]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f71a780) | patch
Add proper check for crypto modes (CBC or OFB/CFB)
authorSteffan Karger <steffan@karger.me>
Sun, 8 Jun 2014 16:16:13 +0000 (18:16 +0200)
committerGert Doering <gert@greenie.muc.de>
Mon, 7 Jul 2014 20:35:30 +0000 (22:35 +0200)
commitdeff485f85e0eb9502f1ed2cdda2dd41a429fe58
tree1ec531a6ad730a1fbcef6ba77e7246ea13bac747tree
parentf71a780fa5224c5de0859aad1a34ebd8a92165a0commit | diff
Add proper check for crypto modes (CBC or OFB/CFB)

OpenSSL has added AEAD-CBC mode ciphers like AES-128-CBC-HMAC-SHA1, which
have mode EVP_CIPH_CBC_MODE, but require a different API (the AEAD API).
So, add extra checks to filter out those AEAD-mode ciphers.

Adding these made the crypto library agnostic function cfb_ofb_mode()
superfuous, so removed that on the go.

Also update all cipher mode checks to use the new cipher_kt_mode_*()
functions for consistency.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1402244175-31462-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8779
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a4b27b6481c7496f2a8705c993edfe150a3541cb)
src/openvpn/crypto.c diff | blob | blame | history
src/openvpn/crypto.h diff | blob | blame | history
src/openvpn/crypto_backend.h diff | blob | blame | history
src/openvpn/crypto_openssl.c diff | blob | blame | history
src/openvpn/crypto_polarssl.c diff | blob | blame | history
src/openvpn/init.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git