diff options
author | Adriaan de Jong | 2011-06-23 09:41:28 +0200 |
---|---|---|
committer | David Sommerseth | 2011-10-19 22:05:45 +0200 |
commit | 23ee3563de28820919fe83f8f5b7289dc4ed42ae (patch) | |
tree | c34550b54b8ed462ebff249e7fc634cd94056026 | |
parent | b5738e5b858274785eff30edb4748e3f641e0b1c (diff) | |
download | openvpn-23ee3563de28820919fe83f8f5b7289dc4ed42ae.zip openvpn-23ee3563de28820919fe83f8f5b7289dc4ed42ae.tar.gz |
Refactored maximum cipher and hmac length constants
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
-rw-r--r-- | crypto.c | 12 | ||||
-rw-r--r-- | crypto.h | 24 | ||||
-rw-r--r-- | crypto_backend.h | 34 | ||||
-rw-r--r-- | crypto_openssl.c | 12 |
4 files changed, 46 insertions, 36 deletions
@@ -34,18 +34,6 @@ #include "memdbg.h" /* - * Check for key size creepage. - */ - -#if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH -#warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH -#endif - -#if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE -#warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH -#endif - -/* * Encryption and Compression Routines. * * On entry, buf contains the input data and length. @@ -173,29 +173,6 @@ cipher_ok (const char* name) #endif /* - * Max size in bytes of any cipher key that might conceivably be used. - * - * This value is checked at compile time in crypto.c to make sure - * it is always at least EVP_MAX_KEY_LENGTH. - * - * We define our own value, since this parameter - * is used to control the size of static key files. - * If the OpenSSL library increases EVP_MAX_KEY_LENGTH, - * we don't want our key files to be suddenly rendered - * unusable. - */ -#define MAX_CIPHER_KEY_LENGTH 64 - -/* - * Max size in bytes of any HMAC key that might conceivably be used. - * - * This value is checked at compile time in crypto.c to make sure - * it is always at least EVP_MAX_MD_SIZE. We define our own value - * for the same reason as above. - */ -#define MAX_HMAC_KEY_LENGTH 64 - -/* * Defines a key type and key length for both cipher and HMAC. */ struct key_type @@ -206,7 +183,6 @@ struct key_type const EVP_MD *digest; }; - /** * Container for unidirectional cipher and HMAC %key material. * @ingroup control_processor diff --git a/crypto_backend.h b/crypto_backend.h index 9f8eb04..31935ed 100644 --- a/crypto_backend.h +++ b/crypto_backend.h @@ -58,4 +58,38 @@ */ int rand_bytes (uint8_t *output, int len); +/* + * + * Generic cipher key type functions + * + */ +/* + * Max size in bytes of any cipher key that might conceivably be used. + * + * This value is checked at compile time in crypto.c to make sure + * it is always at least EVP_MAX_KEY_LENGTH. + * + * We define our own value, since this parameter + * is used to control the size of static key files. + * If the OpenSSL library increases EVP_MAX_KEY_LENGTH, + * we don't want our key files to be suddenly rendered + * unusable. + */ +#define MAX_CIPHER_KEY_LENGTH 64 + +/* + * + * Generic message digest information functions + * + */ + +/* + * Max size in bytes of any HMAC key that might conceivably be used. + * + * This value is checked at compile time in crypto.c to make sure + * it is always at least EVP_MAX_MD_SIZE. We define our own value + * for the same reason as above. + */ +#define MAX_HMAC_KEY_LENGTH 64 + #endif /* CRYPTO_BACKEND_H_ */ diff --git a/crypto_openssl.c b/crypto_openssl.c index cbe559a..9e547b4 100644 --- a/crypto_openssl.c +++ b/crypto_openssl.c @@ -38,6 +38,18 @@ #include <openssl/des.h> /* + * Check for key size creepage. + */ + +#if MAX_CIPHER_KEY_LENGTH < EVP_MAX_KEY_LENGTH +#warning Some OpenSSL EVP ciphers now support key lengths greater than MAX_CIPHER_KEY_LENGTH -- consider increasing MAX_CIPHER_KEY_LENGTH +#endif + +#if MAX_HMAC_KEY_LENGTH < EVP_MAX_MD_SIZE +#warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH +#endif + +/* * * Random number functions, used in cases where we want * reasonably strong cryptographic random number generation |