Re: [Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

Almost there. Here we still need context, not tls_multi. > -bool send_auth_pending_messages(struct context *c, const char *extra); > +bool > +send_auth_pending_messages(struct tls_multi *tls_multi, const char *extra, > + unsigned int timeout); >C:\Users\lev\Projects\op

[Openvpn-devel] [PATCH v3 1/3] Check return values in md_ctx_init and hmac_ctx_init

Without this OpenVPN will later segfault on a FIPS enabled system due to the algorithm available but not allowed. Patch V2: Use (!func) instead (func != 1) Signed-off-by: Arne Schwabe --- src/openvpn/crypto_openssl.c | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff -

[Openvpn-devel] [PATCH v3 2/3] Prefer TLS libraries TLS PRF function, fix OpenVPN in FIPS mode

This moves from using our own copy of the TLS1 PRF function to using TLS library provided function where possible. This includes currently OpenSSL 1.1.0+ and mbed TLS 2.18+. For the libraries where it is not possible to use the library's own function, we still use our own implementation. mbed TLS

[Openvpn-devel] [PATCH v3 3/3] Handle the unlikely case that PRF generation fails

We never had handling of this failure condition. But should it happen we can now handle it. Signed-off-by: Arne Schwabe --- src/openvpn/crypto_backend.h | 4 +- src/openvpn/crypto_mbedtls.c | 17 src/openvpn/crypto_openssl.c | 50 ++- src/openvpn/ssl.c|

[Openvpn-devel] [PATCH v3] Change parameter of send_auth_pending_messages from context to tls_multi

This prepares send_auth_pending_messages to be used a in context that does not have context c available but also does not need to schedule an immediate sending of the message (auth plugin/script) Patch V2: Adjust the comment of reschedule_multi_process to actually fit a function. Signed

[Openvpn-devel] [PATCH v3] Change parameter of send_auth_pending_messages from context to tls_multi

This prepares send_auth_pending_messages to be used a in context that does not have context c available but also does not need to schedule an immediate sending of the message (auth plugin/script) Patch V2: Adjust the comment of reschedule_multi_process to actually fit a function. Patch V

[Openvpn-devel] [PATCH v3] Implement server side of AUTH_PENDING with extending timeout

Patch V2: eliminate parse_kid function, fix style Patch V3: adding missing parameter in function, this was added by a later patch in the original series Signed-off-by: Arne Schwabe --- src/openvpn/manage.c | 23 + src/openvpn/manage.h | 3 ++- src/openvpn/multi

Re: [Openvpn-devel] [PATCH 5/5] Prefer TLS libraries TLS PRF function, fix OpenVPN in FIPS mode

Am 29.01.21 um 15:09 schrieb Antonio Quartulli: > Hi, > > witht his review I want to open a broader discussion about the use of > ASSERT in the OpenVPN code. > > My comments below will get to the point. > > On 07/09/2020 18:22, Arne Schwabe wrote: >> This moves from using our own copy of the TLS

[Openvpn-devel] [PATCH] Explain structvar usage in sample defer plugin.

sample-plugins/defer/simple.c uses OPENVPN_PLUGINv3_STRUCTVER settings that may not be obvious to a new author. Add a comment to reduce possible confusion. --- sample/sample-plugins/defer/simple.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/sample/sample-plugins

Re: [Openvpn-devel] [PATCH] Add a warning for disabled DHCP media sense on Window

Hi, On Thu, Feb 13, 2020 at 03:53:04PM +0100, Arne Schwabe wrote: > This on of the old patches that are still pending. It seems that the > original submitter never replied. This is still something we want to > merge or should we just "close" due to timeout? I am not too familiar > with the DHCP pr