[Openvpn-devel,v3,04/21,OSSL,3.0] Remove DES check with OpenSSL 3.0

From: Arne Schwabe <arne@rfc2549.org>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 19 Oct 2021 20:31:10 +0200
Message-Id: <20211019183127.614175-5-arne@rfc2549.org>
In-Reply-To: <20211019183127.614175-1-arne@rfc2549.org>
References: <20211019183127.614175-1-arne@rfc2549.org>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH v3 04/21] [OSSL 3.0] Remove DES check with
 OpenSSL 3.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Message ID	20211019183127.614175-5-arne@rfc2549.org
State	Accepted
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> From: Arne Schwabe <arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:31:10 +0200 Message-Id: <20211019183127.614175-5-arne@rfc2549.org> In-Reply-To: <20211019183127.614175-1-arne@rfc2549.org> References: <20211019183127.614175-1-arne@rfc2549.org> MIME-Version: 1.0 preview: DES is very deprecated and accidently getting on the of the 16 insecure keys that OpenSSL checks is extremely unlikely so we no longer use the deprecated functions without replacement in OpenSSL 3.0. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record Subject: [Openvpn-devel] [PATCH v3 04/21] [OSSL 3.0] Remove DES check with OpenSSL 3.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	OpenSSL 3.0 improvements for OpenVPN \| expand [Openvpn-devel,v3,00/21] OpenSSL 3.0 improvements for OpenVPN [Openvpn-devel,v3,01/21,OSSL,3.0] Use new EVP_MAC API for HMAC implementation [Openvpn-devel,v3,02/21,OSSL,3.0] Add --with-openssl-engine autoconf option (auto\|yes\|no) [Openvpn-devel,v3,03/21,OSSL,3.0] Implement DES ECB encrypt via EVP_CIPHER api [Openvpn-devel,v3,04/21,OSSL,3.0] Remove DES check with OpenSSL 3.0 [Openvpn-devel,v3,05/21,OSSL,3.0] Use EVP_PKEY based API for loading DH keys [Openvpn-devel,v3,06/21,OSSL,3.0] Deprecate --ecdh-curve with OpenSSL 3.0 and adjust mbed TLS messa… [Openvpn-devel,v3,07/21,OSSL,3.0] Remove DES key fixup code [Openvpn-devel,v3,08/21,OSSL,3.0] Use EVP_PKEY_get_group_name to query group name [Openvpn-devel,v3,09/21] Refactor early initialisation and uninitialisation into methods [Openvpn-devel,v3,10/21,OSSL,3.0] Replace EVP_get_cipherbyname with EVP_CIPHER_fetch [Openvpn-devel,v3,11/21,OSSL,3.0] USe EVP_MD_get0_name instead EV_MD_name [Openvpn-devel,v3,12/21,OSSL,3.0] Allow loading of non default providers [Openvpn-devel,v3,13/21,OSSL,3.0] Remove dependency on BF-CBC existance from test_ncp [Openvpn-devel,v3,14/21,OSSL,3.0] Use TYPE_do_all_provided function for listing cipher/digest [Openvpn-devel,v3,15/21,OSSL,3.0] Do not allow CTS ciphers [Openvpn-devel,v3,16/21] Add message when decoding PKCS12 file fails. [Openvpn-devel,v3,17/21] Add small unit test for testing HMAC [Openvpn-devel,v3,18/21] Fix error when BF-CBC is not available [Openvpn-devel,v3,19/21] Add insecure tls-cert-profile options [Openvpn-devel,v3,20/21] Add macos OpenSSL 3.0 and ASAN builds [Openvpn-devel,v3,21/21] Always use 8192 bytes for ERR_BUF_SIZE

[Openvpn-devel,v3,04/21,OSSL,3.0] Remove DES check with OpenSSL 3.0

Commit Message

Comments

Patch