Re: [Openvpn-devel] [PATCH v5 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

Forgot copy this to the list -- sending again On Mon, Sep 23, 2019 at 6:19 AM Arne Schwabe wrote: > > Am 20.09.19 um 22:55 schrieb Selva Nair: > > Hi, > > > > Reviving this thread/patch as now users are running into this padding > > issue (trac 1216

[Openvpn-devel] [PATCH applied] Re: Handle PSS padding in cryptoapicert

Acked-by: Gert Doering Sorry for slacking. I have stared at the patch a bit, compared to the master patch, and built with mingw & openssl 1.0.2n & openssl 1.1.0j on ubuntu 16 (which went fine), didn't test 1.1.1 as my build system was a bit less than cooperative today :-/ This is not a

[Openvpn-devel] [PATCH applied] Re: tapctl: add optional 'hardware id' parameter

Taking Simon's "LGTM" as an ACK (plus some own light staring at the code changes which seem to make sense). Test built ("it compiles, ship it!") on ubuntu 1604/mingw. Your patch has been applied to the master branch. Acked-by: Simon Rozman commit e9ce348c93b99e76959b89739fbd74c43ee50152

Re: [Openvpn-devel] [PATCH] Only announce IV_NCP=2 when we are willing to support these ciphers

Hi, On Mon, Sep 23, 2019 at 03:32:24PM +0200, Arne Schwabe wrote: > +if (!(tls_item_in_cipher_list("AES-128-GCM", options->ncp_ciphers) > + && tls_item_in_cipher_list("AES-256-GCM", > options->ncp_ciphers))) What about AES-192-GCM? What *exactly* does IV_NCP=2 guarantee?

Re: [Openvpn-devel] [PATCH] Only announce IV_NCP=2 when we are willing to support these ciphers

Hi, On 23/09/2019 15:32, Arne Schwabe wrote: > We currently always announce IV_NCP=2 when we support these ciphers even > when we do not accept them. This lead to a server pushing a AES-GCM-128 > cipher to clients and the client then rejecting it. > --- > src/openvpn/init.c | 1 + >

[Openvpn-devel] [PATCH] Only announce IV_NCP=2 when we are willing to support these ciphers

We currently always announce IV_NCP=2 when we support these ciphers even when we do not accept them. This lead to a server pushing a AES-GCM-128 cipher to clients and the client then rejecting it. --- src/openvpn/init.c | 1 + src/openvpn/openvpn.h| 1 + src/openvpn/options.c| 7

Re: [Openvpn-devel] [PATCH v2 for 2.4] Handle PSS padding in cryptoapicert

Hi, On Sun, Jul 28, 2019 at 4:34 PM wrote: > > From: Selva Nair > > For PSS padding, CNG requires the digest to be signed > and the digest algorithm in use, which are not accessible > via the rsa_sign and rsa_priv_enc callbacks of OpenSSL. > This patch uses the EVP_KEY interface to hook to >

Re: [Openvpn-devel] [PATCH v5 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

Am 20.09.19 um 22:55 schrieb Selva Nair: > Hi, > > Reviving this thread/patch as now users are running into this padding > issue (trac 1216 ). > > IIRC, we more-or-less agreed upon adding an argument (nopadding, pss etc..) > to >PK_SIGN for new

Re: [Openvpn-devel] [PATCH] tapctl: add optional "hardware id" parameter

Hi, LGTM Best regards, Simon > -Original Message- > From: Lev Stipakov > Sent: Monday, September 23, 2019 11:08 AM > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH] tapctl: add optional "hardware id" > parameter > > From: Lev Stipakov > > If parameter is

Re: [Openvpn-devel] [PATCH 1/7] Visual Studio: upgrade project files to VS2019

Since distributing own wintun binaries goes against recommended way (which is MSM modules), here are steps to try out openvpn with wintun (which is even simpler than previous way): - Install wireguard windows client from https://www.wireguard.com/install/ - Download patched openvpn binaries

[Openvpn-devel] [PATCH] tapctl: add optional "hardware id" parameter

From: Lev Stipakov If parameter is not specified, default value "root\tap0901" is used. This enables tapctl to work with different tun drivers, like "tapoas" (from OpenVPN Connect) or "wintun". Signed-off-by: Lev Stipakov --- src/openvpnmsica/msica_op.c | 10 +-