Hi,
RFC 7935 states in section 3: "The RSA key pairs used to compute the
signatures MUST have a 2048-bit modulus and a public exponent (e) of
65,537."
The below adds a check for that.
OK?
Kind regards,
Job
Index: cms.c
===
RCS fi
On Mon, Mar 06, 2023 at 10:52:31AM +, Job Snijders wrote:
> Hi,
>
> RFC 7935 states in section 3: "The RSA key pairs used to compute the
> signatures MUST have a 2048-bit modulus and a public exponent (e) of
> 65,537."
>
> The below adds a check for that.
That's a good first step. See commen
All relevant variables should be explained.
Feedback? OK?
Index: rc.conf.8
===
RCS file: /cvs/src/share/man/man8/rc.conf.8,v
retrieving revision 1.31
diff -u -p -r1.31 rc.conf.8
--- rc.conf.8 25 Sep 2022 22:47:27 - 1.31
++
I pointed out how rc.d(8) uses login.conf(5) via `daemon_class', so I linked
to https://man.openbsd.org/rc.d.8#daemon_class expecting it to be marked up.
Add .Tg to make above link and ":t daemon_class" in `man rc.d' work.
Mark up all `daemon_*' variables as single .Va so they get an automatic ta
01.03.2023 17:47, Klemens Nanni пишет:
> Same diff as nov 2021 "Re: installer: prompt for WEP only if available"
> https://marc.info/?l=openbsd-tech&m=163680942623448&w=2
>
> bwfm(4) still has no WEP support and using it for installs keeps showing
>
> Which network interface do you wish to co
On Mon, Mar 06, 2023 at 01:28:59PM GMT, Klemens Nanni wrote:
> I pointed out how rc.d(8) uses login.conf(5) via `daemon_class', so I linked
> to https://man.openbsd.org/rc.d.8#daemon_class expecting it to be marked up.
>
> Add .Tg to make above link and ":t daemon_class" in `man rc.d' work.
>
> M
> Date: Mon, 6 Mar 2023 13:31:58 +
> From: Klemens Nanni
>
> 01.03.2023 17:47, Klemens Nanni пишет:
> > Same diff as nov 2021 "Re: installer: prompt for WEP only if available"
> > https://marc.info/?l=openbsd-tech&m=163680942623448&w=2
> >
> > bwfm(4) still has no WEP support and using it f
On 2023/03/06 13:10, Klemens Nanni wrote:
> All relevant variables should be explained.
>
> Feedback? OK?
>
> Index: rc.conf.8
> ===
> RCS file: /cvs/src/share/man/man8/rc.conf.8,v
> retrieving revision 1.31
> diff -u -p -r1.31 rc.co
06.03.2023 13:56, Stuart Henderson пишет:
> While I'd certainly _like_ to be able to set flags and force -y on
> certain types of system where it makes sense, I don't think there's
> any code to support this is there?
Heh oops... no wonder this diff is sold, I've had support for that in
tree for qu
On Mon, Mar 06, 2023 at 02:52:51PM +0100, Mark Kettenis wrote:
> > Date: Mon, 6 Mar 2023 13:31:58 +
> > From: Klemens Nanni
> >
> > 01.03.2023 17:47, Klemens Nanni пишет:
> > > Same diff as nov 2021 "Re: installer: prompt for WEP only if available"
> > > https://marc.info/?l=openbsd-tech&m=1
06.03.2023 13:49, Raf Czlonka пишет:
> To quote sthen@[0]:
>
> But that isn't, it is talking about _execdir,
> _flags, etc where you need to replace the
>
> [0] https://marc.info/?l=openbsd-tech&m=165364961710717&w=2
I find this dance in rc.d.8 not helpful:
.It Ar daemon Ns _flags
On Mon, Mar 06, 2023 at 12:27:36PM +0100, Theo Buehler wrote:
> On Mon, Mar 06, 2023 at 10:52:31AM +, Job Snijders wrote:
> > RFC 7935 states in section 3: "The RSA key pairs used to compute the
> > signatures MUST have a 2048-bit modulus and a public exponent (e) of
> > 65,537."
> >
> > The b
On Mon, Mar 06, 2023 at 02:50:14PM +, Job Snijders wrote:
> On Mon, Mar 06, 2023 at 12:27:36PM +0100, Theo Buehler wrote:
> > On Mon, Mar 06, 2023 at 10:52:31AM +, Job Snijders wrote:
> > > RFC 7935 states in section 3: "The RSA key pairs used to compute the
> > > signatures MUST have a 204
On Mon, Mar 06, 2023 at 04:35:05PM +0100, Theo Buehler wrote:
> > 3) Signatures (outside the TBS) in a .cer must be RSA (TODO: also
> > check mod + (e))
>
> I'd prefer to skip this for now. This does not really buy us much, it
> is independent and I see it as some polish that doesn't need to go in
> Currently it is not possible to use unicode codepoints > 0xFF on the console,
> because our UTF-8 decoding logic is badly broken.
>
> The code in question is in wsemul_subr.c, wsemul_getchar().
>
> The problem is that we calculate the number of bytes in a multi-byte
> sequence by just looking a
> The last times the attribute names were updated were 14 and 21 years ago.
> Modern drives, especially SSDs, get a lot of Unknown columns from the
> 'readattr' command.
>
> Attributes were coalesced from smartmontools, NetBSD's atactl, and
> Wikipedia's citations. Manufacturer-specific attribu
Upon re-reading RFC 6487 section 4.8.2, SKIs are not at all arbitary
identifiers: they must be the SHA-1 hash of the 'Subject Public Key'.
The below changeset adds a SPK digest calculation and comparison to the
X509v3 extension containing the SKI.
OK?
Index: x509.c
===
On Mon, Mar 06, 2023 at 08:10:49PM +, Job Snijders wrote:
> Upon re-reading RFC 6487 section 4.8.2, SKIs are not at all arbitary
> identifiers: they must be the SHA-1 hash of the 'Subject Public Key'.
Ah, good.
> The below changeset adds a SPK digest calculation and comparison to the
> X509v3
I think the newly introduced RSA parameter check valid_ca_pkey() can
also be applied to the outside-TBS RSA signature in .cer files.
Am I using X509_get_X509_PUBKEY() properly?
OK?
Kind regards,
Job
Index: cert.c
===
RCS file: /cv
On Mon, Mar 06, 2023 at 10:19:36PM +, Job Snijders wrote:
> Am I using X509_get_X509_PUBKEY() properly?
I was not! Thanks for the clue tb@
20 matches
Mail list logo
