--- gvpe/configure	2013/07/10 01:51:40	1.50
+++ gvpe/configure	2014/01/17 11:19:04	1.54
@@ -769,12 +769,14 @@
 enable_tcp
 enable_http_proxy
 enable_dns
+enable_rsa_length
 enable_hmac_length
 enable_rand_length
 enable_max_mtu
 enable_compression
 enable_cipher
-enable_digest
+enable_hmac_digest
+enable_auth_digest
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1430,22 +1432,29 @@
   --disable-http-proxy    enable http proxy connect support (default enabled).
   --enable-dns            enable dns tunnel protocol support (default
                           disabled).
+  --enable-rsa-length=BITS
+                          use BITS rsa keys (default 3072). Allowed values are
+                          2048-10240.
   --enable-hmac-length=BYTES
                           use a hmac of length BYTES bytes (default 12).
                           Allowed values are 4, 8, 12, 16.
   --enable-rand-length=BYTES
-                          use BYTES bytes of extra randomness (default 8).
-                          Allowed values are 0, 4, 8.
+                          use BYTES bytes of extra randomness (default 12).
+                          Allowed values are 0, 4, 8, 12.
   --enable-max-mtu=BYTES  enable mtu sizes upto BYTES bytes (default 1500).
                           Use 9100 for jumbogram support.
   --disable-compression   Disable compression support.
   --enable-cipher=CIPHER  Select the symmetric cipher (default "aes-128").
                           Must be one of "bf" (blowfish), "aes-128"
-                          (rijndael), "aes-192" or "aes-256".
-  --enable-digest=CIPHER  Select the digest algorithm to use (default
-                          "ripemd160"). Must be one of "sha512", "sha256",
-                          "sha1" (somewhat insecure), "ripemd160", "md5"
-                          (insecure) or "md4" (insecure).
+                          (rijndael), "aes-192", "aes-256", "camellia-128" or
+                          "camellia-256".
+  --enable-hmac-digest=HMAC
+                          Select the HMAC digest algorithm to use (default
+                          "sha1"). Must be one of "sha512", "sha256", "sha1",
+                          "ripemd160", "whirlpool".
+  --enable-auth-digest=DIGEST
+                          Select the hmac algorithm to use (default "sha512").
+                          Must be one of "sha512", "sha256", "whirlpool".
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -3201,7 +3210,7 @@
 
 # Define the identity of the package.
  PACKAGE=gvpe
- VERSION=2.24
+ VERSION=2.25
 
 
 cat >>confdefs.h <<_ACEOF
@@ -8587,29 +8596,42 @@
 fi
 
 
-HMAC=12
+RSA=3072
+# Check whether --enable-rsa-length was given.
+if test "${enable_rsa_length+set}" = set; then :
+  enableval=$enable_rsa_length; RSA=$enableval
+
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define RSABITS $RSA
+_ACEOF
+
+
+HMACSIZE=12
 # Check whether --enable-hmac-length was given.
 if test "${enable_hmac_length+set}" = set; then :
-  enableval=$enable_hmac_length; HMAC=$enableval
+  enableval=$enable_hmac_length; HMACSIZE=$enableval
 
 fi
 
 
 cat >>confdefs.h <<_ACEOF
-#define HMACLENGTH $HMAC
+#define HMACLENGTH $HMACSIZE
 _ACEOF
 
 
-RAND=8
+RANDSIZE=12
 # Check whether --enable-rand-length was given.
 if test "${enable_rand_length+set}" = set; then :
-  enableval=$enable_rand_length; RAND=$enableval
+  enableval=$enable_rand_length; RANDSIZE=$enableval
 
 fi
 
 
 cat >>confdefs.h <<_ACEOF
-#define RAND_SIZE $RAND
+#define RAND_SIZE $RANDSIZE
 _ACEOF
 
 
@@ -8644,10 +8666,12 @@
 CIPHER=aes_128_cbc
 # Check whether --enable-cipher was given.
 if test "${enable_cipher+set}" = set; then :
-  enableval=$enable_cipher; if test "x$enableval" = xbf     ; then CIPHER=bf_cbc     ; fi
-  if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi
-  if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi
-  if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi
+  enableval=$enable_cipher; if test "x$enableval" = xbf          ; then CIPHER=bf_cbc          ; fi
+  if test "x$enableval" = xaes-128     ; then CIPHER=aes_128_cbc     ; fi
+  if test "x$enableval" = xaes-192     ; then CIPHER=aes_192_cbc     ; fi
+  if test "x$enableval" = xaes-256     ; then CIPHER=aes_256_cbc     ; fi
+  if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi
+  if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi
 
 fi
 
@@ -8657,21 +8681,35 @@
 _ACEOF
 
 
-DIGEST=ripemd160
-# Check whether --enable-digest was given.
-if test "${enable_digest+set}" = set; then :
-  enableval=$enable_digest; if test "x$enableval" = xsha512   ; then DIGEST=sha512   ; fi
-  if test "x$enableval" = xsha256   ; then DIGEST=sha256   ; fi
-  if test "x$enableval" = xsha1     ; then DIGEST=sha1     ; fi
-  if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi
-  if test "x$enableval" = xmd5      ; then DIGEST=md5      ; fi
-  if test "x$enableval" = xmd4      ; then DIGEST=md4      ; fi
+HMAC=sha1
+# Check whether --enable-hmac-digest was given.
+if test "${enable_hmac_digest+set}" = set; then :
+  enableval=$enable_hmac_digest; if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
+  if test "x$enableval" = xsha512   ; then HMAC=sha512   ; fi
+  if test "x$enableval" = xsha256   ; then HMAC=sha256   ; fi
+  if test "x$enableval" = xsha1     ; then HMAC=sha1     ; fi
+  if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
+
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define ENABLE_HMAC EVP_${HMAC}
+_ACEOF
+
+
+AUTH=sha512
+# Check whether --enable-auth-digest was given.
+if test "${enable_auth_digest+set}" = set; then :
+  enableval=$enable_auth_digest; if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi
+  if test "x$enableval" = xsha512   ; then AUTH=sha512   ; fi
+  if test "x$enableval" = xsha256   ; then AUTH=sha256   ; fi
 
 fi
 
 
 cat >>confdefs.h <<_ACEOF
-#define ENABLE_DIGEST EVP_${DIGEST}
+#define ENABLE_AUTH EVP_${AUTH}
 _ACEOF
 
 
@@ -10265,34 +10303,26 @@
 echo "*** Configuration Summary"
 echo "***"
 echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE"
+echo "*** RSA size:     $RSA"
 echo "*** Cipher used:  $CIPHER"
-echo "*** Digest used:  $DIGEST"
+echo "*** Auth Digest:  $AUTH"
+echo "*** HMAC Digest:  $HMAC"
 echo "*** HMAC length:  $HMAC"
-echo "*** RAND used:    $RAND"
+echo "*** RAND used:    $RANDSIZE"
 echo "*** Max. MTU:     $MTU"
 
 echo "***"
 echo "*** Enable options:"
 grep ENABLE_ config.h | sed -e 's/^/*** /'
 
-if test "x$DIGEST" = xmd4; then
-echo "***"
-echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure"
-fi
-
-if test "x$DIGEST" = xmd5; then
-echo "***"
-echo "*** WARNING: The digest you have chosen ($DIGEST) is probably insecure"
-fi
-
-if test "$HMAC" -lt 12; then
+if test "$HMACSIZE" -lt 12; then
 echo "***"
-echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure"
+echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
 fi
 
-if test "$RAND" -lt 8; then
+if test "$RANDSIZE" -lt 12; then
 echo "***"
-echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
+echo "*** WARNING: The random prefix you have chosen ($RANDSIZE) is probably insecure"
 fi
 
 echo "***"