--- gvpe/configure 2013/07/16 16:44:36 1.52 +++ gvpe/configure 2013/07/18 13:35:19 1.53 @@ -775,7 +775,7 @@ enable_max_mtu enable_compression enable_cipher -enable_digest +enable_hmac_digest enable_auth_digest ' ac_precious_vars='build_alias @@ -1434,13 +1434,13 @@ disabled). --enable-rsa-length=BITS use BITS rsa keys (default 3072). Allowed values are - 1536-10240. + 2048-10240. --enable-hmac-length=BYTES use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16. --enable-rand-length=BYTES - use BYTES bytes of extra randomness (default 8). - Allowed values are 0, 4, 8. + use BYTES bytes of extra randomness (default 12). + Allowed values are 0, 4, 8, 12. --enable-max-mtu=BYTES enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support. --disable-compression Disable compression support. @@ -1448,8 +1448,9 @@ Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256". - --enable-digest=DIGEST Select the digest algorithm to use (default "sha1"). - Must be one of "sha512", "sha256", "sha1", + --enable-hmac-digest=HMAC + Select the HMAC digest algorithm to use (default + "sha1"). Must be one of "sha512", "sha256", "sha1", "ripemd160", "whirlpool". --enable-auth-digest=DIGEST Select the hmac algorithm to use (default "sha512"). @@ -8608,29 +8609,29 @@ _ACEOF -HMAC=12 +HMACSIZE=12 # Check whether --enable-hmac-length was given. if test "${enable_hmac_length+set}" = set; then : - enableval=$enable_hmac_length; HMAC=$enableval + enableval=$enable_hmac_length; HMACSIZE=$enableval fi cat >>confdefs.h <<_ACEOF -#define HMACLENGTH $HMAC +#define HMACLENGTH $HMACSIZE _ACEOF -RAND=8 +RANDSIZE=12 # Check whether --enable-rand-length was given. if test "${enable_rand_length+set}" = set; then : - enableval=$enable_rand_length; RAND=$enableval + enableval=$enable_rand_length; RANDSIZE=$enableval fi cat >>confdefs.h <<_ACEOF -#define RAND_SIZE $RAND +#define RAND_SIZE $RANDSIZE _ACEOF @@ -8680,20 +8681,20 @@ _ACEOF -DIGEST=sha1 -# Check whether --enable-digest was given. -if test "${enable_digest+set}" = set; then : - enableval=$enable_digest; if test "x$enableval" = xwhirlpool; then DIGEST=whirlpool; fi - if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi - if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi - if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi - if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi +HMAC=sha1 +# Check whether --enable-hmac-digest was given. +if test "${enable_hmac_digest+set}" = set; then : + enableval=$enable_hmac_digest; if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi + if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi + if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi + if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi + if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi fi cat >>confdefs.h <<_ACEOF -#define ENABLE_DIGEST EVP_${DIGEST} +#define ENABLE_HMAC EVP_${HMAC} _ACEOF @@ -10314,14 +10315,14 @@ echo "*** Enable options:" grep ENABLE_ config.h | sed -e 's/^/*** /' -if test "$HMAC" -lt 12; then +if test "$HMACSIZE" -lt 12; then echo "***" -echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" +echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" fi -if test "$RAND" -lt 8; then +if test "$RANDSIZE" -lt 12; then echo "***" -echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure" +echo "*** WARNING: The random prefix you have chosen ($RANDSIZE) is probably insecure" fi echo "***"