Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.

Makes OFB/CFB compile time configurable, and fixes output of --show-ciphers
to also show OFB/CFB ciphers along the way (becasue crypto.h was not
included from crypto_openssl.c).

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1402244175-31462-2-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8781
Signed-off-by: Gert Doering <gert@greenie.muc.de>

3 files changed, 2 insertions, 4 deletions

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index d0dc069..2a7fcb2 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -428,7 +428,7 @@ init_key_type (struct key_type *kt, const char *ciphername,
       {
 	const unsigned int mode = cipher_kt_mode (kt->cipher);
 	if (!(mode == OPENVPN_MODE_CBC
-#ifdef ALLOW_NON_CBC_CIPHERS
+#ifdef ENABLE_OFB_CFB_MODE
 	      || (cfb_ofb_allowed && (mode == OPENVPN_MODE_CFB || mode == OPENVPN_MODE_OFB))
 #endif
 	      ))
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 3b4b88e..1f1e1b6 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -32,8 +32,6 @@
 
 #ifdef ENABLE_CRYPTO
 
-#define ALLOW_NON_CBC_CIPHERS
-
 #include "crypto_backend.h"
 #include "basic.h"
 #include "buffer.h"
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index c3480e0..74539b6 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -263,7 +263,7 @@ show_available_ciphers ()
 	{
 	  const unsigned int mode = EVP_CIPHER_mode (cipher);
 	  if (mode == EVP_CIPH_CBC_MODE
-#ifdef ALLOW_NON_CBC_CIPHERS
+#ifdef ENABLE_OFB_CFB_MODE
 	      || mode == EVP_CIPH_CFB_MODE || mode == EVP_CIPH_OFB_MODE
 #endif
 	      )