1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-23 01:49:53 +03:00

Merge PR #638: Interop_OpenVPN.c: convert the cipher name to lowercase prior to calling EVP_get_cipherbyname()

This commit is contained in:
Davide Beatrici 2018-08-12 12:18:50 +02:00 committed by GitHub
commit 97a9070269
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 5 deletions

View File

@ -787,6 +787,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
LIST *o; LIST *o;
BUF *b; BUF *b;
char opt_str[MAX_SIZE]; char opt_str[MAX_SIZE];
char *cipher_name;
// Validate arguments // Validate arguments
if (s == NULL || se == NULL || c == NULL || data == NULL) if (s == NULL || se == NULL || c == NULL || data == NULL)
{ {
@ -889,8 +890,9 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
} }
// Encryption algorithm // Encryption algorithm
c->CipherEncrypt = OvsGetCipher(IniStrValue(o, "cipher")); cipher_name = IniStrValue(o, "cipher");
c->CipherDecrypt = NewCipher(c->CipherEncrypt->Name); c->CipherEncrypt = OvsGetCipher(cipher_name);
c->CipherDecrypt = OvsGetCipher(cipher_name);
// Hash algorithm // Hash algorithm
c->MdSend = OvsGetMd(IniStrValue(o, "auth")); c->MdSend = OvsGetMd(IniStrValue(o, "auth"));
@ -929,6 +931,15 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
OvsFreeList(o); OvsFreeList(o);
// We pass the cipher name sent from the OpenVPN client, unless it's a different cipher, to prevent a message such as:
// WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher aes-128-gcm'
// It happens because OpenVPN uses "strcmp()" to compare the local and remote parameters:
// https://github.com/OpenVPN/openvpn/blob/a6fd48ba36ede465b0905a95568c3ec0d425ca71/src/openvpn/options.c#L3819-L3831
if (StrCmpi(cipher_name, c->CipherEncrypt->Name) != 0)
{
cipher_name = c->CipherEncrypt->Name;
}
// Generate the response option string // Generate the response option string
Format(c->ServerKey.OptionString, sizeof(c->ServerKey.OptionString), Format(c->ServerKey.OptionString, sizeof(c->ServerKey.OptionString),
"V4,dev-type %s,link-mtu %u,tun-mtu %u,proto %s," "V4,dev-type %s,link-mtu %u,tun-mtu %u,proto %s,"
@ -937,7 +948,7 @@ void OvsSetupSessionParameters(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN_C
se->LinkMtu, se->LinkMtu,
se->TunMtu, se->TunMtu,
c->Proto, c->Proto,
c->CipherEncrypt->Name, c->MdSend->Name, c->CipherEncrypt->KeySize * 8); cipher_name, c->MdSend->Name, c->CipherEncrypt->KeySize * 8);
Debug("Building OptionStr: %s\n", c->ServerKey.OptionString); Debug("Building OptionStr: %s\n", c->ServerKey.OptionString);
OvsLog(s, se, c, "LO_OPTION_STR_SEND", c->ServerKey.OptionString); OvsLog(s, se, c, "LO_OPTION_STR_SEND", c->ServerKey.OptionString);
@ -948,9 +959,15 @@ CIPHER *OvsGetCipher(char *name)
{ {
CIPHER *c = NULL; CIPHER *c = NULL;
if (IsEmptyStr(name) == false) // OpenVPN sends the cipher name in uppercase, even if it's not standard,
// thus we have to convert it to lowercase for EVP_get_cipherbyname().
char lowercase_name[MAX_SIZE];
StrCpy(lowercase_name, sizeof(lowercase_name), name);
StrLower(lowercase_name);
if (IsEmptyStr(lowercase_name) == false)
{ {
c = NewCipher(name); c = NewCipher(lowercase_name);
} }
if (c == NULL) if (c == NULL)

View File

@ -513,6 +513,7 @@ CIPHER *NewCipher(char *name)
c->Cipher = EVP_get_cipherbyname(c->Name); c->Cipher = EVP_get_cipherbyname(c->Name);
if (c->Cipher == NULL) if (c->Cipher == NULL)
{ {
Debug("NewCipher(): Cipher %s not found by EVP_get_cipherbyname().\n", c->Name);
FreeCipher(c); FreeCipher(c);
return NULL; return NULL;
} }