From: Arne Schwabe <arne@rfc2549.org>
Date: Tue, 19 Oct 2021 18:31:24 +0000 (+0200)
Subject: Fix error when BF-CBC is not available
X-Git-Tag: v2.6_beta1~397
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=056991925633ea27a1536bb610e0055072631ce7;p=thirdparty%2Fopenvpn.git

Fix error when BF-CBC is not available

Through the multiple iteration of allowing OpenVPN to run without
BF-CBC we accidentially made a regression and still required BF-CBC.

This patch fixes the code path and restores its intended function.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Message-Id: <20211019183127.614175-19-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23010.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 4a5db8a6d..f8b910420 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3799,6 +3799,9 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
 
             /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */
             frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8);
+            /* set ciphername to none, so its size does get added in the
+             * fake_kt and the cipher is not tried to be resolved */
+            ciphername = "none";
         }
 
         init_key_type(&fake_kt, ciphername, o->authname, true, false);