static int cipher_name_cmp(const void *a, const void *b) { const EVP_CIPHER *const *cipher_a = a; const EVP_CIPHER *const *cipher_b = b; const char *cipher_name_a = translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_a)); const char *cipher_name_b = translate_cipher_name_to_openvpn(EVP_CIPHER_name(*cipher_b)); return strcmp(cipher_name_a, cipher_name_b); }
const char * cipher_kt_name (const cipher_info_t *cipher_kt) { if (NULL == cipher_kt) return "[null-cipher]"; return translate_cipher_name_to_openvpn(cipher_kt->name); }
void show_available_ciphers () { int nid; #ifndef ENABLE_SMALL printf ("The following ciphers and cipher modes are available for use\n" "with " PACKAGE_NAME ". Each cipher shown below may be use as a\n" "parameter to the --cipher option. The default key size is\n" "shown as well as whether or not it can be changed with the\n" "--keysize directive. Using a CBC or GCM mode is recommended.\n" "In static key mode only CBC mode is allowed.\n\n"); #endif for (nid = 0; nid < 10000; ++nid) /* is there a better way to get the size of the nid list? */ { const EVP_CIPHER *cipher = EVP_get_cipherbynid (nid); if (cipher) { if (cipher_kt_mode_cbc(cipher) #ifdef ENABLE_OFB_CFB_MODE || cipher_kt_mode_ofb_cfb(cipher) #endif #ifdef HAVE_AEAD_CIPHER_MODES || cipher_kt_mode_aead(cipher) #endif ) { const char *var_key_size = (EVP_CIPHER_flags (cipher) & EVP_CIPH_VARIABLE_LENGTH) ? "variable" : "fixed"; const char *ssl_only = cipher_kt_mode_cbc(cipher) ? "" : " (TLS client/server mode)"; printf ("%s %d bit default key (%s)%s\n", translate_cipher_name_to_openvpn(OBJ_nid2sn (nid)), EVP_CIPHER_key_length (cipher) * 8, var_key_size, ssl_only); } } } printf ("\n"); }
int cipher_kt_block_size(const EVP_CIPHER *cipher) { /* * OpenSSL reports OFB/CFB/GCM cipher block sizes as '1 byte'. To work * around that, try to replace the mode with 'CBC' and return the block size * reported for that cipher, if possible. If that doesn't work, just return * the value reported by OpenSSL. */ char *name = NULL; char *mode_str = NULL; const char *orig_name = NULL; const EVP_CIPHER *cbc_cipher = NULL; int block_size = EVP_CIPHER_block_size(cipher); orig_name = cipher_kt_name(cipher); if (!orig_name) { goto cleanup; } name = string_alloc(translate_cipher_name_to_openvpn(orig_name), NULL); mode_str = strrchr(name, '-'); if (!mode_str || strlen(mode_str) < 4) { goto cleanup; } strcpy(mode_str, "-CBC"); cbc_cipher = EVP_get_cipherbyname(translate_cipher_name_from_openvpn(name)); if (cbc_cipher) { block_size = EVP_CIPHER_block_size(cbc_cipher); } cleanup: free(name); return block_size; }