Squashed 'Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/' changes from 7db7a009b0..29e060ffb3

29e060ffb3 CryptoAlgs: Don't report any digests for ciphers not using them 87d40ed8da ovpncli.cpp: socket_protect implementation for agent-enabled builds 12763bbbb8 win/client/tunsetup.hpp: implement add_bypass_route() method c445361969 vcxprox: add missing file 0d7143c4bf transport: enable socket_protect call for all platforms a6cae41285 cliopt.hpp: disable remote list bypass for agent-enabled build 3166957e2e add error codes for better error management at profile parsing time git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn git-subtree-split: 29e060ffb34b8a4067d8d01f6506bdb2d220df02
2026-05-13 00:04:14 +08:00 · 2019-10-25 20:14:12 +03:00
parent 8e87aecebf
commit 688ce11081
12 changed files with 90 additions and 34 deletions
@@ -80,6 +80,7 @@ namespace openvpn {
      F_CIPHER=(1<<2),    // alg is a cipher
      F_DIGEST=(1<<3),    // alg is a digest
      F_ALLOW_DC=(1<<4),  // alg may be used in OpenVPN data channel
+      F_NO_CIPHER_DIGEST=(1<<5), // cipher alg does not depend on any additional digest
    };

    // size in bytes of AEAD "nonce tail" normally taken from
@@ -130,9 +131,9 @@ namespace openvpn {
      { "DES-EDE3-CBC", F_CIPHER|F_ALLOW_DC|CBC_HMAC,          24,  8,  8 },
      { "BF-CBC",       F_CIPHER|F_ALLOW_DC|CBC_HMAC,          16,  8,  8 },
      { "AES-256-CTR",  F_CIPHER,                              32, 16, 16 },
-      { "AES-128-GCM",  F_CIPHER|F_ALLOW_DC|AEAD,              16, 12, 16 },
-      { "AES-192-GCM",  F_CIPHER|F_ALLOW_DC|AEAD,              24, 12, 16 },
-      { "AES-256-GCM",  F_CIPHER|F_ALLOW_DC|AEAD,              32, 12, 16 },
+      { "AES-128-GCM",  F_CIPHER|F_ALLOW_DC|AEAD|F_NO_CIPHER_DIGEST,  16, 12, 16 },
+      { "AES-192-GCM",  F_CIPHER|F_ALLOW_DC|AEAD|F_NO_CIPHER_DIGEST,  24, 12, 16 },
+      { "AES-256-GCM",  F_CIPHER|F_ALLOW_DC|AEAD|F_NO_CIPHER_DIGEST,  32, 12, 16 },
      { "MD4",          F_DIGEST,                              16,  0,  0 },
      { "MD5",          F_DIGEST|F_ALLOW_DC,                   16,  0,  0 },
      { "SHA1",         F_DIGEST|F_ALLOW_DC,                   20,  0,  0 },
@@ -240,6 +241,20 @@ namespace openvpn {
      return type;
    }

+    /**
+     *  Check if a specific algorithm depends on an additional digest or not
+     *
+     * @param type CryptoAlgs::Type to check
+     *
+     * @return Returns true if the queried algorithm depends on a digest,
+     * 	       otherwise false.  The check is done strictly against the
+     * 	       CryptoAlgs::AlgFlags F_NO_CIPHER_DIGEST flag.
+     */
+    inline bool use_cipher_digest(const Type type)
+    {
+      const Alg& alg = get(type);
+      return !(alg.flags() & F_NO_CIPHER_DIGEST);
+    }
  }
 }

@@ -184,7 +184,19 @@ namespace openvpn {
    }

    CryptoAlgs::Type cipher() const { return cipher_; }
-    CryptoAlgs::Type digest() const { return digest_; }
+
+    /**
+     *  Retrieve the digest configured for the data channel.
+     *  If the configured data channel cipher does not use any
+     *  additional digest, CryptoAlgs::NONE is returned.
+     *
+     * @return  Returns the cipher digest in use
+     */
+    CryptoAlgs::Type digest() const
+    {
+      return (CryptoAlgs::use_cipher_digest(cipher_) ? digest_ : CryptoAlgs::NONE);
+    }
+

    CryptoDCFactory::Ptr factory() const { return factory_; }