User Details
- User Since
- Aug 2 2014, 8:08 AM (461 w, 19 h)
Fri, Jun 2
Thu, Jun 1
Wed, May 31
Some of the comments I found elsewhere suggested this is unnecessary with OpenSSL 1.1+. Is this truly needed?
The commit message/revision description needs updating, BTW.
LGTM, but I think @jhb’s suggestion about using static functions or macros with forward looking names would be a good potential investment, but that doesn’t need to be done here or now.
Tue, May 30
Sounds good to me! From https://www.openssl.org/docs/man3.1/man3/SSL_CTX_set_ecdh_auto.html :
Sun, May 28
I've been going back and forth a lot over the wording and APIs in use because I've been refining my understanding upon reading the manpages and tried to get things consistent across the board to aid with program UX 😅.
The existing code was also misleading/incorrect in terms of how the limits were calculated and enforced, too: it should have been 256, not 112 -- I have no idea why someone chose the number 112.
Include appropriate headers for new APIs in use
Consistently use bytes or bits in calculations
Make the minimum required RSA bits 256, not 112.
Update values and messages used when testing pubkey limits
Sat, May 27
Remove all pre-3.0 related ifdefs.
Fri, May 26
Thu, May 25
Tue, May 23
Sat, May 20
Sat, May 13
Thu, May 11
Submitted as https://github.com/corecode/dma/pull/126 .
Ah, it’s not fixed upstream yet. I can submit the patch if that’s ok.
Can we also update this third-party package to a version that supports OpenSSL 3?
Wed, May 10
Apr 22 2023
Apr 18 2023
Apr 16 2023
Update with @sunpoet's patch from https://people.freebsd.org/~sunpoet/patch/security-py-cryptography.txt .
Take back so I can update the diff.
@sunpoet : I'm going to pass this review to you, given that you're the more current maintainer and you have a patch out for updating to 40.0.1. Please feel free to abandon the review if you it's being addressed elsewhere or you don't feel this is necessary.
Apr 3 2023
Mar 20 2023
John: do you have any more comments I should follow up on?
Mar 19 2023
This built successfully with poudriere on 13.1-RELEASE-p7/amd64. It also passed the exp-run according to @antoine: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270161#c1 .
Mar 15 2023
Mar 14 2023
Mar 13 2023
Fix typo in previous revision regarding version pinning.
Add a minimum required test-vectors version and a comment noting why the version is pinned.
Address comments re: 3.11 support.
patch-setup.py isn't strictly required I suppose. I can remove it from the diff, if need be.
Mar 12 2023
This is a bit of additional boilerplate that would be nice to DRY. Not needed now, but it would be a good idea to create a for-loop that generates test cases for gtar/non-gtar within atf_init_test_cases, if possible.
Mar 8 2023
The changes that needed to be removed are based on complaints from the developer checks printed out by stage-qa, BTW: I naively heeded the advice from stage-qa post build, which is why I introduced the checks: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270035 .
Mar 7 2023
Mar 6 2023
Merged as https://reviews.freebsd.org/rGe4520c8bd1d3 .