| Message ID | 20210919162956.695496-4-arne@rfc2549.org |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id aJTTINhlR2FzHgAAIUCqbw (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Sun, 19 Sep 2021 12:31:20 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director7.mail.ord1d.rsapps.net with LMTP id cAu5INhlR2E0ZQAAovjBpQ (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Sun, 19 Sep 2021 12:31:20 -0400 Received: from smtp29.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id kCbpD8hlR2F4NgAAgKDEHA (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Sun, 19 Sep 2021 12:31:04 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp29.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 0506db3c-1967-11ec-ad97-525400f257a9-1-1 Received: from [216.105.38.7] ([216.105.38.7:50826] helo=lists.sourceforge.net) by smtp29.gate.ord1d.rsapps.net (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id FA/20-02359-8D567416; Sun, 19 Sep 2021 12:31:20 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1mRzi0-0002rJ-Hx; Sun, 19 Sep 2021 16:30:28 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <arne@kamera.blinkt.de>) id 1mRzht-0002pD-6A for openvpn-devel@lists.sourceforge.net; Sun, 19 Sep 2021 16:30:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=aAZGYDP/4Q7A2Hdh1yiyLAN2ZqEw+EEJpuBmJZEq4JM=; b=GbLjNJc8lJqtoggGtrEEliiA7G l5qgR9J+21ux28J/Ax1QJ6Y8OzOLqZsMSoY2TQ3nVz4qZCw2rJR9bhdnNMoCaXfmupyvrlTTDoBZ1 yTtXxVS2azyEH48QdpqdIz/06jVzmqJowz4Rz2tKfZPQo4el7o95j/N2tEx1t7+U8tS4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=aAZGYDP/4Q7A2Hdh1yiyLAN2ZqEw+EEJpuBmJZEq4JM=; b=XWXUpaJ01MC1xqghL32GGZp5jt dIAZoWp19B6GMwoEesxPo2+Ya6qVOBiHuownUgYswixAgf70PTtHBk3lmjMM+3vvzLOw0Kpi9B8dP 7AK6YJt0SiB/MNeozJUthj21sAqegzSbUbjak8rVQDrWOI6UXfjtRc+9vWJhYKpf7sbg=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mRzhi-00Fy7S-EM for openvpn-devel@lists.sourceforge.net; Sun, 19 Sep 2021 16:30:13 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from <arne@kamera.blinkt.de>) id 1mRzhU-0002Yd-HK for openvpn-devel@lists.sourceforge.net; Sun, 19 Sep 2021 18:29:56 +0200 Received: (nullmailer pid 695558 invoked by uid 10006); Sun, 19 Sep 2021 16:29:56 -0000 From: Arne Schwabe <arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Sun, 19 Sep 2021 18:29:52 +0200 Message-Id: <20210919162956.695496-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210919162956.695496-1-arne@rfc2549.org> References: <20210919162956.695496-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: DES is very deprecated and accidently getting on the of the 16 insecure keys that OpenSSL checks is extremely unlikely so we no longer use the deprecated functions without replacement in OpenSSL 3.0. [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1mRzhi-00Fy7S-EM Subject: [Openvpn-devel] [PATCH 4/8] [OSSL 3.0] Remove DES check with OpenSSL 3.0 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox |
| Series |
[Openvpn-devel,1/8,OSSL,3.0] Use new EVP_MAC API for HMAC implementation
|
expand
|
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index b4c59557b..9df6da02c 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -522,6 +522,11 @@ key_des_num_cblocks(const EVP_CIPHER *kt) bool key_des_check(uint8_t *key, int key_len, int ndc) { +#if OPENSSL_VERSION_NUMBER < 0x30000000L + /* DES is deprecated and the method to even check the keys is deprecated + * in OpenSSL 3.0. Instead of checking for the 16 weak/semi-weak keys + * we just accept them in OpenSSL 3.0 since the risk of randomly getting + * these is pretty weak */ int i; struct buffer b; @@ -554,6 +559,9 @@ key_des_check(uint8_t *key, int key_len, int ndc) err: ERR_clear_error(); return false; +#else + return true; +#endif } void