... by not incorrectly hinting to the compiler the function argument of
cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
case.
Verified the fix on Debian Wheezy, one of the platforms the reporter in
trac #473 mentions with a compiler that would optimize out the required
checks.
Also add a testcase for --cipher none to t_lpback, to prevent further
regressions.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt); |
237 | 237 |
* |
238 | 238 |
* @return true iff the cipher is a CBC mode cipher. |
239 | 239 |
*/ |
240 |
-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) |
|
241 |
- __attribute__((nonnull)); |
|
240 |
+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); |
|
242 | 241 |
|
243 | 242 |
/** |
244 | 243 |
* Check if the supplied cipher is a supported OFB or CFB mode cipher. |
... | ... |
@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) |
247 | 247 |
* |
248 | 248 |
* @return true iff the cipher is a OFB or CFB mode cipher. |
249 | 249 |
*/ |
250 |
-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) |
|
251 |
- __attribute__((nonnull)); |
|
250 |
+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); |
|
252 | 251 |
|
253 | 252 |
|
254 | 253 |
/** |
... | ... |
@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \ |
35 | 35 |
# GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) |
36 | 36 |
CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) |
37 | 37 |
|
38 |
+# Also test cipher 'none' |
|
39 |
+CIPHERS=${CIPHERS}$(printf "\nnone") |
|
40 |
+ |
|
38 | 41 |
"${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ |
39 | 42 |
set +e |
40 | 43 |
|