openvpn: update to 2.4.9

[openwrt/openwrt.git] / package / network / services / openvpn / patches / 220-disable_des.patch

--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -597,11 +597,11 @@ socket_defined(const socket_descriptor_t
 /*
  * Should we include NTLM proxy functionality
  */
-#if defined(ENABLE_CRYPTO)
-#define NTLM 1
-#else
+//#if defined(ENABLE_CRYPTO)
+//#define NTLM 1
+//#else
 #define NTLM 0
-#endif
+//#endif
 
 /*
  * Should we include proxy digest auth functionality
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -319,6 +319,7 @@ int
 key_des_num_cblocks(const mbedtls_cipher_info_t *kt)
 {
     int ret = 0;
+#ifdef MBEDTLS_DES_C
     if (kt->type == MBEDTLS_CIPHER_DES_CBC)
     {
         ret = 1;
@@ -331,6 +332,7 @@ key_des_num_cblocks(const mbedtls_cipher
     {
         ret = 3;
     }
+#endif
 
     dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
     return ret;
@@ -339,6 +341,7 @@ key_des_num_cblocks(const mbedtls_cipher
 bool
 key_des_check(uint8_t *key, int key_len, int ndc)
 {
+#ifdef MBEDTLS_DES_C
     int i;
     struct buffer b;
 
@@ -367,11 +370,15 @@ key_des_check(uint8_t *key, int key_len,
 
 err:
     return false;
+#else
+    return true;
+#endif
 }
 
 void
 key_des_fixup(uint8_t *key, int key_len, int ndc)
 {
+#ifdef MBEDTLS_DES_C
     int i;
     struct buffer b;
 
@@ -386,6 +393,7 @@ key_des_fixup(uint8_t *key, int key_len,
         }
         mbedtls_des_key_set_parity(key);
     }
+#endif
 }
 
 /*
@@ -705,10 +713,12 @@ cipher_des_encrypt_ecb(const unsigned ch
                        unsigned char *src,
                        unsigned char *dst)
 {
+#ifdef MBEDTLS_DES_C
     mbedtls_des_context ctx;
 
     ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key)));
     ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst)));
+#endif
 }