Attention is currently required from: flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/797?usp=email )
Change subject: Use XOR instead of concatenation for calculation of IV from
implicit IV
.
Attention is currently required from: flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/796?usp=email )
Change subject: Trigger renegotiation of data key if getting close to the AEAD
usage limit
...
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/806?usp=email
to look at the new patch set (#2).
Change subject: Implement epoch key data format
cron2 has uploaded a new patch set (#2) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/795?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Change --reneg-bytes and --reneg-packets to 64 bit counter
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/795?usp=email )
Change subject: Change --reneg-bytes and --reneg-packets to 64 bit counters
..
Change --reneg-bytes and --reneg-packets to 64 bit counters
Stared-at-code, and gave it a quick test with "--reneg-bytes 2" again
(on FreeBSD/amd64). BB has also tested this on NetBSD/i386, so 32bit
systems are also fine. Testing with 2^65 leads to
2024-11-11 15:03:54 TLS: soft reset sec=30/30 bytes=578818/9223372036854775807
pkts=550/0
.. which s
Hi,
On Mon, Nov 11, 2024 at 02:31:48PM +0100, Antonio Quartulli wrote:
> > -options->renegotiate_bytes = positive_atoi(p[1]);
> > +char *end;
> > +long long reneg_bytes = strtoll(p[1], &end, 10);
>
> why int64_t in options.h and long long here?
> I think they should always
On 11/11/2024 10:40, Gert Doering wrote:
From: Arne Schwabe
reneg-bytes can currently only specify up to a maximum of 2GB.
This makes it even problematic to use without extended counters.
Change-Id: I993e7fc5609955d271e74370affc2eea340a1e2d
Signed-off-by: Arne Schwabe
Acked-by: Gert Doerin
Attention is currently required from: flichtenheld, plaisthos.
cron2 has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/795?usp=email )
Change subject: Change --reneg-bytes and --reneg-packets to 64 bit counters
...
From: Arne Schwabe
reneg-bytes can currently only specify up to a maximum of 2GB.
This makes it even problematic to use without extended counters.
Change-Id: I993e7fc5609955d271e74370affc2eea340a1e2d
Signed-off-by: Arne Schwabe
Acked-by: Gert Doering
---
This change was reviewed on Gerrit and
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/794?usp=email )
Change subject: Move should_trigger_renegotiation into its own function
..
Move should_trigger_renegotiation into its own function
The if
cron2 has uploaded a new patch set (#2) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/794?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by cron2
Change subject: Move should_trigger_renegotiation into its own function
..
Stared at the code, compared all the individual conditions before/after,
reasonably sure it does the same thing. Tested a few cases
(--reneg-sec 151, --reneg-pkts 20, --reneg-bytes 1).
Noticed an interesting inconsistency...
2024-11-11 08:55:36 TLS: soft reset sec=151/151 bytes=7002/-1 pkts
13 matches
Mail list logo
