Through the multiple iteration of allowing OpenVPN to run without
BF-CBC we accidentially made a regression and still required BF-CBC.
This patch fixes the code path and restores its intended function.
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
src/openvpn/options.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index ab7b00783..fe873944b 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3797,6 +3797,9 @@ calc_options_string_link_mtu(const struct options *o,
const struct frame *frame)
/* overhead of BF-CBC: 64 bit block size, 64 bit IV size */
frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8);
+ /* set ciphername to none, so its size does get added in the
fake_kt and
+ * the cipher is not tried to be resolved */
+ ciphername = "none";
}
init_key_type(&fake_kt, ciphername, o->authname, true, false);
--
2.33.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
