[LEDE-DEV] [PATCH RFC 2/2] openvpn: fix disabling DES support in mbedtls
Magnus Kroken
mkroken at gmail.com
Fri Dec 16 16:53:40 PST 2016
From: Felix Fietkau <nbd at nbd.name>
Signed-off-by: Felix Fietkau <nbd at nbd.name>
Signed-off-by: Magnus Kroken <mkroken at gmail.com>
---
Felix added this to his staging tree along with my 2.4_rc1 patch,
it needed updates after rc2 due to a style reformatting of the OpenVPN
codebase. Not sure if I got the rebasing right, let me know of any problems.
.../services/openvpn/patches/220-disable_des.patch | 81 ++++++++++++++++++++++
1 file changed, 81 insertions(+)
create mode 100644 package/network/services/openvpn/patches/220-disable_des.patch
diff --git a/package/network/services/openvpn/patches/220-disable_des.patch b/package/network/services/openvpn/patches/220-disable_des.patch
new file mode 100644
index 0000000..cd93070
--- /dev/null
+++ b/package/network/services/openvpn/patches/220-disable_des.patch
@@ -0,0 +1,81 @@
+--- a/src/openvpn/syshead.h
++++ b/src/openvpn/syshead.h
+@@ -594,11 +594,11 @@ socket_defined(const socket_descriptor_t
+ /*
+ * Should we include NTLM proxy functionality
+ */
+-#if defined(ENABLE_CRYPTO)
+-#define NTLM 1
+-#else
++//#if defined(ENABLE_CRYPTO)
++//#define NTLM 1
++//#else
+ #define NTLM 0
+-#endif
++//#endif
+
+ /*
+ * Should we include proxy digest auth functionality
+--- a/src/openvpn/crypto_mbedtls.c
++++ b/src/openvpn/crypto_mbedtls.c
+@@ -320,6 +320,7 @@ int
+ key_des_num_cblocks(const mbedtls_cipher_info_t *kt)
+ {
+ int ret = 0;
++#ifdef MBEDTLS_DES_C
+ if (kt->type == MBEDTLS_CIPHER_DES_CBC)
+ {
+ ret = 1;
+@@ -332,6 +333,7 @@ key_des_num_cblocks(const mbedtls_cipher
+ {
+ ret = 3;
+ }
++#endif
+
+ dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
+ return ret;
+@@ -340,6 +342,7 @@ key_des_num_cblocks(const mbedtls_cipher
+ bool
+ key_des_check(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+ int i;
+ struct buffer b;
+
+@@ -368,11 +371,15 @@ key_des_check(uint8_t *key, int key_len,
+
+ err:
+ return false;
++#else
++ return true;
++#endif
+ }
+
+ void
+ key_des_fixup(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+ int i;
+ struct buffer b;
+
+@@ -387,6 +394,7 @@ key_des_fixup(uint8_t *key, int key_len,
+ }
+ mbedtls_des_key_set_parity(key);
+ }
++#endif
+ }
+
+ /*
+@@ -698,10 +706,12 @@ cipher_des_encrypt_ecb(const unsigned ch
+ unsigned char *src,
+ unsigned char *dst)
+ {
++#ifdef MBEDTLS_DES_C
+ mbedtls_des_context ctx;
+
+ ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key)));
+ ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst)));
++#endif
+ }
+
+
--
2.1.4
More information about the Lede-dev
mailing list