From patchwork Sat Dec  2 02:45:35 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 113
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director3.mail.ord1d.rsapps.net ([172.27.255.8])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 k06JEDKvIlr/FQAAgoeIoA
	for <patchwork@openvpn.net>; Sat, 02 Dec 2017 08:48:34 -0500
Received: from proxy16.mail.iad3a.rsapps.net ([172.27.255.8])
	by director3.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 q07WCjKvIlrbOQAAkXNnRw
	; Sat, 02 Dec 2017 08:48:34 -0500
Received: from smtp35.gate.iad3a ([172.27.255.8])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy16.mail.iad3a.rsapps.net (Dovecot) with LMTP id
 wDo4CTKvIlorFQAADc5QwQ
	; Sat, 02 Dec 2017 08:48:34 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp35.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 7cd7c6bc-d767-11e7-ae90-bc305bf5a7c0-1-1
Received: from [216.34.181.88] ([216.34.181.88:22902]
 helo=lists.sourceforge.net)
	by smtp35.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 6C/FF-03932-13FA22A5; Sat, 02 Dec 2017 08:48:33 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eL87y-00088Z-Nh; Sat, 02 Dec 2017 13:46:46 +0000
Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194]
 helo=mx.sourceforge.net)
 by sfs-ml-2.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eL87x-00088M-EG
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:45 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:
 MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=t4mZ930ii8dKEQX6x7FGoulsSPEuM4CPNpM2vVieBrA=; b=NwV7SAYA4A/6TakBbkXVgYJTRq
 rKyFaN8ctVPuE3JaVU7Cm0tJOT0+bdF7mZJTbJgXuwwfPWTTSc3MnFxITUi0vWU7oaFz6W/y4J7Tc
 0Sg8tI2YM9tOgxs8jYKyPvvZiGQ3g0Ncex7BINZHC8DksvcQXWWD5cd7FqNh7IfyMmXY=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version:
 Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
 Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
 In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=t4mZ930ii8dKEQX6x7FGoulsSPEuM4CPNpM2vVieBrA=; b=b5mAGAbzqIQNANmwucGSWZAQnB
 Zx5bzp7kEU3LSW8y0tDeL8Ua+uKJZZAnMuSN+ZSa+f3Je0afC53FTMmAp6G/on8eTepgh6ckr8b/8
 3ZbGxTmyx5jEnk7TtCc9o5fWuX95Hjb0BexiDnYdF7BADNGABZgZQA+l8W58ELoy4Fvc=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-4.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eL87v-0006tz-2d
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:45 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  2 Dec 2017 21:45:35 +0800
Message-Id: <20171202134541.7688-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eL87v-0006tz-2d
Subject: [Openvpn-devel] [PATCH 1/7] Remove option to disable crypto engine
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

With this patch we remove the possibility to disable the crypto engine
(ENABLE_CRYPTO define) at configuration time.

[Some unit-test are temporarily disabled and will be enabled again when
ENABLE_CRYPTO is completely removed from the codebase]

[--disable-crypto has been removed from .travis.yml too]

Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
 .travis.yml                                        |  2 +-
 config-msvc.h                                      |  1 -
 configure.ac                                       | 33 ++++++----------------
 doc/doxygen/openvpn.doxyfile.in                    |  2 +-
 .../keyingmaterialexporter.c                       |  2 --
 sample/sample-plugins/log/log_v3.c                 |  2 --
 tests/Makefile.am                                  |  4 +--
 tests/unit_tests/openvpn/Makefile.am               |  4 +--
 8 files changed, 13 insertions(+), 37 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 366e6599..e89cb7d4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -59,7 +59,7 @@ matrix:
     - env: SSLLIB="openssl" CHOST=i686-w64-mingw32
       os: linux
       compiler: ": Win32 build only"
-    - env: SSLLIB="openssl" EXTRA_CONFIG="--disable-crypto" EXTRA_SCRIPT="make distcheck"
+    - env: SSLLIB="openssl" EXTRA_SCRIPT="make distcheck"
       os: linux
       compiler: clang
     - env: SSLLIB="openssl" EXTRA_CONFIG="--disable-lzo"
diff --git a/config-msvc.h b/config-msvc.h
index 0bb153df..8be9195f 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -4,7 +4,6 @@
 
 #define ENABLE_DEF_AUTH 1
 #define ENABLE_PF 1
-#define ENABLE_CRYPTO 1
 #define ENABLE_CRYPTO_OPENSSL 1
 #define ENABLE_DEBUG 1
 #define ENABLE_EUREPHIA 1
diff --git a/configure.ac b/configure.ac
index acfddb22..faea7d15 100644
--- a/configure.ac
+++ b/configure.ac
@@ -77,13 +77,6 @@ AC_ARG_ENABLE(comp-stub,
 	[enable_comp_stub="no"]
 )
 
-AC_ARG_ENABLE(
-	[crypto],
-	[AS_HELP_STRING([--disable-crypto], [disable crypto support @<:@default=yes@:>@])],
-	,
-	[enable_crypto="yes"]
-)
-
 AC_ARG_ENABLE(
 	[ofb-cfb],
 	[AS_HELP_STRING([--disable-ofb-cfb], [disable support for OFB and CFB cipher modes @<:@default=yes@:>@])],
@@ -843,7 +836,7 @@ PKG_CHECK_MODULES(
 	[]
 )
 
-if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
+if test "${with_crypto_library}" = "openssl"; then
 	AC_ARG_VAR([OPENSSL_CFLAGS], [C compiler flags for OpenSSL])
 	AC_ARG_VAR([OPENSSL_LIBS], [linker flags for OpenSSL])
 
@@ -958,11 +951,10 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
 
-	have_crypto="yes"
-	AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library])
+	AC_DEFINE([CRYPTO_OPENSSL], [1], [Use OpenSSL library])
 	CRYPTO_CFLAGS="${OPENSSL_CFLAGS}"
 	CRYPTO_LIBS="${OPENSSL_LIBS}"
-elif test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "mbedtls"; then
+elif test "${with_crypto_library}" = "mbedtls"; then
 	AC_ARG_VAR([MBEDTLS_CFLAGS], [C compiler flags for mbedtls])
 	AC_ARG_VAR([MBEDTLS_LIBS], [linker flags for mbedtls])
 
@@ -1041,11 +1033,10 @@ elif test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "mbedtls"; th
 
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
-	have_crypto="yes"
-	AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
+	AC_DEFINE([CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
 	CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
 	CRYPTO_LIBS="${MBEDTLS_LIBS}"
-elif test "${enable_crypto}" = "yes"; then
+else
 	AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
 fi
 
@@ -1245,14 +1236,10 @@ test "${enable_def_auth}" = "yes" && AC_DEFINE([ENABLE_DEF_AUTH], [1], [Enable d
 test "${enable_pf}" = "yes" && AC_DEFINE([ENABLE_PF], [1], [Enable internal packet filter])
 test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHECK], [1], [Enable strict options check between peers])
 
-if test "${enable_crypto}" = "yes"; then
-	test "${have_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing])
-	test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
-	test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
-	OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
-	OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
-	AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library])
-fi
+test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes])
+test "${have_crypto_aead_modes}" = "yes" && AC_DEFINE([HAVE_AEAD_CIPHER_MODES], [1], [Use crypto library])
+OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CFLAGS}"
+OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_LIBS}"
 
 if test "${enable_plugins}" = "yes"; then
 	OPTIONAL_DL_LIBS="${DL_LIBS}"
@@ -1292,7 +1279,6 @@ fi
 
 if test "${enable_pkcs11}" = "yes"; then
 	test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
-	test "${enable_crypto}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if crypto is enabled])
 	OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
 	OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
 	AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
@@ -1372,7 +1358,6 @@ AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
 AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
 AM_CONDITIONAL([ENABLE_PLUGIN_AUTH_PAM], [test "${enable_plugin_auth_pam}" = "yes"])
 AM_CONDITIONAL([ENABLE_PLUGIN_DOWN_ROOT], [test "${enable_plugin_down_root}" = "yes"])
-AM_CONDITIONAL([ENABLE_CRYPTO], [test "${enable_crypto}" = "yes"])
 AM_CONDITIONAL([HAVE_LD_WRAP_SUPPORT], [test "${have_ld_wrap_support}" = "yes"])
 
 sampledir="\$(docdir)/sample"
diff --git a/doc/doxygen/openvpn.doxyfile.in b/doc/doxygen/openvpn.doxyfile.in
index bb56fff4..d9e9ed08 100644
--- a/doc/doxygen/openvpn.doxyfile.in
+++ b/doc/doxygen/openvpn.doxyfile.in
@@ -235,7 +235,7 @@ EXPAND_ONLY_PREDEF     = NO
 SEARCH_INCLUDES        = YES
 INCLUDE_PATH           =
 INCLUDE_FILE_PATTERNS  =
-PREDEFINED             = _WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER ENABLE_CRYPTO ENABLE_CRYPTO_OPENSSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY
+PREDEFINED             = _WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER ENABLE_CRYPTO_OPENSSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY
 EXPAND_AS_DEFINED      =
 SKIP_FUNCTION_MACROS   = YES
 #---------------------------------------------------------------------------
diff --git a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
index c4839077..8ee78c53 100644
--- a/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
+++ b/sample/sample-plugins/keying-material-exporter-demo/keyingmaterialexporter.c
@@ -27,8 +27,6 @@
  * See the README file for build instructions.
  */
 
-#define ENABLE_CRYPTO
-
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
diff --git a/sample/sample-plugins/log/log_v3.c b/sample/sample-plugins/log/log_v3.c
index 98d80d95..3ff80290 100644
--- a/sample/sample-plugins/log/log_v3.c
+++ b/sample/sample-plugins/log/log_v3.c
@@ -35,8 +35,6 @@
 #include <string.h>
 #include <stdlib.h>
 
-#define ENABLE_CRYPTO
-
 #include "openvpn-plugin.h"
 
 /*
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0795680c..0b32058b 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -15,9 +15,7 @@ MAINTAINERCLEANFILES = \
 SUBDIRS = unit_tests
 
 test_scripts = t_client.sh
-if ENABLE_CRYPTO
-test_scripts += t_lpback.sh t_cltsrv.sh
-endif
+#test_scripts += t_lpback.sh t_cltsrv.sh
 
 TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)"
 TESTS = $(test_scripts)
diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am
index 7b44f42e..055aa49d 100644
--- a/tests/unit_tests/openvpn/Makefile.am
+++ b/tests/unit_tests/openvpn/Makefile.am
@@ -6,9 +6,7 @@ if HAVE_LD_WRAP_SUPPORT
 check_PROGRAMS += argv_testdriver buffer_testdriver
 endif
 
-if ENABLE_CRYPTO
-check_PROGRAMS += packet_id_testdriver tls_crypt_testdriver
-endif
+#check_PROGRAMS += packet_id_testdriver tls_crypt_testdriver
 
 TESTS = $(check_PROGRAMS)
 

From patchwork Sat Dec  2 02:45:36 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 114
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director3.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 CzzIAlCvIlr/FQAAgoeIoA
	for <patchwork@openvpn.net>; Sat, 02 Dec 2017 08:49:04 -0500
Received: from proxy1.mail.ord1d.rsapps.net ([172.30.191.6])
	by director3.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 I7KKAlCvIlqXOAAAkXNnRw
	; Sat, 02 Dec 2017 08:49:04 -0500
Received: from smtp42.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy1.mail.ord1d.rsapps.net (Dovecot) with LMTP id qvM1AVCvIlpVDAAAasrz9Q
	; Sat, 02 Dec 2017 08:49:04 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp42.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 8ecb745e-d767-11e7-8881-b8ca3a655ab8-1-1
Received: from [216.34.181.88] ([216.34.181.88:56286]
 helo=lists.sourceforge.net)
	by smtp42.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id F5/94-21587-F4FA22A5; Sat, 02 Dec 2017 08:49:03 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eL882-00088s-R6; Sat, 02 Dec 2017 13:46:50 +0000
Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194]
 helo=mx.sourceforge.net)
 by sfs-ml-2.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eL881-00088m-Us
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:49 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=WCFGP9T94DCIV5sq3N36zJAzwdmSgnmNN9PoTYbiOwo=; b=ZrOOTDvEVlB9SiIubjsGoXAk7a
 Si3aLn4oT0H7NRj9rxbCiVMwOZtD9M1UY+qTAm4bmNUzhtqb4rIV0pXvIcKtdA+NiTWfLbK1hrib9
 AO/LrqNNbOeilX9V2er4m8h200eg3uA2wpYDOH5OlO098SPD3uJwDn7xK5Z3y8a6n3Ws=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=WCFGP9T94DCIV5sq3N36zJAzwdmSgnmNN9PoTYbiOwo=; b=dz8fhAJ2n3E9TdyJSFfjGXPvSh
 t2JVK4EoRnumgfei/0LOKHYQbsszNjVqIbeL4RtaPBftPWQvJwaaqCMhu2Kuvferk8nEQbyrp72vt
 nz6nKAASnVgbzbEM4MfH+uNa+CciPd1cpowLi6J407l3MSXr9SURyzX3Hx5D+sKxMQnY=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-4.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eL87x-0006u6-DX
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:49 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  2 Dec 2017 21:45:36 +0800
Message-Id: <20171202134541.7688-2-a@unstable.cc>
In-Reply-To: <20171202134541.7688-1-a@unstable.cc>
References: <20171202134541.7688-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eL87x-0006u6-DX
Subject: [Openvpn-devel] [PATCH 2/7] Remove ENABLE_CRYPTO
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

The crypto engine cannot be disabled anymore, therefore get
rid of all the related ifdefs in the code.

This change makes the code simpler and reduces our the
number of config combinations we have to test after a new
change is applied.

[re-enable unit-tests that were previously disabled]

Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
 config-msvc.h                             |   2 +-
 doc/doxygen/doc_data_crypto.h             |  12 ++--
 doc/doxygen/openvpn.doxyfile.in           |   2 +-
 include/openvpn-plugin.h.in               |  15 ++---
 src/openvpn/crypto.c                      |   6 +-
 src/openvpn/crypto.h                      |   4 --
 src/openvpn/crypto_backend.h              |   4 +-
 src/openvpn/crypto_mbedtls.c              |   4 +-
 src/openvpn/crypto_openssl.c              |   4 +-
 src/openvpn/forward-inline.h              |   6 --
 src/openvpn/forward.c                     |  15 -----
 src/openvpn/init.c                        |  66 ++-----------------
 src/openvpn/manage.c                      |   5 +-
 src/openvpn/misc.c                        |  13 ----
 src/openvpn/misc.h                        |   7 +-
 src/openvpn/openvpn.h                     |  24 -------
 src/openvpn/options.c                     | 105 +++++++++---------------------
 src/openvpn/options.h                     |  11 +---
 src/openvpn/packet_id.c                   |   4 --
 src/openvpn/packet_id.h                   |   3 -
 src/openvpn/pkcs11_mbedtls.c              |   4 +-
 src/openvpn/pkcs11_openssl.c              |   2 +-
 src/openvpn/plugin.c                      |  23 ++-----
 src/openvpn/plugin.h                      |  22 ++-----
 src/openvpn/reliable.c                    |   9 ---
 src/openvpn/reliable.h                    |   3 -
 src/openvpn/session_id.c                  |   9 ---
 src/openvpn/session_id.h                  |   3 -
 src/openvpn/ssl.c                         |  13 +---
 src/openvpn/ssl.h                         |   4 --
 src/openvpn/ssl_backend.h                 |   9 +--
 src/openvpn/ssl_mbedtls.c                 |   4 +-
 src/openvpn/ssl_openssl.c                 |   8 +--
 src/openvpn/ssl_verify.c                  |   6 +-
 src/openvpn/ssl_verify.h                  |   8 +--
 src/openvpn/ssl_verify_mbedtls.c          |   4 +-
 src/openvpn/ssl_verify_openssl.c          |   4 +-
 src/openvpn/syshead.h                     |  20 ++----
 src/openvpn/tls_crypt.c                   |   3 -
 src/openvpn/tls_crypt.h                   |   4 --
 tests/Makefile.am                         |   2 +-
 tests/unit_tests/openvpn/Makefile.am      |   2 +-
 tests/unit_tests/openvpn/test_tls_crypt.c |   8 +--
 43 files changed, 99 insertions(+), 387 deletions(-)

diff --git a/config-msvc.h b/config-msvc.h
index 8be9195f..ce257f78 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -4,7 +4,7 @@
 
 #define ENABLE_DEF_AUTH 1
 #define ENABLE_PF 1
-#define ENABLE_CRYPTO_OPENSSL 1
+#define CRYPTO_OPENSSL 1
 #define ENABLE_DEBUG 1
 #define ENABLE_EUREPHIA 1
 #define ENABLE_FRAGMENT 1
diff --git a/doc/doxygen/doc_data_crypto.h b/doc/doxygen/doc_data_crypto.h
index c2b1866c..a8cf8d3b 100644
--- a/doc/doxygen/doc_data_crypto.h
+++ b/doc/doxygen/doc_data_crypto.h
@@ -58,13 +58,11 @@
  *     - \c openvpn_decrypt()
  *
  * @par Settings that control this module's activity
- * Whether or not the Data Channel Crypto module is active depends on the
- * compile-time \c ENABLE_CRYPTO preprocessor macro.  How it processes packets
- * received from the \link data_control Data Channel Control module\endlink at
- * runtime depends on the associated \c crypto_options structure.  To perform
- * cryptographic operations, the \c crypto_options.key_ctx_bi must contain the
- * correct cipher and HMAC security parameters for the direction the packet is
- * traveling in.
+ * How the data channel processes packets received from the \link data_control
+ * Data Channel Control module\endlink at runtime depends on the associated
+ * \c crypto_options structure.  To perform cryptographic operations, the
+ * \c crypto_options.key_ctx_bi must contain the correct cipher and HMAC
+ * security parameters for the direction the packet is traveling in.
  *
  * @par Crypto algorithms
  * This module uses the crypto algorithm implementations of the external
diff --git a/doc/doxygen/openvpn.doxyfile.in b/doc/doxygen/openvpn.doxyfile.in
index d9e9ed08..34e5da9d 100644
--- a/doc/doxygen/openvpn.doxyfile.in
+++ b/doc/doxygen/openvpn.doxyfile.in
@@ -235,7 +235,7 @@ EXPAND_ONLY_PREDEF     = NO
 SEARCH_INCLUDES        = YES
 INCLUDE_PATH           =
 INCLUDE_FILE_PATTERNS  =
-PREDEFINED             = _WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER ENABLE_CRYPTO_OPENSSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY
+PREDEFINED             = _WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER CRYPTO_OPENSSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY
 EXPAND_AS_DEFINED      =
 SKIP_FUNCTION_MACROS   = YES
 #---------------------------------------------------------------------------
diff --git a/include/openvpn-plugin.h.in b/include/openvpn-plugin.h.in
index f29b3a0b..da3a8f9c 100644
--- a/include/openvpn-plugin.h.in
+++ b/include/openvpn-plugin.h.in
@@ -26,21 +26,19 @@
 
 #define OPENVPN_PLUGIN_VERSION 3
 
-#ifdef ENABLE_CRYPTO
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
 #include <mbedtls/x509_crt.h>
 #ifndef __OPENVPN_X509_CERT_T_DECLARED
 #define __OPENVPN_X509_CERT_T_DECLARED
 typedef mbedtls_x509_crt openvpn_x509_cert_t;
 #endif
-#else  /* ifdef ENABLE_CRYPTO_MBEDTLS */
+#else  /* ifdef CRYPTO_MBEDTLS */
 #include <openssl/x509.h>
 #ifndef __OPENVPN_X509_CERT_T_DECLARED
 #define __OPENVPN_X509_CERT_T_DECLARED
 typedef X509 openvpn_x509_cert_t;
 #endif
 #endif
-#endif
 
 #include <stdarg.h>
 #include <stddef.h>
@@ -391,9 +389,9 @@ struct openvpn_plugin_args_open_return
  * *per_client_context : the per-client context pointer which was returned by
  *        openvpn_plugin_client_constructor_v1, if defined.
  *
- * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with ENABLE_CRYPTO defined)
+ * current_cert_depth : Certificate depth of the certificate being passed over
  *
- * *current_cert : X509 Certificate object received from the client (only if compiled with ENABLE_CRYPTO defined)
+ * *current_cert : X509 Certificate object received from the client
  *
  */
 struct openvpn_plugin_args_func_in
@@ -403,13 +401,8 @@ struct openvpn_plugin_args_func_in
     const char **const envp;
     openvpn_plugin_handle_t handle;
     void *per_client_context;
-#ifdef ENABLE_CRYPTO
     int current_cert_depth;
     openvpn_x509_cert_t *current_cert;
-#else
-    int __current_cert_depth_disabled; /* Unused, for compatibility purposes only */
-    void *__current_cert_disabled; /* Unused, for compatibility purposes only */
-#endif
 };
 
 
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 3f3caa1c..0dc4c135 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -30,8 +30,6 @@
 
 #include "syshead.h"
 
-#ifdef ENABLE_CRYPTO
-
 #include "crypto.h"
 #include "error.h"
 #include "integer.h"
@@ -430,7 +428,7 @@ openvpn_decrypt_aead(struct buffer *buf, struct buffer work,
     tag_ptr = BPTR(buf);
     ASSERT(buf_advance(buf, tag_size));
     dmsg(D_PACKET_CONTENT, "DECRYPT MAC: %s", format_hex(tag_ptr, tag_size, 0, &gc));
-#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10001040L
+#if defined(CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10001040L
     /* OpenSSL <= 1.0.1c bug requires set tag before processing ciphertext */
     if (!EVP_CIPHER_CTX_ctrl(ctx->cipher, EVP_CTRL_GCM_SET_TAG, tag_size, tag_ptr))
     {
@@ -1842,5 +1840,3 @@ translate_cipher_name_to_openvpn(const char *cipher_name)
 
     return pair->openvpn_name;
 }
-
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index 6d60ef8c..8e8ee8f5 100644
--- a/src/openvpn/crypto.h
+++ b/src/openvpn/crypto.h
@@ -122,8 +122,6 @@
 #ifndef CRYPTO_H
 #define CRYPTO_H
 
-#ifdef ENABLE_CRYPTO
-
 #include "crypto_backend.h"
 #include "basic.h"
 #include "buffer.h"
@@ -513,6 +511,4 @@ key_ctx_bi_defined(const struct key_ctx_bi *key)
     return key->encrypt.cipher || key->encrypt.hmac || key->decrypt.cipher || key->decrypt.hmac;
 }
 
-
-#endif /* ENABLE_CRYPTO */
 #endif /* CRYPTO_H */
diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
index 567fd9b2..21ed7646 100644
--- a/src/openvpn/crypto_backend.h
+++ b/src/openvpn/crypto_backend.h
@@ -29,10 +29,10 @@
 #ifndef CRYPTO_BACKEND_H_
 #define CRYPTO_BACKEND_H_
 
-#ifdef ENABLE_CRYPTO_OPENSSL
+#ifdef CRYPTO_OPENSSL
 #include "crypto_openssl.h"
 #endif
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
 #include "crypto_mbedtls.h"
 #endif
 #include "basic.h"
diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c
index f4d239bc..872f643f 100644
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -34,7 +34,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_MBEDTLS)
+#if defined(CRYPTO_MBEDTLS)
 
 #include "errlevel.h"
 #include "basic.h"
@@ -903,4 +903,4 @@ hmac_ctx_final(mbedtls_md_context_t *ctx, uint8_t *dst)
     ASSERT(0 == mbedtls_md_hmac_finish(ctx, dst));
 }
 
-#endif /* ENABLE_CRYPTO && ENABLE_CRYPTO_MBEDTLS */
+#endif /* CRYPTO_MBEDTLS */
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 0134e55d..a20b1b32 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -34,7 +34,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL)
+#if defined(CRYPTO_OPENSSL)
 
 #include "basic.h"
 #include "buffer.h"
@@ -969,4 +969,4 @@ hmac_ctx_final(HMAC_CTX *ctx, uint8_t *dst)
     HMAC_Final(ctx, dst, &in_hmac_len);
 }
 
-#endif /* ENABLE_CRYPTO && ENABLE_CRYPTO_OPENSSL */
+#endif /* CRYPTO_OPENSSL */
diff --git a/src/openvpn/forward-inline.h b/src/openvpn/forward-inline.h
index ab83ea40..c977120e 100644
--- a/src/openvpn/forward-inline.h
+++ b/src/openvpn/forward-inline.h
@@ -34,14 +34,12 @@
 static inline void
 check_tls(struct context *c)
 {
-#if defined(ENABLE_CRYPTO)
     void check_tls_dowork(struct context *c);
 
     if (c->c2.tls_multi)
     {
         check_tls_dowork(c);
     }
-#endif
 }
 
 /*
@@ -51,7 +49,6 @@ check_tls(struct context *c)
 static inline void
 check_tls_errors(struct context *c)
 {
-#if defined(ENABLE_CRYPTO)
     void check_tls_errors_co(struct context *c);
 
     void check_tls_errors_nco(struct context *c);
@@ -73,7 +70,6 @@ check_tls_errors(struct context *c)
             }
         }
     }
-#endif /* if defined(ENABLE_CRYPTO) */
 }
 
 /*
@@ -220,7 +216,6 @@ check_push_request(struct context *c)
 
 #endif
 
-#ifdef ENABLE_CRYPTO
 /*
  * Should we persist our anti-replay packet ID state to disk?
  */
@@ -233,7 +228,6 @@ check_packet_id_persist_flush(struct context *c)
         packet_id_persist_save(&c->c1.pid_persist);
     }
 }
-#endif
 
 /*
  * Set our wakeup to 0 seconds, so we will be rescheduled
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index a868a8ff..9bf9483e 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -87,7 +87,6 @@ show_wait_status(struct context *c)
  * traffic on the control-channel.
  *
  */
-#ifdef ENABLE_CRYPTO
 void
 check_tls_dowork(struct context *c)
 {
@@ -131,7 +130,6 @@ check_tls_errors_nco(struct context *c)
 {
     register_signal(c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */
 }
-#endif /* ENABLE_CRYPTO */
 
 #if P2MP
 
@@ -248,7 +246,6 @@ check_connection_established_dowork(struct context *c)
 bool
 send_control_channel_string(struct context *c, const char *str, int msglevel)
 {
-#ifdef ENABLE_CRYPTO
     if (c->c2.tls_multi)
     {
         struct gc_arena gc = gc_new();
@@ -274,7 +271,6 @@ send_control_channel_string(struct context *c, const char *str, int msglevel)
         gc_free(&gc);
         return stat;
     }
-#endif /* ENABLE_CRYPTO */
     return true;
 }
 
@@ -485,7 +481,6 @@ encrypt_sign(struct context *c, bool comp_frag)
 #endif
     }
 
-#ifdef ENABLE_CRYPTO
     /* initialize work buffer with FRAME_HEADROOM bytes of prepend capacity */
     ASSERT(buf_init(&b->encrypt_buf, FRAME_HEADROOM(&c->c2.frame)));
 
@@ -518,7 +513,6 @@ encrypt_sign(struct context *c, bool comp_frag)
         }
         tls_post_encrypt(c->c2.tls_multi, &c->c2.buf);
     }
-#endif /* ifdef ENABLE_CRYPTO */
 
     /*
      * Get the address we will be sending the packet to.
@@ -536,11 +530,9 @@ encrypt_sign(struct context *c, bool comp_frag)
 static void
 process_coarse_timers(struct context *c)
 {
-#ifdef ENABLE_CRYPTO
     /* flush current packet-id to file once per 60
      * seconds if --replay-persist was specified */
     check_packet_id_persist_flush(c);
-#endif
 
     /* should we update status file? */
     check_status_file(c);
@@ -852,7 +844,6 @@ process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo
             link_socket_bad_incoming_addr(&c->c2.buf, lsi, &c->c2.from);
         }
 
-#ifdef ENABLE_CRYPTO
         if (c->c2.tls_multi)
         {
             /*
@@ -909,9 +900,6 @@ process_incoming_link_part1(struct context *c, struct link_socket_info *lsi, boo
             register_signal(c, SIGUSR1, "decryption-error"); /* SOFT-SIGUSR1 -- decryption error in TCP mode */
             msg(D_STREAM_ERRORS, "Fatal decryption error (process_incoming_link), restarting");
         }
-#else /* ENABLE_CRYPTO */
-        decrypt_status = true;
-#endif /* ENABLE_CRYPTO */
     }
     else
     {
@@ -1426,8 +1414,6 @@ process_outgoing_link(struct context *c)
             register_activity(c, size);
         }
 
-
-#ifdef ENABLE_CRYPTO
         /* for unreachable network and "connecting" state switch to the next host */
         if (size < 0 && ENETUNREACH == error_code && c->c2.tls_multi
             && !tls_initial_packet_received(c->c2.tls_multi) && c->options.mode == MODE_POINT_TO_POINT)
@@ -1435,7 +1421,6 @@ process_outgoing_link(struct context *c)
             msg(M_INFO, "Network unreachable, restarting");
             register_signal(c, SIGUSR1, "network-unreachable");
         }
-#endif
     }
     else
     {
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 408daf13..bfc80ebf 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -529,13 +529,11 @@ next_connection_entry(struct context *c)
 void
 init_query_passwords(const struct context *c)
 {
-#ifdef ENABLE_CRYPTO
     /* Certificate password input */
     if (c->options.key_pass_file)
     {
         pem_password_setup(c->options.key_pass_file);
     }
-#endif
 
 #if P2MP
     /* Auth user/pass input */
@@ -704,7 +702,7 @@ init_static(void)
 {
     /* configure_path (); */
 
-#if defined(ENABLE_CRYPTO) && defined(DMALLOC)
+#if defined(DMALLOC)
     crypto_init_dmalloc();
 #endif
 
@@ -741,14 +739,12 @@ init_static(void)
 
     update_time();
 
-#ifdef ENABLE_CRYPTO
     init_ssl_lib();
 
     /* init PRNG used for IV generation */
     /* When forking, copy this to more places in the code to avoid fork
      * random-state predictability */
     prng_init(NULL, 0);
-#endif
 
 #ifdef PID_TEST
     packet_id_interactive_test();       /* test the sequence number code */
@@ -942,9 +938,7 @@ init_static(void)
 void
 uninit_static(void)
 {
-#ifdef ENABLE_CRYPTO
     free_ssl_lib();
-#endif
 
 #ifdef ENABLE_PKCS11
     pkcs11_terminate();
@@ -954,7 +948,7 @@ uninit_static(void)
     close_port_share();
 #endif
 
-#if defined(MEASURE_TLS_HANDSHAKE_STATS) && defined(ENABLE_CRYPTO)
+#if defined(MEASURE_TLS_HANDSHAKE_STATS)
     show_tls_performance_stats();
 #endif
 }
@@ -998,7 +992,6 @@ print_openssl_info(const struct options *options)
     /*
      * OpenSSL info print mode?
      */
-#ifdef ENABLE_CRYPTO
     if (options->show_ciphers || options->show_digests || options->show_engines
         || options->show_tls_ciphers || options->show_curves)
     {
@@ -1025,7 +1018,6 @@ print_openssl_info(const struct options *options)
         }
         return true;
     }
-#endif /* ifdef ENABLE_CRYPTO */
     return false;
 }
 
@@ -1035,7 +1027,6 @@ print_openssl_info(const struct options *options)
 bool
 do_genkey(const struct options *options)
 {
-#ifdef ENABLE_CRYPTO
     if (options->genkey)
     {
         int nbits_written;
@@ -1055,7 +1046,6 @@ do_genkey(const struct options *options)
             options->shared_secret_file);
         return true;
     }
-#endif
     return false;
 }
 
@@ -1071,10 +1061,8 @@ do_persist_tuntap(const struct options *options)
         notnull(options->dev, "TUN/TAP device (--dev)");
         if (options->ce.remote || options->ifconfig_local
             || options->ifconfig_remote_netmask
-#ifdef ENABLE_CRYPTO
             || options->shared_secret_file
             || options->tls_server || options->tls_client
-#endif
             )
         {
             msg(M_FATAL|M_OPTERR,
@@ -1226,12 +1214,10 @@ const char *
 format_common_name(struct context *c, struct gc_arena *gc)
 {
     struct buffer out = alloc_buf_gc(256, gc);
-#ifdef ENABLE_CRYPTO
     if (c->c2.tls_multi)
     {
         buf_printf(&out, "[%s] ", tls_common_name(c->c2.tls_multi, false));
     }
-#endif
     return BSTR(&out);
 }
 
@@ -1333,7 +1319,6 @@ do_init_timers(struct context *c, bool deferred)
 #endif
 
         /* initialize packet_id persistence timer */
-#ifdef ENABLE_CRYPTO
         if (c->options.packet_id_file)
         {
             event_timeout_init(&c->c2.packet_id_persist_interval, 60, now);
@@ -1342,7 +1327,6 @@ do_init_timers(struct context *c, bool deferred)
         /* initialize tmp_int optimization that limits the number of times we call
          * tls_multi_process in the main event loop */
         interval_init(&c->c2.tmp_int, TLS_MULTI_HORIZON, TLS_MULTI_REFRESH);
-#endif
     }
 }
 
@@ -1485,7 +1469,6 @@ initialization_sequence_completed(struct context *c, const unsigned int flags)
     do_uid_gid_chroot(c, true);
 
 
-#ifdef ENABLE_CRYPTO
     /*
      * In some cases (i.e. when receiving auth-token via
      * push-reply) the auth-nocache option configured on the
@@ -1497,7 +1480,6 @@ initialization_sequence_completed(struct context *c, const unsigned int flags)
     {
         delayed_auth_pass_purge();
     }
-#endif /* ENABLE_CRYPTO */
 
     /* Test if errors */
     if (flags & ISC_ERRORS)
@@ -2136,12 +2118,10 @@ pull_permission_mask(const struct context *c)
         flags |= (OPT_P_ROUTE | OPT_P_IPWIN32);
     }
 
-#ifdef ENABLE_CRYPTO
     if (c->options.ncp_enabled)
     {
         flags |= OPT_P_NCP;
     }
-#endif
 
     return flags;
 }
@@ -2230,7 +2210,6 @@ do_deferred_options(struct context *c, const unsigned int found)
         msg(D_PUSH, "OPTIONS IMPORT: environment modified");
     }
 
-#ifdef ENABLE_CRYPTO
     if (found & OPT_P_PEER_ID)
     {
         msg(D_PUSH, "OPTIONS IMPORT: peer-id set");
@@ -2271,7 +2250,7 @@ do_deferred_options(struct context *c, const unsigned int found)
             return false;
         }
     }
-#endif /* ifdef ENABLE_CRYPTO */
+
     return true;
 }
 
@@ -2423,19 +2402,15 @@ frame_finalize_options(struct context *c, const struct options *o)
 static void
 key_schedule_free(struct key_schedule *ks, bool free_ssl_ctx)
 {
-#ifdef ENABLE_CRYPTO
     free_key_ctx_bi(&ks->static_key);
     if (tls_ctx_initialised(&ks->ssl_ctx) && free_ssl_ctx)
     {
         tls_ctx_free(&ks->ssl_ctx);
         free_key_ctx_bi(&ks->tls_wrap_key);
     }
-#endif /* ENABLE_CRYPTO */
     CLEAR(*ks);
 }
 
-#ifdef ENABLE_CRYPTO
-
 static void
 init_crypto_pre(struct context *c, const unsigned int flags)
 {
@@ -2791,7 +2766,7 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
     to.comp_options = options->comp;
 #endif
 
-#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
+#if defined(CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
     if (options->keying_material_exporter_label)
     {
         to.ekm_size = options->keying_material_exporter_length;
@@ -2880,12 +2855,10 @@ do_init_crypto_none(const struct context *c)
         "protected against man-in-the-middle changes. "
         "PLEASE DO RECONSIDER THIS CONFIGURATION!");
 }
-#endif /* ifdef ENABLE_CRYPTO */
 
 static void
 do_init_crypto(struct context *c, const unsigned int flags)
 {
-#ifdef ENABLE_CRYPTO
     if (c->options.shared_secret_file)
     {
         do_init_crypto_static(c, flags);
@@ -2898,11 +2871,6 @@ do_init_crypto(struct context *c, const unsigned int flags)
     {
         do_init_crypto_none(c);
     }
-#else /* ENABLE_CRYPTO */
-    msg(M_WARN,
-        "******* WARNING *******: " PACKAGE_NAME
-        " built without crypto library -- encryption and authentication features disabled -- all data will be tunnelled as cleartext");
-#endif /* ENABLE_CRYPTO */
 }
 
 static void
@@ -3101,7 +3069,6 @@ do_option_warnings(struct context *c)
 #endif /* if P2MP_SERVER */
 #endif /* if P2MP */
 
-#ifdef ENABLE_CRYPTO
     if (!o->replay)
     {
         msg(M_WARN, "WARNING: You have disabled Replay Protection (--no-replay) which may make " PACKAGE_NAME " less secure");
@@ -3123,7 +3090,6 @@ do_option_warnings(struct context *c)
     {
         msg(M_WARN, "WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.");
     }
-#endif /* ifdef ENABLE_CRYPTO */
 
     /* If a script is used, print appropiate warnings */
     if (o->user_script_used)
@@ -3146,9 +3112,7 @@ do_option_warnings(struct context *c)
 static void
 do_init_frame_tls(struct context *c)
 {
-#ifdef ENABLE_CRYPTO
     do_init_finalize_tls_frame(c);
-#endif
 }
 
 struct context_buffers *
@@ -3163,10 +3127,8 @@ init_context_buffers(const struct frame *frame)
 
     b->aux_buf = alloc_buf(BUF_SIZE(frame));
 
-#ifdef ENABLE_CRYPTO
     b->encrypt_buf = alloc_buf(BUF_SIZE(frame));
     b->decrypt_buf = alloc_buf(BUF_SIZE(frame));
-#endif
 
 #ifdef USE_COMP
     b->compress_buf = alloc_buf(BUF_SIZE(frame));
@@ -3190,10 +3152,8 @@ free_context_buffers(struct context_buffers *b)
         free_buf(&b->decompress_buf);
 #endif
 
-#ifdef ENABLE_CRYPTO
         free_buf(&b->encrypt_buf);
         free_buf(&b->decrypt_buf);
-#endif
 
         free(b);
     }
@@ -3329,14 +3289,12 @@ do_compute_occ_strings(struct context *c)
         options_string_version(c->c2.options_string_remote, &gc),
         c->c2.options_string_remote);
 
-#ifdef ENABLE_CRYPTO
     if (c->c2.tls_multi)
     {
         tls_multi_init_set_options(c->c2.tls_multi,
                                    c->c2.options_string_local,
                                    c->c2.options_string_remote);
     }
-#endif
 
     gc_free(&gc);
 }
@@ -3410,7 +3368,6 @@ do_close_free_buf(struct context *c)
 static void
 do_close_tls(struct context *c)
 {
-#ifdef ENABLE_CRYPTO
     if (c->c2.tls_multi)
     {
         tls_multi_free(c->c2.tls_multi, true);
@@ -3429,7 +3386,6 @@ do_close_tls(struct context *c)
     }
     c->c2.options_string_local = c->c2.options_string_remote = NULL;
 #endif
-#endif
 }
 
 /*
@@ -3494,14 +3450,12 @@ do_close_link_socket(struct context *c)
 static void
 do_close_packet_id(struct context *c)
 {
-#ifdef ENABLE_CRYPTO
     packet_id_free(&c->c2.crypto_options.packet_id);
     packet_id_persist_save(&c->c1.pid_persist);
     if (!(c->sig->signal_received == SIGUSR1))
     {
         packet_id_persist_close(&c->c1.pid_persist);
     }
-#endif
 }
 
 #ifdef ENABLE_FRAGMENT
@@ -3680,7 +3634,6 @@ do_setup_fast_io(struct context *c)
 static void
 do_signal_on_tls_errors(struct context *c)
 {
-#ifdef ENABLE_CRYPTO
     if (c->options.tls_exit)
     {
         c->c2.tls_exit_signal = SIGTERM;
@@ -3689,7 +3642,6 @@ do_signal_on_tls_errors(struct context *c)
     {
         c->c2.tls_exit_signal = SIGUSR1;
     }
-#endif
 }
 
 #ifdef ENABLE_PLUGIN
@@ -4369,7 +4321,6 @@ inherit_context_child(struct context *dest,
     /* c1 init */
     packet_id_persist_init(&dest->c1.pid_persist);
 
-#ifdef ENABLE_CRYPTO
     dest->c1.ks.key_type = src->c1.ks.key_type;
     /* inherit SSL context */
     dest->c1.ks.ssl_ctx = src->c1.ks.ssl_ctx;
@@ -4379,7 +4330,6 @@ inherit_context_child(struct context *dest,
     dest->c1.ciphername = src->c1.ciphername;
     dest->c1.authname = src->c1.authname;
     dest->c1.keysize = src->c1.keysize;
-#endif
 
     /* options */
     dest->options = src->options;
@@ -4453,9 +4403,7 @@ inherit_context_top(struct context *dest,
     /* detach plugins */
     dest->plugins_owned = false;
 
-#ifdef ENABLE_CRYPTO
     dest->c2.tls_multi = NULL;
-#endif
 
     /* detach c1 ownership */
     dest->c1.tuntap_owned = false;
@@ -4513,8 +4461,6 @@ close_context(struct context *c, int sig, unsigned int flags)
     }
 }
 
-#ifdef ENABLE_CRYPTO
-
 /*
  * Do a loopback test
  * on the crypto subsystem.
@@ -4542,12 +4488,9 @@ test_crypto_thread(void *arg)
     return NULL;
 }
 
-#endif /* ENABLE_CRYPTO */
-
 bool
 do_test_crypto(const struct options *o)
 {
-#ifdef ENABLE_CRYPTO
     if (o->test_crypto)
     {
         struct context c;
@@ -4562,6 +4505,5 @@ do_test_crypto(const struct options *o)
         test_crypto_thread((void *) &c);
         return true;
     }
-#endif
     return false;
 }
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 88121a38..55b106cd 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -762,10 +762,8 @@ man_query_need_str(struct management *man, const char *type, const char *action)
 static void
 man_forget_passwords(struct management *man)
 {
-#ifdef ENABLE_CRYPTO
     ssl_purge_auth(false);
     msg(M_CLIENT, "SUCCESS: Passwords were forgotten");
-#endif
 }
 
 static void
@@ -1918,12 +1916,11 @@ man_reset_client_socket(struct management *man, const bool exiting)
     }
     if (!exiting)
     {
-#ifdef ENABLE_CRYPTO
         if (man->settings.flags & MF_FORGET_DISCONNECT)
         {
             ssl_purge_auth(false);
         }
-#endif
+
         if (man->settings.flags & MF_SIGNAL)
         {
             int mysig = man_mod_signal(man, SIGUSR1);
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 6d53cbfb..76b592f8 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -770,8 +770,6 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc)
     return NULL;
 }
 
-#ifdef ENABLE_CRYPTO
-
 /*
  * Prepend a random string to hostname to prevent DNS caching.
  * For example, foo.bar.gov would be modified to <random-chars>.foo.bar.gov.
@@ -793,17 +791,6 @@ hostname_randomize(const char *hostname, struct gc_arena *gc)
 #undef n_rnd_bytes
 }
 
-#else  /* ifdef ENABLE_CRYPTO */
-
-const char *
-hostname_randomize(const char *hostname, struct gc_arena *gc)
-{
-    msg(M_WARN, "WARNING: hostname randomization disabled when crypto support is not compiled");
-    return hostname;
-}
-
-#endif /* ifdef ENABLE_CRYPTO */
-
 /*
  * Put a directory and filename together.
  */
diff --git a/src/openvpn/misc.h b/src/openvpn/misc.h
index f6c810a2..ec20ee7e 100644
--- a/src/openvpn/misc.h
+++ b/src/openvpn/misc.h
@@ -143,13 +143,8 @@ const char **make_arg_array(const char *first, const char *parms, struct gc_aren
 const char **make_extended_arg_array(char **p, struct gc_arena *gc);
 
 /* an analogue to the random() function, but use OpenSSL functions if available */
-#ifdef ENABLE_CRYPTO
 long int get_random(void);
 
-#else
-#define get_random random
-#endif
-
 /* return true if filename can be opened for read */
 bool test_file(const char *filename);
 
@@ -162,7 +157,7 @@ const char *gen_path(const char *directory, const char *filename, struct gc_aren
 /* return true if pathname is absolute */
 bool absolute_pathname(const char *pathname);
 
-/* prepend a random prefix to hostname (need ENABLE_CRYPTO) */
+/* prepend a random prefix to hostname */
 const char *hostname_randomize(const char *hostname, struct gc_arena *gc);
 
 /*
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 9262e68b..fb8ff1a4 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -54,7 +54,6 @@
 
 struct key_schedule
 {
-#ifdef ENABLE_CRYPTO
     /* which cipher, HMAC digest, and key sizes are we using? */
     struct key_type key_type;
 
@@ -67,9 +66,6 @@ struct key_schedule
     /* optional TLS control channel wrapping */
     struct key_type tls_auth_key_type;
     struct key_ctx_bi tls_wrap_key;
-#else                           /* ENABLE_CRYPTO */
-    int dummy;
-#endif                          /* ENABLE_CRYPTO */
 };
 
 /*
@@ -96,10 +92,8 @@ struct context_buffers
     struct buffer aux_buf;
 
     /* workspace buffers used by crypto routines */
-#ifdef ENABLE_CRYPTO
     struct buffer encrypt_buf;
     struct buffer decrypt_buf;
-#endif
 
     /* workspace buffers for compression */
 #ifdef USE_COMP
@@ -334,8 +328,6 @@ struct context_2
     int occ_mtu_load_n_tries;
 #endif
 
-#ifdef ENABLE_CRYPTO
-
     /*
      * TLS-mode crypto objects.
      */
@@ -367,8 +359,6 @@ struct context_2
 
     struct event_timeout packet_id_persist_interval;
 
-#endif /* ENABLE_CRYPTO */
-
 #ifdef USE_COMP
     struct compress_context *comp_context;
     /**< Compression context used by the
@@ -566,7 +556,6 @@ struct context
  * have been compiled in.
  */
 
-#ifdef ENABLE_CRYPTO
 #define TLS_MODE(c) ((c)->c2.tls_multi != NULL)
 #define PROTO_DUMP_FLAGS (check_debug_level(D_LINK_RW_VERBOSE) ? (PD_SHOW_DATA|PD_VERBOSE) : 0)
 #define PROTO_DUMP(buf, gc) protocol_dump((buf), \
@@ -574,22 +563,9 @@ struct context
                                           |(c->c2.tls_multi ? PD_TLS : 0)   \
                                           |(c->options.tls_auth_file ? c->c1.ks.key_type.hmac_length : 0), \
                                           gc)
-#else  /* ifdef ENABLE_CRYPTO */
-#define TLS_MODE(c) (false)
-#define PROTO_DUMP(buf, gc) format_hex(BPTR(buf), BLEN(buf), 80, gc)
-#endif
-
-#ifdef ENABLE_CRYPTO
 #define MD5SUM(buf, len, gc) md5sum((buf), (len), 0, (gc))
-#else
-#define MD5SUM(buf, len, gc) "[unavailable]"
-#endif
 
-#ifdef ENABLE_CRYPTO
 #define CIPHER_ENABLED(c) (c->c1.ks.key_type.cipher != NULL)
-#else
-#define CIPHER_ENABLED(c) (false)
-#endif
 
 /* this represents "disabled peer-id" */
 #define MAX_PEER_ID 0xFFFFFF
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 8e5cdf7f..49afb4e4 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -67,15 +67,13 @@ const char title_string[] =
     " [git:" CONFIGURE_GIT_REVISION CONFIGURE_GIT_FLAGS "]"
 #endif
     " " TARGET_ALIAS
-#ifdef ENABLE_CRYPTO
-#if defined(ENABLE_CRYPTO_MBEDTLS)
+#if defined(CRYPTO_MBEDTLS)
     " [SSL (mbed TLS)]"
-#elif defined(ENABLE_CRYPTO_OPENSSL)
+#elif defined(CRYPTO_OPENSSL)
     " [SSL (OpenSSL)]"
 #else
     " [SSL]"
-#endif /* defined(ENABLE_CRYPTO_MBEDTLS) */
-#endif /* ENABLE_CRYPTO */
+#endif /* defined(CRYPTO_MBEDTLS) */
 #ifdef USE_COMP
 #ifdef ENABLE_LZO
     " [LZO]"
@@ -518,7 +516,6 @@ static const char usage_message[] =
     "--explicit-exit-notify [n] : On exit/restart, send exit signal to\n"
     "                  server/remote. n = # of retries, default=1.\n"
 #endif
-#ifdef ENABLE_CRYPTO
     "\n"
     "Data Channel Encryption Options (must be compatible between peers):\n"
     "(These options are meaningful for both Static Key & TLS-mode)\n"
@@ -543,7 +540,7 @@ static const char usage_message[] =
     "--keysize n     : (DEPRECATED) Size of cipher key in bits (optional).\n"
     "                  If unspecified, defaults to cipher-specific default.\n"
 #endif
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     "--engine [name] : Enable OpenSSL hardware crypto engine functionality.\n"
 #endif
     "--no-replay     : (DEPRECATED) Disable replay protection.\n"
@@ -568,10 +565,10 @@ static const char usage_message[] =
     "                  number, such as 1 (default), 2, etc.\n"
     "--ca file       : Certificate authority file in .pem format containing\n"
     "                  root certificate.\n"
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     "--capath dir    : A directory of trusted certificates (CAs"
     " and CRLs).\n"
-#endif /* ENABLE_CRYPTO_MBEDTLS */
+#endif /* CRYPTO_MBEDTLS */
     "--dh file       : File containing Diffie Hellman parameters\n"
     "                  in .pem format (for --tls-server only).\n"
     "                  Use \"openssl dhparam -out dh1024.pem 1024\" to generate.\n"
@@ -583,7 +580,7 @@ static const char usage_message[] =
     "    will accept from the peer.  If version is unrecognized and 'or-highest'\n"
     "    is specified, require max TLS version supported by SSL implementation.\n"
     "--tls-version-max <version> : sets the maximum TLS version we will use.\n"
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     "--pkcs12 file   : PKCS#12 file containing local private key, local certificate\n"
     "                  and optionally the root CA certificate.\n"
 #endif
@@ -644,7 +641,7 @@ static const char usage_message[] =
     "                  an explicit nsCertType designation t = 'client' | 'server'.\n"
     "--x509-track x  : Save peer X509 attribute x in environment for use by\n"
     "                  plugins and management interface.\n"
-#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
+#if defined(CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
     "--keying-material-exporter label len : Save Exported Keying Material (RFC5705)\n"
     "                  of len bytes (min. 16 bytes) using label in environment for use by plugins.\n"
 #endif
@@ -748,7 +745,6 @@ static const char usage_message[] =
     "--genkey        : Generate a random key to be used as a shared secret,\n"
     "                  for use with the --secret option.\n"
     "--secret file   : Write key to file.\n"
-#endif                          /* ENABLE_CRYPTO */
 #ifdef ENABLE_FEATURE_TUN_PERSIST
     "\n"
     "Tun/tap config mode (available with linux 2.4+):\n"
@@ -852,7 +848,6 @@ init_options(struct options *o, const bool init_gc)
 #if P2MP
     o->scheduled_exit_interval = 5;
 #endif
-#ifdef ENABLE_CRYPTO
     o->ciphername = "BF-CBC";
 #ifdef HAVE_AEAD_CIPHER_MODES /* IV_NCP=2 requires GCM support */
     o->ncp_enabled = true;
@@ -882,7 +877,6 @@ init_options(struct options *o, const bool init_gc)
 #ifdef ENABLE_X509ALTUSERNAME
     o->x509_username_field = X509_USERNAME_FIELD_DEFAULT;
 #endif
-#endif /* ENABLE_CRYPTO */
 #ifdef ENABLE_PKCS11
     o->pkcs11_pin_cache_period = -1;
 #endif                  /* ENABLE_PKCS11 */
@@ -1146,7 +1140,6 @@ string_substitute(const char *src, int from, int to, struct gc_arena *gc)
     return ret;
 }
 
-#ifdef ENABLE_CRYPTO
 static uint8_t *
 parse_hash_fingerprint(const char *str, int nbytes, int msglevel, struct gc_arena *gc)
 {
@@ -1188,7 +1181,6 @@ parse_hash_fingerprint(const char *str, int nbytes, int msglevel, struct gc_aren
     }
     return ret;
 }
-#endif /* ifdef ENABLE_CRYPTO */
 
 #ifdef _WIN32
 
@@ -1560,14 +1552,12 @@ show_settings(const struct options *o)
     SHOW_INT(persist_mode);
 #endif
 
-#ifdef ENABLE_CRYPTO
     SHOW_BOOL(show_ciphers);
     SHOW_BOOL(show_digests);
     SHOW_BOOL(show_engines);
     SHOW_BOOL(genkey);
     SHOW_STR(key_pass_file);
     SHOW_BOOL(show_tls_ciphers);
-#endif
 
     SHOW_INT(connect_retry_max);
     show_connection_entries(o);
@@ -1702,7 +1692,6 @@ show_settings(const struct options *o)
     }
 #endif
 
-#ifdef ENABLE_CRYPTO
     SHOW_STR(shared_secret_file);
     SHOW_INT(key_direction);
     SHOW_STR(ciphername);
@@ -1712,9 +1701,9 @@ show_settings(const struct options *o)
     SHOW_STR(prng_hash);
     SHOW_INT(prng_nonce_secret_len);
     SHOW_INT(keysize);
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     SHOW_BOOL(engine);
-#endif /* ENABLE_CRYPTO_MBEDTLS */
+#endif /* CRYPTO_MBEDTLS */
     SHOW_BOOL(replay);
     SHOW_BOOL(mute_replay_warnings);
     SHOW_INT(replay_window);
@@ -1749,7 +1738,7 @@ show_settings(const struct options *o)
     else
 #endif
     SHOW_STR(priv_key_file);
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     SHOW_STR(pkcs12_file);
 #endif
 #ifdef ENABLE_CRYPTOAPI
@@ -1790,7 +1779,6 @@ show_settings(const struct options *o)
 
     SHOW_STR(tls_auth_file);
     SHOW_STR(tls_crypt_file);
-#endif /* ENABLE_CRYPTO */
 
 #ifdef ENABLE_PKCS11
     {
@@ -2024,14 +2012,14 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
 
     init_options(&defaults, true);
 
-#ifdef ENABLE_CRYPTO
     if (options->test_crypto)
     {
         notnull(options->shared_secret_file, "key file (--secret)");
     }
     else
-#endif
-    notnull(options->dev, "TUN/TAP device (--dev)");
+    {
+        notnull(options->dev, "TUN/TAP device (--dev)");
+    }
 
     /*
      * Get tun/tap/null device type
@@ -2072,10 +2060,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
     }
 
     if (options->inetd == INETD_NOWAIT
-#ifdef ENABLE_CRYPTO
-        && !(options->tls_server || options->tls_client)
-#endif
-        )
+        && !(options->tls_server || options->tls_client))
     {
         msg(M_USAGE, "--inetd nowait can only be used in TLS mode");
     }
@@ -2485,8 +2470,6 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
     }
 #endif /* P2MP_SERVER */
 
-#ifdef ENABLE_CRYPTO
-
     if (options->ncp_enabled && !tls_check_ncp_cipher_list(options->ncp_ciphers))
     {
         msg(M_USAGE, "NCP cipher list contains unsupported ciphers.");
@@ -2628,7 +2611,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
 #endif /* ifdef ENABLE_CRYPTOAPI */
         if (options->pkcs12_file)
         {
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
             msg(M_USAGE, "Parameter --pkcs12 cannot be used with the mbed TLS version version of OpenVPN.");
 #else
             if (options->ca_path)
@@ -2653,11 +2636,11 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
                 msg(M_USAGE, "Parameter --management-external-cert cannot be used when --pkcs12 is also specified.");
             }
 #endif
-#endif /* ifdef ENABLE_CRYPTO_MBEDTLS */
+#endif /* ifdef CRYPTO_MBEDTLS */
         }
         else
         {
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
             if (!(options->ca_file))
             {
                 msg(M_USAGE, "You must define CA file (--ca)");
@@ -2666,7 +2649,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
             {
                 msg(M_USAGE, "Parameter --capath cannot be used with the mbed TLS version version of OpenVPN.");
             }
-#else  /* ifdef ENABLE_CRYPTO_MBEDTLS */
+#else  /* ifdef CRYPTO_MBEDTLS */
             if ((!(options->ca_file)) && (!(options->ca_path)))
             {
                 msg(M_USAGE, "You must define CA file (--ca) or CA path (--capath)");
@@ -2732,7 +2715,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
         MUST_BE_UNDEF(dh_file);
         MUST_BE_UNDEF(cert_file);
         MUST_BE_UNDEF(priv_key_file);
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
         MUST_BE_UNDEF(pkcs12_file);
 #endif
         MUST_BE_UNDEF(cipher_list);
@@ -2771,7 +2754,6 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
         }
     }
 #undef MUST_BE_UNDEF
-#endif /* ENABLE_CRYPTO */
 
 #if P2MP
     if (options->auth_user_pass_file && !options->pull)
@@ -3009,7 +2991,6 @@ options_postprocess_mutate(struct options *o)
         options_postprocess_mutate_ce(o, o->connection_list->array[i]);
     }
 
-#ifdef ENABLE_CRYPTO
     if (o->tls_server)
     {
         /* Check that DH file is specified, or explicitly disabled */
@@ -3035,7 +3016,6 @@ options_postprocess_mutate(struct options *o)
              "in P2MP client or server mode" );
         o->ncp_enabled = false;
     }
-#endif
 
 #if ENABLE_MANAGEMENT
     if (o->http_proxy_override)
@@ -3267,7 +3247,6 @@ options_postprocess_filechecks(struct options *options)
 {
     bool errs = false;
 
-#ifdef ENABLE_CRYPTO
     /* ** SSL/TLS/crypto related files ** */
     errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->dh_file, R_OK, "--dh");
     errs |= check_file_access(CHKACC_FILE|CHKACC_INLINE, options->ca_file, R_OK, "--ca");
@@ -3308,7 +3287,6 @@ options_postprocess_filechecks(struct options *options)
     /* ** Password files ** */
     errs |= check_file_access(CHKACC_FILE|CHKACC_ACPTSTDIN|CHKACC_PRIVATE,
                               options->key_pass_file, R_OK, "--askpass");
-#endif /* ENABLE_CRYPTO */
 #ifdef ENABLE_MANAGEMENT
     errs |= check_file_access(CHKACC_FILE|CHKACC_ACPTSTDIN|CHKACC_PRIVATE,
                               options->management_user_pass, R_OK,
@@ -3331,10 +3309,8 @@ options_postprocess_filechecks(struct options *options)
                               R_OK|W_OK, "--status");
 
     /* ** Config related ** */
-#ifdef ENABLE_CRYPTO
     errs |= check_file_access_chroot(options->chroot_dir, CHKACC_FILE, options->tls_export_cert,
                                      R_OK|W_OK|X_OK, "--tls-export-cert");
-#endif /* ENABLE_CRYPTO */
 #if P2MP_SERVER
     errs |= check_file_access_chroot(options->chroot_dir, CHKACC_FILE, options->client_config_dir,
                                      R_OK|X_OK, "--client-config-dir");
@@ -3462,7 +3438,7 @@ static size_t
 calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
 {
     size_t link_mtu = EXPANDED_SIZE(frame);
-#ifdef ENABLE_CRYPTO
+
     if (o->pull || o->mode == MODE_SERVER)
     {
         struct frame fake_frame = *frame;
@@ -3478,7 +3454,6 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
             EXPANDED_SIZE(&fake_frame));
         link_mtu = EXPANDED_SIZE(&fake_frame);
     }
-#endif
     return link_mtu;
 }
 
@@ -3606,8 +3581,6 @@ options_string(const struct options *o,
     }
 #endif
 
-#ifdef ENABLE_CRYPTO
-
 #define TLS_CLIENT (o->tls_client)
 #define TLS_SERVER (o->tls_server)
 
@@ -3705,8 +3678,6 @@ options_string(const struct options *o,
 #undef TLS_CLIENT
 #undef TLS_SERVER
 
-#endif /* ENABLE_CRYPTO */
-
     return BSTR(&out);
 }
 
@@ -4084,7 +4055,6 @@ usage(void)
     struct options o;
     init_options(&o, true);
 
-#ifdef ENABLE_CRYPTO
     fprintf(fp, usage_message,
             title_string,
             o.ce.connect_retry_seconds,
@@ -4096,15 +4066,6 @@ usage(void)
             o.replay_window, o.replay_time,
             o.tls_timeout, o.renegotiate_seconds,
             o.handshake_window, o.transition_window);
-#else  /* ifdef ENABLE_CRYPTO */
-    fprintf(fp, usage_message,
-            title_string,
-            o.ce.connect_retry_seconds,
-            o.ce.connect_retry_seconds_max,
-            o.ce.local_port, o.ce.remote_port,
-            TUN_MTU_DEFAULT, TAP_MTU_EXTRA_DEFAULT,
-            o.verbosity);
-#endif
     fflush(fp);
 
 #endif /* ENABLE_SMALL */
@@ -4132,11 +4093,7 @@ show_windows_version(const unsigned int flags)
 void
 show_library_versions(const unsigned int flags)
 {
-#ifdef ENABLE_CRYPTO
 #define SSL_LIB_VER_STR get_ssl_library_version()
-#else
-#define SSL_LIB_VER_STR ""
-#endif
 #ifdef ENABLE_LZO
 #define LZO_LIB_VER_STR ", LZO ", lzo_version_string()
 #else
@@ -7441,7 +7398,6 @@ add_option(struct options *options,
         }
     }
 #endif /* USE_COMP */
-#ifdef ENABLE_CRYPTO
     else if (streq(p[0], "show-ciphers") && !p[1])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
@@ -7610,7 +7566,7 @@ add_option(struct options *options,
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->test_crypto = true;
     }
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     else if (streq(p[0], "engine") && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
@@ -7623,7 +7579,7 @@ add_option(struct options *options,
             options->engine = "auto";
         }
     }
-#endif /* ENABLE_CRYPTO_MBEDTLS */
+#endif /* CRYPTO_MBEDTLS */
 #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH
     else if (streq(p[0], "keysize") && p[1] && !p[2])
     {
@@ -7680,13 +7636,13 @@ add_option(struct options *options,
             options->ca_file_inline = p[2];
         }
     }
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     else if (streq(p[0], "capath") && p[1] && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->ca_path = p[1];
     }
-#endif /* ENABLE_CRYPTO_MBEDTLS */
+#endif /* CRYPTO_MBEDTLS */
     else if (streq(p[0], "dh") && p[1] && ((streq(p[1], INLINE_FILE_TAG) && p[2]) || !p[2]) && !p[3])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
@@ -7778,7 +7734,7 @@ add_option(struct options *options,
             ~(SSLF_TLS_VERSION_MAX_MASK << SSLF_TLS_VERSION_MAX_SHIFT);
         options->ssl_flags |= (ver << SSLF_TLS_VERSION_MAX_SHIFT);
     }
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     else if (streq(p[0], "pkcs12") && p[1] && ((streq(p[1], INLINE_FILE_TAG) && p[2]) || !p[2]) && !p[3])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
@@ -7788,7 +7744,7 @@ add_option(struct options *options,
             options->pkcs12_file_inline = p[2];
         }
     }
-#endif /* ENABLE_CRYPTO_MBEDTLS */
+#endif /* CRYPTO_MBEDTLS */
     else if (streq(p[0], "askpass") && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
@@ -7869,7 +7825,7 @@ add_option(struct options *options,
                         string_substitute(p[1], ',', ' ', &options->gc),
                         "tls-verify", true);
     }
-#ifndef ENABLE_CRYPTO_MBEDTLS
+#ifndef CRYPTO_MBEDTLS
     else if (streq(p[0], "tls-export-cert") && p[1] && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
@@ -8124,7 +8080,6 @@ add_option(struct options *options,
         options->x509_username_field = p[1];
     }
 #endif /* ENABLE_X509ALTUSERNAME */
-#endif /* ENABLE_CRYPTO */
 #ifdef ENABLE_PKCS11
     else if (streq(p[0], "show-pkcs11-ids") && !p[3])
     {
@@ -8240,7 +8195,7 @@ add_option(struct options *options,
         options->use_peer_id = true;
         options->peer_id = atoi(p[1]);
     }
-#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
+#if defined(CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
     else if (streq(p[0], "keying-material-exporter") && p[1] && p[2])
     {
         int ekm_length = positive_atoi(p[2]);
@@ -8262,7 +8217,7 @@ add_option(struct options *options,
         options->keying_material_exporter_label = p[1];
         options->keying_material_exporter_length = ekm_length;
     }
-#endif /* if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000 */
+#endif /* if defined(CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000 */
     else if (streq(p[0], "allow-recursive-routing") && !p[1])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 035c6d15..d7b46219 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -41,9 +41,7 @@
 #include "comp.h"
 #include "pushlist.h"
 #include "clinat.h"
-#ifdef ENABLE_CRYPTO
 #include "crypto_backend.h"
-#endif
 
 
 /*
@@ -81,7 +79,7 @@ struct options_pre_pull
 };
 
 #endif
-#if defined(ENABLE_CRYPTO) && !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_MBEDTLS)
+#if !defined(CRYPTO_OPENSSL) && !defined(CRYPTO_MBEDTLS)
 #error "At least one of OpenSSL or mbed TLS needs to be defined."
 #endif
 
@@ -188,7 +186,6 @@ struct options
     bool persist_config;
     int persist_mode;
 
-#ifdef ENABLE_CRYPTO
     const char *key_pass_file;
     bool show_ciphers;
     bool show_digests;
@@ -196,7 +193,6 @@ struct options
     bool show_tls_ciphers;
     bool show_curves;
     bool genkey;
-#endif
 
     /* Networking parms */
     int connect_retry_max;
@@ -468,7 +464,6 @@ struct options
 #endif
 #endif /* if P2MP */
 
-#ifdef ENABLE_CRYPTO
     /* Cipher parms */
     const char *shared_secret_file;
     const char *shared_secret_file_inline;
@@ -580,8 +575,6 @@ struct options
 
     bool tls_exit;
 
-#endif /* ENABLE_CRYPTO */
-
     const struct x509_track *x509_track;
 
     /* special state parms */
@@ -599,7 +592,7 @@ struct options
     bool use_peer_id;
     uint32_t peer_id;
 
-#if defined(ENABLE_CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
+#if defined(CRYPTO_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x10001000
     /* Keying Material Exporters [RFC 5705] */
     const char *keying_material_exporter_label;
     int keying_material_exporter_length;
diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
index 4e0e9868..4c3696de 100644
--- a/src/openvpn/packet_id.c
+++ b/src/openvpn/packet_id.c
@@ -38,8 +38,6 @@
 
 #include "syshead.h"
 
-#ifdef ENABLE_CRYPTO
-
 #include "packet_id.h"
 #include "misc.h"
 #include "integer.h"
@@ -695,5 +693,3 @@ packet_id_interactive_test(void)
     packet_id_free(&pid);
 }
 #endif /* ifdef PID_TEST */
-
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
index 8509e590..cde76483 100644
--- a/src/openvpn/packet_id.h
+++ b/src/openvpn/packet_id.h
@@ -27,8 +27,6 @@
  * attempts to replay them back later.
  */
 
-#ifdef ENABLE_CRYPTO
-
 #ifndef PACKET_ID_H
 #define PACKET_ID_H
 
@@ -342,4 +340,3 @@ packet_id_reap_test(struct packet_id_rec *p)
 }
 
 #endif /* PACKET_ID_H */
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/pkcs11_mbedtls.c b/src/openvpn/pkcs11_mbedtls.c
index 45372e48..0d3bbe33 100644
--- a/src/openvpn/pkcs11_mbedtls.c
+++ b/src/openvpn/pkcs11_mbedtls.c
@@ -34,7 +34,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_PKCS11) && defined(ENABLE_CRYPTO_MBEDTLS)
+#if defined(ENABLE_PKCS11) && defined(CRYPTO_MBEDTLS)
 
 #include "errlevel.h"
 #include "pkcs11_backend.h"
@@ -129,4 +129,4 @@ cleanup:
 
     return ret;
 }
-#endif /* defined(ENABLE_PKCS11) && defined(ENABLE_CRYPTO_MBEDTLS) */
+#endif /* defined(ENABLE_PKCS11) && defined(CRYPTO_MBEDTLS) */
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index c37425b6..bb8c76da 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -34,7 +34,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_PKCS11) && defined(ENABLE_CRYPTO_OPENSSL)
+#if defined(ENABLE_PKCS11) && defined(CRYPTO_OPENSSL)
 
 #include "errlevel.h"
 #include "pkcs11_backend.h"
diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c
index 557b6bc7..7387f8be 100644
--- a/src/openvpn/plugin.c
+++ b/src/openvpn/plugin.c
@@ -517,11 +517,9 @@ plugin_call_item(const struct plugin *p,
                  const int type,
                  const struct argv *av,
                  struct openvpn_plugin_string_list **retlist,
-                 const char **envp
-#ifdef ENABLE_CRYPTO
-                 , int certdepth,
+                 const char **envp,
+                 int certdepth,
                  openvpn_x509_cert_t *current_cert
-#endif
                  )
 {
     int status = OPENVPN_PLUGIN_FUNC_SUCCESS;
@@ -550,13 +548,8 @@ plugin_call_item(const struct plugin *p,
                                                         (const char **const) envp,
                                                         p->plugin_handle,
                                                         per_client_context,
-#ifdef ENABLE_CRYPTO
                                                         (current_cert ? certdepth : -1),
                                                         current_cert
-#else
-                                                        -1,
-                                                        NULL
-#endif
             };
 
             struct openvpn_plugin_args_func_return retargs;
@@ -786,11 +779,9 @@ plugin_call_ssl(const struct plugin_list *pl,
                 const int type,
                 const struct argv *av,
                 struct plugin_return *pr,
-                struct env_set *es
-#ifdef ENABLE_CRYPTO
-                , int certdepth,
+                struct env_set *es,
+                int certdepth,
                 openvpn_x509_cert_t *current_cert
-#endif
                 )
 {
     if (pr)
@@ -818,11 +809,9 @@ plugin_call_ssl(const struct plugin_list *pl,
                                                 type,
                                                 av,
                                                 pr ? &pr->list[i] : NULL,
-                                                envp
-#ifdef ENABLE_CRYPTO
-                                                ,certdepth,
+                                                envp,
+                                                certdepth,
                                                 current_cert
-#endif
                                                 );
             switch (status)
             {
diff --git a/src/openvpn/plugin.h b/src/openvpn/plugin.h
index 0cffee0f..4393daee 100644
--- a/src/openvpn/plugin.h
+++ b/src/openvpn/plugin.h
@@ -28,10 +28,10 @@
 #ifndef OPENVPN_PLUGIN_H
 #define OPENVPN_PLUGIN_H
 
-#ifdef ENABLE_CRYPTO_OPENSSL
+#ifdef CRYPTO_OPENSSL
 #include "ssl_verify_openssl.h"
 #endif
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
 #include "ssl_verify_mbedtls.h"
 #endif
 #include "openvpn-plugin.h"
@@ -127,11 +127,9 @@ int plugin_call_ssl(const struct plugin_list *pl,
                     const int type,
                     const struct argv *av,
                     struct plugin_return *pr,
-                    struct env_set *es
-#ifdef ENABLE_CRYPTO
-                    , int current_cert_depth,
+                    struct env_set *es,
+                    int current_cert_depth,
                     openvpn_x509_cert_t *current_cert
-#endif
                     );
 
 void plugin_list_close(struct plugin_list *pl);
@@ -189,11 +187,9 @@ plugin_call_ssl(const struct plugin_list *pl,
                 const int type,
                 const struct argv *av,
                 struct plugin_return *pr,
-                struct env_set *es
-#ifdef ENABLE_CRYPTO
-                , int current_cert_depth,
+                struct env_set *es,
+                int current_cert_depth,
                 openvpn_x509_cert_t *current_cert
-#endif
                 )
 {
     return 0;
@@ -208,11 +204,7 @@ plugin_call(const struct plugin_list *pl,
             struct plugin_return *pr,
             struct env_set *es)
 {
-    return plugin_call_ssl(pl, type, av, pr, es
-#ifdef ENABLE_CRYPTO
-                           , -1, NULL
-#endif
-                           );
+    return plugin_call_ssl(pl, type, av, pr, es, -1, NULL);
 }
 
 #endif /* OPENVPN_PLUGIN_H */
diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c
index bfd8c247..972af618 100644
--- a/src/openvpn/reliable.c
+++ b/src/openvpn/reliable.c
@@ -34,8 +34,6 @@
 
 #include "syshead.h"
 
-#ifdef ENABLE_CRYPTO
-
 #include "buffer.h"
 #include "error.h"
 #include "common.h"
@@ -802,10 +800,3 @@ reliable_debug_print(const struct reliable *rel, char *desc)
 }
 
 #endif /* if 0 */
-
-#else  /* ifdef ENABLE_CRYPTO */
-static void
-dummy(void)
-{
-}
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/reliable.h b/src/openvpn/reliable.h
index aa34b022..0585d8b7 100644
--- a/src/openvpn/reliable.h
+++ b/src/openvpn/reliable.h
@@ -28,8 +28,6 @@
  */
 
 
-#ifdef ENABLE_CRYPTO
-
 #ifndef RELIABLE_H
 #define RELIABLE_H
 
@@ -476,4 +474,3 @@ void reliable_ack_debug_print(const struct reliable_ack *ack, char *desc);
 
 
 #endif /* RELIABLE_H */
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/session_id.c b/src/openvpn/session_id.c
index dce42e7f..bc3c42af 100644
--- a/src/openvpn/session_id.c
+++ b/src/openvpn/session_id.c
@@ -38,8 +38,6 @@
 
 #include "syshead.h"
 
-#ifdef ENABLE_CRYPTO
-
 #include "error.h"
 #include "common.h"
 #include "crypto.h"
@@ -60,10 +58,3 @@ session_id_print(const struct session_id *sid, struct gc_arena *gc)
 {
     return format_hex(sid->id, SID_SIZE, 0, gc);
 }
-
-#else  /* ifdef ENABLE_CRYPTO */
-static void
-dummy(void)
-{
-}
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/session_id.h b/src/openvpn/session_id.h
index 6611a3cb..df9167c3 100644
--- a/src/openvpn/session_id.h
+++ b/src/openvpn/session_id.h
@@ -29,8 +29,6 @@
  * negotiated).
  */
 
-#ifdef ENABLE_CRYPTO
-
 #ifndef SESSION_ID_H
 #define SESSION_ID_H
 
@@ -82,4 +80,3 @@ void session_id_random(struct session_id *sid);
 const char *session_id_print(const struct session_id *sid, struct gc_arena *gc);
 
 #endif /* SESSION_ID_H */
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 843bc393..d9439062 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -43,8 +43,6 @@
 #include "syshead.h"
 #include "win32.h"
 
-#if defined(ENABLE_CRYPTO)
-
 #include "error.h"
 #include "common.h"
 #include "socket.h"
@@ -235,7 +233,7 @@ static const tls_cipher_name_pair tls_cipher_name_translation_table[] = {
     {"SRP-RSA-3DES-EDE-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-3DES-EDE-CBC-SHA"},
     {"SRP-RSA-AES-128-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-128-CBC-SHA"},
     {"SRP-RSA-AES-256-CBC-SHA", "TLS-SRP-SHA-RSA-WITH-AES-256-CBC-SHA"},
-#ifdef ENABLE_CRYPTO_OPENSSL
+#ifdef CRYPTO_OPENSSL
     /* OpenSSL-specific group names */
     {"DEFAULT", "DEFAULT"},
     {"ALL", "ALL"},
@@ -716,7 +714,7 @@ init_ssl(const struct options *options, struct tls_root_ctx *new_ctx)
         tls_ctx_load_ecdh_params(new_ctx, options->ecdh_curve);
     }
 
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
     /* Personalise the random by mixing in the certificate */
     tls_ctx_personalise_random(new_ctx);
 #endif
@@ -4245,10 +4243,3 @@ delayed_auth_pass_purge(void)
     auth_user_pass.wait_for_push = false;
     purge_user_pass(&auth_user_pass, false);
 }
-
-#else  /* if defined(ENABLE_CRYPTO) */
-static void
-dummy(void)
-{
-}
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index 0e0f68fa..dd1ab0fd 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -29,8 +29,6 @@
 #ifndef OPENVPN_SSL_H
 #define OPENVPN_SSL_H
 
-#if defined(ENABLE_CRYPTO)
-
 #include "basic.h"
 #include "common.h"
 #include "crypto.h"
@@ -600,6 +598,4 @@ bool is_hard_reset(int op, int key_method);
 
 void delayed_auth_pass_purge(void);
 
-#endif /* ENABLE_CRYPTO */
-
 #endif /* ifndef OPENVPN_SSL_H */
diff --git a/src/openvpn/ssl_backend.h b/src/openvpn/ssl_backend.h
index f588110c..8e274b7b 100644
--- a/src/openvpn/ssl_backend.h
+++ b/src/openvpn/ssl_backend.h
@@ -32,12 +32,12 @@
 
 #include "buffer.h"
 
-#ifdef ENABLE_CRYPTO_OPENSSL
+#ifdef CRYPTO_OPENSSL
 #include "ssl_openssl.h"
 #include "ssl_verify_openssl.h"
 #define SSLAPI SSLAPI_OPENSSL
 #endif
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
 #include "ssl_mbedtls.h"
 #include "ssl_verify_mbedtls.h"
 #define SSLAPI SSLAPI_MBEDTLS
@@ -124,8 +124,6 @@ int tls_version_parse(const char *vstr, const char *extra);
  */
 int tls_version_max(void);
 
-#ifdef ENABLE_CRYPTO
-
 /**
  * Initialise a library-specific TLS context for a server.
  *
@@ -322,7 +320,7 @@ void tls_ctx_load_extra_certs(struct tls_root_ctx *ctx, const char *extra_certs_
                               const char *extra_certs_file_inline
                               );
 
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
 /**
  * Add a personalisation string to the mbed TLS RNG, based on the certificate
  * loaded into the given context.
@@ -539,5 +537,4 @@ void get_highest_preference_tls_cipher(char *buf, int size);
  */
 const char *get_ssl_library_version(void);
 
-#endif /* ENABLE_CRYPTO */
 #endif /* SSL_BACKEND_H_ */
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 09829ebb..47ed6a62 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -35,7 +35,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_MBEDTLS)
+#if defined(CRYPTO_MBEDTLS)
 
 #include "errlevel.h"
 #include "ssl_backend.h"
@@ -1395,4 +1395,4 @@ get_ssl_library_version(void)
     return mbedtls_version;
 }
 
-#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_MBEDTLS) */
+#endif /* defined(CRYPTO_MBEDTLS) */
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index b782946e..d3f77acb 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -34,7 +34,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL)
+#if defined(CRYPTO_OPENSSL)
 
 #include "errlevel.h"
 #include "buffer.h"
@@ -1617,13 +1617,13 @@ key_state_write_plaintext(struct key_state_ssl *ks_ssl, struct buffer *buf)
     int ret = 0;
     perf_push(PERF_BIO_WRITE_PLAINTEXT);
 
-#ifdef ENABLE_CRYPTO_OPENSSL
+#ifdef CRYPTO_OPENSSL
     ASSERT(NULL != ks_ssl);
 
     ret = bio_write(ks_ssl->ssl_bio, BPTR(buf), BLEN(buf),
                     "tls_write_plaintext");
     bio_write_post(ret, buf);
-#endif /* ENABLE_CRYPTO_OPENSSL */
+#endif /* CRYPTO_OPENSSL */
 
     perf_pop();
     return ret;
@@ -1874,4 +1874,4 @@ get_ssl_library_version(void)
     return SSLeay_version(SSLEAY_VERSION);
 }
 
-#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */
+#endif /* defined(CRYPTO_OPENSSL) */
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index de54fb74..06a8c0ba 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -34,8 +34,6 @@
 
 #include "syshead.h"
 
-#ifdef ENABLE_CRYPTO
-
 #include "misc.h"
 #include "manage.h"
 #include "otime.h"
@@ -43,7 +41,7 @@
 #include "ssl_verify.h"
 #include "ssl_verify_backend.h"
 
-#ifdef ENABLE_CRYPTO_OPENSSL
+#ifdef CRYPTO_OPENSSL
 #include "ssl_verify_openssl.h"
 #endif
 
@@ -1541,5 +1539,3 @@ tls_x509_clear_env(struct env_set *es)
         item = next;
     }
 }
-
-#endif /* ENABLE_CRYPTO */
diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
index f2d0d6ca..88622932 100644
--- a/src/openvpn/ssl_verify.h
+++ b/src/openvpn/ssl_verify.h
@@ -29,17 +29,15 @@
 #ifndef SSL_VERIFY_H_
 #define SSL_VERIFY_H_
 
-#ifdef ENABLE_CRYPTO
-
 #include "syshead.h"
 #include "misc.h"
 #include "ssl_common.h"
 
 /* Include OpenSSL-specific code */
-#ifdef ENABLE_CRYPTO_OPENSSL
+#ifdef CRYPTO_OPENSSL
 #include "ssl_verify_openssl.h"
 #endif
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
 #include "ssl_verify_mbedtls.h"
 #endif
 
@@ -243,6 +241,4 @@ tls_client_reason(struct tls_multi *multi)
 /** Remove any X509_ env variables from env_set es */
 void tls_x509_clear_env(struct env_set *es);
 
-#endif /* ENABLE_CRYPTO */
-
 #endif /* SSL_VERIFY_H_ */
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index 838c2176..5b8ef214 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -34,7 +34,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_MBEDTLS)
+#if defined(CRYPTO_MBEDTLS)
 
 #include "crypto_mbedtls.h"
 #include "ssl_verify.h"
@@ -550,4 +550,4 @@ tls_verify_crl_missing(const struct tls_options *opt)
     return false;
 }
 
-#endif /* #if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_MBEDTLS) */
+#endif /* #if defined(CRYPTO_MBEDTLS) */
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 2f3b10b9..123f4382 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -34,7 +34,7 @@
 
 #include "syshead.h"
 
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL)
+#if defined(CRYPTO_OPENSSL)
 
 #include "ssl_verify_openssl.h"
 
@@ -800,4 +800,4 @@ tls_verify_crl_missing(const struct tls_options *opt)
     return true;
 }
 
-#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */
+#endif /* defined(CRYPTO_OPENSSL) */
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index d9f5a34d..594ddf17 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -513,7 +513,7 @@ socket_defined(const socket_descriptor_t sd)
  * Do we have point-to-multipoint capability?
  */
 
-#if defined(ENABLE_CRYPTO) && defined(HAVE_GETTIMEOFDAY_NANOSECONDS)
+#if defined(HAVE_GETTIMEOFDAY_NANOSECONDS)
 #define P2MP 1
 #else
 #define P2MP 0
@@ -550,14 +550,14 @@ socket_defined(const socket_descriptor_t sd)
 /*
  * Enable external private key
  */
-#if defined(ENABLE_MANAGEMENT) && defined(ENABLE_CRYPTO)
+#if defined(ENABLE_MANAGEMENT)
 #define MANAGMENT_EXTERNAL_KEY
 #endif
 
 /* Enable mbed TLS RNG prediction resistance support */
-#ifdef ENABLE_CRYPTO_MBEDTLS
+#ifdef CRYPTO_MBEDTLS
 #define ENABLE_PREDICTION_RESISTANCE
-#endif /* ENABLE_CRYPTO_MBEDTLS */
+#endif /* CRYPTO_MBEDTLS */
 
 /*
  * MANAGEMENT_IN_EXTRA allows the management interface to
@@ -597,25 +597,17 @@ socket_defined(const socket_descriptor_t sd)
 /*
  * Should we include NTLM proxy functionality
  */
-#if defined(ENABLE_CRYPTO)
 #define NTLM 1
-#else
-#define NTLM 0
-#endif
 
 /*
  * Should we include proxy digest auth functionality
  */
-#if defined(ENABLE_CRYPTO)
 #define PROXY_DIGEST_AUTH 1
-#else
-#define PROXY_DIGEST_AUTH 0
-#endif
 
 /*
  * Do we have CryptoAPI capability?
  */
-#if defined(_WIN32) && defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL)
+#if defined(_WIN32) && defined(CRYPTO_OPENSSL)
 #define ENABLE_CRYPTOAPI
 #endif
 
@@ -684,9 +676,7 @@ socket_defined(const socket_descriptor_t sd)
 /*
  * Do we support pushing peer info?
  */
-#if defined(ENABLE_CRYPTO)
 #define ENABLE_PUSH_PEER_INFO
-#endif
 
 /*
  * Compression support
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 403060de..d9c67c38 100644
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -29,7 +29,6 @@
 
 #include "syshead.h"
 
-#ifdef ENABLE_CRYPTO
 #include "crypto.h"
 #include "session_id.h"
 
@@ -265,5 +264,3 @@ error_exit:
     gc_free(&gc);
     return false;
 }
-
-#endif /* EMABLE_CRYPTO */
diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h
index 4071ac94..e8080df9 100644
--- a/src/openvpn/tls_crypt.h
+++ b/src/openvpn/tls_crypt.h
@@ -74,8 +74,6 @@
 #ifndef TLSCRYPT_H
 #define TLSCRYPT_H
 
-#ifdef ENABLE_CRYPTO
-
 #include "buffer.h"
 #include "crypto.h"
 #include "session_id.h"
@@ -142,6 +140,4 @@ bool tls_crypt_unwrap(const struct buffer *src, struct buffer *dst,
 
 /** @} */
 
-#endif /* ENABLE_CRYPTO */
-
 #endif /* TLSCRYPT_H */
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 0b32058b..53313de4 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -15,7 +15,7 @@ MAINTAINERCLEANFILES = \
 SUBDIRS = unit_tests
 
 test_scripts = t_client.sh
-#test_scripts += t_lpback.sh t_cltsrv.sh
+test_scripts += t_lpback.sh t_cltsrv.sh
 
 TESTS_ENVIRONMENT = top_srcdir="$(top_srcdir)"
 TESTS = $(test_scripts)
diff --git a/tests/unit_tests/openvpn/Makefile.am b/tests/unit_tests/openvpn/Makefile.am
index 055aa49d..23d758b7 100644
--- a/tests/unit_tests/openvpn/Makefile.am
+++ b/tests/unit_tests/openvpn/Makefile.am
@@ -6,7 +6,7 @@ if HAVE_LD_WRAP_SUPPORT
 check_PROGRAMS += argv_testdriver buffer_testdriver
 endif
 
-#check_PROGRAMS += packet_id_testdriver tls_crypt_testdriver
+check_PROGRAMS += packet_id_testdriver tls_crypt_testdriver
 
 TESTS = $(check_PROGRAMS)
 
diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c
index 0a6a08fa..7e56f77f 100644
--- a/tests/unit_tests/openvpn/test_tls_crypt.c
+++ b/tests/unit_tests/openvpn/test_tls_crypt.c
@@ -27,8 +27,6 @@
 #include "config-msvc.h"
 #endif
 
-#ifdef ENABLE_CRYPTO
-
 #include "syshead.h"
 
 #include <stdio.h>
@@ -256,17 +254,15 @@ main(void) {
                                         setup, teardown),
     };
 
-#if defined(ENABLE_CRYPTO_OPENSSL)
+#if defined(CRYPTO_OPENSSL)
     OpenSSL_add_all_algorithms();
 #endif
 
     int ret = cmocka_run_group_tests_name("tls-crypt tests", tests, NULL, NULL);
 
-#if defined(ENABLE_CRYPTO_OPENSSL)
+#if defined(CRYPTO_OPENSSL)
     EVP_cleanup();
 #endif
 
     return ret;
 }
-
-#endif /* ENABLE_CRYPTO */

From patchwork Sat Dec  2 02:45:37 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 108
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director2.mail.ord1d.rsapps.net ([172.30.191.6])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 q/U5I/SuIlq6FwAAgoeIoA
	for <patchwork@openvpn.net>; Sat, 02 Dec 2017 08:47:32 -0500
Received: from proxy8.mail.ord1d.rsapps.net ([172.30.191.6])
	by director2.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 V1a6AfSuIlrMCQAAgYhSiA
	; Sat, 02 Dec 2017 08:47:32 -0500
Received: from smtp41.gate.ord1c ([172.30.191.6])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy8.mail.ord1d.rsapps.net (Dovecot) with LMTP id 890eE/SuIlp7ZAAAGdz6CA
	; Sat, 02 Dec 2017 08:47:32 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp41.gate.ord1c.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 585f23fc-d767-11e7-9622-b8ca3a5bd12c-1-1
Received: from [216.34.181.88] ([216.34.181.88:47007]
 helo=lists.sourceforge.net)
	by smtp41.gate.ord1c.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 4D/26-27263-4FEA22A5; Sat, 02 Dec 2017 08:47:32 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eL881-0002b2-Mn; Sat, 02 Dec 2017 13:46:49 +0000
Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192]
 helo=mx.sourceforge.net)
 by sfs-ml-4.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eL880-0002aw-Du
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:48 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=raN2oUNOBQ0bBofyLEAl71B1mUZL0P1sFSfTBUHk1j0=; b=A0/5YMyHnTFRr1GT0ikbj9FYXf
 PKblGKI61s7IxBCQSN47bldG4M+ZeDQsn3rdFT15P+tqtluhEV3JWHMYgljotISm80teHyvSPsh/v
 oVwIeXllryQ9ezLL3TGcORSQKlBu01kkXkqXnoXJCw5+OCnGX0HaUKfW1aJRdPmLqxio=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=raN2oUNOBQ0bBofyLEAl71B1mUZL0P1sFSfTBUHk1j0=; b=TRXni94GGRFzyGxy+vhURagkyX
 2fZjyVUlDV8zdHdhwqAV5dDu/kdVQjgftSZdUr8AAu+Me4Lwe1qzDbClgBt1jzZAU4YhktsouYdsR
 BDgkHZLKFFBbFAISaI8PzzWWZUWFUY4sB350m9Z9yTSzm5UDltlwKwFgVkLqgzAH4GnM=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-2.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eL87z-0003C9-Gu
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:48 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  2 Dec 2017 21:45:37 +0800
Message-Id: <20171202134541.7688-3-a@unstable.cc>
In-Reply-To: <20171202134541.7688-1-a@unstable.cc>
References: <20171202134541.7688-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eL87z-0003C9-Gu
Subject: [Openvpn-devel] [PATCH 3/7] Remove ENABLE_PUSH_PEER_INFO
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

ENABLE_PUSH_PEER_INFO depended on ENABLE_CRYPTO that now does
not exist anymore.
Get rid of ENABLE_PUSH_PEER_INFO by assuming that it is always
enabled and simplify the code.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
---
 src/openvpn/init.c       |  2 --
 src/openvpn/options.c    | 10 ----------
 src/openvpn/options.h    |  2 --
 src/openvpn/ssl.c        |  2 --
 src/openvpn/ssl_common.h |  2 --
 src/openvpn/syshead.h    |  5 -----
 6 files changed, 23 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index bfc80ebf..e013e9ca 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2686,7 +2686,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
     to.single_session = options->single_session;
     to.mode = options->mode;
     to.pull = options->pull;
-#ifdef ENABLE_PUSH_PEER_INFO
     if (options->push_peer_info)        /* all there is */
     {
         to.push_peer_info_detail = 2;
@@ -2699,7 +2698,6 @@ do_init_crypto_tls(struct context *c, const unsigned int flags)
     {
         to.push_peer_info_detail = 0;
     }
-#endif
 
     /* should we not xmit any packets until we get an initial
      * response from client? */
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 49afb4e4..9d9798f7 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -225,9 +225,7 @@ static const char usage_message[] =
     "--redirect-private [flags]: Like --redirect-gateway, but omit actually changing\n"
     "                  the default gateway.  Useful when pushing private subnets.\n"
     "--client-nat snat|dnat network netmask alias : on client add 1-to-1 NAT rule.\n"
-#ifdef ENABLE_PUSH_PEER_INFO
     "--push-peer-info : (client only) push client info to server.\n"
-#endif
     "--setenv name value : Set a custom environmental variable to pass to script.\n"
     "--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow\n"
     "                  directives for future OpenVPN versions to be ignored.\n"
@@ -1772,9 +1770,7 @@ show_settings(const struct options *o)
     SHOW_INT(transition_window);
 
     SHOW_BOOL(single_session);
-#ifdef ENABLE_PUSH_PEER_INFO
     SHOW_BOOL(push_peer_info);
-#endif
     SHOW_BOOL(tls_exit);
 
     SHOW_STR(tls_auth_file);
@@ -2732,9 +2728,7 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
         MUST_BE_UNDEF(tls_auth_file);
         MUST_BE_UNDEF(tls_crypt_file);
         MUST_BE_UNDEF(single_session);
-#ifdef ENABLE_PUSH_PEER_INFO
         MUST_BE_UNDEF(push_peer_info);
-#endif
         MUST_BE_UNDEF(tls_exit);
         MUST_BE_UNDEF(crl_file);
         MUST_BE_UNDEF(key_method);
@@ -6344,12 +6338,10 @@ add_option(struct options *options,
             msg(msglevel, "this is a generic configuration and cannot directly be used");
             goto err;
         }
-#ifdef ENABLE_PUSH_PEER_INFO
         else if (streq(p[1], "PUSH_PEER_INFO") && !p[2])
         {
             options->push_peer_info = true;
         }
-#endif
         else if (streq(p[1], "SERVER_POLL_TIMEOUT") && p[2])
         {
             options->ce.connect_timeout = positive_atoi(p[2]);
@@ -7778,13 +7770,11 @@ add_option(struct options *options,
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->single_session = true;
     }
-#ifdef ENABLE_PUSH_PEER_INFO
     else if (streq(p[0], "push-peer-info") && !p[1])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
         options->push_peer_info = true;
     }
-#endif
     else if (streq(p[0], "tls-exit") && !p[1])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index d7b46219..6d7fcc08 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -569,9 +569,7 @@ struct options
     /* Allow only one session */
     bool single_session;
 
-#ifdef ENABLE_PUSH_PEER_INFO
     bool push_peer_info;
-#endif
 
     bool tls_exit;
 
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index d9439062..a95ef7e2 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -2235,7 +2235,6 @@ push_peer_info(struct buffer *buf, struct tls_session *session)
     struct gc_arena gc = gc_new();
     bool ret = false;
 
-#ifdef ENABLE_PUSH_PEER_INFO
     if (session->opt->push_peer_info_detail > 0)
     {
         struct env_set *es = session->opt->es;
@@ -2316,7 +2315,6 @@ push_peer_info(struct buffer *buf, struct tls_session *session)
         }
     }
     else
-#endif /* ifdef ENABLE_PUSH_PEER_INFO */
     {
         if (!write_empty_string(buf)) /* no peer info */
         {
diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
index 25bffd5b..60ed5f8a 100644
--- a/src/openvpn/ssl_common.h
+++ b/src/openvpn/ssl_common.h
@@ -249,9 +249,7 @@ struct tls_options
 #endif
     int mode;
     bool pull;
-#ifdef ENABLE_PUSH_PEER_INFO
     int push_peer_info_detail;
-#endif
     int transition_window;
     int handshake_window;
     interval_t packet_timeout;
diff --git a/src/openvpn/syshead.h b/src/openvpn/syshead.h
index 594ddf17..83904af9 100644
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -673,11 +673,6 @@ socket_defined(const socket_descriptor_t sd)
 #define ENABLE_CLIENT_CR
 #endif
 
-/*
- * Do we support pushing peer info?
- */
-#define ENABLE_PUSH_PEER_INFO
-
 /*
  * Compression support
  */

From patchwork Sat Dec  2 02:45:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 109
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director5.mail.ord1d.rsapps.net ([172.27.255.51])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 +8Q5DgKvIlq6FwAAgoeIoA
	for <patchwork@openvpn.net>; Sat, 02 Dec 2017 08:47:46 -0500
Received: from proxy15.mail.iad3a.rsapps.net ([172.27.255.51])
	by director5.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 /XoiBgKvIlqjDQAAsdCWiw
	; Sat, 02 Dec 2017 08:47:46 -0500
Received: from smtp23.gate.iad3a ([172.27.255.51])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy15.mail.iad3a.rsapps.net (Dovecot) with LMTP id
 mTY8BAKvIlpJRQAAHi9b9g
	; Sat, 02 Dec 2017 08:47:46 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp23.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 604dbd1c-d767-11e7-9c2d-bc305bf48fd8-1-1
Received: from [216.34.181.88] ([216.34.181.88:59999]
 helo=lists.sourceforge.net)
	by smtp23.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id FC/B0-31381-10FA22A5; Sat, 02 Dec 2017 08:47:45 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eL883-0002bT-P7; Sat, 02 Dec 2017 13:46:51 +0000
Received: from sfi-mx-3.v28.ch3.sourceforge.com ([172.29.28.193]
 helo=mx.sourceforge.net)
 by sfs-ml-4.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eL882-0002bJ-HA
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:50 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=sRhFrU4rHb75KDEZyiPz/DYBI7gX1btNawq/DqVeBh0=; b=f0lyHRouIyfTN/hdfaCEHj9EuM
 ORHSQz7/G7MKJxxFVggIVhLlJldV4FBivzeFG+4as5odyZiIXpmB98sg3n+zBsBp0U6RFtFhj8qeS
 9H+noV1tizyGWkv9syIwLDiqkEX2qjJavggpsPzgrCLjpSm1HYoivVH1nL6LDcspcSYA=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=sRhFrU4rHb75KDEZyiPz/DYBI7gX1btNawq/DqVeBh0=; b=EIE+RFuMJq5thUAad672XJ9/RF
 WCqucZ+EqxJEr4rwgMnsEPx5J4L1pKuZFAL6cPD7M59s+P6KH+ju8xDx+vPKwz8uOats+4l3bIE8v
 +TPvxoOE70Vuwo4jOBclGqRtcLV28+38bAyReIAoTeX9eo1EE5kZJkGIlQz85Lnkq9rI=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-3.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eL881-0005bX-LM
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:50 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  2 Dec 2017 21:45:38 +0800
Message-Id: <20171202134541.7688-4-a@unstable.cc>
In-Reply-To: <20171202134541.7688-1-a@unstable.cc>
References: <20171202134541.7688-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eL881-0005bX-LM
Subject: [Openvpn-devel] [PATCH 4/7] Remove SSL_LIB_VER_STR
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

SSL_LIB_VER_STR made sense only when ENABLE_CRYPTO also
existed. It can now be removed and thus simplify the code.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
---
 src/openvpn/options.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 9d9798f7..3f9ca710 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -4087,16 +4087,15 @@ show_windows_version(const unsigned int flags)
 void
 show_library_versions(const unsigned int flags)
 {
-#define SSL_LIB_VER_STR get_ssl_library_version()
 #ifdef ENABLE_LZO
 #define LZO_LIB_VER_STR ", LZO ", lzo_version_string()
 #else
 #define LZO_LIB_VER_STR "", ""
 #endif
 
-    msg(flags, "library versions: %s%s%s", SSL_LIB_VER_STR, LZO_LIB_VER_STR);
+    msg(flags, "library versions: %s%s%s", get_ssl_library_version(),
+        LZO_LIB_VER_STR);
 
-#undef SSL_LIB_VER_STR
 #undef LZO_LIB_VER_STR
 }
 

From patchwork Sat Dec  2 02:45:39 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 110
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director4.mail.ord1d.rsapps.net ([172.27.255.56])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 IwLdAASvIlqeDAAAgoeIoA
	for <patchwork@openvpn.net>; Sat, 02 Dec 2017 08:47:48 -0500
Received: from proxy14.mail.iad3a.rsapps.net ([172.27.255.56])
	by director4.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 XUhWGQOvIlqyRAAAHDmxtw
	; Sat, 02 Dec 2017 08:47:48 -0500
Received: from smtp50.gate.iad3a ([172.27.255.56])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy14.mail.iad3a.rsapps.net (Dovecot) with LMTP id
 Wx5yIQOvIlpRAgAA1+b4IQ
	; Sat, 02 Dec 2017 08:47:47 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp50.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 612d3a14-d767-11e7-9655-525400c2fb51-1-1
Received: from [216.34.181.88] ([216.34.181.88:38160]
 helo=lists.sourceforge.net)
	by smtp50.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id B8/A6-16690-30FA22A5; Sat, 02 Dec 2017 08:47:47 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-4.v29.ch3.sourceforge.com)
	by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eL884-0002bu-Rv; Sat, 02 Dec 2017 13:46:52 +0000
Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192]
 helo=mx.sourceforge.net)
 by sfs-ml-4.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eL884-0002bi-95
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=tKQpPUcA75AlsQrSdYX8EoX0elfBsdWrajymuFKwYgU=; b=jP4cDDeR9aePSfqI5ko3PT78O1
 tYjLmorsFLN+KkGXCdr4azy+DRUn59f8BuHWB73mIJ3hWDtDhLtnB/aNhf2Xm9FqTmaN1j57bdwAO
 T52fCV2mOvNY3tEsqHS9iHl/DDLPmj34qKaOK84jzwANJFTH8j1VSabthUzoxCtyHfzw=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=tKQpPUcA75AlsQrSdYX8EoX0elfBsdWrajymuFKwYgU=; b=bwl7xgWX3fjDb4IH1wV5kpTanj
 A84qgrJd48cqXUF+DVrCtFxan/Cl9VvruTeSbnxRW/qgzX+q4Eja8KeoVXbfj7zTw0wP4WwzBzB5Q
 l7pJ0lL5MIIB1HgQvwmzgIJsn+5RO6ahRl//KuWJkpcuxOVo2bZgvhdNvK43hq4u8mU0=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-2.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eL883-0003CJ-Dt
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:52 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  2 Dec 2017 21:45:39 +0800
Message-Id: <20171202134541.7688-5-a@unstable.cc>
In-Reply-To: <20171202134541.7688-1-a@unstable.cc>
References: <20171202134541.7688-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eL883-0003CJ-Dt
Subject: [Openvpn-devel] [PATCH 5/7] Remove CIPHER_ENABLED
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Now that ENABLE_CRYPTO has been removed, CIPHER_ENABLED is basically
a useless shortcut which does not really help the readability of the
code.

Remove it and use its expanded expression instead.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
---
 src/openvpn/init.c    | 4 ++--
 src/openvpn/openvpn.h | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index e013e9ca..f8034ec7 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2379,7 +2379,7 @@ frame_finalize_options(struct context *c, const struct options *o)
      * Set adjustment factor for buffer alignment when no
      * cipher is used.
      */
-    if (!CIPHER_ENABLED(c))
+    if (!c->c1.ks.key_type.cipher)
     {
         frame_align_to_extra_frame(&c->c2.frame);
         frame_or_align_flags(&c->c2.frame,
@@ -2904,7 +2904,7 @@ do_init_frame(struct context *c)
          * flexible enough for this, since the frame is already established
          * before it is known which compression options will be pushed.
          */
-        if (comp_unswapped_prefix(&c->options.comp) && CIPHER_ENABLED(c))
+        if (comp_unswapped_prefix(&c->options.comp) && c->c1.ks.key_type.cipher)
         {
             frame_add_to_align_adjust(&c->c2.frame, COMP_PREFIX_LEN);
             frame_or_align_flags(&c->c2.frame,
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index fb8ff1a4..d843c913 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -565,8 +565,6 @@ struct context
                                           gc)
 #define MD5SUM(buf, len, gc) md5sum((buf), (len), 0, (gc))
 
-#define CIPHER_ENABLED(c) (c->c1.ks.key_type.cipher != NULL)
-
 /* this represents "disabled peer-id" */
 #define MAX_PEER_ID 0xFFFFFF
 

From patchwork Sat Dec  2 02:45:40 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 111
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director4.mail.ord1d.rsapps.net ([172.27.255.52])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 RHVPAx+vIlqeDAAAgoeIoA
	for <patchwork@openvpn.net>; Sat, 02 Dec 2017 08:48:15 -0500
Received: from proxy17.mail.iad3a.rsapps.net ([172.27.255.52])
	by director4.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 Gy78IR+vIlqyRAAAHDmxtw
	; Sat, 02 Dec 2017 08:48:15 -0500
Received: from smtp49.gate.iad3a ([172.27.255.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy17.mail.iad3a.rsapps.net (Dovecot) with LMTP id
 K8jsHR+vIlpLXAAAR4KW9A
	; Sat, 02 Dec 2017 08:48:15 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp49.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 71df6a3a-d767-11e7-b9e4-525400fffce0-1-1
Received: from [216.34.181.88] ([216.34.181.88:16868]
 helo=lists.sourceforge.net)
	by smtp49.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 15/F4-26030-F1FA22A5; Sat, 02 Dec 2017 08:48:15 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eL886-0005CN-5Y; Sat, 02 Dec 2017 13:46:54 +0000
Received: from sfi-mx-4.v28.ch3.sourceforge.com ([172.29.28.194]
 helo=mx.sourceforge.net)
 by sfs-ml-1.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eL885-0005C7-95
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:53 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=j1KK4pgwMaCUXhwMkDyHr1JAAc1q3HKOfrC9nWbyRhU=; b=bCjwNezF42z2THlfdWewXOyHMb
 WWRuDka//SgLuntqfU1xRwkmIdMZ977XhCID4y7XeLV1gE+kNOZFtgY2I2cOjxC1c5rcLIrVMu8db
 07rAIrTvZ0TCyxE7pvjpCIrugDcGvc4+zYYTWqBXCDbBbIV2kKRYN7lElk68WCWJJ0NM=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=j1KK4pgwMaCUXhwMkDyHr1JAAc1q3HKOfrC9nWbyRhU=; b=QBwH9uUpUdhrWFGVxdYCCvMmIa
 HOubtfy9Vwm8DomHQz9gQafHQRxpL6s9jqbvsErCSiHGRAKLyLNRsIc6v89CuSu73GeGrOPNR050W
 PrKSqEXBYBjqxRFJHVIuQDWCZjhSeQMo5CqwBMAQGxKjKrLQZ7+c0ngTHscNPF00u1Fc=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-4.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eL884-0006uS-6l
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:53 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  2 Dec 2017 21:45:40 +0800
Message-Id: <20171202134541.7688-6-a@unstable.cc>
In-Reply-To: <20171202134541.7688-1-a@unstable.cc>
References: <20171202134541.7688-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eL884-0006uS-6l
Subject: [Openvpn-devel] [PATCH 6/7] Remove MD5SUM
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Apparently the MS5SUM macro is not used anywhere.
Remove it.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Steffan Karger <steffan@karger.me>
---
 src/openvpn/openvpn.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index d843c913..fe8324ab 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -563,7 +563,6 @@ struct context
                                           |(c->c2.tls_multi ? PD_TLS : 0)   \
                                           |(c->options.tls_auth_file ? c->c1.ks.key_type.hmac_length : 0), \
                                           gc)
-#define MD5SUM(buf, len, gc) md5sum((buf), (len), 0, (gc))
 
 /* this represents "disabled peer-id" */
 #define MAX_PEER_ID 0xFFFFFF

From patchwork Sat Dec  2 02:45:41 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Antonio Quartulli <a@unstable.cc>
X-Patchwork-Id: 112
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Delivered-To: patchwork@openvpn.net
Received: from director1.mail.ord1d.rsapps.net ([172.27.255.58])
	by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 g0GvAi+vIlqeDAAAgoeIoA
	for <patchwork@openvpn.net>; Sat, 02 Dec 2017 08:48:31 -0500
Received: from proxy8.mail.iad3a.rsapps.net ([172.27.255.58])
	by director1.mail.ord1d.rsapps.net (Dovecot) with LMTP id
 b8oXBC6vIlocPQAANGzteQ
	; Sat, 02 Dec 2017 08:48:31 -0500
Received: from smtp10.gate.iad3a ([172.27.255.58])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by proxy8.mail.iad3a.rsapps.net (Dovecot) with LMTP id xzWmHS6vIlpVFQAAsBr/qg
	; Sat, 02 Dec 2017 08:48:30 -0500
X-Spam-Threshold: 95
X-Spam-Score: 0
X-Spam-Flag: NO
X-Virus-Scanned: OK
X-Orig-To: openvpnslackdevel@openvpn.net
X-Originating-Ip: [216.34.181.88]
Authentication-Results: smtp10.gate.iad3a.rsapps.net;
 iprev=pass policy.iprev="216.34.181.88";
 spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net"
 smtp.helo="lists.sourceforge.net";
 dkim=fail (signature verification failed) header.d=sourceforge.net;
 dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil;
 dis=none) header.from=unstable.cc
X-Classification-ID: 7b05a200-d767-11e7-8db0-bc305bf62ab8-1-1
Received: from [216.34.181.88] ([216.34.181.88:16910]
 helo=lists.sourceforge.net)
	by smtp10.gate.iad3a.rsapps.net (envelope-from
 <openvpn-devel-bounces@lists.sourceforge.net>)
	(ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS
 (cipher=DHE-RSA-AES256-GCM-SHA384)
	id 6F/AE-14831-E2FA22A5; Sat, 02 Dec 2017 08:48:30 -0500
Received: from localhost ([127.0.0.1] helo=sfs-ml-1.v29.ch3.sourceforge.com)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.89)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1eL887-0005Cu-BF; Sat, 02 Dec 2017 13:46:55 +0000
Received: from sfi-mx-2.v28.ch3.sourceforge.com ([172.29.28.192]
 helo=mx.sourceforge.net)
 by sfs-ml-1.v29.ch3.sourceforge.com with esmtps
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 (envelope-from <a@unstable.cc>) id 1eL886-0005Cj-RO
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:
 To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=pI3aF3qfsQ8JLbM5XNg3p8ZCKdPz98gwlYnWQXtMTCM=; b=c55nBDzjQA5Kdv3uiM4lVTp5dW
 e49yPOjIT0kDRsaXPpQOUnJZZLcx8cHww7Eacp1IuGFBgLVqDUEYDKJzuaR49cKvcgXZzDoR6Bo1a
 g/TDMCoifUL5359RLf8/b2y4Und2Y165o3ycdQwDgR8igDlE0Wqfocep1ERLryeYhtFA=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To
 :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=pI3aF3qfsQ8JLbM5XNg3p8ZCKdPz98gwlYnWQXtMTCM=; b=iaysidYeQYGoJPEzG4pyTapKZd
 szWdYPmWB830v69zOWLrVaLYnCTuF8mPrjP3apNBYcIA48K7q2/6XR5KDs80VOgAdcJps5wsGhDbF
 2THNRVFVXOdosdg2MckacArpM+6ivVebKuuSLFd5GcVhPU0dv9jcQHqHRsr7T6E3eaPg=;
Received: from s2.neomailbox.net ([5.148.176.60])
 by sfi-mx-2.v28.ch3.sourceforge.com with esmtps
 (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
 id 1eL886-0003CV-0i
 for openvpn-devel@lists.sourceforge.net; Sat, 02 Dec 2017 13:46:54 +0000
From: Antonio Quartulli <a@unstable.cc>
To: openvpn-devel@lists.sourceforge.net
Date: Sat,  2 Dec 2017 21:45:41 +0800
Message-Id: <20171202134541.7688-7-a@unstable.cc>
In-Reply-To: <20171202134541.7688-1-a@unstable.cc>
References: <20171202134541.7688-1-a@unstable.cc>
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
 See http://spamassassin.org/tag/ for more details.
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [5.148.176.60 listed in list.dnswl.org]
 -0.0 AWL AWL: Adjusted score from AWL reputation of From: address
X-Headers-End: 1eL886-0003CV-0i
Subject: [Openvpn-devel] [PATCH 7/7] Remove TLS_MODE
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Antonio Quartulli <a@unstable.cc>
MIME-Version: 1.0
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox

Now that ENABLE_CRYPTO has been removed, TLS_MODE is basically
a useless shortcut which does not really help the readability of the
code.

Remove it and use its expanded expression instead.

Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
 src/openvpn/forward.c | 2 +-
 src/openvpn/init.c    | 2 +-
 src/openvpn/occ.c     | 3 ++-
 src/openvpn/openvpn.h | 1 -
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 9bf9483e..85ec71ae 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -948,7 +948,7 @@ process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, con
          *
          * Also, update the persisted version of our packet-id.
          */
-        if (!TLS_MODE(c))
+        if (!c->c2.tls_multi)
         {
             link_socket_set_outgoing_addr(&c->c2.buf, lsi, &c->c2.from, NULL, c->c2.es);
         }
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index f8034ec7..7fe50628 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -1306,7 +1306,7 @@ do_init_timers(struct context *c, bool deferred)
         /* initialize occ timers */
 
         if (c->options.occ
-            && !TLS_MODE(c)
+            && !c->c2.tls_multi
             && c->c2.options_string_local && c->c2.options_string_remote)
         {
             event_timeout_init(&c->c2.occ_interval, OCC_INTERVAL_SECONDS, now);
diff --git a/src/openvpn/occ.c b/src/openvpn/occ.c
index 40f7e768..8434920c 100644
--- a/src/openvpn/occ.c
+++ b/src/openvpn/occ.c
@@ -378,7 +378,8 @@ process_received_occ_msg(struct context *c)
 
         case OCC_REPLY:
             dmsg(D_PACKET_CONTENT, "RECEIVED OCC_REPLY");
-            if (c->options.occ && !TLS_MODE(c) && c->c2.options_string_remote)
+            if (c->options.occ && !c->c2.tls_multi
+                && c->c2.options_string_remote)
             {
                 if (!options_cmp_equal_safe((char *) BPTR(&c->c2.buf),
                                             c->c2.options_string_remote,
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index fe8324ab..b36ca319 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -556,7 +556,6 @@ struct context
  * have been compiled in.
  */
 
-#define TLS_MODE(c) ((c)->c2.tls_multi != NULL)
 #define PROTO_DUMP_FLAGS (check_debug_level(D_LINK_RW_VERBOSE) ? (PD_SHOW_DATA|PD_VERBOSE) : 0)
 #define PROTO_DUMP(buf, gc) protocol_dump((buf), \
                                           PROTO_DUMP_FLAGS   \