Hello,
For the historic reasons there is a significant amount of duplicated
functionality.
For example one can use openssl rsa/dsa/ec to create/modify private/public keys
or it's possible to just use a generic openssl genpkey/pkey interface. I'd like
to suggest to clean up the first set of
2014-12-11 15:40 GMT+03:00 Stuart Henderson st...@openbsd.org:
On 2014/12/11 16:08, Dmitry Eremin-Solenikov wrote:
Hello,
For the historic reasons there is a significant amount of duplicated
functionality.
For example one can use openssl rsa/dsa/ec to create/modify private/public
keys
Signed-off-by: Dmitry Eremin-Solenikov dbarysh...@gmail.com
---
src/lib/libssl/src/crypto/gost/gostr341001_ameth.c | 19 +++
1 file changed, 7 insertions(+), 12 deletions(-)
diff --git a/src/lib/libssl/src/crypto/gost/gostr341001_ameth.c
b/src/lib/libssl/src/crypto/gost
Hello,
2014-12-11 1:03 GMT+03:00 Miod Vallat m...@online.fr:
I agree with the intent; but I believe that...
- if (s == NULL || s-length != 32) {
+ if (s == NULL) {
... the exact length check should be kept.
I don't think so. This is a leftover from GOST
Hello,
2014-11-18 8:27 GMT+03:00 Miod Vallat m...@online.fr:
I found the issue. In param_copy_gost01() change
int ret = 0;
to
int ret = 1;
If there is no private key set in eto, param_copy_gost01() will
skip all ret assignments and happily return 0 (= error).
Doh, of course! Sorry for
2014-11-17 22:28 GMT+03:00 Miod Vallat m...@online.fr:
So I've finally sit down and tested interoperability of LibreSSL with
the various gost-enabled sites you've listed, starting with simple
things such as:
openssl s_client -debug -connect zakupki.gov.ru:443
Unfortunately, this fails
2014-11-17 23:35 GMT+03:00 Miod Vallat m...@online.fr:
Is the offending patch in CVS? If so I'll take a look as it hits the
LibreSSL mirror at GitHub.
Yes, it's in HEAD.
I found the issue. In param_copy_gost01() change
int ret = 0;
to
int ret = 1;
If there is no private key set in eto,
2014-11-09 23:38 GMT+03:00 Miod Vallat m...@online.fr:
The libcrypto parts of the GOST ciphers have been commited, and barring
any objection from the usual LibreSSL suspects, will be enabled in the
not-so-far-away future.
The libssl parts are still under consideration. I have one concern and
2014-11-10 1:04 GMT+03:00 Miod Vallat m...@online.fr:
... and while I'm mopping this code, I believe the following change is
correct:
Index: gostr341001_pmeth.c
===
RCS file:
Hello,
2014-11-10 2:12 GMT+03:00 Miod Vallat m...@online.fr:
The following diff attempts to polish the GOST code in libcrypto and add
many missing error checks (probably not exhaustive, but a good start).
I knew that I'm not perfect, but I didn't know the depth of my imperfectness...
I will
2014-11-06 15:44 GMT+03:00 Alexey Suslikov alexey.susli...@gmail.com:
Chris Cappuccio chris at nmedia.net writes:
So, you're saying, he's really dmitry at svr.gov.ru, the source of
Russian
backdoors into technology worldwide!!!
I guess the open-source ecosystem has been thoroughly poisoned!
Hello,
2014-11-05 20:05 GMT+03:00 Артур Истомин art.is...@yandex.ru:
On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
Two weeks has passed. Is there anything that I can do to
push GOST ciphers towards LibreSSL?
Sorry about that. Joel and/or I need to review the diff again and
Hello,
2014-10-20 13:57 GMT+04:00 Dmitry Eremin-Solenikov dbarysh...@gmail.com:
Hello,
It took a while longer than I expected, but I think that
the GOST ciphers implementation is complete now
at https://github.com/libressl-portable/openbsd/pull/6
I still expect issues when Windows GOST CSP
Hello,
It took a while longer than I expected, but I think that
the GOST ciphers implementation is complete now
at https://github.com/libressl-portable/openbsd/pull/6
I still expect issues when Windows GOST CSP vendors
will work on TLS 1.2 implementation (up to now they
only provide TLS 1.0).
Hello,
I'm polishing the GOST implementation for LibreSSL
(https://github.com/libressl-portable/openbsd/pull/6).
Currently there are three instances of ASN methods
and pmethods structures, because there three
different OIDs related to GOST public keys
(-2001, -2012, 256 bit, -2012 512 bit).
I
Hello,
I'm mostly feature complete with my 'GOST for LibreSSL' project.
My last issue is implementing TLS 1.2 + GOST cipher suites.
The signature on Certificate Verify message uses a format
different to the signature format that is used by X.509 certificates,
CMS messages, etc.
For TLS 1.0/1.1
Hello,
I have updated the GOST cipher suites implementation at
https://github.com/libressl-portable/openbsd/pull/6 .
It is nearly done (only few FIXMEs remaining), so I'd like
to try to receive at least some kind of review.
--
With best wishes
Dmitry
Hello,
One of RFCs defines GOST usage with CMS messages. While testing, I
noticed that CMS is disabled in LibreSSL. Is it just 'not cleaned' or
is there another reason to have it disabled?
--
With best wishes
Dmitry
--
With best wishes
Dmitry
Hello,
On Thu, Jul 31, 2014 at 9:41 AM, Joel Sing j...@sing.id.au wrote:
On Thu, 31 Jul 2014, Joel Sing wrote:
On Thu, 31 Jul 2014, Dmitry Eremin-Solenikov wrote:
Hello,
I have spotted a problem with the patch of crypto/evp/encode.c done by
jsing on May 3.
Sometimes decoding of base64
Hello,
I have spotted a problem with the patch of crypto/evp/encode.c done by
jsing on May 3.
Sometimes decoding of base64 will fail. For example the attached file
will fail decodiding
(and produce an empty output):
./apps/openssl enc -d -base64 34.10-01.key
The OpenSSL team has applied
Hello,
First, I have a question regarding implementation of GOST public key
cryptography.
Is it OK to add dependency GOST = EC? It will allow me to reuse EC
infrastructure
for GOST public key cryptography (GOST R 34.10-2001 and -2012 use ECC)?
Second. I have published a preview of cypher/message
On Sun, Jul 27, 2014 at 11:14 PM, Miod Vallat m...@online.fr wrote:
First, I have a question regarding implementation of GOST public key
cryptography.
Is it OK to add dependency GOST = EC? It will allow me to reuse EC
infrastructure
for GOST public key cryptography (GOST R 34.10-2001 and
Hello,
For GOST cipher code I'd like to add several error locations and
definitions. Original OpenSSL did so by running mkerr.pl utility.
However I could not find hooks to run mkerr.pl either in LibreSSL
itself or in -portable version of it.
What would be the best way for me to add error
Hello,
I have started looking into GOST (re)implementation for LibreSSL.
I would like to know, how much do you want for LibreSSL to mimic
the OpenSSL behaviour.
Originally (thanks CryptoCom) GOST algorithms were implemented
as a separate OpenSSL engine (to ease certification, to ease
replacing
Hello,
On Wed, Jul 16, 2014 at 12:29 PM, Dmitry Eremin-Solenikov
dbarysh...@gmail.com wrote:
I have started looking into GOST (re)implementation for LibreSSL.
I would like to know, how much do you want for LibreSSL to mimic
the OpenSSL behaviour.
I have been pointed that I did not formulate
25 matches
Mail list logo