diff options
| author | Magnus Kroken <mkroken@gmail.com> | 2020-12-01 10:57:07 +0100 |
|---|---|---|
| committer | Rosen Penev <rosenp@gmail.com> | 2020-12-01 13:03:51 -0800 |
| commit | 2e55fc8b2d42682cd1c26e9827b7b6f47fb51398 (patch) | |
| tree | f449ec8c75f00d3a014aa820ebf57c45a3a18029 /net/openvpn/patches/220-disable_des.patch | |
| parent | 4434915571b5c3dbc7d000215e48d8d0d60e41bc (diff) | |
openvpn: update to 2.5.0
New features:
* Per client tls-crypt keys
* ChaCha20-Poly1305 can be used to encrypt the data channel
* Routes are added/removed via Netlink instead of ifconfig/route
(unless iproute2 support is enabled).
* VLAN support when using a TAP device
Significant changes:
* Server support can no longer be disabled.
* Crypto support can no longer be disabled, remove nossl variant.
* Blowfish (BF-CBC) is no longer implicitly the default cipher.
OpenVPN peers prior to 2.4, or peers with data cipher negotiation
disabled, will not be able to connect to a 2.5 peer unless
option data_fallback_ciphers is set on the 2.5 peer and it contains a
cipher supported by the client.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Diffstat (limited to 'net/openvpn/patches/220-disable_des.patch')
| -rw-r--r-- | net/openvpn/patches/220-disable_des.patch | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/net/openvpn/patches/220-disable_des.patch b/net/openvpn/patches/220-disable_des.patch index 2b8f47a80..9ddf1047b 100644 --- a/net/openvpn/patches/220-disable_des.patch +++ b/net/openvpn/patches/220-disable_des.patch @@ -1,24 +1,17 @@ --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h -@@ -597,11 +597,11 @@ socket_defined(const socket_descriptor_t +@@ -572,7 +572,7 @@ socket_defined(const socket_descriptor_t /* * Should we include NTLM proxy functionality */ --#if defined(ENABLE_CRYPTO) -#define NTLM 1 --#else -+//#if defined(ENABLE_CRYPTO) +//#define NTLM 1 -+//#else - #define NTLM 0 --#endif -+//#endif /* * Should we include proxy digest auth functionality --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c -@@ -319,6 +319,7 @@ int +@@ -383,6 +383,7 @@ int key_des_num_cblocks(const mbedtls_cipher_info_t *kt) { int ret = 0; @@ -26,7 +19,7 @@ if (kt->type == MBEDTLS_CIPHER_DES_CBC) { ret = 1; -@@ -331,6 +332,7 @@ key_des_num_cblocks(const mbedtls_cipher +@@ -395,6 +396,7 @@ key_des_num_cblocks(const mbedtls_cipher { ret = 3; } @@ -34,7 +27,7 @@ dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret); return ret; -@@ -339,6 +341,7 @@ key_des_num_cblocks(const mbedtls_cipher +@@ -403,6 +405,7 @@ key_des_num_cblocks(const mbedtls_cipher bool key_des_check(uint8_t *key, int key_len, int ndc) { @@ -42,7 +35,7 @@ int i; struct buffer b; -@@ -367,11 +370,15 @@ key_des_check(uint8_t *key, int key_len, +@@ -431,11 +434,15 @@ key_des_check(uint8_t *key, int key_len, err: return false; @@ -58,7 +51,7 @@ int i; struct buffer b; -@@ -386,6 +393,7 @@ key_des_fixup(uint8_t *key, int key_len, +@@ -450,6 +457,7 @@ key_des_fixup(uint8_t *key, int key_len, } mbedtls_des_key_set_parity(key); } @@ -66,7 +59,7 @@ } /* -@@ -705,10 +713,12 @@ cipher_des_encrypt_ecb(const unsigned ch +@@ -770,10 +778,12 @@ cipher_des_encrypt_ecb(const unsigned ch unsigned char *src, unsigned char *dst) { |