Skip to content

Commit

Permalink
Fix iOS build
Browse files Browse the repository at this point in the history
  • Loading branch information
@outspace
outspace committed Jun 26, 2024
1 parent 54551ce commit e901077
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 31 deletions.
40 changes: 16 additions & 24 deletions openvpn/mbedtls/crypto/cipheraead.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,17 +109,10 @@ class CipherContextAEAD : public CipherContextCommon
size_t ad_len)
{
check_initialized();
const int status = mbedtls_cipher_auth_encrypt_ext(&ctx,
iv,
IV_LEN,
ad,
ad_len,
input,
length,
output,
length + AUTH_TAG_LEN,
&length,
AUTH_TAG_LEN);

const int status = mbedtls_cipher_auth_encrypt(&ctx, iv, IV_LEN, ad, ad_len, input, length,
output, &length, tag, AUTH_TAG_LEN);

if (unlikely(status))
OPENVPN_THROW(mbedtls_aead_error, "mbedtls_cipher_auth_encrypt failed with status=" << status);
}
Expand All @@ -136,19 +129,18 @@ class CipherContextAEAD : public CipherContextCommon
check_initialized();

size_t olen;
const int status = mbedtls_cipher_auth_decrypt_ext(&ctx,
iv,
IV_LEN,
ad,
ad_len,
input,
length,
output,
length - AUTH_TAG_LEN,
&olen,
AUTH_TAG_LEN);

return (olen == length - AUTH_TAG_LEN) && (status == 0);

// Older versions of mbed TLS have the tag a non const, even though it is

// not modified, const cast it here

const int status = mbedtls_cipher_auth_encrypt(&ctx, iv, IV_LEN, ad, ad_len, input, length, output, &length,

const_cast<unsigned char*>(tag), AUTH_TAG_LEN);

return status == 0;


}

bool is_initialized() const
Expand Down
15 changes: 8 additions & 7 deletions openvpn/ssl/proto.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1542,12 +1542,12 @@ class ProtoContext
// for example if cipher/digest are pushed.
struct DataChannelKey
{
DataChannelKey()
{
}
DataChannelKey() : rekey_defined(false) {}

bool rekey_defined;

OpenVPNStaticKey key;
std::optional<CryptoDCInstance::RekeyType> rekey_type;
CryptoDCInstance::RekeyType rekey_type;
};

public:
Expand Down Expand Up @@ -1915,7 +1915,7 @@ class ProtoContext
crypto->rekey(type);
else if (data_channel_key)
{
// save for deferred processing
data_channel_key->rekey_defined = true; // save for deferred processing
data_channel_key->rekey_type = type;
}
}
Expand Down Expand Up @@ -2023,6 +2023,7 @@ class ProtoContext

if (data_channel_key)
{
dck->rekey_defined = data_channel_key->rekey_defined;
dck->rekey_type = data_channel_key->rekey_type;
}
dck.swap(data_channel_key);
Expand Down Expand Up @@ -2161,8 +2162,8 @@ class ProtoContext

enable_compress = crypto->consider_compression(proto.config->comp_ctx);

if (data_channel_key->rekey_type.has_value())
crypto->rekey(data_channel_key->rekey_type.value());
if (data_channel_key->rekey_defined)
crypto->rekey(data_channel_key->rekey_type);
data_channel_key.reset();

// set up compression for data channel
Expand Down

0 comments on commit e901077

Please sign in to comment.