Am 16.08.12 10:38, schrieb Heiko Hund: > cipher_ctx_final() only returns an outlen in CBC mode. If CFB or OFB > are used the assertion outlen == iv_len is always false. > > There's no CBC mode defined for the GOST 28147-89 block cipher. Hence > this patch is needed for it to work. It's needed for other ciphers like > BF-CFB as well, though. > > Signed-off-by: Heiko Hund <heiko.h...@sophos.com> > --- > src/openvpn/crypto.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c > index ac2eecd..2f67e5e 100644 > --- a/src/openvpn/crypto.c > +++ b/src/openvpn/crypto.c > @@ -153,7 +153,7 @@ openvpn_encrypt (struct buffer *buf, struct buffer work, > /* Flush the encryption buffer */ > ASSERT(cipher_ctx_final(ctx->cipher, BPTR (&work) + outlen, &outlen)); > work.len += outlen; > - ASSERT (outlen == iv_size); > + ASSERT (mode != OPENVPN_MODE_CBC || outlen == iv_size); > > /* prepend the IV to the ciphertext */ > if (opt->flags & CO_USE_IV)
I have a user of my app that also tripped over this asssert line: > Here is the log that pointed it to me from the server side. > > Wed Jan 30 14:47:56 2013 208.54.86.158:52876 WARNING: 'cipher' is used > inconsistently, local='cipher AES-128-CBC', remote='cipher AES-128-CFB' > > Before that I had used cipher AES-256-CFB8, but I had forgotten the 8 on the > Android.