Remove reuse of key_type during init of data channel auth and tls-auth

Prepare for using AEAD cipher modes + tls-auth, as tls-auth might want to use an HMAC, while the data channel uses e.g. GCM tags. This separates the two initialisations. Also, error out (and give a clear error message) if a user specifies tls-auth but no valid auth algorithm, which makes no sense at all. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1454874438-5081-3-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11073 Signed-off-by: Gert Doering <gert@greenie.muc.de>
author: Steffan Karger 2016-02-07 20:47:10 +0100
committer: Gert Doering 2016-02-09 07:58:40 +0100
commit: e7d78e407d41d48fbd91a71b2edfedcd2879b778 (patch)
tree: 23cad1e80834a529ed3df7d355327ba54a3f53b5 /src/openvpn/openvpn.h
parent: 70fbc5be209635739458267abde31b5cd4f770d0 (diff)
download: openvpn-e7d78e407d41d48fbd91a71b2edfedcd2879b778.zip
openvpn-e7d78e407d41d48fbd91a71b2edfedcd2879b778.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 3f1df6e..71adf48 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -66,6 +66,7 @@ struct key_schedule
   struct tls_root_ctx ssl_ctx;
 
   /* optional authentication HMAC key for TLS control channel */
+  struct key_type tls_auth_key_type;
   struct key_ctx_bi tls_auth_key;
 #else				/* ENABLE_CRYPTO */
   int dummy;
author	Steffan Karger	2016-02-07 20:47:10 +0100
committer	Gert Doering	2016-02-09 07:58:40 +0100
commit	e7d78e407d41d48fbd91a71b2edfedcd2879b778 (patch)
tree	23cad1e80834a529ed3df7d355327ba54a3f53b5 /src/openvpn/openvpn.h
parent	70fbc5be209635739458267abde31b5cd4f770d0 (diff)
download	openvpn-e7d78e407d41d48fbd91a71b2edfedcd2879b778.zip openvpn-e7d78e407d41d48fbd91a71b2edfedcd2879b778.tar.gz