Message ID | 20211019183127.614175-19-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | OpenSSL 3.0 improvements for OpenVPN | expand |
On 19/10/2021 20:31, Arne Schwabe wrote: > Through the multiple iteration of allowing OpenVPN to run without > BF-CBC we accidentially made a regression and still required BF-CBC. > > This patch fixes the code path and restores its intended function. > > Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> This fixes running with --mode server when BF-CBC is unavailable.
As discussed online, this is really just about OCC initialization, and that really shouldn't pull in BF-CBC if not requested :-) I have rewrapped the comment - one overlong line + one short line looked avoidably silly :-) Your patch has been applied to the master branch. commit 056991925633ea27a1536bb610e0055072631ce7 Author: Arne Schwabe Date: Tue Oct 19 20:31:24 2021 +0200 Fix error when BF-CBC is not available Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> Message-Id: <20211019183127.614175-19-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23010.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index ab7b00783..fe873944b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3797,6 +3797,9 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */ frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8); + /* set ciphername to none, so its size does get added in the fake_kt and + * the cipher is not tried to be resolved */ + ciphername = "none"; } init_key_type(&fake_kt, ciphername, o->authname, true, false);
Through the multiple iteration of allowing OpenVPN to run without BF-CBC we accidentially made a regression and still required BF-CBC. This patch fixes the code path and restores its intended function. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/options.c | 3 +++ 1 file changed, 3 insertions(+)