From 192f5b50e32ed14945317325a5465f40abfcc587 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Tue, 28 Oct 2014 23:07:58 +0100
Subject: Update Openssl to aosp/master (includes useless (for OpenVPN)) SSLv3
 Fallback fix

--HG--
extra : rebase_source : 4ec3b7a7844aa1ca198c4538ecdf28f027ceb1b1
---
 main/openvpn/configure.ac | 39 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

(limited to 'main/openvpn/configure.ac')

diff --git a/main/openvpn/configure.ac b/main/openvpn/configure.ac
index 608ab6d1..dddadec4 100644
--- a/main/openvpn/configure.ac
+++ b/main/openvpn/configure.ac
@@ -78,6 +78,13 @@ AC_ARG_ENABLE(
 	[enable_crypto_ofb_cfb="yes"]
 )
 
+AC_ARG_ENABLE(
+	[aead-modes],
+	[AS_HELP_STRING([--disable-aead-modes], [disable AEAD crypto modes @<:@default=yes@:>@])],
+	,
+	[enable_aead_modes="yes"]
+)
+
 AC_ARG_ENABLE(
 	[ssl],
 	[AS_HELP_STRING([--disable-ssl], [disable SSL support for TLS-based key exchange @<:@default=yes@:>@])],
@@ -799,6 +806,16 @@ if test "${have_openssl_crypto}" = "yes"; then
 		[have_openssl_engine="no"; break]
 	)
 
+	have_crypto_aead_modes="yes"
+	AC_CHECK_FUNCS(
+		[ \
+			EVP_aes_256_ccm \
+			EVP_aes_256_gcm \
+		],
+		,
+		[have_crypto_aead_modes="no"; break]
+	)
+
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
 fi
@@ -828,8 +845,10 @@ fi
 
 if test "${with_crypto_library}" = "polarssl" ; then
 	AC_MSG_CHECKING([polarssl version])
-	old_CFLAGS="${CFLAGS}"
-	CFLAGS="${POLARSSL_CFLAGS} ${CFLAGS}"
+	saved_CFLAGS="${CFLAGS}"
+	saved_LIBS="${LIBS}"
+	CFLAGS="${POLARSSL_CFLAGS} ${PKCS11_HELPER_CFLAGS} ${CFLAGS}"
+	LIBS="${POLARSSL_LIBS} ${PKCS11_HELPER_LIBS} ${LIBS}"
 	AC_COMPILE_IFELSE(
 		[AC_LANG_PROGRAM(
 			[[
@@ -858,7 +877,6 @@ if test "${with_crypto_library}" = "polarssl" ; then
 			]]
 		)],
 		polarssl_with_pkcs11="yes")
-	CFLAGS="${old_CFLAGS}"
 
 	AC_MSG_CHECKING([polarssl pkcs11 support])
 	if test "${enable_pkcs11}" = "yes"; then
@@ -875,6 +893,17 @@ if test "${with_crypto_library}" = "polarssl" ; then
 		fi
 	fi
 
+	have_crypto_aead_modes="yes"
+	AC_CHECK_FUNCS(
+		[ \
+			cipher_write_tag \
+			cipher_check_tag \
+		],
+		,
+		[have_crypto_aead_modes="no"; break]
+	)
+	CFLAGS="${saved_CFLAGS}"
+	LIBS="${saved_LIBS}"
 fi
 
 AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo])
@@ -1091,6 +1120,10 @@ fi
 if test "${enable_crypto}" = "yes"; then
 	test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing])
 	test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
+	if test "${enable_aead_modes}" = "yes"; then
+		test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
+		test "${have_crypto_aead_modes}" != "yes" && AC_MSG_ERROR([AEAD modes required but missing])
+	fi
 	OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}"
 	OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}"
 	AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library])
-- 
cgit v1.2.3