| Message ID | 20211019182332.613155-22-arne@rfc2549.org |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id uEaCAYINb2GiMAAAIUCqbw (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Tue, 19 Oct 2021 14:25:06 -0400 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director12.mail.ord1d.rsapps.net with LMTP id EH0/AYINb2EJegAAIasKDg (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Tue, 19 Oct 2021 14:25:06 -0400 Received: from smtp15.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id IOEgAYINb2FqMwAAetu3IA (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Tue, 19 Oct 2021 14:25:06 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e13a111e-3109-11ec-a353-5254007ab6c8-1-1 Received: from [216.105.38.7] ([216.105.38.7:41778] helo=lists.sourceforge.net) by smtp15.gate.ord1d.rsapps.net (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 66/56-02359-08D0F616; Tue, 19 Oct 2021 14:25:05 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1mctmd-0000zC-8k; Tue, 19 Oct 2021 18:24:19 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from <arne@kamera.blinkt.de>) id 1mctmD-0000qT-Qo for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:23:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a4JLqJwLW4T280ohE4dvZVriJdyFAZ0pSyffCYSSZKs=; b=I22aEmAQMMfCd7ULxBCAkj6DZV XIyiUmb+0OJz+r66/qbLYGb/1RLD+JxITSsehO7NsH16QzVrH6z+isUVSwuxlYTwZNiXgXNu1jZnT IN7/CMuUfPOhkMpWD+C0heAzCBD2Dsoz7ETRlvs0azGk3tD8F4TWXzyU6a3ZvP/cRk8c=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=a4JLqJwLW4T280ohE4dvZVriJdyFAZ0pSyffCYSSZKs=; b=B0nfMQk+mZhrZGh6PLpQkpaxWB 9FothrFg5jjZvWuq35e+rOdZ/NvEpgVZd9lO0VI9fLhAFZoE8vOuOVn+jO3KXqKk5O+XB5RVPw/4z MyOEeKHXUINJ4+NBs34gnP+UgddRY0CpQlMgkcgwD3ZW8Y/MeiLNAYeTe4nZ6JAMk9MI=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mctm4-006Tet-6l for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:23:53 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from <arne@kamera.blinkt.de>) id 1mctlu-0008bO-8x for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 20:23:34 +0200 Received: (nullmailer pid 613268 invoked by uid 10006); Tue, 19 Oct 2021 18:23:34 -0000 From: Arne Schwabe <arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:23:26 +0200 Message-Id: <20211019182332.613155-22-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211019182332.613155-1-arne@rfc2549.org> References: <20211019182332.613155-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: We do not support CTS algorithms (cipher text stealing) algorithms. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/crypto_openssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index ab552efab..ac8287440 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -760,6 +760,9 @@ cip [...] Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mctm4-006Tet-6l Subject: [Openvpn-devel] [PATCH v2 15/20] [OSSL 3.0] Do not allow CTS ciphers X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox |
| Series |
None
|
expand
|
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index ab552efab..ac8287440 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -760,6 +760,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher) { return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC /* Exclude AEAD cipher modes, they require a different API */ +#ifdef EVP_CIPH_FLAG_CTS + && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) +#endif && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER); }
We do not support CTS algorithms (cipher text stealing) algorithms. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/crypto_openssl.c | 3 +++ 1 file changed, 3 insertions(+)