diff options
author | Steffan Karger <steffan@karger.me> | 2014-06-08 18:16:13 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-07-07 22:35:30 +0200 |
commit | deff485f85e0eb9502f1ed2cdda2dd41a429fe58 (patch) | |
tree | 1ec531a6ad730a1fbcef6ba77e7246ea13bac747 /src/openvpn/crypto.h | |
parent | f71a780fa5224c5de0859aad1a34ebd8a92165a0 (diff) | |
download | openvpn-deff485f85e0eb9502f1ed2cdda2dd41a429fe58.tar.gz openvpn-deff485f85e0eb9502f1ed2cdda2dd41a429fe58.tar.xz openvpn-deff485f85e0eb9502f1ed2cdda2dd41a429fe58.zip |
Add proper check for crypto modes (CBC or OFB/CFB)
OpenSSL has added AEAD-CBC mode ciphers like AES-128-CBC-HMAC-SHA1, which
have mode EVP_CIPH_CBC_MODE, but require a different API (the AEAD API).
So, add extra checks to filter out those AEAD-mode ciphers.
Adding these made the crypto library agnostic function cfb_ofb_mode()
superfuous, so removed that on the go.
Also update all cipher mode checks to use the new cipher_kt_mode_*()
functions for consistency.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1402244175-31462-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8779
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a4b27b6481c7496f2a8705c993edfe150a3541cb)
Diffstat (limited to 'src/openvpn/crypto.h')
-rw-r--r-- | src/openvpn/crypto.h | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 1f1e1b6..bf2f802 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -187,8 +187,6 @@ bool write_key (const struct key *key, const struct key_type *kt, int read_key (struct key *key, const struct key_type *kt, struct buffer *buf); -bool cfb_ofb_mode (const struct key_type* kt); - void init_key_type (struct key_type *kt, const char *ciphername, bool ciphername_defined, const char *authname, bool authname_defined, int keysize, bool cfb_ofb_allowed, bool warn); |