diff options
| author | Steffan Karger <steffan@karger.me> | 2014-06-08 18:16:13 +0200 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2014-07-07 20:31:13 +0200 |
| commit | a4b27b6481c7496f2a8705c993edfe150a3541cb (patch) | |
| tree | 62732f6ee31dbb11950ce3f3597a0f0cba815c9c /src/openvpn/crypto_backend.h | |
| parent | c353af2f474f79bfd7b2b67ecc02e91152500209 (diff) | |
| download | openvpn-a4b27b6481c7496f2a8705c993edfe150a3541cb.tar.gz openvpn-a4b27b6481c7496f2a8705c993edfe150a3541cb.tar.xz openvpn-a4b27b6481c7496f2a8705c993edfe150a3541cb.zip | |
Add proper check for crypto modes (CBC or OFB/CFB)
OpenSSL has added AEAD-CBC mode ciphers like AES-128-CBC-HMAC-SHA1, which
have mode EVP_CIPH_CBC_MODE, but require a different API (the AEAD API).
So, add extra checks to filter out those AEAD-mode ciphers.
Adding these made the crypto library agnostic function cfb_ofb_mode()
superfuous, so removed that on the go.
Also update all cipher mode checks to use the new cipher_kt_mode_*()
functions for consistency.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1402244175-31462-3-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8779
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/crypto_backend.h')
| -rw-r--r-- | src/openvpn/crypto_backend.h | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index 5ae47e6..a48ad6c 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -230,6 +230,26 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt); */ int cipher_kt_mode (const cipher_kt_t *cipher_kt); +/** + * Check of the supplied cipher is a supported CBC mode cipher. + * + * @param cipher Static cipher parameters. May not be NULL. + * + * @return true iff the cipher is a CBC mode cipher. + */ +bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) + __attribute__((nonnull)); + +/** + * Check of the supplied cipher is a supported OFB or CFB mode cipher. + * + * @param cipher Static cipher parameters. May not be NULL. + * + * @return true iff the cipher is a OFB or CFB mode cipher. + */ +bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) + __attribute__((nonnull)); + /** * @@ -288,6 +308,16 @@ int cipher_ctx_block_size (const cipher_ctx_t *ctx); int cipher_ctx_mode (const cipher_ctx_t *ctx); /** + * Returns the static cipher parameters for this context. + * + * @param ctx Cipher's context. May not be NULL. + * + * @return Static cipher parameters for the supplied context. + */ +const cipher_kt_t *cipher_ctx_get_cipher_kt (const cipher_ctx_t *ctx) + __attribute__((nonnull)); + +/** * Resets the given cipher context, setting the IV to the specified value. * Preserves the associated key information. * |