From: Heiko Hund Date: Thu, 16 Aug 2012 08:38:50 +0000 (+0200) Subject: refine assertion to allow other modes than CBC X-Git-Tag: v2.4_alpha1~415 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be46a2c083a6bd77754bc1674249eab583d25dac;p=thirdparty%2Fopenvpn.git refine assertion to allow other modes than CBC cipher_ctx_final() only returns an outlen in CBC mode. If CFB or OFB are used the assertion outlen == iv_len is always false. There's no CBC mode defined for the GOST 28147-89 block cipher. Hence this patch is needed for it to work. It's needed for other ciphers like BF-CFB as well, though. Signed-off-by: Heiko Hund Acked-by: Steffan Karger Message-Id: <538A00AA.7090007@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8748 Signed-off-by: Gert Doering --- diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index c4c356dc4..d0dc069a3 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -171,7 +171,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, /* Flush the encryption buffer */ ASSERT(cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen)); work.len += outlen; - ASSERT (outlen == iv_size); + ASSERT (mode != OPENVPN_MODE_CBC || outlen == iv_size); /* prepend the IV to the ciphertext */ if (opt->flags & CO_USE_IV)