summaryrefslogtreecommitdiffstats
path: root/src/openvpn/crypto.h
Commit message (Collapse)AuthorAgeFilesLines
* reintroduce md5_digest wrapper struct to fix gcc warningsSteffan Karger2015-07-271-0/+5
| | | | | | | | | | | | | | | | | I was wrong to assume that adding the const qualifier to the pointer-to- fixed-size-array contruction used in options_hash_changed_or_zero() was allowed. GCC actually warns about this, but I was using clang and clang seems to be fine with the contruction. To make GCC happy too, reintroduce the md5_digest wrapped struct, and use that when passing around the digest. This reverts the "struct md5_digest" parts of 827de237860813d2859a, but keeps the rest. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1437910039-30101-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9949 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* cleanup: remove md5 helper functionsSteffan Karger2015-05-231-20/+0
| | | | | | | | | | | | | | | | | | | | | | The MD5 wrapper functions were used in just a few places, which imho is not worth the extra code. Instead of using these wrappers, just use the generic md_ctx_*() functions directly. The md5sum() function was only used for logging information that was not useful to a user; first the full options string would be printed, and later just the hash. That hash is less informative than the full string, so why print it at all? Finally, also removed save_pulled_options_digest(). The two times it was called, it executed either one of the possible branches in the function, where one of these needed a comment to explain what passing NULL as newdigest is supposed to do... Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1430665631-4022-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9642 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Remove ENABLE_SSL define (and --disable-ssl configure option)Steffan Karger2014-12-311-9/+0
| | | | | | | | | | | | | | | | | | | Remove the --disable-ssl configure option and accompanying ENABLE_SSL defines in the master/2.4 branch, to reduce the code and testing complexity a bit. This does not remove to runtime option to run without SSL, just the compile time option to not include any SSL-related code. During the community meeting in November 2014 there were no objections amongst he developers present. Also, this has been announced on the -users and -devel mailing lists two weeks ago, without any response whatsoever. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <54A4248A.1090501@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9371 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Update doxygen (a bit)Steffan Karger2014-12-071-1/+71
| | | | | | | | | | | | | | | | | This is not a full update, but just updates some data channel-related docs I came across. Other pages probably need a bit of attention too. Stuff that was changed: * Explain data channel crypto format in crypto.h * Add P_DATA_V1 and P_DATA_V2 packet format spec * Remove '2.1' from title * Update some OpenSSL-specific text Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1417978095-19427-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/9318 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Add proper check for crypto modes (CBC or OFB/CFB)Steffan Karger2014-07-071-2/+0
| | | | | | | | | | | | | | | | | | OpenSSL has added AEAD-CBC mode ciphers like AES-128-CBC-HMAC-SHA1, which have mode EVP_CIPH_CBC_MODE, but require a different API (the AEAD API). So, add extra checks to filter out those AEAD-mode ciphers. Adding these made the crypto library agnostic function cfb_ofb_mode() superfuous, so removed that on the go. Also update all cipher mode checks to use the new cipher_kt_mode_*() functions for consistency. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1402244175-31462-3-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8779 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.Steffan Karger2014-07-071-2/+0
| | | | | | | | | | | | Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers to also show OFB/CFB ciphers along the way (becasue crypto.h was not included from crypto_openssl.c). Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1402244175-31462-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8781 Signed-off-by: Gert Doering <gert@greenie.muc.de>
* build: proper crypto detection and usageAlon Bar-Lev2012-03-221-4/+4
| | | | | | Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com>
* build: standard directory layoutAlon Bar-Lev2012-03-221-0/+398
Suitable for mature project. root - administrative stuff doc - documents src - sources tests - tests distro - distro specific files sample - samples SIDE EFFECT: many changes to rpm spec. Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Adriaan de Jong <dejong@fox-it.com> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-20 14:45:30 +0000