Re: [Openvpn-devel] [PATCH v2] reformatting: fix style in crypto*.{c, h}
On Wed, Dec 21, 2016 at 4:09 PM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > > Hmmm ... I like that we're trying to clean up the formatting further. > But I'm not too happy that uncrustify seems to disagree slightly ... > See the attached patch what happened after applying your patch and then > running: > >$ uncrustify --no-backup -l C $files Then do not run uncrustify.. let it disagree :) Selva -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2] reformatting: fix style in crypto*.{c, h}
Hi, On 21 December 2016 at 22:09, David Sommersethwrote: > On 18/12/16 19:26, Steffan Karger wrote: >> Now that we have touched each and every file anyway, I decided to go over >> the code I regularly work with and reformat it some more by hand. This is >> how for I got today, and is a large enough patch I think. >> >> This commit is mostly just reordering and changing whitespace, with one >> exception: it removes the #if 0 around some debugging code in >> read_key_file(), and now always print the debugging if D_SHOW_KEYS is >> enabled. >> >> This patch is best reviewed with something like >> 'git diff --ignore-space-change'. >> >> Signed-off-by: Steffan Karger >> --- >> v2: fix wrong indent, add more 'for () {' -> 'for ()\n{' fixes. >> >> src/openvpn/crypto.c | 425 >> ++- >> src/openvpn/crypto.h | 27 ++- >> src/openvpn/crypto_mbedtls.c | 63 --- >> src/openvpn/crypto_openssl.c | 38 ++-- >> src/openvpn/cryptoapi.c | 101 ++ >> 5 files changed, 356 insertions(+), 298 deletions(-) >> > [...snip...] > > Hmmm ... I like that we're trying to clean up the formatting further. > But I'm not too happy that uncrustify seems to disagree slightly ... > See the attached patch what happened after applying your patch and then > running: > >$ uncrustify --no-backup -l C $files > > We should either see if our uncrustify config is correct or need slight > adjustments (without needing to re-run it on the complete tree once again) This seems to be due to 2 things: 1) I adhered to the CodeStyle page 'When lines exceed this length, wrap them using a double indent (ie 8 spaces)', while the crustify config uses a single indent. Since this double indent was somewhat arbitrary, I think we should just change the CodeStyle page to single indent. 2) Uncrustify insists on either 'align function parameters' or 'indent function parameters'. There is no 'ignore' for this option. The current config uses 'align', which is fine in a lot of places, but in some cases (such as the ones I've changed) it impairs readability. Point 2 makes me believe that we should not enforce the code style with a tool, but rather just with eyes during patch review. There's just too many places where some freedom can improve readability. Alternatively, if everyone thinks that 'indent' is better than 'align', we can change the config and postpone this discussion until the next time where we run into something ;) -Steffan -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH release/2.4] Update copyrights
David Sommersethon Wed, 2016/12/21 21:00: > Signed-off-by: David Sommerseth As we will (hopefully) see a release in 2016... Does it make sense to update to 2017? -- main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];) putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);} pgpY3oC0O5Zqi.pgp Description: OpenPGP digital signature -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH release/2.3] docs: Further improve --reneg-bytes and SWEET32 information
Hi, On 21 December 2016 at 21:54, David Sommersethwrote: > +If using ciphers with cipher block sizes less than 128-bits, > \-\-reneg\-bytes is > +set to 64MB by default, unless it is explicitly disabled by setting the > value to > +0,but this is (As in the patch for master:) missing space behind the ,. ACK once that's fixed. -Steffan -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH master+v2.4] docs: Further enhance the documentation related to SWEET32
Hi, On 21 December 2016 at 21:54, David Sommersethwrote: > User-visible Changes > > +- When using ciphers with cipher blocks less than 128-bits > + OpenVPN will complain loudly if the configuration uses ciphers considered > + weak, such as the SWEET32 attack vector. In such scenarios, OpenVPN will > by > + default do a renegotiation for each 64MB of transported data > (``--reneg-bytes``). > + This can renegotiation can be disabled, but is HIGHLY DISCOURAGED. There's a can too much here. > +If using ciphers with cipher block sizes less than 128-bits, > \-\-reneg\-bytes is > +set to 64MB by default, unless it is explicitly disabled by setting the > value to > +0,but this is Missing a space behind the , > +.B HIGHLY DISCOURAGED > +as this is designed to add some protection against the SWEET32 attack vector. > +For more information see the \-\-cipher option. -Steffan -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 1/1] do not race on RuntimeDirectory
debbie10ton Tue, 2016/12/20 00:32: > On 16/12/16 15:57, Christian Hesse wrote: > > From: Christian Hesse > > > > Different unit instances create and destroy the same RuntimeDirectory. > > This leads to running instances where the status file (and possibly > > more runtime data) is no longer accessible. > > > > So create a RuntimeDirectory per instance. > > > > Signed-off-by: Christian Hesse > > --- > > distro/systemd/openvpn-client@.service | 2 +- > > distro/systemd/openvpn-server@.service | 4 ++-- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/distro/systemd/openvpn-client@.service > > b/distro/systemd/openvpn-client@.service index 5618af3..fcb5302 100644 > > --- a/distro/systemd/openvpn-client@.service > > +++ b/distro/systemd/openvpn-client@.service > > @@ -9,7 +9,7 @@ > > Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] > > Type=notify > > PrivateTmp=true > > -RuntimeDirectory=openvpn-client > > +RuntimeDirectory=openvpn-client@%i > > RuntimeDirectoryMode=0710 > > WorkingDirectory=/etc/openvpn/client > > ExecStart=/usr/sbin/openvpn --suppress-timestamps --nobind --config > > %i.conf diff --git a/distro/systemd/openvpn-server@.service > > b/distro/systemd/openvpn-server@.service index b9b4dba..8b240cf 100644 > > --- a/distro/systemd/openvpn-server@.service > > +++ b/distro/systemd/openvpn-server@.service > > @@ -9,10 +9,10 @@ > > Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] > > Type=notify > > PrivateTmp=true > > -RuntimeDirectory=openvpn-server > > +RuntimeDirectory=openvpn-server@%i > > RuntimeDirectoryMode=0710 > > WorkingDirectory=/etc/openvpn/server > > -ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log > > --status-version 2 --suppress-timestamps --config %i.conf > > +ExecStart=/usr/sbin/openvpn --status %t/openvpn-server@%i/status.log > > --status-version 2 --suppress-timestamps --config %i.conf > > CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE > > CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE > > LimitNPROC=10 DeviceAllow=/dev/null rw > > > CentOS 7 (after full update) still only uses systemd version 219 > > This functionality is not introduced until systemd 227 > > https://github.com/systemd/systemd/blob/master/NEWS Ah, good to know when this was implemented. :-D But we already know that this does not work for version we want to support. Thus I had sent a patch with new approach on Dec 16th where RuntimeDirectory is removed from unit files and directories are handled via tmpfiles.d. Can you take a look at that one? -- main(a){char*c=/*Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/*Best regards my address:*/=0;b=c[a++];) putchar(b-1/(/*Chriscc -ox -xc - && ./x*/b/42*2-3)*42);} pgpY35vqpn_LT.pgp Description: OpenPGP digital signature -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH v2] reformatting: fix style in crypto*.{c, h}
On 18/12/16 19:26, Steffan Karger wrote: > Now that we have touched each and every file anyway, I decided to go over > the code I regularly work with and reformat it some more by hand. This is > how for I got today, and is a large enough patch I think. > > This commit is mostly just reordering and changing whitespace, with one > exception: it removes the #if 0 around some debugging code in > read_key_file(), and now always print the debugging if D_SHOW_KEYS is > enabled. > > This patch is best reviewed with something like > 'git diff --ignore-space-change'. > > Signed-off-by: Steffan Karger> --- > v2: fix wrong indent, add more 'for () {' -> 'for ()\n{' fixes. > > src/openvpn/crypto.c | 425 > ++- > src/openvpn/crypto.h | 27 ++- > src/openvpn/crypto_mbedtls.c | 63 --- > src/openvpn/crypto_openssl.c | 38 ++-- > src/openvpn/cryptoapi.c | 101 ++ > 5 files changed, 356 insertions(+), 298 deletions(-) > [...snip...] Hmmm ... I like that we're trying to clean up the formatting further. But I'm not too happy that uncrustify seems to disagree slightly ... See the attached patch what happened after applying your patch and then running: $ uncrustify --no-backup -l C $files We should either see if our uncrustify config is correct or need slight adjustments (without needing to re-run it on the complete tree once again) -- kind regards, David Sommerseth OpenVPN Technologies, Inc diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 06e7b7e..a665648 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -268,9 +268,9 @@ openvpn_encrypt_v1(struct buffer *buf, struct buffer work, { struct packet_id_net pin; packet_id_alloc_outgoing(>packet_id.send, , -BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM)); + BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM)); ASSERT(packet_id_write(, buf, -BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true)); + BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true)); } if (ctx->hmac) { @@ -570,7 +570,7 @@ openvpn_decrypt_v1(struct buffer *buf, struct buffer work, /* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */ const int work_headroom = -FRAME_HEADROOM_ADJ(frame, FRAME_HEADROOM_MARKER_DECRYPT); +FRAME_HEADROOM_ADJ(frame, FRAME_HEADROOM_MARKER_DECRYPT); ASSERT(buf_init(, work_headroom)); /* use IV if user requested it */ @@ -718,7 +718,7 @@ openvpn_decrypt(struct buffer *buf, struct buffer work, void crypto_adjust_frame_parameters(struct frame *frame, const struct key_type *kt, -bool use_iv, bool packet_id, bool packet_id_long_form) + bool use_iv, bool packet_id, bool packet_id_long_form) { size_t crypto_overhead = 0; @@ -840,7 +840,7 @@ init_key_type(struct key_type *kt, const char *ciphername, /* given a key and key_type, build a key_ctx */ void init_key_ctx(struct key_ctx *ctx, struct key *key, const struct key_type *kt, -int enc, const char *prefix) + int enc, const char *prefix) { struct gc_arena gc = gc_new(); CLEAR(*ctx); @@ -1101,7 +1101,7 @@ test_crypto(struct crypto_options *co, struct frame *frame) #ifdef HAVE_AEAD_CIPHER_MODES /* init implicit IV */ const cipher_kt_t *cipher = -cipher_ctx_get_cipher_kt(co->key_ctx_bi.encrypt.cipher); +cipher_ctx_get_cipher_kt(co->key_ctx_bi.encrypt.cipher); if (cipher_kt_mode_aead(cipher)) { size_t impl_iv_len = cipher_kt_iv_size(cipher) - sizeof(packet_id_type); @@ -1114,7 +1114,7 @@ test_crypto(struct crypto_options *co, struct frame *frame) co->key_ctx_bi.encrypt.implicit_iv_len = impl_iv_len; memcpy(co->key_ctx_bi.decrypt.implicit_iv, -co->key_ctx_bi.encrypt.implicit_iv, OPENVPN_MAX_IV_LENGTH); + co->key_ctx_bi.encrypt.implicit_iv, OPENVPN_MAX_IV_LENGTH); co->key_ctx_bi.decrypt.implicit_iv_len = impl_iv_len; } #endif /* ifdef HAVE_AEAD_CIPHER_MODES */ @@ -1172,8 +1172,8 @@ test_crypto(struct crypto_options *co, struct frame *frame) void crypto_read_openvpn_key(const struct key_type *key_type, struct key_ctx_bi *ctx, -const char *key_file, const char *key_inline, const int key_direction, -const char *key_name, const char *opt_name) +const char *key_file, const char *key_inline, const int key_direction, +const char *key_name, const char *opt_name) { struct key2 key2; struct key_direction_state kds; @@ -1419,7 +1419,7 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags)
Re: [Openvpn-devel] [PATCH applied] Bump master to version 2.5_git
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the master branch. commit e1dd49a38875909bda218c0c3f772e791681ac36 Author: Steffan Karger Date: Sun Dec 18 17:38:15 2016 +0100 Bump master to version 2.5_git Signed-off-by: Steffan KargerAcked-by: David Sommerseth Message-Id: <1482079095-14880-1-git-send-email-stef...@karger.me> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13619.html Signed-off-by: David Sommerseth - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYWu08AAoJEIbPlEyWcf3yaq8P/jT6UioXn+8LNgJo1P1kr0OA XITQeGlMBVIqJmDaDCjUkBZyOilWlyJyqgJI0Mk1s+gAzpAcfv+T4VDkWFT4jT5N YOOI/HyRBK9yYHWEPuhCXaBKSUfm7zzOX1tM7trc5KZLq0hSdUv2mz3v80ySduGR U008VRH/gS9jU6bzViAs7AhlUQifMsO1CEPNj8nNcuKWWA4ka48iYgS4JK/ILB7V Y0TXHnorm5ZH8/qlV1GrSzfvfz1c6vqncTH8NKO4nc0XN3AaFjOKVOHZg2v3jERN RyZbWgnjwthxMnI3ZHadTaqqjW+81sLL6QrEhs0zTVtoeACgb5ebflPeCGhigPJ6 E3DFzFBHTX4JBQtvb8YbKvLjwISBqv7xlQ3igUmbfKdfcHD/HBsF+aMBHT2w7t3d GHoJly1Jl1w5tVzKlJdKw7GILvp3lCJuyBxEZLSMnSzsLf+ZS74o9JXlpRkPwVgy H1r8zvWH5AkFHlImkaA0e9Ead1NVvFq43eh3ObRYAM4t27S5xIwj7VOIzHGKLEuj Tqml4uc+RLrzyLmTNNhr/0BOBYXt1y5VdDEW3XgboprI05Ge6R8rtQkN0k7K7MqC 3Nu+FGsFeOG0VWTf92ch+pJRT1Y37waaHEvFFRLFF4m7hszYjPQmi9XpblsHV0Ib TWj0RDIzUU2apYT3vZzq =slnp -END PGP SIGNATURE- -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Update copyrights
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the release/2.3 branch. commit 782c95330b630c3823418a7867fcc1763d3f103f Author: David Sommerseth Date: Wed Dec 21 21:00:53 2016 +0100 Update copyrights Signed-off-by: David SommersethAcked-by: Steffan Karger Message-Id: <1482350454-27280-3-git-send-email-dav...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13656.html - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYWuy8AAoJEIbPlEyWcf3yNqQQAJHiUT5UVjkwDUbVWyXwmKnW WsFKO3KH3tQGUFgM4R1fjDwXvvnd1636COTUyVHmeABFM7J7KHgjtumxJWq/SXV9 mR0GiOMAU/ShmtWUevpgx18B44EoCZ66pQy7laV8ZkSJXvqc2I+btwQwOcd6Hy04 tbUj7KPadzXlBDdcWXBD7gDERDXg9xP80fpbHD4VIBUGC34wd1eTMT9NecJVW8yw jn0MayCPnFBt+3ejO41J0n5T4NIrTxSpFhAebkccdg0LPsRpgUw/Nv4lpnuIX4E9 xcnK/Bouofv/8Ccxa2oW3LzA6mceHE04ypu4OeCdDC3AQc5+8zXFG72EhpebPOUp 75d3zsOsHuN9e7CbyLolQVgDbQ3huzdBZWWkDC155j8kSwvsbbCFFjdSZRUumtlk SQZKF4bbwUasSYW7nL+kIdQW+jxAKzJmoqp7k5jFasPnm77wHNRbxr+kvQNNaUv9 dixf+pUg/EQTxE2WQ+GvDpwrEOJNVgNyrhrOCAHmBIIhnSiu3hdBdMB60CWvxQWF BVUizhhqISkDq3yI5P6pVDoPl6kGrYmAcl5gJa7NkyMDVm59y3Kzk+xb21VkY3v0 PjpZIsQTBKqTIlREfwdNuSkmWwFW2sXtZ/TPmt3J8yMsOKDPrlZSeEmSShpay66S 7mwipdPovMgOvcrtuX+T =Sv1/ -END PGP SIGNATURE- -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Update copyrights
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the master branch. commit 58716979640b5d8850b39820f91da616964398cc Author: David Sommerseth Date: Wed Dec 21 21:00:52 2016 +0100 Update copyrights Signed-off-by: David SommersethAcked-by: Steffan Karger Message-Id: <1482350454-27280-2-git-send-email-dav...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13653.html - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYWuzbAAoJEIbPlEyWcf3yAiIP/0dW81f1ZSFOp/f1x09v531c uW+wjIyYWAyXorzIpKmzlJi/2seHcOLPUrg9xrO0hL0l5yx2W3dozWr3d+1jQZQT +lEMnyxXD8asLDj/LDl3ULzolKkMC+BeUXYd0fPZkN0DnhNQkf7wMCXjxrT+78IS UAIlSDUBPevz7wYBsacBT2c0eVqvn388KcRmB1zKvltE75iJy4nS4d4hlMwu5gf+ bs/wJ0MTyhJgyschgcINxPU2fp4bBP1Iy04K/DeLwwirMFtiNBowo7iWqmsWSofL f6zAljkyNvWvCuSLVt1cw1PJpeCHiLyAbmpZTbifFshvvG/turIttwEBlk2yM+W2 E/8QhMPMomweN4IKL+iWmqLyvur0faYz1G43WpmOHemnm3zTOogcpYOAkZ5tseS0 zGqFwtbGtkNxtWoz59bqRHGdQtBvNrSIkFPCmBCI/crIm3lV7SEqFORRn8Nv82Cj B0oUEdZqwgKHWQz/SKrfbLJ84r2aeP/r3JsRJwqZzuI2EInmoACO/8IuU7MokEc5 sMplAyULBqFWq4F1A4l9oirvAWBkSVgg+ZQ1eF2HcJvHZhuZz1Oxo9BHulbRRcHG 89rWOYNgSqpxVrORupDJHlkcm7U3z8LCv3mw8kL9iJL/acT2uvyhnj9sXry6DqxH ILw9Wa80vglPAF+wQRpp =3qJT -END PGP SIGNATURE- -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Update copyrights
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your patch has been applied to the release/2.4 branch. commit a0006fa431d2109a55ecc741a34510aea00dd608 Author: David Sommerseth Date: Wed Dec 21 21:00:54 2016 +0100 Update copyrights Signed-off-by: David SommersethAcked-by: Steffan Karger Message-Id: <1482350454-27280-4-git-send-email-dav...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13655.html - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYWuyjAAoJEIbPlEyWcf3yPtQQAMUovDeAU78rVHAKo8CELS/d U+5+IJ5mQbPwx0FiA5f0FxY7NIpv1JVP2AX5tvigHo3DXCLe91jvrCXlB5l5Q7Nr umDiO9HBkfY9JfpOsk1j7MgH+JHInatoO6Ez1tcPgB2NBvb4WQ4mgFvUElQbEYLF oCsEiA0W8CO+5+v+L0rA8vO70DsFm0cJK/9noPPrhvh2qRJyQarDRDRUaLgltK28 jcSfUR9OaeCmFwXYZH2ERvSKMTcTGyQ0jsTiu1ZUE4pdpE/7gDjPJczcVHB59xzS aHQjwZJEh/AbTGnjhfeOhWwtqHJfRpoMIm4fLitatSUoxKLteC94JMm9lfEEytOI CYz3IhrRyqN4SBDInS9raei6dDn5/kpmggRTyJgpeXm+S7DIecCjJb78u3pReTWs BZbWWIfLnnuGOf8iNXWZ2tPyZvAmAl38Re0AwEPwDtUknD3T+JQAYZOsSiPlsuy8 YHpgwWSKg6t9/lzKm/O7v/unebfPmFaRtBVuEw6XyCP/I9i9VbxXCktqx2u4GSOy Hkom3Rkj87kEJJ/FL6hRURJnH9t10OOZnIZ4vSDVckkwaleaD9VY6M4xEW4sxN8i b1fQ2PwnhMDvmzESdGN7b0vkqF4H//OZJJFYecXng6UoEuKSiUKEHfnvGdiLFKhw zyfj8/BRNEdfgvqVN6ko =j33o -END PGP SIGNATURE- -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] Improve documentation related to SWEET32 and --reneg-bytes
There have been several support questions related to the enforced renegotiation happening in OpenVPN v2.3.13. This will also be visible to users when they upgrade to v2.4.0. These patches updates both master (including release/2.4) and release/2.3 branches with additional details to hopefully make it a bit less surprising. -- kind regards, David Sommerseth OpenVPN Technologies, Inc -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH release/2.3] docs: Further improve --reneg-bytes and SWEET32 information
There are still some support tickets related to SWEET32 and our defult enforced --reneg-bytes 64 when using weaker ciphers (less than 128-bits cipher blocks). Try to clarify this even more. Also fix a few mistakes, saying less than 128-bits and not 128-bits and less. Signed-off-by: David Sommerseth--- Changes.rst | 6 +++--- doc/openvpn.8 | 13 ++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Changes.rst b/Changes.rst index 3e3aaad..1c0154c 100644 --- a/Changes.rst +++ b/Changes.rst @@ -57,10 +57,10 @@ Improved UTF-8 support Behavioral changes -- -- OpenVPN will complain loudly about ciphers with 128-bits block sizes or less +- OpenVPN will complain loudly about ciphers with block sizes less than 128-bits - OpenVPN will by default re-negotiate the tunnel after 64MB when used with - ciphers using cipher blocks of 128-bits or less + ciphers using cipher blocks sizes less than 128-bits - Remove --enable-password-save option to configure, this is now always enabled @@ -121,7 +121,7 @@ Version 2.3.13 Ciphers with cipher blocks less than 128 bits will now do a renegotiation of the tunnel by default for every 64MB of data. This behaviour can be - overridden by explictly setting --reneg-bytes 0 in the configuration file, + overridden by explicitly setting --reneg-bytes 0 in the configuration file, however this is HIGHLY discouraged. This is to reduce the risk for SWEET32 attacks. The general recommendation diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 2140733..6063ccd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4612,11 +4612,18 @@ such as TCP expect this role to be left to them. .B \-\-reneg\-bytes n Renegotiate data channel key after .B n -bytes sent or received (disabled by default). +bytes sent or received (disabled by default with an exception, see below). OpenVPN allows the lifetime of a key -to be expressed as a number of bytes encrypted/decrypted, a number of packets, or -a number of seconds. A key renegotiation will be forced +to be expressed as a number of bytes encrypted/decrypted, a number of packets, +or a number of seconds. A key renegotiation will be forced if any of these three criteria are met by either peer. + +If using ciphers with cipher block sizes less than 128-bits, \-\-reneg\-bytes is +set to 64MB by default, unless it is explicitly disabled by setting the value to +0,but this is +.B HIGHLY DISCOURAGED +as this is designed to add some protection against the SWEET32 attack vector. +For more information see the \-\-cipher option. .\"* .TP .B \-\-reneg\-pkts n -- 1.8.3.1 -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH master+v2.4] docs: Further enhance the documentation related to SWEET32
The git master/2.4 code lacked some useful information about the changes to --reneg-bytes, SWEET32 and weak ciphers (less than 128-bits cipher blocks) Signed-off-by: David Sommerseth--- Changes.rst | 6 ++ doc/openvpn.8 | 13 ++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/Changes.rst b/Changes.rst index 8508fa3..2702419 100644 --- a/Changes.rst +++ b/Changes.rst @@ -182,6 +182,12 @@ Deprecated features User-visible Changes +- When using ciphers with cipher blocks less than 128-bits + OpenVPN will complain loudly if the configuration uses ciphers considered + weak, such as the SWEET32 attack vector. In such scenarios, OpenVPN will by + default do a renegotiation for each 64MB of transported data (``--reneg-bytes``). + This can renegotiation can be disabled, but is HIGHLY DISCOURAGED. + - For certificate DNs with duplicate fields, e.g. "OU=one,OU=two", both fields are now exported to the environment, where each second and later occurrence of a field get _$N appended to it's field name, starting at N=1. For the diff --git a/doc/openvpn.8 b/doc/openvpn.8 index f079799..f2d7c6d 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4876,11 +4876,18 @@ such as TCP expect this role to be left to them. .B \-\-reneg\-bytes n Renegotiate data channel key after .B n -bytes sent or received (disabled by default). +bytes sent or received (disabled by default with an exception, see below). OpenVPN allows the lifetime of a key -to be expressed as a number of bytes encrypted/decrypted, a number of packets, or -a number of seconds. A key renegotiation will be forced +to be expressed as a number of bytes encrypted/decrypted, a number of packets, +or a number of seconds. A key renegotiation will be forced if any of these three criteria are met by either peer. + +If using ciphers with cipher block sizes less than 128-bits, \-\-reneg\-bytes is +set to 64MB by default, unless it is explicitly disabled by setting the value to +0,but this is +.B HIGHLY DISCOURAGED +as this is designed to add some protection against the SWEET32 attack vector. +For more information see the \-\-cipher option. .\"* .TP .B \-\-reneg\-pkts n -- 1.8.3.1 -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH master] Update copyrights
Hi, On 21-12-16 21:00, David Sommerseth wrote: > Signed-off-by: David Sommerseth> --- > COPYING | 2 +- > ChangeLog | 2 +- > Makefile.am | 2 +- > PORTS | 2 +- > build/Makefile.am | 2 +- > build/msvc/Makefile.am| 2 +- > build/msvc/msvc-generate/Makefile.am | 2 +- > configure.ac | 2 +- > dev-tools/reformat-all.sh | 2 +- > dev-tools/update-copyright.sh | 2 +- > distro/Makefile.am| 2 +- > distro/rpm/Makefile.am| 2 +- > doc/Makefile.am | 2 +- > doc/doxygen/doc_compression.h | 2 +- > doc/doxygen/doc_control_processor.h | 2 +- > doc/doxygen/doc_control_tls.h | 2 +- > doc/doxygen/doc_data_control.h| 2 +- > doc/doxygen/doc_data_crypto.h | 2 +- > doc/doxygen/doc_eventloop.h | 2 +- > doc/doxygen/doc_external_multiplexer.h| 2 +- > doc/doxygen/doc_fragmentation.h | 2 +- > doc/doxygen/doc_internal_multiplexer.h| 2 +- > doc/doxygen/doc_key_generation.h | 2 +- > doc/doxygen/doc_mainpage.h| 2 +- > doc/doxygen/doc_memory_management.h | 2 +- > doc/doxygen/doc_protocol_overview.h | 2 +- > doc/doxygen/doc_reliable.h| 2 +- > doc/doxygen/doc_tunnel_state.h| 2 +- > doc/openvpn.8 | 2 +- > include/Makefile.am | 2 +- > include/openvpn-msg.h | 2 +- > include/openvpn-plugin.h.in | 2 +- > sample/Makefile.am| 2 +- > sample/sample-plugins/defer/simple.c | 2 +- > .../keying-material-exporter-demo/keyingmaterialexporter.c| 2 +- > sample/sample-plugins/log/log.c | 2 +- > sample/sample-plugins/log/log_v3.c| 2 +- > sample/sample-plugins/simple/simple.c | 2 +- > src/Makefile.am | 2 +- > src/compat/Makefile.am| 2 +- > src/compat/compat-gettimeofday.c | 2 +- > src/openvpn/Makefile.am | 2 +- > src/openvpn/argv.c| 2 +- > src/openvpn/argv.h| 2 +- > src/openvpn/basic.h | 2 +- > src/openvpn/block_dns.c | 2 +- > src/openvpn/buffer.c | 2 +- > src/openvpn/buffer.h | 2 +- > src/openvpn/circ_list.h | 2 +- > src/openvpn/clinat.c | 2 +- > src/openvpn/clinat.h | 2 +- > src/openvpn/common.h | 2 +- > src/openvpn/comp-lz4.c| 4 > ++-- > src/openvpn/comp-lz4.h| 4 > ++-- > src/openvpn/comp.c| 2 +- > src/openvpn/comp.h| 2 +- > src/openvpn/compstub.c| 2 +- > src/openvpn/console.c | 4 > ++-- > src/openvpn/console.h | 4 > ++-- > src/openvpn/console_builtin.c | 4 > ++-- > src/openvpn/crypto.c
Re: [Openvpn-devel] [PATCH release/2.3] Update copyrights
Hi, On 21-12-16 21:00, David Sommerseth wrote: > Signed-off-by: David Sommerseth> --- > COPYING| 2 +- > ChangeLog | 2 +- > Makefile.am| 2 +- > PORTS | 2 +- > build/Makefile.am | 2 +- > build/msvc/Makefile.am | 2 +- > build/msvc/msvc-generate/Makefile.am | 2 +- > configure.ac | 2 +- > dev-tools/update-copyright.sh | 2 +- > distro/Makefile.am | 2 +- > distro/rpm/Makefile.am | 2 +- > doc/Makefile.am| 2 +- > doc/doxygen/doc_compression.h | 2 +- > doc/doxygen/doc_control_processor.h| 2 +- > doc/doxygen/doc_control_tls.h | 2 +- > doc/doxygen/doc_data_control.h | 2 +- > doc/doxygen/doc_data_crypto.h | 2 +- > doc/doxygen/doc_eventloop.h| 2 +- > doc/doxygen/doc_external_multiplexer.h | 2 +- > doc/doxygen/doc_fragmentation.h| 2 +- > doc/doxygen/doc_internal_multiplexer.h | 2 +- > doc/doxygen/doc_key_generation.h | 2 +- > doc/doxygen/doc_mainpage.h | 2 +- > doc/doxygen/doc_memory_management.h| 2 +- > doc/doxygen/doc_protocol_overview.h| 2 +- > doc/doxygen/doc_reliable.h | 2 +- > doc/doxygen/doc_tunnel_state.h | 2 +- > doc/openvpn.8 | 2 +- > include/Makefile.am| 2 +- > include/openvpn-plugin.h | 2 +- > sample/Makefile.am | 2 +- > sample/sample-plugins/defer/simple.c | 2 +- > sample/sample-plugins/log/log.c| 2 +- > sample/sample-plugins/log/log_v3.c | 2 +- > sample/sample-plugins/simple/simple.c | 2 +- > src/Makefile.am| 2 +- > src/compat/Makefile.am | 2 +- > src/compat/compat-gettimeofday.c | 2 +- > src/openvpn/Makefile.am| 2 +- > src/openvpn/basic.h| 2 +- > src/openvpn/buffer.c | 2 +- > src/openvpn/buffer.h | 2 +- > src/openvpn/circ_list.h| 2 +- > src/openvpn/clinat.c | 2 +- > src/openvpn/clinat.h | 2 +- > src/openvpn/common.h | 2 +- > src/openvpn/console.c | 2 +- > src/openvpn/console.h | 2 +- > src/openvpn/crypto.c | 4 ++-- > src/openvpn/crypto.h | 4 ++-- > src/openvpn/crypto_backend.h | 4 ++-- > src/openvpn/crypto_openssl.c | 4 ++-- > src/openvpn/crypto_openssl.h | 4 ++-- > src/openvpn/crypto_polarssl.c | 4 ++-- > src/openvpn/crypto_polarssl.h | 4 ++-- > src/openvpn/dhcp.c | 2 +- > src/openvpn/dhcp.h | 2 +- > src/openvpn/errlevel.h | 2 +- > src/openvpn/error.c| 2 +- > src/openvpn/error.h| 2 +- > src/openvpn/event.c| 2 +- > src/openvpn/event.h| 2 +- > src/openvpn/fdmisc.c | 2 +- > src/openvpn/fdmisc.h | 2 +- > src/openvpn/forward-inline.h | 2 +- > src/openvpn/forward.c | 2 +- > src/openvpn/forward.h | 2 +- > src/openvpn/fragment.c | 2 +- > src/openvpn/fragment.h | 2 +- > src/openvpn/gremlin.c | 2 +- > src/openvpn/gremlin.h | 2 +- > src/openvpn/helper.c | 2 +- > src/openvpn/helper.h | 2 +- > src/openvpn/httpdigest.c | 2 +- > src/openvpn/httpdigest.h | 2 +- > src/openvpn/init.c | 2 +- > src/openvpn/init.h | 2 +- > src/openvpn/integer.h | 2 +- > src/openvpn/interval.c | 2 +- > src/openvpn/interval.h | 2 +- > src/openvpn/list.c | 2 +- > src/openvpn/list.h | 2 +- > src/openvpn/lzo.c | 2 +- > src/openvpn/lzo.h | 2 +- > src/openvpn/manage.c | 2 +- > src/openvpn/manage.h | 2 +- > src/openvpn/mbuf.c | 2 +- > src/openvpn/mbuf.h | 2 +- > src/openvpn/memdbg.h | 2 +- > src/openvpn/misc.c | 2 +- > src/openvpn/misc.h | 2 +- > src/openvpn/mroute.c | 2 +- > src/openvpn/mroute.h | 2 +- > src/openvpn/mss.c | 2 +- > src/openvpn/mss.h | 2 +- > src/openvpn/mstats.c | 2 +- > src/openvpn/mstats.h | 2 +- > src/openvpn/mtcp.c | 2 +- > src/openvpn/mtcp.h | 2 +- > src/openvpn/mtu.c
Re: [Openvpn-devel] [PATCH release/2.4] Update copyrights
Hi, On 21-12-16 21:00, David Sommerseth wrote: > Signed-off-by: David Sommerseth> --- > COPYING | 2 +- > ChangeLog | 2 +- > Makefile.am | 2 +- > PORTS | 2 +- > build/Makefile.am | 2 +- > build/msvc/Makefile.am| 2 +- > build/msvc/msvc-generate/Makefile.am | 2 +- > configure.ac | 2 +- > dev-tools/reformat-all.sh | 2 +- > dev-tools/update-copyright.sh | 2 +- > distro/Makefile.am| 2 +- > distro/rpm/Makefile.am| 2 +- > doc/Makefile.am | 2 +- > doc/doxygen/doc_compression.h | 2 +- > doc/doxygen/doc_control_processor.h | 2 +- > doc/doxygen/doc_control_tls.h | 2 +- > doc/doxygen/doc_data_control.h| 2 +- > doc/doxygen/doc_data_crypto.h | 2 +- > doc/doxygen/doc_eventloop.h | 2 +- > doc/doxygen/doc_external_multiplexer.h| 2 +- > doc/doxygen/doc_fragmentation.h | 2 +- > doc/doxygen/doc_internal_multiplexer.h| 2 +- > doc/doxygen/doc_key_generation.h | 2 +- > doc/doxygen/doc_mainpage.h| 2 +- > doc/doxygen/doc_memory_management.h | 2 +- > doc/doxygen/doc_protocol_overview.h | 2 +- > doc/doxygen/doc_reliable.h| 2 +- > doc/doxygen/doc_tunnel_state.h| 2 +- > doc/openvpn.8 | 2 +- > include/Makefile.am | 2 +- > include/openvpn-msg.h | 2 +- > include/openvpn-plugin.h.in | 2 +- > sample/Makefile.am| 2 +- > sample/sample-plugins/defer/simple.c | 2 +- > .../keying-material-exporter-demo/keyingmaterialexporter.c| 2 +- > sample/sample-plugins/log/log.c | 2 +- > sample/sample-plugins/log/log_v3.c| 2 +- > sample/sample-plugins/simple/simple.c | 2 +- > src/Makefile.am | 2 +- > src/compat/Makefile.am| 2 +- > src/compat/compat-gettimeofday.c | 2 +- > src/openvpn/Makefile.am | 2 +- > src/openvpn/argv.c| 2 +- > src/openvpn/argv.h| 2 +- > src/openvpn/basic.h | 2 +- > src/openvpn/block_dns.c | 2 +- > src/openvpn/buffer.c | 2 +- > src/openvpn/buffer.h | 2 +- > src/openvpn/circ_list.h | 2 +- > src/openvpn/clinat.c | 2 +- > src/openvpn/clinat.h | 2 +- > src/openvpn/common.h | 2 +- > src/openvpn/comp-lz4.c| 4 > ++-- > src/openvpn/comp-lz4.h| 4 > ++-- > src/openvpn/comp.c| 2 +- > src/openvpn/comp.h| 2 +- > src/openvpn/compstub.c| 2 +- > src/openvpn/console.c | 4 > ++-- > src/openvpn/console.h | 4 > ++-- > src/openvpn/console_builtin.c | 4 > ++-- > src/openvpn/crypto.c
[Openvpn-devel] [PATCH release/2.3] Update copyrights
Signed-off-by: David Sommerseth--- COPYING| 2 +- ChangeLog | 2 +- Makefile.am| 2 +- PORTS | 2 +- build/Makefile.am | 2 +- build/msvc/Makefile.am | 2 +- build/msvc/msvc-generate/Makefile.am | 2 +- configure.ac | 2 +- dev-tools/update-copyright.sh | 2 +- distro/Makefile.am | 2 +- distro/rpm/Makefile.am | 2 +- doc/Makefile.am| 2 +- doc/doxygen/doc_compression.h | 2 +- doc/doxygen/doc_control_processor.h| 2 +- doc/doxygen/doc_control_tls.h | 2 +- doc/doxygen/doc_data_control.h | 2 +- doc/doxygen/doc_data_crypto.h | 2 +- doc/doxygen/doc_eventloop.h| 2 +- doc/doxygen/doc_external_multiplexer.h | 2 +- doc/doxygen/doc_fragmentation.h| 2 +- doc/doxygen/doc_internal_multiplexer.h | 2 +- doc/doxygen/doc_key_generation.h | 2 +- doc/doxygen/doc_mainpage.h | 2 +- doc/doxygen/doc_memory_management.h| 2 +- doc/doxygen/doc_protocol_overview.h| 2 +- doc/doxygen/doc_reliable.h | 2 +- doc/doxygen/doc_tunnel_state.h | 2 +- doc/openvpn.8 | 2 +- include/Makefile.am| 2 +- include/openvpn-plugin.h | 2 +- sample/Makefile.am | 2 +- sample/sample-plugins/defer/simple.c | 2 +- sample/sample-plugins/log/log.c| 2 +- sample/sample-plugins/log/log_v3.c | 2 +- sample/sample-plugins/simple/simple.c | 2 +- src/Makefile.am| 2 +- src/compat/Makefile.am | 2 +- src/compat/compat-gettimeofday.c | 2 +- src/openvpn/Makefile.am| 2 +- src/openvpn/basic.h| 2 +- src/openvpn/buffer.c | 2 +- src/openvpn/buffer.h | 2 +- src/openvpn/circ_list.h| 2 +- src/openvpn/clinat.c | 2 +- src/openvpn/clinat.h | 2 +- src/openvpn/common.h | 2 +- src/openvpn/console.c | 2 +- src/openvpn/console.h | 2 +- src/openvpn/crypto.c | 4 ++-- src/openvpn/crypto.h | 4 ++-- src/openvpn/crypto_backend.h | 4 ++-- src/openvpn/crypto_openssl.c | 4 ++-- src/openvpn/crypto_openssl.h | 4 ++-- src/openvpn/crypto_polarssl.c | 4 ++-- src/openvpn/crypto_polarssl.h | 4 ++-- src/openvpn/dhcp.c | 2 +- src/openvpn/dhcp.h | 2 +- src/openvpn/errlevel.h | 2 +- src/openvpn/error.c| 2 +- src/openvpn/error.h| 2 +- src/openvpn/event.c| 2 +- src/openvpn/event.h| 2 +- src/openvpn/fdmisc.c | 2 +- src/openvpn/fdmisc.h | 2 +- src/openvpn/forward-inline.h | 2 +- src/openvpn/forward.c | 2 +- src/openvpn/forward.h | 2 +- src/openvpn/fragment.c | 2 +- src/openvpn/fragment.h | 2 +- src/openvpn/gremlin.c | 2 +- src/openvpn/gremlin.h | 2 +- src/openvpn/helper.c | 2 +- src/openvpn/helper.h | 2 +- src/openvpn/httpdigest.c | 2 +- src/openvpn/httpdigest.h | 2 +- src/openvpn/init.c | 2 +- src/openvpn/init.h | 2 +- src/openvpn/integer.h | 2 +- src/openvpn/interval.c | 2 +- src/openvpn/interval.h | 2 +- src/openvpn/list.c | 2 +- src/openvpn/list.h | 2 +- src/openvpn/lzo.c | 2 +- src/openvpn/lzo.h | 2 +- src/openvpn/manage.c | 2 +- src/openvpn/manage.h | 2 +- src/openvpn/mbuf.c | 2 +- src/openvpn/mbuf.h | 2 +- src/openvpn/memdbg.h | 2 +- src/openvpn/misc.c | 2 +- src/openvpn/misc.h | 2 +- src/openvpn/mroute.c | 2 +- src/openvpn/mroute.h | 2 +- src/openvpn/mss.c | 2 +- src/openvpn/mss.h | 2 +- src/openvpn/mstats.c | 2 +- src/openvpn/mstats.h | 2 +- src/openvpn/mtcp.c | 2 +- src/openvpn/mtcp.h | 2 +- src/openvpn/mtu.c | 2 +- src/openvpn/mtu.h | 2 +- src/openvpn/mudp.c | 2 +- src/openvpn/mudp.h | 2 +- src/openvpn/multi.c| 2 +- src/openvpn/multi.h
[Openvpn-devel] [PATCH release/2.4] Update copyrights
Signed-off-by: David Sommerseth--- COPYING | 2 +- ChangeLog | 2 +- Makefile.am | 2 +- PORTS | 2 +- build/Makefile.am | 2 +- build/msvc/Makefile.am| 2 +- build/msvc/msvc-generate/Makefile.am | 2 +- configure.ac | 2 +- dev-tools/reformat-all.sh | 2 +- dev-tools/update-copyright.sh | 2 +- distro/Makefile.am| 2 +- distro/rpm/Makefile.am| 2 +- doc/Makefile.am | 2 +- doc/doxygen/doc_compression.h | 2 +- doc/doxygen/doc_control_processor.h | 2 +- doc/doxygen/doc_control_tls.h | 2 +- doc/doxygen/doc_data_control.h| 2 +- doc/doxygen/doc_data_crypto.h | 2 +- doc/doxygen/doc_eventloop.h | 2 +- doc/doxygen/doc_external_multiplexer.h| 2 +- doc/doxygen/doc_fragmentation.h | 2 +- doc/doxygen/doc_internal_multiplexer.h| 2 +- doc/doxygen/doc_key_generation.h | 2 +- doc/doxygen/doc_mainpage.h| 2 +- doc/doxygen/doc_memory_management.h | 2 +- doc/doxygen/doc_protocol_overview.h | 2 +- doc/doxygen/doc_reliable.h| 2 +- doc/doxygen/doc_tunnel_state.h| 2 +- doc/openvpn.8 | 2 +- include/Makefile.am | 2 +- include/openvpn-msg.h | 2 +- include/openvpn-plugin.h.in | 2 +- sample/Makefile.am| 2 +- sample/sample-plugins/defer/simple.c | 2 +- .../keying-material-exporter-demo/keyingmaterialexporter.c| 2 +- sample/sample-plugins/log/log.c | 2 +- sample/sample-plugins/log/log_v3.c| 2 +- sample/sample-plugins/simple/simple.c | 2 +- src/Makefile.am | 2 +- src/compat/Makefile.am| 2 +- src/compat/compat-gettimeofday.c | 2 +- src/openvpn/Makefile.am | 2 +- src/openvpn/argv.c| 2 +- src/openvpn/argv.h| 2 +- src/openvpn/basic.h | 2 +- src/openvpn/block_dns.c | 2 +- src/openvpn/buffer.c | 2 +- src/openvpn/buffer.h | 2 +- src/openvpn/circ_list.h | 2 +- src/openvpn/clinat.c | 2 +- src/openvpn/clinat.h | 2 +- src/openvpn/common.h | 2 +- src/openvpn/comp-lz4.c| 4 ++-- src/openvpn/comp-lz4.h| 4 ++-- src/openvpn/comp.c| 2 +- src/openvpn/comp.h| 2 +- src/openvpn/compstub.c| 2 +- src/openvpn/console.c | 4 ++-- src/openvpn/console.h | 4 ++-- src/openvpn/console_builtin.c | 4 ++-- src/openvpn/crypto.c | 4 ++-- src/openvpn/crypto.h | 4 ++-- src/openvpn/crypto_backend.h | 4 ++--
[Openvpn-devel] [PATCH] Update copyrights
These patches updates the copyright lines with an updated year. The result is generated by the ./dev-tools/update-copyright.sh script. -- kind regards, David Sommerseth OpenVPN Technologies, Inc -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH master] Update copyrights
Signed-off-by: David Sommerseth--- COPYING | 2 +- ChangeLog | 2 +- Makefile.am | 2 +- PORTS | 2 +- build/Makefile.am | 2 +- build/msvc/Makefile.am| 2 +- build/msvc/msvc-generate/Makefile.am | 2 +- configure.ac | 2 +- dev-tools/reformat-all.sh | 2 +- dev-tools/update-copyright.sh | 2 +- distro/Makefile.am| 2 +- distro/rpm/Makefile.am| 2 +- doc/Makefile.am | 2 +- doc/doxygen/doc_compression.h | 2 +- doc/doxygen/doc_control_processor.h | 2 +- doc/doxygen/doc_control_tls.h | 2 +- doc/doxygen/doc_data_control.h| 2 +- doc/doxygen/doc_data_crypto.h | 2 +- doc/doxygen/doc_eventloop.h | 2 +- doc/doxygen/doc_external_multiplexer.h| 2 +- doc/doxygen/doc_fragmentation.h | 2 +- doc/doxygen/doc_internal_multiplexer.h| 2 +- doc/doxygen/doc_key_generation.h | 2 +- doc/doxygen/doc_mainpage.h| 2 +- doc/doxygen/doc_memory_management.h | 2 +- doc/doxygen/doc_protocol_overview.h | 2 +- doc/doxygen/doc_reliable.h| 2 +- doc/doxygen/doc_tunnel_state.h| 2 +- doc/openvpn.8 | 2 +- include/Makefile.am | 2 +- include/openvpn-msg.h | 2 +- include/openvpn-plugin.h.in | 2 +- sample/Makefile.am| 2 +- sample/sample-plugins/defer/simple.c | 2 +- .../keying-material-exporter-demo/keyingmaterialexporter.c| 2 +- sample/sample-plugins/log/log.c | 2 +- sample/sample-plugins/log/log_v3.c| 2 +- sample/sample-plugins/simple/simple.c | 2 +- src/Makefile.am | 2 +- src/compat/Makefile.am| 2 +- src/compat/compat-gettimeofday.c | 2 +- src/openvpn/Makefile.am | 2 +- src/openvpn/argv.c| 2 +- src/openvpn/argv.h| 2 +- src/openvpn/basic.h | 2 +- src/openvpn/block_dns.c | 2 +- src/openvpn/buffer.c | 2 +- src/openvpn/buffer.h | 2 +- src/openvpn/circ_list.h | 2 +- src/openvpn/clinat.c | 2 +- src/openvpn/clinat.h | 2 +- src/openvpn/common.h | 2 +- src/openvpn/comp-lz4.c| 4 ++-- src/openvpn/comp-lz4.h| 4 ++-- src/openvpn/comp.c| 2 +- src/openvpn/comp.h| 2 +- src/openvpn/compstub.c| 2 +- src/openvpn/console.c | 4 ++-- src/openvpn/console.h | 4 ++-- src/openvpn/console_builtin.c | 4 ++-- src/openvpn/crypto.c | 4 ++-- src/openvpn/crypto.h | 4 ++-- src/openvpn/crypto_backend.h | 4 ++--
Re: [Openvpn-devel] [PATCH applied] dev-tools: Added script for updating copyright years in files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've done a quick update to the patch at commit time. As suggested by Steffan, I've changed from excluding cmocka to exclude vendor/. In addition @sophos.com copyright lines will also be included in this update. If anyone else wants to be included in these updates, please let us know and we will update the script accordingly. Your patch has been applied to the following branches commit da8f11f895bb78174d4412d82a6992c398da495a (master) commit 0b159a62ed1c9d60e0c7001b025d2d016a90057f (release/2.4) commit 9e2bbbc7bc9bb126ed1061cf0c2ee2fb5ffc919d (release/2.3) Author: David Sommerseth Date: Mon Dec 19 19:52:12 2016 +0100 dev-tools: Added script for updating copyright years in files Signed-off-by: David SommersethAcked-by: Steffan Karger Message-Id: <1482173532-25132-1-git-send-email-dav...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13645.html - -- kind regards, David Sommerseth -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJYWm4lAAoJEIbPlEyWcf3ydKgQAKaAAAXh9G+FqkyCXRdNxR0X R4WQqI6oU+uejUqg2EXQYPp/xfBuqZM+k7XlzqMpsHR7YRnEHSb30gRxokFdHdwa o1fBnDy1GWl+y+ZpFwnVTfwX2pu+6eoxqxku7eiMFrQayzZnm0P9Y+Aq4PrL3OWl 1nwS5zPO3YkAW7KNCDK+7pXXqLNINI3Pj6LdfAoAEOeXK3Qi1umgdFTwh1nGCq5J xnXTn6b0aF8aURqjRnA51Sz3Pg36YquA7nuoP7AiGGlmD3ctiys4QCOYdjPk0Qs8 aliYHvtRMeNhfiH3SjIixY+J0Mk0EUqP0AXPUu6YvdJ99tzyGhhgcpcS+pHkC1cF 9iyLpKPwpKG4cVbsqhMw7WDkZZqCxxfDkUd0i64nt3T35IaLjkwDq1Bw6KAeREs2 sRT8ptrq7u4b+X34xdU3ah/dgl7KXzYk03A7bhrkopvZpnxlEPQ2nljhk0duu1lB mv9Af0be4lSN+4WOo8XPrpnlc0o24oKDErjyHsfbVjI1mcl1hhqjUCz7XH4qP2/e Iqjh9rQG2mbl0d8IiVhZpowHHB5EKjQ8XjxOHXZ9YBKYy1WiHC5bOOZAMaBupJk6 sUN7THfoPbbMG5kWMQdogeW27Fuqvx5G3UfuMmesTgkwgRMPUtRaELMgQLaP6raM RbAG5ScQAowiLsCrOaiT =YMgD -END PGP SIGNATURE- -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] Google Summer of Code
Am 19.12.2016 um 11:01 schrieb Илья Шипицин: > > it seems, it depends on network-manager version. > on fedora 23 I cannot import files, but on ubuntu I can. Fedora 23 goes out of support these days (it's now more than 4 weeks after Fedora 25 release), so it's time to upgrade... -- Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel