Re: [Openvpn-devel] [PATCH v3 03/21] [OSSL 3.0] Implement DES ECB encrypt via EVP_CIPHER api

Hi, On Tue, Oct 19, 2021 at 2:32 PM Arne Schwabe wrote: > Even though DES is super outdated and also NTLM is super outdated, > eliminating the warnings for OpenSSL 3.0 is still a step in the right > direction and using the correct APIs. > > Signed-off-by: Arne Schwabe > --- >

Re: [Openvpn-devel] [PATCH v3 21/21] Always use 8192 bytes for ERR_BUF_SIZE

Hi, On Tue, Oct 19, 2021 at 2:32 PM Arne Schwabe wrote: > The signature messages required by external key managed also break > the 1280 limit. To also avoid this surprise of different behaviour > with PKCS11 enabled/disable, always use the larger size. > This may be enough in most cases, but

Re: [Openvpn-devel] [PATCH v3 02/21] [OSSL 3.0] Add --with-openssl-engine autoconf option (auto|yes|no)

On 19/10/2021 20:31, Arne Schwabe wrote: This allows to select engine support at configure time. For OpenSSL 1.1 the default is not changed and we detect if engine support is available. Engine support is deprecated in OpenSSL 3.0 and for OpenSSL 3.0 the default is to disable engine support as

Re: [Openvpn-devel] [PATCH v3 01/21] [OSSL 3.0] Use new EVP_MAC API for HMAC implementation

On 19/10/2021 20:31, Arne Schwabe wrote: The old API is deprecated in OpenSSL 3.0 and the new API does not yet exist in OpenSSL 1.1. Emulating the new API would be more complex than just having two implementations. So this switches to a new hmac implementation for OpenSSL 3.0. Unfortunately the

Re: [Openvpn-devel] [PATCH v3 12/21] [OSSL 3.0] Allow loading of non default providers

Hi, Not a code review but a general comment as this is a new option that warrants some discussion. On Tue, Oct 19, 2021 at 2:32 PM Arne Schwabe wrote: > This allows OpenVPN to load non-default providers. This is mainly > useful for loading the legacy provider with --provider legacy:default >

Re: [Openvpn-devel] [PATCH v3 03/21] [OSSL 3.0] Implement DES ECB encrypt via EVP_CIPHER api

On 19/10/2021 20:31, Arne Schwabe wrote: +if (!EVP_EncryptInit_ex(ctx, EVP_bf_ecb(), NULL, key, 0)) EVP_bf_ecb() is the Blowfish cipher, not DES. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net

[Openvpn-devel] Summary of the community meeting (20th October 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on libera.chat Date: Wed 20th October 2021 Time: 14:00 CET (12:00 UTC) Planned meeting topics for this meeting were here: Your local

[Openvpn-devel] OpenVPN 3 Linux client - v16 beta released

Hi, The OpenVPN 3 Linux v16 (beta) is now available. This release is mostly a bug-fix release with several known issues resolved and a few minor feature additions. Instructions how to install OpenVPN 3 Linux can be found here: