]> git.ipfire.org Git - thirdparty/openvpn.git/commit
Fix (and cleanup) crypto flags in combination with NCP
authorSteffan Karger <steffan@karger.me>
Wed, 7 Dec 2016 18:01:24 +0000 (19:01 +0100)
committerGert Doering <gert@greenie.muc.de>
Wed, 7 Dec 2016 19:28:13 +0000 (20:28 +0100)
commit84f88ca4d57cd0dc40fd945e09ab1cea1b2cd0b7
tree0672e23c067d5da53d9bc13e199536f3440502ca
parente35a788339497ec5c179a5d0a23f63824989ec3e
Fix (and cleanup) crypto flags in combination with NCP

tls_session_update_crypto_params() did not properly set crypto_flags_or,
but instead set crypto_flags_and twice if a OFB/CFB mode was selected.

Also, the crypto flags in ks->crypto_options.flags were set before
tls_session_update_crypto_params() was called, causing those to not be
adjusted.  To fix this, set the crypto flags in
tls_session_generate_data_channel_keys() instead of key_state_init().

While touching that code, remove the to _or and _and variables, which are
not needed at all.

Finally, refuse to accept --no-iv if NCP is enabled  (we might otherwise
negotiate invalid combinations and ASSERT out later, and using --no-iv is
a bad idea anyway).

Trac: #784

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1481133684-5325-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13428.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Changes.rst
src/openvpn/init.c
src/openvpn/options.c
src/openvpn/ssl.c
src/openvpn/ssl_common.h