Browse code
Config compatibility patch. Added translate_cipher_name.
Added translate_cipher name to crypto_openssl.c and crypto_polarssl.c
to translate between OpenVPN(/OpenSSL) and PolarSSL data channel
cipher algorithm names. OpenSSL does not require any translating,
PolarSSL does for a small number of algorithms. This improves on
config file compatibility between the OpenSSL and PolarSSL builds.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-5-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7435
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger authored on 2013/03/22 17:54:23Showing 4 changed files
- src/openvpn/crypto.c
- src/openvpn/crypto_backend.h
- src/openvpn/crypto_openssl.c
- src/openvpn/crypto_polarssl.c
| ... | ... |
@@ -401,7 +401,7 @@ init_key_type (struct key_type *kt, const char *ciphername, |
| 401 | 401 |
CLEAR (*kt); |
| 402 | 402 |
if (ciphername && ciphername_defined) |
| 403 | 403 |
{
|
| 404 |
- kt->cipher = cipher_kt_get (ciphername); |
|
| 404 |
+ kt->cipher = cipher_kt_get (translate_cipher_name_from_openvpn(ciphername)); |
|
| 405 | 405 |
kt->cipher_length = cipher_kt_key_size (kt->cipher); |
| 406 | 406 |
if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH) |
| 407 | 407 |
kt->cipher_length = keysize; |
| ... | ... |
@@ -63,6 +63,18 @@ void crypto_init_lib_engine (const char *engine_name); |
| 63 | 63 |
void crypto_init_dmalloc (void); |
| 64 | 64 |
#endif /* DMALLOC */ |
| 65 | 65 |
|
| 66 |
+/** |
|
| 67 |
+ * Translate a data channel cipher name from the OpenVPN config file |
|
| 68 |
+ * 'language' to the crypto library specific name. |
|
| 69 |
+ */ |
|
| 70 |
+const char * translate_cipher_name_from_openvpn (const char *cipher_name); |
|
| 71 |
+ |
|
| 72 |
+/** |
|
| 73 |
+ * Translate a data channel cipher name from the crypto library specific name |
|
| 74 |
+ * to the OpenVPN config file 'language'. |
|
| 75 |
+ */ |
|
| 76 |
+const char * translate_cipher_name_from_openvpn (const char *cipher_name); |
|
| 77 |
+ |
|
| 66 | 78 |
void show_available_ciphers (void); |
| 67 | 79 |
|
| 68 | 80 |
void show_available_digests (void); |
| ... | ... |
@@ -281,6 +281,18 @@ crypto_init_dmalloc (void) |
| 281 | 281 |
} |
| 282 | 282 |
#endif /* DMALLOC */ |
| 283 | 283 |
|
| 284 |
+const char * |
|
| 285 |
+translate_cipher_name_from_openvpn (const char *cipher_name) {
|
|
| 286 |
+ // OpenSSL doesn't require any translation |
|
| 287 |
+ return cipher_name; |
|
| 288 |
+} |
|
| 289 |
+ |
|
| 290 |
+const char * |
|
| 291 |
+translate_cipher_name_to_openvpn (const char *cipher_name) {
|
|
| 292 |
+ // OpenSSL doesn't require any translation |
|
| 293 |
+ return cipher_name; |
|
| 294 |
+} |
|
| 295 |
+ |
|
| 284 | 296 |
void |
| 285 | 297 |
show_available_ciphers () |
| 286 | 298 |
{
|
| ... | ... |
@@ -94,6 +94,53 @@ crypto_init_dmalloc (void) |
| 94 | 94 |
} |
| 95 | 95 |
#endif /* DMALLOC */ |
| 96 | 96 |
|
| 97 |
+typedef struct { const char * openvpn_name; const char * polarssl_name; } cipher_name_pair;
|
|
| 98 |
+cipher_name_pair cipher_name_translation_table[] = {
|
|
| 99 |
+ { "BF-CBC", "BLOWFISH-CBC" },
|
|
| 100 |
+ { "BF-CFB", "BLOWFISH-CFB64" },
|
|
| 101 |
+ { "CAMELLIA-128-CFB", "CAMELLIA-128-CFB128" },
|
|
| 102 |
+ { "CAMELLIA-192-CFB", "CAMELLIA-192-CFB128" },
|
|
| 103 |
+ { "CAMELLIA-256-CFB", "CAMELLIA-256-CFB128" }
|
|
| 104 |
+}; |
|
| 105 |
+ |
|
| 106 |
+const cipher_name_pair * |
|
| 107 |
+get_cipher_name_pair(const char *cipher_name) {
|
|
| 108 |
+ cipher_name_pair *pair; |
|
| 109 |
+ size_t i = 0; |
|
| 110 |
+ |
|
| 111 |
+ /* Search for a cipher name translation */ |
|
| 112 |
+ for (; i < sizeof (cipher_name_translation_table) / sizeof (*cipher_name_translation_table); i++) |
|
| 113 |
+ {
|
|
| 114 |
+ pair = &cipher_name_translation_table[i]; |
|
| 115 |
+ if (0 == strcmp (cipher_name, pair->openvpn_name) || |
|
| 116 |
+ 0 == strcmp (cipher_name, pair->polarssl_name)) |
|
| 117 |
+ return pair; |
|
| 118 |
+ } |
|
| 119 |
+ |
|
| 120 |
+ /* Nothing found, return null */ |
|
| 121 |
+ return NULL; |
|
| 122 |
+} |
|
| 123 |
+ |
|
| 124 |
+const char * |
|
| 125 |
+translate_cipher_name_from_openvpn (const char *cipher_name) {
|
|
| 126 |
+ const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); |
|
| 127 |
+ |
|
| 128 |
+ if (NULL == pair) |
|
| 129 |
+ return cipher_name; |
|
| 130 |
+ |
|
| 131 |
+ return pair->polarssl_name; |
|
| 132 |
+} |
|
| 133 |
+ |
|
| 134 |
+const char * |
|
| 135 |
+translate_cipher_name_to_openvpn (const char *cipher_name) {
|
|
| 136 |
+ const cipher_name_pair *pair = get_cipher_name_pair(cipher_name); |
|
| 137 |
+ |
|
| 138 |
+ if (NULL == pair) |
|
| 139 |
+ return cipher_name; |
|
| 140 |
+ |
|
| 141 |
+ return pair->openvpn_name; |
|
| 142 |
+} |
|
| 143 |
+ |
|
| 97 | 144 |
void |
| 98 | 145 |
show_available_ciphers () |
| 99 | 146 |
{
|
| ... | ... |
@@ -114,7 +161,7 @@ show_available_ciphers () |
| 114 | 114 |
|
| 115 | 115 |
if (info && info->mode == POLARSSL_MODE_CBC) |
| 116 | 116 |
printf ("%s %d bit default key\n",
|
| 117 |
- info->name, cipher_kt_key_size(info) * 8); |
|
| 117 |
+ cipher_kt_name(info), cipher_kt_key_size(info) * 8); |
|
| 118 | 118 |
|
| 119 | 119 |
ciphers++; |
| 120 | 120 |
} |
| ... | ... |
@@ -331,7 +378,8 @@ cipher_kt_name (const cipher_info_t *cipher_kt) |
| 331 | 331 |
{
|
| 332 | 332 |
if (NULL == cipher_kt) |
| 333 | 333 |
return "[null-cipher]"; |
| 334 |
- return cipher_kt->name; |
|
| 334 |
+ |
|
| 335 |
+ return translate_cipher_name_to_openvpn(cipher_kt->name); |
|
| 335 | 336 |
} |
| 336 | 337 |
|
| 337 | 338 |
int |