Gerardo Ravago
Gerardo Ravago
Sorry, I missed your last comment here. We're currently working on implementing the missing symbols/ciphers in the AWS-LC library. Once that is done, we'll put together a PR of what...
Hi there, we recently finished adding all of the missing symbols in AWS-LC and are ready to look into making this all build successfully. In addition to the symbols listed...
I'll look into those ed448 defines and the i2d alternatives and get back to you. > Also, could we maybe add a test on GitHub Actions that uses AWS-LC? Do...
We picked up [these](https://github.com/aws/aws-lc/blob/main/include/openssl/opensslconf.h) `OPENSSL_NO_x` defines from BoringSSL. ed448 is not on the list. Our preference is to stick to using the `OPENSSL_IS_AWSLC` macro for now to avoid adding to...
I posed this question to my colleagues. There's no security concern with these curves and they are considered acceptable for use in applications. The reason they are no longer recommended...
I've implemented the CI job for AWS-LC and it flagged one [new failure](https://github.com/geedo0/strongswan/actions/runs/8009822528/job/21879352668) which I've traced to an idiosyncrasy of our ASN.1 parser. One of your [unit tests](https://github.com/strongswan/strongswan/blob/0d88c76abcccc93c78519e6b0e2b785838f81050/src/libstrongswan/tests/suites/test_serial_parse.c#L53) passes in...
> What do you mean? I'm trying to distinguish between whether this is an OpenSSL specific decision to handle non-conforming certificates in this way or if we were to decode...
BoringSSL settled on the convention ([ref](https://github.com/google/boringssl/commit/bdc35b63617f78037768f4897d8835696f02181a)) of representing the value of an `ASN1_INTEGER` as an empty array. This is (roughly) because they wanted a newly allocated `ASN1_INTEGER` to represent 0...
> Is there maybe an "invalid" missing here? No, see the following... > Hm, zero is a valid value for ASN.1 integers, though. Are you just referring to serials in...
> Might be for different reasons, but a long time ago our code also assumed zero was represented by a zero length encoding in ASN.1. That's not the case (https://github.com/strongswan/strongswan/commit/82e526ce81db15f92b81cd4ac925d740f3b4d753,...