[ViewVC] Diff of: cvs/gvpe/configure

Comparing gvpe/configure (file contents):
Revision 1.50 by root, Wed Jul 10 01:51:40 2013 UTC vs.
Revision 1.54 by root, Fri Jan 17 11:19:04 2014 UTC

 enable_static_daemon
 enable_icmp
 enable_tcp
 enable_http_proxy
 enable_dns
+enable_rsa_length
 enable_hmac_length
 enable_rand_length
 enable_max_mtu
 enable_compression
 enable_cipher
-enable_digest
+enable_hmac_digest
+enable_auth_digest
 '
       ac_precious_vars='build_alias
 host_alias
 target_alias
 CC
   --disable-icmp          enable icmp protocol support (default enabled).
   --disable-tcp           enable tcp protocol support (default enabled).
   --disable-http-proxy    enable http proxy connect support (default enabled).
   --enable-dns            enable dns tunnel protocol support (default
                           disabled).
+  --enable-rsa-length=BITS
+                          use BITS rsa keys (default 3072). Allowed values are
+                          2048-10240.
   --enable-hmac-length=BYTES
                           use a hmac of length BYTES bytes (default 12).
                           Allowed values are 4, 8, 12, 16.
   --enable-rand-length=BYTES
-                          use BYTES bytes of extra randomness (default 8).
+                          use BYTES bytes of extra randomness (default 12).
-                          Allowed values are 0, 4, 8.
+                          Allowed values are 0, 4, 8, 12.
   --enable-max-mtu=BYTES  enable mtu sizes upto BYTES bytes (default 1500).
                           Use 9100 for jumbogram support.
   --disable-compression   Disable compression support.
   --enable-cipher=CIPHER  Select the symmetric cipher (default "aes-128").
                           Must be one of "bf" (blowfish), "aes-128"
-                          (rijndael), "aes-192" or "aes-256".
+                          (rijndael), "aes-192", "aes-256", "camellia-128" or
-  --enable-digest=CIPHER  Select the digest algorithm to use (default
+                          "camellia-256".
+  --enable-hmac-digest=HMAC
+                          Select the HMAC digest algorithm to use (default
-                          "ripemd160"). Must be one of "sha512", "sha256",
+                          "sha1"). Must be one of "sha512", "sha256", "sha1",
-                          "sha1" (somewhat insecure), "ripemd160", "md5"
+                          "ripemd160", "whirlpool".
-                          (insecure) or "md4" (insecure).
+  --enable-auth-digest=DIGEST
+                          Select the hmac algorithm to use (default "sha512").
+                          Must be one of "sha512", "sha256", "whirlpool".
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
   --with-gnu-ld           assume the C compiler uses GNU ld default=no
 fi
 # Define the identity of the package.
  PACKAGE=gvpe
- VERSION=2.24
+ VERSION=2.25
 cat >>confdefs.h <<_ACEOF
 #define PACKAGE "$PACKAGE"
 _ACEOF
 fi
+RSA=3072
+# Check whether --enable-rsa-length was given.
+if test "${enable_rsa_length+set}" = set; then :
+  enableval=$enable_rsa_length; RSA=$enableval
+fi
+cat >>confdefs.h <<_ACEOF
+#define RSABITS $RSA
+_ACEOF
-HMAC=12
+HMACSIZE=12
 # Check whether --enable-hmac-length was given.
 if test "${enable_hmac_length+set}" = set; then :
-  enableval=$enable_hmac_length; HMAC=$enableval
+  enableval=$enable_hmac_length; HMACSIZE=$enableval
 fi
 cat >>confdefs.h <<_ACEOF
-#define HMACLENGTH $HMAC
+#define HMACLENGTH $HMACSIZE
 _ACEOF
-RAND=8
+RANDSIZE=12
 # Check whether --enable-rand-length was given.
 if test "${enable_rand_length+set}" = set; then :
-  enableval=$enable_rand_length; RAND=$enableval
+  enableval=$enable_rand_length; RANDSIZE=$enableval
 fi
 cat >>confdefs.h <<_ACEOF
-#define RAND_SIZE $RAND
+#define RAND_SIZE $RANDSIZE
 _ACEOF
 MTU=1500
 # Check whether --enable-max-mtu was given.
 CIPHER=aes_128_cbc
 # Check whether --enable-cipher was given.
 if test "${enable_cipher+set}" = set; then :
-  enableval=$enable_cipher; if test "x$enableval" = xbf     ; then CIPHER=bf_cbc     ; fi
+  enableval=$enable_cipher; if test "x$enableval" = xbf          ; then CIPHER=bf_cbc          ; fi
-  if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi
+  if test "x$enableval" = xaes-128     ; then CIPHER=aes_128_cbc     ; fi
-  if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi
+  if test "x$enableval" = xaes-192     ; then CIPHER=aes_192_cbc     ; fi
-  if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi
+  if test "x$enableval" = xaes-256     ; then CIPHER=aes_256_cbc     ; fi
+  if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi
+  if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi
 fi
 cat >>confdefs.h <<_ACEOF
 #define ENABLE_CIPHER EVP_${CIPHER}
 _ACEOF
-DIGEST=ripemd160
+HMAC=sha1
-# Check whether --enable-digest was given.
+# Check whether --enable-hmac-digest was given.
-if test "${enable_digest+set}" = set; then :
+if test "${enable_hmac_digest+set}" = set; then :
+  enableval=$enable_hmac_digest; if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
-  enableval=$enable_digest; if test "x$enableval" = xsha512   ; then DIGEST=sha512   ; fi
+  if test "x$enableval" = xsha512   ; then HMAC=sha512   ; fi
-  if test "x$enableval" = xsha256   ; then DIGEST=sha256   ; fi
+  if test "x$enableval" = xsha256   ; then HMAC=sha256   ; fi
-  if test "x$enableval" = xsha1     ; then DIGEST=sha1     ; fi
+  if test "x$enableval" = xsha1     ; then HMAC=sha1     ; fi
-  if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi
+  if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
-  if test "x$enableval" = xmd5      ; then DIGEST=md5      ; fi
-  if test "x$enableval" = xmd4      ; then DIGEST=md4      ; fi
 fi
 cat >>confdefs.h <<_ACEOF
+#define ENABLE_HMAC EVP_${HMAC}
+_ACEOF
+AUTH=sha512
+# Check whether --enable-auth-digest was given.
+if test "${enable_auth_digest+set}" = set; then :
+  enableval=$enable_auth_digest; if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
+  if test "x$enableval" = xsha512   ; then AUTH=sha512   ; fi
+  if test "x$enableval" = xsha256   ; then AUTH=sha256   ; fi
+fi
+cat >>confdefs.h <<_ACEOF
-#define ENABLE_DIGEST EVP_${DIGEST}
+#define ENABLE_AUTH EVP_${AUTH}
 _ACEOF
 if $CXX -v --help 2>&1 | grep -q fno-rtti; then
    CXXFLAGS="$CXXFLAGS -fno-rtti"
 echo
 echo "***"
 echo "*** Configuration Summary"
 echo "***"
 echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
+echo "*** RSA size:     $RSA"
 echo "*** Cipher used:  $CIPHER"
-echo "*** Digest used:  $DIGEST"
+echo "*** Auth Digest:  $AUTH"
+echo "*** HMAC Digest:  $HMAC"
 echo "*** HMAC length:  $HMAC"
-echo "*** RAND used:    $RAND"
+echo "*** RAND used:    $RANDSIZE"
 echo "*** Max. MTU:     $MTU"
 echo "***"
 echo "*** Enable options:"
 grep ENABLE_ config.h | sed -e 's/^/*** /'
-if test "x$DIGEST" = xmd4; then
+if test "$HMACSIZE" -lt 12; then
 echo "***"
-echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
+echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
 fi
-if test "x$DIGEST" = xmd5; then
+if test "$RANDSIZE" -lt 12; then
 echo "***"
-echo "*** WARNING: The digest you have chosen ($DIGEST) is probably insecure"
-fi
-if test "$HMAC" -lt 12; then
-echo "***"
-echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure"
-fi
-if test "$RAND" -lt 8; then
-echo "***"
-echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
+echo "*** WARNING: The random prefix you have chosen ($RANDSIZE) is probably insecure"
 fi
 echo "***"
 echo

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/configure (file contents): Revision 1.50 by root, Wed Jul 10 01:51:40 2013 UTC vs. Revision 1.54 by root, Fri Jan 17 11:19:04 2014 UTC

Diff Legend

Comparing gvpe/configure (file contents):
Revision 1.50 by root, Wed Jul 10 01:51:40 2013 UTC vs.
Revision 1.54 by root, Fri Jan 17 11:19:04 2014 UTC