Fix assertion error when using --cipher none

Some commits ago, the cipher mode checks were cleaned up to
remove code duplication (and fix the issue in #471), but broke
'--cipher none' (reported in #473). This commit fixes that.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <545DED2C.5070002@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9217
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index bc067a7d1566552a0e44e5b22a3838048fe53b45..87498785dcb658e2a49a93f9ae34130d6caff345 100644 (file)
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -223,7 +223,7 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt);
 /**
  * Returns the mode that the cipher runs in.
  *
- * @param cipher_kt    Static cipher parameters
+ * @param cipher_kt    Static cipher parameters. May not be NULL.
  *
  * @return             Cipher mode, either \c OPENVPN_MODE_CBC, \c
  *                     OPENVPN_MODE_OFB or \c OPENVPN_MODE_CFB
@@ -233,7 +233,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt);
 /**
  * Check if the supplied cipher is a supported CBC mode cipher.
  *
- * @param cipher       Static cipher parameters. May not be NULL.
+ * @param cipher       Static cipher parameters.
  *
  * @return             true iff the cipher is a CBC mode cipher.
  */
@@ -243,7 +243,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 /**
  * Check if the supplied cipher is a supported OFB or CFB mode cipher.
  *
- * @param cipher       Static cipher parameters. May not be NULL.
+ * @param cipher       Static cipher parameters.
  *
  * @return             true iff the cipher is a OFB or CFB mode cipher.
  */

diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 0ac89a19f238076c05b3be96b5ac396580f58ca7..f7a491d66d40e193ac6294a6e45bf2e1025a77ac 100644 (file)
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -492,7 +492,7 @@ cipher_kt_mode (const EVP_CIPHER *cipher_kt)
 bool
 cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 {
-  return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
+  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC
 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
       /* Exclude AEAD cipher modes, they require a different API */
       && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
@@ -503,7 +503,7 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 bool
 cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
 {
-  return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
+  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
          cipher_kt_mode(cipher) == OPENVPN_MODE_CFB)
 #ifdef EVP_CIPH_FLAG_AEAD_CIPHER
       /* Exclude AEAD cipher modes, they require a different API */

diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c
index 1a986dbd70af4c6cd0bc8171390a4d6b249ca99a..e083398fe22f8b5546dac854355f52a774ee364b 100644 (file)
--- a/src/openvpn/crypto_polarssl.c
+++ b/src/openvpn/crypto_polarssl.c
@@ -419,13 +419,13 @@ cipher_kt_mode (const cipher_info_t *cipher_kt)
 bool
 cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 {
-  return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC;
+  return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC;
 }
 
 bool
 cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
 {
-  return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
+  return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB ||
          cipher_kt_mode(cipher) == OPENVPN_MODE_CFB);
 }