git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Sun, 7 Oct 2018 22:30:34 +0000 (00:30 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 8 Oct 2018 14:35:53 +0000 (16:35 +0200)
commit	6d0d0af9883b9ae266c0468f2739557a53e94b68
tree	1a7575b86731b98ee93faeace436b5ab41a6764e	tree
parent	8475ef0aeea30889188c6e0fd93a8cf4c0eb215a	commit \| diff

Add support for CHACHA20-POLY1305 in the data channel

We explicitly only supported GCM as a valid AEAD mode, change that to also
allow ChaCha20-Poly1305 as an AEAD cipher.  That works nicely with our new
(GCM) data channel format, because is has the same 96-bit IV.

Note that we need some tricks to not treat the cipher as insecure, because
we used to only look at the block size of a cipher to determine if find a
cipher insecure.  But ChaCha20-Poly1305 is a stream cipher, which
essentially
has a 'block size' of 1 byte and is reported as such.  So, special-case
this
cipher to be in the list of secure ciphers.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20181007223035.21179-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17629.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
src/openvpn/crypto.c		diff \| blob \| blame \| history
src/openvpn/crypto_backend.h		diff \| blob \| blame \| history
src/openvpn/crypto_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/crypto_openssl.c		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history