Attention is currently required from: MaxF, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/370?usp=email )
Change subject: Add support for mbedtls 3.X.Y ...................................................................... Patch Set 1: Code-Review-1 (12 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/370/comment/aab50ccd_b3f897e3 : PS1, Line 28: This commit breaks compatibility for mbed TLS version 2.x.y. A That makes me unhappy. Can we have the changes in an order so that existing builds do not get broken? Patchset: PS1: Lots of nitpicks, mostly File src/openvpn/crypto_mbedtls.c: http://gerrit.openvpn.net/c/openvpn/+/370/comment/01666ef9_bb9a9c08 : PS1, Line 174: if (info && name why is the cipher_kt_insecure check missing here? http://gerrit.openvpn.net/c/openvpn/+/370/comment/2aade4a0_473c3942 : PS1, Line 423: int key_bytelen = mbedtls_cipher_info_get_key_bitlen(cipher)/8; That function seems to return size_t, so should change to correct type. Can probably mark this as const. http://gerrit.openvpn.net/c/openvpn/+/370/comment/92cbb001_0e886286 : PS1, Line 459: return mbedtls_cipher_info_get_key_bitlen(cipher_kt)/8; returns size_t http://gerrit.openvpn.net/c/openvpn/+/370/comment/5c87ca0d_15ec38d9 : PS1, Line 471: return mbedtls_cipher_info_get_iv_size(cipher_kt); returns size_t http://gerrit.openvpn.net/c/openvpn/+/370/comment/8a8454de_c71c3294 : PS1, Line 482: return mbedtls_cipher_info_get_block_size(cipher_kt); returns size_t http://gerrit.openvpn.net/c/openvpn/+/370/comment/9ff5f0a4_2587b778 : PS1, Line 575: int key_len = mbedtls_cipher_info_get_key_bitlen(kt)/8; returns size_t http://gerrit.openvpn.net/c/openvpn/+/370/comment/64a7ebc5_376b0cd8 : PS1, Line 624: return mbedtls_cipher_get_cipher_mode(ctx); returns mbedtls_cipher_mode_t http://gerrit.openvpn.net/c/openvpn/+/370/comment/a83a2860_08071efc : PS1, Line 873: return mbedtls_md_get_size(mbedtls_md_info_from_ctx(ctx)); returns unsigned char, but since this fits completely into int, this is fine. File src/openvpn/options.c: http://gerrit.openvpn.net/c/openvpn/+/370/comment/6090c0ad_d2519496 : PS1, Line 9049: #endif Please use #else here so that static analysis doesn't complain about unreachable code. File src/openvpn/ssl_mbedtls.c: http://gerrit.openvpn.net/c/openvpn/+/370/comment/c7cb421f_7d64647e : PS1, Line 67: #ifndef HAVE_CTR_DRBG_UPDATE_RET Since you remove support for mbedtls < 2.16, this code can be removed? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/370?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I445a93e84dc54b865b757038d22318ac427fce96 Gerrit-Change-Number: 370 Gerrit-PatchSet: 1 Gerrit-Owner: MaxF <m...@max-fillinger.net> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Attention: MaxF <m...@max-fillinger.net> Gerrit-Comment-Date: Wed, 18 Oct 2023 10:44:43 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
