Only include aead encrypt/decrypt functions if AEAD modes are supported

This fixes the build for OpenSSL < 1.0.1 (broken by commit 3654d953), which has no AEAD support. Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1457266190-27228-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11325 Signed-off-by: Gert Doering <gert@greenie.muc.de>
2026-05-28 04:03:29 -04:00 · 2016-03-06 13:09:50 +01:00 · 2016-03-06 13:09:50 +01:00 · 71d89065ad
commit 71d89065ad
parent e0b3fd49e2
1 changed files with 9 additions and 0 deletions
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@ -86,6 +86,7 @@ memcmp_constant_time (const void *a, const void *b, size_t size) {
 static void
 openvpn_encrypt_aead (struct buffer *buf, struct buffer work,
 	 struct crypto_options *opt) {
+#ifdef HAVE_AEAD_CIPHER_MODES
  struct gc_arena gc;
  int outlen = 0;
  const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt;
@ -173,6 +174,9 @@ err:
  crypto_clear_error();
  buf->len = 0;
  goto cleanup;
+#else /* HAVE_AEAD_CIPHER_MODES */
+  ASSERT (0);
+#endif
 }

 static void
@ -385,6 +389,7 @@ openvpn_decrypt_aead (struct buffer *buf, struct buffer work,
    struct crypto_options *opt, const struct frame* frame,
    const uint8_t *ad_start)
 {
+#ifdef HAVE_AEAD_CIPHER_MODES
  static const char error_prefix[] = "AEAD Decrypt error";
  struct packet_id_net pin = { 0 };
  const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt;
@ -511,6 +516,10 @@ openvpn_decrypt_aead (struct buffer *buf, struct buffer work,
  buf->len = 0;
  gc_free (&gc);
  return false;
+#else /* HAVE_AEAD_CIPHER_MODES */
+  ASSERT (0);
+  return false;
+#endif
 }

 /*