Hello,
2014-11-18 8:27 GMT+03:00 Miod Vallat :
>> I found the issue. In param_copy_gost01() change
>> int ret = 0;
>> to
>> int ret = 1;
>>
>> If there is no private key set in eto, param_copy_gost01() will
>> skip all ret assignments and happily return 0 (= error).
>
> Doh, of course! Sorry for i
> I found the issue. In param_copy_gost01() change
> int ret = 0;
> to
> int ret = 1;
>
> If there is no private key set in eto, param_copy_gost01() will
> skip all ret assignments and happily return 0 (= error).
Doh, of course! Sorry for introducing this bug.
Miod
2014-11-17 23:35 GMT+03:00 Miod Vallat :
>> Is the offending patch in CVS? If so I'll take a look as it hits the
>> LibreSSL mirror at GitHub.
>
> Yes, it's in HEAD.
I found the issue. In param_copy_gost01() change
int ret = 0;
to
int ret = 1;
If there is no private key set in eto, param_copy_gos
> Is the offending patch in CVS? If so I'll take a look as it hits the
> LibreSSL mirror at GitHub.
Yes, it's in HEAD.
2014-11-17 22:28 GMT+03:00 Miod Vallat :
> So I've finally sit down and tested interoperability of LibreSSL with
> the various gost-enabled sites you've listed, starting with simple
> things such as:
>
> openssl s_client -debug -connect zakupki.gov.ru:443
>
> Unfortunately, this fails because of
So I've finally sit down and tested interoperability of LibreSSL with
the various gost-enabled sites you've listed, starting with simple
things such as:
openssl s_client -debug -connect zakupki.gov.ru:443
Unfortunately, this fails because of the failure checks I've added to
the GOST code trigge
>> > - I understand from the ``FIXME IANA'' comments that the various cipher
>> > and extension IDs used by GOST are not official yet. Are these values
>> > generally agreed upon by the websites which serve content using GOST
>> > algorithms?
>>
>> These values are provided as 'temporal priv
> > - I understand from the ``FIXME IANA'' comments that the various cipher
> > and extension IDs used by GOST are not official yet. Are these values
> > generally agreed upon by the websites which serve content using GOST
> > algorithms?
>
> These values are provided as 'temporal private va
2014-11-10 1:04 GMT+03:00 Miod Vallat :
> ... and while I'm mopping this code, I believe the following change is
> correct:
>
> Index: gostr341001_pmeth.c
> ===
> RCS file: /cvs/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c,v
> re
... and while I'm mopping this code, I believe the following change is
correct:
Index: gostr341001_pmeth.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/gost/gostr341001_pmeth.c,v
retrieving revision 1.4
diff -u -p -r1.4 gostr341001_pm
2014-11-09 23:38 GMT+03:00 Miod Vallat :
> The libcrypto parts of the GOST ciphers have been commited, and barring
> any objection from the usual LibreSSL suspects, will be enabled in the
> not-so-far-away future.
>
> The libssl parts are still under consideration. I have one concern and
> one ques
2014-11-09 23:38 GMT+03:00 Miod Vallat :
> The libcrypto parts of the GOST ciphers have been commited, and barring
> any objection from the usual LibreSSL suspects, will be enabled in the
> not-so-far-away future.
>
> The libssl parts are still under consideration. I have one concern and
> one ques
The libcrypto parts of the GOST ciphers have been commited, and barring
any objection from the usual LibreSSL suspects, will be enabled in the
not-so-far-away future.
The libssl parts are still under consideration. I have one concern and
one question about them:
- I understand from the ``FIXME IAN
And that has nothing do to with what I said Alexey. Go troll somewhere else..
On Thu, Nov 6, 2014 at 2:05 PM, Alexey Suslikov
wrote:
> Bob Beck openbsd.org> writes:
>
>> 1) It can't mess up the code base for everyone.
>> 2) Everyone should not need to eat the dog food
>
> 3) "I try to convince m
Bob Beck openbsd.org> writes:
> 1) It can't mess up the code base for everyone.
> 2) Everyone should not need to eat the dog food
3) "I try to convince myself that our grant means
a half of a cruise missile doesn't get built" (c)
We have and will continue to publicly state that we will welcome
implementations of government-mandated ciphers as long as the
implementations
are clean and they are appropriately licensed, and everyone does *not*
need to use them. This is the reason, for example, that we include the
french governm
2014-11-06 15:44 GMT+03:00 Alexey Suslikov :
> Chris Cappuccio nmedia.net> writes:
>
>> So, you're saying, he's really dmitry svr.gov.ru, the source of
> Russian
>> backdoors into technology worldwide!!!
>>
>> I guess the open-source ecosystem has been thoroughly poisoned!
>>
>> Putin is going to
Chris Cappuccio nmedia.net> writes:
> So, you're saying, he's really dmitry svr.gov.ru, the source of
Russian
> backdoors into technology worldwide!!!
>
> I guess the open-source ecosystem has been thoroughly poisoned!
>
> Putin is going to take us over. OpenBSD and Linux are ruined! Fuck, I'
On Thu, 6 Nov 2014, Артур Истомин wrote:
> On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
> > > Two weeks has passed. Is there anything that I can do to
> > > push GOST ciphers towards LibreSSL?
> >
> > Sorry about that. Joel and/or I need to review the diff again and push
> > it. I'l
> I perfectly see the folly of my proposal. But it was a proposal, attempt
> to begin discussion of the problem. But based on your answer, you do not
> see the problem. You can not see the forest for the trees. You think,
> that all security problems are technical problems, that can be solved
> wi
?? ?? [art.is...@yandex.ru] wrote:
> On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
> > > Two weeks has passed. Is there anything that I can do to
> > > push GOST ciphers towards LibreSSL?
> >
> > Sorry about that. Joel and/or I need to review the diff again and p
On 05.11.2014 23:03, Артур Истомин wrote:
It was not accusation to Dmitry, like you said in another e-mail. I'm
just trying to point out the problem, which seems to me important.
what problem?? I don't get what your problem is. There is a guy asking
for a code review and Miod said that he d
On Wed, Nov 05, 2014 at 01:25:32PM -0700, Theo de Raadt wrote:
> > On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote:
> > > > This is suspicious person for me (group of people?). There are lots of
> > > > commits since about 2011 in many low-level and/or critical components
> > > > from t
>On 5 Nov 2014, at 20:25, Theo de Raadt wrote:
>>
>> How do we find people on the internet who care, and knit them into a
>> community, and then somewhere down the road meet them and have them
>> become this so-called 'core developer' group?
>>
>> We start reading code from them.
>
>The code, yes,
On 5 Nov 2014, at 20:25, Theo de Raadt wrote:
How do we find people on the internet who care, and knit them into a
community, and then somewhere down the road meet them and have them
become this so-called 'core developer' group?
We start reading code from them.
The code, yes, the code.
Nothi
> On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote:
> > > This is suspicious person for me (group of people?). There are lots of
> > > commits since about 2011 in many low-level and/or critical components
> > > from this person: linux kernel, android, gnupg, tcpdump, alsa, tor,
> > > ope
Артур Истомин said:
> I said that 99.9% I'm wrong. But if I'm right, you guys will have a
> problem far worse than ever with ipsec. I believe that the code review
> of such diffs should be tightened when it comes to such important things
> as the kernel and/or the crypto. Tightened up to accepting
On Wed, Nov 05, 2014 at 06:13:40PM +, Miod Vallat wrote:
> > This is suspicious person for me (group of people?). There are lots of
> > commits since about 2011 in many low-level and/or critical components
> > from this person: linux kernel, android, gnupg, tcpdump, alsa, tor,
> > openssl etc,
Hello,
2014-11-05 20:05 GMT+03:00 Артур Истомин :
> On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
>> > Two weeks has passed. Is there anything that I can do to
>> > push GOST ciphers towards LibreSSL?
>>
>> Sorry about that. Joel and/or I need to review the diff again and push
>> it
> This is suspicious person for me (group of people?). There are lots of
> commits since about 2011 in many low-level and/or critical components
> from this person: linux kernel, android, gnupg, tcpdump, alsa, tor,
> openssl etc, etc..
>
> I'm almost certainly wrong, but not too much there compete
On Tue, Nov 04, 2014 at 08:42:03PM +, Miod Vallat wrote:
> > Two weeks has passed. Is there anything that I can do to
> > push GOST ciphers towards LibreSSL?
>
> Sorry about that. Joel and/or I need to review the diff again and push
> it. I'll try to find time for this next week-end (famous la
> Two weeks has passed. Is there anything that I can do to
> push GOST ciphers towards LibreSSL?
Sorry about that. Joel and/or I need to review the diff again and push
it. I'll try to find time for this next week-end (famous last words).
Miod
Hello,
2014-10-20 13:57 GMT+04:00 Dmitry Eremin-Solenikov :
> Hello,
>
> It took a while longer than I expected, but I think that
> the GOST ciphers implementation is complete now
> at https://github.com/libressl-portable/openbsd/pull/6
>
> I still expect issues when Windows GOST CSP vendors
> wil
On Mon, Oct 20, 2014 at 01:57:44PM +0400, Dmitry Eremin-Solenikov wrote:
> Hello,
>
> It took a while longer than I expected, but I think that
> the GOST ciphers implementation is complete now
> at https://github.com/libressl-portable/openbsd/pull/6
>
> I still expect issues when Windows GOST CSP
Hello,
It took a while longer than I expected, but I think that
the GOST ciphers implementation is complete now
at https://github.com/libressl-portable/openbsd/pull/6
I still expect issues when Windows GOST CSP vendors
will work on TLS 1.2 implementation (up to now they
only provide TLS 1.0). How
35 matches
Mail list logo
