mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
Interop_OpenVPN.c: convert the cipher name to lowercase prior to calling EVP_get_cipherbyname()
OpenVPN sends the cipher name in uppercase, even if it's not standard, thus we have to convert it to lowercase for EVP_get_cipherbyname().
We also have to send the cipher name as it was received from the OpenVPN client, unless it's a different cipher, to prevent a message such as:
"WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher aes-128-gcm'"
It happens because OpenVPN uses "strcmp()" to compare the local and remote parameters: a6fd48ba36/src/openvpn/options.c (L3819-L3831)
See https://github.com/openssl/openssl/issues/6921 for EVP_get_cipherbyname().
This commit is contained in:
parent
a73fb8c4e7
commit
3e733eac6f
@ -787,6 +787,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
|
|||||||
LIST *o;
|
LIST *o;
|
||||||
BUF *b;
|
BUF *b;
|
||||||
char opt_str[MAX_SIZE];
|
char opt_str[MAX_SIZE];
|
||||||
|
char *cipher_name;
|
||||||
// Validate arguments
|
// Validate arguments
|
||||||
if (s == NULL || se == NULL || c == NULL || data == NULL)
|
if (s == NULL || se == NULL || c == NULL || data == NULL)
|
||||||
{
|
{
|
||||||
@ -889,8 +890,9 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Encryption algorithm
|
// Encryption algorithm
|
||||||
c->CipherEncrypt = OvsGetCipher(IniStrValue(o, "cipher"));
|
cipher_name = IniStrValue(o, "cipher");
|
||||||
c->CipherDecrypt = NewCipher(c->CipherEncrypt->Name);
|
c->CipherEncrypt = OvsGetCipher(cipher_name);
|
||||||
|
c->CipherDecrypt = OvsGetCipher(cipher_name);
|
||||||
|
|
||||||
// Hash algorithm
|
// Hash algorithm
|
||||||
c->MdSend = OvsGetMd(IniStrValue(o, "auth"));
|
c->MdSend = OvsGetMd(IniStrValue(o, "auth"));
|
||||||
@ -929,6 +931,15 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
|
|||||||
|
|
||||||
OvsFreeList(o);
|
OvsFreeList(o);
|
||||||
|
|
||||||
|
// We pass the cipher name sent from the OpenVPN client, unless it's a different cipher, to prevent a message such as:
|
||||||
|
// WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher aes-128-gcm'
|
||||||
|
// It happens because OpenVPN uses "strcmp()" to compare the local and remote parameters:
|
||||||
|
// https://github.com/OpenVPN/openvpn/blob/a6fd48ba36ede465b0905a95568c3ec0d425ca71/src/openvpn/options.c#L3819-L3831
|
||||||
|
if (StrCmpi(cipher_name, c->CipherEncrypt->Name) != 0)
|
||||||
|
{
|
||||||
|
cipher_name = c->CipherEncrypt->Name;
|
||||||
|
}
|
||||||
|
|
||||||
// Generate the response option string
|
// Generate the response option string
|
||||||
Format(c->ServerKey.OptionString, sizeof(c->ServerKey.OptionString),
|
Format(c->ServerKey.OptionString, sizeof(c->ServerKey.OptionString),
|
||||||
"V4,dev-type %s,link-mtu %u,tun-mtu %u,proto %s,"
|
"V4,dev-type %s,link-mtu %u,tun-mtu %u,proto %s,"
|
||||||
@ -937,7 +948,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
|
|||||||
se->LinkMtu,
|
se->LinkMtu,
|
||||||
se->TunMtu,
|
se->TunMtu,
|
||||||
c->Proto,
|
c->Proto,
|
||||||
c->CipherEncrypt->Name, c->MdSend->Name, c->CipherEncrypt->KeySize * 8);
|
cipher_name, c->MdSend->Name, c->CipherEncrypt->KeySize * 8);
|
||||||
Debug("Building OptionStr: %s\n", c->ServerKey.OptionString);
|
Debug("Building OptionStr: %s\n", c->ServerKey.OptionString);
|
||||||
|
|
||||||
OvsLog(s, se, c, "LO_OPTION_STR_SEND", c->ServerKey.OptionString);
|
OvsLog(s, se, c, "LO_OPTION_STR_SEND", c->ServerKey.OptionString);
|
||||||
@ -948,9 +959,15 @@ CIPHER *OvsGetCipher(char *name)
|
|||||||
{
|
{
|
||||||
CIPHER *c = NULL;
|
CIPHER *c = NULL;
|
||||||
|
|
||||||
if (IsEmptyStr(name) == false)
|
// OpenVPN sends the cipher name in uppercase, even if it's not standard,
|
||||||
|
// thus we have to convert it to lowercase for EVP_get_cipherbyname().
|
||||||
|
char lowercase_name[MAX_SIZE];
|
||||||
|
StrCpy(lowercase_name, sizeof(lowercase_name), name);
|
||||||
|
StrLower(lowercase_name);
|
||||||
|
|
||||||
|
if (IsEmptyStr(lowercase_name) == false)
|
||||||
{
|
{
|
||||||
c = NewCipher(name);
|
c = NewCipher(lowercase_name);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (c == NULL)
|
if (c == NULL)
|
||||||
|
Loading…
Reference in New Issue
Block a user