Am 16.05.2022 um 20:56 schrieb Kristof Provost via Openvpn-devel:
From: Kristof Provost
multi_create_instance() can fail (i.e. return NULL).
multi_create_instance_tcp() is ready for this, but called
multi_assign_peer_id() without first checking if mi was non-NULL.
multi_assign_peer_id()
From: Kristof Provost
Signed-off-by: Kristof Provost
---
src/openvpn/init.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 0d991ba4..701749cd 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2232,6 +2232,21 @@
From: Kristof Provost
We must create the peer before we can dco_set_peer or dco_new_key.
On the other hand, we must first process options, because those may
change our peer id and we should create the peer with the correct id.
Split up do_deferred_options() in do_deferred_options() and
Hi,
Here's an updated version for the FreeBSD DCO support, as well as a few
generic bugfixes.
Best regards,
Kristof
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Kristof Provost
Implement data-channel offload for FreeBSD. The implementation and flow
is very similar to that of the Linux DCO support.
Signed-off-by: Kristof Provost
---
configure.ac | 6 +-
src/openvpn/Makefile.am| 1 +
src/openvpn/dco_freebsd.c |
From: Kristof Provost
multi_create_instance() can fail (i.e. return NULL).
multi_create_instance_tcp() is ready for this, but called
multi_assign_peer_id() without first checking if mi was non-NULL.
multi_assign_peer_id() assumed that mi is non-NULL, dereferencing it and
causing a crash.
Move
Hi,
Thanks for the new version. Looks good (only compile tested).
Acked-by: Selva Nair
Selva
On Mon, May 16, 2022 at 6:49 AM Arne Schwabe wrote:
>
> OpenSSL's implementation of ED448 and ED25519 has a few idiosyncrasies.
> Instead of belonging to the elliptic curve type or to a common
OpenSSL's implementation of ED448 and ED25519 has a few idiosyncrasies.
Instead of belonging to the elliptic curve type or to a common Edwards
curve type, ED448 and ED25519 have each their own type.
Also, OpenSSL expects signatures using these curves to be done with the
EVP_DigestSign API instead
/* if management client cannot do digest -- we do it here */
-if (!strcmp(alg.op, "DigestSign") && !(flags & MF_EXTERNAL_KEY_DIGEST))
+if (!strcmp(alg.op, "DigestSign") && !(flags & MF_EXTERNAL_KEY_DIGEST)
+&& strcmp(alg.mdname, "none") != 0)
nit: Why not