Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-28 Thread Gert Doering
Hi, On Sat, Apr 28, 2012 at 12:20:45AM +0200, David Sommerseth wrote: > This is a summary of all the 6 applied patches. All patches were applied to > the master branch and pushed out to -stable and -testing trees. JFTR, the FreeBSD 9.0 buildslave now has PolarSSL 1.1.2 installed, and building

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-27 Thread David Sommerseth
This is a summary of all the 6 applied patches. All patches were applied to the master branch and pushed out to -stable and -testing trees. commit 4b87c868333e6aca5cb78bc345059e61c72b9423 Author: Adriaan de Jong List-Post: openvpn-devel@lists.sourceforge.net Date: Mon Apr

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-10 Thread Seth Mos
Op 6-4-2012 19:55, Gert Doering schreef: Hi, On Mon, Apr 02, 2012 at 07:31:56PM +0200, Adriaan de Jong wrote: I don't see the need to further delay 2.3 for this, as it is not a bug fix. Others might disagree here, and the topic is open for debate :). In general, it might be a good idea to

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-06 Thread Gert Doering
Hi, On Mon, Apr 02, 2012 at 11:22:47PM +0200, David Sommerseth wrote: > It would be good to have a beta release out before the summer and an > RC release during the autumn. Aiming for a 2.3 release towards the > end of the year. Uh. Just to point out that I thought that was the plan, but

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-06 Thread Gert Doering
Hi, On Mon, Apr 02, 2012 at 09:50:55PM +0300, Alon Bar-Lev wrote: > Well, I don't care about version numbers... they are just snapshots in time. "Release Version" is what end-users will see and use, and if we care at all for the nice things we've added to OpenVPN, it's important to get them

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-06 Thread Gert Doering
Hi, On Mon, Apr 02, 2012 at 07:31:56PM +0200, Adriaan de Jong wrote: > I don't see the need to further delay 2.3 for this, as it is not > a bug fix. Others might disagree here, and the topic is open for > debate :). In general, it might be a good idea to freeze development > of 2.3 at some point

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-05 Thread Samuli Seppänen
mail.com] Sent: maandag 2 april 2012 > >>> 12:42 To: David Sommerseth Cc: > >>> openvpn-devel@lists.sourceforge.net Subject: Re: > >>> [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 > >>> RNG > >>> > >>> On Mo

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-03 Thread Adriaan de Jong
> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > On 02/04/12 20:50, Alon Bar-Lev wrote: > > On Mon, Apr 2, 2012 at 8:31 PM, Adriaan de Jong > > wrote: > >>> -Original Message- From: Alon Bar-Lev > >>>

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread David Sommerseth
april 2012 >>> 12:42 To: David Sommerseth Cc: >>> openvpn-devel@lists.sourceforge.net Subject: Re: >>> [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 >>> RNG >>> >>> On Mon, Apr 2, 2012 at 1:39 PM, David Sommerseth >>&

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread Alon Bar-Lev
e.net >> Subject: Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL >> 1.1 RNG >> >> On Mon, Apr 2, 2012 at 1:39 PM, David Sommerseth >> <openvpn.l...@topphemmelig.net> wrote: >> > -BEGIN PGP SIGNED MESSAGE- >> > Hash

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread Adriaan de Jong
> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: maandag 2 april 2012 12:42 > To: David Sommerseth > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL > 1.1 RNG > >

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/12 12:25, Alon Bar-Lev wrote: > No no no I did not imply that this will be dynamic interface. > Nor that there is a use case. > > The current state of the code (even before the merge of polarssl) > was very complex. Now it is even more

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/12 11:55, Fabian Knittel wrote: The only advantage I see at runtime switching, is that it's easier for distributors to support both SSL/crypto library platforms. Except of that, I don't see much benefits of it. And f.ex. in the use case

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/12 11:55, Fabian Knittel wrote: > Hi Alon, > > 2012/4/2 Alon Bar-Lev : >> I also intend to work and cleanup the whole PolarSSL/OpenSSL >> mess... >> >> Design will be to introduce crypto engine callback structure,

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/12 11:55, Fabian Knittel wrote: The only advantage I see at runtime switching, is that it's easier for distributors to support both SSL/crypto library platforms. Except of that, I don't see much benefits of it. And f.ex. in the use case

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/12 11:55, Fabian Knittel wrote: The only advantage I see at runtime switching, is that it's easier for distributors to support both SSL/crypto library platforms. Except of that, I don't see much benefits of it. And f.ex. in the use case

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/04/12 11:55, Fabian Knittel wrote: The only advantage I see at runtime switching, is that it's easier for distributors to support both SSL/crypto library platforms. Except of that, I don't see much benefits of it. And f.ex. in the use case

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread Fabian Knittel
Hi Alon, 2012/4/2 Alon Bar-Lev : > I also intend to work and cleanup the whole PolarSSL/OpenSSL mess... > > Design will be to introduce crypto engine callback structure, > registering openssl and polarssl, in a way that code is using the > callback structure while using

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread Alon Bar-Lev
Hello Adriaan, I don't think that PolarSSL is so popular that we need to support complex backward compatibility. Supporting PolarSSL-1.1 should be sufficient, we can make the configure script verify this minimum. I also intend to work and cleanup the whole PolarSSL/OpenSSL mess... Design will

[Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

2012-04-02 Thread Adriaan de Jong
This patch, while retaining PolarSSL 1.0 support, introduces the PolarSSL 1.1 DRBG. This RNG adds a number of features, including support for personalisation strings and multiple entropy sources. Personalisation strings have been implemented, based on PID, program name, place within memory,