diff options
Diffstat (limited to 'src/openvpn/tls_crypt.c')
| -rw-r--r-- | src/openvpn/tls_crypt.c | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index e13bb4e..4c7170f 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -16,9 +16,10 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #ifdef HAVE_CONFIG_H @@ -43,14 +44,15 @@ tls_crypt_buf_overhead(void) void tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, - const char *key_inline, bool tls_server) -{ + const char *key_inline, bool tls_server) { const int key_direction = tls_server ? KEY_DIRECTION_NORMAL : KEY_DIRECTION_INVERSE; struct key_type kt; kt.cipher = cipher_kt_get("AES-256-CTR"); + kt.cipher_length = cipher_kt_key_size(kt.cipher); kt.digest = md_kt_get("SHA256"); + kt.hmac_length = md_kt_size(kt.digest); if (!kt.cipher) { @@ -61,9 +63,6 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char *key_file, msg(M_FATAL, "ERROR: --tls-crypt requires HMAC-SHA-256 support."); } - kt.cipher_length = cipher_kt_key_size(kt.cipher); - kt.hmac_length = md_kt_size(kt.digest); - crypto_read_openvpn_key(&kt, key, key_file, key_inline, key_direction, "Control Channel Encryption", "tls-crypt"); } @@ -80,8 +79,7 @@ tls_crypt_adjust_frame_parameters(struct frame *frame) bool tls_crypt_wrap(const struct buffer *src, struct buffer *dst, - struct crypto_options *opt) -{ + struct crypto_options *opt) { const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt; struct gc_arena gc; |