Hi,
On Tue, Mar 14, 2023 at 09:35:12PM -0400, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> Import some sample certificates into Windows store for testing
> - 4 test certificates&keys imported to user store
> and removed at the end.
[..]
This is extremely valuable. Thanks.
If
Am 14.03.23 um 13:21 schrieb selva.n...@gmail.com:
From: Selva Nair
- With OpenSSL 3.0 and xkey-provider, we use pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated. But OpenSSL expects
a DER encoded ASN.1 structure.
Do this conversion as done in crypto
On Wed, Mar 15, 2023 at 4:30 AM Gert Doering wrote:
> Hi,
>
> On Tue, Mar 14, 2023 at 09:35:12PM -0400, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > Import some sample certificates into Windows store for testing
> > - 4 test certificates&keys imported to user store
> > an
From: Lev Stipakov
When DCO is in use, userland doesn't see any traffic
which breaks --inactive option.
Fix by adding inactivity check to inactivity timeout
callback. Get the cumulative tun bytes count (ping packets
are excluded) from DCO and compare it to the previous value
stored in c2.inactiv
The HMAC leaks are just forgotten frees/deinitialisations. tls_wrap_control
will sometimes return the original buffer (non tls-crypt) and sometimes
tls_wrap.work, handling this buffer lifetime is a bit more complicated. Instead
of further complicating that code just give our work buffer the same li
I do not understand these crypto intricacies, but I've stared a bit
at the code to understand the code-move-around, and "things look
reasonable". The test beds agree (mingw, github), and most important,
Arne agrees :-)
Your patch has been applied to the master and release/2.6 branch.
commit b7cf
Hi,
On Wed, Mar 15, 2023 at 04:04:20PM +0100, Arne Schwabe wrote:
> The HMAC leaks are just forgotten frees/deinitialisations. tls_wrap_control
> will sometimes return the original buffer (non tls-crypt) and sometimes
> tls_wrap.work, handling this buffer lifetime is a bit more complicated.
> Ins
The HMAC leaks are just forgotten frees/deinitialisations. tls_wrap_control
will sometimes return the original buffer (non tls-crypt) and sometimes
tls_wrap.work, handling this buffer lifetime is a bit more complicated. Instead
of further complicating that code just give our work buffer the same li
Acked-by: Gert Doering
Stared at the code, and the current version looks good - the change
is now bigger than "just add a free_buf()", but since that did not
work, the new approach of putting all buffers into the per-session
gc_arena should stop the leaking (it might use a bit more memory
while t
