diff options
| author | Steffan Karger <steffan@karger.me> | 2014-12-02 21:42:00 +0100 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2014-12-02 22:10:56 +0100 |
| commit | 98156e90e1e83133a6a6a020db8e7333ada6156b (patch) | |
| tree | 1d71fea2e29e982a34b4135a995f405d6bde9ea2 | |
| parent | 6ece60c6dc7a3cda58f4dfea4e6cd3016023234f (diff) | |
| download | openvpn-98156e90e1e83133a6a6a020db8e7333ada6156b.tar.gz openvpn-98156e90e1e83133a6a6a020db8e7333ada6156b.tar.xz openvpn-98156e90e1e83133a6a6a020db8e7333ada6156b.zip | |
Really fix '--cipher none' regression
... by not incorrectly hinting to the compiler the function argument of
cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
case.
Verified the fix on Debian Wheezy, one of the platforms the reporter in
trac #473 mentions with a compiler that would optimize out the required
checks.
Also add a testcase for --cipher none to t_lpback, to prevent further
regressions.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
Signed-off-by: Gert Doering <gert@greenie.muc.de>
| -rw-r--r-- | src/openvpn/crypto_backend.h | 6 | ||||
| -rwxr-xr-x | tests/t_lpback.sh | 3 |
2 files changed, 5 insertions, 4 deletions
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h index 8749878..4e45df0 100644 --- a/src/openvpn/crypto_backend.h +++ b/src/openvpn/crypto_backend.h @@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt); * * @return true iff the cipher is a CBC mode cipher. */ -bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) - __attribute__((nonnull)); +bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); /** * Check if the supplied cipher is a supported OFB or CFB mode cipher. @@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) * * @return true iff the cipher is a OFB or CFB mode cipher. */ -bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) - __attribute__((nonnull)); +bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); /** diff --git a/tests/t_lpback.sh b/tests/t_lpback.sh index 8f88ad9..d7792cd 100755 --- a/tests/t_lpback.sh +++ b/tests/t_lpback.sh @@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \ # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) +# Also test cipher 'none' +CIPHERS=${CIPHERS}$(printf "\nnone") + "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ set +e |