From 71d89065ad56dda19996deeeffeddcea632b8349 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Sun, 6 Mar 2016 13:09:50 +0100
Subject: [PATCH] Only include aead encrypt/decrypt functions if AEAD modes are
 supported

This fixes the build for OpenSSL < 1.0.1 (broken by commit 3654d953),
which has no AEAD support.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1457266190-27228-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11325
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/crypto.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 269ec4b53..f15ac3511 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -86,6 +86,7 @@ memcmp_constant_time (const void *a, const void *b, size_t size) {
 static void
 openvpn_encrypt_aead (struct buffer *buf, struct buffer work,
 	 struct crypto_options *opt) {
+#ifdef HAVE_AEAD_CIPHER_MODES
   struct gc_arena gc;
   int outlen = 0;
   const struct key_ctx *ctx = &opt->key_ctx_bi.encrypt;
@@ -173,6 +174,9 @@ err:
   crypto_clear_error();
   buf->len = 0;
   goto cleanup;
+#else /* HAVE_AEAD_CIPHER_MODES */
+  ASSERT (0);
+#endif
 }
 
 static void
@@ -385,6 +389,7 @@ openvpn_decrypt_aead (struct buffer *buf, struct buffer work,
     struct crypto_options *opt, const struct frame* frame,
     const uint8_t *ad_start)
 {
+#ifdef HAVE_AEAD_CIPHER_MODES
   static const char error_prefix[] = "AEAD Decrypt error";
   struct packet_id_net pin = { 0 };
   const struct key_ctx *ctx = &opt->key_ctx_bi.decrypt;
@@ -511,6 +516,10 @@ openvpn_decrypt_aead (struct buffer *buf, struct buffer work,
   buf->len = 0;
   gc_free (&gc);
   return false;
+#else /* HAVE_AEAD_CIPHER_MODES */
+  ASSERT (0);
+  return false;
+#endif
 }
 
 /*
-- 
2.47.2