[Openvpn-devel] [PATCH 1/3] Make cipher_kt_name always return normalised cipher name

Arne Schwabe Fri, 05 Jun 2020 04:26:27 -0700

The mbed TLS variant of the call already returned the normalised
name while the OpenSSL variant did not. On top of that, all calls but
one to cipher_kt_name were translate_cipher_name_to_openvpn. This commit
moves the call of translate_cipher_name_to_openvpn into cipher_kt_name
or avoids calling it twice in the case of mbed TLS.


The one case that did not translate_cipher_name_to_openvpn is an
internal ssl_openssl.c method that should call EVP_CIPHER_name anyway.

Also simplify cipher_name_cmp function that is only used by
openvpn --show-ciphers with the modified cipher_kt_name
function.

Signed-off-by: Arne Schwabe <a...@rfc2549.org>
---
 src/openvpn/crypto.c         |  4 ++--
 src/openvpn/crypto_backend.h |  2 ++
 src/openvpn/crypto_openssl.c | 13 +++++--------
 src/openvpn/options.c        |  3 +--
 src/openvpn/ssl_ncp.c        |  3 +--
 5 files changed, 11 insertions(+), 14 deletions(-)

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 2388027c..ba1fc095 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -847,7 +847,7 @@ init_key_ctx(struct key_ctx *ctx, const struct key *key,
         cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length,
                         kt->cipher, enc);
 
-        const char *ciphername = 
translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher));
+        const char *ciphername = cipher_kt_name(kt->cipher);
         msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key",
             prefix,
             ciphername,
@@ -1810,7 +1810,7 @@ print_cipher(const cipher_kt_t *cipher)
                                " by default" : "";
 
     printf("%s  (%d bit key%s, ",
-           translate_cipher_name_to_openvpn(cipher_kt_name(cipher)),
+           cipher_kt_name(cipher),
            cipher_kt_key_size(cipher) * 8, var_key_size);
 
     if (cipher_kt_block_size(cipher) == 1)
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index 1d206a8c..d46cb63f 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -237,6 +237,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername);
 
 /**
  * Retrieve a string describing the cipher (e.g. \c AES-128-CBC).
+ * The returned name is normalised to the OpenVPN config name in case the
+ * name differs from the name used by the crypto library.
  *
  * @param cipher_kt     Static cipher parameters
  *
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index a5b2c45a..13ab4859 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -266,12 +266,7 @@ cipher_name_cmp(const void *a, const void *b)
     const EVP_CIPHER *const *cipher_a = a;
     const EVP_CIPHER *const *cipher_b = b;
 
-    const char *cipher_name_a =
-        translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a));
-    const char *cipher_name_b =
-        translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b));
-
-    return strcmp(cipher_name_a, cipher_name_b);
+    return strcmp(cipher_kt_name(*cipher_a), cipher_kt_name(*cipher_b));
 }
 
 void
@@ -613,7 +608,9 @@ cipher_kt_name(const EVP_CIPHER *cipher_kt)
     {
         return "[null-cipher]";
     }
-    return EVP_CIPHER_name(cipher_kt);
+
+    const char *name = EVP_CIPHER_name(cipher_kt);
+    return translate_cipher_name_to_openvpn(name);
 }
 
 int
@@ -644,7 +641,7 @@ cipher_kt_block_size(const EVP_CIPHER *cipher)
 
     int block_size = EVP_CIPHER_block_size(cipher);
 
-    orig_name = cipher_kt_name(cipher);
+    orig_name = EVP_CIPHER_name(cipher);
     if (!orig_name)
     {
         goto cleanup;
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index d1e68a51..ec912d34 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3779,8 +3779,7 @@ options_string(const struct options *o,
         init_key_type(&kt, o->ciphername, o->authname, o->keysize, true,
                       false);
 
-        buf_printf(&out, ",cipher %s",
-                   
translate_cipher_name_to_openvpn(cipher_kt_name(kt.cipher)));
+        buf_printf(&out, ",cipher %s", cipher_kt_name(kt.cipher));
         buf_printf(&out, ",auth %s", md_kt_name(kt.digest));
         buf_printf(&out, ",keysize %d", kt.cipher_length * 8);
         if (o->shared_secret_file)
diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c
index 9ed6ff5f..042b0ce0 100644
--- a/src/openvpn/ssl_ncp.c
+++ b/src/openvpn/ssl_ncp.c
@@ -116,8 +116,7 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena 
*gc)
         }
         else
         {
-            const char *ovpn_cipher_name =
-                translate_cipher_name_to_openvpn(cipher_kt_name(ktc));
+            const char *ovpn_cipher_name = cipher_kt_name(ktc);
 
             if (buf_len(&new_list)> 0)
             {
-- 
2.26.0



_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/3] Make cipher_kt_name always return normalised cipher name

Reply via email to