+++ /dev/null
-commit 98156e90e1e83133a6a6a020db8e7333ada6156b
-Author: Steffan Karger <steffan@karger.me>
-Date: Tue Dec 2 21:42:00 2014 +0100
-
- Really fix '--cipher none' regression
-
- ... by not incorrectly hinting to the compiler the function argument of
- cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
- case.
-
- Verified the fix on Debian Wheezy, one of the platforms the reporter in
- trac #473 mentions with a compiler that would optimize out the required
- checks.
-
- Also add a testcase for --cipher none to t_lpback, to prevent further
- regressions.
-
- Signed-off-by: Steffan Karger <steffan@karger.me>
- Acked-by: Gert Doering <gert@greenie.muc.de>
- Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me>
- URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
- Signed-off-by: Gert Doering <gert@greenie.muc.de>
-
---- a/src/openvpn/crypto_backend.h
-+++ b/src/openvpn/crypto_backend.h
-@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c
- *
- * @return true iff the cipher is a CBC mode cipher.
- */
--bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
-- __attribute__((nonnull));
-+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
-
- /**
- * Check if the supplied cipher is a supported OFB or CFB mode cipher.
-@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_
- *
- * @return true iff the cipher is a OFB or CFB mode cipher.
- */
--bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
-- __attribute__((nonnull));
-+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
-
-
- /**
---- a/tests/t_lpback.sh
-+++ b/tests/t_lpback.sh
-@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op
- # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
- CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
-
-+# Also test cipher 'none'
-+CIPHERS=${CIPHERS}$(printf "\nnone")
-+
- "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
- set +e
-
-Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c
-===================================================================
---- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c
-+++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
@@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state
if (ssl_ctx->allowed_ciphers)
ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);