diff options
author | Antonio Quartulli | 2022-02-15 13:31:57 +0100 |
---|---|---|
committer | Gert Doering | 2022-02-16 08:46:37 +0100 |
commit | af695b53e01035a9137bc78a868cd5410be817f4 (patch) | |
tree | 9684ba09020b6604ceebbd631f281f094a18eba8 /src/openvpn/auth_token.c | |
parent | fe340a9c1ee1b04b17e7fb367043ff575763b91c (diff) | |
download | openvpn-af695b53e01035a9137bc78a868cd5410be817f4.zip openvpn-af695b53e01035a9137bc78a868cd5410be817f4.tar.gz |
auth_token/tls_crypt: fix usage of md_valid()
With b39725cf ("Remove md_kt_t and change crypto API to use const char*")
the logic for validating ciphers and md algorithms has been changed.
We should now *always* use md_valid() when validating a digest alg.
At the same time, add '!' (negation) when validating the digest algorithm
in the tls-crypt code, in order to restore the proper logic.
Cc: Arne Schwabe <arne@rfc2549.org>
Fixes: b39725cf ("Remove md_kt_t and change crypto API to use const char*")
Reported-by: Richard T Bonhomme <tincantech@protonmail.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20220215123157.10615-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23793.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/auth_token.c')
-rw-r--r-- | src/openvpn/auth_token.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/openvpn/auth_token.c b/src/openvpn/auth_token.c index ceae68f..10c9dde 100644 --- a/src/openvpn/auth_token.c +++ b/src/openvpn/auth_token.c @@ -38,7 +38,7 @@ auth_token_kt(void) kt.cipher = "none"; kt.digest = "SHA256"; - if (!kt.digest) + if (!md_valid(kt.digest)) { msg(M_WARN, "ERROR: --tls-crypt requires HMAC-SHA-256 support."); return (struct key_type) { 0 }; |