Fix error when BF-CBC is not available

Through the multiple iteration of allowing OpenVPN to run without
BF-CBC we accidentially made a regression and still required BF-CBC.

This patch fixes the code path and restores its intended function.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20211019183127.614175-19-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23010.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 4a5db8a6d8261968865e9b3289d13411368b278c..f8b91042094ddf8911b3b5a6d2070af32d4938c4 100644 (file)
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3799,6 +3799,9 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
 
             /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */
             frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8);
+            /* set ciphername to none, so its size does get added in the
+             * fake_kt and the cipher is not tried to be resolved */
+            ciphername = "none";
         }
 
         init_key_type(&fake_kt, ciphername, o->authname, true, false);