[Openvpn-devel] FreeBSD DCO: support AES-192-GCM

Message ID 20221111102031.8402-2-kprovost@netgate.com
State Accepted
Headers show
Series [Openvpn-devel] FreeBSD DCO: support AES-192-GCM | expand

Commit Message

Kristof Provost Nov. 11, 2022, 10:20 a.m. UTC
From: Kristof Provost <kp@FreeBSD.org>

As of 2c58d0cb3bb3e3a5b714ffac940500efbe5303ca FreeBSD also allows
AES-192-GCM in DCO. Announce this support.

Signed-off-by: Kristof Provost <kprovost@netgate.com>
---
 src/openvpn/dco_freebsd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Arne Schwabe Nov. 11, 2022, 1:17 p.m. UTC | #1
Am 11.11.22 um 11:20 schrieb Kristof Provost via Openvpn-devel:
> From: Kristof Provost <kp@FreeBSD.org>
> 
> As of 2c58d0cb3bb3e3a5b714ffac940500efbe5303ca FreeBSD also allows
> AES-192-GCM in DCO. Announce this support.
> 
> Signed-off-by: Kristof Provost <kprovost@netgate.com>
> ---
>   src/openvpn/dco_freebsd.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
> index c8361028..8e5ee436 100644
> --- a/src/openvpn/dco_freebsd.c
> +++ b/src/openvpn/dco_freebsd.c
> @@ -667,7 +667,7 @@ dco_event_set(dco_context_t *dco, struct event_set *es, void *arg)
>   const char *
>   dco_get_supported_ciphers()
>   {
> -    return "none:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305";
> +    return "none:AES-256-GCM:AES-192-GCM:AES-128-GCM:CHACHA20-POLY1305";
>   }
>   
>   #endif /* defined(ENABLE_DCO) && defined(TARGET_FREEBSD) */

Acked-By: Arne Schwabe <arne@rfc2549.org>
Gert Doering Nov. 11, 2022, 1:29 p.m. UTC | #2
I have not actually tested this - but if you say it works kernel-side,
the patch in itself is trivial enough :-)

Your patch has been applied to the master branch.

commit 115559aa34c0ae20ba5628e8becf09af990fc97f
Author: Kristof Provost
Date:   Fri Nov 11 11:20:31 2022 +0100

     FreeBSD DCO: support AES-192-GCM

     Signed-off-by: Kristof Provost <kprovost@netgate.com>
     Acked-by: Arne Schwabe <arne@rfc2549.org>
     Message-Id: <20221111102031.8402-2-kprovost@netgate.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25506.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/dco_freebsd.c b/src/openvpn/dco_freebsd.c
index c8361028..8e5ee436 100644
--- a/src/openvpn/dco_freebsd.c
+++ b/src/openvpn/dco_freebsd.c
@@ -667,7 +667,7 @@  dco_event_set(dco_context_t *dco, struct event_set *es, void *arg)
 const char *
 dco_get_supported_ciphers()
 {
-    return "none:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305";
+    return "none:AES-256-GCM:AES-192-GCM:AES-128-GCM:CHACHA20-POLY1305";
 }
 
 #endif /* defined(ENABLE_DCO) && defined(TARGET_FREEBSD) */