1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Interop_OpenVPN.c: convert the cipher name to lowercase prior to calling EVP_get_cipherbyname()

OpenVPN sends the cipher name in uppercase, even if it's not standard, thus we have to convert it to lowercase for EVP_get_cipherbyname().

We also have to send the cipher name as it was received from the OpenVPN client, unless it's a different cipher, to prevent a message such as:
"WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher aes-128-gcm'"
It happens because OpenVPN uses "strcmp()" to compare the local and remote parameters: a6fd48ba36/src/openvpn/options.c (L3819-L3831)

See https://github.com/openssl/openssl/issues/6921 for EVP_get_cipherbyname().
This commit is contained in:
Davide Beatrici 2018-08-12 01:03:56 +02:00
parent a73fb8c4e7
commit 3e733eac6f

View File

@ -787,6 +787,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
LIST *o; LIST *o;
BUF *b; BUF *b;
char opt_str[MAX_SIZE]; char opt_str[MAX_SIZE];
char *cipher_name;
// Validate arguments // Validate arguments
if (s == NULL || se == NULL || c == NULL || data == NULL) if (s == NULL || se == NULL || c == NULL || data == NULL)
{ {
@ -889,8 +890,9 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
} }
// Encryption algorithm // Encryption algorithm
c->CipherEncrypt = OvsGetCipher(IniStrValue(o, "cipher")); cipher_name = IniStrValue(o, "cipher");
c->CipherDecrypt = NewCipher(c->CipherEncrypt->Name); c->CipherEncrypt = OvsGetCipher(cipher_name);
c->CipherDecrypt = OvsGetCipher(cipher_name);
// Hash algorithm // Hash algorithm
c->MdSend = OvsGetMd(IniStrValue(o, "auth")); c->MdSend = OvsGetMd(IniStrValue(o, "auth"));
@ -929,6 +931,15 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
OvsFreeList(o); OvsFreeList(o);
// We pass the cipher name sent from the OpenVPN client, unless it's a different cipher, to prevent a message such as:
// WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher aes-128-gcm'
// It happens because OpenVPN uses "strcmp()" to compare the local and remote parameters:
// https://github.com/OpenVPN/openvpn/blob/a6fd48ba36ede465b0905a95568c3ec0d425ca71/src/openvpn/options.c#L3819-L3831
if (StrCmpi(cipher_name, c->CipherEncrypt->Name) != 0)
{
cipher_name = c->CipherEncrypt->Name;
}
// Generate the response option string // Generate the response option string
Format(c->ServerKey.OptionString, sizeof(c->ServerKey.OptionString), Format(c->ServerKey.OptionString, sizeof(c->ServerKey.OptionString),
"V4,dev-type %s,link-mtu %u,tun-mtu %u,proto %s," "V4,dev-type %s,link-mtu %u,tun-mtu %u,proto %s,"
@ -937,7 +948,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
se->LinkMtu, se->LinkMtu,
se->TunMtu, se->TunMtu,
c->Proto, c->Proto,
c->CipherEncrypt->Name, c->MdSend->Name, c->CipherEncrypt->KeySize * 8); cipher_name, c->MdSend->Name, c->CipherEncrypt->KeySize * 8);
Debug("Building OptionStr: %s\n", c->ServerKey.OptionString); Debug("Building OptionStr: %s\n", c->ServerKey.OptionString);
OvsLog(s, se, c, "LO_OPTION_STR_SEND", c->ServerKey.OptionString); OvsLog(s, se, c, "LO_OPTION_STR_SEND", c->ServerKey.OptionString);
@ -948,9 +959,15 @@ CIPHER *OvsGetCipher(char *name)
{ {
CIPHER *c = NULL; CIPHER *c = NULL;
if (IsEmptyStr(name) == false) // OpenVPN sends the cipher name in uppercase, even if it's not standard,
// thus we have to convert it to lowercase for EVP_get_cipherbyname().
char lowercase_name[MAX_SIZE];
StrCpy(lowercase_name, sizeof(lowercase_name), name);
StrLower(lowercase_name);
if (IsEmptyStr(lowercase_name) == false)
{ {
c = NewCipher(name); c = NewCipher(lowercase_name);
} }
if (c == NULL) if (c == NULL)