[Openvpn-devel] [PATCH master+release/2.5] ssh_openssl.h: remove unused declaration

From: Lev Stipakov Commit 95993a1df3 ("Refactored SSL initialisation functions") has declared openssl_set_mydata_index(void) function but hasn't added definition. There hasn't been need in this function for 10 years, so it can be safely removed. Found by MSVC. Signed-off-by: Lev Stipakov ---

[Openvpn-devel] Community meetings in December 2021

Hi, Next community meetings have been scheduled to - Wed 1st December 2021 at 14:00 CET - Wed 8th December 2021 at 14:00 CET - Wed 15th December 2021 at 14:00 CET - Wed 22nd December 2021 at 14:00 CET The place is #openvpn-meeting IRC channel at libera.chat Meeting agendas and summaries are in

[Openvpn-devel] Summary of the community meeting (1st December 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on libera.chat Date: Wed 1st December 2021 Time: 14:00 CET (12:00 UTC) Planned meeting topics for this meeting were here: Your local meetin

[Openvpn-devel] [PATCH 9/9] Initialise kt_cipher even when no crypto is enabled

This avoids special casing the cipher none/auth none case in other parts, e.g. in the upcoming buffer/frame rework. Signed-off-by: Arne Schwabe --- src/openvpn/init.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 6c82c0dc

[Openvpn-devel] [PATCH 2/9] Directly use hardcoed OPENVPN_TAG_LENGTH instead lookup

We always use the same tag size for all AEAED cipher, so instead of doing a lookup, always use the same tag size. Signed-off-by: Arne Schwabe --- src/openvpn/crypto.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 251dec

[Openvpn-devel] [PATCH 6/9] Remove key_type->hmac_length

This field is only set once with md_kt_size and then only read. Remove this field and replace the read accesses with md_kt_size. Signed-off-by: Arne Schwabe --- src/openvpn/auth_token.c | 2 -- src/openvpn/crypto.c | 35 +++--- src/openvpn/cry

[Openvpn-devel] [PATCH 4/9] Remove cipher_kt_var_key_size and remaining --keysize documentation

Remove --keysize from the manual page and also remove mentioning variable key size in output of ciphers as there is no longer a way to change the keysize. Signed-off-by: Arne Schwabe --- doc/man-sections/protocol-options.rst | 11 --- src/openvpn/crypto.c | 7 ++- s

[Openvpn-devel] [PATCH 7/9] Remove cipher_kt_t and change type to const char* in API

Make the external crypto consumer oblivious to the internal cipher type that both mbed TLS and OpenSSL use. This change is mainly done so the cipher type that is used can be stay a const type but instead of an SSL library type, we now use a simple string to identify a cipher. This has the disadvant

[Openvpn-devel] [PATCH 8/9] Remove md_kt_t and change cyrpto API to use const char*

As with the removal of cipher_kt_t, this is allows better support of OpenSSL 3.0 and mbed TLS 3.0 Signed-off-by: Arne Schwabe --- src/openvpn/auth_token.c | 2 +- src/openvpn/crypto.c | 15 -- src/openvpn/crypto.h | 2 +- src/openvpn/crypto

[Openvpn-devel] [PATCH 3/9] Remove cipher_ctx_get_cipher_kt and replace with direct context calls

We currently have a number of calls that fetch the cipher_kt from a cipher_ctx to then do a query on the cipher_kt. Directly fetching the desired property from the context is cleaner and helps for using the proper APIs with OpenSSL 3.0 and mbed TLS 3.0 Signed-off-by: Arne Schwabe --- src/openvpn

[Openvpn-devel] [PATCH 1/9] Implement optional cipher in --data-ciphers prefixed with ?

This allows to use the same configuration multiple platforms/ssl libraries and include optional algorithms that are not available on all platforms For example "AES-256-GCM:AES-128-GCM:?CHACHA20-POLY1305" can be used to emulate the default behaviour of OpenVPN 2.6. Signed-off-by: Arne Schwabe ---

[Openvpn-devel] [PATCH 5/9] Remove key_type->cipher_length field

This field is only set once to cipher_kt_key_size(kt.cipher) at the same time that kt.cipher is set and therefore completely redundant. This field was useful in the past when we supported cipher with variable key length as this field would then store the key length that we would use. Now that we d

[Openvpn-devel] [PATCH 0/9] Cleanup crypto and use string isntead internal types

This series of commits clean up the external API of the cipher_kt/md_kt related functions to use a simple const char* to designate the cipher algorithm instead of using internal OpenSSL/mbed TLS types that are a used in a typedef of cipher_kt_t/md_kt_t. This adds a little bit of overhead to these m