From patchwork Tue Oct 19 07:31:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2036 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director7.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id gOL2CjgPb2EIQwAAIUCqbw (envelope-from ) for ; Tue, 19 Oct 2021 14:32:24 -0400 Received: from proxy5.mail.ord1c.rsapps.net ([172.28.255.1]) by director7.mail.ord1d.rsapps.net with LMTP id sPPdCjgPb2G6awAAovjBpQ (envelope-from ) for ; Tue, 19 Oct 2021 14:32:24 -0400 Received: from smtp39.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.ord1c.rsapps.net with LMTPS id gBCcCjgPb2ElSAAAPBRIyg (envelope-from ) for ; Tue, 19 Oct 2021 14:32:24 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: e69bef46-310a-11ec-9615-5452006c005a-1-1 Received: from [216.105.38.7] ([216.105.38.7:55936] helo=lists.sourceforge.net) by smtp39.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 00/6C-19324-73F0F616; Tue, 19 Oct 2021 14:32:23 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1mcttj-0006aX-H5; Tue, 19 Oct 2021 18:31:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mcttg-0006YU-QS for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:31:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=E3O5vRD99cKIArpknckgsutQVnnLFEA7EOlZAQaXp9k=; b=I+00HFplJBuRrN3WO43furmUzK bXGUspqnzjLxqwxjsmdkHoA1Mgm9wAgQgA1tZrT0wwCdekMaeKm/vKl2eXZzbIq9hdwa6dc5Hsliw hXqI38vtYdMHdwehYkXqXYm3o/Rs3m2w6i6+UCYqroDIMR/S+MkSs/GNF5z9ELDBhq0I=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=E3O5vRD99cKIArpknckgsutQVnnLFEA7EOlZAQaXp9k=; b=TAjKGj5nBiu51itfR26G/Rswyv fCjjBozrxLrU4lFYsNOuBRKdhx5W1qWZwI5gXwG93zY/zNQggXN+ibQ+LvpT1yiebQBWIjHCOh5/i AmO37dbVzgekG4JYRCzwM4O7De9Wb0wJyx4mhLFtcxglmWPG91OUVmJmqVzjODhevpUk=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mcttf-0005u3-Gf for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:31:36 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mcttY-0008iU-G6 for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 20:31:28 +0200 Received: (nullmailer pid 614277 invoked by uid 10006); Tue, 19 Oct 2021 18:31:28 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:31:24 +0200 Message-Id: <20211019183127.614175-19-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211019183127.614175-1-arne@rfc2549.org> References: <20211019183127.614175-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Through the multiple iteration of allowing OpenVPN to run without BF-CBC we accidentially made a regression and still required BF-CBC. This patch fixes the code path and restores its intended function. Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mcttf-0005u3-Gf Subject: [Openvpn-devel] [PATCH v3 18/21] Fix error when BF-CBC is not available X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Through the multiple iteration of allowing OpenVPN to run without BF-CBC we accidentially made a regression and still required BF-CBC. This patch fixes the code path and restores its intended function. Signed-off-by: Arne Schwabe Acked-by: Max Fillinger --- src/openvpn/options.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index ab7b00783..fe873944b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3797,6 +3797,9 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */ frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8); + /* set ciphername to none, so its size does get added in the fake_kt and + * the cipher is not tried to be resolved */ + ciphername = "none"; } init_key_type(&fake_kt, ciphername, o->authname, true, false);