[Openvpn-devel] [PATCH v3 15/21] [OSSL 3.0] Do not allow CTS ciphers

Arne Schwabe Tue, 19 Oct 2021 11:32:04 -0700

We do not support CTS algorithms (cipher text stealing) algorithms.

Signed-off-by: Arne Schwabe <[email protected]>
---
 src/openvpn/crypto_openssl.c | 3 +++
 1 file changed, 3 insertions(+)


diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index ab552efab..ac8287440 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -760,6 +760,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 {
     return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
            /* Exclude AEAD cipher modes, they require a different API */
+#ifdef EVP_CIPH_FLAG_CTS
+           && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS)
+#endif
            && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
 }
 
-- 
2.33.0



_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v3 15/21] [OSSL 3.0] Do not allow CTS ciphers

Reply via email to