)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":25,"context_line":"unsupported, but it\u0027s the latest long-term support release to still be"},{"line_number":26,"context_line":"released under the GPL."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"This commit breaks compatibility for mbed TLS version 2.x.y. A"},{"line_number":29,"context_line":"compatibility header will be added in a follow-up commit."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Change-Id: I445a93e84dc54b865b757038d22318ac427fce96"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"aab50ccd_b3f897e3","line":28,"updated":"2023-10-18 10:44:43.000000000","message":"That makes me unhappy. Can we have the changes in an order so that existing builds do not get broken?","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"0a2e235153f224a7edaec3f01160abb8b1a2fe88","unresolved":true,"context_lines":[{"line_number":25,"context_line":"unsupported, but it\u0027s the latest long-term support release to still be"},{"line_number":26,"context_line":"released under the GPL."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"This commit breaks compatibility for mbed TLS version 2.x.y. A"},{"line_number":29,"context_line":"compatibility header will be added in a follow-up commit."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Change-Id: I445a93e84dc54b865b757038d22318ac427fce96"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"dd9f6001_8850e081","line":28,"in_reply_to":"aab50ccd_b3f897e3","updated":"2023-10-18 12:14:53.000000000","message":"Would you prefer to put the two commits together into one?\n\nI don\u0027t think reordering them makes sense, you\u0027d just end up with a file full of unused functions.","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":25,"context_line":"unsupported, but it\u0027s the latest long-term support release to still be"},{"line_number":26,"context_line":"released under the GPL."},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"This commit breaks compatibility for mbed TLS version 2.x.y. A"},{"line_number":29,"context_line":"compatibility header will be added in a follow-up commit."},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"Change-Id: I445a93e84dc54b865b757038d22318ac427fce96"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"1e1bd1ee_e11801b6","line":28,"in_reply_to":"dd9f6001_8850e081","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"fdfd9a6b_804aeb59","updated":"2023-10-18 10:44:43.000000000","message":"Lots of nitpicks, mostly","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"6c864e5bf597a11489904bb4c7d48b5487b52086","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"884ca0d0_b95eb61b","updated":"2023-10-18 10:45:38.000000000","message":"This fails currently in make check for me with 3.5.0:\n\n\n2023-10-18 10:44:16 OpenVPN 2.7_git [git:mbed3/ef7e9ab6f8de88a0+] x86_64-pc-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO] built on Oct 18 2023\n2023-10-18 10:44:16 library versions: mbed TLS 3.5.0, LZO 2.10\n2023-10-18 10:44:16 DCO version: N/A\n2023-10-18 10:44:16 OpenVPN 2.7_git [git:mbed3/ef7e9ab6f8de88a0+] x86_64-pc-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO] built on Oct 18 2023\n2023-10-18 10:44:16 Entering OpenVPN crypto self-test mode.\n2023-10-18 10:44:16 TESTING ENCRYPT/DECRYPT of packet length\u003d1\n2023-10-18 10:44:16 cipher_ctx_final:706: CIPHER - Bad input parameters\n2023-10-18 10:44:16 Assertion failed at ../../../openvpn-git/src/openvpn/crypto.c:239 (cipher_ctx_final(ctx-\u003ecipher, BEND(\u0026work), \u0026outlen))\n2023-10-18 10:44:16 Exiting due to fatal error\nTesting cipher AES-256-CBC...  FAIL (RC\u003d1)","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"7676efd3a3f93ac09f484400114f8c72c3cd360b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"4346f999_6ea5180d","updated":"2023-10-20 15:01:24.000000000","message":"Still some potential issues, but mostly good","commit_id":"3d1846f3aedfc315c98eb92c1616aa52d8f4bc74"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"4bd8472dd60412980ad50f28c92193e568f19445","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":7,"id":"4352496b_4bd9ba67","updated":"2023-10-27 15:41:53.000000000","message":"I just playing around with the patch and I noticed HAVE_EXPORT_KEYING_MATERIAL is no longer defined in mbed TLS 3.\n\nThis means that mbed TLS will fall back to using OpenVPN\u0027s custom TLS 1.0 style key generation of using MD5+SHA1 instead of TLS export for that feature. This lack of TLS export also disables dynamic tls-crypt feature as that also relies on that. I am fine with not having that in this patch but it should be noted in the README.mbedtls and maybe also be resolved in a follow up patch.","commit_id":"92c707ea8193369d0f65241256f5b79228cead2a"}],"src/openvpn/crypto_mbedtls.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":171,"context_line":"    {"},{"line_number":172,"context_line":"        const mbedtls_cipher_info_t *info \u003d mbedtls_cipher_info_from_type(*ciphers);"},{"line_number":173,"context_line":"        const char *name \u003d mbedtls_cipher_info_get_name(info);"},{"line_number":174,"context_line":"        if (info \u0026\u0026 name"},{"line_number":175,"context_line":"            \u0026\u0026 (cipher_kt_mode_aead(name) || cipher_kt_mode_cbc(name)))"},{"line_number":176,"context_line":"        {"},{"line_number":177,"context_line":"            print_cipher(name);"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"01666ef9_bb9a9c08","line":174,"updated":"2023-10-18 10:44:43.000000000","message":"why is the cipher_kt_insecure check missing here?","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"0a2e235153f224a7edaec3f01160abb8b1a2fe88","unresolved":true,"context_lines":[{"line_number":171,"context_line":"    {"},{"line_number":172,"context_line":"        const mbedtls_cipher_info_t *info \u003d mbedtls_cipher_info_from_type(*ciphers);"},{"line_number":173,"context_line":"        const char *name \u003d mbedtls_cipher_info_get_name(info);"},{"line_number":174,"context_line":"        if (info \u0026\u0026 name"},{"line_number":175,"context_line":"            \u0026\u0026 (cipher_kt_mode_aead(name) || cipher_kt_mode_cbc(name)))"},{"line_number":176,"context_line":"        {"},{"line_number":177,"context_line":"            print_cipher(name);"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"c741b867_3336d64e","line":174,"in_reply_to":"01666ef9_bb9a9c08","updated":"2023-10-18 12:14:53.000000000","message":"By accident. Thanks for catching this!","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":171,"context_line":"    {"},{"line_number":172,"context_line":"        const mbedtls_cipher_info_t *info \u003d mbedtls_cipher_info_from_type(*ciphers);"},{"line_number":173,"context_line":"        const char *name \u003d mbedtls_cipher_info_get_name(info);"},{"line_number":174,"context_line":"        if (info \u0026\u0026 name"},{"line_number":175,"context_line":"            \u0026\u0026 (cipher_kt_mode_aead(name) || cipher_kt_mode_cbc(name)))"},{"line_number":176,"context_line":"        {"},{"line_number":177,"context_line":"            print_cipher(name);"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"008f3995_73f1ae0c","line":174,"in_reply_to":"c741b867_3336d64e","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":420,"context_line":"        return false;"},{"line_number":421,"context_line":"    }"},{"line_number":422,"context_line":""},{"line_number":423,"context_line":"    int key_bytelen \u003d mbedtls_cipher_info_get_key_bitlen(cipher)/8;"},{"line_number":424,"context_line":"    if (key_bytelen \u003e MAX_CIPHER_KEY_LENGTH)"},{"line_number":425,"context_line":"    {"},{"line_number":426,"context_line":"        msg(D_LOW, \"Cipher algorithm \u0027%s\u0027 uses a default key size (%d bytes) \""}],"source_content_type":"text/x-csrc","patch_set":1,"id":"2aade4a0_473c3942","line":423,"updated":"2023-10-18 10:44:43.000000000","message":"That function seems to return size_t, so should change to correct type. Can probably mark this as const.","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":420,"context_line":"        return false;"},{"line_number":421,"context_line":"    }"},{"line_number":422,"context_line":""},{"line_number":423,"context_line":"    int key_bytelen \u003d mbedtls_cipher_info_get_key_bitlen(cipher)/8;"},{"line_number":424,"context_line":"    if (key_bytelen \u003e MAX_CIPHER_KEY_LENGTH)"},{"line_number":425,"context_line":"    {"},{"line_number":426,"context_line":"        msg(D_LOW, \"Cipher algorithm \u0027%s\u0027 uses a default key size (%d bytes) \""}],"source_content_type":"text/x-csrc","patch_set":1,"id":"66051a9c_642a1e63","line":423,"in_reply_to":"2aade4a0_473c3942","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":456,"context_line":"        return 0;"},{"line_number":457,"context_line":"    }"},{"line_number":458,"context_line":""},{"line_number":459,"context_line":"    return mbedtls_cipher_info_get_key_bitlen(cipher_kt)/8;"},{"line_number":460,"context_line":"}"},{"line_number":461,"context_line":""},{"line_number":462,"context_line":"int"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"92cbb001_0e886286","line":459,"updated":"2023-10-18 10:44:43.000000000","message":"returns size_t","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":456,"context_line":"        return 0;"},{"line_number":457,"context_line":"    }"},{"line_number":458,"context_line":""},{"line_number":459,"context_line":"    return mbedtls_cipher_info_get_key_bitlen(cipher_kt)/8;"},{"line_number":460,"context_line":"}"},{"line_number":461,"context_line":""},{"line_number":462,"context_line":"int"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"c10ad802_99af1817","line":459,"in_reply_to":"92cbb001_0e886286","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":468,"context_line":"    {"},{"line_number":469,"context_line":"        return 0;"},{"line_number":470,"context_line":"    }"},{"line_number":471,"context_line":"    return mbedtls_cipher_info_get_iv_size(cipher_kt);"},{"line_number":472,"context_line":"}"},{"line_number":473,"context_line":""},{"line_number":474,"context_line":"int"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"5c87ca0d_15ec38d9","line":471,"updated":"2023-10-18 10:44:43.000000000","message":"returns size_t","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":468,"context_line":"    {"},{"line_number":469,"context_line":"        return 0;"},{"line_number":470,"context_line":"    }"},{"line_number":471,"context_line":"    return mbedtls_cipher_info_get_iv_size(cipher_kt);"},{"line_number":472,"context_line":"}"},{"line_number":473,"context_line":""},{"line_number":474,"context_line":"int"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"be1a8941_5596cf61","line":471,"in_reply_to":"5c87ca0d_15ec38d9","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":479,"context_line":"    {"},{"line_number":480,"context_line":"        return 0;"},{"line_number":481,"context_line":"    }"},{"line_number":482,"context_line":"    return mbedtls_cipher_info_get_block_size(cipher_kt);"},{"line_number":483,"context_line":"}"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"int"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"8a8454de_c71c3294","line":482,"updated":"2023-10-18 10:44:43.000000000","message":"returns size_t","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":479,"context_line":"    {"},{"line_number":480,"context_line":"        return 0;"},{"line_number":481,"context_line":"    }"},{"line_number":482,"context_line":"    return mbedtls_cipher_info_get_block_size(cipher_kt);"},{"line_number":483,"context_line":"}"},{"line_number":484,"context_line":""},{"line_number":485,"context_line":"int"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"9ae7a2af_718cafbf","line":482,"in_reply_to":"8a8454de_c71c3294","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":572,"context_line":""},{"line_number":573,"context_line":"    const mbedtls_cipher_info_t *kt \u003d cipher_get(ciphername);"},{"line_number":574,"context_line":"    ASSERT(kt);"},{"line_number":575,"context_line":"    int key_len \u003d mbedtls_cipher_info_get_key_bitlen(kt)/8;"},{"line_number":576,"context_line":""},{"line_number":577,"context_line":"    if (!mbed_ok(mbedtls_cipher_setup(ctx, kt)))"},{"line_number":578,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"9ff5f0a4_2587b778","line":575,"updated":"2023-10-18 10:44:43.000000000","message":"returns size_t","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":572,"context_line":""},{"line_number":573,"context_line":"    const mbedtls_cipher_info_t *kt \u003d cipher_get(ciphername);"},{"line_number":574,"context_line":"    ASSERT(kt);"},{"line_number":575,"context_line":"    int key_len \u003d mbedtls_cipher_info_get_key_bitlen(kt)/8;"},{"line_number":576,"context_line":""},{"line_number":577,"context_line":"    if (!mbed_ok(mbedtls_cipher_setup(ctx, kt)))"},{"line_number":578,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"99ffebe4_f1f1bd12","line":575,"in_reply_to":"9ff5f0a4_2587b778","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":621,"context_line":"{"},{"line_number":622,"context_line":"    ASSERT(NULL !\u003d ctx);"},{"line_number":623,"context_line":""},{"line_number":624,"context_line":"    return mbedtls_cipher_get_cipher_mode(ctx);"},{"line_number":625,"context_line":"}"},{"line_number":626,"context_line":""},{"line_number":627,"context_line":"bool"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"64a7ebc5_376b0cd8","line":624,"updated":"2023-10-18 10:44:43.000000000","message":"returns mbedtls_cipher_mode_t","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":621,"context_line":"{"},{"line_number":622,"context_line":"    ASSERT(NULL !\u003d ctx);"},{"line_number":623,"context_line":""},{"line_number":624,"context_line":"    return mbedtls_cipher_get_cipher_mode(ctx);"},{"line_number":625,"context_line":"}"},{"line_number":626,"context_line":""},{"line_number":627,"context_line":"bool"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"caa37eb7_96175d1a","line":624,"in_reply_to":"64a7ebc5_376b0cd8","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":870,"context_line":"    {"},{"line_number":871,"context_line":"        return 0;"},{"line_number":872,"context_line":"    }"},{"line_number":873,"context_line":"    return mbedtls_md_get_size(mbedtls_md_info_from_ctx(ctx));"},{"line_number":874,"context_line":"}"},{"line_number":875,"context_line":""},{"line_number":876,"context_line":"void"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"a83a2860_08071efc","line":873,"updated":"2023-10-18 10:44:43.000000000","message":"returns unsigned char, but since this fits completely into int, this is fine.","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":870,"context_line":"    {"},{"line_number":871,"context_line":"        return 0;"},{"line_number":872,"context_line":"    }"},{"line_number":873,"context_line":"    return mbedtls_md_get_size(mbedtls_md_info_from_ctx(ctx));"},{"line_number":874,"context_line":"}"},{"line_number":875,"context_line":""},{"line_number":876,"context_line":"void"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"d4b69ec4_32c46882","line":873,"in_reply_to":"a83a2860_08071efc","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"2378e86effa0fdbd5943c5a0fe5965cacb3d587d","unresolved":true,"context_lines":[{"line_number":424,"context_line":"    const size_t key_bytelen \u003d mbedtls_cipher_info_get_key_bitlen(cipher)/8;"},{"line_number":425,"context_line":"    if (key_bytelen \u003e MAX_CIPHER_KEY_LENGTH)"},{"line_number":426,"context_line":"    {"},{"line_number":427,"context_line":"        msg(D_LOW, \"Cipher algorithm \u0027%s\u0027 uses a default key size (%lu bytes) \""},{"line_number":428,"context_line":"            \"which is larger than \" PACKAGE_NAME \"\u0027s current maximum key size \""},{"line_number":429,"context_line":"            \"(%d bytes)\", ciphername, key_bytelen, MAX_CIPHER_KEY_LENGTH);"},{"line_number":430,"context_line":"        *reason \u003d \"disabled due to key size too large\";"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"6f24cfb9_b8c9a6cf","line":427,"updated":"2023-10-18 17:16:45.000000000","message":"I think for size_t you should use %zu","commit_id":"6f6d018fe1aa59f11a7ae48f9a8012c6bfbc9e52"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"e59f5467ffb60df13e70cc097719bc3da6a12423","unresolved":false,"context_lines":[{"line_number":424,"context_line":"    const size_t key_bytelen \u003d mbedtls_cipher_info_get_key_bitlen(cipher)/8;"},{"line_number":425,"context_line":"    if (key_bytelen \u003e MAX_CIPHER_KEY_LENGTH)"},{"line_number":426,"context_line":"    {"},{"line_number":427,"context_line":"        msg(D_LOW, \"Cipher algorithm \u0027%s\u0027 uses a default key size (%lu bytes) \""},{"line_number":428,"context_line":"            \"which is larger than \" PACKAGE_NAME \"\u0027s current maximum key size \""},{"line_number":429,"context_line":"            \"(%d bytes)\", ciphername, key_bytelen, MAX_CIPHER_KEY_LENGTH);"},{"line_number":430,"context_line":"        *reason \u003d \"disabled due to key size too large\";"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"5bdca0dd_5c525556","line":427,"in_reply_to":"4e79d9a4_7b49f2b5","updated":"2023-10-19 17:24:27.000000000","message":"Done","commit_id":"6f6d018fe1aa59f11a7ae48f9a8012c6bfbc9e52"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"3b591ac8fee6e01f0524602f560c7435c37afeda","unresolved":true,"context_lines":[{"line_number":424,"context_line":"    const size_t key_bytelen \u003d mbedtls_cipher_info_get_key_bitlen(cipher)/8;"},{"line_number":425,"context_line":"    if (key_bytelen \u003e MAX_CIPHER_KEY_LENGTH)"},{"line_number":426,"context_line":"    {"},{"line_number":427,"context_line":"        msg(D_LOW, \"Cipher algorithm \u0027%s\u0027 uses a default key size (%lu bytes) \""},{"line_number":428,"context_line":"            \"which is larger than \" PACKAGE_NAME \"\u0027s current maximum key size \""},{"line_number":429,"context_line":"            \"(%d bytes)\", ciphername, key_bytelen, MAX_CIPHER_KEY_LENGTH);"},{"line_number":430,"context_line":"        *reason \u003d \"disabled due to key size too large\";"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"4e79d9a4_7b49f2b5","line":427,"in_reply_to":"6f24cfb9_b8c9a6cf","updated":"2023-10-18 17:22:38.000000000","message":"I learned something new today!","commit_id":"6f6d018fe1aa59f11a7ae48f9a8012c6bfbc9e52"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"7676efd3a3f93ac09f484400114f8c72c3cd360b","unresolved":true,"context_lines":[{"line_number":573,"context_line":""},{"line_number":574,"context_line":"    const mbedtls_cipher_info_t *kt \u003d cipher_get(ciphername);"},{"line_number":575,"context_line":"    ASSERT(kt);"},{"line_number":576,"context_line":"    size_t key_len \u003d mbedtls_cipher_info_get_key_bitlen(kt)/8;"},{"line_number":577,"context_line":""},{"line_number":578,"context_line":"    if (!mbed_ok(mbedtls_cipher_setup(ctx, kt)))"},{"line_number":579,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"70a97fed_b5c81c6d","line":576,"updated":"2023-10-20 15:01:24.000000000","message":"Hmm, you are aware that all usages in the function actually multiply the value by 8 again?","commit_id":"3d1846f3aedfc315c98eb92c1616aa52d8f4bc74"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"b095249d6041925a83c9685bef333bd232440b8f","unresolved":false,"context_lines":[{"line_number":573,"context_line":""},{"line_number":574,"context_line":"    const mbedtls_cipher_info_t *kt \u003d cipher_get(ciphername);"},{"line_number":575,"context_line":"    ASSERT(kt);"},{"line_number":576,"context_line":"    size_t key_len \u003d mbedtls_cipher_info_get_key_bitlen(kt)/8;"},{"line_number":577,"context_line":""},{"line_number":578,"context_line":"    if (!mbed_ok(mbedtls_cipher_setup(ctx, kt)))"},{"line_number":579,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"94bdc641_30c7f811","line":576,"in_reply_to":"70a97fed_b5c81c6d","updated":"2023-10-23 17:37:42.000000000","message":"Done","commit_id":"3d1846f3aedfc315c98eb92c1616aa52d8f4bc74"}],"src/openvpn/options.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":9046,"context_line":"#ifdef ENABLE_CRYPTO_MBEDTLS"},{"line_number":9047,"context_line":"        msg(msglevel, \"--ns-cert-type is not available with mbedtls.\");"},{"line_number":9048,"context_line":"        goto err;"},{"line_number":9049,"context_line":"#endif"},{"line_number":9050,"context_line":"        VERIFY_PERMISSION(OPT_P_GENERAL);"},{"line_number":9051,"context_line":"        if (streq(p[1], \"server\"))"},{"line_number":9052,"context_line":"        {"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"6090c0ad_d2519496","line":9049,"updated":"2023-10-18 10:44:43.000000000","message":"Please use #else here so that static analysis doesn\u0027t complain about unreachable code.","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":9046,"context_line":"#ifdef ENABLE_CRYPTO_MBEDTLS"},{"line_number":9047,"context_line":"        msg(msglevel, \"--ns-cert-type is not available with mbedtls.\");"},{"line_number":9048,"context_line":"        goto err;"},{"line_number":9049,"context_line":"#endif"},{"line_number":9050,"context_line":"        VERIFY_PERMISSION(OPT_P_GENERAL);"},{"line_number":9051,"context_line":"        if (streq(p[1], \"server\"))"},{"line_number":9052,"context_line":"        {"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"d0411b3f_dc08e26f","line":9049,"in_reply_to":"6090c0ad_d2519496","updated":"2023-10-18 17:02:51.000000000","message":"Done","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"}],"src/openvpn/ssl_mbedtls.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"1df1c41b6aaa6c199c9709cfdca746f795ecef0c","unresolved":true,"context_lines":[{"line_number":64,"context_line":" * Note: this change was backported to other mbedTLS branches, therefore we"},{"line_number":65,"context_line":" * rely on function detection at configure time."},{"line_number":66,"context_line":" */"},{"line_number":67,"context_line":"#ifndef HAVE_CTR_DRBG_UPDATE_RET"},{"line_number":68,"context_line":"static int"},{"line_number":69,"context_line":"mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,"},{"line_number":70,"context_line":"                            const unsigned char *additional,"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"c7cb421f_7d64647e","line":67,"updated":"2023-10-18 10:44:43.000000000","message":"Since you remove support for mbedtls \u003c 2.16, this code can be removed?","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"a985b88ad3ebb9ed4a2cc0154b8398d790f851ba","unresolved":false,"context_lines":[{"line_number":64,"context_line":" * Note: this change was backported to other mbedTLS branches, therefore we"},{"line_number":65,"context_line":" * rely on function detection at configure time."},{"line_number":66,"context_line":" */"},{"line_number":67,"context_line":"#ifndef HAVE_CTR_DRBG_UPDATE_RET"},{"line_number":68,"context_line":"static int"},{"line_number":69,"context_line":"mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,"},{"line_number":70,"context_line":"                            const unsigned char *additional,"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"3c48b929_e7bfd684","line":67,"in_reply_to":"19c9bb49_2cd87636","updated":"2023-10-18 17:02:51.000000000","message":"Actually, it can go, but I now need a different compatibility function...\n\nvery old mbedtls: ..._update() has no return value\nold mbedtls: ..._update() deprecated, ..._update_ret() has return value\ncurrent: ..._update() has return value, ..._update_ret() doesn\u0027t exist","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"faa8b1d4f4159c0bce8cc57d3ab481a96cef860a","unresolved":true,"context_lines":[{"line_number":64,"context_line":" * Note: this change was backported to other mbedTLS branches, therefore we"},{"line_number":65,"context_line":" * rely on function detection at configure time."},{"line_number":66,"context_line":" */"},{"line_number":67,"context_line":"#ifndef HAVE_CTR_DRBG_UPDATE_RET"},{"line_number":68,"context_line":"static int"},{"line_number":69,"context_line":"mbedtls_ctr_drbg_update_ret(mbedtls_ctr_drbg_context *ctx,"},{"line_number":70,"context_line":"                            const unsigned char *additional,"}],"source_content_type":"text/x-csrc","patch_set":1,"id":"19c9bb49_2cd87636","line":67,"in_reply_to":"c7cb421f_7d64647e","updated":"2023-10-18 12:18:50.000000000","message":"We discussed in the community meeting today that support for older versions still makes sense. For example, Ubuntu 20.04 is still on 2.16.4. I will move the function into mbedtls_compat.h though.","commit_id":"f2e1bec7076b9354b30ca53971501d08c280a3a8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"7676efd3a3f93ac09f484400114f8c72c3cd360b","unresolved":true,"context_lines":[{"line_number":50,"context_line":"#include \u003cmbedtls/error.h\u003e"},{"line_number":51,"context_line":"#include \u003cmbedtls/version.h\u003e"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"#include \u003cmbedtls/net_sockets.h\u003e"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"#include \u003cmbedtls/oid.h\u003e"},{"line_number":56,"context_line":"#include \u003cmbedtls/pem.h\u003e"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"31a92c09_578a756e","line":53,"updated":"2023-10-20 15:01:24.000000000","message":"Since you reverted the change that required \u003e 2.16, you need to revert this change as well, right?","commit_id":"3d1846f3aedfc315c98eb92c1616aa52d8f4bc74"},{"author":{"_account_id":1000030,"name":"MaxF","email":"max@max-fillinger.net","username":"MaxF"},"change_message_id":"b095249d6041925a83c9685bef333bd232440b8f","unresolved":false,"context_lines":[{"line_number":50,"context_line":"#include \u003cmbedtls/error.h\u003e"},{"line_number":51,"context_line":"#include \u003cmbedtls/version.h\u003e"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"#include \u003cmbedtls/net_sockets.h\u003e"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"#include \u003cmbedtls/oid.h\u003e"},{"line_number":56,"context_line":"#include \u003cmbedtls/pem.h\u003e"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"7b0de31c_fe69167a","line":53,"in_reply_to":"31a92c09_578a756e","updated":"2023-10-23 17:37:42.000000000","message":"Done","commit_id":"3d1846f3aedfc315c98eb92c1616aa52d8f4bc74"}]}