aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2016-12-10 12:26:59 +0100
committerFelix Fietkau <nbd@nbd.name>2016-12-22 16:42:19 +0100
commite6871ab9254fc463e8dcbdc72e2fe87a1fec5c44 (patch)
tree6bc693fad4959cd73fd8c534eeb048174d1791b0
parent13592c14541b6dbd9e572b68f30b38fe9788f23f (diff)
downloadupstream-e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44.tar.gz
upstream-e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44.tar.bz2
upstream-e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44.zip
openvpn: fix disabling DES support in mbedtls
Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Magnus Kroken <mkroken@gmail.com>
-rw-r--r--package/network/services/openvpn/patches/220-disable_des.patch81
1 files changed, 81 insertions, 0 deletions
diff --git a/package/network/services/openvpn/patches/220-disable_des.patch b/package/network/services/openvpn/patches/220-disable_des.patch
new file mode 100644
index 0000000000..cd930709cb
--- /dev/null
+++ b/package/network/services/openvpn/patches/220-disable_des.patch
@@ -0,0 +1,81 @@
+--- a/src/openvpn/syshead.h
++++ b/src/openvpn/syshead.h
+@@ -594,11 +594,11 @@ socket_defined(const socket_descriptor_t
+ /*
+ * Should we include NTLM proxy functionality
+ */
+-#if defined(ENABLE_CRYPTO)
+-#define NTLM 1
+-#else
++//#if defined(ENABLE_CRYPTO)
++//#define NTLM 1
++//#else
+ #define NTLM 0
+-#endif
++//#endif
+
+ /*
+ * Should we include proxy digest auth functionality
+--- a/src/openvpn/crypto_mbedtls.c
++++ b/src/openvpn/crypto_mbedtls.c
+@@ -320,6 +320,7 @@ int
+ key_des_num_cblocks(const mbedtls_cipher_info_t *kt)
+ {
+ int ret = 0;
++#ifdef MBEDTLS_DES_C
+ if (kt->type == MBEDTLS_CIPHER_DES_CBC)
+ {
+ ret = 1;
+@@ -332,6 +333,7 @@ key_des_num_cblocks(const mbedtls_cipher
+ {
+ ret = 3;
+ }
++#endif
+
+ dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
+ return ret;
+@@ -340,6 +342,7 @@ key_des_num_cblocks(const mbedtls_cipher
+ bool
+ key_des_check(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+ int i;
+ struct buffer b;
+
+@@ -368,11 +371,15 @@ key_des_check(uint8_t *key, int key_len,
+
+ err:
+ return false;
++#else
++ return true;
++#endif
+ }
+
+ void
+ key_des_fixup(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+ int i;
+ struct buffer b;
+
+@@ -387,6 +394,7 @@ key_des_fixup(uint8_t *key, int key_len,
+ }
+ mbedtls_des_key_set_parity(key);
+ }
++#endif
+ }
+
+ /*
+@@ -698,10 +706,12 @@ cipher_des_encrypt_ecb(const unsigned ch
+ unsigned char *src,
+ unsigned char *dst)
+ {
++#ifdef MBEDTLS_DES_C
+ mbedtls_des_context ctx;
+
+ ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key)));
+ ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst)));
++#endif
+ }
+
+