refine assertion to allow other modes than CBC

cipher_ctx_final() only returns an outlen in CBC mode. If CFB or OFB are used the assertion outlen == iv_len is always false. There's no CBC mode defined for the GOST 28147-89 block cipher. Hence this patch is needed for it to work. It's needed for other ciphers like BF-CFB as well, though. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <538A00AA.7090007@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8748 Signed-off-by: Gert Doering <gert@greenie.muc.de>
author: Heiko Hund <heiko.hund@sophos.com> 2012-08-16 10:38:50 +0200
committer: Gert Doering <gert@greenie.muc.de> 2014-06-05 09:16:42 +0200
commit: be46a2c083a6bd77754bc1674249eab583d25dac (patch)
tree: 94019cdae85916c87a50d572faaa7509ae9e97b6 /src
parent: d0154a3a8a73fa656ba7ce2c15087db85c8ece92 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index c4c356d..d0dc069 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -171,7 +171,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work,
 	  /* Flush the encryption buffer */
 	  ASSERT(cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen));
 	  work.len += outlen;
-	  ASSERT (outlen == iv_size);
+	  ASSERT (mode != OPENVPN_MODE_CBC || outlen == iv_size);
 
 	  /* prepend the IV to the ciphertext */
 	  if (opt->flags & CO_USE_IV)
author	Heiko Hund <heiko.hund@sophos.com>	2012-08-16 10:38:50 +0200
committer	Gert Doering <gert@greenie.muc.de>	2014-06-05 09:16:42 +0200
commit	be46a2c083a6bd77754bc1674249eab583d25dac (patch)
tree	94019cdae85916c87a50d572faaa7509ae9e97b6 /src
parent	d0154a3a8a73fa656ba7ce2c15087db85c8ece92 (diff)