Ticket #784: 0001-XXX-fix-and-cleanup-crypto-flags-setting.patch

File 0001-XXX-fix-and-cleanup-crypto-flags-setting.patch, 3.0 KB (added by Steffan Karger, 4 years ago)
  • src/openvpn/init.c

    From 878991b69afa012362b50d2c8b697bb77a264ccf Mon Sep 17 00:00:00 2001
    From: Steffan Karger <steffan@karger.me>
    Date: Wed, 7 Dec 2016 00:00:31 +0100
    Subject: [PATCH] XXX fix (and cleanup) crypto flags setting
    
    Should fix bug with CFB/OFB modes and NCP from trac #784.
    ---
     src/openvpn/init.c       | 4 ++--
     src/openvpn/ssl.c        | 8 +++-----
     src/openvpn/ssl_common.h | 2 --
     3 files changed, 5 insertions(+), 9 deletions(-)
    
    diff --git a/src/openvpn/init.c b/src/openvpn/init.c
    index 18a0d70..7e4f40c 100644
    a b do_init_crypto_tls (struct context *c, const unsigned int flags) 
    23342334  if (options->mute_replay_warnings)
    23352335    to.crypto_flags |= CO_MUTE_REPLAY_WARNINGS;
    23362336
    2337   to.crypto_flags_and = ~(CO_PACKET_ID_LONG_FORM);
     2337  to.crypto_flags &= ~(CO_PACKET_ID_LONG_FORM);
    23382338  if (packet_id_long_form)
    2339     to.crypto_flags_or = CO_PACKET_ID_LONG_FORM;
     2339    to.crypto_flags |= CO_PACKET_ID_LONG_FORM;
    23402340
    23412341  to.ssl_ctx = c->c1.ks.ssl_ctx;
    23422342  to.key_type = c->c1.ks.key_type;
  • src/openvpn/ssl.c

    diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
    index 91c7787..f42c1ed 100644
    a b key_state_init (struct tls_session *session, struct key_state *ks) 
    881881    }
    882882
    883883  ks->crypto_options.pid_persist = NULL;
    884   ks->crypto_options.flags = session->opt->crypto_flags;
    885   ks->crypto_options.flags &= session->opt->crypto_flags_and;
    886   ks->crypto_options.flags |= session->opt->crypto_flags_or;
    887884
    888885#ifdef MANAGEMENT_DEF_AUTH
    889886  ks->mda_key_id = session->opt->mda_context->mda_key_id_counter++;
    tls_session_generate_data_channel_keys(struct tls_session *session) 
    18211818
    18221819  ASSERT (ks->authenticated);
    18231820
     1821  ks->crypto_options.flags = session->opt->crypto_flags;
    18241822  if (!generate_key_expansion (&ks->crypto_options.key_ctx_bi,
    18251823      &session->opt->key_type, ks->key_src, client_sid, server_sid,
    18261824      session->opt->server))
    tls_session_update_crypto_params(struct tls_session *session, 
    18551853      options->authname, options->keysize, true, true);
    18561854
    18571855  bool packet_id_long_form = cipher_kt_mode_ofb_cfb (session->opt->key_type.cipher);
    1858   session->opt->crypto_flags_and &= ~(CO_PACKET_ID_LONG_FORM);
     1856  session->opt->crypto_flags &= ~(CO_PACKET_ID_LONG_FORM);
    18591857  if (packet_id_long_form)
    1860     session->opt->crypto_flags_and = CO_PACKET_ID_LONG_FORM;
     1858    session->opt->crypto_flags |= CO_PACKET_ID_LONG_FORM;
    18611859
    18621860  /* Update frame parameters: undo worst-case overhead, add actual overhead */
    18631861  frame_add_to_extra_frame (frame, -(crypto_max_overhead()));
  • src/openvpn/ssl_common.h

    diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
    index 7938f41..8164bbc 100644
    a b struct tls_options 
    279279
    280280  /* struct crypto_option flags */
    281281  unsigned int crypto_flags;
    282   unsigned int crypto_flags_and;
    283   unsigned int crypto_flags_or;
    284282
    285283  int replay_window;                   /* --replay-window parm */
    286284  int replay_time;                     /* --replay-window parm */