I have not actually tested this (hard to get 2^35 correctly-bad packets
out into reasonable time...) but stared at the code, and ran the full
client/server test suite "just to be sure".  MaxF understands crypto
and has ACKed it in Gerrit.

As discussed on IRC, I have added a few references to the commit message
so people with a less deep crypto background can inform themselves what
this is all about.

Your patch has been applied to the master branch.

commit ffe0ad41985d7d5f67ae6fc7d58ffa327243f76b
Author: Arne Schwabe
Date:   Thu Jan 9 18:49:28 2025 +0100

     Do not attempt to decrypt packets anymore after 2**36 failed decryptions

     Signed-off-by: Arne Schwabe <a...@rfc2549.org>
     Acked-by: MaxF <m...@max-fillinger.net>
     Message-Id: <20250109174928.17862-1-g...@greenie.muc.de>
     URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg30387.html
     Signed-off-by: Gert Doering <g...@greenie.muc.de>


--
kind regards,

Gert Doering



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to