~apreiml

Austria

https://denkmaschine.at/

~apreiml/hare-tls

Last active 11 days ago

~apreiml/public-inbox

Last active 4 years ago
View more

Recent activity

[hare-tls] Status update September 2024 12 days ago

From Armin Preiml to ~apreiml/hare-tls

Six months have already passed since the last update so I guess it's
time for another one.

Since then the elliptic curve crypto patches have been merged upstream.
With that I've implemented signature support for the newly added
curves (p256, p384, p521) in the x509 module.

Besides that I've also worked on the RSA PSS signature support, which is
the last missing mandatory signature algorithm as defined in the TLS
1.3 RFC 8446. A patch has been send upstream, which is pending for
review. Meanwhile the work here continues on the rsa-pss branch,
until the patch is accepted.

The openssl s_server is now used for testing, which allows me to more

Re: [PATCH himitsu] hiq: add -M to store/query for multi-line secrets a month ago

From Armin Preiml to ~sircmpwn/himitsu-devel

I'm not in favor of introducing multiline field support into hiq, since
it breaks the query format once applied. Multiline values do not play
well with other unix tools.

There are some other cases this can fail easily:

 * When the value contains already an "\0" before adding it as a 
   multiline value, it will introduce another unintended line break.
 * When your query returns more than one entry with a multiline value
   You won't be able to tell where one begins and the next one stops.
 
Also how can one store an entry with more than one multiline fields?

The intended way to store values, that contain control characters, is to

Re: Sporadic crypto::argon2::samples_slow failures a month ago

From Armin Preiml to ~sircmpwn/hare-dev

On 29.08.24 19:19, Roland Paterson-Jones wrote:
> Yup, I'm pretty sure - the above sporadic failure run was definitely
> without any other interference (including switching off wifi and
> closing everything else; I was getting perf stats). I kinda suspect
> hardware issues (again) but the sporadic nature of the failure under
> the same conditions is (still) confusing.

Random failure is very strange indeed, since this is a deterministic 
algorithm. I'd bet that maybe the memory allocation sometimes fails in 
between. But this is just a wild guess.

[PATCH hare] crypto::rsa: add pss signature support a month ago

From Armin Preiml to ~sircmpwn/hare-dev

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>
---

v2: make the linter happy

 crypto/rsa/+test/pss_test.ha | 133 +++++++++++++++++++++++
 crypto/rsa/pss.ha            | 203 +++++++++++++++++++++++++++++++++++
 2 files changed, 336 insertions(+)
 create mode 100644 crypto/rsa/+test/pss_test.ha
 create mode 100644 crypto/rsa/pss.ha

diff --git a/crypto/rsa/+test/pss_test.ha b/crypto/rsa/+test/pss_test.ha
new file mode 100644
index 00000000..fa04fa11
[message trimmed]

[PATCH hare] crypto::rsa: add pss signature support a month ago

From Armin Preiml to ~sircmpwn/hare-dev

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>
---

This is afaik the last remaining signature algorithm that is required
for basic TLS 1.3.

 crypto/rsa/+test/pss_test.ha | 134 +++++++++++++++++++++++
 crypto/rsa/pss.ha            | 203 +++++++++++++++++++++++++++++++++++
 2 files changed, 337 insertions(+)
 create mode 100644 crypto/rsa/+test/pss_test.ha
 create mode 100644 crypto/rsa/pss.ha

diff --git a/crypto/rsa/+test/pss_test.ha b/crypto/rsa/+test/pss_test.ha
new file mode 100644
[message trimmed]

Re: [RFC v1] Replace strerror with write_error a month ago

From Armin Preiml to ~sircmpwn/hare-rfc

I really like this approach. Good Idea!

On 8/12/24 3:53 AM, Sebastian wrote:
> 	fmt::error("Error: "): void;
> 	write_error(os::stderr, err): void;
> 	fmt::fatal(); // print newline + terminate

Can fmt be extended to allow such an error function to be passed as 
formattable argument so that the following would be possible?

  	fmt::fatal("Error:", &write_error);
	fmt::fatalf("Error: {}", &write_error);

[PATCH hare] build: verify the stdoid database 2 months ago

From Armin Preiml to ~sircmpwn/hare-dev

to catch accidental breakages or format changes during build.

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>
---

ecs: thanks for the hint. It's way cleaner this way.

 .builds/alpine.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.builds/alpine.yml b/.builds/alpine.yml
index b9c95cce..6e5b9a3d 100644
--- a/.builds/alpine.yml
+++ b/.builds/alpine.yml
[message trimmed]

[PATCH hare] scripts: add test-genoiddb 2 months ago

From Armin Preiml to ~sircmpwn/hare-dev

to catch accidental breakages or format changes during build.

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>
---
 .builds/alpine.yml    | 3 +++
 scripts/test-genoiddb | 6 ++++++
 2 files changed, 9 insertions(+)
 create mode 100755 scripts/test-genoiddb

diff --git a/.builds/alpine.yml b/.builds/alpine.yml
index b9c95cce..1c484fde 100644
--- a/.builds/alpine.yml
+++ b/.builds/alpine.yml
@@ -60,6 +60,9 @@ tasks:
[message trimmed]

[PATCH hare v2] genoiddb: generate comments for exported oids 2 months ago

From Armin Preiml to ~sircmpwn/hare-dev

This allows looking up oids in generated databases with haredoc.

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>
---
v2: rebased on top of the genoiddb bugfix

 cmd/genoiddb/main.ha        |   9 ++-
 encoding/asn1/stdoid/README |   5 ++
 encoding/asn1/stdoid/db.ha  | 123 ++++++++++++++++++++++++++++++++++++
 3 files changed, 135 insertions(+), 2 deletions(-)
 create mode 100644 encoding/asn1/stdoid/README

diff --git a/cmd/genoiddb/main.ha b/cmd/genoiddb/main.ha
index 7f0027dd..95f3eb4d 100644
[message trimmed]