diff options
| author | Chris Buechler <cmb@pfsense.org> | 2015-01-31 16:30:19 -0600 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2015-01-31 16:30:19 -0600 |
| commit | 69aeef21955e7f2d9b6b1ad897d3655bb43506fe (patch) | |
| tree | 56b073ad3e53ba901e097427099fc7905f165fcc /usr/local/www/vpn_ipsec_phase2.php | |
| parent | 87808568a70404e04c306723cdd65f52e59003f9 (diff) | |
| download | pfsense-69aeef21955e7f2d9b6b1ad897d3655bb43506fe.zip pfsense-69aeef21955e7f2d9b6b1ad897d3655bb43506fe.tar.gz | |
Add input validation to prevent the use of AES > 128 where glxsb is enabled. Ticket #4361
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase2.php')
| -rw-r--r-- | usr/local/www/vpn_ipsec_phase2.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/usr/local/www/vpn_ipsec_phase2.php b/usr/local/www/vpn_ipsec_phase2.php index e6ce3f0..e42cc0b 100644 --- a/usr/local/www/vpn_ipsec_phase2.php +++ b/usr/local/www/vpn_ipsec_phase2.php @@ -142,7 +142,7 @@ if ($_POST) { } do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); - + if(($pconfig['mode'] == "tunnel") || ($pconfig['mode'] == "tunnel6")) { switch ($pconfig['localid_type']) { @@ -300,8 +300,14 @@ if ($_POST) { if (!count($ealgos)) { $input_errors[] = gettext("At least one encryption algorithm must be selected."); } else { - if (empty($pconfig['halgos'])) { - foreach ($ealgos as $ealgo) { + foreach ($ealgos as $ealgo) { + if (isset($config['system']['crypto_hardware'])) { + if ($config['system']['crypto_hardware'] == "glxsb") { + if ($ealgo['name'] == "aes" && $ealgo['keylen'] != "128") + $input_errors[] = gettext("Only 128 bit AES can be used where the glxsb crypto accelerator is enabled."); + } + } + if (empty($pconfig['halgos'])) { if (!strpos($ealgo['name'], "gcm")) { $input_errors[] = gettext("At least one hashing algorithm needs to be selected."); break; |
