openvpn: allow usage of cipher null.
This commit is contained in:
parent
cc5ced589e
commit
226aea34bd
2 changed files with 58 additions and 1 deletions
57
srcpkgs/openvpn/patches/001-backport_cipher_none_fix.patch
Normal file
57
srcpkgs/openvpn/patches/001-backport_cipher_none_fix.patch
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
commit 98156e90e1e83133a6a6a020db8e7333ada6156b
|
||||||
|
Author: Steffan Karger <stef...@karger.me>
|
||||||
|
Date: Tue Dec 2 21:42:00 2014 +0100
|
||||||
|
|
||||||
|
Really fix '--cipher none' regression
|
||||||
|
|
||||||
|
... by not incorrectly hinting to the compiler the function argument of
|
||||||
|
cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
|
||||||
|
case.
|
||||||
|
|
||||||
|
Verified the fix on Debian Wheezy, one of the platforms the reporter in
|
||||||
|
trac #473 mentions with a compiler that would optimize out the required
|
||||||
|
checks.
|
||||||
|
|
||||||
|
Also add a testcase for --cipher none to t_lpback, to prevent further
|
||||||
|
regressions.
|
||||||
|
|
||||||
|
Signed-off-by: Steffan Karger <stef...@karger.me>
|
||||||
|
Acked-by: Gert Doering <g...@greenie.muc.de>
|
||||||
|
Message-Id: <1417552920-31770-1-git-send-email-stef...@karger.me>
|
||||||
|
URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
|
||||||
|
Signed-off-by: Gert Doering <g...@greenie.muc.de>
|
||||||
|
|
||||||
|
--- src/openvpn/crypto_backend.h
|
||||||
|
+++ src/openvpn/crypto_backend.h
|
||||||
|
@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c
|
||||||
|
*
|
||||||
|
* @return true iff the cipher is a CBC mode cipher.
|
||||||
|
*/
|
||||||
|
-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
|
||||||
|
- __attribute__((nonnull));
|
||||||
|
+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the supplied cipher is a supported OFB or CFB mode cipher.
|
||||||
|
@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_
|
||||||
|
*
|
||||||
|
* @return true iff the cipher is a OFB or CFB mode cipher.
|
||||||
|
*/
|
||||||
|
-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
|
||||||
|
- __attribute__((nonnull));
|
||||||
|
+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
--- tests/t_lpback.sh
|
||||||
|
+++ tests/t_lpback.sh
|
||||||
|
@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op
|
||||||
|
# GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
|
||||||
|
CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
|
||||||
|
|
||||||
|
+# Also test cipher 'none'
|
||||||
|
+CIPHERS=${CIPHERS}$(printf "\nnone")
|
||||||
|
+
|
||||||
|
"${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
|
||||||
|
set +e
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Template file for 'openvpn'
|
# Template file for 'openvpn'
|
||||||
pkgname=openvpn
|
pkgname=openvpn
|
||||||
version=2.3.6
|
version=2.3.6
|
||||||
revision=3
|
revision=4
|
||||||
build_options="systemd"
|
build_options="systemd"
|
||||||
build_style=gnu-configure
|
build_style=gnu-configure
|
||||||
configure_args="--enable-password-save --enable-iproute2 $(vopt_enable systemd)"
|
configure_args="--enable-password-save --enable-iproute2 $(vopt_enable systemd)"
|
||||||
|
|
Loading…
Reference in a new issue