[source] openvpn: fix disabling DES support in mbedtls

Thu Dec 22 07:46:20 PST 2016

nbd pushed a commit to source.git, branch master:
https://git.lede-project.org/e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44

commit e6871ab9254fc463e8dcbdc72e2fe87a1fec5c44
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Sat Dec 10 12:26:59 2016 +0100

    openvpn: fix disabling DES support in mbedtls
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
    Signed-off-by: Magnus Kroken <mkroken at gmail.com>
---
 .../services/openvpn/patches/220-disable_des.patch | 81 ++++++++++++++++++++++
 1 file changed, 81 insertions(+)

diff --git a/package/network/services/openvpn/patches/220-disable_des.patch b/package/network/services/openvpn/patches/220-disable_des.patch
new file mode 100644
index 0000000..cd93070
--- /dev/null
+++ b/package/network/services/openvpn/patches/220-disable_des.patch
@@ -0,0 +1,81 @@
+--- a/src/openvpn/syshead.h
++++ b/src/openvpn/syshead.h
+@@ -594,11 +594,11 @@ socket_defined(const socket_descriptor_t
+ /*
+  * Should we include NTLM proxy functionality
+  */
+-#if defined(ENABLE_CRYPTO)
+-#define NTLM 1
+-#else
++//#if defined(ENABLE_CRYPTO)
++//#define NTLM 1
++//#else
+ #define NTLM 0
+-#endif
++//#endif
+ 
+ /*
+  * Should we include proxy digest auth functionality
+--- a/src/openvpn/crypto_mbedtls.c
++++ b/src/openvpn/crypto_mbedtls.c
+@@ -320,6 +320,7 @@ int
+ key_des_num_cblocks(const mbedtls_cipher_info_t *kt)
+ {
+     int ret = 0;
++#ifdef MBEDTLS_DES_C
+     if (kt->type == MBEDTLS_CIPHER_DES_CBC)
+     {
+         ret = 1;
+@@ -332,6 +333,7 @@ key_des_num_cblocks(const mbedtls_cipher
+     {
+         ret = 3;
+     }
++#endif
+ 
+     dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
+     return ret;
+@@ -340,6 +342,7 @@ key_des_num_cblocks(const mbedtls_cipher
+ bool
+ key_des_check(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+     int i;
+     struct buffer b;
+ 
+@@ -368,11 +371,15 @@ key_des_check(uint8_t *key, int key_len,
+ 
+ err:
+     return false;
++#else
++    return true;
++#endif
+ }
+ 
+ void
+ key_des_fixup(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+     int i;
+     struct buffer b;
+ 
+@@ -387,6 +394,7 @@ key_des_fixup(uint8_t *key, int key_len,
+         }
+         mbedtls_des_key_set_parity(key);
+     }
++#endif
+ }
+ 
+ /*
+@@ -698,10 +706,12 @@ cipher_des_encrypt_ecb(const unsigned ch
+                        unsigned char *src,
+                        unsigned char *dst)
+ {
++#ifdef MBEDTLS_DES_C
+     mbedtls_des_context ctx;
+ 
+     ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key)));
+     ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst)));
++#endif
+ }
+ 
+ 

