[Openvpn-devel] [M] Change in openvpn[master]: Check PRF availability on initialisation and add --force-tls-key-mate...

Wed, 03 Jan 2024 14:46:33 -0800 

Attention is currently required from: flichtenheld, plaisthos.

cron2 has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/460?usp=email )

The change is no longer submittable: Code-Review is unsatisfied now.

Change subject: Check PRF availability on initialisation and add 
--force-tls-key-material-export
......................................................................


Patch Set 8: Code-Review-2

(2 comments)

Patchset:

PS8:
sorry... found another one :-(


File src/openvpn/crypto.c:

http://gerrit.openvpn.net/c/openvpn/+/460/comment/131b2f38_d4640bad :
PS8, Line 1809:     return (ret && memcmp(out, expected_out, sizeof(out)) != 0);
It pains me to return to "-2" again, but there is something really weird going 
on here - to see what happens if the PRF fails, I changed "expected_out[3] to 
"2" in my tree, and it still succeeds.  Wat.  So I look at the comparison, and 
we should be checking for `== 0` here ("out == expected_out", this is not 
strcmp()...).

So I fired up gdb with -O0, and this is what it says...

```
(gdb) print ret
$1 = 1
(gdb) print out
$2 = "qD\376%@su\225"
(gdb) print expected_out
$3 = "\340_\037\001\000\000\000"
```



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/460?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70
Gerrit-Change-Number: 460
Gerrit-PatchSet: 8
Gerrit-Owner: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: cron2 <g...@greenie.muc.de>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Comment-Date: Wed, 03 Jan 2024 22:45:10 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel























					Reply via email to