mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
Do not allow CTS ciphers
We do not support CTS algorithms (cipher text stealing) algorithms. Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com> Message-Id: <20211019183127.614175-16-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23002.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
4daed27f28
commit
14e4f3b158
@ -708,6 +708,9 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher)
|
||||
{
|
||||
return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
|
||||
/* Exclude AEAD cipher modes, they require a different API */
|
||||
#ifdef EVP_CIPH_FLAG_CTS
|
||||
&& !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS)
|
||||
#endif
|
||||
&& !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user