Hi Tony,
The graphic is wrong. Some of the text that you can find in the code
comes from old internal documentation and it hasn't always been updated.
To clarify, AES-GCM (and ChaCha20Poly1305) accepts a 12 bytes nonce that
OpenVPN creates by concatenating the 4 bytes packet ID (sent over the
wir
Hi Antonio,
I'm reading the source code to study this module driven by intertest. I'm
new to crypto stuffs. In pktid.h:
/* When the OpenVPN protocol is run in AEAD mode, use
* the OpenVPN packet ID as the AEAD nonce:
*
*0005 521c3b01 4308c041 83ba3099
*[seq # ] [nonce_tail
Hi Antonio,
Yeah, this patch fixes this issue.
Tony
Antonio Quartulli 于2020年11月24日周二 下午3:44写道:
> Hi Tony,
>
> Thanks a lot for all your tests.
> The faulty commit is:
>
> commit ba109be633fd802b856d6a125f47e2d0ff7ad749
> Author: Antonio Quartulli
> Date: Sun Nov 22 16:13:17 2020 +0100
>
>
Acked-by: Gert Doering
This is useful functionality for better 2.4 client <=> 2.5/master
server NCP interoperability. It is only bringing in the client
side, which is fairly nonintrusive.
Tested with my t_client setup (client-side only) and with a few
manual calls to excercise the translation
Acked-by: Gert Doering
It's a prerequisite for the (desirable) IV_CIPHERS patch
for 2.4. It passes the client side tests (though the code
is not exercised very strongly). The code looks different
from the "master" patch due to changes to cipher_kt_get()
and because it's called "--data-ciphers"
Acked-by: Gert Doering
I have not tested it further, but the explanation + test report make
this "good enough"
Your patch has been applied to the master and release/2.5 branch.
commit fc25ca3a7cf720fbb53889fdba6ac0154c7c9c1a (master)
commit bbac1542cfb4a9d3033999b26813f0dd0618c3f0 (release/2.5)
Patch has been applied to the master, release/2.5, release/2.4 branch.
commit 0d4069e41d3ba7178be30f78f1174f689dbdfa59 (master)
commit d3dd620b13a21c3ed73fd466390f471915937309 (release/2.5)
commit f16b4edabab1d24adfe3e8824d26f401f6afde6d (release/2.4)
Author: Gert Doering
Date: Tue Nov 24 17:13:
Am 24.11.20 um 17:13 schrieb Gert Doering:
> Reported by "jub0bs" on hackerone.com (#1039504)
>
> Signed-off-by: Gert Doering
> ---
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.n
Reported by "jub0bs" on hackerone.com (#1039504)
Signed-off-by: Gert Doering
---
.travis/build-deps.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh
index 08b93e7a..61673441 100755
--- a/.travis/build-deps.sh
+++ b/.travis/b
Hi Tony,
Thanks a lot for all your tests.
The faulty commit is:
commit ba109be633fd802b856d6a125f47e2d0ff7ad749
Author: Antonio Quartulli
Date: Sun Nov 22 16:13:17 2020 +0100
ovpn-dco: avoid potential out of bound access in aead_decrypt()
I have just pushed a fix to master to address th
10 matches
Mail list logo