[Openvpn-devel] [XL] Change in openvpn[master]: Add support for Mbed TLS 4

Fri, 23 Jan 2026 05:34:36 -0800 

Attention is currently required from: MaxF, syzzer.

plaisthos has posted comments on this change by MaxF. ( 
http://gerrit.openvpn.net/c/openvpn/+/1441?usp=email )

Change subject: Add support for Mbed TLS 4
......................................................................


Patch Set 7: Code-Review+2

(2 comments)

File src/openvpn/crypto_mbedtls.c:

http://gerrit.openvpn.net/c/openvpn/+/1441/comment/32a319ea_8293f4ed?usp=email :
PS7, Line 611:     { "SHA256", PSA_ALG_SHA_256 },
We probably want to a few more of the common algorithms here in a follow up 
commit or in the next version of this commit. At least SHA384 and SHA512 are 
pretty common and SHA224 wouldn't hurt either.

#define PSA_ALG_SHA3_224                        ((psa_algorithm_t) 0x02000010)
/** SHA3-256 */
#define PSA_ALG_SHA3_256                        ((psa_algorithm_t) 0x02000011)
/** SHA3-384 */
#define PSA_ALG_SHA3_384                        ((psa_algorithm_t) 0x02000012)
/** SHA3-512 */
#define PSA_ALG_SHA3_512                        ((psa_algorithm_t) 0x02000013)

seem also good candidates to already add here to future proof it a bit.


File src/openvpn/ssl_mbedtls.c:

http://gerrit.openvpn.net/c/openvpn/+/1441/comment/3877c185_ffe25e3e?usp=email :
PS7, Line 362:     { "X25519", MBEDTLS_SSL_IANA_TLS_GROUP_X25519 },
MBEDTLS_SSL_IANA_TLS_GROUP_X448 should also be added here I think.

Also secp521r1. For the european context in goverment stuff, often the brain 
pool curves are also used, so I am surprised they are missing here.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1441?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings?usp=email

Gerrit-MessageType: comment
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ib251d546d993b96ed3bd8cb9111bcc627cdb0fae
Gerrit-Change-Number: 1441
Gerrit-PatchSet: 7
Gerrit-Owner: MaxF <[email protected]>
Gerrit-Reviewer: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-CC: syzzer <[email protected]>
Gerrit-Attention: syzzer <[email protected]>
Gerrit-Attention: MaxF <[email protected]>
Gerrit-Comment-Date: Fri, 23 Jan 2026 13:33:28 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes

_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to