Re: [Openvpn-devel] [PATCH 1/4] mtcp: Handle multi_create_instance() returning NULL

Am 16.05.2022 um 20:56 schrieb Kristof Provost via Openvpn-devel: From: Kristof Provost multi_create_instance() can fail (i.e. return NULL). multi_create_instance_tcp() is ready for this, but called multi_assign_peer_id() without first checking if mi was non-NULL. multi_assign_peer_id()

[Openvpn-devel] [PATCH 4/4] Set (DCO) timeouts as well for p2p mode

From: Kristof Provost Signed-off-by: Kristof Provost --- src/openvpn/init.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 0d991ba4..701749cd 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -2232,6 +2232,21 @@

[Openvpn-devel] [PATCH 2/4] rework do_up() for correct order of DCO operations

From: Kristof Provost We must create the peer before we can dco_set_peer or dco_new_key. On the other hand, we must first process options, because those may change our peer id and we should create the peer with the correct id. Split up do_deferred_options() in do_deferred_options() and

[Openvpn-devel] [PATCH DCO]: FreeBSD DCO support

Hi, Here's an updated version for the FreeBSD DCO support, as well as a few generic bugfixes. Best regards, Kristof ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 3/4] ovpn-dco: introduce FreeBSD data-channel offload support

From: Kristof Provost Implement data-channel offload for FreeBSD. The implementation and flow is very similar to that of the Linux DCO support. Signed-off-by: Kristof Provost --- configure.ac | 6 +- src/openvpn/Makefile.am| 1 + src/openvpn/dco_freebsd.c |

[Openvpn-devel] [PATCH 1/4] mtcp: Handle multi_create_instance() returning NULL

From: Kristof Provost multi_create_instance() can fail (i.e. return NULL). multi_create_instance_tcp() is ready for this, but called multi_assign_peer_id() without first checking if mi was non-NULL. multi_assign_peer_id() assumed that mi is non-NULL, dereferencing it and causing a crash. Move

Re: [Openvpn-devel] [PATCH v3] Implement ED448 and ED25519 support in xkey_provider

Hi, Thanks for the new version. Looks good (only compile tested). Acked-by: Selva Nair Selva On Mon, May 16, 2022 at 6:49 AM Arne Schwabe wrote: > > OpenSSL's implementation of ED448 and ED25519 has a few idiosyncrasies. > Instead of belonging to the elliptic curve type or to a common

[Openvpn-devel] [PATCH v3] Implement ED448 and ED25519 support in xkey_provider

OpenSSL's implementation of ED448 and ED25519 has a few idiosyncrasies. Instead of belonging to the elliptic curve type or to a common Edwards curve type, ED448 and ED25519 have each their own type. Also, OpenSSL expects signatures using these curves to be done with the EVP_DigestSign API instead

Re: [Openvpn-devel] [PATCH v2] Implement ED448 and ED25519 support in xkey_provider

/* if management client cannot do digest -- we do it here */ -if (!strcmp(alg.op, "DigestSign") && !(flags & MF_EXTERNAL_KEY_DIGEST)) +if (!strcmp(alg.op, "DigestSign") && !(flags & MF_EXTERNAL_KEY_DIGEST) +&& strcmp(alg.mdname, "none") != 0) nit: Why not