Re: [Openvpn-devel] Windows installer with updated pkcs11-helper (1.22) available for testing

Hi David, other, It seems that my "I'm using my phone, sorry for top posting" went far beyond that because I also forgot to add the list as a recipient. So, here is my message (minus the top-posting) sent to David only (sorry David) On Tue, Jul 25, 2017 at 9:21 PM, David Woodhouse

[Openvpn-devel] [PATCH] Move create_temp_file() out of #ifdef ENABLE_CRYPTO

From: Steffan Karger By using get_random() instead of prng_bytes(), we no longer have to place create_temp_file() inside #ifdef ENABLE_CRYPTO. The resulting filename now has 62 bits of entropy (2 * [0-INT_MAX]) instead of the previous 128 bits, but that should be

Re: [Openvpn-devel] Windows installer with updated pkcs11-helper (1.22) available for testing

On Tue, 2017-07-25 at 19:53 +0300, Samuli Seppänen wrote: > > I released the new Windows installer but without this patch. That said, > the patch/PR you linked to makes sense. Does the patch have an active > maintainer? That would be me, I suppose. Until/unless the upstream maintainer applies

Re: [Openvpn-devel] Windows installer with updated pkcs11-helper (1.22) available for testing

Hi, On Tue, Jul 25, 2017 at 10:18:53PM +0500, ?? wrote: > that said, I think such build events should go to openvpn's Makefile. NAK. OpenVPN's Makefile does not care where pkcs11-helper is coming from - it expects something proper to be installed in the build environment.

Re: [Openvpn-devel] Windows installer with updated pkcs11-helper (1.22) available for testing

2017-07-25 21:53 GMT+05:00 Samuli Seppänen : > On 17/07/2017 15:07, David Woodhouse wrote: > > On Fri, 2017-07-14 at 17:07 +0300, Samuli Seppänen wrote: > >> Hi all, > >> > >> Those of you who use pkcs11 on Windows: could you please test this new > >> Windows installer: > >> >

Re: [Openvpn-devel] Windows installer with updated pkcs11-helper (1.22) available for testing

On 17/07/2017 15:07, David Woodhouse wrote: > On Fri, 2017-07-14 at 17:07 +0300, Samuli Seppänen wrote: >> Hi all, >> >> Those of you who use pkcs11 on Windows: could you please test this new >> Windows installer: >> >> >> >> The previous installer(s) had pkcs11-helper 1.11. This one has 1.22, so

[Openvpn-devel] New 2.4.3 Windows installer with a security fix and improvements now available

Hi all, An updated 2.4 Windows installer is now available here: This installer includes updated OpenVPN GUI (11.8.0.0) and easy-rsa (2.3.0). The installer also fixes a security vulnerability in the service

Re: [Openvpn-devel] [PATCH applied] cleanup: Move write_pid() to where it is being used

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Your patch has been applied to the following branches commit c5b12817c9aa3ae97fbdd2c2a9a9ab605087dff1 (master) commit cb438b513223744949e0958d9f14870880cfc407 (release/2.4) Author: David Sommerseth Date: Tue Jul 25 16:57:18 2017 +0200

Re: [Openvpn-devel] [PATCH applied] tls-crypt: avoid warnings when --disable-crypto is used

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ACK as well. Tested with --disable-crypto and no tls-crypt.c compiler complaints any more. Your patch has been applied to the following branches commit 2dfbf62b6ace1eb39f1ae7126bc5530a541bed58 (master) commit

Re: [Openvpn-devel] [PATCH] cleanup: Move write_pid() to where it is being used

Hi, On 25-07-17 16:57, David Sommerseth wrote: > The write_pid() function is only used in openvpn.c, so no > need to have that in the misc.[ch] mixed bag. > > Signed-off-by: David Sommerseth > --- > src/openvpn/misc.c| 21 - > src/openvpn/misc.h|

[Openvpn-devel] [PATCH] cleanup: Move init_random_seed() to where it is being used

The init_random_seed() function is only used by the init_static() in init.c. As this function was pretty basic and it is only being called once, it was merged into init_static() instead of keeping it as a separate function. (I agree that calling functions often makes the code more readable, but

[Openvpn-devel] [PATCH] cleanup: Move write_pid() to where it is being used

The write_pid() function is only used in openvpn.c, so no need to have that in the misc.[ch] mixed bag. Signed-off-by: David Sommerseth --- src/openvpn/misc.c| 21 - src/openvpn/misc.h| 2 -- src/openvpn/openvpn.c | 21 + 3

Re: [Openvpn-devel] [PATCH] tls-crypt: introduce tls_crypt_kt()

On 25-07-17 16:33, Steffan Karger wrote: > Because cipher_ctx_block_size() is a static function we now need to > include tls_crypt.c from the tests, rather than tls_crypt.h. Hm, something went wrong with the paste buffers. s/cipher_ctx_block_size/tls_crypt_kt/ -Steffan

[Openvpn-devel] [PATCH] tls-crypt: introduce tls_crypt_kt()

Reduces code duplication: less lines, same functionality. Because cipher_ctx_block_size() is a static function we now need to include tls_crypt.c from the tests, rather than tls_crypt.h. Signed-off-by: Steffan Karger --- src/openvpn/tls_crypt.c | 30

[Openvpn-devel] RFCv4: Yubikey authentication for OpenVPN

Hi all, I have attached this script for comment to be considered for inclusion in the contrib section of openvpn to use the Yubico Yubicloud authentication for the Yubikey OTP. Setup instructions are included in the top of the script file. There is a current patch pending merging to fix

Re: [Openvpn-devel] [PATCH] contrib: Remove keychain-mcd code

On Tue, Jul 25, 2017 at 9:03 AM, David Sommerseth wrote: > After the security audits performed by Cryptography Engineering the > spring of 2017 [1], there were several concerns about the contrib code > for the macOS keychain support. After more careful review of this > code

[Openvpn-devel] [PATCH] contrib: Remove keychain-mcd code

After the security audits performed by Cryptography Engineering the spring of 2017 [1], there were several concerns about the contrib code for the macOS keychain support. After more careful review of this code base, it was considered to be in such a bad shape that it will need a massive overhaul.