cipher_ctx_final() only returns an outlen in CBC mode. If CFB or OFB
are used the assertion outlen == iv_len is always false.
There's no CBC mode defined for the GOST 28147-89 block cipher. Hence
this patch is needed for it to work. It's needed for other ciphers like
BF-CFB as well, though.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <538A00AA.7090007@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8748
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -171,7 +171,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, |
171 | 171 |
/* Flush the encryption buffer */ |
172 | 172 |
ASSERT(cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen)); |
173 | 173 |
work.len += outlen; |
174 |
- ASSERT (outlen == iv_size); |
|
174 |
+ ASSERT (mode != OPENVPN_MODE_CBC || outlen == iv_size); |
|
175 | 175 |
|
176 | 176 |
/* prepend the IV to the ciphertext */ |
177 | 177 |
if (opt->flags & CO_USE_IV) |