This adds return value check for sk_X509_push.
In error case, allocated memories are freed at 'export_end:'.
After this diff, I would like to add more another return value check.
ok?
Index: pkcs12.c
===
RCS file: /cvs/src/usr.bin/ope
On Sat, Apr 23, 2022 at 08:31:50AM +0200, Theo Buehler wrote:
> On Sat, Apr 23, 2022 at 01:45:12PM +0900, Kinichiro Inoguchi wrote:
>
> > I would like to do some clean up for openssl(1) pkcs12.
> > This diff changes pointer value checking to explicit comparison with NULL,
>
I would like to do some clean up for openssl(1) pkcs12.
This diff changes pointer value checking to explicit comparison with NULL,
and no functional changes here.
This works fine for me on my local pc.
ok?
Index: pkcs12.c
===
RCS fil
This builds fine and works good.
ok inoguchi@
I have one comment additionally what jmc@ mentioned.
On Sun, Aug 29, 2021 at 01:10:56PM +0100, Jason McIntyre wrote:
> On Sun, Aug 29, 2021 at 02:00:44PM +0200, Theo Buehler wrote:
> > Terminate the s_server after n clients connected to it. This is
>
On Mon, Nov 09, 2020 at 01:10:51PM -0600, Brent Cook wrote:
>
> This updates the getentropy implementation for Windows to use the newer
> "Cryptography Next Generation APIs", replacing CryptGenRandom, which
> already has been removed from applications built for the Windows Store.
>
> Tested with
On Thu, Apr 09, 2020 at 07:44:51PM +0100, Stuart Henderson wrote:
> On 2020/04/09 20:13, Theo Buehler wrote:
> > On Thu, Apr 09, 2020 at 05:56:55PM +0100, Stuart Henderson wrote:
> > > Not new - this happened somewhere between 6.5 and 6.6 - but some
> > > certificates are now showing up with bad se
> There is no English specification for GOST PKCS8 files yet,
> unfortunately. You can find similar pieces of code in OpenSSL's GOST
> engine (https://github.com/gost-engine/engine/blob/master/gost_ameth.c#L347)
> and in GnuTLS
> (https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/privkey_pkc
Hi,
Where can we see the specifcation for these 3 different format, wrapped in
OCTET STRING, INTEGER and unwrapped but masked ?
I tried to find but couldn't.
Confirmed that portable build and regresses succeeded.
I'm ok with this patch.
On Sun, Mar 29, 2020 at 02:48:05PM +0300, Dmitry Baryshkov wrote:
> Allow users to specify new curves via strings.
>
> Sponsored by ROSA Linux
>
> Signed-off-by: Dmitry Baryshkov
> ---
> src/lib/libcrypto/gost/gostr
Hi,
I have 2 questions.
In GostR3410_512_params[], "A" and "TCA" have the same NID, "B" and "TCB" too.
I thought these were redundant, but are there any reasons for this ?
In GostR3410_512_params[], don't you need the record for
NID_id_tc26_gost_3410_12_512_paramSetTest ?
Best regards,
On Sat
Verified added curve parameters _EC_GOST_2012_256_TC26_A and
_EC_GOST_2012_512_TC26_C are equivalent to the definition of
https://tools.ietf.org/html/rfc7836#appendix-A.2 .
Verified added curve parameter _EC_GOST_2012_512_Test is equivalent to
https://tools.ietf.org/html/draft-deremin-rfc4491-bis-
I had checked this by portable build and all regresses passed.
I'm ok with this diff.
On Thu, Mar 26, 2020 at 09:28:02PM +0300, dbarysh...@gmail.com wrote:
> From: Dmitry Baryshkov
>
> GOST code uses GOSTerror(EC_R_foo) to report several errors. Use
> ECerror(EC_R_foo) instead to make error mess
I had checked this by portable build and all regresses passed.
I'm ok with this diff.
On Thu, Mar 26, 2020 at 09:28:01PM +0300, dbarysh...@gmail.com wrote:
> From: Dmitry Baryshkov
>
> Add few more error reports to help debugging.
>
> Sponsored by ROSA Linux.
>
> Signed-off-by: Dmitry Baryshk
Hi,
I have a 3 questions,
- parameter set values for Twisted Edwards
- description in _ec_list_element_st
- naming about object identifier
details are described below.
On Thu, Mar 26, 2020 at 09:25:57PM +0300, dbarysh...@gmail.com wrote:
> From: Dmitry Baryshkov
>
> Add support for GOST curve
> I like the idea!
I agree.
> To me it would be more logical to put .Tg above .Sh, but that is a minor
> thing.
I also think that it would better to place .Tg above .Sh .
On Mon, Feb 17, 2020 at 11:20:34PM +0100, Remi Locherer wrote:
> On Mon, Feb 17, 2020 at 05:19:27PM +0100, Klemens Nanni wro
had not took consider about others.
I should have thought about this from comprehensive perspective of view.
I would like to abandon this patch for now.
Regards,
Kinichiro Inoguchi
On Sun, Jan 12, 2020 at 10:46:26AM +0100, Ingo Schwarze wrote:
> Hello Kinichiro-san,
>
> Kinichiro Inogu
I think both SSL_CTX_get_extra_chain_certs and
SSL_CTX_get_extra_chain_certs_only should be described here.
ok?
Index: SSL_CTX_add_extra_chain_cert.3
===
RCS file: /cvs/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3,v
retrieving r
I thought this patch could give an ability to handle OAEP label with
openssl(1) pkeyutl command, and encryption works fine, but decryption fails.
--
openssl genrsa -out rsakey.pem
echo "abcd" | openssl pkeyutl -encrypt -inkey rsak
Hi,
This patch was applied, and thanks for your help.
Sorry for late, since we couldn't have time to review.
On Sat, Aug 17, 2019 at 07:11:28AM +0300, Stefan Strogin wrote:
> v1->v2:
> Use correct static_ASN1_ITEM_start macros instead of ASN1_ITEM_start in
> static_ASN1_SEQUENCE_END_ref definitio
Hi,
+#define static_ASN1_SEQUENCE_END_ref(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
I think this should be "static_ASN1_ITEM_start" instead "ASN1_ITEM_start".
OK @inoguchi
2018/08/19 22:44 "Theo Buehler" :
> On Sun, Aug 19, 2018 at 09:53:32PM +0900, Kinichiro Inoguchi wrote:
> > I feel that "error case free" should be done in do_accept() rather than
> caller.
> > After strdup(), there are 2 "return (0)".
I feel that "error case free" should be done in do_accept() rather than caller.
After strdup(), there are 2 "return (0)".
How about adding "free(*host)" before these 2 "return (0)" ?
I worried that error return occurs before strdup() in do_accept().
On Sun, Aug 19, 2018 at 10:40:55AM +0200, Theo B
It looks good to me.
OK inoguchi@
On Sun, Aug 19, 2018 at 08:44:24AM +0200, Theo Buehler wrote:
> Coverity complains about the case where EVP_Digest() fails, but there
> are a couple more.
>
> Index: rsa/rsa_oaep.c
> ===
> RCS file:
Hi,
I saw that 2 loops are almost identical, and I think diff tidy up these 2 loops
in 1 function.
I found these 2 lines were not in original code.
> + shutdown(SSL_get_fd(scon), SHUT_RDWR);
> + close(SSL_get_fd(scon));
Is this part needed ?
Kinichiro Inoguchi
looks good to me.
ok inoguchi@
On Sat, Jul 14, 2018 at 02:46:17PM +0200, Theo Buehler wrote:
> The new BN_swap_ct() API is an improved version of the public
> BN_consttime_swap() function: it allows for error checking doesn't
> assert() and has fewer assumptions on the input.
>
> This eliminates
I checked this diff libressl portable build.
ok inoguchi@
On Sat, Jul 14, 2018 at 02:30:12PM +0200, Theo Buehler wrote:
> As pointed out by jsing, using size_t for nwords would be more
> appropriate for the new internal API BN_swap_ct(). Let's switch to it
> and cast to an int internally after ch
e directory hierarchy into a context that bounces stderr to
> the wrong place.
>
> Instead, the Windows compat should have a have a getprogname() stub
> which does the right thing.
>
> Kinichiro Inoguchi wrote:
>
> > To run regress bnaddsub on Windows, I would like to
__progname is not portable, and I once requested to eliminate it.
For porable reason, I prefer to using argv[0].
Anyway, thanks for your comment.
Kinichiro Inoguchi
On Tue, Jul 17, 2018 at 12:01:59PM -0300, Gleydson Soares wrote:
> On Tue, Jul 17, 2018 at 10:09:37PM +0900, Kinichiro Inogu
To run regress bnaddsub on Windows, I would like to supersede getprogname
with argv[0] since it is not on Windows.
OK ?
Index: regress/lib/libcrypto/bn/addsub/bnaddsub.c
===
RCS file: /cvs/src/regress/lib/libcrypto/bn/addsub/bnaddsub
OK inoguchi@
Hi,
I would like to see that patch.
Since I thought autotools could adjust the differences between OSs,
I didn't know that a special patch needed for AIX.
Best regards,
Kinichiro Inoguchi
Same kind of issue had been raised for Postfix and LibreSSL 2.2.2 2 years
ago.
http://postfix.1071664.n5.nabble.com/SSL-accept-errors-after-recent-upgrade-to-LibreSSL-2-2-2-td78774.html
In this case, SSLv2 caused some wrong behavior.
Hi,
In my OpenBSD 6.2, LibreSSL server and OpenSSL client can communicate
successfully via cipher DHE-RSA-AES256-SHA.
--
# Server LibreSSL 2.6.3
$ openssl s_server -cert server.pem
Absolutely.
ok inoguchi@
On Mon, Jul 17, 2017 at 06:26:30AM -0500, Brent Cook wrote:
> OPENSSL_NO_EC_NISTP_64_GCC_128 has been defined in opensslfeatures.h for a
> long time, which effectively means that ecp_nistp* are all empty files. So,
> there is no reason to build them in the first place. OK
Hi,
I have a question for this patch.
Do you refer to the document below ?
https://tools.ietf.org/html/draft-strombergson-chacha-test-vectors-01
Best regards,
Kinichiro Inoguchi
On Sat, Mar 18, 2017 at 07:56:19AM -0700, Steven Roberts wrote:
> TC3 contained the data for TC4.
> TC4 con
Hi,
This patch is for CVE-2016-8610.
See http://seclists.org/oss-sec/2016/q4/224 .
- Don't allow too many consecutive warning alerts up to MAX_WARN_ALERT_COUNT
OpenSSL seems not to fix this issue on branch 1.0.1.
Then I refer to these 2 commits on branch 1.0.2.
- Don't allow too many consecut
Sorry for my misunderstanding, and thanks for teaching me.
I had read C99 standard document.
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1124.pdf
On p.130 6.7.8 Initialization "32 EXAMPLE 8 The declaration" says,
-
char s[] = "abc", t[3] = "abc";
defines ‘‘plain’’ char array obj
Hi,
I think this 16 bytes string assignment has boundary issue.
static const char sigma[16] = "expand 32-byte k";
I found this when I tried to build libressl-portable with MSVC on Windows.
These 4 files have the same code above.
lib/libc/crypt/chacha_private.h
lib/libcrypto/chacha/chacha-
I could have an answer that this compilation error was a bug of compiler,
and that bug will be tracked.
https://software.intel.com/en-us/forums/intel-c-compiler/topic/698109
I saw the type of buf was changed in cvs,
then I can avoid this compilation problem.
Thanks.
Kinichiro
Thanks, that is apparently better than I suggested and reasonable.
And I confirmed it can also avoid the issue.
I appreciate if this is applied.
And, yes I believe compilation error is bug of compiler, not source code.
I posted this compilation error to Intel C++ compiler forum on Sunday.
https://
I would like to cast the return variable explicitly in tls_load_file().
This fix also avoiding Intel C++ compiler "assertion failed" described here.
https://github.com/libressl-portable/portable/issues/209#issuecomment-249587024
ok ?
Index: tls_util.c
==
Thanks, Brent.
I appreciate if you commit this.
Kinichiro
Sorry, I attached wrong patch file.
I re-post the patch file again.
On Thu, Sep 15, 2016 at 04:10:55PM +0900, Kinichiro Inoguchi wrote:
> Hi,
>
> I would like to fix this SNI issue.
>
> reported by @davidben
> https://github.com/libressl-portable/openbsd/issues/69
>
>
Hi,
I would like to fix this SNI issue.
reported by @davidben
https://github.com/libressl-portable/openbsd/issues/69
#3560: OpenSSL selects weak digest for (EC)DH
https://rt.openssl.org/Ticket/Display.html?id=3560
original OpenSSL commit is here.
https://git.openssl.org/gitweb/?p=openssl.git;a=
it repo of libressl-portable.
Best regards,
Kinichiro Inoguchi
diff --git src/usr.bin/openssl/apps.c src/usr.bin/openssl/apps.c
index d1d0d14..525166e 100644
--- src/usr.bin/openssl/apps.c
+++ src/usr.bin/openssl/apps.c
@@ -2218,7 +2218,8 @@ options_parse(int argc, char **argv, struct option *o
Hi,
I verified that regression test
src/regress/lib/libssl/unit/tls_ext_alpn.c fails on these cases;
- proto_invalid_len5, 7, 8
- proto_invalid_missing1 - 5
- proto_invalid_missing8, 9
To correct these failures, ssl_parse_clienthello_tlsext() and
ssl_parse_serverhello_tlsext() in ssl/t1_lib.c
ese variables before using, I would like to apply the patch.
OK ?
Here is original topic on GitHub.
https://github.com/libressl-portable/openbsd/pull/19
Best Regards,
kinichiro inoguchi
diff --git src/lib/libssl/src/crypto/bn/bn_nist.c
src/lib/libssl/src/crypto/bn/bn_nist.c
index 4d3a612..a87309
Hi,
I would like to add error check for CAfile loading
since some OS doesn't have /etc/ssl/cert.pem.
Best regards,
Kinichiro Inoguchi
diff --git src/regress/lib/libcrypto/ocsp/ocsp_test.c
src/regress/lib/libcrypto/ocsp/ocsp_test.c
index 8867536..31594fa 100644
--- src/regress/lib/libcrypto
rt to verify by OCSP stapling will be always single ...)
Best regards,
Kinichiro Inoguchi
49 matches
Mail list logo