I have not actually tested this (hard to get 2^35 correctly-bad packets
out into reasonable time...) but stared at the code, and ran the full
client/server test suite "just to be sure". MaxF understands crypto
and has ACKed it in Gerrit.
As discussed on IRC, I have added a few references to the commit message
so people with a less deep crypto background can inform themselves what
this is all about.
Your patch has been applied to the master branch.
commit ffe0ad41985d7d5f67ae6fc7d58ffa327243f76b
Author: Arne Schwabe
Date: Thu Jan 9 18:49:28 2025 +0100
Do not attempt to decrypt packets anymore after 2**36 failed decryptions
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: MaxF <m...@max-fillinger.net>
Message-Id: <20250109174928.17862-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30387.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
