From patchwork Thu Apr 8 02:00:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1724 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.27.255.57]) by backend30.mail.ord1d.rsapps.net with LMTP id wP4hOLfwbmBmBQAAIUCqbw (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 Received: from proxy2.mail.iad3a.rsapps.net ([172.27.255.57]) by director15.mail.ord1d.rsapps.net with LMTP id MLPzN7fwbmC/FAAAIcMcQg (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 Received: from smtp15.gate.iad3a ([172.27.255.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.iad3a.rsapps.net with LMTPS id qMR/MbfwbmBdFAAABcWvHw (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 383dd1d0-9862-11eb-b3bf-525400f46865-1-1 Received: from [216.105.38.7] ([216.105.38.7:54778] helo=lists.sourceforge.net) by smtp15.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 10/51-24765-6B0FE606; Thu, 08 Apr 2021 08:01:59 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lUTLH-00082s-6e; Thu, 08 Apr 2021 12:00:59 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lUTLF-00082l-Go for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=dXgcAwIKFgWYoL4d9wevVacR5X9HpMvWGMeYOWOo2cs=; b=CClvD5tHK+ruXfax/lEHl4gZAg vtCrzjvpCm2d+gRsnQlF5DGGBlSJzbT7OcWIMpnJNuuaAxVgJbKWKWxs7ATl33yjf6LJgjkcC4Kau oY15wmgdKYq/moEJjHiPf8g14sJQJH5n9vJLBqeTqzCcO6lRx9a3Y1JBaEyLkPVWWrwo=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=dXgcAwIKFgWYoL4d9wevVacR5X9HpMvWGMeYOWOo2cs=; b=YAa/ies9a4Cw0TyWfep+tM5fPM 20Popp2hHNJgWXPh3UuHCUWwtzeEmDVxjQm6nwNEjs4Ljz6B3fCLBpzfxNe8ia0TRscHbB11Eygkw E5KcFJQ/xm4QUfR+xA+k+Zdlju+WThoNZM3fCoghlDmPSL/x8aPP59lei6VgH5QGUqtw=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lUTL2-004RWy-4b for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:57 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lUTKn-000D7r-N5 for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 14:00:29 +0200 Received: (nullmailer pid 19483 invoked by uid 10006); Thu, 08 Apr 2021 12:00:29 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 8 Apr 2021 14:00:27 +0200 Message-Id: <20210408120029.19438-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lUTL2-004RWy-4b Subject: [Openvpn-devel] [PATCH 1/3] Always save/restore pull options X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox The makes the code path for pull and non-pull more aligned and even though this might do extra work for non-pull scenarios, saving the few bytes of memory is not a worthwhile optimisation here. Additionally with the upcoming P2P mode NCP, the client needs to save/restore a subset of these options anyway. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/init.c | 6 ++-- src/openvpn/options.c | 66 +++++++++++++++++++++---------------------- src/openvpn/options.h | 8 +++--- 3 files changed, 38 insertions(+), 42 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index fb3d6beaa..e62aace51 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -4052,10 +4052,8 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f } } - if (c->options.pull) - { - pre_pull_restore(&c->options, &c->c2.gc); - } + /* Resets all values to the initial values from the config where needed */ + pre_connect_restore(&c->options, &c->c2.gc); /* map in current connection entry */ next_connection_entry(c); diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 09e93df80..a72e1b9ae 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3209,9 +3209,10 @@ options_postprocess_mutate(struct options *o) } /* - * Save certain parms before modifying options via --pull + * Save certain parms before modifying options during connect, especially + * when using --pull */ - pre_pull_save(o); + pre_connect_save(o); } /* @@ -3566,46 +3567,43 @@ options_postprocess(struct options *options) */ void -pre_pull_save(struct options *o) +pre_connect_save(struct options *o) { - if (o->pull) - { - ALLOC_OBJ_CLEAR_GC(o->pre_pull, struct options_pre_pull, &o->gc); - o->pre_pull->tuntap_options = o->tuntap_options; - o->pre_pull->tuntap_options_defined = true; - o->pre_pull->foreign_option_index = o->foreign_option_index; - if (o->routes) - { - o->pre_pull->routes = clone_route_option_list(o->routes, &o->gc); - o->pre_pull->routes_defined = true; - } - if (o->routes_ipv6) - { - o->pre_pull->routes_ipv6 = clone_route_ipv6_option_list(o->routes_ipv6, &o->gc); - o->pre_pull->routes_ipv6_defined = true; - } - if (o->client_nat) - { - o->pre_pull->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc); - o->pre_pull->client_nat_defined = true; - } - - /* NCP related options that can be overwritten by a push */ - o->pre_pull->ciphername = o->ciphername; - o->pre_pull->authname = o->authname; + ALLOC_OBJ_CLEAR_GC(o->pre_connect, struct options_pre_connect, &o->gc); + o->pre_connect->tuntap_options = o->tuntap_options; + o->pre_connect->tuntap_options_defined = true; + o->pre_connect->foreign_option_index = o->foreign_option_index; - /* Ping related options should be reset to the config values on reconnect */ - o->pre_pull->ping_rec_timeout = o->ping_rec_timeout; - o->pre_pull->ping_rec_timeout_action = o->ping_rec_timeout_action; - o->pre_pull->ping_send_timeout = o->ping_send_timeout; + if (o->routes) + { + o->pre_connect->routes = clone_route_option_list(o->routes, &o->gc); + o->pre_connect->routes_defined = true; + } + if (o->routes_ipv6) + { + o->pre_connect->routes_ipv6 = clone_route_ipv6_option_list(o->routes_ipv6, &o->gc); + o->pre_connect->routes_ipv6_defined = true; } + if (o->client_nat) + { + o->pre_connect->client_nat = clone_client_nat_option_list(o->client_nat, &o->gc); + o->pre_connect->client_nat_defined = true; + } + + /* NCP related options that can be overwritten by a push */ + o->pre_connect->ciphername = o->ciphername; + o->pre_connect->authname = o->authname; + /* Ping related options should be reset to the config values on reconnect */ + o->pre_connect->ping_rec_timeout = o->ping_rec_timeout; + o->pre_connect->ping_rec_timeout_action = o->ping_rec_timeout_action; + o->pre_connect->ping_send_timeout = o->ping_send_timeout; } void -pre_pull_restore(struct options *o, struct gc_arena *gc) +pre_connect_restore(struct options *o, struct gc_arena *gc) { - const struct options_pre_pull *pp = o->pre_pull; + const struct options_pre_connect *pp = o->pre_connect; if (pp) { CLEAR(o->tuntap_options); diff --git a/src/openvpn/options.h b/src/openvpn/options.h index d3db33ece..078bed75b 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -59,7 +59,7 @@ extern const char title_string[]; /* certain options are saved before --pull modifications are applied */ -struct options_pre_pull +struct options_pre_connect { bool tuntap_options_defined; struct tuntap_options tuntap_options; @@ -493,7 +493,7 @@ struct options int push_continuation; unsigned int push_option_types_found; const char *auth_user_pass_file; - struct options_pre_pull *pre_pull; + struct options_pre_connect *pre_connect; int scheduled_exit_interval; @@ -787,9 +787,9 @@ char *options_string_extract_option(const char *options_string, void options_postprocess(struct options *options); -void pre_pull_save(struct options *o); +void pre_connect_save(struct options *o); -void pre_pull_restore(struct options *o, struct gc_arena *gc); +void pre_connect_restore(struct options *o, struct gc_arena *gc); bool apply_push_options(struct options *options, struct buffer *buf, From patchwork Thu Apr 8 02:00:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1725 X-Patchwork-Delegate: gert@greenie.muc.de Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.27.255.9]) by backend30.mail.ord1d.rsapps.net with LMTP id yLUgObnwbmBEewAAIUCqbw (envelope-from ) for ; Thu, 08 Apr 2021 08:02:01 -0400 Received: from proxy12.mail.iad3a.rsapps.net ([172.27.255.9]) by director15.mail.ord1d.rsapps.net with LMTP id eN3kOLnwbmAHFQAAIcMcQg (envelope-from ) for ; Thu, 08 Apr 2021 08:02:01 -0400 Received: from smtp18.gate.iad3a ([172.27.255.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3a.rsapps.net with LMTPS id +DtpMLnwbmBDLAAAh9K5Vw (envelope-from ) for ; Thu, 08 Apr 2021 08:02:01 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp18.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 39af4116-9862-11eb-817a-5254008b8116-1-1 Received: from [216.105.38.7] ([216.105.38.7:33942] helo=lists.sourceforge.net) by smtp18.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 41/10-17128-9B0FE606; Thu, 08 Apr 2021 08:02:01 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lUTLF-0007x0-0g; Thu, 08 Apr 2021 12:00:57 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lUTLD-0007wp-8N for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:55 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=I1fwaTbJmdzBcAczjijFF9TPl3QUmXKMgYVAAP4NfQU=; b=AfGzQIVIfpSQSIlkHMH6XLLifW lyiJvbEd918DgcFDFu8djmExOkboCRZ3HMqqwB6v8sf0+yLpXKkyBzkAI94ea2Qc9BCzwVzbHWZOr ryOSdkT/f5NDi4dP4m3su3029ablOul6aQmupyxJw8VKyabF4CYgBS3XPERCbVUuv42s=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=I1fwaTbJmdzBcAczjijFF9TPl3QUmXKMgYVAAP4NfQU=; b=kFASn+yc1mOo5xUUO6jjnYxW8J 2kS/dPFg38XoiNxHxsNR5PY565dBT7qAliAojhIheSZkofLc2d5nzVHvjgPhDJEzvXryJrXKMCRm5 9IYXNrCLzSn9ABdrmA3wnTL8wlWW9/LX+Sgwr+KeB5AaXUOZ4oaItFHMvStZXPHeR4vo=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lUTL2-004RX4-2t for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:55 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lUTKn-000D7u-RZ for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 14:00:29 +0200 Received: (nullmailer pid 19486 invoked by uid 10006); Thu, 08 Apr 2021 12:00:29 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 8 Apr 2021 14:00:28 +0200 Message-Id: <20210408120029.19438-2-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210408120029.19438-1-arne@rfc2549.org> References: <20210408120029.19438-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lUTL2-004RX4-2t Subject: [Openvpn-devel] [PATCH 2/3] Also restore/save compress related options in reconnects X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/options.c | 11 +++++++++++ src/openvpn/options.h | 3 +++ 2 files changed, 14 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index a72e1b9ae..00ad98f15 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -3595,9 +3595,15 @@ pre_connect_save(struct options *o) o->pre_connect->authname = o->authname; /* Ping related options should be reset to the config values on reconnect */ + o->pre_connect->ping_rec_timeout = o->ping_rec_timeout; o->pre_connect->ping_rec_timeout_action = o->ping_rec_timeout_action; o->pre_connect->ping_send_timeout = o->ping_send_timeout; + + /* Miscellaneous Options */ +#ifdef USE_COMP + o->pre_connect->comp = o->comp; +#endif } void @@ -3650,6 +3656,11 @@ pre_connect_restore(struct options *o, struct gc_arena *gc) o->ping_rec_timeout = pp->ping_rec_timeout; o->ping_rec_timeout_action = pp->ping_rec_timeout_action; o->ping_send_timeout = pp->ping_send_timeout; + + /* Miscellaneous Options */ +#ifdef USE_COMP + o->comp = pp->comp; +#endif } o->push_continuation = 0; diff --git a/src/openvpn/options.h b/src/openvpn/options.h index 078bed75b..f52768680 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -81,6 +81,9 @@ struct options_pre_connect int ping_rec_timeout_action; int foreign_option_index; +#ifdef USE_COMP + struct compress_options comp; +#endif }; #if !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS) From patchwork Thu Apr 8 02:00:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1723 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director12.mail.ord1d.rsapps.net ([172.27.255.58]) by backend30.mail.ord1d.rsapps.net with LMTP id oC5cFrfwbmCVcAAAIUCqbw (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 Received: from proxy5.mail.iad3a.rsapps.net ([172.27.255.58]) by director12.mail.ord1d.rsapps.net with LMTP id GD9WFrfwbmBnMgAAIasKDg (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 Received: from smtp4.gate.iad3a ([172.27.255.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy5.mail.iad3a.rsapps.net with LMTPS id eAmqELfwbmCWFAAAhn5joQ (envelope-from ) for ; Thu, 08 Apr 2021 08:01:59 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp4.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 383e2964-9862-11eb-aa58-5254003c557e-1-1 Received: from [216.105.38.7] ([216.105.38.7:46936] helo=lists.sourceforge.net) by smtp4.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 14/36-03558-6B0FE606; Thu, 08 Apr 2021 08:01:59 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lUTLI-0006IQ-RL; Thu, 08 Apr 2021 12:01:00 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lUTLF-0006Hp-NM for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:To: From:Sender:Reply-To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=E5tgiVr7vD2u3mdwYEDRMHNaJuYgE51yZO+RKIkEB2Y=; b=bzjYzZguu4HUaFPNJ4CXq9W2GQ PzEKAobCGwUWPRRDcDkzxuNM0mGGnMwFgUDLv71cur8L3t3gDtFPwlZgOQF5WanqGb+WlxouLbw/O YkxgdYqg9ihj2kVzdtrdlah5qfGjzKQBAWO2ypjlZ6cOfEWdvotxck9xhH8URxNW1eTc=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=E5tgiVr7vD2u3mdwYEDRMHNaJuYgE51yZO+RKIkEB2Y=; b=JyAr6CdagwiF1PZsGAUcSIjpnB 6D2QXQ9fGAaOtwQ0GyhnpevP7xpvxl4sRGR35HwkqyGj9RT7Ya6rtAN2+Ry9qYiTdih+s6e0GV1Mx N1cIgsdJoMt/OaIVymkCj57ZAn+oEvszAVYg4/ZW2QJXCPfIDTYE18RThFSRpH3HqgGQ=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lUTL2-004RX5-6O for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 12:00:57 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lUTKn-000D80-VW for openvpn-devel@lists.sourceforge.net; Thu, 08 Apr 2021 14:00:29 +0200 Received: (nullmailer pid 19491 invoked by uid 10006); Thu, 08 Apr 2021 12:00:29 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 8 Apr 2021 14:00:29 +0200 Message-Id: <20210408120029.19438-3-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210408120029.19438-1-arne@rfc2549.org> References: <20210408120029.19438-1-arne@rfc2549.org> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lUTL2-004RX5-6O Subject: [Openvpn-devel] [PATCH 3/3] Allow all GCM ciphers X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox OpenSSL also allows ARIA-GCM and that works well with our implementation While the handpicked list was needed for earlier OpenSSL versions (and is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL 1.0.2 and 1.1.x works as expected. Signed-off-by: Arne Schwabe --- src/openvpn/crypto_openssl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index f8b36bf85..235d0c321 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -728,6 +728,11 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher) { if (cipher) { + if (EVP_CIPHER_mode(cipher) == OPENVPN_MODE_GCM) + { + return true; + } + switch (EVP_CIPHER_nid(cipher)) { case NID_aes_128_gcm: