Home Esplora Aiuto
Registrati Accedi
OpenWrt
/
openwrt
mirror da https://github.com/openwrt/openwrt.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

openvpn: backport an upstream fix for a regression in using --cipher none (fixes #18676)

Signed-off-by: Felix Fietkau <[email protected]>

SVN-Revision: 43823
Felix Fietkau 11 anni fa
parent
deb35ad4ac
commit
8bd2c446d4
1 ha cambiato i file con 57 aggiunte e 0 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 57 0
      package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch

+ 57 - 0
package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch
Vedi File 

@@ -0,0 +1,57 @@
 
+commit 98156e90e1e83133a6a6a020db8e7333ada6156b
 
+Author: Steffan Karger <[email protected]>
 
+Date:   Tue Dec 2 21:42:00 2014 +0100
 
+
 
+    Really fix '--cipher none' regression
 
+    
+    ... by not incorrectly hinting to the compiler the function argument of
 
+    cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
 
+    case.
 
+    
+    Verified the fix on Debian Wheezy, one of the platforms the reporter in
 
+    trac #473 mentions with a compiler that would optimize out the required
 
+    checks.
 
+    
+    Also add a testcase for --cipher none to t_lpback, to prevent further
 
+    regressions.
 
+    
+    Signed-off-by: Steffan Karger <[email protected]>
 
+    Acked-by: Gert Doering <[email protected]>
 
+    Message-Id: <[email protected]>
 
+    URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
 
+    Signed-off-by: Gert Doering <[email protected]>
 
+
 
+--- a/src/openvpn/crypto_backend.h
 
++++ b/src/openvpn/crypto_backend.h
 
+@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c
 
+  *
 
+  * @return		true iff the cipher is a CBC mode cipher.
 
+  */
 
+-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
 
+-  __attribute__((nonnull));
 
++bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
 
+ 
+ /**
 
+  * Check if the supplied cipher is a supported OFB or CFB mode cipher.
 
+@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_
 
+  *
 
+  * @return		true iff the cipher is a OFB or CFB mode cipher.
 
+  */
 
+-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
 
+-  __attribute__((nonnull));
 
++bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
 
+ 
+ 
+ /**
 
+--- a/tests/t_lpback.sh
 
++++ b/tests/t_lpback.sh
 
+@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op
 
+ # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
 
+ CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
 
+ 
++# Also test cipher 'none'
 
++CIPHERS=${CIPHERS}$(printf "\nnone")
 
++
 
+ "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
 
+ set +e
 
+