Acked-by: Gert Doering
That seems to be an easy one - all definitions in that file have
"havege" in their name, and "git grep havege" does not show any uses
of them. Out it goes!
Your patch has been applied to the master branch.
commit d6d4feb4ddd0f23c3816878ff88b49b37379e31b
Author: Max Filli
Took us long enough for such a "simple" refactoring task... pesky
language, this "C" stuff :-)
Thanks, Antonio, for verifying the sitnl stuff.
(GCC on Linux actually found and errored on the v4 bit with the missing
"&", I just did not look at the compile result because I saw the mismatch
in the
Patch looks good, explanation makes sense, logical continuation of
the process started with the "removal for 3.0.0". All DES keys are
weak :-)
Lightly tested with OpenSSL 1.1.1 and mbedTLS builds (no actual *use*
of DES, though, besides "make check").
Your patch has been applied to the master b
Applied as instructed (textual change to Changes.rst, whitespace fix).
This is a surprisingly large patch :-)
Lightly tested on Linux / OpenSSL.
Your patch has been applied to the master branch.
commit a2f6604d55ea34c33668cab632928a2da2ae11f1
Author: Arne Schwabe
Date: Sun Nov 7 10:01:47 2021
From: Ville Skyttä
The module name is openvpn-plugin-down-root.so, not openvpn-down-root.so.
Signed-off-by: Frank Lichtenheld
---
src/plugins/down-root/README.down-root | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
As part of an initative to clean up the Github PR submissions, sub
From: Peppernrino
Updated to current links, and added SSL to all.
Changed tap-windows to reflect NDIS 6 repository shift.
Signed-off-by: Frank Lichtenheld
---
README | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
As part of an initative to clean up the Github PR submission
From: Adrian
The man page says:
[!] -s, --source address[/mask][,...]
Signed-off-by: Frank Lichtenheld
---
sample/sample-config-files/firewall.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
As part of an initative to clean up the Github PR submissions, submitting
this patch to the m
Hi,
On 06/11/2021 19:00, Arne Schwabe wrote:
This put the early initialisation and uninitialisation that needs to
happen between option parsing and post processing into small methods.
Signed-off-by: Arne Schwabe
Change looks good, no error/warning upon compilation and a basic
connectivity t
This header was removed in mbedtls 3. Luckily, we weren't actually
using it, it seems.
Signed-off-by: Max Fillinger
---
src/openvpn/crypto_mbedtls.c | 1 -
src/openvpn/ssl_mbedtls.c| 2 --
2 files changed, 3 deletions(-)
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls
Hi,
We agreed during the hackathon that we are going to ship a 2.6 Windows
client with OpenSSL 3.0. Apart from merging relevant patches, there
are few (small) blocks:
- vcpkg hasn't yet added OpenSSL 3.0 to official repo, but there is a
PR https://github.com/microsoft/vcpkg/pull/20428 This shoul
Hi Community,
OpenVPN supports HTTP proxies that require NTLM authentication,
supporting NTLMv1 and NTLMv2 protocols.
This is old code, which was written in the dark ages, is not currently
unit/client tested, and uses DES which got deprecated in OpenSSL 3.0.0...
That said, if people still *use*
On 07/11/2021 13:29, Arne Schwabe wrote:
The patch removes checking for weak keys and making DES just like any
other CBC cipher and not doing extra checks for this. It basically
removes the special treatment of DES.
After this, do we have any DES functionality left in OpenVPN? If so, we
sho
The patch removes checking for weak keys and making DES just like any
other CBC cipher and not doing extra checks for this. It basically
removes the special treatment of DES.
After this, do we have any DES functionality left in OpenVPN? If so, we
should remove it.
After this patch, no sp
Am 07.11.21 um 13:13 schrieb Arne Schwabe:
Am 07.11.21 um 12:57 schrieb Matthias Andree:
Am 07.11.21 um 10:01 schrieb Arne Schwabe:
We already removed the check in d67658fee for OpenSSL 3.0. This
removes the
checks entirely for all crypto libraries.
Signed-off-by: Arne Schwabe
---
src/openv
Am 07.11.21 um 12:57 schrieb Matthias Andree:
Am 07.11.21 um 10:01 schrieb Arne Schwabe:
We already removed the check in d67658fee for OpenSSL 3.0. This
removes the
checks entirely for all crypto libraries.
Signed-off-by: Arne Schwabe
---
src/openvpn/crypto.c | 15
src/ope
Am 07.11.21 um 10:01 schrieb Arne Schwabe:
We already removed the check in d67658fee for OpenSSL 3.0. This removes the
checks entirely for all crypto libraries.
Signed-off-by: Arne Schwabe
---
src/openvpn/crypto.c | 15
src/openvpn/crypto_backend.h | 28 ---
src
Hi,
On 07-11-2021 10:01, Arne Schwabe wrote:
> Remove the custom PRNG from OpenVPN and instead rely always on the random
> number generator from the SSL library. The only place that this is in a
> performance critical place is the CBC IV generation. Even with that in mind
> a micro benchmark shows
On 07/11/2021 10:01, Arne Schwabe wrote:
We already removed the check in d67658fee for OpenSSL 3.0. This removes the
checks entirely for all crypto libraries.
Signed-off-by: Arne Schwabe
Acked-by: Max Fillinger
Looks good to me!
Compiled and ran --test-crypto for DES/DES3, with mbedtls and
Remove the custom PRNG from OpenVPN and instead rely always on the random
number generator from the SSL library. The only place that this is in a
performance critical place is the CBC IV generation. Even with that in mind
a micro benchmark shows no significant enough change with OpenSSL 3.0:
-
We already removed the check in d67658fee for OpenSSL 3.0. This removes the
checks entirely for all crypto libraries.
Signed-off-by: Arne Schwabe
---
src/openvpn/crypto.c | 15
src/openvpn/crypto_backend.h | 28 ---
src/openvpn/crypto_mbedtls.c | 56 -
20 matches
Mail list logo
