Remove md_kt_t and change crypto API to use const char*

As with the removal of cipher_kt_t, this is allows better support of
OpenSSL 3.0 and mbed TLS 3.0

Patch v2: rebase

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20211213150654.3993358-2-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20211213150654.3993358-2-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 11 insertions, 4 deletions

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 69287ef..c4cf72a 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -693,7 +693,10 @@ crypto_adjust_frame_parameters(struct frame *frame,
         crypto_overhead += cipher_kt_block_size(kt->cipher);
     }
 
-    crypto_overhead += md_kt_size(kt->digest);
+    if (md_defined(kt->digest))
+    {
+        crypto_overhead += md_kt_size(kt->digest);
+    }
 
     frame_add_to_extra_frame(frame, crypto_overhead);
 
@@ -775,11 +778,15 @@ init_key_type(struct key_type *kt, const char *ciphername,
                 "PLEASE DO RECONSIDER THIS SETTING!");
         }
     }
+    kt->digest = authname;
     if (strcmp(authname, "none") != 0)
     {
-        if (!aead_cipher) /* Ignore auth for AEAD ciphers */
+        if (aead_cipher) /* Ignore auth for AEAD ciphers */
+        {
+            kt->digest = "none";
+        }
+        else
         {
-            kt->digest = md_kt_get(authname);
             int hmac_length = md_kt_size(kt->digest);
 
             if (OPENVPN_MAX_HMAC_SIZE < hmac_length)
@@ -826,7 +833,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key,
              cipher_kt_iv_size(kt->cipher));
         warn_insecure_key_type(ciphername);
     }
-    if (kt->digest)
+    if (md_defined(kt->digest))
     {
         ctx->hmac = hmac_ctx_new();
         hmac_ctx_init(ctx->hmac, key->hmac, kt->digest);