1 files changed, 13 insertions, 24 deletions

diff --git a/main/openvpn/src/openvpn/crypto.h b/main/openvpn/src/openvpn/crypto.h
index b0b1df48..3c4e59d7 100644
--- a/main/openvpn/src/openvpn/crypto.h
+++ b/main/openvpn/src/openvpn/crypto.h
@@ -63,15 +63,13 @@ struct key
 
 
 /**
- * Container for one set of cipher and/or HMAC contexts.
+ * Container for one set of OpenSSL cipher and/or HMAC contexts.
  * @ingroup control_processor
  */
 struct key_ctx
 {
   cipher_ctx_t *cipher;      	/**< Generic cipher %context. */
-  hmac_ctx_t *hmac;             /**< Generic HMAC %context. */
-  uint8_t *implicit_iv;		/**< The implicit part of the IV */
-  size_t implicit_iv_len;       /**< The length of implicit_iv */
+  hmac_ctx_t *hmac;               /**< Generic HMAC %context. */
 };
 
 #define KEY_DIRECTION_BIDIRECTIONAL 0 /* same keys for both directions */
@@ -122,10 +120,10 @@ struct key_direction_state
  */
 struct key_ctx_bi
 {
-  struct key_ctx encrypt;       /**< Cipher and/or HMAC contexts for sending
-				 *   direction. */
-  struct key_ctx decrypt;       /**< cipher and/or HMAC contexts for
-                                 *   receiving direction. */
+  struct key_ctx encrypt;       /**< OpenSSL cipher and/or HMAC contexts
+                                 *   for sending direction. */
+  struct key_ctx decrypt;       /**< OpenSSL cipher and/or HMAC contexts
+                                 *   for receiving direction. */
 };
 
 /**
@@ -134,11 +132,11 @@ struct key_ctx_bi
  */
 struct crypto_options
 {
-  struct key_ctx_bi key_ctx_bi;
+  struct key_ctx_bi *key_ctx_bi;
                                 /**< OpenSSL cipher and HMAC contexts for
                                  *   both sending and receiving
                                  *   directions. */
-  struct packet_id packet_id;   /**< Current packet ID state for both
+  struct packet_id *packet_id;  /**< Current packet ID state for both
                                  *   sending and receiving directions. */
   struct packet_id_persist *pid_persist;
                                 /**< Persistent packet ID state for
@@ -205,17 +203,6 @@ void free_key_ctx (struct key_ctx *ctx);
 
 void free_key_ctx_bi (struct key_ctx_bi *ctx);
 
-/**
- * Set an implicit IV for a key context.
- *
- * @param ctx	The key context to update
- * @param iv	The implicit IV to load into ctx
- * @param len	The length (in bytes) of iv
- */
-bool key_ctx_set_implicit_iv (struct key_ctx *ctx, const uint8_t *iv,
-    size_t len);
-
-
 
 /**************************************************************************/
 /** @name Functions for performing security operations on data channel packets
@@ -249,7 +236,8 @@ bool key_ctx_set_implicit_iv (struct key_ctx *ctx, const uint8_t *iv,
  *     error occurred.
  */
 void openvpn_encrypt (struct buffer *buf, struct buffer work,
-		      struct crypto_options *opt, const struct frame* frame);
+		      const struct crypto_options *opt,
+		      const struct frame* frame);
 
 
 /**
@@ -284,7 +272,8 @@ void openvpn_encrypt (struct buffer *buf, struct buffer work,
  *     an error occurred.
  */
 bool openvpn_decrypt (struct buffer *buf, struct buffer work,
-		      struct crypto_options *opt, const struct frame* frame);
+		      const struct crypto_options *opt,
+		      const struct frame* frame);
 
 
 bool crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt);
@@ -336,7 +325,7 @@ void prng_bytes (uint8_t *output, int len);
 
 void prng_uninit ();
 
-void test_crypto (struct crypto_options *co, struct frame* f);
+void test_crypto (const struct crypto_options *co, struct frame* f);
 
 
 /* key direction functions */