git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Mon, 10 Oct 2022 15:55:15 +0000 (17:55 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 11 Oct 2022 06:36:30 +0000 (08:36 +0200)
commit	6bbd89c5c82e7a2366ecac969b35f88797a73763
tree	2af3f8ae12d8f7084f9fbebfff2ea9acaa9aeb3b	tree
parent	8e9f9d031f7f2dbf2a505af297b808f22430a381	commit \| diff

Ensure only CBC, CFB, OFB and AEAD ciphers are considered valid data ciphers

Make sure cipher_valid only considers these four operations as valid.
This fixes that something like --data-ciphers AES-256-GCM:AES-128-CCM
will start but later fail when trying to use the CCM cipher.

We say "a supported AEAD" mode in our error since CCM is also an AEAD mode
but one we don't support, unlike GCM.

Patch v2: add the indication if the cipher was optional into the message

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20221010155515.1687151-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25379.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/ssl_ncp.c		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_ncp.c		diff \| blob \| blame \| history