Skip to content

Commit

Permalink
if_ovpn: fix AES-128-GCM support
Browse files Browse the repository at this point in the history
We need to explicitly list AES-128-GCM as an allowed cipher for that
mode to work. While here also add AES-192-GCM. That brings our supported
cipher list in line with other openvpn/dco platforms.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
  • Loading branch information
kprovost committed Nov 11, 2022
1 parent 8cc44a1 commit 2c58d0c
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion sys/net/if_ovpn.c
Original file line number Diff line number Diff line change
Expand Up @@ -694,7 +694,9 @@ ovpn_create_kkey_dir(struct ovpn_kkey_dir **kdirp,

if (strcmp(ciphername, "none") == 0)
cipher = OVPN_CIPHER_ALG_NONE;
else if (strcmp(ciphername, "AES-256-GCM") == 0)
else if (strcmp(ciphername, "AES-256-GCM") == 0 ||
strcmp(ciphername, "AES-192-GCM") == 0 ||
strcmp(ciphername, "AES-128-GCM") == 0)
cipher = OVPN_CIPHER_ALG_AES_GCM;
else if (strcmp(ciphername, "CHACHA20-POLY1305") == 0)
cipher = OVPN_CIPHER_ALG_CHACHA20_POLY1305;
Expand Down

0 comments on commit 2c58d0c

Please sign in to comment.