static int
cipher_name_cmp(const void *a, const void *b)
{
const EVP_CIPHER *const *cipher_a = a;
const EVP_CIPHER *const *cipher_b = b;
const char *cipher_name_a =
translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a));
const char *cipher_name_b =
translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b));
return strcmp(cipher_name_a, cipher_name_b);
}
const char *
cipher_kt_name (const cipher_info_t *cipher_kt)
{
if (NULL == cipher_kt)
return "[null-cipher]";
return translate_cipher_name_to_openvpn(cipher_kt->name);
}
void
show_available_ciphers ()
{
int nid;
#ifndef ENABLE_SMALL
printf ("The following ciphers and cipher modes are available for use\n"
"with " PACKAGE_NAME ". Each cipher shown below may be use as a\n"
"parameter to the --cipher option. The default key size is\n"
"shown as well as whether or not it can be changed with the\n"
"--keysize directive. Using a CBC or GCM mode is recommended.\n"
"In static key mode only CBC mode is allowed.\n\n");
#endif
for (nid = 0; nid < 10000; ++nid) /* is there a better way to get the size of the nid list? */
{
const EVP_CIPHER *cipher = EVP_get_cipherbynid (nid);
if (cipher)
{
if (cipher_kt_mode_cbc(cipher)
#ifdef ENABLE_OFB_CFB_MODE
|| cipher_kt_mode_ofb_cfb(cipher)
#endif
#ifdef HAVE_AEAD_CIPHER_MODES
|| cipher_kt_mode_aead(cipher)
#endif
)
{
const char *var_key_size =
(EVP_CIPHER_flags (cipher) & EVP_CIPH_VARIABLE_LENGTH) ?
"variable" : "fixed";
const char *ssl_only = cipher_kt_mode_cbc(cipher) ?
"" : " (TLS client/server mode)";
printf ("%s %d bit default key (%s)%s\n",
translate_cipher_name_to_openvpn(OBJ_nid2sn (nid)),
EVP_CIPHER_key_length (cipher) * 8, var_key_size, ssl_only);
}
}
}
printf ("\n");
}
int
cipher_kt_block_size(const EVP_CIPHER *cipher)
{
/*
* OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work
* around that, try to replace the mode with 'CBC' and return the block size
* reported for that cipher, if possible. If that doesn't work, just return
* the value reported by OpenSSL.
*/
char *name = NULL;
char *mode_str = NULL;
const char *orig_name = NULL;
const EVP_CIPHER *cbc_cipher = NULL;
int block_size = EVP_CIPHER_block_size(cipher);
orig_name = cipher_kt_name(cipher);
if (!orig_name)
{
goto cleanup;
}
name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL);
mode_str = strrchr(name, '-');
if (!mode_str || strlen(mode_str) < 4)
{
goto cleanup;
}
strcpy(mode_str, "-CBC");
cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name));
if (cbc_cipher)
{
block_size = EVP_CIPHER_block_size(cbc_cipher);
}
cleanup:
free(name);
return block_size;
}
