git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Sun, 8 Jun 2014 16:16:13 +0000 (18:16 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 7 Jul 2014 18:31:13 +0000 (20:31 +0200)
commit	a4b27b6481c7496f2a8705c993edfe150a3541cb
tree	62732f6ee31dbb11950ce3f3597a0f0cba815c9c	tree
parent	c353af2f474f79bfd7b2b67ecc02e91152500209	commit \| diff

Add proper check for crypto modes (CBC or OFB/CFB)

OpenSSL has added AEAD-CBC mode ciphers like AES-128-CBC-HMAC-SHA1, which
have mode EVP_CIPH_CBC_MODE, but require a different API (the AEAD API).
So, add extra checks to filter out those AEAD-mode ciphers.

Adding these made the crypto library agnostic function cfb_ofb_mode()
superfuous, so removed that on the go.

Also update all cipher mode checks to use the new cipher_kt_mode_*()
functions for consistency.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1402244175-31462-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8779
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/crypto.c		diff \| blob \| blame \| history
src/openvpn/crypto.h		diff \| blob \| blame \| history
src/openvpn/crypto_backend.h		diff \| blob \| blame \| history
src/openvpn/crypto_openssl.c		diff \| blob \| blame \| history
src/openvpn/crypto_polarssl.c		diff \| blob \| blame \| history
src/openvpn/init.c		diff \| blob \| blame \| history