)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":24,"context_line":""},{"line_number":25,"context_line":"This introduces the 64bit packet counters for AEAD data channel"},{"line_number":26,"context_line":"ciphers in TLS mode ciphers. No effort has been made to support"},{"line_number":27,"context_line":"larger packet counters in any scenario since the other scenarios"},{"line_number":28,"context_line":"are all legacy."},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"While we still keep the old --secret logic around we use the same"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"9474d66b_41a49dc1","line":27,"updated":"2024-02-05 11:24:24.000000000","message":"Maybe nicer \"in any other scenario since those are all legacy\"","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":24,"context_line":""},{"line_number":25,"context_line":"This introduces the 64bit packet counters for AEAD data channel"},{"line_number":26,"context_line":"ciphers in TLS mode ciphers. No effort has been made to support"},{"line_number":27,"context_line":"larger packet counters in any scenario since the other scenarios"},{"line_number":28,"context_line":"are all legacy."},{"line_number":29,"context_line":""},{"line_number":30,"context_line":"While we still keep the old --secret logic around we use the same"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"ad2cfd5e_b853527e","line":27,"in_reply_to":"9474d66b_41a49dc1","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":35,"context_line":"and we get reordering all the older packets are thrown away since"},{"line_number":36,"context_line":"the distance between the packet before and after the rollover is"},{"line_number":37,"context_line":"quite large as we probably jump forward more than 1s (or more than"},{"line_number":38,"context_line":"2^32 packet ids) forward. But this is an obscure edge that we can"},{"line_number":39,"context_line":"(currently) live with."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"c459f6e9_1c6a2ee5","line":38,"updated":"2024-02-05 11:24:24.000000000","message":"remove second \"forward\"","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":35,"context_line":"and we get reordering all the older packets are thrown away since"},{"line_number":36,"context_line":"the distance between the packet before and after the rollover is"},{"line_number":37,"context_line":"quite large as we probably jump forward more than 1s (or more than"},{"line_number":38,"context_line":"2^32 packet ids) forward. But this is an obscure edge that we can"},{"line_number":39,"context_line":"(currently) live with."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"d0565850_8921e027","line":38,"in_reply_to":"c459f6e9_1c6a2ee5","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":38,"context_line":"2^32 packet ids) forward. But this is an obscure edge that we can"},{"line_number":39,"context_line":"(currently) live with."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"e22305ad_aea02a52","line":41,"updated":"2024-02-05 11:24:24.000000000","message":"Missing sign-off","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":38,"context_line":"2^32 packet ids) forward. But this is an obscure edge that we can"},{"line_number":39,"context_line":"(currently) live with."},{"line_number":40,"context_line":""},{"line_number":41,"context_line":"Change-Id: I01e258e97351b5aa4b9e561f5b35ddc2318569e2"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"f6f357ad_2afeb6e6","line":41,"in_reply_to":"e22305ad_aea02a52","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"ebf5c3f7_18095d58","updated":"2024-02-05 11:24:24.000000000","message":"Didn\u0027t get through the whole change, yet, but since I accumulated already a sizeable number of comments, here they are...","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"767e9b2e_47094312","updated":"2024-02-05 12:24:14.000000000","message":"Some more comments now that I understand the code a bit better","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2c029016a94bf3343252beb6176492f9476884e2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"627fff7b_39f08c33","updated":"2024-03-18 15:54:38.000000000","message":"DCO check is broken. Otherwise mostly documentation/comment nitpicks.","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"777b1cca3866df557e69b1502fd38a953eb3d107","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"efebb0cc_14b510c1","updated":"2024-03-27 11:33:34.000000000","message":"Looks good to me, but probably others should also review before we go ahead with this","commit_id":"02e1b85d154cfa1df26a90630b6b3c878a5e5813"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"cf4730cbd4045d3e00ea746459a6d12e7af5da9a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"45b0a0b7_3060dada","updated":"2024-04-30 11:34:53.000000000","message":"All t_client tests fail with this change. Need to investigate that first.","commit_id":"abe84c874af420b99da24f404a13c5d755cae006"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"7fa36718c520745470ce6c1d3f1498653aad19df","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"a49a9f9a_758f7043","updated":"2024-07-31 14:12:10.000000000","message":"A few minor comments, otherwise LGTM","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"94499b8414be63ec606baae4f7ee7d19e1f8232e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"33a43ac1_29a931ca","updated":"2024-08-13 10:53:31.000000000","message":"GHA failures, such as:\n\ntest_ssl.c:390:1: error: function declaration isn’t a prototype [-Werror\u003dstrict-prototypes]\n  390 | create_key()\n  \nalso many from clang-asan.","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"47a24fd9ce93c7946ce8b12dcfda7f71c5fafa39","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"93c6858c_2ac2fbb7","updated":"2024-08-13 10:53:54.000000000","message":"Link to GHA failures:\n\nhttps://github.com/lstipakov/openvpn/actions/runs/10368312973/job/28701630904","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"9de7f1bef3c4873f2d8b6d99bf96de1f79549636","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"9e7590a1_0777b63a","in_reply_to":"33a43ac1_29a931ca","updated":"2024-08-13 11:23:03.000000000","message":"the create_key is solved, however I cannot reproduce the clang asan errors in my GHA (https://github.com/schwabe/openvpn/actions/runs/10368459816/job/28702114044)","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"6161dbfd93b975bb9c043048e3ebe58749220542","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"8db578ed_6e50268e","updated":"2024-08-13 11:46:01.000000000","message":"Tested with dco-win data_v3 client implementation, looks good,","commit_id":"32c2ab49129110e379ffc600f3ee77d7f02e2f04"}],"src/openvpn/crypto.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":true,"context_lines":[{"line_number":394,"context_line":"    {"},{"line_number":395,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"},{"line_number":396,"context_line":"        const int iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher);"},{"line_number":397,"context_line":"        const size_t packet_iv_len \u003d iv_len - ctx-\u003eimplicit_iv_len;"},{"line_number":398,"context_line":""},{"line_number":399,"context_line":"        ASSERT(ctx-\u003eimplicit_iv_len \u003c\u003d iv_len);"},{"line_number":400,"context_line":"        if (buf-\u003elen + ctx-\u003eimplicit_iv_len \u003c iv_len)"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"373e1697_ed598058","line":397,"updated":"2024-02-05 12:24:14.000000000","message":"So implicit_iv_len also depends on the longiv flag, but that relationship is hidden in a completely separate part of the code? IMHO that is very confusing. Wouldn\u0027t it be easier if we just fill the implicit_iv fully always and check how much of it to use here? It think that would make the code simpler and easier to understand.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":394,"context_line":"    {"},{"line_number":395,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"},{"line_number":396,"context_line":"        const int iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher);"},{"line_number":397,"context_line":"        const size_t packet_iv_len \u003d iv_len - ctx-\u003eimplicit_iv_len;"},{"line_number":398,"context_line":""},{"line_number":399,"context_line":"        ASSERT(ctx-\u003eimplicit_iv_len \u003c\u003d iv_len);"},{"line_number":400,"context_line":"        if (buf-\u003elen + ctx-\u003eimplicit_iv_len \u003c iv_len)"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"7b8ef00b_afc620f9","line":397,"in_reply_to":"373e1697_ed598058","updated":"2024-02-09 14:52:54.000000000","message":"Well we also only store the part of the IV that is needed for filling it to the required 12 bytes. So with short IV we store 8 bytes here and with long IV 4 bytes.\n\nI can look into refactoring this or at least writing a better comment.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2c029016a94bf3343252beb6176492f9476884e2","unresolved":true,"context_lines":[{"line_number":390,"context_line":""},{"line_number":391,"context_line":"    bool longiv \u003d opt-\u003eflags \u0026 CO_64_BIT_PKT_ID;"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"    /* Combine IV from explicit part from packet and implicit part from context,"},{"line_number":394,"context_line":"     * the length of the implicit length is initialised when the implicit is"},{"line_number":395,"context_line":"     * initialised in init_key_contexts when keys are initialised as well */"},{"line_number":396,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"aaac8918_9f1ed366","line":393,"updated":"2024-03-18 15:54:38.000000000","message":"End on \".\", not \",\"","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"f427ec580313da27acf6e5ce6710f6beba3c906f","unresolved":false,"context_lines":[{"line_number":390,"context_line":""},{"line_number":391,"context_line":"    bool longiv \u003d opt-\u003eflags \u0026 CO_64_BIT_PKT_ID;"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"    /* Combine IV from explicit part from packet and implicit part from context,"},{"line_number":394,"context_line":"     * the length of the implicit length is initialised when the implicit is"},{"line_number":395,"context_line":"     * initialised in init_key_contexts when keys are initialised as well */"},{"line_number":396,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"5002c984_e4c79e7d","line":393,"in_reply_to":"aaac8918_9f1ed366","updated":"2024-03-27 10:40:22.000000000","message":"Done","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2c029016a94bf3343252beb6176492f9476884e2","unresolved":true,"context_lines":[{"line_number":391,"context_line":"    bool longiv \u003d opt-\u003eflags \u0026 CO_64_BIT_PKT_ID;"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"    /* Combine IV from explicit part from packet and implicit part from context,"},{"line_number":394,"context_line":"     * the length of the implicit length is initialised when the implicit is"},{"line_number":395,"context_line":"     * initialised in init_key_contexts when keys are initialised as well */"},{"line_number":396,"context_line":"    {"},{"line_number":397,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"fa740d6c_61efdac1","line":394,"updated":"2024-03-18 15:54:38.000000000","message":"That sentence is very unwieldy. Maybe: \"implicit_iv and implicit_iv_len are initialised in init_key_contexts together with the keys\".","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"f427ec580313da27acf6e5ce6710f6beba3c906f","unresolved":false,"context_lines":[{"line_number":391,"context_line":"    bool longiv \u003d opt-\u003eflags \u0026 CO_64_BIT_PKT_ID;"},{"line_number":392,"context_line":""},{"line_number":393,"context_line":"    /* Combine IV from explicit part from packet and implicit part from context,"},{"line_number":394,"context_line":"     * the length of the implicit length is initialised when the implicit is"},{"line_number":395,"context_line":"     * initialised in init_key_contexts when keys are initialised as well */"},{"line_number":396,"context_line":"    {"},{"line_number":397,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"7c48e081_1bd56f08","line":394,"in_reply_to":"fa740d6c_61efdac1","updated":"2024-03-27 10:40:22.000000000","message":"Done","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"7fa36718c520745470ce6c1d3f1498653aad19df","unresolved":true,"context_lines":[{"line_number":361,"context_line":" * authenticated data and therefore has no ad_len parameter"},{"line_number":362,"context_line":" */"},{"line_number":363,"context_line":"static bool"},{"line_number":364,"context_line":"openvpn_decrypt_aead(struct buffer *buf, struct buffer work,"},{"line_number":365,"context_line":"                     struct crypto_options *opt, const struct frame *frame,"},{"line_number":366,"context_line":"                     const uint8_t *ad_start)"},{"line_number":367,"context_line":"{"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"057e647e_235cce26","line":364,"updated":"2024-07-31 14:12:10.000000000","message":"Is it so that for DATA_V1:\n\n  ad_start points to packet_id\n  \nand for DATA_V2:\n\n  ad_start points to opcode/peer-id\n  \n?","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e61fc92bea2b08e83cc357766cc31a27683e6fc8","unresolved":false,"context_lines":[{"line_number":361,"context_line":" * authenticated data and therefore has no ad_len parameter"},{"line_number":362,"context_line":" */"},{"line_number":363,"context_line":"static bool"},{"line_number":364,"context_line":"openvpn_decrypt_aead(struct buffer *buf, struct buffer work,"},{"line_number":365,"context_line":"                     struct crypto_options *opt, const struct frame *frame,"},{"line_number":366,"context_line":"                     const uint8_t *ad_start)"},{"line_number":367,"context_line":"{"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"339be4fb_e4a7dcd8","line":364,"in_reply_to":"057e647e_235cce26","updated":"2024-08-01 12:12:34.000000000","message":"yes. But that has been always the case.","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"}],"src/openvpn/crypto.h":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":284,"context_line":"     *   packet."},{"line_number":285,"context_line":"     */"},{"line_number":286,"context_line":"#define CO_64_BIT_PKT_ID  (1\u003c\u003c9)"},{"line_number":287,"context_line":"    /**\u003c Bit-flag indicating that we should use a 64 bit (8 byte) packet"},{"line_number":288,"context_line":"     * counter instead of the 32 bit that we normally use."},{"line_number":289,"context_line":"     */"},{"line_number":290,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":2,"id":"f5a0f5fa_c7d56d07","line":287,"updated":"2024-02-05 11:24:24.000000000","message":"This needs WAY more explanation. What is the difference between CO_PACKET_ID_LONG_FORM and this? CO_PACKET_ID_LONG_FORM is only for non-AEAD data packets and this is only for AEAD packets, right? I think this should be mentioned here.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":284,"context_line":"     *   packet."},{"line_number":285,"context_line":"     */"},{"line_number":286,"context_line":"#define CO_64_BIT_PKT_ID  (1\u003c\u003c9)"},{"line_number":287,"context_line":"    /**\u003c Bit-flag indicating that we should use a 64 bit (8 byte) packet"},{"line_number":288,"context_line":"     * counter instead of the 32 bit that we normally use."},{"line_number":289,"context_line":"     */"},{"line_number":290,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":2,"id":"aee34092_a4a37691","line":287,"in_reply_to":"f5a0f5fa_c7d56d07","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":285,"context_line":"     */"},{"line_number":286,"context_line":"#define CO_64_BIT_PKT_ID  (1\u003c\u003c9)"},{"line_number":287,"context_line":"    /**\u003c Bit-flag indicating that we should use a 64 bit (8 byte) packet"},{"line_number":288,"context_line":"     * counter instead of the 32 bit that we normally use."},{"line_number":289,"context_line":"     */"},{"line_number":290,"context_line":""},{"line_number":291,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":2,"id":"44aff7d2_675e1cf8","line":288,"updated":"2024-02-05 11:24:24.000000000","message":"\"normally use\" -\u003e \"use by default\". 32bit will remain the default, but hopefully not the norm.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":285,"context_line":"     */"},{"line_number":286,"context_line":"#define CO_64_BIT_PKT_ID  (1\u003c\u003c9)"},{"line_number":287,"context_line":"    /**\u003c Bit-flag indicating that we should use a 64 bit (8 byte) packet"},{"line_number":288,"context_line":"     * counter instead of the 32 bit that we normally use."},{"line_number":289,"context_line":"     */"},{"line_number":290,"context_line":""},{"line_number":291,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":2,"id":"7ba9075c_7f276f76","line":288,"in_reply_to":"44aff7d2_675e1cf8","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2c029016a94bf3343252beb6176492f9476884e2","unresolved":true,"context_lines":[{"line_number":289,"context_line":"    /**\u003c Bit-flag indicating that we should use a 64 bit (8 byte) packet"},{"line_number":290,"context_line":"     * counter instead of the 32 bit that we use by default. The difference to"},{"line_number":291,"context_line":"     * the normal CO_PACKET_ID_LONG_FORM packet ID is that this a real 64 bit"},{"line_number":292,"context_line":"     * big ending number in the wire format."},{"line_number":293,"context_line":"     *"},{"line_number":294,"context_line":"     * This is only used for AEAD encryption. Other encryption (--static,"},{"line_number":295,"context_line":"     * --tls-crypt, --tls-auth,...) uses the old format for compatibility"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"425de6c1_e1212b4d","line":292,"updated":"2024-03-18 15:54:38.000000000","message":"\"endian\"?","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"f427ec580313da27acf6e5ce6710f6beba3c906f","unresolved":false,"context_lines":[{"line_number":289,"context_line":"    /**\u003c Bit-flag indicating that we should use a 64 bit (8 byte) packet"},{"line_number":290,"context_line":"     * counter instead of the 32 bit that we use by default. The difference to"},{"line_number":291,"context_line":"     * the normal CO_PACKET_ID_LONG_FORM packet ID is that this a real 64 bit"},{"line_number":292,"context_line":"     * big ending number in the wire format."},{"line_number":293,"context_line":"     *"},{"line_number":294,"context_line":"     * This is only used for AEAD encryption. Other encryption (--static,"},{"line_number":295,"context_line":"     * --tls-crypt, --tls-auth,...) uses the old format for compatibility"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"f254a2ce_f57578ee","line":292,"in_reply_to":"425de6c1_e1212b4d","updated":"2024-03-27 10:40:22.000000000","message":"Acknowledged","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"}],"src/openvpn/dco.h":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2c029016a94bf3343252beb6176492f9476884e2","unresolved":true,"context_lines":[{"line_number":250,"context_line":"const char *dco_get_supported_ciphers();"},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"/**"},{"line_number":253,"context_line":" * Return if the dco implementation supports the new protocol features of"},{"line_number":254,"context_line":" * a 64 bit packet counter and AEAD tag at the end."},{"line_number":255,"context_line":" */"},{"line_number":256,"context_line":"static inline bool"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"fe17f58d_4c954e37","line":253,"updated":"2024-03-18 15:54:38.000000000","message":"\"if\" -\u003e \"whether\"","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"f427ec580313da27acf6e5ce6710f6beba3c906f","unresolved":false,"context_lines":[{"line_number":250,"context_line":"const char *dco_get_supported_ciphers();"},{"line_number":251,"context_line":""},{"line_number":252,"context_line":"/**"},{"line_number":253,"context_line":" * Return if the dco implementation supports the new protocol features of"},{"line_number":254,"context_line":" * a 64 bit packet counter and AEAD tag at the end."},{"line_number":255,"context_line":" */"},{"line_number":256,"context_line":"static inline bool"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"2852f4e6_e5ca91be","line":253,"in_reply_to":"fe17f58d_4c954e37","updated":"2024-03-27 10:40:22.000000000","message":"Done","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"}],"src/openvpn/init.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":true,"context_lines":[{"line_number":3301,"context_line":"        to.push_peer_info_detail \u003d 1;"},{"line_number":3302,"context_line":"    }"},{"line_number":3303,"context_line":""},{"line_number":3304,"context_line":"    /* Check if the DCO drivers support the new 64bit packet counter and"},{"line_number":3305,"context_line":"     * AEAD tag at the end */"},{"line_number":3306,"context_line":"    if (dco_enabled(options))"},{"line_number":3307,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"db73a5bd_f5a88cfb","line":3304,"updated":"2024-02-05 12:24:14.000000000","message":"missing \"TODO\"? Currently we do not seem to check this but just assume that DCO doesn\u0027t support it?","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":3301,"context_line":"        to.push_peer_info_detail \u003d 1;"},{"line_number":3302,"context_line":"    }"},{"line_number":3303,"context_line":""},{"line_number":3304,"context_line":"    /* Check if the DCO drivers support the new 64bit packet counter and"},{"line_number":3305,"context_line":"     * AEAD tag at the end */"},{"line_number":3306,"context_line":"    if (dco_enabled(options))"},{"line_number":3307,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"2a9600b7_98e09add","line":3304,"in_reply_to":"db73a5bd_f5a88cfb","updated":"2024-02-09 14:52:54.000000000","message":"Yes. There is currently no DCO implementation that has this feature as this PR just adds the feature. But I will will add a stub method that always returns false instead.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2c029016a94bf3343252beb6176492f9476884e2","unresolved":true,"context_lines":[{"line_number":3305,"context_line":"     * AEAD tag at the end */"},{"line_number":3306,"context_line":"    if (dco_enabled(options) \u0026\u0026 dco_supports_data_v3(c))"},{"line_number":3307,"context_line":"    {"},{"line_number":3308,"context_line":"        to.data_v3_features_supported \u003d false;"},{"line_number":3309,"context_line":"    }"},{"line_number":3310,"context_line":"    else"},{"line_number":3311,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"60255894_aea373fc","line":3308,"updated":"2024-03-18 15:54:38.000000000","message":"I think you mean \"to.data_v3_features_supported \u003d dco_supports_data_v3(c)\" ?","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"f427ec580313da27acf6e5ce6710f6beba3c906f","unresolved":false,"context_lines":[{"line_number":3305,"context_line":"     * AEAD tag at the end */"},{"line_number":3306,"context_line":"    if (dco_enabled(options) \u0026\u0026 dco_supports_data_v3(c))"},{"line_number":3307,"context_line":"    {"},{"line_number":3308,"context_line":"        to.data_v3_features_supported \u003d false;"},{"line_number":3309,"context_line":"    }"},{"line_number":3310,"context_line":"    else"},{"line_number":3311,"context_line":"    {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"7d199642_142d7abf","line":3308,"in_reply_to":"60255894_aea373fc","updated":"2024-03-27 10:40:22.000000000","message":"Acknowledged","commit_id":"4ab329ee98901c6352335913d3b994c95ed0deba"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"7fa36718c520745470ce6c1d3f1498653aad19df","unresolved":true,"context_lines":[{"line_number":2693,"context_line":"            return false;"},{"line_number":2694,"context_line":"        }"},{"line_number":2695,"context_line":""},{"line_number":2696,"context_line":"        /* Ensure that for proto v3 is enabled fully or not at all */"},{"line_number":2697,"context_line":"        bool aead_end \u003d (c-\u003eoptions.imported_protocol_flags \u0026 CO_AEAD_TAG_AT_THE_END);"},{"line_number":2698,"context_line":"        bool longpktiud \u003d (c-\u003eoptions.imported_protocol_flags \u0026 CO_64_BIT_PKT_ID);"},{"line_number":2699,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":6,"id":"68137a62_4480a3d5","line":2696,"updated":"2024-07-31 14:12:10.000000000","message":"Ensure that both aead_tag_end and long_pkt_id are enabled for DATA_V3 ?","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"315b8f43f024a49698f8cc8543bf918566ee5974","unresolved":false,"context_lines":[{"line_number":2693,"context_line":"            return false;"},{"line_number":2694,"context_line":"        }"},{"line_number":2695,"context_line":""},{"line_number":2696,"context_line":"        /* Ensure that for proto v3 is enabled fully or not at all */"},{"line_number":2697,"context_line":"        bool aead_end \u003d (c-\u003eoptions.imported_protocol_flags \u0026 CO_AEAD_TAG_AT_THE_END);"},{"line_number":2698,"context_line":"        bool longpktiud \u003d (c-\u003eoptions.imported_protocol_flags \u0026 CO_64_BIT_PKT_ID);"},{"line_number":2699,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":6,"id":"109f8bbf_34e87541","line":2696,"in_reply_to":"68137a62_4480a3d5","updated":"2024-09-10 10:05:39.000000000","message":"Done","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"a0a9ebc3640d5fb13af29e85fb645f469a94320e","unresolved":true,"context_lines":[{"line_number":2699,"context_line":""},{"line_number":2700,"context_line":"        if (aead_end !\u003d longpktiud)"},{"line_number":2701,"context_line":"        {"},{"line_number":2702,"context_line":"            msg(D_PUSH_ERRORS, \"OPTIONS ERROR: Aead tag at the end and 64 bit\""},{"line_number":2703,"context_line":"                \"packet counter must be enabled together.\");"},{"line_number":2704,"context_line":"            return false;"},{"line_number":2705,"context_line":"        }"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"0ded24fc_f7a6d46d","line":2702,"updated":"2024-08-01 11:57:59.000000000","message":"missing space after \"bit\"","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"315b8f43f024a49698f8cc8543bf918566ee5974","unresolved":false,"context_lines":[{"line_number":2699,"context_line":""},{"line_number":2700,"context_line":"        if (aead_end !\u003d longpktiud)"},{"line_number":2701,"context_line":"        {"},{"line_number":2702,"context_line":"            msg(D_PUSH_ERRORS, \"OPTIONS ERROR: Aead tag at the end and 64 bit\""},{"line_number":2703,"context_line":"                \"packet counter must be enabled together.\");"},{"line_number":2704,"context_line":"            return false;"},{"line_number":2705,"context_line":"        }"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"d9907f20_32a208a8","line":2702,"in_reply_to":"0ded24fc_f7a6d46d","updated":"2024-09-10 10:05:39.000000000","message":"Done","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"}],"src/openvpn/packet_id.h":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":247,"context_line":"bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form);"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"/**"},{"line_number":250,"context_line":" * Variant of packet_id_read that expect the timestamp first and packet"},{"line_number":251,"context_line":" * counter after that to form a flat 64bit counter on the wire."},{"line_number":252,"context_line":" *"},{"line_number":253,"context_line":" */"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"586075bf_d6c272af","line":250,"updated":"2024-02-05 11:24:24.000000000","message":"\"expects\"","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":247,"context_line":"bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form);"},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"/**"},{"line_number":250,"context_line":" * Variant of packet_id_read that expect the timestamp first and packet"},{"line_number":251,"context_line":" * counter after that to form a flat 64bit counter on the wire."},{"line_number":252,"context_line":" *"},{"line_number":253,"context_line":" */"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"fb5fb5ef_e3ecee08","line":250,"in_reply_to":"586075bf_d6c272af","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":270,"context_line":""},{"line_number":271,"context_line":"/**"},{"line_number":272,"context_line":" * Write a packet ID to buf, and update the packet ID state. This variant"},{"line_number":273,"context_line":" * will always use a variant of the packet id that can just be seens as"},{"line_number":274,"context_line":" * a flat 64 bit counter"},{"line_number":275,"context_line":" *"},{"line_number":276,"context_line":" * @param p             Packet ID state."}],"source_content_type":"text/x-csrc","patch_set":2,"id":"01116f80_49cacdec","line":273,"updated":"2024-02-05 11:24:24.000000000","message":"\"seen\"","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":270,"context_line":""},{"line_number":271,"context_line":"/**"},{"line_number":272,"context_line":" * Write a packet ID to buf, and update the packet ID state. This variant"},{"line_number":273,"context_line":" * will always use a variant of the packet id that can just be seens as"},{"line_number":274,"context_line":" * a flat 64 bit counter"},{"line_number":275,"context_line":" *"},{"line_number":276,"context_line":" * @param p             Packet ID state."}],"source_content_type":"text/x-csrc","patch_set":2,"id":"b56f9064_b92507d0","line":273,"in_reply_to":"01116f80_49cacdec","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":271,"context_line":"/**"},{"line_number":272,"context_line":" * Write a packet ID to buf, and update the packet ID state. This variant"},{"line_number":273,"context_line":" * will always use a variant of the packet id that can just be seens as"},{"line_number":274,"context_line":" * a flat 64 bit counter"},{"line_number":275,"context_line":" *"},{"line_number":276,"context_line":" * @param p             Packet ID state."},{"line_number":277,"context_line":" * @param buf           Buffer to write the packet ID too"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"27267e93_2e924d4c","line":274,"updated":"2024-02-05 11:24:24.000000000","message":"add full stop at the end","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":271,"context_line":"/**"},{"line_number":272,"context_line":" * Write a packet ID to buf, and update the packet ID state. This variant"},{"line_number":273,"context_line":" * will always use a variant of the packet id that can just be seens as"},{"line_number":274,"context_line":" * a flat 64 bit counter"},{"line_number":275,"context_line":" *"},{"line_number":276,"context_line":" * @param p             Packet ID state."},{"line_number":277,"context_line":" * @param buf           Buffer to write the packet ID too"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"6a732452_444cd0be","line":274,"in_reply_to":"27267e93_2e924d4c","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":274,"context_line":" * a flat 64 bit counter"},{"line_number":275,"context_line":" *"},{"line_number":276,"context_line":" * @param p             Packet ID state."},{"line_number":277,"context_line":" * @param buf           Buffer to write the packet ID too"},{"line_number":278,"context_line":" * @param long_form     If true, also update and write time_t to buf"},{"line_number":279,"context_line":" * @param prepend       If true, prepend to buffer, otherwise append."},{"line_number":280,"context_line":" *"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"a6ddc660_5b3f2b5e","line":277,"updated":"2024-02-05 11:24:24.000000000","message":"\"too\" -\u003e \"to\"","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":274,"context_line":" * a flat 64 bit counter"},{"line_number":275,"context_line":" *"},{"line_number":276,"context_line":" * @param p             Packet ID state."},{"line_number":277,"context_line":" * @param buf           Buffer to write the packet ID too"},{"line_number":278,"context_line":" * @param long_form     If true, also update and write time_t to buf"},{"line_number":279,"context_line":" * @param prepend       If true, prepend to buffer, otherwise append."},{"line_number":280,"context_line":" *"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"e88332e1_f6640f30","line":277,"in_reply_to":"a6ddc660_5b3f2b5e","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"8cdf8c81e5231b2f99d61634dae9cddcae74e945","unresolved":true,"context_lines":[{"line_number":276,"context_line":" * @param p             Packet ID state."},{"line_number":277,"context_line":" * @param buf           Buffer to write the packet ID too"},{"line_number":278,"context_line":" * @param long_form     If true, also update and write time_t to buf"},{"line_number":279,"context_line":" * @param prepend       If true, prepend to buffer, otherwise append."},{"line_number":280,"context_line":" *"},{"line_number":281,"context_line":" * @return true if successful, false otherwise."},{"line_number":282,"context_line":" */"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"42ac15af_a6087522","line":279,"updated":"2024-02-05 11:24:24.000000000","message":"prepend parameter does not exist in this variant. Why is that? Is CO_AEAD_TAG_AT_THE_END now always true?","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":true,"context_lines":[{"line_number":276,"context_line":" * @param p             Packet ID state."},{"line_number":277,"context_line":" * @param buf           Buffer to write the packet ID too"},{"line_number":278,"context_line":" * @param long_form     If true, also update and write time_t to buf"},{"line_number":279,"context_line":" * @param prepend       If true, prepend to buffer, otherwise append."},{"line_number":280,"context_line":" *"},{"line_number":281,"context_line":" * @return true if successful, false otherwise."},{"line_number":282,"context_line":" */"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"9644908d_23b0dda7","line":279,"in_reply_to":"42ac15af_a6087522","updated":"2024-02-05 12:24:14.000000000","message":"Sorry, confusing two different things here. It does not exist because it would be always false anyway in the places where this is used. Still needs to be removed from documentation, though.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":276,"context_line":" * @param p             Packet ID state."},{"line_number":277,"context_line":" * @param buf           Buffer to write the packet ID too"},{"line_number":278,"context_line":" * @param long_form     If true, also update and write time_t to buf"},{"line_number":279,"context_line":" * @param prepend       If true, prepend to buffer, otherwise append."},{"line_number":280,"context_line":" *"},{"line_number":281,"context_line":" * @return true if successful, false otherwise."},{"line_number":282,"context_line":" */"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"70329f6b_bb92daa0","line":279,"in_reply_to":"9644908d_23b0dda7","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"}],"src/openvpn/ssl.c":[{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"7fa36718c520745470ce6c1d3f1498653aad19df","unresolved":true,"context_lines":[{"line_number":1525,"context_line":"    {"},{"line_number":1526,"context_line":"        size_t impl_iv_len \u003d 0;"},{"line_number":1527,"context_line":"        ASSERT(cipher_ctx_iv_length(ctx-\u003ecipher) \u003e\u003d OPENVPN_AEAD_MIN_IV_LEN);"},{"line_number":1528,"context_line":"        impl_iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher) - packet_id_size(longiv);"},{"line_number":1529,"context_line":"        ASSERT(impl_iv_len \u003c\u003d OPENVPN_MAX_IV_LENGTH);"},{"line_number":1530,"context_line":"        ASSERT(impl_iv_len \u003c\u003d key_len);"},{"line_number":1531,"context_line":"        memcpy(ctx-\u003eimplicit_iv, key, impl_iv_len);"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"758ca11c_70a5b728","line":1528,"updated":"2024-07-31 14:12:10.000000000","message":"why not move declaration of impl_iv_len here?","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"315b8f43f024a49698f8cc8543bf918566ee5974","unresolved":false,"context_lines":[{"line_number":1525,"context_line":"    {"},{"line_number":1526,"context_line":"        size_t impl_iv_len \u003d 0;"},{"line_number":1527,"context_line":"        ASSERT(cipher_ctx_iv_length(ctx-\u003ecipher) \u003e\u003d OPENVPN_AEAD_MIN_IV_LEN);"},{"line_number":1528,"context_line":"        impl_iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher) - packet_id_size(longiv);"},{"line_number":1529,"context_line":"        ASSERT(impl_iv_len \u003c\u003d OPENVPN_MAX_IV_LENGTH);"},{"line_number":1530,"context_line":"        ASSERT(impl_iv_len \u003c\u003d key_len);"},{"line_number":1531,"context_line":"        memcpy(ctx-\u003eimplicit_iv, key, impl_iv_len);"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"8de88348_c0036eed","line":1528,"in_reply_to":"758ca11c_70a5b728","updated":"2024-09-10 10:05:39.000000000","message":"Done","commit_id":"a6d5d57c74652ce4886fc33f7fd97b908d9a78d8"}],"src/openvpn/ssl_common.h":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":true,"context_lines":[{"line_number":360,"context_line":"    const char *config_ciphername;"},{"line_number":361,"context_line":"    const char *config_ncp_ciphers;"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"    bool data_v3_features_supported; /**\u003c dco supports new data channel features */"},{"line_number":364,"context_line":""},{"line_number":365,"context_line":"    bool tls_crypt_v2;"},{"line_number":366,"context_line":"    const char *tls_crypt_v2_verify_script;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"612bae7e_d66dfc56","line":363,"updated":"2024-02-05 12:24:14.000000000","message":"Why DCO? Doesn\u0027t the non-DCO code also support the features?","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":360,"context_line":"    const char *config_ciphername;"},{"line_number":361,"context_line":"    const char *config_ncp_ciphers;"},{"line_number":362,"context_line":""},{"line_number":363,"context_line":"    bool data_v3_features_supported; /**\u003c dco supports new data channel features */"},{"line_number":364,"context_line":""},{"line_number":365,"context_line":"    bool tls_crypt_v2;"},{"line_number":366,"context_line":"    const char *tls_crypt_v2_verify_script;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"87fa0aeb_65109819","line":363,"in_reply_to":"612bae7e_d66dfc56","updated":"2024-02-09 14:52:54.000000000","message":"Clarified the doxygen comment","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"7fa36718c520745470ce6c1d3f1498653aad19df","unresolved":true,"context_lines":[{"line_number":311,"context_line":""},{"line_number":312,"context_line":"    /* from command line */"},{"line_number":313,"context_line":"    bool single_session;"},{"line_number":314,"context_line":"    bool disable_occ;"},{"line_number":315,"context_line":"    int mode;"},{"line_number":316,"context_line":"    bool pull;"},{"line_number":317,"context_line":"    /**"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"e1373829_32fe9ec0","side":"PARENT","line":314,"updated":"2024-07-31 14:12:10.000000000","message":"this looks like an unrelated change","commit_id":"e14e38d3e7d9bf8c056dc66a558a7f45db7567f8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e61fc92bea2b08e83cc357766cc31a27683e6fc8","unresolved":true,"context_lines":[{"line_number":311,"context_line":""},{"line_number":312,"context_line":"    /* from command line */"},{"line_number":313,"context_line":"    bool single_session;"},{"line_number":314,"context_line":"    bool disable_occ;"},{"line_number":315,"context_line":"    int mode;"},{"line_number":316,"context_line":"    bool pull;"},{"line_number":317,"context_line":"    /**"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"ed094001_4358b379","side":"PARENT","line":314,"in_reply_to":"e1373829_32fe9ec0","updated":"2024-08-01 12:12:34.000000000","message":"Yes. But I don\u0027t think it warranted an extra commit and I modify that part anyway.","commit_id":"e14e38d3e7d9bf8c056dc66a558a7f45db7567f8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"d6ac93b6624ccad50b31e3680a3ebf5f38351961","unresolved":false,"context_lines":[{"line_number":311,"context_line":""},{"line_number":312,"context_line":"    /* from command line */"},{"line_number":313,"context_line":"    bool single_session;"},{"line_number":314,"context_line":"    bool disable_occ;"},{"line_number":315,"context_line":"    int mode;"},{"line_number":316,"context_line":"    bool pull;"},{"line_number":317,"context_line":"    /**"}],"source_content_type":"text/x-csrc","patch_set":6,"id":"68ee673d_068c1805","side":"PARENT","line":314,"in_reply_to":"ed094001_4358b379","updated":"2024-08-14 13:16:57.000000000","message":"Done","commit_id":"e14e38d3e7d9bf8c056dc66a558a7f45db7567f8"},{"author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"change_message_id":"7fa36718c520745470ce6c1d3f1498653aad19df","unresolved":true,"context_lines":[{"line_number":490,"context_line":"     */"},{"line_number":491,"context_line":"    int key_id;"},{"line_number":492,"context_line":""},{"line_number":493,"context_line":"    int limit_next;             /* used for traffic shaping on the control channel */"},{"line_number":494,"context_line":""},{"line_number":495,"context_line":"    int verify_maxlevel;"},{"line_number":496,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":6,"id":"b333e775_ad0af8c2","side":"PARENT","line":493,"updated":"2024-07-31 14:12:10.000000000","message":"ditto","commit_id":"e14e38d3e7d9bf8c056dc66a558a7f45db7567f8"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"d6ac93b6624ccad50b31e3680a3ebf5f38351961","unresolved":false,"context_lines":[{"line_number":490,"context_line":"     */"},{"line_number":491,"context_line":"    int key_id;"},{"line_number":492,"context_line":""},{"line_number":493,"context_line":"    int limit_next;             /* used for traffic shaping on the control channel */"},{"line_number":494,"context_line":""},{"line_number":495,"context_line":"    int verify_maxlevel;"},{"line_number":496,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":6,"id":"0a1701ec_5a81108c","side":"PARENT","line":493,"in_reply_to":"a566bc93_6c0e149b","updated":"2024-08-14 13:16:57.000000000","message":"Done","commit_id":"e14e38d3e7d9bf8c056dc66a558a7f45db7567f8"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e61fc92bea2b08e83cc357766cc31a27683e6fc8","unresolved":true,"context_lines":[{"line_number":490,"context_line":"     */"},{"line_number":491,"context_line":"    int key_id;"},{"line_number":492,"context_line":""},{"line_number":493,"context_line":"    int limit_next;             /* used for traffic shaping on the control channel */"},{"line_number":494,"context_line":""},{"line_number":495,"context_line":"    int verify_maxlevel;"},{"line_number":496,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":6,"id":"a566bc93_6c0e149b","side":"PARENT","line":493,"in_reply_to":"b333e775_ad0af8c2","updated":"2024-08-01 12:12:34.000000000","message":"same, just removing an unused variable","commit_id":"e14e38d3e7d9bf8c056dc66a558a7f45db7567f8"}],"src/openvpn/ssl_ncp.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":true,"context_lines":[{"line_number":430,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_USE_CC_EXIT_NOTIFY;"},{"line_number":431,"context_line":"    }"},{"line_number":432,"context_line":""},{"line_number":433,"context_line":"    if (session-\u003eopt-\u003edata_v3_features_supported \u0026\u0026 (iv_proto_peer \u0026 IV_PROTO_DATA_V3))"},{"line_number":434,"context_line":"    {"},{"line_number":435,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_AEAD_TAG_AT_THE_END;"},{"line_number":436,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_64_BIT_PKT_ID;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"88a16718_ea9da9d3","line":433,"updated":"2024-02-05 12:24:14.000000000","message":"since this is based on both the TAG_AT_THE_END and 64_BIT_PKT_ID, maybe would be better to move this to its own patch instead of mixing it into the existing two?","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"2c029016a94bf3343252beb6176492f9476884e2","unresolved":false,"context_lines":[{"line_number":430,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_USE_CC_EXIT_NOTIFY;"},{"line_number":431,"context_line":"    }"},{"line_number":432,"context_line":""},{"line_number":433,"context_line":"    if (session-\u003eopt-\u003edata_v3_features_supported \u0026\u0026 (iv_proto_peer \u0026 IV_PROTO_DATA_V3))"},{"line_number":434,"context_line":"    {"},{"line_number":435,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_AEAD_TAG_AT_THE_END;"},{"line_number":436,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_64_BIT_PKT_ID;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"0600a4d8_bb1a41ed","line":433,"in_reply_to":"0b74fcf6_d3632ce2","updated":"2024-03-18 15:54:38.000000000","message":"Acknowledged","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":true,"context_lines":[{"line_number":430,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_USE_CC_EXIT_NOTIFY;"},{"line_number":431,"context_line":"    }"},{"line_number":432,"context_line":""},{"line_number":433,"context_line":"    if (session-\u003eopt-\u003edata_v3_features_supported \u0026\u0026 (iv_proto_peer \u0026 IV_PROTO_DATA_V3))"},{"line_number":434,"context_line":"    {"},{"line_number":435,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_AEAD_TAG_AT_THE_END;"},{"line_number":436,"context_line":"        session-\u003eopt-\u003ecrypto_flags |\u003d CO_64_BIT_PKT_ID;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"0b74fcf6_d3632ce2","line":433,"in_reply_to":"88a16718_ea9da9d3","updated":"2024-02-09 14:52:54.000000000","message":"The thing here is that I didn\u0027t want to introduce two IV_PROTO flags and so the 2nd patch for the two introduces the IV_PROTO_DATA_V3 flag and all the logic for it.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"}],"tests/unit_tests/openvpn/test_ssl.c":[{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":true,"context_lines":[{"line_number":148,"context_line":""},{"line_number":149,"context_line":"        if (longiv)"},{"line_number":150,"context_line":"        {"},{"line_number":151,"context_line":"            co-\u003eflags |\u003d CO_64_BIT_PKT_ID;"},{"line_number":152,"context_line":"        }"},{"line_number":153,"context_line":"    }"},{"line_number":154,"context_line":"}"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"c0271a29_2d76ebf0","line":151,"updated":"2024-02-05 12:24:14.000000000","message":"why is this required? I don\u0027t see any indication that we overwrite co-\u003eflags?","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":148,"context_line":""},{"line_number":149,"context_line":"        if (longiv)"},{"line_number":150,"context_line":"        {"},{"line_number":151,"context_line":"            co-\u003eflags |\u003d CO_64_BIT_PKT_ID;"},{"line_number":152,"context_line":"        }"},{"line_number":153,"context_line":"    }"},{"line_number":154,"context_line":"}"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"b11e4b53_74e1e29b","line":151,"in_reply_to":"c0271a29_2d76ebf0","updated":"2024-02-09 14:52:54.000000000","message":"yeah seems to be old leftover code. Thanks for pointing out.","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000001,"name":"flichtenheld","display_name":"Frank Lichtenheld","email":"frank@lichtenheld.com","username":"flichtenheld","status":"OpenVPN Inc."},"change_message_id":"9ab88ff8ef05e79a2c33c3c870695e47a4478747","unresolved":true,"context_lines":[{"line_number":491,"context_line":""},{"line_number":492,"context_line":"    /* separate buffer in authenticated data and encrypted data */"},{"line_number":493,"context_line":"    uint8_t *ad_start \u003d BPTR(\u0026buf);"},{"line_number":494,"context_line":"    buf_advance(\u0026buf, 4);"},{"line_number":495,"context_line":""},{"line_number":496,"context_line":"    uint8_t *tag_location \u003d BEND(\u0026buf) - OPENVPN_AEAD_TAG_LENGTH;"},{"line_number":497,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":2,"id":"581f83d7_d1986ad4","line":494,"updated":"2024-02-05 12:24:14.000000000","message":"might be nicer to move the this block before the packetid test to avoid the \"+ 4\"?","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"036b022b7cbc08713738d920aeda0cd947ee5c39","unresolved":false,"context_lines":[{"line_number":491,"context_line":""},{"line_number":492,"context_line":"    /* separate buffer in authenticated data and encrypted data */"},{"line_number":493,"context_line":"    uint8_t *ad_start \u003d BPTR(\u0026buf);"},{"line_number":494,"context_line":"    buf_advance(\u0026buf, 4);"},{"line_number":495,"context_line":""},{"line_number":496,"context_line":"    uint8_t *tag_location \u003d BEND(\u0026buf) - OPENVPN_AEAD_TAG_LENGTH;"},{"line_number":497,"context_line":""}],"source_content_type":"text/x-csrc","patch_set":2,"id":"82c35dbd_ccb22c51","line":494,"in_reply_to":"581f83d7_d1986ad4","updated":"2024-02-09 14:52:54.000000000","message":"Done","commit_id":"2ddc0066a66fdd848be5e722afc322f3db2ff896"}]}