After some discussion it was decided to keep the "two independent options",
partially because "these two patches have been out there for a while,
been stared-at, and tested quite a bit" - also, IV_PROTO_V4 might end
up with a different combination, we'll see. 507 will ensure that for
IV_PROTO_V3 the two new options (AEAD at the end and 64 bit counters)
will only ever be used together, or not at all - reduce the amount of
protocol versions to implement in all datapaths, and combinations to
test.
I have tested this against older code (t_client -> 2.6 etc, and
t_server <- 2.2...2.6) and nothing broke. Also, tested against itself,
and that worked as well. Of course it does not actually *do* anything
yet, as the logic to push "aead-tag-end" does not exist...
(FTR, in case one of you is wondering - this is v3, and gerrit has "v8"
of the patch - but it's the same code change, just being pushed again
as part of "other pushes" after being rebased)
Your patch has been applied to the master branch.
commit 233e10aeec7de02d34fa5c517b44612d38ccc00f
Author: Arne Schwabe
Date: Wed Feb 14 14:27:19 2024 +0100
Implement support for AEAD tag at the end
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Frank Lichtenheld <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg28239.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
