[Openvpn-devel] [M] Change in openvpn[master]: misc: make get_auth_challenge static

[cron2 (Code Review)]

Attention is currently required from: flichtenheld.

cron2 has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/476?usp=email )

Change subject: misc: make get_auth_challenge static
..


Patch Set 2:

(1 comment)

File src/openvpn/misc.c:

http://gerrit.openvpn.net/c/openvpn/+/476/comment/12421107_520d82c3 :
PS2, Line 143: if (auth_challenge)
If moving this around anyway, we could convert this function to early-return, 
or even make it an ASSERT(auth_challenge) since the caller is only ever calling 
it from an "if (auth_challenge & ...") block...



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/476?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0abeec9f862aea1f6a8fdf350fa0008cf2e5d613
Gerrit-Change-Number: 476
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: cron2 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Tue, 12 Dec 2023 07:51:03 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: Check PRF availability on initialisation and add --force-tls-key-mate...

[cron2 (Code Review)]

Attention is currently required from: plaisthos.

cron2 has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/460?usp=email )

The change is no longer submittable: Code-Review is unsatisfied now.

Change subject: Check PRF availability on initialisation and add 
--force-tls-key-material-export
..


Patch Set 5: Code-Review-2

(3 comments)

Patchset:

PS5:
feature-ack, but the code is not fully there yet


File src/openvpn/multi.c:

http://gerrit.openvpn.net/c/openvpn/+/460/comment/a893a87b_2e6a6e2a :
PS5, Line 1841: return false;
there is whitespace missing at the first and second line wrap ("thisserver" and 
"(RFC 5705)support"


File src/openvpn/options.c:

http://gerrit.openvpn.net/c/openvpn/+/460/comment/34f227b9_5a68d2c6 :
PS5, Line 3661: }
I might need new glasses, but as far as I can see, this code does all the 
checks, and *claims* to enable the option - but the only place I can see where 
the option is actually turned on is "if it's passed on the command line"...?



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/460?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70
Gerrit-Change-Number: 460
Gerrit-PatchSet: 5
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: cron2 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Comment-Date: Tue, 12 Dec 2023 07:33:13 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: buffer: add documentation for string_mod and extend related UT

[cron2 (Code Review)]

cron2 has submitted this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/472?usp=email )

Change subject: buffer: add documentation for string_mod and extend related UT
..

buffer: add documentation for string_mod and extend related UT

Since I was confused what exactly string_mod does, I
added documentation and additional UTs to make it
clearer.

Change-Id: I911fb5c5fa4b41f1fc1a30c6bf8b314245f64a6e
Signed-off-by: Frank Lichtenheld 
Acked-by: Arne Schwabe 
Message-Id: <20231211170214.85417-1-fr...@lichtenheld.com>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27761.html
Signed-off-by: Gert Doering 
---
M src/openvpn/buffer.h
M tests/unit_tests/openvpn/test_buffer.c
2 files changed, 74 insertions(+), 38 deletions(-)




diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 0456b27..61fc3a5 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -898,51 +898,78 @@

 /* character classes */

-#define CC_ANY(1<<0)
-#define CC_NULL   (1<<1)
+#define CC_ANY(1<<0) /**< any character */
+#define CC_NULL   (1<<1) /**< null character \0 */

-#define CC_ALNUM  (1<<2)
-#define CC_ALPHA  (1<<3)
-#define CC_ASCII  (1<<4)
-#define CC_CNTRL  (1<<5)
-#define CC_DIGIT  (1<<6)
-#define CC_PRINT  (1<<7)
-#define CC_PUNCT  (1<<8)
-#define CC_SPACE  (1<<9)
-#define CC_XDIGIT (1<<10)
+#define CC_ALNUM  (1<<2) /**< alphanumeric isalnum() */
+#define CC_ALPHA  (1<<3) /**< alphabetic isalpha() */
+#define CC_ASCII  (1<<4) /**< ASCII character */
+#define CC_CNTRL  (1<<5) /**< control character iscntrl() */
+#define CC_DIGIT  (1<<6) /**< digit isdigit() */
+#define CC_PRINT  (1<<7) /**< printable (>= 32, != 127) */
+#define CC_PUNCT  (1<<8) /**< punctuation ispunct() */
+#define CC_SPACE  (1<<9) /**< whitespace isspace() */
+#define CC_XDIGIT (1<<10) /**< hex digit isxdigit() */

-#define CC_BLANK  (1<<11)
-#define CC_NEWLINE(1<<12)
-#define CC_CR (1<<13)
+#define CC_BLANK  (1<<11) /**< space or tab */
+#define CC_NEWLINE(1<<12) /**< newline */
+#define CC_CR (1<<13) /**< carriage return */

-#define CC_BACKSLASH  (1<<14)
-#define CC_UNDERBAR   (1<<15)
-#define CC_DASH   (1<<16)
-#define CC_DOT(1<<17)
-#define CC_COMMA  (1<<18)
-#define CC_COLON  (1<<19)
-#define CC_SLASH  (1<<20)
-#define CC_SINGLE_QUOTE   (1<<21)
-#define CC_DOUBLE_QUOTE   (1<<22)
-#define CC_REVERSE_QUOTE  (1<<23)
-#define CC_AT (1<<24)
-#define CC_EQUAL  (1<<25)
-#define CC_LESS_THAN  (1<<26)
-#define CC_GREATER_THAN   (1<<27)
-#define CC_PIPE   (1<<28)
-#define CC_QUESTION_MARK  (1<<29)
-#define CC_ASTERISK   (1<<30)
+#define CC_BACKSLASH  (1<<14) /**< backslash */
+#define CC_UNDERBAR   (1<<15) /**< underscore */
+#define CC_DASH   (1<<16) /**< dash */
+#define CC_DOT(1<<17) /**< dot */
+#define CC_COMMA  (1<<18) /**< comma */
+#define CC_COLON  (1<<19) /**< colon */
+#define CC_SLASH  (1<<20) /**< slash */
+#define CC_SINGLE_QUOTE   (1<<21) /**< single quote */
+#define CC_DOUBLE_QUOTE   (1<<22) /**< double quote */
+#define CC_REVERSE_QUOTE  (1<<23) /**< reverse quote */
+#define CC_AT (1<<24) /**< at sign */
+#define CC_EQUAL  (1<<25) /**< equal sign */
+#define CC_LESS_THAN  (1<<26) /**< less than sign */
+#define CC_GREATER_THAN   (1<<27) /**< greater than sign */
+#define CC_PIPE   (1<<28) /**< pipe */
+#define CC_QUESTION_MARK  (1<<29) /**< question mark */
+#define CC_ASTERISK   (1<<30) /**< asterisk */

 /* macro classes */
-#define CC_NAME   (CC_ALNUM|CC_UNDERBAR)
-#define CC_CRLF   (CC_CR|CC_NEWLINE)
+#define CC_NAME   (CC_ALNUM|CC_UNDERBAR) /**< alphanumeric plus 
underscore */
+#define CC_CRLF   (CC_CR|CC_NEWLINE) /**< carriage return or 
newline */

 bool char_class(const unsigned char c, const unsigned int flags);

 bool string_class(const char *str, const unsigned int inclusive, const 
unsigned int exclusive);

+/**
+ * Modifies a string in place by replacing certain classes of characters of it 
with a specified
+ * character.
+ *
+ * Guaranteed to not increase the length of the string.
+ * If replace is 0, characters are skipped instead of replaced.
+ *
+ * @param str The string to be modified.
+ * @param inclusive The character classes not to be replaced.
+ * @param exclusive Character classes to be replaced even if they are also 

[Openvpn-devel] [M] Change in openvpn[master]: buffer: add documentation for string_mod and extend related UT

[cron2 (Code Review)]

cron2 has uploaded a new patch set (#2) to the change originally created by 
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/472?usp=email )

The following approvals got outdated and were removed:
Code-Review+2 by plaisthos


Change subject: buffer: add documentation for string_mod and extend related UT
..

buffer: add documentation for string_mod and extend related UT

Since I was confused what exactly string_mod does, I
added documentation and additional UTs to make it
clearer.

Change-Id: I911fb5c5fa4b41f1fc1a30c6bf8b314245f64a6e
Signed-off-by: Frank Lichtenheld 
Acked-by: Arne Schwabe 
Message-Id: <20231211170214.85417-1-fr...@lichtenheld.com>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27761.html
Signed-off-by: Gert Doering 
---
M src/openvpn/buffer.h
M tests/unit_tests/openvpn/test_buffer.c
2 files changed, 74 insertions(+), 38 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/72/472/2

diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 0456b27..61fc3a5 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -898,51 +898,78 @@

 /* character classes */

-#define CC_ANY(1<<0)
-#define CC_NULL   (1<<1)
+#define CC_ANY(1<<0) /**< any character */
+#define CC_NULL   (1<<1) /**< null character \0 */

-#define CC_ALNUM  (1<<2)
-#define CC_ALPHA  (1<<3)
-#define CC_ASCII  (1<<4)
-#define CC_CNTRL  (1<<5)
-#define CC_DIGIT  (1<<6)
-#define CC_PRINT  (1<<7)
-#define CC_PUNCT  (1<<8)
-#define CC_SPACE  (1<<9)
-#define CC_XDIGIT (1<<10)
+#define CC_ALNUM  (1<<2) /**< alphanumeric isalnum() */
+#define CC_ALPHA  (1<<3) /**< alphabetic isalpha() */
+#define CC_ASCII  (1<<4) /**< ASCII character */
+#define CC_CNTRL  (1<<5) /**< control character iscntrl() */
+#define CC_DIGIT  (1<<6) /**< digit isdigit() */
+#define CC_PRINT  (1<<7) /**< printable (>= 32, != 127) */
+#define CC_PUNCT  (1<<8) /**< punctuation ispunct() */
+#define CC_SPACE  (1<<9) /**< whitespace isspace() */
+#define CC_XDIGIT (1<<10) /**< hex digit isxdigit() */

-#define CC_BLANK  (1<<11)
-#define CC_NEWLINE(1<<12)
-#define CC_CR (1<<13)
+#define CC_BLANK  (1<<11) /**< space or tab */
+#define CC_NEWLINE(1<<12) /**< newline */
+#define CC_CR (1<<13) /**< carriage return */

-#define CC_BACKSLASH  (1<<14)
-#define CC_UNDERBAR   (1<<15)
-#define CC_DASH   (1<<16)
-#define CC_DOT(1<<17)
-#define CC_COMMA  (1<<18)
-#define CC_COLON  (1<<19)
-#define CC_SLASH  (1<<20)
-#define CC_SINGLE_QUOTE   (1<<21)
-#define CC_DOUBLE_QUOTE   (1<<22)
-#define CC_REVERSE_QUOTE  (1<<23)
-#define CC_AT (1<<24)
-#define CC_EQUAL  (1<<25)
-#define CC_LESS_THAN  (1<<26)
-#define CC_GREATER_THAN   (1<<27)
-#define CC_PIPE   (1<<28)
-#define CC_QUESTION_MARK  (1<<29)
-#define CC_ASTERISK   (1<<30)
+#define CC_BACKSLASH  (1<<14) /**< backslash */
+#define CC_UNDERBAR   (1<<15) /**< underscore */
+#define CC_DASH   (1<<16) /**< dash */
+#define CC_DOT(1<<17) /**< dot */
+#define CC_COMMA  (1<<18) /**< comma */
+#define CC_COLON  (1<<19) /**< colon */
+#define CC_SLASH  (1<<20) /**< slash */
+#define CC_SINGLE_QUOTE   (1<<21) /**< single quote */
+#define CC_DOUBLE_QUOTE   (1<<22) /**< double quote */
+#define CC_REVERSE_QUOTE  (1<<23) /**< reverse quote */
+#define CC_AT (1<<24) /**< at sign */
+#define CC_EQUAL  (1<<25) /**< equal sign */
+#define CC_LESS_THAN  (1<<26) /**< less than sign */
+#define CC_GREATER_THAN   (1<<27) /**< greater than sign */
+#define CC_PIPE   (1<<28) /**< pipe */
+#define CC_QUESTION_MARK  (1<<29) /**< question mark */
+#define CC_ASTERISK   (1<<30) /**< asterisk */

 /* macro classes */
-#define CC_NAME   (CC_ALNUM|CC_UNDERBAR)
-#define CC_CRLF   (CC_CR|CC_NEWLINE)
+#define CC_NAME   (CC_ALNUM|CC_UNDERBAR) /**< alphanumeric plus 
underscore */
+#define CC_CRLF   (CC_CR|CC_NEWLINE) /**< carriage return or 
newline */

 bool char_class(const unsigned char c, const unsigned int flags);
 
 bool string_class(const char *str, const unsigned int inclusive, const 
unsigned int exclusive);

+/**
+ * Modifies a string in place by replacing certain classes of characters of it 
with a specified
+ * character.
+ *
+ * Guaranteed to not increase the length of the string.
+ * If replace is 0, characters are 

[Openvpn-devel] [S] Change in openvpn[master]: Fix building mbed TLS with CMake and allow specifying custom directories

[cron2 (Code Review)]

cron2 has uploaded a new patch set (#7) to the change originally created by 
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/377?usp=email )

The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld


Change subject: Fix building mbed TLS with CMake and allow specifying custom 
directories
..

Fix building mbed TLS with CMake and allow specifying custom directories

When installing mbed TLS 2.x and 3.x in parallel, it is useful to point
cmake to the version that should be used.

This fixes also building mbed TLS versions with cmake.

Change-Id: I7fd9e730e87210d2b7d090c8f9c7c6734bd7374e
Signed-off-by: Arne Schwabe 
Acked-by: Frank Lichtenheld 
Message-Id: <20231211170549.85749-1-fr...@lichtenheld.com>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27763.html
Signed-off-by: Gert Doering 
---
M CMakeLists.txt
M config.h.cmake.in
M src/openvpn/mbedtls_compat.h
3 files changed, 35 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/77/377/7

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 577bc5d..d40b213 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -32,6 +32,8 @@
 endif ()

 option(MBED "BUILD with mbed" OFF)
+set(MBED_INCLUDE_PATH "" CACHE STRING "Path to mbed TLS include directory")
+set(MBED_LIBRARY_PATH "" CACHE STRING "Path to mbed library directory")
 option(WOLFSSL "BUILD with wolfSSL" OFF)
 option(ENABLE_LZ4 "BUILD with lz4" ON)
 option(ENABLE_LZO "BUILD with lzo" ON)
@@ -239,9 +241,33 @@
 pkg_search_module(pkcs11-helper libpkcs11-helper-1 REQUIRED 
IMPORTED_TARGET)
 endif ()

+function(check_mbed_configuration)
+if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
+set(CMAKE_REQUIRED_INCLUDES ${MBED_INCLUDE_PATH})
+endif ()
+if (NOT (MBED_LIBRARY_PATH STREQUAL ""))
+set(CMAKE_REQUIRED_LINK_OPTIONS "-L${MBED_LIBRARY_PATH}")
+endif ()
+set(CMAKE_REQUIRED_LIBRARIES "mbedtls;mbedx509;mbedcrypto")
+check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h 
HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET)
+check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h 
HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB)
+check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H)
+endfunction()
+
+if (${MBED})
+check_mbed_configuration()
+endif()
+
 function(add_library_deps target)
 if (${MBED})
-target_link_libraries(${target} -lmbedtls -lmbedx509 -lmbedcrypto)
+if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
+target_include_directories(${target} PRIVATE ${MBED_INCLUDE_PATH})
+endif ()
+if(NOT (MBED_LIBRARY_PATH STREQUAL ""))
+target_link_directories(${target} PRIVATE ${MBED_LIBRARY_PATH})
+endif ()
+
+target_link_libraries(${target} PRIVATE -lmbedtls -lmbedx509 
-lmbedcrypto)
 elseif (${WOLFSSL})
 pkg_search_module(wolfssl wolfssl REQUIRED)
 target_link_libraries(${target} PUBLIC ${wolfssl_LINK_LIBRARIES})
diff --git a/config.h.cmake.in b/config.h.cmake.in
index baf9556..6c846f2 100644
--- a/config.h.cmake.in
+++ b/config.h.cmake.in
@@ -378,11 +378,11 @@
 /* Define to 1 if you have the  header file. */
 #undef HAVE_VFORK_H

-/* we always assume a recent mbed TLS version */
-#define HAVE_MBEDTLS_PSA_CRYPTO_H 1
+/* Availability of different mbed TLS features and APIs */
+#cmakedefine01 HAVE_MBEDTLS_PSA_CRYPTO_H
 #define HAVE_MBEDTLS_SSL_TLS_PRF 1
-#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 1
-#define HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET 1
+#cmakedefine01 HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
+#cmakedefine01 HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET

 /* Path to ifconfig tool */
 #define IFCONFIG_PATH "@IFCONFIG_PATH@"
diff --git a/src/openvpn/mbedtls_compat.h b/src/openvpn/mbedtls_compat.h
index 610215b..d742b54 100644
--- a/src/openvpn/mbedtls_compat.h
+++ b/src/openvpn/mbedtls_compat.h
@@ -77,13 +77,13 @@
const unsigned char *additional,
size_t add_len)
 {
-#if HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
+#if MBEDTLS_VERSION_NUMBER > 0x0300
+return mbedtls_ctr_drbg_update(ctx, additional, add_len);
+#elif HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
 return mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
-#elif MBEDTLS_VERSION_NUMBER < 0x03020100
+#else
 mbedtls_ctr_drbg_update(ctx, additional, add_len);
 return 0;
-#else
-return mbedtls_ctr_drbg_update(ctx, additional, add_len);
 #endif /* HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET */
 }


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/377?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7fd9e730e87210d2b7d090c8f9c7c6734bd7374e
Gerrit-Change-Number: 377
Gerrit-PatchSet: 7
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: MaxF 

[Openvpn-devel] [PATCH applied] Re: Fix building mbed TLS with CMake and allow specifying custom directories

[Gert Doering]

The cmake stuff, I have no idea what it is :-) - but GHA builds are fine
with it.  The mbedtls_compat.h change is mostly reordering the conditions
(and at least for the mbedtls version our GHA builds test against, it
seems to do the right thing).

Your patch has been applied to the master branch.

commit 8656b85c7324fc9ae7f10a9f37227a58766aae33
Author: Arne Schwabe
Date:   Mon Dec 11 18:05:49 2023 +0100

 Fix building mbed TLS with CMake and allow specifying custom directories

 Signed-off-by: Arne Schwabe 
 Acked-by: Frank Lichtenheld 
 Message-Id: <20231211170549.85749-1-fr...@lichtenheld.com>
 URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27763.html
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [S] Change in openvpn[master]: Fix building mbed TLS with CMake and allow specifying custom directories

[cron2 (Code Review)]

cron2 has submitted this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/377?usp=email )

Change subject: Fix building mbed TLS with CMake and allow specifying custom 
directories
..

Fix building mbed TLS with CMake and allow specifying custom directories

When installing mbed TLS 2.x and 3.x in parallel, it is useful to point
cmake to the version that should be used.

This fixes also building mbed TLS versions with cmake.

Change-Id: I7fd9e730e87210d2b7d090c8f9c7c6734bd7374e
Signed-off-by: Arne Schwabe 
Acked-by: Frank Lichtenheld 
Message-Id: <20231211170549.85749-1-fr...@lichtenheld.com>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27763.html
Signed-off-by: Gert Doering 
---
M CMakeLists.txt
M config.h.cmake.in
M src/openvpn/mbedtls_compat.h
3 files changed, 35 insertions(+), 9 deletions(-)




diff --git a/CMakeLists.txt b/CMakeLists.txt
index 577bc5d..d40b213 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -32,6 +32,8 @@
 endif ()

 option(MBED "BUILD with mbed" OFF)
+set(MBED_INCLUDE_PATH "" CACHE STRING "Path to mbed TLS include directory")
+set(MBED_LIBRARY_PATH "" CACHE STRING "Path to mbed library directory")
 option(WOLFSSL "BUILD with wolfSSL" OFF)
 option(ENABLE_LZ4 "BUILD with lz4" ON)
 option(ENABLE_LZO "BUILD with lzo" ON)
@@ -239,9 +241,33 @@
 pkg_search_module(pkcs11-helper libpkcs11-helper-1 REQUIRED 
IMPORTED_TARGET)
 endif ()

+function(check_mbed_configuration)
+if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
+set(CMAKE_REQUIRED_INCLUDES ${MBED_INCLUDE_PATH})
+endif ()
+if (NOT (MBED_LIBRARY_PATH STREQUAL ""))
+set(CMAKE_REQUIRED_LINK_OPTIONS "-L${MBED_LIBRARY_PATH}")
+endif ()
+set(CMAKE_REQUIRED_LIBRARIES "mbedtls;mbedx509;mbedcrypto")
+check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h 
HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET)
+check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h 
HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB)
+check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H)
+endfunction()
+
+if (${MBED})
+check_mbed_configuration()
+endif()
+
 function(add_library_deps target)
 if (${MBED})
-target_link_libraries(${target} -lmbedtls -lmbedx509 -lmbedcrypto)
+if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
+target_include_directories(${target} PRIVATE ${MBED_INCLUDE_PATH})
+endif ()
+if(NOT (MBED_LIBRARY_PATH STREQUAL ""))
+target_link_directories(${target} PRIVATE ${MBED_LIBRARY_PATH})
+endif ()
+
+target_link_libraries(${target} PRIVATE -lmbedtls -lmbedx509 
-lmbedcrypto)
 elseif (${WOLFSSL})
 pkg_search_module(wolfssl wolfssl REQUIRED)
 target_link_libraries(${target} PUBLIC ${wolfssl_LINK_LIBRARIES})
diff --git a/config.h.cmake.in b/config.h.cmake.in
index baf9556..6c846f2 100644
--- a/config.h.cmake.in
+++ b/config.h.cmake.in
@@ -378,11 +378,11 @@
 /* Define to 1 if you have the  header file. */
 #undef HAVE_VFORK_H

-/* we always assume a recent mbed TLS version */
-#define HAVE_MBEDTLS_PSA_CRYPTO_H 1
+/* Availability of different mbed TLS features and APIs */
+#cmakedefine01 HAVE_MBEDTLS_PSA_CRYPTO_H
 #define HAVE_MBEDTLS_SSL_TLS_PRF 1
-#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 1
-#define HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET 1
+#cmakedefine01 HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
+#cmakedefine01 HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET

 /* Path to ifconfig tool */
 #define IFCONFIG_PATH "@IFCONFIG_PATH@"
diff --git a/src/openvpn/mbedtls_compat.h b/src/openvpn/mbedtls_compat.h
index 610215b..d742b54 100644
--- a/src/openvpn/mbedtls_compat.h
+++ b/src/openvpn/mbedtls_compat.h
@@ -77,13 +77,13 @@
const unsigned char *additional,
size_t add_len)
 {
-#if HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
+#if MBEDTLS_VERSION_NUMBER > 0x0300
+return mbedtls_ctr_drbg_update(ctx, additional, add_len);
+#elif HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
 return mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
-#elif MBEDTLS_VERSION_NUMBER < 0x03020100
+#else
 mbedtls_ctr_drbg_update(ctx, additional, add_len);
 return 0;
-#else
-return mbedtls_ctr_drbg_update(ctx, additional, add_len);
 #endif /* HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET */
 }


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/377?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7fd9e730e87210d2b7d090c8f9c7c6734bd7374e
Gerrit-Change-Number: 377
Gerrit-PatchSet: 7
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: MaxF 
Gerrit-CC: openvpn-devel 
Gerrit-MessageType: merged
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net

[Openvpn-devel] [PATCH applied] Re: buffer: add documentation for string_mod and extend related UT

[Gert Doering]

Briefly skimmed the patch (verifying that no mishap happened to the numbers),
ran "make check", passed.

Your patch has been applied to the master branch.

commit 975ef50b9cdbfec70f61b258e76fd8549d7f83d5
Author: Frank Lichtenheld
Date:   Mon Dec 11 18:02:14 2023 +0100

 buffer: add documentation for string_mod and extend related UT

 Signed-off-by: Frank Lichtenheld 
 Acked-by: Arne Schwabe 
 Message-Id: <20231211170214.85417-1-fr...@lichtenheld.com>
 URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27761.html
 Signed-off-by: Gert Doering 


--
kind regards,

Gert Doering



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: Remove dead list test code

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

flichtenheld has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/446?usp=email )

Change subject: Remove dead list test code
..


Patch Set 2: Code-Review-2

(2 comments)

Commit Message:

http://gerrit.openvpn.net/c/openvpn/+/446/comment/83ad6747_f9b562f8 :
PS2, Line 7: Remove dead list test code
commit message needs update for the new version of the patch


Patchset:

PS2: 
New list test is not enabled for mingw in GHA build.yaml. It would be difficult 
to enable due to the -DSOURCEDIR solution. Need to discuss how to handle that 
first, before going ahead.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/446?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21
Gerrit-Change-Number: 446
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Comment-Date: Mon, 11 Dec 2023 18:01:39 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v6] Fix building mbed TLS with CMake and allow specifying custom directories

[Frank Lichtenheld]

From: Arne Schwabe 

When installing mbed TLS 2.x and 3.x in parallel, it is useful to point
cmake to the version that should be used.

This fixes also building mbed TLS versions with cmake.

Change-Id: I7fd9e730e87210d2b7d090c8f9c7c6734bd7374e
Signed-off-by: Arne Schwabe 
Acked-by: Frank Lichtenheld 
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/377
This mail reflects revision 6 of this Change.
Acked-by according to Gerrit (reflected above):
Frank Lichtenheld 


diff --git a/CMakeLists.txt b/CMakeLists.txt
index 577bc5d..d40b213 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -32,6 +32,8 @@
 endif ()
 
 option(MBED "BUILD with mbed" OFF)
+set(MBED_INCLUDE_PATH "" CACHE STRING "Path to mbed TLS include directory")
+set(MBED_LIBRARY_PATH "" CACHE STRING "Path to mbed library directory")
 option(WOLFSSL "BUILD with wolfSSL" OFF)
 option(ENABLE_LZ4 "BUILD with lz4" ON)
 option(ENABLE_LZO "BUILD with lzo" ON)
@@ -239,9 +241,33 @@
 pkg_search_module(pkcs11-helper libpkcs11-helper-1 REQUIRED 
IMPORTED_TARGET)
 endif ()
 
+function(check_mbed_configuration)
+if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
+set(CMAKE_REQUIRED_INCLUDES ${MBED_INCLUDE_PATH})
+endif ()
+if (NOT (MBED_LIBRARY_PATH STREQUAL ""))
+set(CMAKE_REQUIRED_LINK_OPTIONS "-L${MBED_LIBRARY_PATH}")
+endif ()
+set(CMAKE_REQUIRED_LIBRARIES "mbedtls;mbedx509;mbedcrypto")
+check_symbol_exists(mbedtls_ctr_drbg_update_ret mbedtls/ctr_drbg.h 
HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET)
+check_symbol_exists(mbedtls_ssl_conf_export_keys_ext_cb mbedtls/ssl.h 
HAVE_MBEDTLS_SSL_CONF_EXPORT_KEYS_EXT_CB)
+check_include_files(psa/crypto.h HAVE_MBEDTLS_PSA_CRYPTO_H)
+endfunction()
+
+if (${MBED})
+check_mbed_configuration()
+endif()
+
 function(add_library_deps target)
 if (${MBED})
-target_link_libraries(${target} -lmbedtls -lmbedx509 -lmbedcrypto)
+if (NOT (MBED_INCLUDE_PATH STREQUAL "") )
+target_include_directories(${target} PRIVATE ${MBED_INCLUDE_PATH})
+endif ()
+if(NOT (MBED_LIBRARY_PATH STREQUAL ""))
+target_link_directories(${target} PRIVATE ${MBED_LIBRARY_PATH})
+endif ()
+
+target_link_libraries(${target} PRIVATE -lmbedtls -lmbedx509 
-lmbedcrypto)
 elseif (${WOLFSSL})
 pkg_search_module(wolfssl wolfssl REQUIRED)
 target_link_libraries(${target} PUBLIC ${wolfssl_LINK_LIBRARIES})
diff --git a/config.h.cmake.in b/config.h.cmake.in
index baf9556..6c846f2 100644
--- a/config.h.cmake.in
+++ b/config.h.cmake.in
@@ -378,11 +378,11 @@
 /* Define to 1 if you have the  header file. */
 #undef HAVE_VFORK_H
 
-/* we always assume a recent mbed TLS version */
-#define HAVE_MBEDTLS_PSA_CRYPTO_H 1
+/* Availability of different mbed TLS features and APIs */
+#cmakedefine01 HAVE_MBEDTLS_PSA_CRYPTO_H
 #define HAVE_MBEDTLS_SSL_TLS_PRF 1
-#define HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB 1
-#define HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET 1
+#cmakedefine01 HAVE_MBEDTLS_SSL_SET_EXPORT_KEYS_CB
+#cmakedefine01 HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
 
 /* Path to ifconfig tool */
 #define IFCONFIG_PATH "@IFCONFIG_PATH@"
diff --git a/src/openvpn/mbedtls_compat.h b/src/openvpn/mbedtls_compat.h
index 610215b..d742b54 100644
--- a/src/openvpn/mbedtls_compat.h
+++ b/src/openvpn/mbedtls_compat.h
@@ -77,13 +77,13 @@
const unsigned char *additional,
size_t add_len)
 {
-#if HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
+#if MBEDTLS_VERSION_NUMBER > 0x0300
+return mbedtls_ctr_drbg_update(ctx, additional, add_len);
+#elif HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET
 return mbedtls_ctr_drbg_update_ret(ctx, additional, add_len);
-#elif MBEDTLS_VERSION_NUMBER < 0x03020100
+#else
 mbedtls_ctr_drbg_update(ctx, additional, add_len);
 return 0;
-#else
-return mbedtls_ctr_drbg_update(ctx, additional, add_len);
 #endif /* HAVE_MBEDTLS_CTR_DRBG_UPDATE_RET */
 }
 


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v5] Check PRF availability on initialisation and add --force-tls-key-material-export

[Frank Lichtenheld]

From: Arne Schwabe 

We now warn a user if the TLS 1.0 PRF is not supported by the cryptographic
library of the system. Also add the option --force-tls-key-material-export
that automatically rejects clients that do not support TLS Keying Material
Export and automatically enable it when TLS 1.0 PRF support is not available.

Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70
Signed-off-by: Arne Schwabe 
Acked-by: Frank Lichtenheld 
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/460
This mail reflects revision 5 of this Change.
Acked-by according to Gerrit (reflected above):
Frank Lichtenheld 


diff --git a/doc/man-sections/protocol-options.rst 
b/doc/man-sections/protocol-options.rst
index 948c0c8..8b061d2 100644
--- a/doc/man-sections/protocol-options.rst
+++ b/doc/man-sections/protocol-options.rst
@@ -242,3 +242,11 @@
   a key renegotiation begins (default :code:`3600` seconds). This feature
   allows for a graceful transition from old to new key, and removes the key
   renegotiation sequence from the critical path of tunnel data forwarding.
+
+--force-tls-key-material-export
+  This option is only available in --mode server and forces to use
+  Keying Material Exporters (RFC 5705) for clients. This can be used to
+  simulate an environment where the cryptographic library does not support
+  the older method to generate data channel keys anymore. This option is
+  intended to be a test option and might be removed in a future OpenVPN
+  version without notice.
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index e4452d7..8c17f2a 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -1789,3 +1789,22 @@
 gc_free();
 return ret;
 }
+
+bool
+check_tls_prf_working(void)
+{
+/* Modern TLS libraries might no longer support the TLS 1.0 PRF with
+ * MD5+SHA1. This allows us to establish connections only
+ * with other 2.6.0+ OpenVPN peers.
+ * Do a simple dummy test here to see if it works. */
+const char *seed = "tls1-prf-test";
+const char *secret = "tls1-prf-test-secret";
+uint8_t out[8];
+uint8_t expected_out[] = { 0xe0, 0x5f, 0x1f, 1, 0, 0, 0, 0};
+
+int ret = ssl_tls1_PRF((uint8_t *)seed, (int) strlen(seed),
+   (uint8_t *)secret, (int) strlen(secret),
+   out, sizeof(out));
+
+return (ret && memcmp(out, expected_out, sizeof(out)) != 0);
+}
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 9255d38..4201524 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -593,4 +593,12 @@
 return kt;
 }
 
+/**
+ * Checks if the current TLS library supports the TLS 1.0 PRF with MD5+SHA1
+ * that OpenVPN uses when TLS Keying Material Export is not available.
+ *
+ * @return  true if supported, false otherwise.
+ */
+bool check_tls_prf_working(void);
+
 #endif /* CRYPTO_H */
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 8b490ed..82122f5 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -1830,6 +1830,16 @@
 {
 o->imported_protocol_flags |= CO_USE_TLS_KEY_MATERIAL_EXPORT;
 }
+else if (o->force_key_material_export)
+{
+msg(M_INFO, "PUSH: client does not support TLS key material export"
+"but --force-tls-key-material-export is enabled.");
+auth_set_client_reason(tls_multi, "Client incompatible with this"
+   "server. Keying Material Exporters (RFC 5705)"
+   "support missing. Upgrade to a client that "
+   "supports this feature (OpenVPN 2.6.0+).");
+return false;
+}
 if (proto & IV_PROTO_DYN_TLS_CRYPT)
 {
 o->imported_protocol_flags |= CO_USE_DYNAMIC_TLS_CRYPT;
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 1521872..fc0a5d5 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1561,6 +1561,7 @@
 SHOW_STR(auth_user_pass_verify_script);
 SHOW_BOOL(auth_user_pass_verify_script_via_file);
 SHOW_BOOL(auth_token_generate);
+SHOW_BOOL(force_key_material_export);
 SHOW_INT(auth_token_lifetime);
 SHOW_STR_INLINE(auth_token_secret_file);
 #if PORT_SHARE
@@ -2802,6 +2803,11 @@
 {
 msg(M_USAGE, "--vlan-tagging requires --mode server");
 }
+
+if (options->force_key_material_export)
+{
+msg(M_USAGE, "--force-tls-key-material-export requires --mode 
server");
+}
 }
 
 /*
@@ -3634,6 +3640,30 @@
 }
 
 static void
+options_process_mutate_prf(struct options *o)
+{
+if (!check_tls_prf_working())
+{
+
+msg(D_TLS_ERRORS, "Warning: TLS 1.0 PRF with MD5+SHA1 PRF not 
supported "
+"by TLS library. Your system does not support this calculation "
+"anymore or your security policy (e.g. FIPS 140-2) forbids it. "
+

[Openvpn-devel] [PATCH v1] buffer: add documentation for string_mod and extend related UT

[Frank Lichtenheld]

Since I was confused what exactly string_mod does, I
added documentation and additional UTs to make it
clearer.

Change-Id: I911fb5c5fa4b41f1fc1a30c6bf8b314245f64a6e
Signed-off-by: Frank Lichtenheld 
Acked-by: Arne Schwabe 
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master and release/2.6.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/472
This mail reflects revision 1 of this Change.
Acked-by according to Gerrit (reflected above):
Arne Schwabe 


diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h
index 0456b27..61fc3a5 100644
--- a/src/openvpn/buffer.h
+++ b/src/openvpn/buffer.h
@@ -898,51 +898,78 @@
 
 /* character classes */
 
-#define CC_ANY(1<<0)
-#define CC_NULL   (1<<1)
+#define CC_ANY(1<<0) /**< any character */
+#define CC_NULL   (1<<1) /**< null character \0 */
 
-#define CC_ALNUM  (1<<2)
-#define CC_ALPHA  (1<<3)
-#define CC_ASCII  (1<<4)
-#define CC_CNTRL  (1<<5)
-#define CC_DIGIT  (1<<6)
-#define CC_PRINT  (1<<7)
-#define CC_PUNCT  (1<<8)
-#define CC_SPACE  (1<<9)
-#define CC_XDIGIT (1<<10)
+#define CC_ALNUM  (1<<2) /**< alphanumeric isalnum() */
+#define CC_ALPHA  (1<<3) /**< alphabetic isalpha() */
+#define CC_ASCII  (1<<4) /**< ASCII character */
+#define CC_CNTRL  (1<<5) /**< control character iscntrl() */
+#define CC_DIGIT  (1<<6) /**< digit isdigit() */
+#define CC_PRINT  (1<<7) /**< printable (>= 32, != 127) */
+#define CC_PUNCT  (1<<8) /**< punctuation ispunct() */
+#define CC_SPACE  (1<<9) /**< whitespace isspace() */
+#define CC_XDIGIT (1<<10) /**< hex digit isxdigit() */
 
-#define CC_BLANK  (1<<11)
-#define CC_NEWLINE(1<<12)
-#define CC_CR (1<<13)
+#define CC_BLANK  (1<<11) /**< space or tab */
+#define CC_NEWLINE(1<<12) /**< newline */
+#define CC_CR (1<<13) /**< carriage return */
 
-#define CC_BACKSLASH  (1<<14)
-#define CC_UNDERBAR   (1<<15)
-#define CC_DASH   (1<<16)
-#define CC_DOT(1<<17)
-#define CC_COMMA  (1<<18)
-#define CC_COLON  (1<<19)
-#define CC_SLASH  (1<<20)
-#define CC_SINGLE_QUOTE   (1<<21)
-#define CC_DOUBLE_QUOTE   (1<<22)
-#define CC_REVERSE_QUOTE  (1<<23)
-#define CC_AT (1<<24)
-#define CC_EQUAL  (1<<25)
-#define CC_LESS_THAN  (1<<26)
-#define CC_GREATER_THAN   (1<<27)
-#define CC_PIPE   (1<<28)
-#define CC_QUESTION_MARK  (1<<29)
-#define CC_ASTERISK   (1<<30)
+#define CC_BACKSLASH  (1<<14) /**< backslash */
+#define CC_UNDERBAR   (1<<15) /**< underscore */
+#define CC_DASH   (1<<16) /**< dash */
+#define CC_DOT(1<<17) /**< dot */
+#define CC_COMMA  (1<<18) /**< comma */
+#define CC_COLON  (1<<19) /**< colon */
+#define CC_SLASH  (1<<20) /**< slash */
+#define CC_SINGLE_QUOTE   (1<<21) /**< single quote */
+#define CC_DOUBLE_QUOTE   (1<<22) /**< double quote */
+#define CC_REVERSE_QUOTE  (1<<23) /**< reverse quote */
+#define CC_AT (1<<24) /**< at sign */
+#define CC_EQUAL  (1<<25) /**< equal sign */
+#define CC_LESS_THAN  (1<<26) /**< less than sign */
+#define CC_GREATER_THAN   (1<<27) /**< greater than sign */
+#define CC_PIPE   (1<<28) /**< pipe */
+#define CC_QUESTION_MARK  (1<<29) /**< question mark */
+#define CC_ASTERISK   (1<<30) /**< asterisk */
 
 /* macro classes */
-#define CC_NAME   (CC_ALNUM|CC_UNDERBAR)
-#define CC_CRLF   (CC_CR|CC_NEWLINE)
+#define CC_NAME   (CC_ALNUM|CC_UNDERBAR) /**< alphanumeric plus 
underscore */
+#define CC_CRLF   (CC_CR|CC_NEWLINE) /**< carriage return or 
newline */
 
 bool char_class(const unsigned char c, const unsigned int flags);
 
 bool string_class(const char *str, const unsigned int inclusive, const 
unsigned int exclusive);
 
+/**
+ * Modifies a string in place by replacing certain classes of characters of it 
with a specified
+ * character.
+ *
+ * Guaranteed to not increase the length of the string.
+ * If replace is 0, characters are skipped instead of replaced.
+ *
+ * @param str The string to be modified.
+ * @param inclusive The character classes not to be replaced.
+ * @param exclusive Character classes to be replaced even if they are also in 
inclusive.
+ * @param replace The character to replace the specified character classes 
with.
+ * @return True if the string was not modified, false otherwise.
+ */
 bool string_mod(char *str, const unsigned int inclusive, const unsigned int 
exclusive, const char replace);
 
+/**
+ * 

[Openvpn-devel] [S] Change in openvpn[master]: Make it more explicit and visible when pkg-config is not found

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

flichtenheld has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/465?usp=email )

Change subject: Make it more explicit and visible when pkg-config is not found
..


Patch Set 2: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/465?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a
Gerrit-Change-Number: 465
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Comment-Date: Mon, 11 Dec 2023 16:59:20 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [S] Change in openvpn[master]: Cache mbed TLS dependency and build latest 2.x mbed TLS as well

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

flichtenheld has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/455?usp=email )

Change subject: Cache mbed TLS dependency and build latest 2.x mbed TLS as well
..


Patch Set 4: Code-Review-1

(1 comment)

File .github/workflows/build.yaml:

http://gerrit.openvpn.net/c/openvpn/+/455/comment/d2494521_91393bb9 :
PS4, Line 389:   key: ${{ matrix.build 
}}-mbedtls-${{matrix.mbedtlsver}}-${{matrix.cmakebuild}}
matrix.cmakebuild seems undefined? Did you maybe mean matrix.cc?



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/455?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I39fb3f05b6245af9ae5dd666bfc53ed07e5cfb24
Gerrit-Change-Number: 455
Gerrit-PatchSet: 4
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Comment-Date: Mon, 11 Dec 2023 16:57:07 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [S] Change in openvpn[master]: Fix building mbed TLS with CMake and allow specifying custom directories

[flichtenheld (Code Review)]

Attention is currently required from: MaxF, plaisthos.

flichtenheld has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/377?usp=email )

Change subject: Fix building mbed TLS with CMake and allow specifying custom 
directories
..


Patch Set 6: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/377?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7fd9e730e87210d2b7d090c8f9c7c6734bd7374e
Gerrit-Change-Number: 377
Gerrit-PatchSet: 6
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: MaxF 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Attention: MaxF 
Gerrit-Comment-Date: Mon, 11 Dec 2023 16:53:35 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: Remove dead list test code

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

flichtenheld has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/446?usp=email )

Change subject: Remove dead list test code
..


Patch Set 2: Code-Review-1

(3 comments)

File tests/unit_tests/openvpn/test_misc.c:

http://gerrit.openvpn.net/c/openvpn/+/446/comment/06c0770f_7c7fbf6a :
PS2, Line 203: ASSERT(hash_add(hash, w->word, w, 
false));
Should probably use the cmocka assert_true here?


http://gerrit.openvpn.net/c/openvpn/+/446/comment/57543554_99e77fac :
PS2, Line 261: ASSERT(count == hash_n_elements(hash));
should use assert_int_equal


http://gerrit.openvpn.net/c/openvpn/+/446/comment/0a20d288_80ec1771 :
PS2, Line 268: hash_remove_by_value(nhash, (void *) i);
can we test that this was successful?



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/446?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21
Gerrit-Change-Number: 446
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Comment-Date: Mon, 11 Dec 2023 16:25:12 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: test_user_pass: new UT for get_user_pass

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

flichtenheld has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/468?usp=email )

Change subject: test_user_pass: new UT for get_user_pass
..


Patch Set 3:

(1 comment)

File CMakeLists.txt:

http://gerrit.openvpn.net/c/openvpn/+/468/comment/3e694e97_351c140e :
PS3, Line 625: ENVIRONMENT 
"srcdir=${CMAKE_CURRENT_SOURCE_DIR}/tests/unit_tests/openvpn")
> Alternative solution with the define: https://gerrit.openvpn. […]
srcdir environment variable is the official interface for automake test suite 
which is why I used it. But we can go for a define as well. Should probably 
report that as a bug against your IDE though. Just ignoring part of the cmake 
code seems bad.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/468?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I193aef06912f01426dd4ac298aadfab97dd75a35
Gerrit-Change-Number: 468
Gerrit-PatchSet: 3
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Comment-Date: Mon, 11 Dec 2023 16:09:44 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: plaisthos 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: test_user_pass: Check fatal errors for empty username/password

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

flichtenheld has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/474?usp=email )

Change subject: test_user_pass: Check fatal errors for empty username/password
..


Patch Set 2:

(1 comment)

File tests/unit_tests/openvpn/input/leak_suppr.txt:

http://gerrit.openvpn.net/c/openvpn/+/474/comment/ba78df38_3f4e21f0 :
PS2, Line 1: leak:_assertions$
> This feels unecessarily broad. […]
That was intentional. Having a common suffix for tests that can leak due to 
testing program aborts feels useful. Would you maybe prefer a different suffix? 
Like _leak?



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/474?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Icabc8acf75638c86c8c395e9ffecba7a7226cd97
Gerrit-Change-Number: 474
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-Comment-Date: Mon, 11 Dec 2023 16:06:07 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: plaisthos 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: test_user_pass: new UT for get_user_pass

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/468?usp=email )

Change subject: test_user_pass: new UT for get_user_pass
..


Patch Set 3:

(1 comment)

File CMakeLists.txt:

http://gerrit.openvpn.net/c/openvpn/+/468/comment/010f5528_3a64e9cc :
PS3, Line 625: ENVIRONMENT 
"srcdir=${CMAKE_CURRENT_SOURCE_DIR}/tests/unit_tests/openvpn")
> Also my IDE (Clion) does not pick this up, so I have manually configure to 
> add that environment vari […]
Alternative solution with the define: https://gerrit.openvpn.net/c/openvpn/+/446



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/468?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I193aef06912f01426dd4ac298aadfab97dd75a35
Gerrit-Change-Number: 468
Gerrit-PatchSet: 3
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 15:56:28 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: plaisthos 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: tests: fork default automake test-driver

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

http://gerrit.openvpn.net/c/openvpn/+/478?usp=email

to review the following change.


Change subject: tests: fork default automake test-driver
..

tests: fork default automake test-driver

We don't really like the default log behavior and
there seems no easy way to change that except to fork
the driver. The license seems unproblematic since we're
GPL anyway.

Change-Id: I67d461afbcc9c06b1fc5ab4477141d7b8bd9ba8e
Signed-off-by: Frank Lichtenheld 
---
A forked-test-driver
M tests/Makefile.am
M tests/unit_tests/example_test/Makefile.am
M tests/unit_tests/openvpn/Makefile.am
M tests/unit_tests/plugins/auth-pam/Makefile.am
5 files changed, 157 insertions(+), 0 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/78/478/1

diff --git a/forked-test-driver b/forked-test-driver
new file mode 100755
index 000..be73b80
--- /dev/null
+++ b/forked-test-driver
@@ -0,0 +1,153 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2018-03-07.03; # UTC
+
+# Copyright (C) 2011-2021 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to  or send patches to
+# .
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <"$log_file"
+"$@" >>"$log_file" 2>&1
+estatus=$?
+
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  tweaked_estatus=1
+else
+  tweaked_estatus=$estatus
+fi
+
+case $tweaked_estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>"$log_file"
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC0"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 6c71067..b3b2d74 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -15,6 +15,7 @@
 SUBDIRS = unit_tests

 AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) System Tests'
+LOG_DRIVER = $(SHELL) $(top_srcdir)/forked-test-driver

 if !WIN32
 test_scripts = t_client.sh t_lpback.sh t_cltsrv.sh
diff --git a/tests/unit_tests/example_test/Makefile.am 
b/tests/unit_tests/example_test/Makefile.am
index 1ae80c8..988366a 100644
--- a/tests/unit_tests/example_test/Makefile.am
+++ b/tests/unit_tests/example_test/Makefile.am
@@ -1,6 +1,7 @@
 AUTOMAKE_OPTIONS = foreign

 AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) example Unit-Tests'
+LOG_DRIVER = $(SHELL) $(top_srcdir)/forked-test-driver

 check_PROGRAMS = example_testdriver example2_testdriver

diff --git a/tests/unit_tests/openvpn/Makefile.am 
b/tests/unit_tests/openvpn/Makefile.am
index cecf4dc..80001bf 100644
--- a/tests/unit_tests/openvpn/Makefile.am
+++ b/tests/unit_tests/openvpn/Makefile.am
@@ -1,6 +1,7 @@
 AUTOMAKE_OPTIONS = foreign

 

[Openvpn-devel] [S] Change in openvpn[master]: tests: disable automake serial_tests

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

http://gerrit.openvpn.net/c/openvpn/+/477?usp=email

to review the following change.


Change subject: tests: disable automake serial_tests
..

tests: disable automake serial_tests

Serial mode is the old one and offers much less options for
running the tests. Generally our tests seem to work fine
with the newer parallel mode. The only reason we stuck with
serial_tests seems to be that we didn't like that it doesn't
output the test output by default. We could fix that with a
custom test driver. But will put that into a separate commit.

Change-Id: Ic7265d89142637b0963a6847c6beb06d9163bbb1
Signed-off-by: Frank Lichtenheld 
---
M configure.ac
M tests/Makefile.am
M tests/unit_tests/example_test/Makefile.am
M tests/unit_tests/openvpn/Makefile.am
M tests/unit_tests/plugins/auth-pam/Makefile.am
5 files changed, 9 insertions(+), 15 deletions(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/77/477/1

diff --git a/configure.ac b/configure.ac
index 54f79ab..2823f04 100644
--- a/configure.ac
+++ b/configure.ac
@@ -41,20 +41,6 @@
 AC_CONFIG_SRCDIR([src/openvpn/syshead.h])
 AC_CONFIG_MACRO_DIR([m4])

-dnl Initialize automake.  automake < 1.12 didn't have serial-tests and
-dnl gives an error if it sees this, but for automake >= 1.13
-dnl serial-tests is required so we have to include it.  Solution is to
-dnl test for the version of automake (by running an external command)
-dnl and provide it if necessary.  Note we have to do this entirely using
-dnl m4 macros since automake queries this macro by running
-dnl 'autoconf --trace ...'.
-m4_define([serial_tests], [
-m4_esyscmd([automake --version |
-head -1 |
-awk '{split ($NF,a,"."); if (a[1] == 1 && a[2] >= 12) { print 
"serial-tests" }}'
-])
-])
-
 dnl Automake 1.14+ warns if sources are in sub-directories but subdir-objects
 dnl options is not enabled. However, automake before 1.15a has a bug that 
causes
 dnl variable expansion to fail in foo_SOURCES when this option is used.
@@ -69,7 +55,7 @@

 # This foreign option prevents autoreconf from overriding our COPYING and
 # INSTALL targets:
-AM_INIT_AUTOMAKE(foreign serial_tests subdir_objects 1.9) dnl NB: Do not 
[quote] this parameter.
+AM_INIT_AUTOMAKE(foreign subdir_objects 1.9) dnl NB: Do not [quote] this 
parameter.
 AC_CANONICAL_HOST
 AC_USE_SYSTEM_EXTENSIONS

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 80673d5..6c71067 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -14,6 +14,8 @@

 SUBDIRS = unit_tests

+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) System Tests'
+
 if !WIN32
 test_scripts = t_client.sh t_lpback.sh t_cltsrv.sh
 if HAVE_SITNL
diff --git a/tests/unit_tests/example_test/Makefile.am 
b/tests/unit_tests/example_test/Makefile.am
index 24eb0ba..1ae80c8 100644
--- a/tests/unit_tests/example_test/Makefile.am
+++ b/tests/unit_tests/example_test/Makefile.am
@@ -1,5 +1,7 @@
 AUTOMAKE_OPTIONS = foreign

+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) example Unit-Tests'
+
 check_PROGRAMS = example_testdriver example2_testdriver

 if !CROSS_COMPILING
diff --git a/tests/unit_tests/openvpn/Makefile.am 
b/tests/unit_tests/openvpn/Makefile.am
index ef45b11..cecf4dc 100644
--- a/tests/unit_tests/openvpn/Makefile.am
+++ b/tests/unit_tests/openvpn/Makefile.am
@@ -1,5 +1,7 @@
 AUTOMAKE_OPTIONS = foreign

+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) Unit-Tests'
+
 test_binaries=

 if HAVE_LD_WRAP_SUPPORT
diff --git a/tests/unit_tests/plugins/auth-pam/Makefile.am 
b/tests/unit_tests/plugins/auth-pam/Makefile.am
index de5e96e..ba32013 100644
--- a/tests/unit_tests/plugins/auth-pam/Makefile.am
+++ b/tests/unit_tests/plugins/auth-pam/Makefile.am
@@ -1,5 +1,7 @@
 AUTOMAKE_OPTIONS = foreign

+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING) auth_pam Plugin 
Unit-Tests'
+
 if ENABLE_PLUGIN_AUTH_PAM
 check_PROGRAMS = auth_pam_testdriver
 TESTS = $(check_PROGRAMS)

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/477?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ic7265d89142637b0963a6847c6beb06d9163bbb1
Gerrit-Change-Number: 477
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [XS] Change in openvpn[master]: forked-test-driver: Show test output always

[flichtenheld (Code Review)]

Attention is currently required from: plaisthos.

Hello plaisthos,

I'd like you to do a code review.
Please visit

http://gerrit.openvpn.net/c/openvpn/+/479?usp=email

to review the following change.


Change subject: forked-test-driver: Show test output always
..

forked-test-driver: Show test output always

We want to see the progress, especially for slow tests
like t_client.sh.

Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514
Signed-off-by: Frank Lichtenheld 
---
M forked-test-driver
1 file changed, 1 insertion(+), 1 deletion(-)



  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/79/479/1

diff --git a/forked-test-driver b/forked-test-driver
index be73b80..1baaa84 100755
--- a/forked-test-driver
+++ b/forked-test-driver
@@ -109,7 +109,7 @@
 # to ameliorate tests themselves also writing to the log file. Our tests
 # don't, but others can (automake bug#35762).
 : >"$log_file"
-"$@" >>"$log_file" 2>&1
+"$@" 2>&1 | tee -a "$log_file"
 estatus=$?

 if test $enable_hard_errors = no && test $estatus -eq 99; then

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/479?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514
Gerrit-Change-Number: 479
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-MessageType: newchange
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: Remove dead list test code

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld, plaisthos.

Hello flichtenheld,

I'd like you to reexamine a change. Please visit

http://gerrit.openvpn.net/c/openvpn/+/446?usp=email

to look at the new patch set (#2).

The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld


Change subject: Remove dead list test code
..

Remove dead list test code

Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21
Signed-off-by: Arne Schwabe 
---
M CMakeLists.txt
M src/openvpn/init.c
M src/openvpn/list.c
M src/openvpn/list.h
M tests/unit_tests/openvpn/Makefile.am
M tests/unit_tests/openvpn/test_misc.c
6 files changed, 177 insertions(+), 193 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/46/446/2

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 577bc5d..3beb259 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -669,8 +669,11 @@
 tests/unit_tests/openvpn/mock_get_random.c
 src/openvpn/options_util.c
 src/openvpn/ssl_util.c
+src/openvpn/list.c
 )

+target_compile_definitions(test_misc PRIVATE 
"-DSOURCEDIR=\"${CMAKE_SOURCE_DIR}\"")
+
 target_sources(test_ncp PRIVATE
 src/openvpn/crypto_mbedtls.c
 src/openvpn/crypto_openssl.c
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 9e2b3845..33b6fad 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -865,11 +865,6 @@
 return false;
 #endif

-#ifdef LIST_TEST
-list_test();
-return false;
-#endif
-
 #ifdef IFCONFIG_POOL_TEST
 ifconfig_pool_test(0x0A010004, 0x0A0100FF);
 return false;
diff --git a/src/openvpn/list.c b/src/openvpn/list.c
index 480f39d..dc4b1df 100644
--- a/src/openvpn/list.c
+++ b/src/openvpn/list.c
@@ -326,185 +326,6 @@
 }


-#ifdef LIST_TEST
-
-/*
- * Test the hash code by implementing a simple
- * word frequency algorithm.
- */
-
-struct word
-{
-const char *word;
-int n;
-};
-
-static uint32_t
-word_hash_function(const void *key, uint32_t iv)
-{
-const char *str = (const char *) key;
-const int len = strlen(str);
-return hash_func((const uint8_t *)str, len, iv);
-}
-
-static bool
-word_compare_function(const void *key1, const void *key2)
-{
-return strcmp((const char *)key1, (const char *)key2) == 0;
-}
-
-static void
-print_nhash(struct hash *hash)
-{
-struct hash_iterator hi;
-struct hash_element *he;
-int count = 0;
-
-hash_iterator_init(hash, , true);
-
-while ((he = hash_iterator_next()))
-{
-printf("%d ", (int) he->value);
-++count;
-}
-printf("\n");
-
-hash_iterator_free();
-ASSERT(count == hash_n_elements(hash));
-}
-
-static void
-rmhash(struct hash *hash, const char *word)
-{
-hash_remove(hash, word);
-}
-
-void
-list_test(void)
-{
-openvpn_thread_init();
-
-{
-struct gc_arena gc = gc_new();
-struct hash *hash = hash_init(1, get_random(), word_hash_function, 
word_compare_function);
-struct hash *nhash = hash_init(256, get_random(), word_hash_function, 
word_compare_function);
-
-printf("hash_init n_buckets=%d mask=0x%08x\n", hash->n_buckets, 
hash->mask);
-
-/* parse words from stdin */
-while (true)
-{
-char buf[256];
-char wordbuf[256];
-int wbi;
-int bi;
-char c;
-
-if (!fgets(buf, sizeof(buf), stdin))
-{
-break;
-}
-
-bi = wbi = 0;
-do
-{
-c = buf[bi++];
-if (isalnum(c) || c == '_')
-{
-ASSERT(wbi < (int) sizeof(wordbuf));
-wordbuf[wbi++] = c;
-}
-else
-{
-if (wbi)
-{
-struct word *w;
-ASSERT(wbi < (int) sizeof(wordbuf));
-wordbuf[wbi++] = '\0';
-
-/* word is parsed from stdin */
-
-/* does it already exist in table? */
-w = (struct word *) hash_lookup(hash, wordbuf);
-
-if (w)
-{
-/* yes, increment count */
-++w->n;
-}
-else
-{
-/* no, make a new object */
-ALLOC_OBJ_GC(w, struct word, );
-w->word = string_alloc(wordbuf, );
-w->n = 1;
-ASSERT(hash_add(hash, w->word, w, false));
-ASSERT(hash_add(nhash, w->word, (void *) 
((random() & 0x0F) + 1), false));
-}
-}
-wbi = 0;
-}
-   

[Openvpn-devel] [S] Change in openvpn[master]: test_user_pass: Add UTs for character filtering

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/473?usp=email )

Change subject: test_user_pass: Add UTs for character filtering
..


Patch Set 1: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/473?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ie8d2d5f6f58679baaf5eb817a7e2ca1afcb8c4db
Gerrit-Change-Number: 473
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 15:00:41 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: test_user_pass: add basic tests for static/dynamic challenges

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/475?usp=email )

Change subject: test_user_pass: add basic tests for static/dynamic challenges
..


Patch Set 2: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/475?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a
Gerrit-Change-Number: 475
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:59:51 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: misc: make get_auth_challenge static

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/476?usp=email )

Change subject: misc: make get_auth_challenge static
..


Patch Set 2: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/476?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I0abeec9f862aea1f6a8fdf350fa0008cf2e5d613
Gerrit-Change-Number: 476
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:59:05 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: test_user_pass: Check fatal errors for empty username/password

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/474?usp=email )

Change subject: test_user_pass: Check fatal errors for empty username/password
..


Patch Set 2: Code-Review-1

(2 comments)

Patchset:

PS2:
I tried to replicate the leak that is being supressed (with blanking the 
content of that .txt file) but cannot trigger it at least on macOS. It would be 
also good to actually have a comment in the unit where the supressed leak is 
happening.


File tests/unit_tests/openvpn/input/leak_suppr.txt:

http://gerrit.openvpn.net/c/openvpn/+/474/comment/cf59cf0c_68f7af73 :
PS2, Line 1: leak:_assertions$
This feels unecessarily broad. Especially since we are using it on every unit 
test that is being run and not only on the input unit tests.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/474?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Icabc8acf75638c86c8c395e9ffecba7a7226cd97
Gerrit-Change-Number: 474
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:58:04 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [M] Change in openvpn[master]: buffer: add documentation for string_mod and extend related UT

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/472?usp=email )

Change subject: buffer: add documentation for string_mod and extend related UT
..


Patch Set 1: Code-Review+2


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/472?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I911fb5c5fa4b41f1fc1a30c6bf8b314245f64a6e
Gerrit-Change-Number: 472
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:56:05 +
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: test_user_pass: new UT for get_user_pass

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/468?usp=email )

Change subject: test_user_pass: new UT for get_user_pass
..


Patch Set 3:

(1 comment)

File CMakeLists.txt:

http://gerrit.openvpn.net/c/openvpn/+/468/comment/444e8ac1_9c9bf24b :
PS3, Line 625: ENVIRONMENT 
"srcdir=${CMAKE_CURRENT_SOURCE_DIR}/tests/unit_tests/openvpn")
> Why not use a define instead like  […]
Also my IDE (Clion) does not pick this up, so I have manually configure to add 
that environment variable to run tests now.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/468?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I193aef06912f01426dd4ac298aadfab97dd75a35
Gerrit-Change-Number: 468
Gerrit-PatchSet: 3
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:53:05 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: plaisthos 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: test_user_pass: new UT for get_user_pass

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/468?usp=email )

Change subject: test_user_pass: new UT for get_user_pass
..


Patch Set 3:

(2 comments)

File CMakeLists.txt:

http://gerrit.openvpn.net/c/openvpn/+/468/comment/ced071e8_e7d892e4 :
PS3, Line 625: ENVIRONMENT 
"srcdir=${CMAKE_CURRENT_SOURCE_DIR}/tests/unit_tests/openvpn")
Why not use a define instead like

add_compile_definition(${target} -DSRCDIR="${CMAKE_CURRENT_SOURCE_DIR}"? That 
seems less fragile then an environment variable.


File tests/unit_tests/openvpn/test_user_pass.c:

http://gerrit.openvpn.net/c/openvpn/+/468/comment/c4d4854d_87b23353 :
PS3, Line 86: }
I think we should be consistent here. Either do the (void) var; in all mocked 
functions or none. I would prefer not to use them if not necessary.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/468?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I193aef06912f01426dd4ac298aadfab97dd75a35
Gerrit-Change-Number: 468
Gerrit-PatchSet: 3
Gerrit-Owner: flichtenheld 
Gerrit-Reviewer: plaisthos 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:42:48 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [S] Change in openvpn[master]: Make it more explicit and visible when pkg-config is not found

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/465?usp=email )

Change subject: Make it more explicit and visible when pkg-config is not found
..


Patch Set 2:

(2 comments)

File configure.ac:

http://gerrit.openvpn.net/c/openvpn/+/465/comment/28017652_1a658295 :
PS1, Line 387:  pkg_config_found="(not found)"
> Damn indenting with tabs instead of spaces. I will double check all other 
> indents as well.
Done


http://gerrit.openvpn.net/c/openvpn/+/465/comment/a9e557dc_cc9d2ae5 :
PS1, Line 873:  # We require pkg-config
> indent
Done



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/465?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a
Gerrit-Change-Number: 465
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:04:51 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: plaisthos 
Comment-In-Reply-To: flichtenheld 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [S] Change in openvpn[master]: Make it more explicit and visible when pkg-config is not found

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

Hello flichtenheld, 

I'd like you to reexamine a change. Please visit

http://gerrit.openvpn.net/c/openvpn/+/465?usp=email

to look at the new patch set (#2).

The following approvals got outdated and were removed:
Code-Review-1 by flichtenheld


Change subject: Make it more explicit and visible when pkg-config is not found
..

Make it more explicit and visible when pkg-config is not found

Users seem to struggle to read the full error message. This adds an
indication if pkg-config is actually found to the warning/error message
that use pkg-config.

When found:

configure: error: libnl-genl-3.0 package not found or too old. Is the 
development package and pkg-config (using /usr/bin/pkg-config) installed? Must 
be version 3.4.0 or newer for DCO

not found:

configure: error: libnl-genl-3.0 package not found or too old. Is the 
development package and pkg-config (not found) installed? Must be version 3.4.0 
or newer for DCO

Change-Id: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a
Signed-off-by: Arne Schwabe 
---
M configure.ac
1 file changed, 14 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/65/465/2

diff --git a/configure.ac b/configure.ac
index 54f79ab..a80de7f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -382,6 +382,14 @@
 AM_CONDITIONAL([CROSS_COMPILING], test "${cross_compiling}" = "yes")

 PKG_PROG_PKG_CONFIG
+# Add variable to print if pkg-config is found or not. Users often miss that
+if test "${PKG_CONFIG}" = ""; then
+   pkg_config_found="(not found)"
+else
+   pkg_config_found="(using ${PKG_CONFIG})"
+fi
+
+
 AC_PROG_CPP
 AC_PROG_INSTALL
 AC_PROG_LN_S
@@ -816,7 +824,7 @@
  [libnl-genl-3.0 >= 3.4.0],
  [have_libnl="yes"],
  [
-  AC_MSG_ERROR([libnl-genl-3.0 package 
not found or too old. Is the development package and pkg-config installed? Must 
be version 3.4.0 or newer for DCO])
+  AC_MSG_ERROR([libnl-genl-3.0 package 
not found or too old. Is the development package and pkg-config 
${pkg_config_found} installed? Must be version 3.4.0 or newer for DCO])
  ]
)
CFLAGS="${CFLAGS} ${LIBNL_GENL_CFLAGS}"
@@ -860,10 +868,11 @@
 dnl
 case "$host" in
*-*-linux*)
+   # We require pkg-config
PKG_CHECK_MODULES([LIBCAPNG],
  [libcap-ng],
  [],
- [AC_MSG_ERROR([libcap-ng package not found. 
Is the development package and pkg-config installed?])]
+ [AC_MSG_ERROR([libcap-ng package not found. 
Is the development package and pkg-config ${pkg_config_found} installed?])]
)
AC_CHECK_HEADER([sys/prctl.h],,[AC_MSG_ERROR([sys/prctl.h not 
found!])])

@@ -884,7 +893,7 @@
[OPENSSL],
[openssl >= 1.0.2],
[have_openssl="yes"],
-   [] # If this fails, we will do another test next
+   [AC_MSG_WARN([OpenSSL not found by pkg-config 
${pkg_config_found}])] # If this fails, we will do another test next
)
OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
fi
@@ -1089,7 +1098,7 @@
[WOLFSSL],
[wolfssl],
[],
-   [AC_MSG_ERROR([Could not find wolfSSL.])]
+   [AC_MSG_ERROR([Could not find wolfSSL using pkg-config 
${pkg_config_found}])]
)
PKG_CHECK_VAR(
[WOLFSSL_INCLUDEDIR],
@@ -1513,7 +1522,7 @@
 PKG_CHECK_MODULES(
[CMOCKA], [cmocka],
[have_cmocka="yes"],
-   [AC_MSG_WARN([cmocka.pc not found on the system.  Unit tests disabled])]
+   [AC_MSG_WARN([cmocka.pc not found on the system using pkg-config 
${pkg_config_found}.  Unit tests disabled])]
 )
 AM_CONDITIONAL([ENABLE_UNITTESTS], [test "${enable_unit_tests}" = "yes" -a 
"${have_cmocka}" = "yes" ])
 AC_SUBST([ENABLE_UNITTESTS])

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/465?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a
Gerrit-Change-Number: 465
Gerrit-PatchSet: 2
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list

[Openvpn-devel] [S] Change in openvpn[master]: Make it more explicit and visible when pkg-config is not found

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/465?usp=email )

Change subject: Make it more explicit and visible when pkg-config is not found
..


Patch Set 1:

(1 comment)

File configure.ac:

http://gerrit.openvpn.net/c/openvpn/+/465/comment/1f49058a_883de55c :
PS1, Line 387:  pkg_config_found="(not found)"
> indent
Damn indenting with tabs instead of spaces. I will double check all other 
indents as well.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/465?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a
Gerrit-Change-Number: 465
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 14:03:21 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: flichtenheld 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [L] Change in openvpn[master]: Add test_ssl unit test and test export of PEM to file

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/471?usp=email )

Change subject: Add test_ssl unit test and test export of PEM to file
..


Patch Set 1:

(6 comments)

File CMakeLists.txt:

http://gerrit.openvpn.net/c/openvpn/+/471/comment/0db70bef_074e855b :
PS1, Line 560: "test_ssl"
> Those are sorted alphabetically
Done


http://gerrit.openvpn.net/c/openvpn/+/471/comment/e741cdb3_5a0aaaff :
PS1, Line 675: target_sources(test_ssl PRIVATE
> also sorted alphabetically
I sorted them like the other ones that include mock files and have the 
test/mock files first and not strictly alphabetical which would have put them 
at the end.


File tests/unit_tests/openvpn/mock_management.c:

http://gerrit.openvpn.net/c/openvpn/+/471/comment/5b10dbd9_9e007792 :
PS1, Line 8:  *  Copyright (C) 2017-2021 Fox Crypto B.V. 
> Copy & paste error? Or intentional?
Done


File tests/unit_tests/openvpn/mock_ssl_dependencies.c:

http://gerrit.openvpn.net/c/openvpn/+/471/comment/979d7c62_638080d7 :
PS1, Line 8:  *  Copyright (C) 2017-2021 Fox Crypto B.V. 
> intentional?
Done


http://gerrit.openvpn.net/c/openvpn/+/471/comment/96b5a578_3c274b81 :
PS1, Line 24: /* Minimal set of mocked management function/globals to get unit 
tests to
> "management" is probably copy
Done


File tests/unit_tests/openvpn/test_ssl.c:

http://gerrit.openvpn.net/c/openvpn/+/471/comment/8b19f7d6_6a5c48d6 :
PS1, Line 8:  *  Copyright (C) 2016-2021 Fox Crypto B.V. 
> probably not intentional
Done



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/471?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ie248d35d063bb6878f3dd42840c77ba0d6fa3381
Gerrit-Change-Number: 471
Gerrit-PatchSet: 1
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 13:59:24 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: flichtenheld 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [S] Change in openvpn[master]: Cache mbed TLS dependency and build latest 2.x mbed TLS as well

[plaisthos (Code Review)]

Attention is currently required from: flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/455?usp=email )

Change subject: Cache mbed TLS dependency and build latest 2.x mbed TLS as well
..


Patch Set 4:

(1 comment)

File .github/workflows/build.yaml:

http://gerrit.openvpn.net/c/openvpn/+/455/comment/ffeba586_8fb3a0cb :
PS3, Line 396:   if: steps.cache.outputs.cache-hit != 'true'
> if at wrong level: […]
Done



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/455?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I39fb3f05b6245af9ae5dd666bfc53ed07e5cfb24
Gerrit-Change-Number: 455
Gerrit-PatchSet: 4
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: flichtenheld 
Gerrit-Comment-Date: Mon, 11 Dec 2023 13:52:14 +
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: flichtenheld 
Gerrit-MessageType: comment
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [S] Change in openvpn[master]: Cache mbed TLS dependency and build latest 2.x mbed TLS as well

[plaisthos (Code Review)]

Attention is currently required from: plaisthos.

Hello flichtenheld,

I'd like you to reexamine a change. Please visit

http://gerrit.openvpn.net/c/openvpn/+/455?usp=email

to look at the new patch set (#4).


Change subject: Cache mbed TLS dependency and build latest 2.x mbed TLS as well
..

Cache mbed TLS dependency and build latest 2.x mbed TLS as well

Change-Id: I39fb3f05b6245af9ae5dd666bfc53ed07e5cfb24
Signed-off-by: Arne Schwabe 
---
M .github/workflows/build.yaml
1 file changed, 24 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/55/455/4

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 4393f5c..6088589 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -355,8 +355,8 @@
   fail-fast: false
   matrix:
 os: [ubuntu-22.04]
-ssllib: [mbedtls3]
 build: [ normal, asan ]
+mbedtlsver: [ v3.5.1, v2.28.6 ]
 include:
   - build: asan
 cflags: "-fsanitize=address -fno-sanitize-recover=all  
-fno-optimize-sibling-calls -fsanitize-address-use-after-scope 
-fno-omit-frame-pointer -g -O1"
@@ -367,29 +367,45 @@
 ldflags: ""
 cc: gcc

-name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - 
${{matrix.ssllib}}"
+name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - mbed TLS 
${{matrix.mbedtlsver}}"
 runs-on: ${{matrix.os}}
 env:
   CFLAGS: ${{ matrix.cflags }}
   LDFLAGS: ${{ matrix.ldflags }}
   CC: ${{matrix.cc}}
   UBSAN_OPTIONS: print_stacktrace=1
+  MBEDTLS_CFLAGS: -I/opt/mbedtls/include
+  MBEDTLS_LIBS: -L/opt/mbedtls/lib -lmbedtls -lmbedx509 -lmbedcrypto

 steps:
   - name: Install dependencies
 run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev 
liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils 
python3-jinja2 python3-jsonschema libtool automake autoconf pkg-config 
libcap-ng-dev libnl-genl-3-dev
-  - name: "mbedtls: checkout"
+
+  - name: Cache mbed TLS
+id: cache
+uses: actions/cache@v3
+with:
+  path: '/opt/mbedtls'
+  key: ${{ matrix.build 
}}-mbedtls-${{matrix.mbedtlsver}}-${{matrix.cmakebuild}}
+  - name: "Mbed TLS: checkout"
+if: steps.cache.outputs.cache-hit != 'true'
 uses: actions/checkout@v3
 with:
   path: mbedtls
   repository: Mbed-TLS/mbedtls
-  ref: v3.5.0
-  - name: "mbedtls: make no_test"
-run: make -j3 no_test SHARED=1
+  ref: ${{ matrix.mbedtlsver }}
+  - name: "Mbed TLS: make"
+if: steps.cache.outputs.cache-hit != 'true'
+run: make -j3 SHARED=1
 working-directory: mbedtls
-  - name: "mbedtls: make install"
-run: sudo make install DESTDIR=/usr
+  - name: "Mbed TLS: make install"
+if: steps.cache.outputs.cache-hit != 'true'
+run: sudo make install DESTDIR=/opt/mbedtls
 working-directory: mbedtls
+  - name: add /opt/mbedtls/lib to ld.so.conf.d
+run: echo /opt/mbedtls/lib | sudo tee /etc/ld.so.conf.d/mbedtls.conf
+  - name: "ldconfig"
+run: sudo ldconfig
   - name: Checkout OpenVPN
 uses: actions/checkout@v3
   - name: autoconf

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/455?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I39fb3f05b6245af9ae5dd666bfc53ed07e5cfb24
Gerrit-Change-Number: 455
Gerrit-PatchSet: 4
Gerrit-Owner: plaisthos 
Gerrit-Reviewer: flichtenheld 
Gerrit-CC: openvpn-devel 
Gerrit-Attention: plaisthos 
Gerrit-MessageType: newpatchset
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel