diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-01-31 16:30:19 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-01-31 16:30:53 -0600 |
commit | 76a9ad942e1e91acfeb5eaaeb358e34adaaf0cd4 (patch) | |
tree | 0eb8b53dc408096709f6de580cd2d78992a7e01c /usr/local/www/vpn_ipsec_phase1.php | |
parent | fdc9ac09ef07752da6153cd3c28f734c61985372 (diff) | |
download | pfsense-76a9ad942e1e91acfeb5eaaeb358e34adaaf0cd4.zip pfsense-76a9ad942e1e91acfeb5eaaeb358e34adaaf0cd4.tar.gz |
Add input validation to prevent the use of AES > 128 where glxsb is enabled. Ticket #4361
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index 07f8c8b..8738038 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -328,6 +328,13 @@ if ($_POST) { if (!empty($pconfig['iketype']) && $pconfig['iketype'] != "ikev1" && $pconfig['iketype'] != "ikev2" && $pconfig['iketype'] != "auto") $input_errors[] = gettext("Valid arguments for IKE type is v1 or v2 or auto"); + + if (!empty($_POST['ealgo']) && isset($config['system']['crypto_hardware'])) { + if ($config['system']['crypto_hardware'] == "glxsb") { + if ($_POST['ealgo'] == "aes" && $_POST['ealgo_keylen'] != "128") + $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled."); + } + } /* build our encryption algorithms array */ $pconfig['ealgo'] = array(); |