From patchwork Wed Dec 1 07:07:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2100 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id AJ9xCCe6p2ESbAAAIUCqbw (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 Received: from proxy8.mail.ord1c.rsapps.net ([172.28.255.1]) by director13.mail.ord1d.rsapps.net with LMTP id uNcrCCe6p2FVCAAA91zNiA (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 Received: from smtp9.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.ord1c.rsapps.net with LMTPS id oA2DBie6p2EoHQAAHz/atg (envelope-from ) for ; Wed, 01 Dec 2021 13:08:39 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp9.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: b4c82aa0-52d1-11ec-8cf8-0026b95bddb7-1-1 Received: from [216.105.38.7] ([216.105.38.7:34110] helo=lists.sourceforge.net) by smtp9.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 5F/B4-15515-62AB7A16; Wed, 01 Dec 2021 13:08:38 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1msU1A-0005pJ-FQ; Wed, 01 Dec 2021 18:07:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1msU17-0005ow-6Y for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jkFXjx0uAn+oYwXD9PE9PC7svW6usdt9DnFqlxkkNPY=; b=S2TEWBInDnCcIwybpZuelrV6ki /msHR/ScVIAEptafQoKfADvrLmzWCVQdUKD41wzBBgqE2k6HZS+iP61K6/EsslI6mo1d6fsA4dXRT pfSyJS7ujREkLvfWs0Up+P1vBqqUL82F+yG6sCZ8HLNL6D8NcqWmItYsk+perqgDsxwU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jkFXjx0uAn+oYwXD9PE9PC7svW6usdt9DnFqlxkkNPY=; b=WwAXaF0BGexoHH1N3nTTPxNtPB kQxER4Fx9PZrdz+r6eJcTD7Bhsp7GYS10xK1IVy2oQiUsxxA29f36VRagZzEXAxje4QNK1mQHkTW1 1LaeNGakCGwD3M1EWcvpv9dXnebiz/6PK1cqQK4ZYjlrdrPPenvK1uYOMRd2fGs32ZLA=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1msU15-000ZiL-PL for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 18:07:41 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1msU0t-0000KM-L6 for openvpn-devel@lists.sourceforge.net; Wed, 01 Dec 2021 19:07:27 +0100 Received: (nullmailer pid 2496958 invoked by uid 10006); Wed, 01 Dec 2021 18:07:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Dec 2021 19:07:22 +0100 Message-Id: <20211201180727.2496903-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211201180727.2496903-1-arne@rfc2549.org> References: <20211201180727.2496903-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Remove --keysize from the manual page and also remove mentioning variable key size in output of ciphers as there is no longer a way to change the keysize. Signed-off-by: Arne Schwabe --- doc/man-sections/protocol-options.rst | 11 src/openvpn/crypto.c | 7 ++----- src/openvpn/crypto_mbedtls.h | 6 ------ src/openvpn/crypto_op [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different X-Headers-End: 1msU15-000ZiL-PL Subject: [Openvpn-devel] [PATCH 4/9] Remove cipher_kt_var_key_size and remaining --keysize documentation X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Remove --keysize from the manual page and also remove mentioning variable key size in output of ciphers as there is no longer a way to change the keysize. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- doc/man-sections/protocol-options.rst | 11 ----------- src/openvpn/crypto.c | 7 ++----- src/openvpn/crypto_mbedtls.h | 6 ------ src/openvpn/crypto_openssl.h | 6 ------ 4 files changed, 2 insertions(+), 28 deletions(-) diff --git a/doc/man-sections/protocol-options.rst b/doc/man-sections/protocol-options.rst index 7095b6f4d..f4be6f984 100644 --- a/doc/man-sections/protocol-options.rst +++ b/doc/man-sections/protocol-options.rst @@ -183,17 +183,6 @@ configured in a compatible way between both the local and remote side. ``--tls-auth`` and ``--secret`` options. Useful when using inline files (See section on inline files). ---keysize n - **DEPRECATED** This option will be removed in OpenVPN 2.6. - - Size of cipher key in bits (optional). If unspecified, defaults to - cipher-specific default. The ``--show-ciphers`` option (see below) shows - all available OpenSSL ciphers, their default key sizes, and whether the - key size can be changed. Use care in changing a cipher's default key - size. Many ciphers have not been extensively cryptanalyzed with - non-standard key lengths, and a larger key may offer no real guarantee - of greater security, or may even reduce security. - --data-ciphers cipher-list Restrict the allowed ciphers to be negotiated to the ciphers in ``cipher-list``. ``cipher-list`` is a colon-separated list of ciphers, diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 27ed1402c..0d577624e 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -1626,12 +1626,9 @@ get_random(void) void print_cipher(const cipher_kt_t *cipher) { - const char *var_key_size = cipher_kt_var_key_size(cipher) ? - " by default" : ""; - - printf("%s (%d bit key%s, ", + printf("%s (%d bit key, ", cipher_kt_name(cipher), - cipher_kt_key_size(cipher) * 8, var_key_size); + cipher_kt_key_size(cipher) * 8); if (cipher_kt_block_size(cipher) == 1) { diff --git a/src/openvpn/crypto_mbedtls.h b/src/openvpn/crypto_mbedtls.h index 758ab1b40..b2e9eceab 100644 --- a/src/openvpn/crypto_mbedtls.h +++ b/src/openvpn/crypto_mbedtls.h @@ -149,10 +149,4 @@ mbed_log_func_line_lite(unsigned int flags, int errval, #define mbed_ok(errval) \ mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__) -static inline bool -cipher_kt_var_key_size(const cipher_kt_t *cipher) -{ - return cipher->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN; -} - #endif /* CRYPTO_MBEDTLS_H_ */ diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index 446f08508..6eb16a906 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -114,12 +114,6 @@ void crypto_print_openssl_errors(const unsigned int flags); msg((flags), __VA_ARGS__); \ } while (false) -static inline bool -cipher_kt_var_key_size(const cipher_kt_t *cipher) -{ - return EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH; -} - /** * Load a key file from an engine *