GitList

Browse code

Really fix '--cipher none' regression

... by not incorrectly hinting to the compiler the function argument of
cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
case.

Verified the fix on Debian Wheezy, one of the platforms the reporter in
trac #473 mentions with a compiler that would optimize out the required
checks.

Also add a testcase for --cipher none to t_lpback, to prevent further
regressions.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Steffan Karger authored on 2014/12/03 05:42:00
Showing 2 changed files

src/openvpn/crypto_backend.h

History View file @ 98156e9

@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt);
+                      *
                       * @return		true iff the cipher is a CBC mode cipher.
                       */
                     -bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
                     -  __attribute__((nonnull));
                     +bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
                      /**
                       * Check if the supplied cipher is a supported OFB or CFB mode cipher.
@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
+                      *
                       * @return		true iff the cipher is a OFB or CFB mode cipher.
                       */
                     -bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
                     -  __attribute__((nonnull));
                     +bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
                      /**

tests/t_lpback.sh

History View file @ 98156e9

@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \
                      # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
                      CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
                     +# Also test cipher 'none'
                     +CIPHERS=${CIPHERS}$(printf "\nnone")
+                    +
                      "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
                      set +e