_dprint_lz() allocates a buffer: if (bytes != 0) buf = gnutls_mallo Sam Varshavchik 2008-06-28T01:01:46 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2934 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Daniel Kahn Gillmor 2008-06-27T05:50:36 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Sam Varshavchik 2008-06-23T00:25:44 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2926 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Sam Varshavchik 2008-06-22T22:28:50 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2917 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Daniel Black 2008-06-19T09:14:29 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2912 _______________________________________________ Gnutls-devel mailing list Gnutls-devel< at >gnu.org http://lists.gnu.org/mailman/listinfo/gnutls-devel Roman Bogorodskiy 2008-06-19T05:03:10 http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2908 Nikos, what is the status of your mpi branch? Is it ready for me to review as if we would merge it into master? Please hold off any merge until I have reviewed and discussed the changes. Btw, my goals for 2.5.x is to integrate Nikos' crypto.h stuff, and to re-indent the code. As far as I know, there are no other tasks that are pending, or are there? Anything major to be included should be made available on a separate branch for review relatively soon, or it will have to wait for 2.7.x. All minor improvements like enhancing self-tests and fixing bugs should be possible though, but they aren't release goals. Waiting for nice-things-to-have like better PKCS#11 integration, GPGME compatibility etc will delay us, but people should feel free to start working on stuff like that now anyway, 2.7.x isn't that far away. Hopefully we can make the 2.5.x release cycle shorter than the last... It would be nice to have a 2.6.x release candidate ready by August, to get the crypto.h stuff out. /Simon Simon Josefsson 2008-06-18T16:07:13 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.comp.encryption.gpg.gnutls.devel