)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"0a187d4df9f8d832aef1ef71a2925be2d0ef7ee6","unresolved":true,"context_lines":[{"line_number":9,"context_line":"This change prepares the extended packet id data where also the packet id"},{"line_number":10,"context_line":"part of the IV will be derived using xor.  Using xor also in the AEAD"},{"line_number":11,"context_line":"case where this degenerates to a concatenation allows using the same"},{"line_number":12,"context_line":"IV generation code later."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: I74216d776d3e0a8dc987ec7b1671c8e8dcccdbd6"},{"line_number":15,"context_line":"Signed-off-by: Arne Schwabe \u003carne@rfc2549.org\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"b59359cf_8e31314e","line":12,"updated":"2024-11-12 08:26:21.000000000","message":"Question: what is the advantage or XOR\u0027ing the IV with the packet ID? And why is the implicit IV growing from 32bits to 64?","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":9,"context_line":"This change prepares the extended packet id data where also the packet id"},{"line_number":10,"context_line":"part of the IV will be derived using xor.  Using xor also in the AEAD"},{"line_number":11,"context_line":"case where this degenerates to a concatenation allows using the same"},{"line_number":12,"context_line":"IV generation code later."},{"line_number":13,"context_line":""},{"line_number":14,"context_line":"Change-Id: I74216d776d3e0a8dc987ec7b1671c8e8dcccdbd6"},{"line_number":15,"context_line":"Signed-off-by: Arne Schwabe \u003carne@rfc2549.org\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":2,"id":"59bcb58e_1dd37b5e","line":12,"in_reply_to":"b59359cf_8e31314e","updated":"2024-11-13 12:49:21.000000000","message":"The implicit IV is growing from 64 bit to 96 bits. The whole IV is 96 bits and with Data v2 we use 32 bit packet id || implicit_iv to form the IV.","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"068e068bc833a7d4cd4270a288f8d16f50fd71fc","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"287e47ac_01cf60c4","updated":"2024-11-11 18:03:35.000000000","message":"this is beyond my pay grade, but I found a few typos, I think...","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"5d92f9a8c4fae3d7b3c4bf3133a1172b8987a335","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":10,"id":"f7afc8fc_7a282872","updated":"2024-12-12 14:37:00.000000000","message":"v8-\u003ev10 is `ASSERT()` fixups, to cope with the new limits.  Noncritical but if we have the ASSERT in the first place, it should verify the right thing.\n\nWill record the real reviews in the to-be-merged commit.","commit_id":"c71b146cca31b3730626f52c27fd3cd7390902d6"}],"src/openvpn/crypto.c":[{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"0a187d4df9f8d832aef1ef71a2925be2d0ef7ee6","unresolved":true,"context_lines":[{"line_number":99,"context_line":"        ASSERT(buf_write(\u0026work, iv, packet_id_size(false)));"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"        /* Remainder of IV consists of implicit part (unique per session)"},{"line_number":102,"context_line":"         * XOR of packet and implicit IV */"},{"line_number":103,"context_line":"        for (int i \u003d 0; i \u003c iv_len; i++)"},{"line_number":104,"context_line":"        {"},{"line_number":105,"context_line":"            iv[i] \u003d iv[i] ^ ctx-\u003eimplicit_iv[i];"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"ae81c136_3aaad761","line":102,"updated":"2024-11-12 08:26:21.000000000","message":"This comment doesn\u0027t fully compile. Are you saying that \"implicit part \u003d packet id XOR implcit iv\"? If that\u0027s the case, I\u0027ll rephrase it a bit, like:\n\n\"Remainder of IV is the result of packet id XOR\u0027d with impliciti IV (the result is expected to be unique per session).\"\n\nOr something along those lines.","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":99,"context_line":"        ASSERT(buf_write(\u0026work, iv, packet_id_size(false)));"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"        /* Remainder of IV consists of implicit part (unique per session)"},{"line_number":102,"context_line":"         * XOR of packet and implicit IV */"},{"line_number":103,"context_line":"        for (int i \u003d 0; i \u003c iv_len; i++)"},{"line_number":104,"context_line":"        {"},{"line_number":105,"context_line":"            iv[i] \u003d iv[i] ^ ctx-\u003eimplicit_iv[i];"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"d33cecd7_d179dad1","line":102,"in_reply_to":"ae81c136_3aaad761","updated":"2024-11-13 12:49:21.000000000","message":"Done","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"0a187d4df9f8d832aef1ef71a2925be2d0ef7ee6","unresolved":true,"context_lines":[{"line_number":442,"context_line":"        memcpy(iv, BPTR(buf), packet_iv_len);"},{"line_number":443,"context_line":""},{"line_number":444,"context_line":"        /* Remainder of IV consists of implicit part (unique per session)"},{"line_number":445,"context_line":"         * XOR of packet counter and implicit IV */"},{"line_number":446,"context_line":"        for (int i \u003d 0; i \u003c iv_len; i++)"},{"line_number":447,"context_line":"        {"},{"line_number":448,"context_line":"            iv[i] \u003d iv[i] ^ ctx-\u003eimplicit_iv[i];"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"f435a313_33ac03a7","line":445,"updated":"2024-11-12 08:26:21.000000000","message":"same comment as before","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":442,"context_line":"        memcpy(iv, BPTR(buf), packet_iv_len);"},{"line_number":443,"context_line":""},{"line_number":444,"context_line":"        /* Remainder of IV consists of implicit part (unique per session)"},{"line_number":445,"context_line":"         * XOR of packet counter and implicit IV */"},{"line_number":446,"context_line":"        for (int i \u003d 0; i \u003c iv_len; i++)"},{"line_number":447,"context_line":"        {"},{"line_number":448,"context_line":"            iv[i] \u003d iv[i] ^ ctx-\u003eimplicit_iv[i];"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"23e39761_6d3a4ea0","line":445,"in_reply_to":"f435a313_33ac03a7","updated":"2024-11-13 12:49:21.000000000","message":"Done","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"af49060591496ceef10efdc7dc4b903a9ce4efbf","unresolved":true,"context_lines":[{"line_number":432,"context_line":"    {"},{"line_number":433,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"},{"line_number":434,"context_line":"        const int iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher);"},{"line_number":435,"context_line":"        const size_t packet_iv_len \u003d packet_id_size(false);"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"        if (buf-\u003elen \u003c packet_id_size(false))"},{"line_number":438,"context_line":"        {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"aa9a760a_7b292150","line":435,"updated":"2024-11-15 09:29:16.000000000","message":"nit: since you are keeping this declaration here, I think it is more descriptive to use packet_iv_len in the following if block","commit_id":"0bda59a7c67d72ab20d9d6e30dc0c0126b06a823"},{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"dfa690e0bcacd4892e1139a53edf16abd474a9fe","unresolved":false,"context_lines":[{"line_number":432,"context_line":"    {"},{"line_number":433,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"},{"line_number":434,"context_line":"        const int iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher);"},{"line_number":435,"context_line":"        const size_t packet_iv_len \u003d packet_id_size(false);"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"        if (buf-\u003elen \u003c packet_id_size(false))"},{"line_number":438,"context_line":"        {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"fe4b2c72_d7d2d445","line":435,"in_reply_to":"60c8c91b_dfa11f5e","updated":"2024-11-15 15:35:41.000000000","message":"Done","commit_id":"0bda59a7c67d72ab20d9d6e30dc0c0126b06a823"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"419c5fee325bf3c685e48e0943c6a1c5d535b93d","unresolved":true,"context_lines":[{"line_number":432,"context_line":"    {"},{"line_number":433,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"},{"line_number":434,"context_line":"        const int iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher);"},{"line_number":435,"context_line":"        const size_t packet_iv_len \u003d packet_id_size(false);"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"        if (buf-\u003elen \u003c packet_id_size(false))"},{"line_number":438,"context_line":"        {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"60c8c91b_dfa11f5e","line":435,"in_reply_to":"9dbf827d_d3cd9727","updated":"2024-11-15 13:18:55.000000000","message":"Ah. This code gets refactored and then the problem is no there anymore when epoch keys is introduced. I can change it but since it gets refactored anyway I don\u0027t think there a big advantage in that.","commit_id":"0bda59a7c67d72ab20d9d6e30dc0c0126b06a823"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"19d740b385a2a081fe486787aac57b5a3b2fb940","unresolved":true,"context_lines":[{"line_number":432,"context_line":"    {"},{"line_number":433,"context_line":"        uint8_t iv[OPENVPN_MAX_IV_LENGTH] \u003d { 0 };"},{"line_number":434,"context_line":"        const int iv_len \u003d cipher_ctx_iv_length(ctx-\u003ecipher);"},{"line_number":435,"context_line":"        const size_t packet_iv_len \u003d packet_id_size(false);"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"        if (buf-\u003elen \u003c packet_id_size(false))"},{"line_number":438,"context_line":"        {"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"9dbf827d_d3cd9727","line":435,"in_reply_to":"aa9a760a_7b292150","updated":"2024-11-15 11:59:33.000000000","message":"I don\u0027t really follow. Where do you want me to use packet_iv_len and instead of what?","commit_id":"0bda59a7c67d72ab20d9d6e30dc0c0126b06a823"}],"src/openvpn/crypto.h":[{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"0a187d4df9f8d832aef1ef71a2925be2d0ef7ee6","unresolved":true,"context_lines":[{"line_number":165,"context_line":"    hmac_ctx_t *hmac;           /**\u003c Generic HMAC %context. */"},{"line_number":166,"context_line":"    uint8_t implicit_iv[OPENVPN_MAX_IV_LENGTH];"},{"line_number":167,"context_line":"    /**\u003c The implicit part of the IV */"},{"line_number":168,"context_line":"    size_t implicit_iv_len;     /**\u003c The length of implicit_iv */"},{"line_number":169,"context_line":"    /** Counter for the number of plaintext encrypted using this cipher"},{"line_number":170,"context_line":"     * in number of 128 bit blocks (only used for AEAD ciphers) */"},{"line_number":171,"context_line":"    uint64_t plaintext_blocks;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"c99a7cfb_275919d0","side":"PARENT","line":168,"updated":"2024-11-12 08:26:21.000000000","message":"why is the len being removed? What is the underlying assumption allowing us to drop the len?\n\nMy wild wild guess: implicit IV len \u003d\u003d packet ID size. Is that correct?","commit_id":"226ab82755687d6b3845fcf04cc9fe256e342533"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":165,"context_line":"    hmac_ctx_t *hmac;           /**\u003c Generic HMAC %context. */"},{"line_number":166,"context_line":"    uint8_t implicit_iv[OPENVPN_MAX_IV_LENGTH];"},{"line_number":167,"context_line":"    /**\u003c The implicit part of the IV */"},{"line_number":168,"context_line":"    size_t implicit_iv_len;     /**\u003c The length of implicit_iv */"},{"line_number":169,"context_line":"    /** Counter for the number of plaintext encrypted using this cipher"},{"line_number":170,"context_line":"     * in number of 128 bit blocks (only used for AEAD ciphers) */"},{"line_number":171,"context_line":"    uint64_t plaintext_blocks;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"141bbf3c_5381bd8d","side":"PARENT","line":168,"in_reply_to":"c99a7cfb_275919d0","updated":"2024-11-13 12:49:21.000000000","message":"The underlying assumption is that implicit IV is always xored to generate the IV. So implicit IV len is always the same length as the length of the IV.","commit_id":"226ab82755687d6b3845fcf04cc9fe256e342533"},{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"0a187d4df9f8d832aef1ef71a2925be2d0ef7ee6","unresolved":true,"context_lines":[{"line_number":170,"context_line":"     * the lower 32 bit of the IV are the packet id and the rest of the IV is"},{"line_number":171,"context_line":"     * from the implicit IV."},{"line_number":172,"context_line":"     */"},{"line_number":173,"context_line":"    uint8_t implicit_iv[OPENVPN_MAX_IV_LENGTH];"},{"line_number":174,"context_line":"    /** Counter for the number of plaintext encrypted using this cipher"},{"line_number":175,"context_line":"     * in number of 128 bit blocks (only used for AEAD ciphers) */"},{"line_number":176,"context_line":"    uint64_t plaintext_blocks;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"a758a11d_0ceb58dd","line":173,"updated":"2024-11-12 08:26:21.000000000","message":"I believe I understand the comment above, but I have troubles combining it with OPENVPN_MAX_IV_LENGTH that is 128 bits with OpenSSL.\nDoes it mean we actually only fill part of the array when using AEAD (i.e. 32 bits)?\nIs this going to change with the new format and become 64 bits?\nIs the rest of the array therefore unused?\n\nMaybe this is explained somewhere else, but this comment alone leaves me with these open questions.","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":170,"context_line":"     * the lower 32 bit of the IV are the packet id and the rest of the IV is"},{"line_number":171,"context_line":"     * from the implicit IV."},{"line_number":172,"context_line":"     */"},{"line_number":173,"context_line":"    uint8_t implicit_iv[OPENVPN_MAX_IV_LENGTH];"},{"line_number":174,"context_line":"    /** Counter for the number of plaintext encrypted using this cipher"},{"line_number":175,"context_line":"     * in number of 128 bit blocks (only used for AEAD ciphers) */"},{"line_number":176,"context_line":"    uint64_t plaintext_blocks;"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"cc89468e_4b046e53","line":173,"in_reply_to":"a758a11d_0ceb58dd","updated":"2024-11-13 12:49:21.000000000","message":"Yes, we only fill as many bytes as the size of the IV of the cipher we are using.","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"}],"src/openvpn/dco_freebsd.c":[{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"068e068bc833a7d4cd4270a288f8d16f50fd71fc","unresolved":true,"context_lines":[{"line_number":395,"context_line":"        key_len \u003d cipher_kt_key_size(ciphername);"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"        nvlist_add_binary(nvl, \"key\", key, key_len);"},{"line_number":398,"context_line":"        /* FreeBSD uses the contact operation, need to skip the first 4 null"},{"line_number":399,"context_line":"         * bytes */"},{"line_number":400,"context_line":"        nvlist_add_binary(nvl, \"iv\", implicit_iv + 4, 8);"},{"line_number":401,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"3336b2fb_a6fe95b6","line":398,"updated":"2024-11-11 18:03:35.000000000","message":"concat?","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":395,"context_line":"        key_len \u003d cipher_kt_key_size(ciphername);"},{"line_number":396,"context_line":""},{"line_number":397,"context_line":"        nvlist_add_binary(nvl, \"key\", key, key_len);"},{"line_number":398,"context_line":"        /* FreeBSD uses the contact operation, need to skip the first 4 null"},{"line_number":399,"context_line":"         * bytes */"},{"line_number":400,"context_line":"        nvlist_add_binary(nvl, \"iv\", implicit_iv + 4, 8);"},{"line_number":401,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"dc522f44_9fe63698","line":398,"in_reply_to":"3336b2fb_a6fe95b6","updated":"2024-11-13 12:49:21.000000000","message":"Acknowledged","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"}],"src/openvpn/dco_linux.c":[{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"068e068bc833a7d4cd4270a288f8d16f50fd71fc","unresolved":true,"context_lines":[{"line_number":585,"context_line":"    if (dco_cipher !\u003d OVPN_CIPHER_ALG_NONE)"},{"line_number":586,"context_line":"    {"},{"line_number":587,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, key_len, encrypt_key);"},{"line_number":588,"context_line":"        /* First 4 zero bytes as the kernel does concat instead of XOR */"},{"line_number":589,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, nonce_tail_len,"},{"line_number":590,"context_line":"                encrypt_iv + 4);"},{"line_number":591,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"e129cd6f_c502323f","line":588,"updated":"2024-11-11 18:03:35.000000000","message":"\"skip\" first 4 zero bytes?","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":585,"context_line":"    if (dco_cipher !\u003d OVPN_CIPHER_ALG_NONE)"},{"line_number":586,"context_line":"    {"},{"line_number":587,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, key_len, encrypt_key);"},{"line_number":588,"context_line":"        /* First 4 zero bytes as the kernel does concat instead of XOR */"},{"line_number":589,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, nonce_tail_len,"},{"line_number":590,"context_line":"                encrypt_iv + 4);"},{"line_number":591,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"e2a5f44c_31248b37","line":588,"in_reply_to":"e129cd6f_c502323f","updated":"2024-11-13 12:49:21.000000000","message":"Done","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"068e068bc833a7d4cd4270a288f8d16f50fd71fc","unresolved":true,"context_lines":[{"line_number":596,"context_line":"    if (dco_cipher !\u003d OVPN_CIPHER_ALG_NONE)"},{"line_number":597,"context_line":"    {"},{"line_number":598,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, key_len, decrypt_key);"},{"line_number":599,"context_line":"        /* First 4 zero bytes as the kernel does concat instead of XOR */"},{"line_number":600,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, nonce_tail_len,"},{"line_number":601,"context_line":"                decrypt_iv + 4);"},{"line_number":602,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"e717840e_40e36894","line":599,"updated":"2024-11-11 18:03:35.000000000","message":"as above","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":false,"context_lines":[{"line_number":596,"context_line":"    if (dco_cipher !\u003d OVPN_CIPHER_ALG_NONE)"},{"line_number":597,"context_line":"    {"},{"line_number":598,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_CIPHER_KEY, key_len, decrypt_key);"},{"line_number":599,"context_line":"        /* First 4 zero bytes as the kernel does concat instead of XOR */"},{"line_number":600,"context_line":"        NLA_PUT(nl_msg, OVPN_KEY_DIR_ATTR_NONCE_TAIL, nonce_tail_len,"},{"line_number":601,"context_line":"                decrypt_iv + 4);"},{"line_number":602,"context_line":"    }"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"a7e16baf_72713641","line":599,"in_reply_to":"e717840e_40e36894","updated":"2024-11-13 12:49:21.000000000","message":"Done","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"}],"src/openvpn/dco_win.c":[{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"068e068bc833a7d4cd4270a288f8d16f50fd71fc","unresolved":true,"context_lines":[{"line_number":314,"context_line":""},{"line_number":315,"context_line":"    CopyMemory(crypto_data.Encrypt.Key, encrypt_key, key_len);"},{"line_number":316,"context_line":"    crypto_data.Encrypt.KeyLen \u003d (char)key_len;"},{"line_number":317,"context_line":"    /* First 4 zero bytes as ovpn-dco-win does concat instead of XOR */"},{"line_number":318,"context_line":"    CopyMemory(crypto_data.Encrypt.NonceTail, encrypt_iv, nonce_len);"},{"line_number":319,"context_line":""},{"line_number":320,"context_line":"    CopyMemory(crypto_data.Decrypt.Key, decrypt_key, key_len);"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"716de75f_9490d075","line":317,"updated":"2024-11-11 18:03:35.000000000","message":"same comment as for Linux DCO, but no +4 here?  confusing","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"e24e981c263e89091125cc6911f8d758061eee0d","unresolved":true,"context_lines":[{"line_number":314,"context_line":""},{"line_number":315,"context_line":"    CopyMemory(crypto_data.Encrypt.Key, encrypt_key, key_len);"},{"line_number":316,"context_line":"    crypto_data.Encrypt.KeyLen \u003d (char)key_len;"},{"line_number":317,"context_line":"    /* First 4 zero bytes as ovpn-dco-win does concat instead of XOR */"},{"line_number":318,"context_line":"    CopyMemory(crypto_data.Encrypt.NonceTail, encrypt_iv, nonce_len);"},{"line_number":319,"context_line":""},{"line_number":320,"context_line":"    CopyMemory(crypto_data.Decrypt.Key, decrypt_key, key_len);"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"9c728a26_c4af20b0","line":317,"in_reply_to":"716de75f_9490d075","updated":"2024-11-13 12:49:21.000000000","message":"Yeah looks that I only tested windows. Since all of them directly get the keys from the key2 structure, the patch does not interact with that. Will remove it from all platforms in the fixed version.","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"ca66ee19c582c5d7b62ebe5dec22ce6310db31e7","unresolved":false,"context_lines":[{"line_number":314,"context_line":""},{"line_number":315,"context_line":"    CopyMemory(crypto_data.Encrypt.Key, encrypt_key, key_len);"},{"line_number":316,"context_line":"    crypto_data.Encrypt.KeyLen \u003d (char)key_len;"},{"line_number":317,"context_line":"    /* First 4 zero bytes as ovpn-dco-win does concat instead of XOR */"},{"line_number":318,"context_line":"    CopyMemory(crypto_data.Encrypt.NonceTail, encrypt_iv, nonce_len);"},{"line_number":319,"context_line":""},{"line_number":320,"context_line":"    CopyMemory(crypto_data.Decrypt.Key, decrypt_key, key_len);"}],"source_content_type":"text/x-csrc","patch_set":2,"id":"ff1397bd_cf2e47b4","line":317,"in_reply_to":"9c728a26_c4af20b0","updated":"2024-11-14 13:47:32.000000000","message":"Done","commit_id":"a94b12ff86f85314da86dcd054894f7e7373cb82"}],"src/openvpn/ssl.c":[{"author":{"_account_id":1000007,"name":"ordex","display_name":"Antonio Quartulli","email":"antonio@mandelbit.com","username":"ordex"},"change_message_id":"af49060591496ceef10efdc7dc4b903a9ce4efbf","unresolved":true,"context_lines":[{"line_number":1563,"context_line":"        ASSERT(impl_iv_len \u003c\u003d OPENVPN_MAX_IV_LENGTH);"},{"line_number":1564,"context_line":"        ASSERT(impl_iv_len \u003c\u003d key_len);"},{"line_number":1565,"context_line":"        CLEAR(ctx-\u003eimplicit_iv);"},{"line_number":1566,"context_line":"        /* The first bytes of the IV are filled with the packet id */"},{"line_number":1567,"context_line":"        memcpy(ctx-\u003eimplicit_iv + sizeof(packet_id_type), key, impl_iv_len);"},{"line_number":1568,"context_line":"    }"},{"line_number":1569,"context_line":"}"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"4af76cce_141b7572","line":1566,"updated":"2024-11-15 09:29:16.000000000","message":"is the extension to 96 bits implicit IV coming with a future patch? (i.e. DATA_V3 patchset?)\nBecause elsewhere you described the implicit IV growing to 96 bits, but here it seems we are only accounting for the old format (with leading zeros)","commit_id":"0bda59a7c67d72ab20d9d6e30dc0c0126b06a823"},{"author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"change_message_id":"19d740b385a2a081fe486787aac57b5a3b2fb940","unresolved":false,"context_lines":[{"line_number":1563,"context_line":"        ASSERT(impl_iv_len \u003c\u003d OPENVPN_MAX_IV_LENGTH);"},{"line_number":1564,"context_line":"        ASSERT(impl_iv_len \u003c\u003d key_len);"},{"line_number":1565,"context_line":"        CLEAR(ctx-\u003eimplicit_iv);"},{"line_number":1566,"context_line":"        /* The first bytes of the IV are filled with the packet id */"},{"line_number":1567,"context_line":"        memcpy(ctx-\u003eimplicit_iv + sizeof(packet_id_type), key, impl_iv_len);"},{"line_number":1568,"context_line":"    }"},{"line_number":1569,"context_line":"}"}],"source_content_type":"text/x-csrc","patch_set":3,"id":"24afc1eb_4d268ad7","line":1566,"in_reply_to":"4af76cce_141b7572","updated":"2024-11-15 11:59:33.000000000","message":"Yes. That is being done in a one of the future patches.","commit_id":"0bda59a7c67d72ab20d9d6e30dc0c0126b06a823"}]}