diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2015-01-04 12:03:51 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2015-01-04 12:03:51 +0000 |
| commit | 3bc784e07c5859bc1e2eb43eebd9afdbb999e1c8 (patch) | |
| tree | 3be95aa37a368e954b45c853465be6e122d76259 | |
| parent | ce61b3c5ccff4a59a3173484130aa955fa0e35ec (diff) | |
| download | upstream-3bc784e07c5859bc1e2eb43eebd9afdbb999e1c8.tar.gz upstream-3bc784e07c5859bc1e2eb43eebd9afdbb999e1c8.tar.bz2 upstream-3bc784e07c5859bc1e2eb43eebd9afdbb999e1c8.zip | |
openvpn: backport an upstream fix for a regression in using --cipher none (fixes #18676)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r43823
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43824 3c298f89-4303-0410-b956-a3cf2f4a3e73
| -rw-r--r-- | package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch b/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch new file mode 100644 index 0000000000..af445e3bc8 --- /dev/null +++ b/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch @@ -0,0 +1,57 @@ +commit 98156e90e1e83133a6a6a020db8e7333ada6156b +Author: Steffan Karger <steffan@karger.me> +Date: Tue Dec 2 21:42:00 2014 +0100 + + Really fix '--cipher none' regression + + ... by not incorrectly hinting to the compiler the function argument of + cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the + case. + + Verified the fix on Debian Wheezy, one of the platforms the reporter in + trac #473 mentions with a compiler that would optimize out the required + checks. + + Also add a testcase for --cipher none to t_lpback, to prevent further + regressions. + + Signed-off-by: Steffan Karger <steffan@karger.me> + Acked-by: Gert Doering <gert@greenie.muc.de> + Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me> + URL: http://article.gmane.org/gmane.network.openvpn.devel/9300 + Signed-off-by: Gert Doering <gert@greenie.muc.de> + +--- a/src/openvpn/crypto_backend.h ++++ b/src/openvpn/crypto_backend.h +@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c + * + * @return true iff the cipher is a CBC mode cipher. + */ +-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) +- __attribute__((nonnull)); ++bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); + + /** + * Check if the supplied cipher is a supported OFB or CFB mode cipher. +@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_ + * + * @return true iff the cipher is a OFB or CFB mode cipher. + */ +-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) +- __attribute__((nonnull)); ++bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); + + + /** +--- a/tests/t_lpback.sh ++++ b/tests/t_lpback.sh +@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op + # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) + CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) + ++# Also test cipher 'none' ++CIPHERS=${CIPHERS}$(printf "\nnone") ++ + "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ + set +e + |