Date: Fri, 11 Nov 2022 10:18:10 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 2c58d0cb3bb3 - main - if_ovpn: fix AES-128-GCM support Message-ID: <202211111018.2ABAIAFm081633@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=2c58d0cb3bb3e3a5b714ffac940500efbe5303ca commit 2c58d0cb3bb3e3a5b714ffac940500efbe5303ca Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-11-11 09:40:21 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-11-11 10:17:39 +0000 if_ovpn: fix AES-128-GCM support We need to explicitly list AES-128-GCM as an allowed cipher for that mode to work. While here also add AES-192-GCM. That brings our supported cipher list in line with other openvpn/dco platforms. Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/net/if_ovpn.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index e3db105a94d2..94d12fa25f1a 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -694,7 +694,9 @@ ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp, if (strcmp(ciphername, "none") == 0) cipher = OVPN_CIPHER_ALG_NONE; - else if (strcmp(ciphername, "AES-256-GCM") == 0) + else if (strcmp(ciphername, "AES-256-GCM") == 0 || + strcmp(ciphername, "AES-192-GCM") == 0 || + strcmp(ciphername, "AES-128-GCM") == 0) cipher = OVPN_CIPHER_ALG_AES_GCM; else if (strcmp(ciphername, "CHACHA20-POLY1305") == 0) cipher = OVPN_CIPHER_ALG_CHACHA20_POLY1305;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202211111018.2ABAIAFm081633>