summaryrefslogtreecommitdiff
path: root/src/openvpn/crypto.c
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff-webhosting.net>2017-06-27 13:56:16 +0200
committerJörg Frings-Fürst <debian@jff-webhosting.net>2017-06-27 13:56:16 +0200
commit749384a154025e268b53cf3cc79eaeddde2b3ceb (patch)
tree27baa9e6aec76635d750405d90cd461440a656d1 /src/openvpn/crypto.c
parentdb4f04c584f7d4e828b5d317cf40962b9d854ac5 (diff)
initial stretch branch release 2.4.0-6
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r--src/openvpn/crypto.c44
1 files changed, 16 insertions, 28 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 5f482d0..0dba7ca 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -17,9 +17,10 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * You should have received a copy of the GNU General Public License
+ * along with this program (see the file COPYING included with this
+ * distribution); if not, write to the Free Software Foundation, Inc.,
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifdef HAVE_CONFIG_H
@@ -64,8 +65,7 @@
static void
openvpn_encrypt_aead(struct buffer *buf, struct buffer work,
- struct crypto_options *opt)
-{
+ struct crypto_options *opt) {
#ifdef HAVE_AEAD_CIPHER_MODES
struct gc_arena gc;
int outlen = 0;
@@ -332,8 +332,7 @@ openvpn_encrypt(struct buffer *buf, struct buffer work,
bool
crypto_check_replay(struct crypto_options *opt,
const struct packet_id_net *pin, const char *error_prefix,
- struct gc_arena *gc)
-{
+ struct gc_arena *gc) {
bool ret = false;
packet_id_reap_test(&opt->packet_id.rec);
if (packet_id_test(&opt->packet_id.rec, pin))
@@ -808,10 +807,7 @@ init_key_type(struct key_type *kt, const char *ciphername,
{
if (warn)
{
- msg(M_WARN, "******* WARNING *******: '--cipher none' was specified. "
- "This means NO encryption will be performed and tunnelled "
- "data WILL be transmitted in clear text over the network! "
- "PLEASE DO RECONSIDER THIS SETTING!");
+ msg(M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used");
}
}
if (strcmp(authname, "none") != 0)
@@ -831,11 +827,7 @@ init_key_type(struct key_type *kt, const char *ciphername,
{
if (warn)
{
- msg(M_WARN, "******* WARNING *******: '--auth none' was specified. "
- "This means no authentication will be performed on received "
- "packets, meaning you CANNOT trust that the data received by "
- "the remote side have NOT been manipulated. "
- "PLEASE DO RECONSIDER THIS SETTING!");
+ msg(M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used");
}
}
}
@@ -851,7 +843,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
if (kt->cipher && kt->cipher_length > 0)
{
- ctx->cipher = cipher_ctx_new();
+ ALLOC_OBJ(ctx->cipher, cipher_ctx_t);
cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length,
kt->cipher, enc);
@@ -875,7 +867,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key,
}
if (kt->digest && kt->hmac_length > 0)
{
- ctx->hmac = hmac_ctx_new();
+ ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest);
msg(D_HANDSHAKE,
@@ -900,13 +892,13 @@ free_key_ctx(struct key_ctx *ctx)
if (ctx->cipher)
{
cipher_ctx_cleanup(ctx->cipher);
- cipher_ctx_free(ctx->cipher);
+ free(ctx->cipher);
ctx->cipher = NULL;
}
if (ctx->hmac)
{
hmac_ctx_cleanup(ctx->hmac);
- hmac_ctx_free(ctx->hmac);
+ free(ctx->hmac);
ctx->hmac = NULL;
}
ctx->implicit_iv_len = 0;
@@ -1030,8 +1022,7 @@ generate_key_random(struct key *key, const struct key_type *kt)
struct gc_arena gc = gc_new();
- do
- {
+ do {
CLEAR(*key);
if (kt)
{
@@ -1807,8 +1798,7 @@ get_random()
}
static const cipher_name_pair *
-get_cipher_name_pair(const char *cipher_name)
-{
+get_cipher_name_pair(const char *cipher_name) {
const cipher_name_pair *pair;
size_t i = 0;
@@ -1828,8 +1818,7 @@ get_cipher_name_pair(const char *cipher_name)
}
const char *
-translate_cipher_name_from_openvpn(const char *cipher_name)
-{
+translate_cipher_name_from_openvpn(const char *cipher_name) {
const cipher_name_pair *pair = get_cipher_name_pair(cipher_name);
if (NULL == pair)
@@ -1841,8 +1830,7 @@ translate_cipher_name_from_openvpn(const char *cipher_name)
}
const char *
-translate_cipher_name_to_openvpn(const char *cipher_name)
-{
+translate_cipher_name_to_openvpn(const char *cipher_name) {
const cipher_name_pair *pair = get_cipher_name_pair(cipher_name);
if (NULL == pair)