diff options
| author | Steffan Karger <steffan@karger.me> | 2014-11-08 11:15:08 +0100 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2014-11-08 18:28:52 +0100 |
| commit | 4e93e6dc88f4d904a4f2eb90140472a8d8fd68d0 (patch) | |
| tree | 2db0ee000d5a119ae7ea4a62f944971defb70d48 /src/openvpn | |
| parent | 86fe01897b9ec3f30c23395cc757f0e0b1393b03 (diff) | |
| download | openvpn-4e93e6dc88f4d904a4f2eb90140472a8d8fd68d0.tar.gz openvpn-4e93e6dc88f4d904a4f2eb90140472a8d8fd68d0.tar.xz openvpn-4e93e6dc88f4d904a4f2eb90140472a8d8fd68d0.zip | |
Fix assertion error when using --cipher none
Some commits ago, the cipher mode checks were cleaned up to
remove code duplication (and fix the issue in #471), but broke
'--cipher none' (reported in #473). This commit fixes that.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <545DED2C.5070002@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9217
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn')
| -rw-r--r-- | src/openvpn/crypto_backend.h | 6 | ||||
| -rw-r--r-- | src/openvpn/crypto_openssl.c | 4 | ||||
| -rw-r--r-- | src/openvpn/crypto_polarssl.c | 4 |
3 files changed, 7 insertions, 7 deletions
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index bc067a7..8749878 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -223,7 +223,7 @@ int cipher_kt_block_size (const cipher_kt_t *cipher_kt); /** * Returns the mode that the cipher runs in. * - * @param cipher_kt Static cipher parameters + * @param cipher_kt Static cipher parameters. May not be NULL. * * @return Cipher mode, either \c OPENVPN_MODE_CBC, \c * OPENVPN_MODE_OFB or \c OPENVPN_MODE_CFB @@ -233,7 +233,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt); /** * Check if the supplied cipher is a supported CBC mode cipher. * - * @param cipher Static cipher parameters. May not be NULL. + * @param cipher Static cipher parameters. * * @return true iff the cipher is a CBC mode cipher. */ @@ -243,7 +243,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) /** * Check if the supplied cipher is a supported OFB or CFB mode cipher. * - * @param cipher Static cipher parameters. May not be NULL. + * @param cipher Static cipher parameters. * * @return true iff the cipher is a OFB or CFB mode cipher. */ diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 0ac89a1..f7a491d 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -492,7 +492,7 @@ cipher_kt_mode (const EVP_CIPHER *cipher_kt) bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) { - return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC + return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC #ifdef EVP_CIPH_FLAG_AEAD_CIPHER /* Exclude AEAD cipher modes, they require a different API */ && !(EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) @@ -503,7 +503,7 @@ cipher_kt_mode_cbc(const cipher_kt_t *cipher) bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) { - return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || + return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB) #ifdef EVP_CIPH_FLAG_AEAD_CIPHER /* Exclude AEAD cipher modes, they require a different API */ diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c index 1a986db..e083398 100644 --- a/src/openvpn/crypto_polarssl.c +++ b/src/openvpn/crypto_polarssl.c @@ -419,13 +419,13 @@ cipher_kt_mode (const cipher_info_t *cipher_kt) bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) { - return cipher_kt_mode(cipher) == OPENVPN_MODE_CBC; + return cipher && cipher_kt_mode(cipher) == OPENVPN_MODE_CBC; } bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) { - return (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || + return cipher && (cipher_kt_mode(cipher) == OPENVPN_MODE_OFB || cipher_kt_mode(cipher) == OPENVPN_MODE_CFB); } |