Re: [Openvpn-devel] [ovpn-dco] question about the comment about AEAD nonce

Hi Tony, The graphic is wrong. Some of the text that you can find in the code comes from old internal documentation and it hasn't always been updated. To clarify, AES-GCM (and ChaCha20Poly1305) accepts a 12 bytes nonce that OpenVPN creates by concatenating the 4 bytes packet ID (sent over the wir

[Openvpn-devel] [ovpn-dco] question about the comment about AEAD nonce

Hi Antonio, I'm reading the source code to study this module driven by intertest. I'm new to crypto stuffs. In pktid.h: /* When the OpenVPN protocol is run in AEAD mode, use * the OpenVPN packet ID as the AEAD nonce: * *0005 521c3b01 4308c041 83ba3099 *[seq # ] [nonce_tail

Re: [Openvpn-devel] [ovpn-dco] Kernel NULL point derefence

Hi Antonio, Yeah, this patch fixes this issue. Tony Antonio Quartulli 于2020年11月24日周二 下午3:44写道： > Hi Tony, > > Thanks a lot for all your tests. > The faulty commit is: > > commit ba109be633fd802b856d6a125f47e2d0ff7ad749 > Author: Antonio Quartulli > Date: Sun Nov 22 16:13:17 2020 +0100 > >

[Openvpn-devel] [PATCH applied] Re: Also announce IV_CIPHERS as client in OpenVPN 2.4

Acked-by: Gert Doering This is useful functionality for better 2.4 client <=> 2.5/master server NCP interoperability. It is only bringing in the client side, which is fairly nonintrusive. Tested with my t_client setup (client-side only) and with a few manual calls to excercise the translation

[Openvpn-devel] [PATCH applied] Re: Normalise ncp-ciphers option and restrict it to 127 bytes

Acked-by: Gert Doering It's a prerequisite for the (desirable) IV_CIPHERS patch for 2.4. It passes the client side tests (though the code is not exercised very strongly). The code looks different from the "master" patch due to changes to cipher_kt_get() and because it's called "--data-ciphers"

[Openvpn-devel] [PATCH applied] Re: build: Fix missing install of man page in certain environments

Acked-by: Gert Doering I have not tested it further, but the explanation + test report make this "good enough" Your patch has been applied to the master and release/2.5 branch. commit fc25ca3a7cf720fbb53889fdba6ac0154c7c9c1a (master) commit bbac1542cfb4a9d3033999b26813f0dd0618c3f0 (release/2.5)

[Openvpn-devel] [PATCH applied] Re: Change travis build scripts to use https when fetching prerequisites.

Patch has been applied to the master, release/2.5, release/2.4 branch. commit 0d4069e41d3ba7178be30f78f1174f689dbdfa59 (master) commit d3dd620b13a21c3ed73fd466390f471915937309 (release/2.5) commit f16b4edabab1d24adfe3e8824d26f401f6afde6d (release/2.4) Author: Gert Doering Date: Tue Nov 24 17:13:

Re: [Openvpn-devel] [PATCH] Change travis build scripts to use https when fetching prerequisites.

Am 24.11.20 um 17:13 schrieb Gert Doering: > Reported by "jub0bs" on hackerone.com (#1039504) > > Signed-off-by: Gert Doering > --- Acked-By: Arne Schwabe ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.n

[Openvpn-devel] [PATCH] Change travis build scripts to use https when fetching prerequisites.

Reported by "jub0bs" on hackerone.com (#1039504) Signed-off-by: Gert Doering --- .travis/build-deps.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis/build-deps.sh b/.travis/build-deps.sh index 08b93e7a..61673441 100755 --- a/.travis/build-deps.sh +++ b/.travis/b

Re: [Openvpn-devel] [ovpn-dco] Kernel NULL point derefence

Hi Tony, Thanks a lot for all your tests. The faulty commit is: commit ba109be633fd802b856d6a125f47e2d0ff7ad749 Author: Antonio Quartulli Date: Sun Nov 22 16:13:17 2020 +0100 ovpn-dco: avoid potential out of bound access in aead_decrypt() I have just pushed a fix to master to address th