Available digests hash algorithms

Got a problem with Viscosity or need help? Ask here!

tin0x3cc

Posts: 1
Joined: Thu Jun 04, 2009 2:42 pm

Post by tin0x3cc » Thu Jun 04, 2009 2:51 pm
Hello,

Before I start, I must thank you guy(s) for an awesome piece of software which apart from one particular issue is a great work of art ~~~~~@ (that's a rose for you).

Now to the point : the builtin openvpn(2.1) binary is pretty light on supported digest algorithms.
Code: Select all
$ /Applications/Viscosity.app/Contents/Resources/openvpn2.1 --show-digests
The following message digests are available for use with
OpenVPN.  A message digest is used in conjunction with
the HMAC function, to authenticate received packets.
You can specify a message digest as parameter to
the --auth option.

MD2 128 bit digest size
MD5 128 bit digest size
RSA-MD2 128 bit digest size
RSA-MD5 128 bit digest size
SHA 160 bit digest size
RSA-SHA 160 bit digest size
SHA1 160 bit digest size
RSA-SHA1 160 bit digest size
DSA-SHA 160 bit digest size
DSA-SHA1-old 160 bit digest size
MDC2 128 bit digest size
RSA-MDC2 128 bit digest size
DSA-SHA1 160 bit digest size
RSA-SHA1-2 160 bit digest size
DSA 160 bit digest size
RIPEMD160 160 bit digest size
RSA-RIPEMD160 160 bit digest size
MD4 128 bit digest size
RSA-MD4 128 bit digest size
I guess that's a choice on your part, and I can fully understand that one might not really need RSA-SHA256 for this, but still, why not just unleash the full power of openssl here? Why the removed digests algs at all?

Thanks,
jc

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Jun 04, 2009 11:42 pm
Hi jc,

The OpenVPN binaries included with Viscosity have been compiled against the version of OpenSSL that Apple ships with Mac OS X. This allows the size and complexity of compiling of Viscosity to be kept to a minimum, however for some reason Apple's version misses several digests (most notably SHA2 variants).

We do have a release compiled against the full OpenSSL libraries, and it's likely we'll include this with version 1.1 of Viscosity (as we will be including PKCS11 support anyway).

However in the meantime if you have an OpenVPN binary (or don't mind compiling OpenVPN yourself), you can swap your version (compiled against the full version of OpenSSL) with the one Viscosity uses. You can do this like so:

1. Control-click on the Viscosity application and select Show Package Contents
2. Open the Contents, and then Resources folders.
3. Delete the OpenVPN binary (openvpn2.1)
4. Copy in your custom version of the OpenVPN binary and give it the same name
5. Re-run Viscosity
Before I start, I must thank you guy(s) for an awesome piece of software which apart from one particular issue is a great work of art ~~~~~@ (that's a rose for you).
Thanks - positive feedback is always appreciated (roses too)!

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1