refine assertion to allow other modes than CBC

cipher_ctx_final() only returns an outlen in CBC mode. If CFB or OFB
are used the assertion outlen == iv_len is always false.

There's no CBC mode defined for the GOST 28147-89 block cipher. Hence
this patch is needed for it to work. It's needed for other ciphers like
BF-CFB as well, though.

Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <538A00AA.7090007@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8748
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit be46a2c083a6bd77754bc1674249eab583d25dac)

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index d9adf5b51304cd7611c7bfc8d69d6f6447555476..341dd7a0eee6d67655ddfedaae05ea5083c1785c 100644 (file)
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -171,7 +171,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,
          /* Flush the encryption buffer */
          ASSERT(cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen));
          work.len += outlen;
-         ASSERT (outlen == iv_size);
+         ASSERT (mode != OPENVPN_MODE_CBC || outlen == iv_size);
 
          /* prepend the IV to the ciphertext */
          if (opt->flags & CO_USE_IV)