Hi,
On Mon, Dec 12, 2022 at 05:06:47PM +, Maximilian Fillinger wrote:
> Well, now that my solution is acked, we can just go with it.
It got an after-NAK, as there is an off-by-one... so feel free to
send a v2 either way :-)
gert
--
"If was one thing all people took for granted, was
> So if you have a limit like 733, you need to actually decode the base64
> to check if it is short enough. The alternative would be to only allow
> 732 bytes, so we could check the base64 length again or use 735 bytes
> and use a maximum tls-crypt wrapped key size of 1026 bytes (which sounds
> a
Am 26.11.22 um 17:26 schrieb Max Fillinger:
The current code only checks if the base64-encoded metadata is at most
980 characters. However, that can encode up to 735 bytes of data, while
only up to 733 bytes are allowed. When passing 734 or 735 bytes, openvpn
prints a misleading error message
Hi,
On Mon, Dec 12, 2022 at 12:24:10PM +, Maximilian Fillinger wrote:
> Right now, openvpn just checks that we have at most 980 base64 characters
> and then tries to decode them into a 733 byte buffer. But 980 characters
> of base64 can encode up to 735 bytes. In that case, openvpn gives a
Hi!
> -Original Message-
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: maandag 12 december 2022 13:03
> To: Maximilian Fillinger
> Cc: openvpn-devel@lists.sourceforge.net
> Subject: Re: [Openvpn-devel] [PATCH 2/2] Fix message for too long tls-
> cryp
Am 12.12.22 um 13:03 schrieb Gert Doering:
Hi,
On Sat, Nov 26, 2022 at 05:26:48PM +0100, Max Fillinger wrote:
The current code only checks if the base64-encoded metadata is at most
980 characters. However, that can encode up to 735 bytes of data, while
only up to 733 bytes are allowed. When
Hi,
On Sat, Nov 26, 2022 at 05:26:48PM +0100, Max Fillinger wrote:
> The current code only checks if the base64-encoded metadata is at most
> 980 characters. However, that can encode up to 735 bytes of data, while
> only up to 733 bytes are allowed. When passing 734 or 735 bytes, openvpn
> prints
Am 26.11.22 um 17:26 schrieb Max Fillinger:
The current code only checks if the base64-encoded metadata is at most
980 characters. However, that can encode up to 735 bytes of data, while
only up to 733 bytes are allowed. When passing 734 or 735 bytes, openvpn
prints a misleading error message
The current code only checks if the base64-encoded metadata is at most
980 characters. However, that can encode up to 735 bytes of data, while
only up to 733 bytes are allowed. When passing 734 or 735 bytes, openvpn
prints a misleading error message saying that the base64 cannot be
decoded.
This
