[Openvpn-devel] [PATCH 1/1] openvpn3: tunprop.hpp: handle dhcp-option DOMAIN-SEARCH

2021-02-05 Thread Viktor Oreshkin 
Adds support for dhcp-option DOMAIN-SEARCH, which was added to OpenVPN 2
in release 2.5

fixes https://github.com/OpenVPN/openvpn3/issues/145

URL: https://github.com/OpenVPN/openvpn3/pull/146
Signed-off-by: Viktor Oreshkin 
---
 openvpn/tun/client/tunprop.hpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openvpn/tun/client/tunprop.hpp b/openvpn/tun/client/tunprop.hpp
index d9f20f85445b..3e7ab8eab54b 100644
--- a/openvpn/tun/client/tunprop.hpp
+++ b/openvpn/tun/client/tunprop.hpp
@@ -523,7 +523,7 @@ namespace openvpn {
throw tun_prop_dhcp_option_error("tun_builder_add_dns_server
failed");
  flags |= F_ADD_DNS;
}
- else if (type == "DOMAIN")
+ else if (type == "DOMAIN" || type == "DOMAIN-SEARCH")
{
  o.min_args(3);
  for (size_t j = 2; j < o.size(); ++j)
-- 
2.29.2
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH v3 1/3] Check return values in md_ctx_init and hmac_ctx_init

2021-02-05 Thread Antonio Quartulli 
Hi,

On 01/02/2021 18:43, Arne Schwabe wrote:
> Without this OpenVPN will later segfault on a FIPS enabled system due
> to the algorithm available but not allowed.
> 
> Patch V2: Use (!func) instead (func != 1)
> 
> Signed-off-by: Arne Schwabe 
> ---
>  src/openvpn/crypto_openssl.c | 15 ---
>  1 file changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index c60d4a54..e124a7b6 100644
> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -954,7 +954,10 @@ md_ctx_init(EVP_MD_CTX *ctx, const EVP_MD *kt)
>  ASSERT(NULL != ctx && NULL != kt);
>  
>  EVP_MD_CTX_init(ctx);
> -EVP_DigestInit(ctx, kt);
> +if (!EVP_DigestInit(ctx, kt))
> +{
> +crypto_msg(M_FATAL, "EVP_DigestInit failed");
> +}
>  }
>  
>  void
> @@ -1011,7 +1014,10 @@ hmac_ctx_init(HMAC_CTX *ctx, const uint8_t *key, int 
> key_len,
>  ASSERT(NULL != kt && NULL != ctx);
>  
>  HMAC_CTX_reset(ctx);
> -HMAC_Init_ex(ctx, key, key_len, kt, NULL);
> +if  (!HMAC_Init_ex(ctx, key, key_len, kt, NULL))

too many spaces after "if"

> +{
> +crypto_msg(M_FATAL, "HMAC_Init_ex failed");
> +}
>  
>  /* make sure we used a big enough key */
>  ASSERT(HMAC_size(ctx) <= key_len);
> @@ -1032,7 +1038,10 @@ hmac_ctx_size(const HMAC_CTX *ctx)
>  void
>  hmac_ctx_reset(HMAC_CTX *ctx)
>  {
> -HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
> +if(!HMAC_Init_ex(ctx, NULL, 0, NULL, NULL))

missing space after "if" (it probably went in the above block :D)

> +{
> +crypto_msg(M_FATAL, "HMAC_Init_ex failed");
> +}
>  }
>  
>  void
> 

Rest looks good!

Acked-by: Antonio Quartulli 

Maybe the spaces can be fixed on the fly while merging.

Regards,


-- 
Antonio Quartulli


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel