Re: libcrypto errata

2016-05-18 Thread Jorge Luiz Silva Peixoto 
Hello folks!

I applied 005_crypto patch on OpenBSD 5.9 -release.

After that, I get an error if I run:
$ openssl crl -in acserprorfbv3.crl -inform DER
unable to load CRL
19710855970772:error:0D07809F:asn1 encoding
routines:ASN1_ITEM_EX_D2I:unexpected
eoc:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:368:Type=X509_REVOKED
19710855970772:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:621:Field=revoked,
Type=X509_CRL_INFO
19710855970772:error:0D08303A:asn1 encoding
routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/asn1/tasn_dec.c:653:Field=crl,
Type=X509_CRL

OpenBSD 5.9 is shipped with LibreSSL 2.3.2. The error above also
happens with the lastest version (2.3.4).

The command runs nicely when using OpenSSL 1.0.2h.

All tests were done on the same system: OpenBSD 5.9 GENERIC.MP amd64.

The certificate revocation list used in this test can be fetched here
-> http://ccd.serpro.gov.br/lcr/acserprorfbv3.crl

Regards,
Jorge Peixoto


2016-05-03 11:32 GMT-03:00 Ted Unangst :
> OpenSSL announced several issues today that also affect LibreSSL.
>
> - Memory corruption in the ASN.1 encoder (CVE-2016-2108)
> - Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
> - EVP_EncodeUpdate overflow (CVE-2016-2105)
> - EVP_EncryptUpdate overflow (CVE-2016-2106)
> - ASN.1 BIO excessive memory allocation (CVE-2016-2109)
>
> Thanks to OpenSSL for providing information and patches.
>
> Refer to https://www.openssl.org/news/secadv/20160503.txt
>
> Patches for OpenBSD are available:
>
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/005_crypto.patch.sig
>
> http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/013_crypto.patch.sig

Re: virtio network driver multicast support

2013-10-17 Thread Jorge Luiz Silva Peixoto 
2013/10/16 Jorge Luiz Silva Peixoto jorge.peix...@gmail.com:
 Hello, folks!

 Is IP multicast supported by virtio network driver on OpenBSD 5.3?

Does CARP work with  virtio network interfaces? Yes, so virtio network
driver supports IP multicast, right? :)


 pfsync is not working when using vio interface with IP multicast. When
 I set pfsync using syncpeer it works fine.

 pfsync works when using em interface with IP multicast.

 The test bed is a couple of virtual machine running on Linux KVM.

 Thank you!

 Jorge Peixoto

virtio network driver multicast support

2013-10-16 Thread Jorge Luiz Silva Peixoto 
Hello, folks!

Is IP multicast supported by virtio network driver on OpenBSD 5.3?

pfsync is not working when using vio interface with IP multicast. When
I set pfsync using syncpeer it works fine.

pfsync works when using em interface with IP multicast.

The test bed is a couple of virtual machine running on Linux KVM.

Thank you!

Jorge Peixoto