Browse code
refine assertion to allow other modes than CBC
cipher_ctx_final() only returns an outlen in CBC mode. If CFB or OFB
are used the assertion outlen == iv_len is always false.
There's no CBC mode defined for the GOST 28147-89 block cipher. Hence
this patch is needed for it to work. It's needed for other ciphers like
BF-CFB as well, though.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <538A00AA.7090007@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8748
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Heiko Hund authored on 2012/08/16 17:38:50Showing 1 changed files
| ... | ... |
@@ -171,7 +171,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, |
| 171 | 171 |
/* Flush the encryption buffer */ |
| 172 | 172 |
ASSERT(cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen)); |
| 173 | 173 |
work.len += outlen; |
| 174 |
- ASSERT (outlen == iv_size); |
|
| 174 |
+ ASSERT (mode != OPENVPN_MODE_CBC || outlen == iv_size); |
|
| 175 | 175 |
|
| 176 | 176 |
/* prepend the IV to the ciphertext */ |
| 177 | 177 |
if (opt->flags & CO_USE_IV) |