git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Thu, 8 Oct 2020 11:59:59 +0000 (13:59 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 8 Oct 2020 15:00:28 +0000 (17:00 +0200)
commit	f308251acdc539acb370aeccf46b0ec5587129c1
tree	085c17383a3b12b7a279ed17ae9ccf58515fda57	tree \| snapshot
parent	7b4f53095c761bde8c6b39cf645cade4c1c0c5d4	commit \| diff

Allow 'none' cipher being specified in --data-ciphers

Although we want to get rid of none as cipher, we still have not
deprecated it. In order to use it currently you need
--ncp-disable together with --cipher none to use the none cipher
otherwise OpenVPN will spit out an error about an unrecognised
cipher in --data-ciphers.

In our current situation allowing none to be specified in data-ciphers
is the lesser evil.

This commit also fixes that we use '[null-cipher]' instead 'none' when
setting remote_cipher.

Note that negotiating to cipher 'none' can the same the same problems
with frame size calculation as any other non AEAD cipher. If
--cipher none is also specified in the configuration, the workaround
of commit e539c95dc will also apply to cipher none.

Patch V2: Also work correctly if remote_cipher is NULL.
Patch V3: fix unit tests, add note about corner case

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20201008115959.21151-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21181.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit c018fc00be25aee5921d234531f87753a3a7aec7)

src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_ncp.c		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_ncp.c		diff \| blob \| blame \| history