On 03/02/2022 20:36, Antonio Quartulli wrote:
With cipher validation performed in cipher_get(), a cipher is never returned in any case if some check fails.This prevents OpenVPN from operating on all ciphers provided by the SSL library, like printing them to the user. Move the validation logic to cipher_valid() so that checks are performed only when OpenVPN really want to know if a cipher is usable or not. Fixes: ce2954a0 ("Remove cipher_kt_t and change type to const char* in API") Cc: Arne Schwabe <a...@rfc2549.org> Cc: David Sommerseth <dav...@openvpn.net> Signed-off-by: Antonio Quartulli <a...@unstable.cc> --- Changes from v1: * properly release cipher in case of error in cipher_valid(); src/openvpn/crypto_openssl.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-)
I've done compile testing and some lightweight testing as well as code review. These changes looks reasonable.
Acked-By: David Sommerseth <dav...@openvpn.net> -- kind regards, David Sommerseth OpenVPN Inc
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
