Priority: optional
Maintainer: none <none@notsupported>
Standards-Version: 4.2.1
-Build-Depends: libssl-dev (>>1.0.0), debhelper (>= 11), texinfo, zlib1g-dev, liblzo2-dev, libncurses5-dev, libreadline-dev, libminiupnpc-dev
+Build-Depends: libssl-dev (>>1.1.0), debhelper (>= 11), texinfo, zlib1g-dev, liblzo2-dev, libncurses5-dev, libreadline-dev, libminiupnpc-dev
Homepage: https://www.tinc-vpn.org/
Vcs-Browser: https://github.com/gsliepen/tinc
Vcs-Git: https://github.com/gsliepen/tinc.git
In order to compile tinc, you will need a GNU C compiler environment. Please
ensure you have the latest stable versions of all the required libraries:
-- LibreSSL (http://www.libressl.org/) or OpenSSL (https://openssl.org/) version 1.0.0 or later.
+- LibreSSL (http://www.libressl.org/) or OpenSSL (https://openssl.org/) version 1.1.0 or later.
The following libraries are used by default, but can be disabled if necessary:
[AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break]
)
- AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
+ AC_CHECK_LIB(crypto, OPENSSL_init_crypto,
[LIBS="-lcrypto $LIBS"],
[AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
)
- AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
- [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
- )
-
- AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], ,
- [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
- [#include <openssl/evp.h>]
- )
-
- AC_CHECK_FUNCS([BN_GENCB_new ERR_remove_state RSA_set0_key], , , [#include <openssl/rsa.h>])
- AC_CHECK_FUNCS([HMAC_CTX_new], , , [#include <openssl/hmac.h>])
-
AC_DEFINE(HAVE_OPENSSL, 1, [enable OpenSSL support])
])
void crypto_init(void) {
random_init();
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-#if OPENSSL_API_COMPAT < 0x10100000L
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
-#endif
+ uint64_t opts = OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_ENGINE_ALL_BUILTIN;
+ OPENSSL_init_crypto(opts, NULL);
if(!RAND_status()) {
fprintf(stderr, "Not enough entropy for the PRNG!\n");
}
void crypto_exit(void) {
-#if OPENSSL_API_COMPAT < 0x10100000L
- EVP_cleanup();
- ERR_free_strings();
- ENGINE_cleanup();
-#endif
+ OPENSSL_cleanup();
random_exit();
}
}
bool digest_set_key(digest_t *digest, const void *key, size_t len) {
-#ifdef HAVE_HMAC_CTX_NEW
digest->hmac_ctx = HMAC_CTX_new();
HMAC_Init_ex(digest->hmac_ctx, key, len, digest->digest, NULL);
-#else
- digest->hmac_ctx = xzalloc(sizeof(*digest->hmac_ctx));
- HMAC_Init(digest->hmac_ctx, key, len, digest->digest);
-#endif
if(!digest->hmac_ctx) {
abort();
EVP_MD_CTX_destroy(digest->md_ctx);
}
-#ifdef HAVE_HMAC_CTX_NEW
-
if(digest->hmac_ctx) {
HMAC_CTX_free(digest->hmac_ctx);
}
-#else
- free(digest->hmac_ctx);
-#endif
-
free(digest);
}
// Set RSA keys
-#ifndef HAVE_RSA_SET0_KEY
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
- BN_free(r->n);
- r->n = n;
- BN_free(r->e);
- r->e = e;
- BN_free(r->d);
- r->d = d;
- return 1;
-}
-#endif
-
rsa_t *rsa_set_hex_public_key(char *n, char *e) {
BIGNUM *bn_n = NULL;
BIGNUM *bn_e = NULL;
// Generate RSA key
-#ifndef HAVE_BN_GENCB_NEW
-BN_GENCB *BN_GENCB_new(void) {
- return xzalloc(sizeof(BN_GENCB));
-}
-
-void BN_GENCB_free(BN_GENCB *cb) {
- free(cb);
-}
-#endif
-
rsa_t *rsa_generate(size_t bits, unsigned long exponent) {
BIGNUM *bn_e = BN_new();
rsa_t *rsa = RSA_new();
projects / tinc / commitdiff