Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.

Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers to also show OFB/CFB ciphers along the way (becasue crypto.h was not included from crypto_openssl.c). Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <1402244175-31462-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/8781 Signed-off-by: Gert Doering <gert@greenie.muc.de>
2024-09-20 03:52:28 +02:00 · 2014-06-08 18:16:12 +02:00 · 2014-06-08 18:16:12 +02:00 · c353af2f47
commit c353af2f47
parent a637016ea3
4 changed files with 10 additions and 4 deletions
--- a/configure.ac
+++ b/configure.ac
@ -71,6 +71,13 @@ AC_ARG_ENABLE(
 	[enable_crypto="yes"]
 )

+AC_ARG_ENABLE(
+	[ofb-cfb],
+	[AS_HELP_STRING([--enable-ofb-cfb], [enable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
+	,
+	[enable_crypto_ofb_cfb="yes"]
+)
+
 AC_ARG_ENABLE(
 	[ssl],
 	[AS_HELP_STRING([--disable-ssl], [disable SSL support for TLS-based key exchange @<:@default=yes@:>@])],
@ -1094,6 +1101,7 @@ fi

 if test "${enable_crypto}" = "yes"; then
 	test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing])
+	test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
 	OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}"
 	OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}"
 	AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library])
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@ -428,7 +428,7 @@ init_key_type (struct key_type *kt, const char *ciphername,
      {
 	const unsigned int mode = cipher_kt_mode (kt->cipher);
 	if (!(mode == OPENVPN_MODE_CBC
-#ifdef ALLOW_NON_CBC_CIPHERS
+#ifdef ENABLE_OFB_CFB_MODE
 	      || (cfb_ofb_allowed && (mode == OPENVPN_MODE_CFB || mode == OPENVPN_MODE_OFB))
 #endif
 	      ))
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@ -32,8 +32,6 @@

 #ifdef ENABLE_CRYPTO

-#define ALLOW_NON_CBC_CIPHERS
-
 #include "crypto_backend.h"
 #include "basic.h"
 #include "buffer.h"
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@ -263,7 +263,7 @@ show_available_ciphers ()
 	{
 	  const unsigned int mode = EVP_CIPHER_mode (cipher);
 	  if (mode == EVP_CIPH_CBC_MODE
-#ifdef ALLOW_NON_CBC_CIPHERS
+#ifdef ENABLE_OFB_CFB_MODE
 	      || mode == EVP_CIPH_CFB_MODE || mode == EVP_CIPH_OFB_MODE
 #endif
 	      )