Re: [Openvpn-devel] [PATCH v3 11/21] [OSSL 3.0] USe EVP_MD_get0_name instead EV_MD_name

On 19/10/2021 20:31, Arne Schwabe wrote: Use the new name for the function as it indicates with get0 the ownership of the returned value Signed-off-by: Arne Schwabe Acked-by: Max Fillinger Looks good to me. Typo: "USe" ___ Openvpn-devel mailing

Re: [Openvpn-devel] [PATCH v3 13/21] [OSSL 3.0] Remove dependency on BF-CBC existance from test_ncp

On 19/10/2021 20:31, Arne Schwabe wrote: The test_check_ncp_ciphers_list test assumed that BF-CBC is always available, which is no longer the case with OpenSSL 3.0. Rewrite the test to not rely on BF-CBC to be available. Unit tests are working now. I've got some style nitpicks that I think can

Re: [Openvpn-devel] [PATCH v3 15/21] [OSSL 3.0] Do not allow CTS ciphers

On 19/10/2021 20:31, Arne Schwabe wrote: We do not support CTS algorithms (cipher text stealing) algorithms. Signed-off-by: Arne Schwabe --- src/openvpn/crypto_openssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index a

Re: [Openvpn-devel] [PATCH v3 15/21] [OSSL 3.0] Do not allow CTS ciphers

On 26/10/2021 17:27, Max Fillinger wrote: On 19/10/2021 20:31, Arne Schwabe wrote: We do not support CTS algorithms (cipher text stealing) algorithms. Signed-off-by: Arne Schwabe ---   src/openvpn/crypto_openssl.c | 3 +++   1 file changed, 3 insertions(+) diff --git a/src/openvpn/crypto_opens

Re: [Openvpn-devel] [PATCH v3 14/21] [OSSL 3.0] Use TYPE_do_all_provided function for listing cipher/digest

On 19/10/2021 20:31, Arne Schwabe wrote: With OpenSSL 3.0 the use of nid values is deprecated and new algorithms do not even have NID values anymore. This also works nicely with providers now: openvpn --provider legacy:default --show-ciphers shows more ciphers (e.g. BF-CBC) than just

[Openvpn-devel] [PATCH applied] Re: Do not allow CTS ciphers

Lightly client-side tested on OpenSSL 1.1.x and 3.0. No surprises. Your patch has been applied to the master branch. commit 14e4f3b1583749adf104be362a3e2422e0c9e524 Author: Arne Schwabe Date: Tue Oct 19 20:31:21 2021 +0200 Do not allow CTS ciphers Signed-off-by: Arne Schwabe

Re: [Openvpn-devel] [PATCH v3 18/21] Fix error when BF-CBC is not available

On 19/10/2021 20:31, Arne Schwabe wrote: Through the multiple iteration of allowing OpenVPN to run without BF-CBC we accidentially made a regression and still required BF-CBC. This patch fixes the code path and restores its intended function. Signed-off-by: Arne Schwabe Acked-by: Max Filling

Re: [Openvpn-devel] [PATCH v3 14/21] [OSSL 3.0] Use TYPE_do_all_provided function for listing cipher/digest

On Tue, Oct 26, 2021 at 1:50 PM Max Fillinger < maximilian.fillin...@foxcrypto.com> wrote: > On 19/10/2021 20:31, Arne Schwabe wrote: > > With OpenSSL 3.0 the use of nid values is deprecated and new algorithms > > do not even have NID values anymore. > > > > This also works nicely with providers n