git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Antonio Quartulli <a@unstable.cc>
	Tue, 15 Feb 2022 12:31:57 +0000 (13:31 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 16 Feb 2022 07:46:37 +0000 (08:46 +0100)
commit	af695b53e01035a9137bc78a868cd5410be817f4
tree	9684ba09020b6604ceebbd631f281f094a18eba8	tree
parent	fe340a9c1ee1b04b17e7fb367043ff575763b91c	commit \| diff

auth_token/tls_crypt: fix usage of md_valid()

With b39725cf ("Remove md_kt_t and change crypto API to use const char*")
the logic for validating ciphers and md algorithms has been changed.

We should now *always* use md_valid() when validating a digest alg.

At the same time, add '!' (negation) when validating the digest algorithm
in the tls-crypt code, in order to restore the proper logic.

Cc: Arne Schwabe <arne@rfc2549.org>
Fixes: b39725cf ("Remove md_kt_t and change crypto API to use const char*")
Reported-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20220215123157.10615-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23793.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/auth_token.c		diff \| blob \| blame \| history
src/openvpn/crypto_backend.h		diff \| blob \| blame \| history
src/openvpn/tls_crypt.c		diff \| blob \| blame \| history