Hi, On Tue, Dec 07, 2021 at 07:06:45PM +0100, Arne Schwabe wrote: > Patch v2: rebase on master
v2 includes a new check for AES-256-CTR (diffing v1 and v2 has the
"token++" change, plus this extra check), which breaks (at least)
tls_crypt_testdriver when compiled with mbedtls
(./configure --with-crypto-library=mbedtls --enable-small)
OpenVPN 2.6_git [git:vw/master/4b17545838f05e9c] x86_64-pc-linux-gnu [SSL (mbed
TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 9 2021
library versions: mbed TLS 2.27.0, LZO 2.10
[ RUN ] tls_crypt_v2_wrap_unwrap_no_metadata
ERROR: --tls-crypt requires AES-256-CTR support.
Could not run test: Test failed with exception: Segmentation fault(11)Test
setup failed
[ ERROR ] tls_crypt_v2_wrap_unwrap_no_metadata
[ RUN ] tls_crypt_v2_wrap_unwrap_max_metadata
ERROR: --tls-crypt requires AES-256-CTR support.
Could not run test: Test failed with exception: Segmentation fault(11)Test
setup failed
[ ERROR ] tls_crypt_v2_wrap_unwrap_max_metadata
[ RUN ] tls_crypt_v2_wrap_too_long_metadata
ERROR: --tls-crypt requires AES-256-CTR support.
Could not run test: Test failed with exception: Segmentation fault(11)Test
setup failed
[ ERROR ] tls_crypt_v2_wrap_too_long_metadata
... and also the self check
Testing tls-crypt-v2 key generation (no metadata)... FAILED
2021-12-09 14:31:01 ERROR: --tls-crypt requires AES-256-CTR support.
2021-12-09 14:31:01 ERROR: --tls-crypt-v2 not supported
2021-12-09 14:31:01 Exiting due to fatal error
Testing tls-crypt-v2 key generation (max length metadata)... FAILED
2021-12-09 14:31:02 ERROR: --tls-crypt requires AES-256-CTR support.
2021-12-09 14:31:02 ERROR: --tls-crypt-v2 not supported
2021-12-09 14:31:02 Exiting due to fatal error
FAIL: t_lpback.sh
The t_client tests fail as well...
2021-12-09 14:33:35 OPTIONS IMPORT: data channel crypto options modified
2021-12-09 14:33:35 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-12-09 14:33:35 cipher_ctx_init:573: CIPHER - Bad input parameters
2021-12-09 14:33:35 mbed TLS cipher set key
2021-12-09 14:33:35 Exiting due to fatal error
TBH, I'm not sure if 7/9 v1 works with mbedtls, haven't tested it - but
still, can't ACK this as it is.
A warning points me to this one...
crypto_mbedtls.c: In function 'cipher_ctx_init':
crypto_mbedtls.c:564:38: warning: passing argument 1 of 'cipher_kt_key_size'
from incompatible pointer type [-Wincompatible-pointer-types]
564 | int key_len = cipher_kt_key_size(kt);
| ^~
| |
| const mbedtls_cipher_info_t * {aka
const struct mbedtls_cipher_info_t *}
crypto_mbedtls.c:440:32: note: expected 'const char *' but argument is of type
'const mbedtls_cipher_info_t *' {aka 'const struct mbedtls_cipher_info_t *'}
440 | cipher_kt_key_size(const char *ciphername)
| ~~~~~~~~~~~~^~~~~~~~~~
... which smells plausible. Rebase accident?
Building with OpenSSL 1.1.1 fails the test driver in the same way.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
