Attention is currently required from: cron2, flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/796?usp=email )
Change subject: Trigger renegotiation of data key if getting close to the AEAD usage limit ...................................................................... Patch Set 7: (9 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/796/comment/afd7f3b3_34658dc4 : PS6, Line 50: Change-Id: I057f007577f10c6ac917ee4620ee3d2559187dc7 > That is a good question, some that post commit script did some nonsense, I > will try to figure out wh […] Done File src/openvpn/crypto.h: http://gerrit.openvpn.net/c/openvpn/+/796/comment/424ddba6_d7884def : PS6, Line 603: * number of number of block + packets. Return -1 if ciphername is not an AEAD > "blocks" Done File src/openvpn/crypto.c: http://gerrit.openvpn.net/c/openvpn/+/796/comment/734aa10c_22eb3343 : PS6, Line 353: * q + s <= (p^36 - 1) > `2^36` Done http://gerrit.openvpn.net/c/openvpn/+/796/comment/827f411c_2ae94fdb : PS6, Line 502: /* update number of plaintext blocks decrypted. Use the x + (n-1)/n trick > Should be `(x + (n-1))/n`. The code is correct, but comment is wrong. Done http://gerrit.openvpn.net/c/openvpn/+/796/comment/eaad6627_493699fa : PS6, Line 503: * to round up the result to the number of blocked used. */ > "blocks" Done http://gerrit.openvpn.net/c/openvpn/+/796/comment/c3a09ead_b2f38a1c : PS6, Line 505: opt->key_ctx_bi.decrypt.plaintext_blocks += (outlen + (blocksize - 1))/blocksize; > So we increase this number before we have done all checks on the packet. […] thanks good catch. File src/openvpn/ssl.c: http://gerrit.openvpn.net/c/openvpn/+/796/comment/e2fcb49b_de363156 : PS6, Line 144: /* set limit to 7/8 of the limit so the renogiation has can succeeds before > "renegotiation can succeed" ? Acknowledged File src/openvpn/ssl_common.h: http://gerrit.openvpn.net/c/openvpn/+/796/comment/c98780b7_0c3c5759 : PS6, Line 336: /** This limit for AEAD cipher, this is the sum of packets + blocks > "This" -> "The"? Or maybe just remove it? Done File tests/unit_tests/openvpn/test_crypto.c: http://gerrit.openvpn.net/c/openvpn/+/796/comment/918d7aea_2d1e7962 : PS6, Line 463: int64_t L = 101; > Please mention or use AEAD_LIMIT_BLOCKSIZE Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/796?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I057f007577f10c6ac917ee4620ee3d2559187dc7 Gerrit-Change-Number: 796 Gerrit-PatchSet: 7 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: cron2 <g...@greenie.muc.de> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: cron2 <g...@greenie.muc.de> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Comment-Date: Thu, 28 Nov 2024 19:02:02 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arne-open...@rfc2549.org> Comment-In-Reply-To: flichtenheld <fr...@lichtenheld.com> Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
