Arne Schwabe schwabe

## openssl-32.fips
= Build OpenVPN and OpenSSL with FIPS =
Checkout OpenSSL

    git clone https://github.com/openssl/openssl -b openssl-3.2 openssl32-fips

Compile OpenSSL

     ./Configure  --prefix=${HOME}/oss/openssl32-fips/dist --libdir=${HOME}/oss/openssl32-fips/dist/ --openssldir=${HOME}/oss/openssl32-fips/dist fips -g

     make install

## testauth.py
#! /usr/bin/python3

import sys
import random
import os
from base64 import standard_b64decode
import time
import pyotp

import pprint

## benchprng.cc
//  c++ -O2 -std=c++14 -g  -I/usr/local/opt/openssl@3/include -L/usr/local/opt/openssl@3/lib -lcrypto -lssl -lbenchmark scratch.cpp  && ./a.out
#include <benchmark/benchmark.h>
#include <openssl/rand.h>
#include <openssl/evp.h>
#include <iostream>

static uint8_t *nonce_data = NULL; /* GLOBAL */
const EVP_MD *nonce_md = NULL;

int nonce_secret_len = 16;

## gen_openvpn_tls_key.py
def generate_pem(data:bytes, pemtype:bytes):
    s = b"-----BEGIN %s-----\n" % pemtype
    s += base64.encodebytes(data)
    s += b"-----END %s-----" % pemtype
    return s

def generate_tls_crypt2_wrapped_client_key_(clientkeys, serverkey, metadata: bytes):
    TLS_CRYPT_V2_TAG_SIZE = int(256/8)

    # The real max length is more but we restrict us here to a bit shorter string

## 0001-Use-PROFILE-SYSTEM-instead-of-DEFAULT-for-ssl-cipher.patch
From 171e43142c82b6f0bf2cd5e4ce9265bb95527579 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Wed, 19 Feb 2020 14:16:10 +0100
Subject: [PATCH] Use PROFILE=SYSTEM instead of DEFAULT for ssl ciphers on
 RHEL/Fedora

There is a Redhat/Fedora policy that you should not use "DEFAULT" and
SSL_CTX_set_cipher_list as that overrides the system wide policies.

Dropping this call however on Fedora/Redhat would weaken our security

## 0001-Fix-management-tunnel-argument.patch
From faa6cadd30cbd459cf8c51bfe197af78f6bf9f95 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@openvpn.net>
Date: Wed, 6 Feb 2019 15:22:34 +0100
Subject: [PATCH] Fix management tunnel argument

When the conversion to the new getaddrinfo happened I forgot to add the
port to the getaddrinfo call here. Remember that port to fix binding to
a random port.
---
 src/openvpn/manage.c | 13 ++++++++++---

## 22changes.md

      
              1 file
            
          
              0 forks
            
          
              3 comments
            
          
              0 stars
            
          
                schwabe
                / 22changes.md
            
            
              Last active
              May 14, 2017 12:26
            
              
                2.2 News
              
          
Support of new Transmitters

Frsky Horus
Frsky Q X7


Much improved and overhauled Companion software

High DPI Display support
Qt5 instead of Qt4
Show custom names for switches/knobs/channels/etc throughout user interface.
Many performance and stability improvements.
Improved Simulator integration.


Fully re-worked "SD Sync" feature with options dialog, faster and reliable copying between any two folders.


## cx10d-1.logicdata

      
              5 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                schwabe
                / cx10d-1.logicdata
            
            
              Last active
              October 6, 2016 19:30
            
              
                CX 10D SPI
              
          
      This file has been truncated, but you can view the full file.
    

            View raw
        
    
## 2.1 first byte.PNG

      
              13 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                schwabe
                / 2.1 first byte.PNG
            
            
              Last active
              September 8, 2016 21:03
	= Build OpenVPN and OpenSSL with FIPS =
	Checkout OpenSSL

	git clone https://github.com/openssl/openssl -b openssl-3.2 openssl32-fips

	Compile OpenSSL

	./Configure --prefix=${HOME}/oss/openssl32-fips/dist --libdir=${HOME}/oss/openssl32-fips/dist/ --openssldir=${HOME}/oss/openssl32-fips/dist fips -g

	make install
	#! /usr/bin/python3

	import sys
	import random
	import os
	from base64 import standard_b64decode
	import time
	import pyotp

	import pprint
	// c++ -O2 -std=c++14 -g -I/usr/local/opt/openssl@3/include -L/usr/local/opt/openssl@3/lib -lcrypto -lssl -lbenchmark scratch.cpp && ./a.out
	#include <benchmark/benchmark.h>
	#include <openssl/rand.h>
	#include <openssl/evp.h>
	#include <iostream>

	static uint8_t nonce_data = NULL; / GLOBAL */
	const EVP_MD *nonce_md = NULL;

	int nonce_secret_len = 16;
	def generate_pem(data:bytes, pemtype:bytes):
	s = b"-----BEGIN %s-----\n" % pemtype
	s += base64.encodebytes(data)
	s += b"-----END %s-----" % pemtype
	return s

	def generate_tls_crypt2_wrapped_client_key_(clientkeys, serverkey, metadata: bytes):
	TLS_CRYPT_V2_TAG_SIZE = int(256/8)

	# The real max length is more but we restrict us here to a bit shorter string
	From 171e43142c82b6f0bf2cd5e4ce9265bb95527579 Mon Sep 17 00:00:00 2001
	From: Arne Schwabe <arne@rfc2549.org>
	Date: Wed, 19 Feb 2020 14:16:10 +0100
	Subject: [PATCH] Use PROFILE=SYSTEM instead of DEFAULT for ssl ciphers on
	RHEL/Fedora

	There is a Redhat/Fedora policy that you should not use "DEFAULT" and
	SSL_CTX_set_cipher_list as that overrides the system wide policies.

	Dropping this call however on Fedora/Redhat would weaken our security
	From faa6cadd30cbd459cf8c51bfe197af78f6bf9f95 Mon Sep 17 00:00:00 2001
	From: Arne Schwabe <arne@openvpn.net>
	Date: Wed, 6 Feb 2019 15:22:34 +0100
	Subject: [PATCH] Fix management tunnel argument

	When the conversion to the new getaddrinfo happened I forgot to add the
	port to the getaddrinfo call here. Remember that port to fix binding to
	a random port.
	---
	src/openvpn/manage.c \| 13 ++++++++++---