packages/net/openvpn/patches/220-disable_des.patch

--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
@@ -572,7 +572,7 @@ socket_defined(const socket_descriptor_t
 /*
  * Should we include NTLM proxy functionality
  */
-#define NTLM 1
+//#define NTLM 1
 
 /*
  * Should we include proxy digest auth functionality
--- a/src/openvpn/crypto_mbedtls.c
+++ b/src/openvpn/crypto_mbedtls.c
@@ -383,6 +383,7 @@ int
 key_des_num_cblocks(const mbedtls_cipher_info_t *kt)
 {
     int ret = 0;
+#ifdef MBEDTLS_DES_C
     if (kt->type == MBEDTLS_CIPHER_DES_CBC)
     {
         ret = 1;
@@ -395,6 +396,7 @@ key_des_num_cblocks(const mbedtls_cipher
     {
         ret = 3;
     }
+#endif
 
     dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
     return ret;
@@ -403,6 +405,7 @@ key_des_num_cblocks(const mbedtls_cipher
 bool
 key_des_check(uint8_t *key, int key_len, int ndc)
 {
+#ifdef MBEDTLS_DES_C
     int i;
     struct buffer b;
 
@@ -431,11 +434,15 @@ key_des_check(uint8_t *key, int key_len,
 
 err:
     return false;
+#else
+    return true;
+#endif
 }
 
 void
 key_des_fixup(uint8_t *key, int key_len, int ndc)
 {
+#ifdef MBEDTLS_DES_C
     int i;
     struct buffer b;
 
@@ -450,6 +457,7 @@ key_des_fixup(uint8_t *key, int key_len,
         }
         mbedtls_des_key_set_parity(key);
     }
+#endif
 }
 
 /*
@@ -770,10 +778,12 @@ cipher_des_encrypt_ecb(const unsigned ch
                        unsigned char *src,
                        unsigned char *dst)
 {
+#ifdef MBEDTLS_DES_C
     mbedtls_des_context ctx;
 
     ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key)));
     ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst)));
+#endif
 }