--- gvpe/configure	2013/07/13 04:10:29	1.51
+++ gvpe/configure	2013/07/16 16:44:36	1.52
@@ -769,12 +769,14 @@
 enable_tcp
 enable_http_proxy
 enable_dns
+enable_rsa_length
 enable_hmac_length
 enable_rand_length
 enable_max_mtu
 enable_compression
 enable_cipher
 enable_digest
+enable_auth_digest
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1430,6 +1432,9 @@
   --disable-http-proxy    enable http proxy connect support (default enabled).
   --enable-dns            enable dns tunnel protocol support (default
                           disabled).
+  --enable-rsa-length=BITS
+                          use BITS rsa keys (default 3072). Allowed values are
+                          1536-10240.
   --enable-hmac-length=BYTES
                           use a hmac of length BYTES bytes (default 12).
                           Allowed values are 4, 8, 12, 16.
@@ -1441,11 +1446,14 @@
   --disable-compression   Disable compression support.
   --enable-cipher=CIPHER  Select the symmetric cipher (default "aes-128").
                           Must be one of "bf" (blowfish), "aes-128"
-                          (rijndael), "aes-192" or "aes-256".
-  --enable-digest=CIPHER  Select the digest algorithm to use (default
-                          "ripemd160"). Must be one of "sha512", "sha256",
-                          "sha1" (somewhat insecure), "ripemd160", "md5"
-                          (insecure) or "md4" (insecure).
+                          (rijndael), "aes-192", "aes-256", "camellia-128" or
+                          "camellia-256".
+  --enable-digest=DIGEST  Select the digest algorithm to use (default "sha1").
+                          Must be one of "sha512", "sha256", "sha1",
+                          "ripemd160", "whirlpool".
+  --enable-auth-digest=DIGEST
+                          Select the hmac algorithm to use (default "sha512").
+                          Must be one of "sha512", "sha256", "whirlpool".
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -3201,7 +3209,7 @@
 
 # Define the identity of the package.
  PACKAGE=gvpe
- VERSION=2.24
+ VERSION=2.25
 
 
 cat >>confdefs.h <<_ACEOF
@@ -8587,6 +8595,19 @@
 fi
 
 
+RSA=3072
+# Check whether --enable-rsa-length was given.
+if test "${enable_rsa_length+set}" = set; then :
+  enableval=$enable_rsa_length; RSA=$enableval
+
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define RSABITS $RSA
+_ACEOF
+
+
 HMAC=12
 # Check whether --enable-hmac-length was given.
 if test "${enable_hmac_length+set}" = set; then :
@@ -8644,10 +8665,12 @@
 CIPHER=aes_128_cbc
 # Check whether --enable-cipher was given.
 if test "${enable_cipher+set}" = set; then :
-  enableval=$enable_cipher; if test "x$enableval" = xbf     ; then CIPHER=bf_cbc     ; fi
-  if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi
-  if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi
-  if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi
+  enableval=$enable_cipher; if test "x$enableval" = xbf          ; then CIPHER=bf_cbc          ; fi
+  if test "x$enableval" = xaes-128     ; then CIPHER=aes_128_cbc     ; fi
+  if test "x$enableval" = xaes-192     ; then CIPHER=aes_192_cbc     ; fi
+  if test "x$enableval" = xaes-256     ; then CIPHER=aes_256_cbc     ; fi
+  if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi
+  if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi
 
 fi
 
@@ -8657,15 +8680,14 @@
 _ACEOF
 
 
-DIGEST=ripemd160
+DIGEST=sha1
 # Check whether --enable-digest was given.
 if test "${enable_digest+set}" = set; then :
-  enableval=$enable_digest; if test "x$enableval" = xsha512   ; then DIGEST=sha512   ; fi
+  enableval=$enable_digest; if test "x$enableval" = xwhirlpool; then DIGEST=whirlpool; fi
+  if test "x$enableval" = xsha512   ; then DIGEST=sha512   ; fi
   if test "x$enableval" = xsha256   ; then DIGEST=sha256   ; fi
   if test "x$enableval" = xsha1     ; then DIGEST=sha1     ; fi
   if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi
-  if test "x$enableval" = xmd5      ; then DIGEST=md5      ; fi
-  if test "x$enableval" = xmd4      ; then DIGEST=md4      ; fi
 
 fi
 
@@ -8675,6 +8697,21 @@
 _ACEOF
 
 
+AUTH=sha512
+# Check whether --enable-auth-digest was given.
+if test "${enable_auth_digest+set}" = set; then :
+  enableval=$enable_auth_digest; if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
+  if test "x$enableval" = xsha512   ; then AUTH=sha512   ; fi
+  if test "x$enableval" = xsha256   ; then AUTH=sha256   ; fi
+
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define ENABLE_AUTH EVP_${AUTH}
+_ACEOF
+
+
 if $CXX -v --help 2>&1 | grep -q fno-rtti; then
    CXXFLAGS="$CXXFLAGS -fno-rtti"
 fi
@@ -10265,8 +10302,10 @@
 echo "*** Configuration Summary"
 echo "***"
 echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
+echo "*** RSA size:     $RSA"
 echo "*** Cipher used:  $CIPHER"
 echo "*** Digest used:  $DIGEST"
+echo "*** Authdigest:   $AUTH"
 echo "*** HMAC length:  $HMAC"
 echo "*** RAND used:    $RAND"
 echo "*** Max. MTU:     $MTU"
@@ -10275,16 +10314,6 @@
 echo "*** Enable options:"
 grep ENABLE_ config.h | sed -e 's/^/*** /'
 
-if test "x$DIGEST" = xmd4; then
-echo "***"
-echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
-fi
-
-if test "x$DIGEST" = xmd5; then
-echo "***"
-echo "*** WARNING: The digest you have chosen ($DIGEST) is quite insecure"
-fi
-
 if test "$HMAC" -lt 12; then
 echo "***"
 echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure"