diff options
author | Arne Schwabe | 2021-12-13 16:06:54 +0100 |
---|---|---|
committer | Gert Doering | 2021-12-13 19:43:28 +0100 |
commit | b39725cf811cbe9334355d4c90990047494a6cc2 (patch) | |
tree | 757d1b7fc74071628915b4e3e9a83b6a9cf4ed10 /src/openvpn/crypto.c | |
parent | 985e9dbda4688280014a3ea01ffe99def1ce5be8 (diff) | |
download | openvpn-b39725cf811cbe9334355d4c90990047494a6cc2.zip openvpn-b39725cf811cbe9334355d4c90990047494a6cc2.tar.gz |
Remove md_kt_t and change crypto API to use const char*
As with the removal of cipher_kt_t, this is allows better support of
OpenSSL 3.0 and mbed TLS 3.0
Patch v2: rebase
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20211213150654.3993358-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20211213150654.3993358-2-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r-- | src/openvpn/crypto.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 69287ef..c4cf72a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -693,7 +693,10 @@ crypto_adjust_frame_parameters(struct frame *frame, crypto_overhead += cipher_kt_block_size(kt->cipher); } - crypto_overhead += md_kt_size(kt->digest); + if (md_defined(kt->digest)) + { + crypto_overhead += md_kt_size(kt->digest); + } frame_add_to_extra_frame(frame, crypto_overhead); @@ -775,11 +778,15 @@ init_key_type(struct key_type *kt, const char *ciphername, "PLEASE DO RECONSIDER THIS SETTING!"); } } + kt->digest = authname; if (strcmp(authname, "none") != 0) { - if (!aead_cipher) /* Ignore auth for AEAD ciphers */ + if (aead_cipher) /* Ignore auth for AEAD ciphers */ + { + kt->digest = "none"; + } + else { - kt->digest = md_kt_get(authname); int hmac_length = md_kt_size(kt->digest); if (OPENVPN_MAX_HMAC_SIZE < hmac_length) @@ -826,7 +833,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key, cipher_kt_iv_size(kt->cipher)); warn_insecure_key_type(ciphername); } - if (kt->digest) + if (md_defined(kt->digest)) { ctx->hmac = hmac_ctx_new(); hmac_ctx_init(ctx->hmac, key->hmac, kt->digest); |