diff options
author | Felix Fietkau <nbd@nbd.name> | 2016-12-10 12:26:59 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2016-12-22 16:42:19 +0100 |
commit | e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44 (patch) | |
tree | 6bc693fad4959cd73fd8c534eeb048174d1791b0 | |
parent | 13592c14541b6dbd9e572b68f30b38fe9788f23f (diff) | |
download | upstream-e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44.tar.gz upstream-e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44.tar.bz2 upstream-e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44.zip |
openvpn: fix disabling DES support in mbedtls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
-rw-r--r-- | package/network/services/openvpn/patches/220-disable_des.patch | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/package/network/services/openvpn/patches/220-disable_des.patch b/package/network/services/openvpn/patches/220-disable_des.patch new file mode 100644 index 0000000000..cd930709cb --- /dev/null +++ b/package/network/services/openvpn/patches/220-disable_des.patch @@ -0,0 +1,81 @@ +--- a/src/openvpn/syshead.h ++++ b/src/openvpn/syshead.h +@@ -594,11 +594,11 @@ socket_defined(const socket_descriptor_t + /* + * Should we include NTLM proxy functionality + */ +-#if defined(ENABLE_CRYPTO) +-#define NTLM 1 +-#else ++//#if defined(ENABLE_CRYPTO) ++//#define NTLM 1 ++//#else + #define NTLM 0 +-#endif ++//#endif + + /* + * Should we include proxy digest auth functionality +--- a/src/openvpn/crypto_mbedtls.c ++++ b/src/openvpn/crypto_mbedtls.c +@@ -320,6 +320,7 @@ int + key_des_num_cblocks(const mbedtls_cipher_info_t *kt) + { + int ret = 0; ++#ifdef MBEDTLS_DES_C + if (kt->type == MBEDTLS_CIPHER_DES_CBC) + { + ret = 1; +@@ -332,6 +333,7 @@ key_des_num_cblocks(const mbedtls_cipher + { + ret = 3; + } ++#endif + + dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret); + return ret; +@@ -340,6 +342,7 @@ key_des_num_cblocks(const mbedtls_cipher + bool + key_des_check(uint8_t *key, int key_len, int ndc) + { ++#ifdef MBEDTLS_DES_C + int i; + struct buffer b; + +@@ -368,11 +371,15 @@ key_des_check(uint8_t *key, int key_len, + + err: + return false; ++#else ++ return true; ++#endif + } + + void + key_des_fixup(uint8_t *key, int key_len, int ndc) + { ++#ifdef MBEDTLS_DES_C + int i; + struct buffer b; + +@@ -387,6 +394,7 @@ key_des_fixup(uint8_t *key, int key_len, + } + mbedtls_des_key_set_parity(key); + } ++#endif + } + + /* +@@ -698,10 +706,12 @@ cipher_des_encrypt_ecb(const unsigned ch + unsigned char *src, + unsigned char *dst) + { ++#ifdef MBEDTLS_DES_C + mbedtls_des_context ctx; + + ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key))); + ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst))); ++#endif + } + + |