[Openvpn-devel] [PATCH] Adding support for wolfSSL backend

2019-08-16 Thread Juliusz Sosinowicz
This patch adds the option to use wolfSSL as the ssl backend. To build this patch: 1. wolfSSL needs to be built with the `--enable-all` configure option. 2. OpenVPN must be built with the `--with-crypto-library=wolfssl` configure option. Documentation regarding the wolfSSL SSL library may

Re: [Openvpn-devel] [PATCH] Adding support for wolfSSL backend

2019-08-23 Thread Juliusz Sosinowicz
16.08.19 um 16:14 schrieb Juliusz Sosinowicz: This patch adds the option to use wolfSSL as the ssl backend. To build this patch: That is great and it is also a very big patch. I skimmed only through the patch. +#ifdef ENABLE_CRYPTO_WOLFSSL +o->ciphername = "AES-256-CBC"; +

Re: [Openvpn-devel] [PATCH] Support for wolfSSL with OpenVPN v2.4.8

2019-11-25 Thread Juliusz Sosinowicz
things up as to why some changes were necessary. Sincerely Juliusz On 14/11/2019 12:25, David Sommerseth wrote: On 14/11/2019 11:22, Juliusz Sosinowicz wrote: From: David Garske wolfSSL: Support added in: https://github.com/wolfSSL/wolfssl/pull/2503 ```sh git clone https://github.com/wo

[Openvpn-devel] [PATCH] Support for wolfSSL with OpenVPN v2.4.8

2019-11-14 Thread Juliusz Sosinowicz
From: David Garske wolfSSL: Support added in: https://github.com/wolfSSL/wolfssl/pull/2503 ```sh git clone https://github.com/wolfSSL/wolfssl.git cd wolfssl ./autogen.sh ./configure --enable-opensslall --enable-des3 --enable-crl --enable-certgen --enable-certext --enable-aesctr

Re: [Openvpn-devel] [PATCH] Support for wolfSSL with OpenVPN master branch

2020-02-09 Thread Juliusz Sosinowicz
against the wolfSSL binary, not OpenSSL. This is the reason for the configure script changes.Sincerely Juliusz  Original message From: Antonio Quartulli Date: 09/02/2020 10:52 (GMT+01:00) To: Gert Doering Cc: Juliusz Sosinowicz , openvpn-devel@lists.sourceforge.net Subject

Re: [Openvpn-devel] [PATCH] Support for wolfSSL with OpenVPN master branch

2020-02-09 Thread Juliusz Sosinowicz
Hi Gert, thank you for your comments. My intention was not to add a second cipher line in the sample config file. I added "cipher AES-256-CBC" to an earlier version of OpenVPN when there was no cipher specified in the loopback-client and loopback-server files. After rebasing my commit onto

[Openvpn-devel] [PATCH] Support for wolfSSL with OpenVPN master branch

2020-02-07 Thread Juliusz Sosinowicz
wolfSSL: Support added in: https://github.com/wolfSSL/wolfssl/pull/2503 ``` git clone https://github.com/wolfSSL/wolfssl.git cd wolfssl ./autogen.sh ./configure --enable-openvpn make sudo make install ``` OpenVPN: ``` autoreconf -i -v -f ./configure --with-crypto-library=wolfssl make make check

[Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-04-14 Thread Juliusz Sosinowicz
: ``` autoreconf -i -v -f ./configure --with-crypto-library=wolfssl make make check sudo make install ``` Signed-off-by: Juliusz Sosinowicz --- configure.ac| 91 - src/openvpn/crypto.c| 2 +- src/openvpn/cryptoapi.c | 4 ++ 3 files changed, 94

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-04-16 Thread Juliusz Sosinowicz
The Readme looks good. Just one suggestion. On 16/04/2020 13:11, Arne Schwabe wrote: Am 16.04.20 um 12:42 schrieb Juliusz Sosinowicz: Hi Arne, On 15/04/2020 11:31, Arne Schwabe wrote: Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz: This patch adds support for wolfSSL in OpenVPN. Support

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-04-16 Thread Juliusz Sosinowicz
Hi Gert, thanks for the suggestion. I will change this in the next patch after looking into the issue that Arne brought up. On 15/04/2020 11:48, Gert Doering wrote: Hi, as Arne said, this is much better. On Tue, Apr 14, 2020 at 08:52:14PM +0200, Juliusz Sosinowicz wrote: This patch adds

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-04-16 Thread Juliusz Sosinowicz
Hi Arne, On 15/04/2020 11:31, Arne Schwabe wrote: Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz: This patch adds support for wolfSSL in OpenVPN. Support is added by using wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and instead the OpenSSL includes point

[Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-04-29 Thread Juliusz Sosinowicz
: ``` autoreconf -i -v -f ./configure --with-crypto-library=wolfssl make make check sudo make install ``` Signed-off-by: Juliusz Sosinowicz --- configure.ac | 91 ++- src/openvpn/syshead.h | 3 +- 2 files changed, 91 insertions(+), 3 deletions(-) diff --git

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-05-07 Thread Juliusz Sosinowicz
Hi Arne, currently it is macro'ed to wolfSSL_lib_version which only returns the version string. I will add our library name to the front of the OpenSSL_version return string. Thanks, Juliusz On 07/05/2020 12:35, Arne Schwabe wrote: Am 07.05.20 um 12:28 schrieb Antonio Quartulli: Thu May

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-05-07 Thread Juliusz Sosinowicz
or catching it. Thanks Juliusz On 29/04/2020 16:51, Juliusz Sosinowicz wrote: This patch adds support for wolfSSL in OpenVPN. Support is added by using wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and instead the OpenSSL includes point to wolfSSL headers and OpenVP

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-09-16 Thread Juliusz Sosinowicz
Hi Arne, a quick update. A PR is now open in wolfSSL with fixes for OpenVPN master. Sincerely Juliusz On 10/09/2020 14:16, Arne Schwabe wrote: Am 10.09.20 um 14:11 schrieb Juliusz Sosinowicz: Hi Arne, I understand your concern and apologize for the delay. We have been busy with the release

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-09-10 Thread Juliusz Sosinowicz
Juliusz Sosinowicz: Hi Arne, thank you for your feedback. I tested the patch on the latest master version at the time of writing and it looks like these requirements were added in the last week which is why I wasn't able to address them before.I will look into the new issues and get back to you when

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-09-17 Thread Juliusz Sosinowicz
Hi Arne, thank you for your extensive review of OpenVPN with wolfSSL. On 17/09/2020 00:05, Arne Schwabe wrote: ... I am still seeing this warning: 2020-09-16 23:20:14 WARNING: 'auth' is used inconsistently, local='auth SHA', remote='auth SHA1' Are you internally calling SHA1 just SHA and

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-07-22 Thread Juliusz Sosinowicz
they are fixed. I agree that most of these functions only require exposing existing functionality on our side. Sincerely Juliusz On 22/07/2020 15:37, Arne Schwabe wrote: Am 15.07.20 um 10:26 schrieb Juliusz Sosinowicz: Hi Everyone, do you have an update on the latest patch I sent? There have been

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-07-15 Thread Juliusz Sosinowicz
Hi Everyone, do you have an update on the latest patch I sent? There have been updates to wolfSSL to fix the remaining issues brought up last time. Thanks Juliusz On 16/06/2020 20:00, Juliusz Sosinowicz wrote: This patch adds support for wolfSSL in OpenVPN. Support is added by using

[Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-06-16 Thread Juliusz Sosinowicz
: ``` autoreconf -i -v -f ./configure --with-crypto-library=wolfssl make make check sudo make install ``` Signed-off-by: Juliusz Sosinowicz --- configure.ac | 94 ++- src/openvpn/syshead.h | 3 +- 2 files changed, 94 insertions(+), 3 deletions(-) diff --git

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-12-03 Thread Juliusz Sosinowicz
schrieb Juliusz Sosinowicz: Hi Arne, some time has passed and I was able to address most of your comments in my branch https://github.com/julek-wolfssl/wolfssl/tree/openvpn-2.5-missing-stuff To summarize what has been done regarding your comments: * SHA1 was indeed being called SHA in wolfSSL

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2020-11-19 Thread Juliusz Sosinowicz
schrieb Juliusz Sosinowicz: Hi Arne, a quick update. A PR is now open in wolfSSL with fixes for OpenVPN master. This is the version that I could actually take a deeper look at, so here are my results. It generally works but there seems some loose ends: I am still seeing this warning: 2020-09

[Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-01-27 Thread Juliusz Sosinowicz
./configure --enable-openvpn make sudo make install ``` OpenVPN: ``` autoreconf -i -v -f ./configure --with-crypto-library=wolfssl make make check sudo make install ``` Signed-off-by: Juliusz Sosinowicz --- configure.ac | 107 +- src/openvpn/syshead.h | 3

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-01-28 Thread Juliusz Sosinowicz
Juliusz Sosinowicz: Hi Arne, I believe I fixed the issues that you mentioned in your review of the patch for wolfSSL. I have sent a new patch tested on the latest master branch on OpenVPN along with the version of wolfSSL found in this pull request: https://github.com/wolfSSL/wolfssl/pull/3697

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-03-12 Thread Juliusz Sosinowicz
in this pull request: https://github.com/wolfSSL/wolfssl/pull/3871 I also found an error in one of OpenVPN's unit tests. I submitted a patch for that test in a separate email. Sincerely Juliusz On 03/03/2021 13:34, Arne Schwabe wrote: Am 22.02.21 um 16:28 schrieb Juliusz Sosinowicz: Hi Arne, have

[Openvpn-devel] [PATCH] EVP_DigestSignFinal siglen parameter correction

2021-03-12 Thread Juliusz Sosinowicz
In the EVP_DigestSignFinal API, "before the call the siglen parameter should contain the length of the sig buffer". Signed-off-by: Juliusz Sosinowicz --- src/openvpn/crypto_openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/openvpn/crypto_opens

Re: [Openvpn-devel] [PATCH applied] Re: Support for wolfSSL in OpenVPN

2021-03-18 Thread Juliusz Sosinowicz
Hi Gert, which version of autoconf exactly is causing this explosion? Juliusz On 18/03/2021 14:56, Gert Doering wrote: Hi, On Thu, Mar 18, 2021 at 02:21:02PM +0100, Gert Doering wrote: Your patch has been applied to the master branch. I have not tested actual WolfSSL builds, but done a

Re: [Openvpn-devel] [PATCH] Add PKG_CHECK_VAR compatibility definition for old autoconf versions

2021-03-18 Thread Juliusz Sosinowicz
For reference, the version of pkg-config shipped on my Ubuntu 14 vm is 0.26-1ubuntu4. It looks like the default packages are very outdated. Juliusz On 18/03/2021 21:52, David Sommerseth wrote: On 18/03/2021 19:12, Juliusz Sosinowicz wrote: PKG_CHECK_VAR is not available on older versions

[Openvpn-devel] [PATCH] Add PKG_CHECK_VAR compatibility definition for old autoconf versions

2021-03-18 Thread Juliusz Sosinowicz
PKG_CHECK_VAR is not available on older versions of autoconf. This patch copies the definition generated by newer versions of autoconf to be used for compatibility with older versions. Tested with automake 1.14.1-2ubuntu1 and autoconf 2.69-6. Signed-off-by: Juliusz Sosinowicz --- compat.m4

[Openvpn-devel] [PATCH] Add PKG_CHECK_VAR compatibility definition for old autoconf versions

2021-03-18 Thread Juliusz Sosinowicz
Signed-off-by: Juliusz Sosinowicz --- compat.m4 | 16 1 file changed, 16 insertions(+) diff --git a/compat.m4 b/compat.m4 index e54a7203..47650f6d 100644 --- a/compat.m4 +++ b/compat.m4 @@ -64,6 +64,22 @@ ifdef( AC_DEFUN([AC_TYPE_UINT64_T

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-03-17 Thread Juliusz Sosinowicz
Hi Arne, wolfSSL does not support Ed25519 certificates in the compatibility layer. I added the EKM signaling locally. I can submit the patch with this modification if you would like me to. Sincerely Juliusz On 17/03/2021 18:13, Arne Schwabe wrote: Am 12.03.21 um 16:12 schrieb Juliusz

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-03-17 Thread Juliusz Sosinowicz
My apologies. I didn't notice your reply Gert. I will submit an updated patch. Sincerely Juliusz On 17/03/2021 18:22, Gert Doering wrote: Hi, On Wed, Mar 17, 2021 at 06:13:04PM +0100, Arne Schwabe wrote: I would consider this an ACK. @Gert do you want a new version with the configure.ac

[Openvpn-devel] [PATCH] README.wolfssl Update

2021-03-19 Thread Juliusz Sosinowicz
Updates for the wolfSSL README file: - fix typos - correct wolfSSL company spelling - add a point of contact for users having problems using OpenVPN + wolfSSL Signed-off-by: Juliusz Sosinowicz --- README.wolfssl | 13 +++-- 1 file changed, 7 insertions(+), 6 deletions(-) diff --git

Re: [Openvpn-devel] [PATCH applied] Re: Add README.wolfssl documentating the state of WolfSSL in OpenVPN

2021-03-19 Thread Juliusz Sosinowicz
Could we get something like "For issues with using OpenVPN with wolfSSL, please contact supp...@wolfssl.com." in the README.wolfssl? This would help streamline comms for users and improve user experience. I can prepare a patch with this change. Thanks. Sincerely Juliusz On 18/03/2021 14:22,

[Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-03-17 Thread Juliusz Sosinowicz
./configure --enable-openvpn make sudo make install ``` OpenVPN: ``` autoreconf -i -v -f ./configure --with-crypto-library=wolfssl make make check sudo make install ``` Signed-off-by: Juliusz Sosinowicz --- configure.ac | 110 +- src/openvpn/syshead.h | 3

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-02-15 Thread Juliusz Sosinowicz
Hi Arne, the pull request has been merged to the wolfSSL master branch and will be included in the next wolfSSL release. Your issue has been resolved. Are able to try compiling again? Sincerely Juliusz On 27/01/2021 20:07, Arne Schwabe wrote: Am 27.01.21 um 18:25 schrieb Juliusz Sosinowicz

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2021-02-22 Thread Juliusz Sosinowicz
Hi Arne, have you had any success in compiling OpenVPN with wolfSSL? Sincerely Juliusz On 15/02/2021 13:13, Juliusz Sosinowicz wrote: Hi Arne, the pull request has been merged to the wolfSSL master branch and will be included in the next wolfSSL release. Your issue has been resolved

Re: [Openvpn-devel] wolfSSL unit test failures

2022-08-18 Thread Juliusz Sosinowicz
Hi Arne, thank you for your report. In the future, please send reports to supp...@wolfssl.com to guarantee the fastest possible response. This also helps us track bug reports. I have forwarded this report for you. Either I or someone else will investigate this and get back to you with a

Re: [Openvpn-devel] wolfSSL unit test failures

2022-08-31 Thread Juliusz Sosinowicz
Hi Everyone, this leak has been fixed in wolfSSL in this pull request: https://github.com/wolfSSL/wolfssl/pull/5514 Sincerely Juliusz On 18/08/2022 00:40, Arne Schwabe wrote: Hey, currently we still have test failures in wolfSSL in EVP_PKEY_CTX_new with clang asan. Github action patch

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2022-09-02 Thread Juliusz Sosinowicz
I'll try to propose a solution to avoid this warning. Juliusz On 01/09/2022 14:39, Arne Schwabe wrote: (*)(const X509_NAME * const*, const X509_NAME * const*) {aka int (*)(const struct WOLFSSL_X509_NAME * const*, const struct WOLFSSL_X509_NAME * const*)} In file included from

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

2022-09-12 Thread Juliusz Sosinowicz
Arne, the type casting warning was fixed in https://github.com/wolfSSL/wolfssl/pull/5571. OpenVPN should now compile without any warnings. Juliusz On 02/09/2022 11:50, Juliusz Sosinowicz wrote: I'll try to propose a solution to avoid this warning. Juliusz On 01/09/2022 14:39, Arne

Re: [Openvpn-devel] [PATCH applied] Re: Change include order for tests

2024-02-12 Thread Juliusz Sosinowicz
Thanks Gert. I see that our tests for the "release/2.6" branch are passing. This was discovered by testing against the master branch so I don't think this patch needs backporting. Sincerely Juliusz Sosinowicz On 12/02/2024 18:10, Gert Doering wrote: Thanks for this updated patch, w

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

2024-02-12 Thread Juliusz Sosinowicz
: ‘RELIABLE_ACK_SIZE’ undeclared (first use in this function)   160 | overhead += ACK_SIZE(RELIABLE_ACK_SIZE);   |  ^ Somehow, this has never come up as an issue. Sincerely Juliusz Sosinowicz On 09/02/2024 21:50, Arne Schwabe wrote: Am 09.02.24 um 16:51 schrieb

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

2024-02-12 Thread Juliusz Sosinowicz
Hi Frank, thank you for the explanation. I did not test out-of-tree builds before submitting the patch. I'll try to implement Gert's solution and write a Makefile patch instead. Sincerely Juliusz Sosinowicz On 09/02/2024 17:39, Frank Lichtenheld wrote: On Fri, Feb 09, 2024 at 04:51:09PM

[Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

2024-02-09 Thread Juliusz Sosinowicz
Signed-off-by: Juliusz Sosinowicz --- src/openvpn/auth_token.c | 2 +- src/openvpn/dco_linux.c | 2 +- src/openvpn/manage.c | 2 +- src/openvpn/openvpn.h| 2 +- src/openvpn

[Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

2024-02-09 Thread Juliusz Sosinowicz
Including "ssl.h" conflicts with the wolfSSL ssl.h header file. The include/wolfssl directory is included before openvpn/src. include/wolfssl needs to be included so that openvpn can pick up wolfSSL compatibility headers instead of OpenSSL headers without changing the paths. ---

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

2024-02-12 Thread Juliusz Sosinowicz
Hi Gert, that is the direction I went with the latest patch I sent over. Sincerely Juliusz Sosinowicz On 12/02/2024 13:53, Gert Doering wrote: Hi, On Mon, Feb 12, 2024 at 10:57:41AM +0100, Juliusz Sosinowicz wrote: commit 70b39f2bea9fd6e57f31e32b2041246731140cb2 has added the use

[Openvpn-devel] [PATCH] Change include order for tests

2024-02-12 Thread Juliusz Sosinowicz
aths. src/openvpn/Makefile.am does not need to be modified because AM_CPPFLAGS is placed before AM_CFLAGS in the output Makefile. Signed-off-by: Juliusz Sosinowicz --- tests/unit_tests/openvpn/Makefile.am | 62 +++- 1 file changed, 34 insertions(+), 28 deletions(-) diff --g