As Antonio pointed out, "8-bit block cipher" is a bit funny. So teach
print_cipher() to print such cipher as "stream cipher".
Because I didn't want to write the same code twice, I decided to merge the
two print_cipher() implementations into one shared function. That should
make it easier to keep both backends consistent.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20181009204315.8262-1-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17682.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -1769,6 +1769,33 @@ get_random(void) |
1769 | 1769 |
return l; |
1770 | 1770 |
} |
1771 | 1771 |
|
1772 |
+void |
|
1773 |
+print_cipher(const cipher_kt_t *cipher) |
|
1774 |
+{ |
|
1775 |
+ const char *var_key_size = cipher_kt_var_key_size(cipher) ? |
|
1776 |
+ " by default" : ""; |
|
1777 |
+ |
|
1778 |
+ printf("%s (%d bit key%s, ", |
|
1779 |
+ translate_cipher_name_to_openvpn(cipher_kt_name(cipher)), |
|
1780 |
+ cipher_kt_key_size(cipher) * 8, var_key_size); |
|
1781 |
+ |
|
1782 |
+ if (cipher_kt_block_size(cipher) == 1) |
|
1783 |
+ { |
|
1784 |
+ printf("stream cipher"); |
|
1785 |
+ } |
|
1786 |
+ else |
|
1787 |
+ { |
|
1788 |
+ printf("%d bit block", cipher_kt_block_size(cipher) * 8); |
|
1789 |
+ } |
|
1790 |
+ |
|
1791 |
+ if (!cipher_kt_mode_cbc(cipher)) |
|
1792 |
+ { |
|
1793 |
+ printf(", TLS client/server mode only"); |
|
1794 |
+ } |
|
1795 |
+ |
|
1796 |
+ printf(")\n"); |
|
1797 |
+} |
|
1798 |
+ |
|
1772 | 1799 |
static const cipher_name_pair * |
1773 | 1800 |
get_cipher_name_pair(const char *cipher_name) |
1774 | 1801 |
{ |
... | ... |
@@ -460,6 +460,9 @@ void prng_uninit(void); |
460 | 460 |
/* an analogue to the random() function, but use prng_bytes */ |
461 | 461 |
long int get_random(void); |
462 | 462 |
|
463 |
+/** Print a cipher list entry */ |
|
464 |
+void print_cipher(const cipher_kt_t *cipher); |
|
465 |
+ |
|
463 | 466 |
void test_crypto(struct crypto_options *co, struct frame *f); |
464 | 467 |
|
465 | 468 |
|
... | ... |
@@ -39,6 +39,7 @@ |
39 | 39 |
#include "errlevel.h" |
40 | 40 |
#include "basic.h" |
41 | 41 |
#include "buffer.h" |
42 |
+#include "crypto.h" |
|
42 | 43 |
#include "integer.h" |
43 | 44 |
#include "crypto_backend.h" |
44 | 45 |
#include "otime.h" |
... | ... |
@@ -140,26 +141,6 @@ const cipher_name_pair cipher_name_translation_table[] = { |
140 | 140 |
const size_t cipher_name_translation_table_count = |
141 | 141 |
sizeof(cipher_name_translation_table) / sizeof(*cipher_name_translation_table); |
142 | 142 |
|
143 |
-static void |
|
144 |
-print_cipher(const cipher_kt_t *info) |
|
145 |
-{ |
|
146 |
- if (info && (cipher_kt_mode_cbc(info) |
|
147 |
-#ifdef HAVE_AEAD_CIPHER_MODES |
|
148 |
- || cipher_kt_mode_aead(info) |
|
149 |
-#endif |
|
150 |
- )) |
|
151 |
- { |
|
152 |
- const char *ssl_only = cipher_kt_mode_cbc(info) ? |
|
153 |
- "" : ", TLS client/server mode only"; |
|
154 |
- const char *var_key_size = info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ? |
|
155 |
- " by default" : ""; |
|
156 |
- |
|
157 |
- printf("%s (%d bit key%s, %d bit block%s)\n", |
|
158 |
- cipher_kt_name(info), cipher_kt_key_size(info) * 8, var_key_size, |
|
159 |
- cipher_kt_block_size(info) * 8, ssl_only); |
|
160 |
- } |
|
161 |
-} |
|
162 |
- |
|
163 | 143 |
void |
164 | 144 |
show_available_ciphers(void) |
165 | 145 |
{ |
... | ... |
@@ -175,7 +156,8 @@ show_available_ciphers(void) |
175 | 175 |
while (*ciphers != 0) |
176 | 176 |
{ |
177 | 177 |
const cipher_kt_t *info = mbedtls_cipher_info_from_type(*ciphers); |
178 |
- if (info && !cipher_kt_insecure(info)) |
|
178 |
+ if (info && !cipher_kt_insecure(info) |
|
179 |
+ && (cipher_kt_mode_aead(info) || cipher_kt_mode_cbc(info))) |
|
179 | 180 |
{ |
180 | 181 |
print_cipher(info); |
181 | 182 |
} |
... | ... |
@@ -146,5 +146,9 @@ mbed_log_func_line_lite(unsigned int flags, int errval, |
146 | 146 |
#define mbed_ok(errval) \ |
147 | 147 |
mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__) |
148 | 148 |
|
149 |
+static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher) |
|
150 |
+{ |
|
151 |
+ return cipher->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN; |
|
152 |
+} |
|
149 | 153 |
|
150 | 154 |
#endif /* CRYPTO_MBEDTLS_H_ */ |
... | ... |
@@ -265,21 +265,6 @@ cipher_name_cmp(const void *a, const void *b) |
265 | 265 |
return strcmp(cipher_name_a, cipher_name_b); |
266 | 266 |
} |
267 | 267 |
|
268 |
-static void |
|
269 |
-print_cipher(const EVP_CIPHER *cipher) |
|
270 |
-{ |
|
271 |
- const char *var_key_size = |
|
272 |
- (EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH) ? |
|
273 |
- " by default" : ""; |
|
274 |
- const char *ssl_only = cipher_kt_mode_cbc(cipher) ? |
|
275 |
- "" : ", TLS client/server mode only"; |
|
276 |
- |
|
277 |
- printf("%s (%d bit key%s, %d bit block%s)\n", |
|
278 |
- translate_cipher_name_to_openvpn(EVP_CIPHER_name(cipher)), |
|
279 |
- EVP_CIPHER_key_length(cipher) * 8, var_key_size, |
|
280 |
- cipher_kt_block_size(cipher) * 8, ssl_only); |
|
281 |
-} |
|
282 |
- |
|
283 | 268 |
void |
284 | 269 |
show_available_ciphers(void) |
285 | 270 |
{ |
... | ... |
@@ -101,5 +101,9 @@ void crypto_print_openssl_errors(const unsigned int flags); |
101 | 101 |
msg((flags), __VA_ARGS__); \ |
102 | 102 |
} while (false) |
103 | 103 |
|
104 |
+static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher) |
|
105 |
+{ |
|
106 |
+ return EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH; |
|
107 |
+} |
|
104 | 108 |
|
105 | 109 |
#endif /* CRYPTO_OPENSSL_H_ */ |