From patchwork Sat Nov 26 16:26:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maximilian Fillinger X-Patchwork-Id: 2857 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.27.255.7]) by backend30.mail.ord1d.rsapps.net with LMTP id kORdKKI+gmMjXwAAIUCqbw (envelope-from ) for ; Sat, 26 Nov 2022 11:28:18 -0500 Received: from proxy15.mail.iad3a.rsapps.net ([172.27.255.7]) by director9.mail.ord1d.rsapps.net with LMTP id AI4cKKI+gmP0NQAAalYnBA (envelope-from ) for ; Sat, 26 Nov 2022 11:28:18 -0500 Received: from smtp17.gate.iad3a ([172.27.255.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy15.mail.iad3a.rsapps.net with LMTPS id aCYPIaI+gmOlAQAAHi9b9g (envelope-from ) for ; Sat, 26 Nov 2022 11:28:18 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (key not found in DNS) header.d=foxcrypto.com; dmarc=fail (p=none; dis=none) header.from=foxcrypto.com X-Suspicious-Flag: YES X-Classification-ID: 55413d8c-6da7-11ed-a08b-525400723ca9-1-1 Received: from [216.105.38.7] ([216.105.38.7:58626] helo=lists.sourceforge.net) by smtp17.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id F6/C7-11756-2AE32836; Sat, 26 Nov 2022 11:28:18 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1oyy1N-0007l5-Ol; Sat, 26 Nov 2022 16:27:17 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1oyy1M-0007kx-DM for openvpn-devel@lists.sourceforge.net; Sat, 26 Nov 2022 16:27:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Date:Subject:CC:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=APFVUkOlmHBAQfIvsnRerIxHEdH0yaK8ZU1CwPRh6AY=; b=CuBDOEYSjJd8y+AyBLBmpx6XAJ PTlEMQSxClW02PTBGhPAzvTwIhjhUpTxqlQCY+j5yCmU00jpOBjlHVFcuc8H7za5wAnFivZTM7J54 IMsw64TWaDbeTf+2e85uS8w4Azfzez6IVIy49fTkZ2aPF2h0BMjct7E9HDEaDSx5tVUw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Date: Subject:CC:To:From:Sender:Reply-To:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=APFVUkOlmHBAQfIvsnRerIxHEdH0yaK8ZU1CwPRh6AY=; b=e wsx3PHhRfsDiITEHqCEmKqjvgYF1S9UfteCTH8CiiLw68ekYqF7/18QBBfacNHA8N1V+xNATyVh09 Dg1QJ7LMM86K2wATfW3KE+DFR9FF0RBlbPWe6Mtzu8gBcUOsg2CtETGa1L3wV4iKbuK+RzKVx+K1J rFWkTKliW25gYGjg=; Received: from nl-dft-mx-01.fox-it.com ([178.250.144.135]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1oyy1G-0002Ov-MA for openvpn-devel@lists.sourceforge.net; Sat, 26 Nov 2022 16:27:16 +0000 From: Max Fillinger To: Date: Sat, 26 Nov 2022 17:26:47 +0100 Message-ID: <20221126162648.150678-1-maximilian.fillinger@foxcrypto.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-ClientProxiedBy: FOXDFT1EX01.FOX.local (10.0.0.129) To FOXDFT1EX01.FOX.local (10.0.0.129) X-FE-Policy-ID: 13:3:2:SYSTEM DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=foxcrypto.com; s=NL-DFT-MX-01; c=relaxed/relaxed; h=from:to:cc:subject:date:message-id:mime-version:content-type; bh=APFVUkOlmHBAQfIvsnRerIxHEdH0yaK8ZU1CwPRh6AY=; b=4rWRDwEgMabjWRKVTwke8wrGWhhhMYNTV7tGHR/11LWprUFFIhbxaOzkjrT3xB1A3sZJ/KOdMUSf WbplJxEZardaIqTlcdGmEwfj5Il1GZ5jSVIMPEly7gdBfNdVt5ZZg4yUJKT+rK0KuEUJqV367uAF wOQEmlChm3bAmjhNTVAXOjQQnczzUdtu14QZ0jlNnIDhEejJMsiLJ7/HKUvxhlyP/TV1hMmzlCM0 XJ4RwywK+CCtdveteQdLBhL4QSU89rZwFlHGtqxP7hb+uzuon+ibqMKsiaPdClHkOqlLuTKQJR9L vi6wzqGC0qmFjXgRef7i3OjXjQWMpI4TnUhCfw== X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The manual page claims that the client metadata can be up to 735 bytes (encoded as upt to 980 characters base64), but the actual maximum length is 733 bytes which is also encoded as 980 characters in [...] Content analysis details: (0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid X-Headers-End: 1oyy1G-0002Ov-MA Subject: [Openvpn-devel] [PATCH 1/2] Correct tls-crypt-v2 metadata length in man page X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The manual page claims that the client metadata can be up to 735 bytes (encoded as upt to 980 characters base64), but the actual maximum length is 733 bytes which is also encoded as 980 characters in base64. Signed-off-by: Max Fillinger Acked-By: Arne Schwabe --- doc/man-sections/encryption-options.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man-sections/encryption-options.rst b/doc/man-sections/encryption-options.rst index ee34f14e..abc73d90 100644 --- a/doc/man-sections/encryption-options.rst +++ b/doc/man-sections/encryption-options.rst @@ -104,7 +104,8 @@ Generating key material If supplied, include the supplied ``metadata`` in the wrapped client key. This metadata must be supplied in base64-encoded form. The - metadata must be at most 735 bytes long (980 bytes in base64). + metadata must be at most 733 bytes long (980 characters in base64, though + note that 980 base64 characters can encode more than 733 bytes). If no metadata is supplied, OpenVPN will use a 64-bit unix timestamp representing the current time in UTC, encoded in network order, as