diff options
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r-- | src/openvpn/crypto.c | 44 |
1 files changed, 16 insertions, 28 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 5f482d0..0dba7ca 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -17,9 +17,10 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifdef HAVE_CONFIG_H @@ -64,8 +65,7 @@ static void openvpn_encrypt_aead(struct buffer *buf, struct buffer work, - struct crypto_options *opt) -{ + struct crypto_options *opt) { #ifdef HAVE_AEAD_CIPHER_MODES struct gc_arena gc; int outlen = 0; @@ -332,8 +332,7 @@ openvpn_encrypt(struct buffer *buf, struct buffer work, bool crypto_check_replay(struct crypto_options *opt, const struct packet_id_net *pin, const char *error_prefix, - struct gc_arena *gc) -{ + struct gc_arena *gc) { bool ret = false; packet_id_reap_test(&opt->packet_id.rec); if (packet_id_test(&opt->packet_id.rec, pin)) @@ -808,10 +807,7 @@ init_key_type(struct key_type *kt, const char *ciphername, { if (warn) { - msg(M_WARN, "******* WARNING *******: '--cipher none' was specified. " - "This means NO encryption will be performed and tunnelled " - "data WILL be transmitted in clear text over the network! " - "PLEASE DO RECONSIDER THIS SETTING!"); + msg(M_WARN, "******* WARNING *******: null cipher specified, no encryption will be used"); } } if (strcmp(authname, "none") != 0) @@ -831,11 +827,7 @@ init_key_type(struct key_type *kt, const char *ciphername, { if (warn) { - msg(M_WARN, "******* WARNING *******: '--auth none' was specified. " - "This means no authentication will be performed on received " - "packets, meaning you CANNOT trust that the data received by " - "the remote side have NOT been manipulated. " - "PLEASE DO RECONSIDER THIS SETTING!"); + msg(M_WARN, "******* WARNING *******: null MAC specified, no authentication will be used"); } } } @@ -851,7 +843,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key, if (kt->cipher && kt->cipher_length > 0) { - ctx->cipher = cipher_ctx_new(); + ALLOC_OBJ(ctx->cipher, cipher_ctx_t); cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length, kt->cipher, enc); @@ -875,7 +867,7 @@ init_key_ctx(struct key_ctx *ctx, struct key *key, } if (kt->digest && kt->hmac_length > 0) { - ctx->hmac = hmac_ctx_new(); + ALLOC_OBJ(ctx->hmac, hmac_ctx_t); hmac_ctx_init(ctx->hmac, key->hmac, kt->hmac_length, kt->digest); msg(D_HANDSHAKE, @@ -900,13 +892,13 @@ free_key_ctx(struct key_ctx *ctx) if (ctx->cipher) { cipher_ctx_cleanup(ctx->cipher); - cipher_ctx_free(ctx->cipher); + free(ctx->cipher); ctx->cipher = NULL; } if (ctx->hmac) { hmac_ctx_cleanup(ctx->hmac); - hmac_ctx_free(ctx->hmac); + free(ctx->hmac); ctx->hmac = NULL; } ctx->implicit_iv_len = 0; @@ -1030,8 +1022,7 @@ generate_key_random(struct key *key, const struct key_type *kt) struct gc_arena gc = gc_new(); - do - { + do { CLEAR(*key); if (kt) { @@ -1807,8 +1798,7 @@ get_random() } static const cipher_name_pair * -get_cipher_name_pair(const char *cipher_name) -{ +get_cipher_name_pair(const char *cipher_name) { const cipher_name_pair *pair; size_t i = 0; @@ -1828,8 +1818,7 @@ get_cipher_name_pair(const char *cipher_name) } const char * -translate_cipher_name_from_openvpn(const char *cipher_name) -{ +translate_cipher_name_from_openvpn(const char *cipher_name) { const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); if (NULL == pair) @@ -1841,8 +1830,7 @@ translate_cipher_name_from_openvpn(const char *cipher_name) } const char * -translate_cipher_name_to_openvpn(const char *cipher_name) -{ +translate_cipher_name_to_openvpn(const char *cipher_name) { const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); if (NULL == pair) |