Hi! We (Ltd. LISSI, http://www.lissi.ru, info at lissi.ru), are trying to use OpenVPN with stream ciphers, including Russian cipher GOST 28147-89(ALLOW_NON_CBC_CIPHERS flag is set).
And we found the bug: function EVP_CipherFinal() returns 0, when cipher has block_size == 1(stream cipher). So hear is the patch to fix the bug. P.S.: is it posible to make option in configure "--allow_non_cbc"? --- openvpn-2.0.7/crypto.c 2005-11-01 14:06:11.000000000 +0300 +++ openvpn-2.0.7-kent/crypto.c 2006-09-04 18:51:38.729055336 +0400 @@ -165,7 +165,9 @@ /* Flush the encryption buffer */ ASSERT (EVP_CipherFinal (ctx->cipher, BPTR (&work)+ outlen, &outlen)); work.len += outlen; - ASSERT (outlen == iv_size); + + if (mode == EVP_CIPH_CBC_MODE) + ASSERT (outlen == iv_size); /* prepend the IV to the ciphertext */ if (opt->flags & CO_USE_IV) -- Vladimir I. Kobylyanskiy, Ltd. LISSI, http://www.lissi.ru
