From: Vladimir I. Kobylyanskiy <kentli...@users.sourceforge.net> We (Ltd. LISSI, http://www.lissi.ru, info at lissi.ru), are trying to use OpenVPN with stream ciphers, including Russian cipher GOST 28147-89(ALLOW_NON_CBC_CIPHERS flag is set).
And we found the bug: function EVP_CipherFinal() returns 0, when cipher has block_size == 1(stream cipher). So hear is the patch to fix the bug. sf.net tracker: <https://sourceforge.net/tracker/?func=detail&aid=1552062&group_id=48978&atid=454721> Signed-off-by: David Sommerseth <d...@users.sourceforge.net> --- crypto.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/crypto.c b/crypto.c index 444f036..fd7d2ef 100644 --- a/crypto.c +++ b/crypto.c @@ -159,7 +159,8 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, /* Flush the encryption buffer */ ASSERT (EVP_CipherFinal (ctx->cipher, BPTR (&work) + outlen, &outlen)); work.len += outlen; - ASSERT (outlen == iv_size); + if (mode == EVP_CIPH_CBC_MODE) + ASSERT (outlen == iv_size); /* prepend the IV to the ciphertext */ if (opt->flags & CO_USE_IV) -- 1.6.6.1
