From: Felix Fietkau Date: Sat, 10 Dec 2016 11:26:59 +0000 (+0100) Subject: openvpn: fix disabling DES support in mbedtls X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44;p=openwrt%2Fstaging%2Fthess.git openvpn: fix disabling DES support in mbedtls Signed-off-by: Felix Fietkau Signed-off-by: Magnus Kroken --- diff --git a/package/network/services/openvpn/patches/220-disable_des.patch b/package/network/services/openvpn/patches/220-disable_des.patch new file mode 100644 index 0000000000..cd930709cb --- /dev/null +++ b/package/network/services/openvpn/patches/220-disable_des.patch @@ -0,0 +1,81 @@ +--- a/src/openvpn/syshead.h ++++ b/src/openvpn/syshead.h +@@ -594,11 +594,11 @@ socket_defined(const socket_descriptor_t + /* + * Should we include NTLM proxy functionality + */ +-#if defined(ENABLE_CRYPTO) +-#define NTLM 1 +-#else ++//#if defined(ENABLE_CRYPTO) ++//#define NTLM 1 ++//#else + #define NTLM 0 +-#endif ++//#endif + + /* + * Should we include proxy digest auth functionality +--- a/src/openvpn/crypto_mbedtls.c ++++ b/src/openvpn/crypto_mbedtls.c +@@ -320,6 +320,7 @@ int + key_des_num_cblocks(const mbedtls_cipher_info_t *kt) + { + int ret = 0; ++#ifdef MBEDTLS_DES_C + if (kt->type == MBEDTLS_CIPHER_DES_CBC) + { + ret = 1; +@@ -332,6 +333,7 @@ key_des_num_cblocks(const mbedtls_cipher + { + ret = 3; + } ++#endif + + dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret); + return ret; +@@ -340,6 +342,7 @@ key_des_num_cblocks(const mbedtls_cipher + bool + key_des_check(uint8_t *key, int key_len, int ndc) + { ++#ifdef MBEDTLS_DES_C + int i; + struct buffer b; + +@@ -368,11 +371,15 @@ key_des_check(uint8_t *key, int key_len, + + err: + return false; ++#else ++ return true; ++#endif + } + + void + key_des_fixup(uint8_t *key, int key_len, int ndc) + { ++#ifdef MBEDTLS_DES_C + int i; + struct buffer b; + +@@ -387,6 +394,7 @@ key_des_fixup(uint8_t *key, int key_len, + } + mbedtls_des_key_set_parity(key); + } ++#endif + } + + /* +@@ -698,10 +706,12 @@ cipher_des_encrypt_ecb(const unsigned ch + unsigned char *src, + unsigned char *dst) + { ++#ifdef MBEDTLS_DES_C + mbedtls_des_context ctx; + + ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key))); + ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst))); ++#endif + } + +