git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Thu, 8 Oct 2020 11:59:59 +0000 (13:59 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 8 Oct 2020 14:59:56 +0000 (16:59 +0200)
commit	c018fc00be25aee5921d234531f87753a3a7aec7
tree	2e5d2d0a684cee48cc1c269fafdaa81c2524415d	tree \| snapshot
parent	3b04c34de140355b5b1d4ed85f7ccf1db9b0135d	commit \| diff

Allow 'none' cipher being specified in --data-ciphers

Although we want to get rid of none as cipher, we still have not
deprecated it. In order to use it currently you need
--ncp-disable together with --cipher none to use the none cipher
otherwise OpenVPN will spit out an error about an unrecognised
cipher in --data-ciphers.

In our current situation allowing none to be specified in data-ciphers
is the lesser evil.

This commit also fixes that we use '[null-cipher]' instead 'none' when
setting remote_cipher.

Note that negotiating to cipher 'none' can the same the same problems
with frame size calculation as any other non AEAD cipher. If
--cipher none is also specified in the configuration, the workaround
of commit e539c95dc will also apply to cipher none.

Patch V2: Also work correctly if remote_cipher is NULL.
Patch V3: fix unit tests, add note about corner case

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20201008115959.21151-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21181.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_ncp.c		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_ncp.c		diff \| blob \| blame \| history