From patchwork Thu Dec 4 13:45:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4655 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c3:b0:7b1:439f:bdf with SMTP id j3csp9283244maw; Thu, 4 Dec 2025 05:45:39 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCW4uN0udWfkVrhRBqk2CBvJw/FMhuJDvMMyiO/kRQqFpbBJKfFJiGFEAx4OBTmgWYwMiEC5Fj2a/lQ=@openvpn.net X-Google-Smtp-Source: AGHT+IHscw8ogBzZ+K8PUYFBGU7CU1Sv8GPqPwRBEYhoP8NnbdKjWuQrjfeGKdxy8z+3YyuP7ED8 X-Received: by 2002:a05:6870:2414:b0:3e8:8ec1:eba1 with SMTP id 586e51a60fabf-3f1693e5ad3mr3309958fac.36.1764855939425; Thu, 04 Dec 2025 05:45:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1764855939; cv=none; d=google.com; s=arc-20240605; b=DxOZZRx1BvCI4KHMM7e05Ae/u68XHFuo6vIcPb/wrrPockD8ZTm1Lgv0UbRLgn2WTJ iTTKrMrH6eejkfPFrwURI5uLzO+cZjc3JqVEkGKN5ID9eYoznsjZXXV7USkv3cNlxAPw t0JaBW29iDylzzU+6glKGnTD/JCpVGhxRYLG54WfzIKMJUGeHhehyRuB4580fZp1F2rQ IevrUaRZjRxAOOrVBpFlYe/Io8d4OxkzsRhFhlieSR9j6uMTkNZY79dYNosx0VFGUmNg MvGU4Xv4DeJPovbJcGnnX8k7x/TJgkvPD3pHv4UZaisJsdyGcO5nnFTETMKrhGVmGMs4 r1Kw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=bFVjrRpkzwFGatw5ueqE2J47jNMPNKhYPPzdKprRtiM=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=kOTugLlP0/vxEoL04EkIzM2EIXGhnTuuSrVaeO80R67fK4Dm4XXHOopunEVZtEgkP7 xaHmL/s4DAdPBtgTawT4z3KotUIm6gfm3Jr6yrUNf8oHjzQOSZhU5i9dWyL7i6yHPXY+ hmjW9E4IbcJzN/ZzXZJF5Jv1G/JD2lDTiT3FfPSCuDA11Yv4js6UZXF0bdWKLfuvOHiD qIPWqlNbvc4wwVOMfVpEgLB3mtq6gooohuY5S0u1DJvNqk4KVExL8kgIJvU/VgBEjgQH wNZwyL7KMxkynhqlC6FlY5yDwtzAGSsuxlPWKQyiXg7X5jE5Xz6Cek71ANraCk+JuPgs Pgbw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=KsMLtSPR; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PFHUnLuE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UXoMSszg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3f50b51469esi353837fac.449.2025.12.04.05.45.39 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Dec 2025 05:45:39 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=KsMLtSPR; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=PFHUnLuE; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=UXoMSszg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=bFVjrRpkzwFGatw5ueqE2J47jNMPNKhYPPzdKprRtiM=; b=KsMLtSPRPwhGCvRfKgKEeNxogB j5mQYtS1tGG7KS9g11IqpnvbviSN3gBETB66LqGR7aqe+gWVjQfV3u4PxoBhW1Hz+4UqPdo0rWuAg XDDbo1MKyeBcMeouJaawGvgxaxtic/0zHXWfFJvtP1WucOPaYh7jCVa0ON4X3dSd5mAY=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vR9eK-0003HR-5h; Thu, 04 Dec 2025 13:45:36 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vR9eI-0003HL-Ms for openvpn-devel@lists.sourceforge.net; Thu, 04 Dec 2025 13:45:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Asdh2gkDzyCgRszCMz3qVMxFQTML8Hwt86cl9s3a948=; b=PFHUnLuEndet9WdLo8LxMFv3qQ Pr2FJOU4GfgJj0rn95HvEU0k3IzTz8MHjrN5RQyUfXZT4vMRxjaOnUDPGiqX/pw4utKBUQZlyd38o vrQo9Z+7eq130Ut+LbUnjcNON7oQEd0rE/sTGCQ1je2/UdDepUUMnNpmqS6l0+Q0cZOk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Asdh2gkDzyCgRszCMz3qVMxFQTML8Hwt86cl9s3a948=; b=UXoMSszgDC/X8uOPP+Op0lmR09 yC9pwp8WMAvmi0NML+12g+TYcs8jMjzhO8/EaqCSBrTTi+HCgE78ZvqOlJv/p2hP1zIGh5jXDIWGW rg6eQrz0RMrs7ewCVH1mikWG0lfjzZA0ZmJAEntMkmt9MBLTtExD9WpRHBthTVLkokx8=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vR9eH-0000EW-HW for openvpn-devel@lists.sourceforge.net; Thu, 04 Dec 2025 13:45:34 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5B4DjLsq020045 for ; Thu, 4 Dec 2025 14:45:21 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5B4DjLpv020044 for openvpn-devel@lists.sourceforge.net; Thu, 4 Dec 2025 14:45:21 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 4 Dec 2025 14:45:16 +0100 Message-ID: <20251204134521.20025-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe This is a corner case and only the FreeBSD DCO module support the none encryption but as long as it supports it, we should only enable it when the configuration actually allows to enable it. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vR9eH-0000EW-HW Subject: [Openvpn-devel] [PATCH v2] Fix dco with null cipher being enabled without auth none X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1850585581516176768?= X-GMAIL-MSGID: =?utf-8?q?1850585581516176768?= From: Arne Schwabe This is a corner case and only the FreeBSD DCO module support the none encryption but as long as it supports it, we should only enable it when the configuration actually allows to enable it. Change-Id: I1104044701145fa37cea857e2e0e0fcac7a2bee3 Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1369 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1369 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Antonio Quartulli diff --git a/src/openvpn/dco.c b/src/openvpn/dco.c index 7abdad3..6a1a5c9 100644 --- a/src/openvpn/dco.c +++ b/src/openvpn/dco.c @@ -474,6 +474,18 @@ gc_free(&gc); return false; } + /* FreeBSD supports none as cipher type but requires auth none to be + * be also enabled */ + if (strcmp(token, "none") == 0 && strcmp(o->authname, "none") != 0) + { + msg(msglevel, + "Note: cipher '%s' in --data-ciphers is only supported " + "with --auth=none by ovpn-dco, disabling data channel " + "offload.", + token); + gc_free(&gc); + return false; + } } gc_free(&gc);