diff options
| -rw-r--r-- | configure.ac | 8 | ||||
| -rw-r--r-- | src/openvpn/crypto.c | 2 | ||||
| -rw-r--r-- | src/openvpn/crypto.h | 2 | ||||
| -rw-r--r-- | src/openvpn/crypto_openssl.c | 2 |
4 files changed, 10 insertions, 4 deletions
diff --git a/configure.ac b/configure.ac index 5a807cb..117eaf6 100644 --- a/configure.ac +++ b/configure.ac @@ -72,6 +72,13 @@ AC_ARG_ENABLE( ) AC_ARG_ENABLE( + [ofb-cfb], + [AS_HELP_STRING([--enable-ofb-cfb], [enable support for OFB and CFB cipher modes @<:@default=yes@:>@])], + , + [enable_crypto_ofb_cfb="yes"] +) + +AC_ARG_ENABLE( [ssl], [AS_HELP_STRING([--disable-ssl], [disable SSL support for TLS-based key exchange @<:@default=yes@:>@])], , @@ -1094,6 +1101,7 @@ fi if test "${enable_crypto}" = "yes"; then test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing]) + test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes]) OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}" OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}" AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library]) diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index d0dc069..2a7fcb2 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -428,7 +428,7 @@ init_key_type (struct key_type *kt, const char *ciphername, { const unsigned int mode = cipher_kt_mode (kt->cipher); if (!(mode == OPENVPN_MODE_CBC -#ifdef ALLOW_NON_CBC_CIPHERS +#ifdef ENABLE_OFB_CFB_MODE || (cfb_ofb_allowed && (mode == OPENVPN_MODE_CFB || mode == OPENVPN_MODE_OFB)) #endif )) diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h index 3b4b88e..1f1e1b6 100644 --- a/src/openvpn/crypto.h +++ b/src/openvpn/crypto.h @@ -32,8 +32,6 @@ #ifdef ENABLE_CRYPTO -#define ALLOW_NON_CBC_CIPHERS - #include "crypto_backend.h" #include "basic.h" #include "buffer.h" diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index c3480e0..74539b6 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -263,7 +263,7 @@ show_available_ciphers () { const unsigned int mode = EVP_CIPHER_mode (cipher); if (mode == EVP_CIPH_CBC_MODE -#ifdef ALLOW_NON_CBC_CIPHERS +#ifdef ENABLE_OFB_CFB_MODE || mode == EVP_CIPH_CFB_MODE || mode == EVP_CIPH_OFB_MODE #endif ) |