On 29/10/2021 13:11, Arne Schwabe wrote:
Even though DES is super outdated and also NTLM is super outdated, eliminating the warnings for OpenSSL 3.0 is still a step in the right direction and using the correct APIs. We cheat a bit by using 3DES instead of DES to avoid needing legacy provider for DES encryption for now. Patch v4: add unit test, use 3DES to avoid legacy provider for now Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Max Fillinger <[email protected]> Looks good to me, and the unit tests succeed with OpenSSL 1.1.1 and 3. Small nitpick that can be fixed at compile time:
+ if (!EVP_EncryptInit_ex(ctx, EVP_des_ede3_ecb(), NULL, key3, 0))
The last argument for this function is "const unsigned char *iv", so this should be NULL instead of 0. (Passing NULL here is correct because ECB mode doesn't need an initialization vector.)
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
