Remove cipher_kt_t and change type to const char* in API

Make the external crypto consumer oblivious to the internal cipher
type that both mbed TLS and OpenSSL use. This change is mainly done
so the cipher type that is used can be stay a const type but instead
of an SSL library type, we now use a simple string to identify a
cipher. This has the disadvantages that we do a cipher lookup every
time a function is called that needs to query properties of a cipher.
But none of these queries are in a critical path.

This patch also fixes the memory leaks introduced by the
EVP_fetch_cipher commit by always freeing the EVP_CIPHER.

This also changes kt->cipher to be always defined with the name of
the cipher. This only affects the "none" cipher cipher which was
previously represented by kt->cipher to be NULL.

Patch v2: rebase on master

Patch v3: fix errors with mbed TLS without having md_kt to const char *
          patch also applied, fix logic inversion in tls_crypt_tk

Patch v4: fix issue if cipher does not get changed by NCP that null cipher
          is then used

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20211213150654.3993358-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20211213150654.3993358-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>

1 files changed, 0 insertions, 2 deletions

diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 8447783..aff63ae 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -529,8 +529,6 @@ struct context
                                           |(c->options.tls_auth_file ? md_kt_size(c->c1.ks.key_type.digest) : 0), \
                                           gc)
 
-#define CIPHER_ENABLED(c) (c->c1.ks.key_type.cipher != NULL)
-
 /* this represents "disabled peer-id" */
 #define MAX_PEER_ID 0xFFFFFF