Hi,
I have a 3 questions,
- parameter set values for Twisted Edwards
- description in _ec_list_element_st
- naming about object identifier
details are described below.
On Thu, Mar 26, 2020 at 09:25:57PM +0300, dbarysh...@gmail.com wrote:
> From: Dmitry Baryshkov
>
> Add support for GOST
On Mon, Mar 23, 2020 at 09:41:16AM -0600, Todd C. Miller wrote:
> GNU sort on Linux behaves the same as the OpenBSD sort when run in
> the C locale.
>
> $ LANG=C sort -c -d -f input.txt
> sort: input.txt:2: disorder: -
>
> $ LANG=C sort -c -d -i input.txt
> sort: input.txt:2: disorder: -
I had checked this by portable build and all regresses passed.
I'm ok with this diff.
On Thu, Mar 26, 2020 at 09:28:02PM +0300, dbarysh...@gmail.com wrote:
> From: Dmitry Baryshkov
>
> GOST code uses GOSTerror(EC_R_foo) to report several errors. Use
> ECerror(EC_R_foo) instead to make error
I had checked this by portable build and all regresses passed.
I'm ok with this diff.
On Thu, Mar 26, 2020 at 09:28:01PM +0300, dbarysh...@gmail.com wrote:
> From: Dmitry Baryshkov
>
> Add few more error reports to help debugging.
>
> Sponsored by ROSA Linux.
>
> Signed-off-by: Dmitry
Return default sigalg algorithm depending in the default digest
algorithm (GOST94 or Streebog) selected by pkey.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libssl/ssl_sigalgs.c | 43 --
src/regress/lib/libssl/tlsext/tlsexttest.c | 10
Add case entry for SSL_PKEY_GOST01
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libssl/ssl_cert.c | 4
1 file changed, 4 insertions(+)
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index af8ef329b4b2..4da453c11eca 100644
---
On Sat, Mar 28, 2020 at 06:47:47PM -0600, Theo de Raadt wrote:
> Or strncpy with length - 1 would be also good, since it won't copy
>foo\0bar\0
> fully, but only
>foo\0
> into the buffer and store it as
>foo\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
> and gaurantee the \0 on the
сб, 28 мар. 2020 г. в 11:30, Kinichiro Inoguchi :
>
> Hi,
>
> I have a 3 questions,
> - parameter set values for Twisted Edwards
> - description in _ec_list_element_st
> - naming about object identifier
>
> details are described below.
>
>
> On Thu, Mar 26, 2020 at 09:25:57PM +0300,
pppx(4) has code copypasted from pipex(4). Patch below deduplicates it.
Introduded pipex_session_setup() and pipex_session_destroy() functions.
Original pipex_destroy_session() renamed to pipex_del_session() to be
consistent with PIPEXDSESSION (Delete the specified session from the
kernel).
Hi there
Unless I miss something ERR_print_errors_cb returns no value as well.
Best,
Martin
Index: ERR_print_errors.3
===
RCS file: /cvs/src/lib/libcrypto/man/ERR_print_errors.3,v
retrieving revision 1.7
diff -u -p -r1.7
GOST R 34.10-94 is an obsolete certificate type, unsupported by
LibreSSL and by the rest of current software, so there is no point in
sending in the CertificateTypes. Drop it.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libssl/s3_lib.c | 2 --
src/lib/libssl/tls1.h |
IANA has allocated numbers for GOST ClientCertificateType. Use them in
addition to private values (left in place for compat).
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libssl/s3_lib.c | 4
src/lib/libssl/tls1.h | 6 --
2 files changed, 8 insertions(+), 2
Or strncpy with length - 1 would be also good, since it won't copy
foo\0bar\0
fully, but only
foo\0
into the buffer and store it as
foo\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
and gaurantee the \0 on the in-kernel buffer.
Add support for IANA-allocated GOST SignatureAlgorithms values. Values
predating IANA allocation are left in place because they are still used
by deployed products.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libssl/ssl_sigalgs.c | 12
GOST cipher suites requires to generate CertVerify signatures in a
special way (see ssl3_send_client_kex_gost(), ssl3_get_cert_verify()).
However a flag GOST_SIG_FORMAT_RS_LE was not passed in case of TLS 1.2
connections (because they use different code path). Pass this flag to
the PKEY if it is a
Windows CSPs fail to send proper SigAlgs extension (it does not include
GOST entries even for GOST CipherSuites). To ensure interoperability,
assume that the server will understand GOST sigalgs if it has sent GOST
certificate.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
Add support for IANA-assigned value {0xc1, 0x02} for GOST CNT-IMIT
CipherSuite (GOST2012256-GOST89-GOST89).
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libssl/s3_lib.c | 17 +
1 file changed, 17 insertions(+)
diff --git a/src/lib/libssl/s3_lib.c
> Index: sys/arch/amd64/amd64/vmm.c
> ===
> RCS file: /mount/openbsd/cvs/src/sys/arch/amd64/amd64/vmm.c,v
> retrieving revision 1.266
> diff -u -p -r1.266 vmm.c
> --- sys/arch/amd64/amd64/vmm.c 11 Mar 2020 16:38:42 - 1.266
> +++
Pretty obvious why.
The kernel doesn't check it's a string, before calling strlcpy
which (correctly) runs off the array hunting for the terminal NUL,
and into the next object, and I guess it finds a NUL in the next
VA page which isn't actually mapped with storage.
With strncpy, this was safe.
pipex not used with tun(4)
Index: share/man/man4/pipex.4
===
RCS file: /cvs/src/share/man/man4/pipex.4,v
retrieving revision 1.11
diff -u -p -r1.11 pipex.4
--- share/man/man4/pipex.4 18 Apr 2017 03:21:48 - 1.11
+++
Hi,
I would like to propose the following patch which adds the ability to
filter by http status code to relayd(8).
best regards,
Fabian
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.244
diff
Hi Martin,
thanks for reporting the issue in the manual page.
Martin Vahlensieck wrote on Sat, Mar 28, 2020 at 09:06:54PM +0100:
> Unless I miss something ERR_print_errors_cb returns no value as well.
Actually, i committed about the opposite, for the reasons explained
in the commit message.
On Sat, Mar 28, 2020 at 05:33:05PM -0600, Theo de Raadt wrote:
> Pretty obvious why.
>
> The kernel doesn't check it's a string, before calling strlcpy
> which (correctly) runs off the array hunting for the terminal NUL,
> and into the next object, and I guess it finds a NUL in the next
> VA page
On Sat, Mar 21, 2020 at 05:25:45PM +0100, Denis Fondras wrote:
> Biggest chunk is rework of rde_asext_get()/rde_asext_put().
> Also change get_net_link() and get_rtr_link() to work like ospfd couterpart.
Reads good to me and I didn't spot any issues running tests with it.
One question: why "if
Allow users to specify new curves via strings.
Sponsored by ROSA Linux
Signed-off-by: Dmitry Baryshkov
---
src/lib/libcrypto/gost/gostr341001_params.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/lib/libcrypto/gost/gostr341001_params.c
Add support for GOST curves defined by RFC 7836 and
draft-deremin-rfc4491-bis. Add aliases for 256-bit GOST curves (see
draft-smyshlyaev-tls12-gost-suites). 512-bit curve ids were renamed to
follow names defined in tc26 OID registry.
On Sat, Mar 28, 2020 at 05:00:11PM +0100, Remi Locherer wrote:
> On Sat, Mar 21, 2020 at 05:25:45PM +0100, Denis Fondras wrote:
> > Biggest chunk is rework of rde_asext_get()/rde_asext_put().
> > Also change get_net_link() and get_rtr_link() to work like ospfd couterpart.
>
> Reads good to me and
Verified added curve parameters _EC_GOST_2012_256_TC26_A and
_EC_GOST_2012_512_TC26_C are equivalent to the definition of
https://tools.ietf.org/html/rfc7836#appendix-A.2 .
Verified added curve parameter _EC_GOST_2012_512_Test is equivalent to
Hi,
I have 2 questions.
In GostR3410_512_params[], "A" and "TCA" have the same NID, "B" and "TCB" too.
I thought these were redundant, but are there any reasons for this ?
In GostR3410_512_params[], don't you need the record for
NID_id_tc26_gost_3410_12_512_paramSetTest ?
Best regards,
On
Hi there!
I found some more.
Best,
Martin
Index: libcrypto/man/RC4.3
===
RCS file: /cvs/src/lib/libcrypto/man/RC4.3,v
retrieving revision 1.7
diff -u -p -r1.7 RC4.3
--- libcrypto/man/RC4.3 6 Jun 2019 01:06:59 - 1.7
+++
30 matches
Mail list logo