system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-23 19:28:36 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

if_ovpn: fix AES-128-GCM support

Browse source 
We need to explicitly list AES-128-GCM as an allowed cipher for that
mode to work. While here also add AES-192-GCM. That brings our supported
cipher list in line with other openvpn/dco platforms.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
This commit is contained in:
Kristof Provost 2022-11-11 10:40:21 +01:00
parent 8cc44a1e59
commit 2c58d0cb3b
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/net/if_ovpn.c
View file

@ -694,7 +694,9 @@ ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp,
if (strcmp(ciphername, "none") == 0)
cipher = OVPN_CIPHER_ALG_NONE;
else if (strcmp(ciphername, "AES-256-GCM") == 0)
else if (strcmp(ciphername, "AES-256-GCM") == 0 ||
strcmp(ciphername, "AES-192-GCM") == 0 ||
strcmp(ciphername, "AES-128-GCM") == 0)
cipher = OVPN_CIPHER_ALG_AES_GCM;
else if (strcmp(ciphername, "CHACHA20-POLY1305") == 0)
cipher = OVPN_CIPHER_ALG_CHACHA20_POLY1305;