mirror/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 03:52:28 +02:00
Code

Make cipher_kt_name always return normalised cipher name

Browse Source 
The mbed TLS variant of the call already returned the normalised
name while the OpenSSL variant did not. On top of that, all calls but
one to cipher_kt_name were translate_cipher_name_to_openvpn. This commit
moves the call of translate_cipher_name_to_openvpn into cipher_kt_name
or avoids calling it twice in the case of mbed TLS.

The one case that did not translate_cipher_name_to_openvpn is an
internal ssl_openssl.c method that should call EVP_CIPHER_name anyway.

Also simplify cipher_name_cmp function that is only used by
openvpn --show-ciphers with the modified cipher_kt_name
function.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20200605112519.22714-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19970.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2020-06-05 13:25:17 +02:00 committed by Gert Doering
parent 0213f80ed7
commit ff531767ea
5 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/openvpn/crypto.c
View File

@ -847,7 +847,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key,
cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length,
kt->cipher, enc);
const char *ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher));
const char *ciphername = cipher_kt_name(kt->cipher);
msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key",
prefix,
ciphername,
@ -1810,7 +1810,7 @@ print_cipher(const cipher_kt_t *cipher)
" by default" : "";
printf("%s (%d bit key%s, ",
translate_cipher_name_to_openvpn(cipher_kt_name(cipher)),
cipher_kt_name(cipher),
cipher_kt_key_size(cipher) * 8, var_key_size);
if (cipher_kt_block_size(cipher) == 1)

2
src/openvpn/crypto_backend.h
View File

@ -237,6 +237,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername);
/**
* Retrieve a string describing the cipher (e.g. \c AES-128-CBC).
* The returned name is normalised to the OpenVPN config name in case the
* name differs from the name used by the crypto library.
*
* @param cipher_kt Static cipher parameters
*

13
src/openvpn/crypto_openssl.c
View File

@ -273,12 +273,7 @@ cipher_name_cmp(const void *a, const void *b)
const EVP_CIPHER *const *cipher_a = a;
const EVP_CIPHER *const *cipher_b = b;
const char *cipher_name_a =
translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a));
const char *cipher_name_b =
translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b));
return strcmp(cipher_name_a, cipher_name_b);
return strcmp(cipher_kt_name(*cipher_a), cipher_kt_name(*cipher_b));
}
void
@ -620,7 +615,9 @@ cipher_kt_name(const EVP_CIPHER *cipher_kt)
{
return "[null-cipher]";
}
return EVP_CIPHER_name(cipher_kt);
const char *name = EVP_CIPHER_name(cipher_kt);
return translate_cipher_name_to_openvpn(name);
}
int
@ -651,7 +648,7 @@ cipher_kt_block_size(const EVP_CIPHER *cipher)
int block_size = EVP_CIPHER_block_size(cipher);
orig_name = cipher_kt_name(cipher);
orig_name = EVP_CIPHER_name(cipher);
if (!orig_name)
{
goto cleanup;

3
src/openvpn/options.c
View File

@ -3782,8 +3782,7 @@ options_string(const struct options *o,
init_key_type(&kt, o->ciphername, o->authname, o->keysize, true,
false);
buf_printf(&out, ",cipher %s",
translate_cipher_name_to_openvpn(cipher_kt_name(kt.cipher)));
buf_printf(&out, ",cipher %s", cipher_kt_name(kt.cipher));
buf_printf(&out, ",auth %s", md_kt_name(kt.digest));
buf_printf(&out, ",keysize %d", kt.cipher_length * 8);
if (o->shared_secret_file)

3
src/openvpn/ssl_ncp.c
View File

@ -116,8 +116,7 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc)
}
else
{
const char *ovpn_cipher_name =
translate_cipher_name_to_openvpn(cipher_kt_name(ktc));
const char *ovpn_cipher_name = cipher_kt_name(ktc);
if (buf_len(&new_list)> 0)
{