From patchwork Sun Dec  3 01:49:52 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 121
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director5.mail.ord1d.rsapps.net ([172.27.255.7])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 c4CSBI/zI1pWTAAAgoeIoA
	for <patchwork@openvpn.net>; Sun, 03 Dec 2017 07:52:31 -0500
Received: from proxy17.mail.iad3a.rsapps.net ([172.27.255.7])
	by director5.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 yi1pAI/zI1psIQAAsdCWiw
	; Sun, 03 Dec 2017 07:52:31 -0500
Received: from smtp6.gate.iad3a ([172.27.255.7])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy17.mail.iad3a.rsapps.net (Dovecot) with LMTP id
 UpsEOI7zI1o2VQAAR4KW9A
	; Sun, 03 Dec 2017 07:52:30 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp6.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: d2b90a66-d828-11e7-957b-5254002f0085-1-1
Received: from [216.34.181.88] ([216.34.181.88:20410]
 helo=lists.sourceforge.net)
	by smtp6.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id D9/D1-15885-E83F32A5; Sun, 03 Dec 2017 07:52:30 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eLTjR-00014s-OB; Sun, 03 Dec 2017 12:50:53 +0000
Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194]
 helo=mx.sourceforge.net)
 by sfs-ml-2.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eLTjQ-00014m-M2
 for openvpn-devel@lists.sourceforge.net; Sun, 03 Dec 2017 12:50:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=yGIVrWWKGww0q29TKXC0diFVpT/qB0p2d00+isw/SJE=; b=Vzk4iyuZAVUbJZGTrRiHyTOp0c
 EZn3Xe3R3of9tglx7SPPNwwAccR8q0lb/VvgwJZJjeSrpez4pO/9Xhd3EzRtHY5H5PTRNwc4ankUr
 vtdJ+PK28UmESP7HM4ZN0AyPJqeYM1yWyj5+UtHVMgM6Fh6NbYoddLBS9JUDY1+IJCKE=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=yGIVrWWKGww0q29TKXC0diFVpT/qB0p2d00+isw/SJE=; b=lusAh3J6VE+tonwnMxnbb7rLEW
 ND1Owog9BzLyTbRCvoTvuGaaWqdvKxmf3w0SejcJeZhiCw6MDmxDgY5dfgf0n+DXNTuW6CftXXUNU
 KG5xOAH/b4LxLa/2yiUaJ0l+3mExlVL4G/GmLiN9TfpWnF1XN5YpKQNaoaM+mi+nhASk=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-4.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eLTjP-00060j-52
 for openvpn-devel@lists.sourceforge.net; Sun, 03 Dec 2017 12:50:52 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sun,  3 Dec 2017 20:49:52 +0800
Message-Id: <20171203124952.15220-1-a@unstable.cc>
In-Reply-To: <20171202134541.7688-2-a@unstable.cc>
References: <20171202134541.7688-2-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eLTjP-00060j-52
Subject: [Openvpn-devel] [PATCH v2 2/7] Remove option to disable crypto
 engine
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

With this patch we remove the possibility to disable the crypto engine
(ENABLE_CRYPTO define) at configuration time.

[--disable-crypto has been removed from .travis.yml too]

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
---

v2:
- .travis.yml: move "make distcheck" to other entry in the matrix
- move to second spot in the set to avoid having a point in the tree
  where encryption is not enabled
- rename CRYPTO_MBEDTLS/OPENSSL back to ENABLE_CRYPTO_MBEDTLS/OPENSSL in configure.ac

 .travis.yml                                        |  5 +---
 config-msvc.h                                      |  1 -
 configure.ac                                       | 29 ++++++----------------
 doc/doxygen/openvpn.doxyfile.in                    |  2 +-
 .../keyingmaterialexporter.c                       |  2 --
 sample/sample-plugins/log/log_v3.c                 |  2 --
 tests/Makefile.am                                  |  2 --
 7 files changed, 9 insertions(+), 34 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 366e6599..1f669b30 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -59,10 +59,7 @@ matrix:
     - env: SSLLIB="openssl" CHOST=i686-w64-mingw32
       os: linux
       compiler: ": Win32 build only"
-    - env: SSLLIB="openssl" EXTRA_CONFIG="--disable-crypto" EXTRA_SCRIPT="make distcheck"
-      os: linux
-      compiler: clang
-    - env: SSLLIB="openssl" EXTRA_CONFIG="--disable-lzo"
+    - env: SSLLIB="openssl" EXTRA_CONFIG="--disable-lzo" EXTRA_SCRIPT="make distcheck"
       os: linux
       compiler: clang
     - env: SSLLIB="openssl" EXTRA_CONFIG="--enable-small"
diff --git a/config-msvc.h b/config-msvc.h
index 0bb153df..8be9195f 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -4,7 +4,6 @@
 
 #define ENABLE_DEF_AUTH 1
 #define ENABLE_PF 1
-#define ENABLE_CRYPTO 1
 #define ENABLE_CRYPTO_OPENSSL 1
 #define ENABLE_DEBUG 1
 #define ENABLE_EUREPHIA 1
diff --git a/configure.ac b/configure.ac
index acfddb22..b4fd1b3f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -77,13 +77,6 @@ AC_ARG_ENABLE(comp-stub,
 	[enable_comp_stub="no"]
 )
 
-AC_ARG_ENABLE(
-	[crypto],
-	[AS_HELP_STRING([--disable-crypto], [disable crypto support @<:@default=yes@:>@])],
-	,
-	[enable_crypto="yes"]
-)
-
 AC_ARG_ENABLE(
 	[ofb-cfb],
 	[AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
@@ -843,7 +836,7 @@ PKG_CHECK_MODULES(
 	[]
 )
 
-if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
+if test "${with_crypto_library}" = "openssl"; then
 	AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
 	AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
 
@@ -958,11 +951,10 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
 
-	have_crypto="yes"
 	AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
 	CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
 	CRYPTO_LIBS="${OPENSSL_LIBS}"
-elif test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "mbedtls"; then
+elif test "${with_crypto_library}" = "mbedtls"; then
 	AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
 	AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
 
@@ -1041,11 +1033,10 @@ elif test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "mbedtls"; th
 
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
-	have_crypto="yes"
 	AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
 	CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
 	CRYPTO_LIBS="${MBEDTLS_LIBS}"
-elif test "${enable_crypto}" = "yes"; then
+else
 	AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
 fi
 
@@ -1245,14 +1236,10 @@ test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable d
 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
 
-if test "${enable_crypto}" = "yes"; then
-	test "${have_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing])
-	test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
-	test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
-	OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
-	OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
-	AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library])
-fi
+test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
+test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
+OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
+OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
 
 if test "${enable_plugins}" = "yes"; then
 	OPTIONAL_DL_LIBS="${DL_LIBS}"
@@ -1292,7 +1279,6 @@ fi
 
 if test "${enable_pkcs11}" = "yes"; then
 	test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
-	test "${enable_crypto}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if crypto is enabled])
 	OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
 	OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
 	AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
@@ -1372,7 +1358,6 @@ AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
-AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
 
 sampledir="\$(docdir)/sample"
diff --git a/doc/doxygen/openvpn.doxyfile.in b/doc/doxygen/openvpn.doxyfile.in
index bb56fff4..d9e9ed08 100644
--- a/doc/doxygen/openvpn.doxyfile.in
+++ b/doc/doxygen/openvpn.doxyfile.in
@@ -235,7 +235,7 @@ EXPAND_ONLY_PREDEF     = NO
 SEARCH_INCLUDES        = YES
 INCLUDE_PATH           =
 INCLUDE_FILE_PATTERNS  =
-PREDEFINED             = _WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER ENABLE_CRYPTO ENABLE_CRYPTO_OPENSSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY
+PREDEFINED             = _WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER ENABLE_CRYPTO_OPENSSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY
 EXPAND_AS_DEFINED      =
 SKIP_FUNCTION_MACROS   = YES
 #---------------------------------------------------------------------------
diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
index c4839077..8ee78c53 100644
--- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
+++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
@@ -27,8 +27,6 @@
  * See the README file for build instructions.
  */
 
-#define ENABLE_CRYPTO
-
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c
index 98d80d95..3ff80290 100644
--- a/sample/sample-plugins/log/log_v3.c
+++ b/sample/sample-plugins/log/log_v3.c
@@ -35,8 +35,6 @@
 #include <string.h>
 #include <stdlib.h>
 
-#define ENABLE_CRYPTO
-
 #include "openvpn-plugin.h"
 
 /*
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0795680c..53313de4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -15,9 +15,7 @@ MAINTAINERCLEANFILES = \
 SUBDIRS = unit_tests
 
 test_scripts = t_client.sh
-if ENABLE_CRYPTO
 test_scripts += t_lpback.sh t_cltsrv.sh
-endif
 
 TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)"
 TESTS = $(test_scripts)