Config compatibility patch. Added translate_cipher_name.

Added translate_cipher name to crypto_openssl.c and crypto_polarssl.c
to translate between OpenVPN(/OpenSSL) and PolarSSL data channel
cipher algorithm names. OpenSSL does not require any translating,
PolarSSL does for a small number of algorithms. This improves on
config file compatibility between the OpenSSL and PolarSSL builds.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-5-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7435
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index ac2eecdde5c0df81a7361d5e59eec9835dd2c931..405c0aac2d9ff5cfca446c99c08fc591beafd8f1 100644 (file)
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -401,7 +401,7 @@ init_key_type (struct key_type *kt, const char *ciphername,
   CLEAR (*kt);
   if (ciphername && ciphername_defined)
     {
-      kt->cipher = cipher_kt_get (ciphername);
+      kt->cipher = cipher_kt_get (translate_cipher_name_from_openvpn(ciphername));
       kt->cipher_length = cipher_kt_key_size (kt->cipher);
       if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH)
        kt->cipher_length = keysize;

diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index 1eac61157d09b64998a96b6f80d24670cd5f4081..5ae47e6c174d39f577a66912e7bbc364a854757d 100644 (file)
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -63,6 +63,18 @@ void crypto_init_lib_engine (const char *engine_name);
 void crypto_init_dmalloc (void);
 #endif /* DMALLOC */
 
+/**
+ * Translate a data channel cipher name from the OpenVPN config file
+ * 'language' to the crypto library specific name.
+ */
+const char * translate_cipher_name_from_openvpn (const char *cipher_name);
+
+/**
+ * Translate a data channel cipher name from the crypto library specific name
+ * to the OpenVPN config file 'language'.
+ */
+const char * translate_cipher_name_from_openvpn (const char *cipher_name);
+
 void show_available_ciphers (void);
 
 void show_available_digests (void);

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 534250297e90c53f2dfb5fdb988223a8392ffe42..21d1762d8d7fe3ed8eb8cd7580cd882e00e621d0 100644 (file)
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -281,6 +281,18 @@ crypto_init_dmalloc (void)
 }
 #endif /* DMALLOC */
 
+const char *
+translate_cipher_name_from_openvpn (const char *cipher_name) {
+  // OpenSSL doesn't require any translation
+  return cipher_name;
+}
+
+const char *
+translate_cipher_name_to_openvpn (const char *cipher_name) {
+  // OpenSSL doesn't require any translation
+  return cipher_name;
+}
+
 void
 show_available_ciphers ()
 {

diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c
index ed9db53a874d59d5901b5ab0c600d8e5534c3b9b..1f27d6ca11438346438040f8abd25505aabf9a25 100644 (file)
--- a/src/openvpn/crypto_polarssl.c
+++ b/src/openvpn/crypto_polarssl.c
@@ -94,6 +94,53 @@ crypto_init_dmalloc (void)
 }
 #endif /* DMALLOC */
 
+typedef struct { const char * openvpn_name; const char * polarssl_name; } cipher_name_pair;
+cipher_name_pair cipher_name_translation_table[] = {
+    { "BF-CBC", "BLOWFISH-CBC" },
+    { "BF-CFB", "BLOWFISH-CFB64" },
+    { "CAMELLIA-128-CFB", "CAMELLIA-128-CFB128" },
+    { "CAMELLIA-192-CFB", "CAMELLIA-192-CFB128" },
+    { "CAMELLIA-256-CFB", "CAMELLIA-256-CFB128" }
+};
+
+const cipher_name_pair *
+get_cipher_name_pair(const char *cipher_name) {
+  cipher_name_pair *pair;
+  size_t i = 0;
+
+  /* Search for a cipher name translation */
+  for (; i < sizeof (cipher_name_translation_table) / sizeof (*cipher_name_translation_table); i++)
+    {
+      pair = &cipher_name_translation_table[i];
+      if (0 == strcmp (cipher_name, pair->openvpn_name) ||
+         0 == strcmp (cipher_name, pair->polarssl_name))
+         return pair;
+    }
+
+  /* Nothing found, return null */
+  return NULL;
+}
+
+const char *
+translate_cipher_name_from_openvpn (const char *cipher_name) {
+  const cipher_name_pair *pair = get_cipher_name_pair(cipher_name);
+
+  if (NULL == pair)
+    return cipher_name;
+
+  return pair->polarssl_name;
+}
+
+const char *
+translate_cipher_name_to_openvpn (const char *cipher_name) {
+  const cipher_name_pair *pair = get_cipher_name_pair(cipher_name);
+
+  if (NULL == pair)
+    return cipher_name;
+
+  return pair->openvpn_name;
+}
+
 void
 show_available_ciphers ()
 {
@@ -114,7 +161,7 @@ show_available_ciphers ()
 
       if (info && info->mode == POLARSSL_MODE_CBC)
        printf ("%s %d bit default key\n",
-               info->name, cipher_kt_key_size(info) * 8);
+               cipher_kt_name(info), cipher_kt_key_size(info) * 8);
 
       ciphers++;
     }
@@ -331,7 +378,8 @@ cipher_kt_name (const cipher_info_t *cipher_kt)
 {
   if (NULL == cipher_kt)
     return "[null-cipher]";
-  return cipher_kt->name;
+
+  return translate_cipher_name_to_openvpn(cipher_kt->name);
 }
 
 int