[Openvpn-devel] [PATCH v2] fix GitHub workflow working directories in MinGW builds

replace hardcoded directory names with env variable version info bump pkcs11-helper version to 1.29.0 bump OpenSSL version to 1.1.1n add OpenSSL version to cache key use release file for pkcs11-helper archive use OpenSSL URL endpoint with all/current versions Signed-off-by: Marc Becker --- fix

[Openvpn-devel] [PATCH applied] Re: Split out reliable_ack_parse from reliable_ack_read

Your patch has been applied to the master branch. Tested on client and server ("for good measure") even if stare-at-code suggests it's really the same code, split in half. The change in ssl.c is due to "ack->len is now always zeroed". Uncrustify (0.74.0_f) has opinions on "if ( a && (b || c))"

[Openvpn-devel] [PATCH applied] Re: Add unit tests for test_tls_decrypt_lite

Acked-by: Gert Doering Unit tests are always good :-) - and of course 06/28 is only there to make this happen. I have only done a "semi-deep" look into the code, but it seems to cover the usual cases (good packet, short packet, corrupt packet for nothing/tls-auth/tls-crypt) which is way more tha

[Openvpn-devel] [PATCH applied] Re: Move ssl function related to control channel wrap/unwrap to ssl_pkt.c/h

Acked-by: Gert Doering "git show --color-moved=zebra" confirms that this is just code being moved around, *except* for the swap_hmac() comment (*that* comment), which actually gets changed in the process. But it's still correct :-) "make check" and "make distcheck" agree that all configure/auto

[Openvpn-devel] [PATCH applied] Re: Extend tls_pre_decrypt_lite to return type of packet and keep state

Acked-by: Gert Doering This is 05 without the "comment and whitespace" bits that fix 04. Stared at code, ran client/server tests (including UDP server). It should be noted that this adds recognition of P_CONTROL_V1 packets to tls_pre_decrypt_lite() - but they are handled by the caller the same

[Openvpn-devel] [PATCH applied] Re: Move pre decrypt lite check to its own function

Your patch has been applied to the master branch. commit 73713debf56c06ed54a378f9b3d1d742c5f1ed45 Author: Arne Schwabe Date: Mon Apr 25 14:27:09 2022 +0200 Move pre decrypt lite check to its own function Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id:

Re: [Openvpn-devel] [PATCH v2] Move pre decrypt lite check to its own function

Acked-By: Frank Lichtenheld > Arne Schwabe hat am 25.04.2022 15:12 geschrieben: > Am 25.04.22 um 15:08 schrieb Frank Lichtenheld: [...] > > You could replace four lines with one: > > > > return tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from, > > &m->top.c2.buf)); > > >

Re: [Openvpn-devel] [PATCH v2] Move pre decrypt lite check to its own function

Am 25.04.22 um 15:08 schrieb Frank Lichtenheld: Arne Schwabe hat am 25.04.2022 14:27 geschrieben: [...] diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 4fbe3c1a3..780ca171d 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -39,6 +39,17 @@ #include #endif +static bo

Re: [Openvpn-devel] [PATCH v2] Move pre decrypt lite check to its own function

> Arne Schwabe hat am 25.04.2022 14:27 geschrieben: [...] > diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c > index 4fbe3c1a3..780ca171d 100644 > --- a/src/openvpn/mudp.c > +++ b/src/openvpn/mudp.c > @@ -39,6 +39,17 @@ > #include > #endif > > +static bool > +do_pre_decrypt_check(struct m

[Openvpn-devel] [PATCH v2] Move pre decrypt lite check to its own function

This prepares for extending this function with the HMAC based session ID check. Replace the check for m->top.c2.tls_auth_standalone with an ASSERT as this code path is only used in multi udp server and OpenVPN initialises the tls_auth_standalone always for the TOP context (CF_INIT_TLS_AUTH_STANDAL

[Openvpn-devel] [PATCH applied] Re: Make buf_write_u8/16/32 take the type they pretend to take

Indeed :-) - code looks good, test compiled on Linux and FreeBSD ("does it bring any surprise warnings?") Your patch has been applied to the master branch. commit dc6e00e2e75eae58bf94bcf384ae2ba68c5c6bd3 Author: Arne Schwabe Date: Fri Apr 22 16:29:44 2022 +0200 Make buf_write_u8/16/32 tak

Re: [Openvpn-devel] [PATCH 03/28] Move pre decrypt lite check to its own function

Am 22.04.22 um 17:52 schrieb Frank Lichtenheld: Arne Schwabe hat am 22.04.2022 15:40 geschrieben: diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 4fbe3c1a3..910268333 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -39,6 +39,20 @@ #include #endif +static bool +

Re: [Openvpn-devel] [PATCH 08/28] Split out reliable_ack_parse from reliable_ack_read

Acked-By: Frank Lichtenheld Changes look good to me, applies on current master and compiles. One error in function documentation, but probably fixable on apply. See below. > Arne Schwabe hat am 22.04.2022 15:40 geschrieben: [...] > diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h >

Re: [Openvpn-devel] [PATCH 19/28] Make buf_write_u8/16/32 take the type they pretend to take

Acked-By: Frank Lichtenheld Trivial enough and can be applied independently from the rest of the series. > Arne Schwabe hat am 22.04.2022 16:29 geschrieben: > > > This functions should accept the type of integer they say to write. Calling > the u32 function with an integer that is actually 3

[Openvpn-devel] [PATCH applied] Re: vcpkg-ports/pkcs11-helper: bump to release 1.29

As instructed :-) - whitespace added, so git am can properly remove patch-with-whitespace from the repo. The rest ist fairly straightforward. I have not tested anything, just stared-at-diff. Your patch has been applied to the master and release/2.5 branch. commit 99e6b814edcdd522c97217e027bd24

Re: [Openvpn-devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to release 1.29

I did the same patch last week but didn't send it yet, so you beat me. Looks like yours has whitespaces stripped and I cannot apply it. In order to apply, I had to add trailing whitespaces to lines 69, 71, 91 and 100 (line numbers based on https://patchwork.openvpn.net/patch/2412/mbox/) Otherwise