git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Antonio Quartulli <a@unstable.cc>
	Thu, 3 Feb 2022 19:36:55 +0000 (20:36 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 4 Feb 2022 11:11:48 +0000 (12:11 +0100)
commit	2914444e7cd514eb03e6cd7949e5219557710ae8
tree	4f460fb8d817e2fa2ad44d398fbbaf4897806fef	tree
parent	2d822550ad990fbd498523fb1ab62ca19b3bb93c	commit \| diff

crypto: move OpenSSL specific FIPS check to its backend

Our crypto API already provides a function performing a validity check
on the specified ciphername. The OpenSSL counterpart also checks for the
cipher being FIPS-enabled.

This API is cipher_valid(). Extend it so that it can provide a reason
whenever the cipher is not valid and use it in crypto.c.

This way we move any OpenSSL specific bit to its own
backend and directly use the new cipher_valid_reason() API in the
generic code.

This patch fixes compilations with mbedTLS when some OpenSSL is also
installed. The issue was introduced with:
544330fe ("crypto: Fix OPENSSL_FIPS enabled builds")

Cc: David Sommerseth <davids@openvpn.net>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20220203193655.28791-2-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23714.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/crypto.c		diff \| blob \| blame \| history
src/openvpn/crypto_backend.h		diff \| blob \| blame \| history
src/openvpn/crypto_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/crypto_openssl.c		diff \| blob \| blame \| history