Re: [Openvpn-devel] [PATCH v3 2/2] OpenSSL: remove EVP_PKEY_id()

Hi On Wed, Jan 17, 2018 at 8:14 AM, Emmanuel Deloget wrote: > Of course, this one is not strictly needed. If you want to keep the function > around, feel free to ignore the patch. > > Given the relative simplicity of the change, one can also consider that if > the function is

Re: [Openvpn-devel] [PATCH 2/2] TLS v1.2 support for cryptoapicert -- RSA only

Hi, Thanks for the comments On Wed, Jan 17, 2018 at 9:20 AM, Steffan Karger wrote: > Hi, > > Some preliminary comments: > > On 08-01-18 03:21, selva.n...@gmail.com wrote: >> From: Selva Nair >> >> - If an NCRYPT handle for the private key can be

Re: [Openvpn-devel] [PATCH 2/2] TLS v1.2 support for cryptoapicert -- RSA only

Hi, Some preliminary comments: On 08-01-18 03:21, selva.n...@gmail.com wrote: > From: Selva Nair > > - If an NCRYPT handle for the private key can be obtained, use > NCryptSignHash from the Cryptography NG API to sign the hash. > > This should work for all keys in

[Openvpn-devel] [PATCH v2] Treat dhcp-option DNS6 and DNS identical

OpenVPN3 accepts both IPv4 and IPv6 with option-dhcp DNS but throws an error for option-dhcp DNS6. This patch makes OpenVPN2 accept IPv4/IPv6 for both DNS and DNS6 Patch V2: Put IPv6 parsing logic into own function similar as for for IPv4 DNS --- doc/openvpn.8 | 8 ++--

[Openvpn-devel] [PATCH] Plug memory leak if push is interrupted

If a push is interrupted due to a timeout, c->c2.pulled_options_state is never freed. Fix that by always cleaning up any remaining pulled options state when we close a connection. This changes the mbedtls implementation of md_ctx_cleanup to actually clean up the context, which was not needed

Re: [Openvpn-devel] [PATCH v3 2/2] OpenSSL: remove EVP_PKEY_id()

​Of course, this one is not strictly needed. If you want to keep the function around, feel free to ignore the patch. Given the relative simplicity of the change, one can also consider that if the function is needed again we could simply revert this patch. Best regards, -- Emmanuel Deloget​ ​

[Openvpn-devel] [PATCH v3 2/2] OpenSSL: remove EVP_PKEY_id()

The function is no longer used so we don't need to keep it in the OpenSSL 1.1 compatibility layer. Signed-off-by: Emmanuel Deloget --- configure.ac | 1 - src/openvpn/openssl_compat.h | 14 -- 2 files changed, 15 deletions(-) diff --git

Re: [Openvpn-devel] [PATCH v2 2/3] OpenSSL: remove some EVP_PKEY type checks

Hello, On Wed, Jan 17, 2018 at 1:16 PM, Steffan Karger wrote: > Hi, > > On 15 January 2018 at 23:33, Emmanuel Deloget wrote: > > For the variables outside the ifs, the next C standard should allow us to > > write something like: > > > > if ((RSA *rsa =

Re: [Openvpn-devel] [PATCH v2 2/3] OpenSSL: remove some EVP_PKEY type checks

Hi, On 15 January 2018 at 23:33, Emmanuel Deloget wrote: > For the variables outside the ifs, the next C standard should allow us to > write something like: > > if ((RSA *rsa = EVP_PKEY_get0_RSA(pkey)) != NULL) { Yeah, such a shame that this didn't make it into C11. Scoping a

[Openvpn-devel] [PATCH] Treat dhcp-option DNS6 and DNS identical

OpenVPN3 accepts both IPv4 and IPv6 with option-dhcp DNS but throws an error for option-dhcp DNS6. This patch makes OpenVPN2 accept IPv4/IPv6 for both DNS and DNS6 --- doc/openvpn.8 | 8 ++-- src/openvpn/options.c | 33 ++--- 2 files changed, 20

[Openvpn-devel] [PATCH applied] Re: Replace buffer backed strings for management_android_control with simple stack variables

Acked-By: Gert Doering Patch looks reasonable, and is inside TARGET_ANDROID anyway, so if you break it, it's your bug reports... Your patch has been applied to the master branch. commit 8fcc63b2e7d24d2fbf6d7ab10767c2347c723d31 Author: Arne Schwabe Date: Wed Jan 17

Re: [Openvpn-devel] [PATCH] Replace buffer backed strings for management_android_control with simple stack variables

Hi, On Tue, Jan 16, 2018 at 10:24:08PM +0100, Arne Schwabe wrote: > if (rgi) > { > -buf_printf(, "%s %s %s dev %s", network, netmask, gateway, > rgi->iface); > +snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, > gateway, rgi->iface); Everything else

[Openvpn-devel] [PATCH v2] Replace buffer backed strings for management_android_control with simple stack variables

This simplifies the code a bit and also silences compiler warnings about uint8_t pointers passed to char pointers without cast Patch V2: Use openvpn_snprintf instead snprintf --- src/openvpn/route.c | 14 +++--- src/openvpn/tun.c | 12 ++-- 2 files changed, 13 insertions(+),

Re: [Openvpn-devel] [PATCH 2/3] Allow external EC key through --management-external-key

Hi, On 17-01-18 05:24, Selva Nair wrote: > Also I'm toying with the idea of renaming ecdsa-sig/ECDSA-SIGN by > pkey-sig/PKEY-SIGN so that eventually we may be able to use it for > all types of keys and retire rsa-sig. Any thoughts on that? This was my first though when looking at these patches.

Re: [Openvpn-devel] [PATCH 3/3] Document management request >ECDSA_SIGN and response ecdsa-sig

Hi, Quickly replying without proper reading, to not postpone my response. On 17-01-18 05:41, Selva Nair wrote: > FWIW, some remarks on the hash and the signature below. > > On Tue, Jan 16, 2018 at 5:23 PM, Arne Schwabe wrote: >> Am 14.01.18 um 20:44 schrieb

Re: [Openvpn-devel] [PATCH] Replace buffer backed strings for management_android_control with simple stack variables

Hi, The commit message summary and description lines are slightly long. Try to not exceed 72 chars line length. On 16-01-18 22:24, Arne Schwabe wrote: > This simplifies the code a bit and also silences compiler warnings about > uint8_t pointers passed to char pointers without cast > --- >