PolarSSL-1.2 support

Add support for PolarSSL-1.2, which has changed the API in several places.
This is a minimal port, new features have not been enabled. Only PolarSSL
1.2.5 and newer are accepted, as earlier versions contain unresolved
(security) issues.

Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Message-Id: <1363942465-3251-2-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7436
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 4 insertions, 1 deletions

diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c
index 3978a3c..ed9db53 100644
--- a/src/openvpn/crypto_polarssl.c
+++ b/src/openvpn/crypto_polarssl.c
@@ -114,7 +114,7 @@ show_available_ciphers ()
 
       if (info && info->mode == POLARSSL_MODE_CBC)
 	printf ("%s %d bit default key\n",
-		info->name, info->key_length);
+		info->name, cipher_kt_key_size(info) * 8);
 
       ciphers++;
     }
@@ -339,6 +339,9 @@ cipher_kt_key_size (const cipher_info_t *cipher_kt)
 {
   if (NULL == cipher_kt)
     return 0;
+  if (POLARSSL_CIPHER_ID_BLOWFISH == cipher_kt->base->cipher)
+    return 128/8; /* Override PolarSSL 32 bit default key size with sane 128 bit default */
+
   return cipher_kt->key_length/8;
 }