I have not actually tested this (hard to get 2^35 correctly-bad packets
out into reasonable time...) but stared at the code, and ran the full
client/server test suite "just to be sure". MaxF understands crypto
and has ACKed it in Gerrit.
As discussed on IRC, I have added a few references to the commit message
so people with a less deep crypto background can inform themselves what
this is all about.
Your patch has been applied to the master branch.
commit ffe0ad41985d7d5f67ae6fc7d58ffa327243f76b
Author: Arne Schwabe
Date: Thu Jan 9 18:49:28 2025 +0100
Do not attempt to decrypt packets anymore after 2**36 failed decryptions
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: MaxF <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg30387.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
