Hello,
2014-11-18 8:27 GMT+03:00 Miod Vallat m...@online.fr:
I found the issue. In param_copy_gost01() change
int ret = 0;
to
int ret = 1;
If there is no private key set in eto, param_copy_gost01() will
skip all ret assignments and happily return 0 (= error).
Doh, of course! Sorry for
So I've finally sit down and tested interoperability of LibreSSL with
the various gost-enabled sites you've listed, starting with simple
things such as:
openssl s_client -debug -connect zakupki.gov.ru:443
Unfortunately, this fails because of the failure checks I've added to
the GOST code
2014-11-17 22:28 GMT+03:00 Miod Vallat m...@online.fr:
So I've finally sit down and tested interoperability of LibreSSL with
the various gost-enabled sites you've listed, starting with simple
things such as:
openssl s_client -debug -connect zakupki.gov.ru:443
Unfortunately, this fails
Is the offending patch in CVS? If so I'll take a look as it hits the
LibreSSL mirror at GitHub.
Yes, it's in HEAD.
2014-11-17 23:35 GMT+03:00 Miod Vallat m...@online.fr:
Is the offending patch in CVS? If so I'll take a look as it hits the
LibreSSL mirror at GitHub.
Yes, it's in HEAD.
I found the issue. In param_copy_gost01() change
int ret = 0;
to
int ret = 1;
If there is no private key set in eto,
I found the issue. In param_copy_gost01() change
int ret = 0;
to
int ret = 1;
If there is no private key set in eto, param_copy_gost01() will
skip all ret assignments and happily return 0 (= error).
Doh, of course! Sorry for introducing this bug.
Miod
The libcrypto parts of the GOST ciphers have been commited, and barring
any objection from the usual LibreSSL suspects, will be enabled in the
not-so-far-away future.
The libssl parts are still under consideration. I have one concern and
one question about them:
- I understand from the ``FIXME
2014-11-09 23:38 GMT+03:00 Miod Vallat m...@online.fr:
The libcrypto parts of the GOST ciphers have been commited, and barring
any objection from the usual LibreSSL suspects, will be enabled in the
not-so-far-away future.
The libssl parts are still under consideration. I have one concern and
... and while I'm mopping this code, I believe the following change is
correct:
Index: gostr341001_pmeth.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c,v
retrieving revision 1.4
diff -u -p -r1.4
2014-11-10 1:04 GMT+03:00 Miod Vallat m...@online.fr:
... and while I'm mopping this code, I believe the following change is
correct:
Index: gostr341001_pmeth.c
===
RCS file:
- I understand from the ``FIXME IANA'' comments that the various cipher
and extension IDs used by GOST are not official yet. Are these values
generally agreed upon by the websites which serve content using GOST
algorithms?
These values are provided as 'temporal private values till
- I understand from the ``FIXME IANA'' comments that the various cipher
and extension IDs used by GOST are not official yet. Are these values
generally agreed upon by the websites which serve content using GOST
algorithms?
These values are provided as 'temporal private values till
Chris Cappuccio chris at nmedia.net writes:
So, you're saying, he's really dmitry at svr.gov.ru, the source of
Russian
backdoors into technology worldwide!!!
I guess the open-source ecosystem has been thoroughly poisoned!
Putin is going to take us over. OpenBSD and Linux are ruined!
2014-11-06 15:44 GMT+03:00 Alexey Suslikov alexey.susli...@gmail.com:
Chris Cappuccio chris at nmedia.net writes:
So, you're saying, he's really dmitry at svr.gov.ru, the source of
Russian
backdoors into technology worldwide!!!
I guess the open-source ecosystem has been thoroughly poisoned!
We have and will continue to publicly state that we will welcome
implementations of government-mandated ciphers as long as the
implementations
are clean and they are appropriately licensed, and everyone does *not*
need to use them. This is the reason, for example, that we include the
french
Bob Beck beck at openbsd.org writes:
1) It can't mess up the code base for everyone.
2) Everyone should not need to eat the dog food
3) I try to convince myself that our grant means
a half of a cruise missile doesn't get built (c)
And that has nothing do to with what I said Alexey. Go troll somewhere else..
On Thu, Nov 6, 2014 at 2:05 PM, Alexey Suslikov
alexey.susli...@gmail.com wrote:
Bob Beck beck at openbsd.org writes:
1) It can't mess up the code base for everyone.
2) Everyone should not need to eat the dog food
On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
Two weeks has passed. Is there anything that I can do to
push GOST ciphers towards LibreSSL?
Sorry about that. Joel and/or I need to review the diff again and push
it. I'll try to find time for this next week-end (famous last
This is suspicious person for me (group of people?). There are lots of
commits since about 2011 in many low-level and/or critical components
from this person: linux kernel, android, gnupg, tcpdump, alsa, tor,
openssl etc, etc..
I'm almost certainly wrong, but not too much there competencies
Hello,
2014-11-05 20:05 GMT+03:00 Артур Истомин art.is...@yandex.ru:
On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
Two weeks has passed. Is there anything that I can do to
push GOST ciphers towards LibreSSL?
Sorry about that. Joel and/or I need to review the diff again and
On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote:
This is suspicious person for me (group of people?). There are lots of
commits since about 2011 in many low-level and/or critical components
from this person: linux kernel, android, gnupg, tcpdump, alsa, tor,
openssl etc, etc..
Артур Истомин said:
I said that 99.9% I'm wrong. But if I'm right, you guys will have a
problem far worse than ever with ipsec. I believe that the code review
of such diffs should be tightened when it comes to such important things
as the kernel and/or the crypto. Tightened up to accepting of
On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote:
This is suspicious person for me (group of people?). There are lots of
commits since about 2011 in many low-level and/or critical components
from this person: linux kernel, android, gnupg, tcpdump, alsa, tor,
openssl etc,
On 5 Nov 2014, at 20:25, Theo de Raadt wrote:
How do we find people on the internet who care, and knit them into a
community, and then somewhere down the road meet them and have them
become this so-called 'core developer' group?
We start reading code from them.
The code, yes, the code.
On 5 Nov 2014, at 20:25, Theo de Raadt wrote:
How do we find people on the internet who care, and knit them into a
community, and then somewhere down the road meet them and have them
become this so-called 'core developer' group?
We start reading code from them.
The code, yes, the code.
On Wed, Nov 05, 2014 at 01:25:32PM -0700, Theo de Raadt wrote:
On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote:
This is suspicious person for me (group of people?). There are lots of
commits since about 2011 in many low-level and/or critical components
from this person:
On 05.11.2014 23:03, Артур Истомин wrote:
It was not accusation to Dmitry, like you said in another e-mail. I'm
just trying to point out the problem, which seems to me important.
what problem?? I don't get what your problem is. There is a guy asking
for a code review and Miod said that he
?? ?? [art.is...@yandex.ru] wrote:
On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
Two weeks has passed. Is there anything that I can do to
push GOST ciphers towards LibreSSL?
Sorry about that. Joel and/or I need to review the diff again and push
it.
I perfectly see the folly of my proposal. But it was a proposal, attempt
to begin discussion of the problem. But based on your answer, you do not
see the problem. You can not see the forest for the trees. You think,
that all security problems are technical problems, that can be solved
with
Hello,
2014-10-20 13:57 GMT+04:00 Dmitry Eremin-Solenikov dbarysh...@gmail.com:
Hello,
It took a while longer than I expected, but I think that
the GOST ciphers implementation is complete now
at https://github.com/libressl-portable/openbsd/pull/6
I still expect issues when Windows GOST CSP
Two weeks has passed. Is there anything that I can do to
push GOST ciphers towards LibreSSL?
Sorry about that. Joel and/or I need to review the diff again and push
it. I'll try to find time for this next week-end (famous last words).
Miod
Hello,
It took a while longer than I expected, but I think that
the GOST ciphers implementation is complete now
at https://github.com/libressl-portable/openbsd/pull/6
I still expect issues when Windows GOST CSP vendors
will work on TLS 1.2 implementation (up to now they
only provide TLS 1.0).
On Mon, Oct 20, 2014 at 01:57:44PM +0400, Dmitry Eremin-Solenikov wrote:
Hello,
It took a while longer than I expected, but I think that
the GOST ciphers implementation is complete now
at https://github.com/libressl-portable/openbsd/pull/6
I still expect issues when Windows GOST CSP
33 matches
Mail list logo