Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -228,19 +228,6 @@ AC_ARG_ENABLE( |
228 | 228 |
) |
229 | 229 |
|
230 | 230 |
AC_ARG_WITH( |
231 |
- [ssl-headers], |
|
232 |
- [AS_HELP_STRING([--with-ssl-headers=DIR], [Crypto/SSL Include files location])], |
|
233 |
- [CS_HDR_DIR="$withval"] |
|
234 |
- [CPPFLAGS="$CPPFLAGS -I$withval"] |
|
235 |
-) |
|
236 |
- |
|
237 |
-AC_ARG_WITH( |
|
238 |
- [ssl-lib], |
|
239 |
- [AS_HELP_STRING([--with-ssl-lib=DIR], [Crypto/SSL Library location])], |
|
240 |
- [LDFLAGS="$LDFLAGS -L$withval"] |
|
241 |
-) |
|
242 |
- |
|
243 |
-AC_ARG_WITH( |
|
244 | 231 |
[mem-check], |
245 | 232 |
[AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=dmalloc|valgrind|ssl])], |
246 | 233 |
[ |
... | ... |
@@ -253,15 +240,15 @@ AC_ARG_WITH( |
253 | 253 |
) |
254 | 254 |
|
255 | 255 |
AC_ARG_WITH( |
256 |
- [ssl-type], |
|
257 |
- [AS_HELP_STRING([--with-ssl-type=TYPE], [build with the given SSL library, TYPE = openssl or polarssl])], |
|
256 |
+ [crypto-library], |
|
257 |
+ [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|polarssl @<:@default=openssl@:>@])], |
|
258 | 258 |
[ |
259 | 259 |
case "${withval}" in |
260 | 260 |
openssl|polarssl) ;; |
261 |
- *) AC_MSG_ERROR([bad value ${withval} for --with-ssl-type]) ;; |
|
261 |
+ *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;; |
|
262 | 262 |
esac |
263 | 263 |
], |
264 |
- [with_ssl_type="openssl"] |
|
264 |
+ [with_crypto_library="openssl"] |
|
265 | 265 |
) |
266 | 266 |
|
267 | 267 |
AC_DEFINE_UNQUOTED(TARGET_ALIAS, "${host}", [A string representing our host]) |
... | ... |
@@ -651,6 +638,76 @@ case "${with_mem_check}" in |
651 | 651 |
;; |
652 | 652 |
esac |
653 | 653 |
|
654 |
+PKG_CHECK_MODULES( |
|
655 |
+ [OPENSSL_CRYPTO], |
|
656 |
+ [libcrypto >= 0.9.6], |
|
657 |
+ [have_openssl_crypto="yes"], |
|
658 |
+ [AC_CHECK_LIB( |
|
659 |
+ [crypto], |
|
660 |
+ [RSA_new], |
|
661 |
+ [ |
|
662 |
+ have_openssl_crypto="yes" |
|
663 |
+ OPENSSL_CRYPTO_LIBS="-lcrypto" |
|
664 |
+ ] |
|
665 |
+ )] |
|
666 |
+) |
|
667 |
+ |
|
668 |
+PKG_CHECK_MODULES( |
|
669 |
+ [OPENSSL_SSL], |
|
670 |
+ [libssl >= 0.9.6], |
|
671 |
+ [have_openssl_ssl="yes"], |
|
672 |
+ [AC_CHECK_LIB( |
|
673 |
+ [ssl], |
|
674 |
+ [SSL_CTX_new], |
|
675 |
+ [ |
|
676 |
+ have_openssl_ssl="yes" |
|
677 |
+ OPENSSL_SSL_LIBS="-lssl" |
|
678 |
+ ] |
|
679 |
+ )] |
|
680 |
+) |
|
681 |
+ |
|
682 |
+if test "${have_openssl_crypto}" = "yes"; then |
|
683 |
+ saved_CFLAGS="${CFLAGS}" |
|
684 |
+ saved_LIBS="${LIBS}" |
|
685 |
+ CFLAGS="${CFLAGS} ${OPENSSL_CRYPTO_CFLAGS}" |
|
686 |
+ LIBS="${LIBS} ${OPENSSL_CRYPTO_LIBS}" |
|
687 |
+ AC_CHECK_FUNCS([EVP_CIPHER_CTX_set_key_length]) |
|
688 |
+ have_openssl_engine="yes" |
|
689 |
+ AC_CHECK_FUNCS( |
|
690 |
+ [ \ |
|
691 |
+ ENGINE_load_builtin_engines \ |
|
692 |
+ ENGINE_register_all_complete \ |
|
693 |
+ ENGINE_cleanup \ |
|
694 |
+ ], |
|
695 |
+ , |
|
696 |
+ [have_openssl_engine="no"; break] |
|
697 |
+ ) |
|
698 |
+ |
|
699 |
+ CFLAGS="${saved_CFLAGS}" |
|
700 |
+ LIBS="${saved_LIBS}" |
|
701 |
+fi |
|
702 |
+ |
|
703 |
+AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl]) |
|
704 |
+AC_ARG_VAR([POLARSSL_LIBS], [linker flags for polarssl]) |
|
705 |
+have_polarssl_ssl="yes" |
|
706 |
+have_polarssl_crypto="yes" |
|
707 |
+if test -z "${POLARSSL_LIBS}"; then |
|
708 |
+ AC_CHECK_LIB( |
|
709 |
+ [polarssl], |
|
710 |
+ [ssl_init], |
|
711 |
+ [POLARSSL_LIBS="-lpolarssl"], |
|
712 |
+ [ |
|
713 |
+ have_polarssl_ssl="no" |
|
714 |
+ AC_CHECK_LIB( |
|
715 |
+ [polarssl], |
|
716 |
+ [aes_crypt_cbc], |
|
717 |
+ , |
|
718 |
+ [have_polarssl_crypto="no"] |
|
719 |
+ ) |
|
720 |
+ ] |
|
721 |
+ ) |
|
722 |
+fi |
|
723 |
+ |
|
654 | 724 |
AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo]) |
655 | 725 |
AC_ARG_VAR([LZO_LIBS], [linker flags for lzo]) |
656 | 726 |
have_lzo="yes" |
... | ... |
@@ -698,103 +755,6 @@ PKG_CHECK_MODULES( |
698 | 698 |
[] |
699 | 699 |
) |
700 | 700 |
|
701 |
-dnl |
|
702 |
-dnl check for SSL-crypto library |
|
703 |
-dnl |
|
704 |
-if test "${enable_crypto}" = "yes"; then |
|
705 |
- if test "${with_ssl_type}" = "openssl"; then |
|
706 |
- AC_CHECKING([for OpenSSL Crypto Library and Header files]) |
|
707 |
- AC_CHECK_HEADER(openssl/evp.h,, |
|
708 |
- [AC_MSG_ERROR([OpenSSL Crypto headers not found.])]) |
|
709 |
- |
|
710 |
- for lib in crypto eay32; do |
|
711 |
- AC_CHECK_LIB($lib, EVP_CIPHER_CTX_init, |
|
712 |
- [ |
|
713 |
- cryptofound=1 |
|
714 |
- LIBS="${LIBS} -l$lib" |
|
715 |
- ] |
|
716 |
- ) |
|
717 |
- done |
|
718 |
- test -n "$cryptofound" || AC_MSG_ERROR([OpenSSL Crypto library not found.]) |
|
719 |
- |
|
720 |
- AC_MSG_CHECKING([that OpenSSL Library is at least version 0.9.6]) |
|
721 |
- AC_EGREP_CPP(yes, |
|
722 |
- [ |
|
723 |
- #include <openssl/evp.h> |
|
724 |
- #if SSLEAY_VERSION_NUMBER >= 0x00906000L |
|
725 |
- yes |
|
726 |
- #endif |
|
727 |
- ], |
|
728 |
- [ |
|
729 |
- AC_MSG_RESULT([yes]) |
|
730 |
- AC_DEFINE(USE_CRYPTO, 1, [Use crypto library]) |
|
731 |
- AC_DEFINE(USE_OPENSSL, 1, [Use OpenSSL library]) |
|
732 |
- AC_CHECK_FUNCS(EVP_CIPHER_CTX_set_key_length) |
|
733 |
- |
|
734 |
- dnl check for OpenSSL crypto acceleration capability |
|
735 |
- AC_CHECK_HEADERS(openssl/engine.h) |
|
736 |
- AC_CHECK_FUNCS(ENGINE_load_builtin_engines) |
|
737 |
- AC_CHECK_FUNCS(ENGINE_register_all_complete) |
|
738 |
- AC_CHECK_FUNCS(ENGINE_cleanup) |
|
739 |
- ], |
|
740 |
- [AC_MSG_ERROR([OpenSSL crypto Library is too old.])] |
|
741 |
- ) |
|
742 |
- fi |
|
743 |
- if test "${with_ssl_type}" = "polarssl"; then |
|
744 |
- AC_CHECKING([for PolarSSL Crypto Library and Header files]) |
|
745 |
- AC_CHECK_HEADER(polarssl/aes.h, |
|
746 |
- [AC_CHECK_LIB(polarssl, aes_crypt_cbc, |
|
747 |
- [ |
|
748 |
- LIBS="${LIBS} -lpolarssl" |
|
749 |
- AC_DEFINE(USE_CRYPTO, 1, [Use crypto library]) |
|
750 |
- AC_DEFINE(USE_POLARSSL, 1, [Use PolarSSL library]) |
|
751 |
- ], |
|
752 |
- [AC_MSG_ERROR([PolarSSL Crypto library not found.])] |
|
753 |
- )], |
|
754 |
- [AC_MSG_ERROR([PolarSSL Crypto headers not found.])] |
|
755 |
- ) |
|
756 |
- fi |
|
757 |
- dnl |
|
758 |
- dnl check for OpenSSL-SSL library |
|
759 |
- dnl |
|
760 |
- |
|
761 |
- if test "${enable_ssl}" = "yes"; then |
|
762 |
- if test "${with_ssl_type}" = "openssl"; then |
|
763 |
- AC_CHECKING([for OpenSSL SSL Library and Header files]) |
|
764 |
- AC_CHECK_HEADER(openssl/ssl.h,, |
|
765 |
- [AC_MSG_ERROR([OpenSSL SSL headers not found.])] |
|
766 |
- ) |
|
767 |
- |
|
768 |
- for lib in ssl ssl32; do |
|
769 |
- AC_CHECK_LIB($lib, SSL_CTX_new, |
|
770 |
- [ |
|
771 |
- sslfound=1 |
|
772 |
- LIBS="${LIBS} -l$lib" |
|
773 |
- ] |
|
774 |
- ) |
|
775 |
- done |
|
776 |
- |
|
777 |
- test -n "${sslfound}" || AC_MSG_ERROR([OpenSSL SSL library not found.]) |
|
778 |
- |
|
779 |
- AC_DEFINE(USE_SSL, 1, [Use OpenSSL SSL library]) |
|
780 |
- fi |
|
781 |
- if test "${with_ssl_type}" = "polarssl"; then |
|
782 |
- AC_CHECKING([for PolarSSL SSL Library and Header files]) |
|
783 |
- AC_CHECK_HEADER(polarssl/ssl.h, |
|
784 |
- [AC_CHECK_LIB(polarssl, ssl_init, |
|
785 |
- [ |
|
786 |
- LIBS="${LIBS} -lpolarssl" |
|
787 |
- AC_DEFINE(USE_SSL, 1, [Use SSL library]) |
|
788 |
- AC_DEFINE(USE_POLARSSL, 1, [Use PolarSSL library]) |
|
789 |
- ], |
|
790 |
- [AC_MSG_ERROR([PolarSSL SSL library not found.])] |
|
791 |
- )], |
|
792 |
- [AC_MSG_ERROR([PolarSSL SSL headers not found.])] |
|
793 |
- ) |
|
794 |
- fi |
|
795 |
- fi |
|
796 |
-fi |
|
797 |
- |
|
798 | 701 |
if test -n "${SP_PLATFORM_WINDOWS}"; then |
799 | 702 |
AC_DEFINE_UNQUOTED([PATH_SEPARATOR], ['\\\\'], [Path separator]) #" |
800 | 703 |
AC_DEFINE_UNQUOTED([PATH_SEPARATOR_STR], ["\\\\"], [Path separator]) #" |
... | ... |
@@ -805,7 +765,7 @@ fi |
805 | 805 |
|
806 | 806 |
dnl enable --x509-username-field feature if requested |
807 | 807 |
if test "${enable_x509_alt_username}" = "yes"; then |
808 |
- if test "${with_ssl_type}" = "polarssl" ; then |
|
808 |
+ if test "${with_crypto_library}" = "polarssl" ; then |
|
809 | 809 |
AC_MSG_ERROR([PolarSSL does not support the --x509-username-field feature]) |
810 | 810 |
fi |
811 | 811 |
|
... | ... |
@@ -829,6 +789,41 @@ test "${enable_strict_options}" = "yes" && AC_DEFINE([ENABLE_STRICT_OPTIONS_CHEC |
829 | 829 |
test "${enable_password_save}" = "yes" && AC_DEFINE([ENABLE_PASSWORD_SAVE], [1], [Allow --askpass and --auth-user-pass passwords to be read from a file]) |
830 | 830 |
test "${enable_systemd}" = "yes" && AC_DEFINE([ENABLE_SYSTEMD], [1], [Enable systemd support]) |
831 | 831 |
|
832 |
+case "${with_crypto_library}" in |
|
833 |
+ openssl) |
|
834 |
+ have_crypto_crypto="${have_openssl_crypto}" |
|
835 |
+ have_crypto_ssl="${have_openssl_ssl}" |
|
836 |
+ CRYPTO_CRYPTO_CFLAGS="${OPENSSL_CRYPTO_CFLAGS}" |
|
837 |
+ CRYPTO_CRYPTO_LIBS="${OPENSSL_CRYPTO_LIBS}" |
|
838 |
+ CRYPTO_SSL_CFLAGS="${OPENSSL_SSL_CFLAGS}" |
|
839 |
+ CRYPTO_SSL_LIBS="${OPENSSL_SSL_LIBS}" |
|
840 |
+ AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use OpenSSL library]) |
|
841 |
+ test "${have_openssl_engine}" = "yes" && AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [Use crypto library]) |
|
842 |
+ ;; |
|
843 |
+ polarssl) |
|
844 |
+ have_crypto_crypto="${have_polarssl_crypto}" |
|
845 |
+ have_crypto_ssl="${have_polarssl_ssl}" |
|
846 |
+ CRYPTO_CRYPTO_CFLAGS="${POLARSSL_CRYPTO_CFLAGS}" |
|
847 |
+ CRYPTO_CRYPTO_LIBS="${POLARSSL_LIBS}" |
|
848 |
+ AC_DEFINE([ENABLE_CRYPTO_POLARSSL], [1], [Use PolarSSL library]) |
|
849 |
+ ;; |
|
850 |
+esac |
|
851 |
+ |
|
852 |
+if test "${enable_ssl}" = "yes"; then |
|
853 |
+ test "${enable_crypto}" != "yes" && AC_MSG_ERROR([crypto must be enabled for ssl]) |
|
854 |
+ test "${have_crypto_ssl}" != "yes" && AC_MSG_ERROR([${with_ssl_library} ssl is required but missing]) |
|
855 |
+ OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_SSL_CFLAGS}" |
|
856 |
+ OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_SSL_LIBS}" |
|
857 |
+ AC_DEFINE([ENABLE_SSL], [1], [Enable ssl library]) |
|
858 |
+fi |
|
859 |
+ |
|
860 |
+if test "${enable_crypto}" = "yes"; then |
|
861 |
+ test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crytpo is required but missing]) |
|
862 |
+ OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}" |
|
863 |
+ OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}" |
|
864 |
+ AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library]) |
|
865 |
+fi |
|
866 |
+ |
|
832 | 867 |
if test "${enable_plugins}" = "yes"; then |
833 | 868 |
test "${WIN32}" != "yes" -a -z "${DL_LIBS}" && AC_MSG_ERROR([libdl is required for plugins]) |
834 | 869 |
OPTIONAL_DL_LIBS="${DL_LIBS}" |
... | ... |
@@ -899,6 +894,8 @@ AC_SUBST([TAP_WIN_MIN_MINOR]) |
899 | 899 |
|
900 | 900 |
AC_SUBST([OPTIONAL_DL_LIBS]) |
901 | 901 |
AC_SUBST([OPTIONAL_SELINUX_LIBS]) |
902 |
+AC_SUBST([OPTIONAL_CRYPTO_CFLAGS]) |
|
903 |
+AC_SUBST([OPTIONAL_CRYPTO_LIBS]) |
|
902 | 904 |
AC_SUBST([OPTIONAL_LZO_CFLAGS]) |
903 | 905 |
AC_SUBST([OPTIONAL_LZO_LIBS]) |
904 | 906 |
AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS]) |
... | ... |
@@ -10,9 +10,6 @@ |
10 | 10 |
# |
11 | 11 |
# Allow passwords to be read from files |
12 | 12 |
# rpmbuild -tb [openvpn.x.tar.gz] --define 'with_password_save 1' |
13 |
-# |
|
14 |
-# Use this on RH9 and RHEL3 |
|
15 |
-# rpmbuild -tb [openvpn.x.tar.gz] --define 'with_kerberos 1' |
|
16 | 13 |
|
17 | 14 |
Summary: OpenVPN is a robust and highly flexible VPN daemon by James Yonan. |
18 | 15 |
Name: @PACKAGE@ |
... | ... |
@@ -111,8 +108,7 @@ Development support for OpenVPN. |
111 | 111 |
--docdir="%{_docdir}/%{name}-%{version}" \ |
112 | 112 |
%{?with_password_save:--enable-password-save} \ |
113 | 113 |
%{!?without_lzo:--enable-lzo} \ |
114 |
- %{?with_pkcs11:--enable-pkcs11} \ |
|
115 |
- %{?with_kerberos:--with-ssl-headers=/usr/kerberos/include} |
|
114 |
+ %{?with_pkcs11:--enable-pkcs11} |
|
116 | 115 |
%__make |
117 | 116 |
|
118 | 117 |
# Build down-root plugin |
... | ... |
@@ -60,7 +60,7 @@ |
60 | 60 |
* |
61 | 61 |
* @par Settings that control this module's activity |
62 | 62 |
* Whether or not the Data Channel Crypto module is active depends on the |
63 |
- * compile-time \c USE_CRYPTO and \c USE_SSL preprocessor macros. How it |
|
63 |
+ * compile-time \c ENABLE_CRYPTO and \c ENABLE_SSL preprocessor macros. How it |
|
64 | 64 |
* processes packets received from the \link data_control Data Channel |
65 | 65 |
* Control module\endlink at runtime depends on the associated \c |
66 | 66 |
* crypto_options structure. To perform cryptographic operations, the \c |
... | ... |
@@ -24,16 +24,25 @@ |
24 | 24 |
|
25 | 25 |
#ifndef OPENVPN_PLUGIN_H_ |
26 | 26 |
#define OPENVPN_PLUGIN_H_ |
27 |
-#ifdef USE_SSL |
|
28 |
-# if defined(SSL_VERIFY_OPENSSL_H_) || defined(SSL_VERIFY_POLARSSL_H_) |
|
29 |
-# define ENABLE_SSL_PLUGIN |
|
30 |
-# else |
|
31 |
-# warning "Neither OpenSSL or PoLarSSL headers included, disabling plugin's SSL support" |
|
32 |
-# endif |
|
33 |
-#endif /*USE_SSL*/ |
|
34 | 27 |
|
35 | 28 |
#define OPENVPN_PLUGIN_VERSION 3 |
36 | 29 |
|
30 |
+#ifdef ENABLE_SSL |
|
31 |
+#ifdef ENABLE_CRYPTO_POLARSSL |
|
32 |
+#include <polarssl/x509.h> |
|
33 |
+#ifndef __OPENVPN_X509_CERT_T_DECLARED |
|
34 |
+#define __OPENVPN_X509_CERT_T_DECLARED |
|
35 |
+typedef x509_cert openvpn_x509_cert_t; |
|
36 |
+#endif |
|
37 |
+#else |
|
38 |
+#include <openssl/x509.h> |
|
39 |
+#ifndef __OPENVPN_X509_CERT_T_DECLARED |
|
40 |
+#define __OPENVPN_X509_CERT_T_DECLARED |
|
41 |
+typedef X509 openvpn_x509_cert_t; |
|
42 |
+#endif |
|
43 |
+#endif |
|
44 |
+#endif |
|
45 |
+ |
|
37 | 46 |
/* |
38 | 47 |
* Plug-in types. These types correspond to the set of script callbacks |
39 | 48 |
* supported by OpenVPN. |
... | ... |
@@ -268,9 +277,9 @@ struct openvpn_plugin_args_open_return |
268 | 268 |
* *per_client_context : the per-client context pointer which was returned by |
269 | 269 |
* openvpn_plugin_client_constructor_v1, if defined. |
270 | 270 |
* |
271 |
- * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with USE_SSL defined) |
|
271 |
+ * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with ENABLE_SSL defined) |
|
272 | 272 |
* |
273 |
- * *current_cert : X509 Certificate object received from the client (only if compiled with USE_SSL defined) |
|
273 |
+ * *current_cert : X509 Certificate object received from the client (only if compiled with ENABLE_SSL defined) |
|
274 | 274 |
* |
275 | 275 |
*/ |
276 | 276 |
struct openvpn_plugin_args_func_in |
... | ... |
@@ -280,9 +289,9 @@ struct openvpn_plugin_args_func_in |
280 | 280 |
const char ** const envp; |
281 | 281 |
openvpn_plugin_handle_t handle; |
282 | 282 |
void *per_client_context; |
283 |
-#ifdef ENABLE_SSL_PLUGIN |
|
283 |
+#ifdef ENABLE_SSL |
|
284 | 284 |
int current_cert_depth; |
285 |
- x509_cert_t *current_cert; |
|
285 |
+ openvpn_x509_cert_t *current_cert; |
|
286 | 286 |
#else |
287 | 287 |
int __current_cert_depth_disabled; /* Unused, for compatibility purposes only */ |
288 | 288 |
void *__current_cert_disabled; /* Unused, for compatibility purposes only */ |
... | ... |
@@ -17,6 +17,7 @@ MAINTAINERCLEANFILES = \ |
17 | 17 |
INCLUDES = -I$(top_srcdir)/include |
18 | 18 |
|
19 | 19 |
AM_CFLAGS = \ |
20 |
+ $(OPTIONAL_CRYPTO_CFLAGS) \ |
|
20 | 21 |
$(OPTIONAL_LZO_CFLAGS) \ |
21 | 22 |
$(OPTIONAL_PKCS11_HELPER_CFLAGS) |
22 | 23 |
|
... | ... |
@@ -103,6 +104,7 @@ openvpn_LDADD = \ |
103 | 103 |
$(SOCKETS_LIBS) \ |
104 | 104 |
$(OPTIONAL_LZO_LIBS) \ |
105 | 105 |
$(OPTIONAL_PKCS11_HELPER_LIBS) \ |
106 |
+ $(OPTIONAL_CRYPTO_LIBS) \ |
|
106 | 107 |
$(OPTIONAL_SELINUX_LIBS) \ |
107 | 108 |
$(OPTIONAL_DL_LIBS) |
108 | 109 |
if WIN32 |
... | ... |
@@ -25,7 +25,7 @@ |
25 | 25 |
|
26 | 26 |
#include "syshead.h" |
27 | 27 |
|
28 |
-#ifdef USE_CRYPTO |
|
28 |
+#ifdef ENABLE_CRYPTO |
|
29 | 29 |
|
30 | 30 |
#include "crypto.h" |
31 | 31 |
#include "error.h" |
... | ... |
@@ -712,7 +712,7 @@ test_crypto (const struct crypto_options *co, struct frame* frame) |
712 | 712 |
gc_free (&gc); |
713 | 713 |
} |
714 | 714 |
|
715 |
-#ifdef USE_SSL |
|
715 |
+#ifdef ENABLE_SSL |
|
716 | 716 |
|
717 | 717 |
void |
718 | 718 |
get_tls_handshake_key (const struct key_type *key_type, |
... | ... |
@@ -1373,7 +1373,7 @@ get_random() |
1373 | 1373 |
return l; |
1374 | 1374 |
} |
1375 | 1375 |
|
1376 |
-#ifndef USE_SSL |
|
1376 |
+#ifndef ENABLE_SSL |
|
1377 | 1377 |
|
1378 | 1378 |
void |
1379 | 1379 |
init_ssl_lib (void) |
... | ... |
@@ -1392,7 +1392,7 @@ free_ssl_lib (void) |
1392 | 1392 |
ERR_free_strings (); |
1393 | 1393 |
} |
1394 | 1394 |
|
1395 |
-#endif /* USE_SSL */ |
|
1395 |
+#endif /* ENABLE_SSL */ |
|
1396 | 1396 |
|
1397 | 1397 |
/* |
1398 | 1398 |
* md5 functions |
... | ... |
@@ -1452,4 +1452,4 @@ md5_digest_equal (const struct md5_digest *d1, const struct md5_digest *d2) |
1452 | 1452 |
return memcmp(d1->digest, d2->digest, MD5_DIGEST_LENGTH) == 0; |
1453 | 1453 |
} |
1454 | 1454 |
|
1455 |
-#endif /* USE_CRYPTO */ |
|
1455 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -30,7 +30,7 @@ |
30 | 30 |
#ifndef CRYPTO_H |
31 | 31 |
#define CRYPTO_H |
32 | 32 |
|
33 |
-#ifdef USE_CRYPTO |
|
33 |
+#ifdef ENABLE_CRYPTO |
|
34 | 34 |
|
35 | 35 |
#define ALLOW_NON_CBC_CIPHERS |
36 | 36 |
|
... | ... |
@@ -347,7 +347,7 @@ void key2_print (const struct key2* k, |
347 | 347 |
const char* prefix0, |
348 | 348 |
const char* prefix1); |
349 | 349 |
|
350 |
-#ifdef USE_SSL |
|
350 |
+#ifdef ENABLE_SSL |
|
351 | 351 |
|
352 | 352 |
#define GHK_INLINE (1<<0) |
353 | 353 |
void get_tls_handshake_key (const struct key_type *key_type, |
... | ... |
@@ -361,7 +361,7 @@ void get_tls_handshake_key (const struct key_type *key_type, |
361 | 361 |
void init_ssl_lib (void); |
362 | 362 |
void free_ssl_lib (void); |
363 | 363 |
|
364 |
-#endif /* USE_SSL */ |
|
364 |
+#endif /* ENABLE_SSL */ |
|
365 | 365 |
|
366 | 366 |
/* |
367 | 367 |
* md5 functions |
... | ... |
@@ -394,5 +394,5 @@ key_ctx_bi_defined(const struct key_ctx_bi* key) |
394 | 394 |
} |
395 | 395 |
|
396 | 396 |
|
397 |
-#endif /* USE_CRYPTO */ |
|
397 |
+#endif /* ENABLE_CRYPTO */ |
|
398 | 398 |
#endif /* CRYPTO_H */ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_CRYPTO) && defined(USE_OPENSSL) |
|
32 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) |
|
33 | 33 |
|
34 | 34 |
#include "basic.h" |
35 | 35 |
#include "buffer.h" |
... | ... |
@@ -104,19 +104,7 @@ cipher_ok (const char* name) |
104 | 104 |
#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_type(e)) |
105 | 105 |
#endif |
106 | 106 |
|
107 |
-/* |
|
108 |
- * |
|
109 |
- * OpenSSL engine support. Allows loading/unloading of engines. |
|
110 |
- * |
|
111 |
- */ |
|
112 |
- |
|
113 |
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_LOAD_BUILTIN_ENGINES) && defined(HAVE_ENGINE_REGISTER_ALL_COMPLETE) && defined(HAVE_ENGINE_CLEANUP) |
|
114 |
-#define CRYPTO_ENGINE 1 |
|
115 |
-#else |
|
116 |
-#define CRYPTO_ENGINE 0 |
|
117 |
-#endif |
|
118 |
- |
|
119 |
-#if CRYPTO_ENGINE |
|
107 |
+#if HAVE_OPENSSL_ENGINE |
|
120 | 108 |
#include <openssl/engine.h> |
121 | 109 |
|
122 | 110 |
static bool engine_initialized = false; /* GLOBAL */ |
... | ... |
@@ -173,12 +161,12 @@ setup_engine (const char *engine) |
173 | 173 |
return e; |
174 | 174 |
} |
175 | 175 |
|
176 |
-#endif /* CRYPTO_ENGINE */ |
|
176 |
+#endif /* HAVE_OPENSSL_ENGINE */ |
|
177 | 177 |
|
178 | 178 |
void |
179 | 179 |
crypto_init_lib_engine (const char *engine_name) |
180 | 180 |
{ |
181 |
-#if CRYPTO_ENGINE |
|
181 |
+#if HAVE_OPENSSL_ENGINE |
|
182 | 182 |
if (!engine_initialized) |
183 | 183 |
{ |
184 | 184 |
ASSERT (engine_name); |
... | ... |
@@ -220,7 +208,7 @@ crypto_uninit_lib (void) |
220 | 220 |
fclose (fp); |
221 | 221 |
#endif |
222 | 222 |
|
223 |
-#if CRYPTO_ENGINE |
|
223 |
+#if HAVE_OPENSSL_ENGINE |
|
224 | 224 |
if (engine_initialized) |
225 | 225 |
{ |
226 | 226 |
ENGINE_cleanup (); |
... | ... |
@@ -335,7 +323,7 @@ show_available_digests () |
335 | 335 |
void |
336 | 336 |
show_available_engines () |
337 | 337 |
{ |
338 |
-#if CRYPTO_ENGINE /* Only defined for OpenSSL */ |
|
338 |
+#if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */ |
|
339 | 339 |
ENGINE *e; |
340 | 340 |
|
341 | 341 |
printf ("OpenSSL Crypto Engines\n\n"); |
... | ... |
@@ -741,4 +729,4 @@ hmac_ctx_final (HMAC_CTX *ctx, uint8_t *dst) |
741 | 741 |
HMAC_Final (ctx, dst, &in_hmac_len); |
742 | 742 |
} |
743 | 743 |
|
744 |
-#endif /* USE_CRYPTO && USE_OPENSSL */ |
|
744 |
+#endif /* ENABLE_CRYPTO && ENABLE_CRYPTO_OPENSSL */ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_CRYPTO) && defined(USE_POLARSSL) |
|
32 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_POLARSSL) |
|
33 | 33 |
|
34 | 34 |
#include "errlevel.h" |
35 | 35 |
#include "basic.h" |
... | ... |
@@ -557,4 +557,4 @@ hmac_ctx_final (md_context_t *ctx, uint8_t *dst) |
557 | 557 |
ASSERT(0 == md_hmac_finish(ctx, dst)); |
558 | 558 |
} |
559 | 559 |
|
560 |
-#endif /* USE_CRYPTO && USE_POLARSSL */ |
|
560 |
+#endif /* ENABLE_CRYPTO && ENABLE_CRYPTO_POLARSSL */ |
... | ... |
@@ -37,8 +37,8 @@ |
37 | 37 |
#include "ps.h" |
38 | 38 |
#include "mstats.h" |
39 | 39 |
|
40 |
-#ifdef USE_CRYPTO |
|
41 |
-#ifdef USE_OPENSSL |
|
40 |
+#ifdef ENABLE_CRYPTO |
|
41 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
42 | 42 |
#include <openssl/err.h> |
43 | 43 |
#endif |
44 | 44 |
#endif |
... | ... |
@@ -246,8 +246,8 @@ void x_msg (const unsigned int flags, const char *format, ...) |
246 | 246 |
SWAP; |
247 | 247 |
} |
248 | 248 |
|
249 |
-#ifdef USE_CRYPTO |
|
250 |
-#ifdef USE_OPENSSL |
|
249 |
+#ifdef ENABLE_CRYPTO |
|
250 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
251 | 251 |
if (flags & M_SSL) |
252 | 252 |
{ |
253 | 253 |
int nerrs = 0; |
... | ... |
@@ -96,7 +96,7 @@ extern int x_msg_line_num; |
96 | 96 |
#define M_ERRNO (1<<8) /* show errno description */ |
97 | 97 |
#define M_ERRNO_SOCK (1<<9) /* show socket errno description */ |
98 | 98 |
|
99 |
-#ifdef USE_OPENSSL |
|
99 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
100 | 100 |
# define M_SSL (1<<10) /* show SSL error */ |
101 | 101 |
#endif |
102 | 102 |
|
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
static inline void |
36 | 36 |
check_tls (struct context *c) |
37 | 37 |
{ |
38 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
38 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
39 | 39 |
void check_tls_dowork (struct context *c); |
40 | 40 |
if (c->c2.tls_multi) |
41 | 41 |
check_tls_dowork (c); |
... | ... |
@@ -49,7 +49,7 @@ check_tls (struct context *c) |
49 | 49 |
static inline void |
50 | 50 |
check_tls_errors (struct context *c) |
51 | 51 |
{ |
52 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
52 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
53 | 53 |
void check_tls_errors_co (struct context *c); |
54 | 54 |
void check_tls_errors_nco (struct context *c); |
55 | 55 |
if (c->c2.tls_multi && c->c2.tls_exit_signal) |
... | ... |
@@ -189,7 +189,7 @@ check_push_request (struct context *c) |
189 | 189 |
|
190 | 190 |
#endif |
191 | 191 |
|
192 |
-#ifdef USE_CRYPTO |
|
192 |
+#ifdef ENABLE_CRYPTO |
|
193 | 193 |
/* |
194 | 194 |
* Should we persist our anti-replay packet ID state to disk? |
195 | 195 |
*/ |
... | ... |
@@ -81,7 +81,7 @@ show_wait_status (struct context *c) |
81 | 81 |
* traffic on the control-channel. |
82 | 82 |
* |
83 | 83 |
*/ |
84 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
84 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
85 | 85 |
void |
86 | 86 |
check_tls_dowork (struct context *c) |
87 | 87 |
{ |
... | ... |
@@ -112,7 +112,7 @@ check_tls_dowork (struct context *c) |
112 | 112 |
} |
113 | 113 |
#endif |
114 | 114 |
|
115 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
115 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
116 | 116 |
|
117 | 117 |
void |
118 | 118 |
check_tls_errors_co (struct context *c) |
... | ... |
@@ -232,7 +232,7 @@ check_connection_established_dowork (struct context *c) |
232 | 232 |
bool |
233 | 233 |
send_control_channel_string (struct context *c, const char *str, int msglevel) |
234 | 234 |
{ |
235 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
235 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
236 | 236 |
if (c->c2.tls_multi) { |
237 | 237 |
struct gc_arena gc = gc_new (); |
238 | 238 |
bool stat; |
... | ... |
@@ -449,8 +449,8 @@ encrypt_sign (struct context *c, bool comp_frag) |
449 | 449 |
#endif |
450 | 450 |
} |
451 | 451 |
|
452 |
-#ifdef USE_CRYPTO |
|
453 |
-#ifdef USE_SSL |
|
452 |
+#ifdef ENABLE_CRYPTO |
|
453 |
+#ifdef ENABLE_SSL |
|
454 | 454 |
/* |
455 | 455 |
* If TLS mode, get the key we will use to encrypt |
456 | 456 |
* the packet. |
... | ... |
@@ -472,8 +472,8 @@ encrypt_sign (struct context *c, bool comp_frag) |
472 | 472 |
*/ |
473 | 473 |
link_socket_get_outgoing_addr (&c->c2.buf, get_link_socket_info (c), |
474 | 474 |
&c->c2.to_link_addr); |
475 |
-#ifdef USE_CRYPTO |
|
476 |
-#ifdef USE_SSL |
|
475 |
+#ifdef ENABLE_CRYPTO |
|
476 |
+#ifdef ENABLE_SSL |
|
477 | 477 |
/* |
478 | 478 |
* In TLS mode, prepend the appropriate one-byte opcode |
479 | 479 |
* to the packet which identifies it as a data channel |
... | ... |
@@ -498,7 +498,7 @@ encrypt_sign (struct context *c, bool comp_frag) |
498 | 498 |
static void |
499 | 499 |
process_coarse_timers (struct context *c) |
500 | 500 |
{ |
501 |
-#ifdef USE_CRYPTO |
|
501 |
+#ifdef ENABLE_CRYPTO |
|
502 | 502 |
/* flush current packet-id to file once per 60 |
503 | 503 |
seconds if --replay-persist was specified */ |
504 | 504 |
check_packet_id_persist_flush (c); |
... | ... |
@@ -789,8 +789,8 @@ process_incoming_link (struct context *c) |
789 | 789 |
if (!link_socket_verify_incoming_addr (&c->c2.buf, lsi, &c->c2.from)) |
790 | 790 |
link_socket_bad_incoming_addr (&c->c2.buf, lsi, &c->c2.from); |
791 | 791 |
|
792 |
-#ifdef USE_CRYPTO |
|
793 |
-#ifdef USE_SSL |
|
792 |
+#ifdef ENABLE_CRYPTO |
|
793 |
+#ifdef ENABLE_SSL |
|
794 | 794 |
if (c->c2.tls_multi) |
795 | 795 |
{ |
796 | 796 |
/* |
... | ... |
@@ -820,7 +820,7 @@ process_incoming_link (struct context *c) |
820 | 820 |
if (c->c2.context_auth != CAS_SUCCEEDED) |
821 | 821 |
c->c2.buf.len = 0; |
822 | 822 |
#endif |
823 |
-#endif /* USE_SSL */ |
|
823 |
+#endif /* ENABLE_SSL */ |
|
824 | 824 |
|
825 | 825 |
/* authenticate and decrypt the incoming packet */ |
826 | 826 |
decrypt_status = openvpn_decrypt (&c->c2.buf, c->c2.buffers->decrypt_buf, &c->c2.crypto_options, &c->c2.frame); |
... | ... |
@@ -833,7 +833,7 @@ process_incoming_link (struct context *c) |
833 | 833 |
goto done; |
834 | 834 |
} |
835 | 835 |
|
836 |
-#endif /* USE_CRYPTO */ |
|
836 |
+#endif /* ENABLE_CRYPTO */ |
|
837 | 837 |
|
838 | 838 |
#ifdef ENABLE_FRAGMENT |
839 | 839 |
if (c->c2.fragment) |
... | ... |
@@ -428,7 +428,7 @@ next_connection_entry (struct context *c) |
428 | 428 |
static void |
429 | 429 |
init_query_passwords (struct context *c) |
430 | 430 |
{ |
431 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
431 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
432 | 432 |
/* Certificate password input */ |
433 | 433 |
if (c->options.key_pass_file) |
434 | 434 |
pem_password_setup (c->options.key_pass_file); |
... | ... |
@@ -629,7 +629,7 @@ init_static (void) |
629 | 629 |
{ |
630 | 630 |
/* configure_path (); */ |
631 | 631 |
|
632 |
-#if defined(USE_CRYPTO) && defined(DMALLOC) |
|
632 |
+#if defined(ENABLE_CRYPTO) && defined(DMALLOC) |
|
633 | 633 |
crypto_init_dmalloc(); |
634 | 634 |
#endif |
635 | 635 |
|
... | ... |
@@ -652,7 +652,7 @@ init_static (void) |
652 | 652 |
|
653 | 653 |
update_time (); |
654 | 654 |
|
655 |
-#ifdef USE_CRYPTO |
|
655 |
+#ifdef ENABLE_CRYPTO |
|
656 | 656 |
init_ssl_lib (); |
657 | 657 |
|
658 | 658 |
/* init PRNG used for IV generation */ |
... | ... |
@@ -838,7 +838,7 @@ init_static (void) |
838 | 838 |
void |
839 | 839 |
uninit_static (void) |
840 | 840 |
{ |
841 |
-#ifdef USE_CRYPTO |
|
841 |
+#ifdef ENABLE_CRYPTO |
|
842 | 842 |
free_ssl_lib (); |
843 | 843 |
#endif |
844 | 844 |
|
... | ... |
@@ -850,7 +850,7 @@ uninit_static (void) |
850 | 850 |
close_port_share (); |
851 | 851 |
#endif |
852 | 852 |
|
853 |
-#if defined(MEASURE_TLS_HANDSHAKE_STATS) && defined(USE_CRYPTO) && defined(USE_SSL) |
|
853 |
+#if defined(MEASURE_TLS_HANDSHAKE_STATS) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
854 | 854 |
show_tls_performance_stats (); |
855 | 855 |
#endif |
856 | 856 |
} |
... | ... |
@@ -891,9 +891,9 @@ print_openssl_info (const struct options *options) |
891 | 891 |
/* |
892 | 892 |
* OpenSSL info print mode? |
893 | 893 |
*/ |
894 |
-#ifdef USE_CRYPTO |
|
894 |
+#ifdef ENABLE_CRYPTO |
|
895 | 895 |
if (options->show_ciphers || options->show_digests || options->show_engines |
896 |
-#ifdef USE_SSL |
|
896 |
+#ifdef ENABLE_SSL |
|
897 | 897 |
|| options->show_tls_ciphers |
898 | 898 |
#endif |
899 | 899 |
) |
... | ... |
@@ -904,7 +904,7 @@ print_openssl_info (const struct options *options) |
904 | 904 |
show_available_digests (); |
905 | 905 |
if (options->show_engines) |
906 | 906 |
show_available_engines (); |
907 |
-#ifdef USE_SSL |
|
907 |
+#ifdef ENABLE_SSL |
|
908 | 908 |
if (options->show_tls_ciphers) |
909 | 909 |
show_available_tls_ciphers (); |
910 | 910 |
#endif |
... | ... |
@@ -920,7 +920,7 @@ print_openssl_info (const struct options *options) |
920 | 920 |
bool |
921 | 921 |
do_genkey (const struct options * options) |
922 | 922 |
{ |
923 |
-#ifdef USE_CRYPTO |
|
923 |
+#ifdef ENABLE_CRYPTO |
|
924 | 924 |
if (options->genkey) |
925 | 925 |
{ |
926 | 926 |
int nbits_written; |
... | ... |
@@ -955,9 +955,9 @@ do_persist_tuntap (const struct options *options) |
955 | 955 |
notnull (options->dev, "TUN/TAP device (--dev)"); |
956 | 956 |
if (options->ce.remote || options->ifconfig_local |
957 | 957 |
|| options->ifconfig_remote_netmask |
958 |
-#ifdef USE_CRYPTO |
|
958 |
+#ifdef ENABLE_CRYPTO |
|
959 | 959 |
|| options->shared_secret_file |
960 |
-#ifdef USE_SSL |
|
960 |
+#ifdef ENABLE_SSL |
|
961 | 961 |
|| options->tls_server || options->tls_client |
962 | 962 |
#endif |
963 | 963 |
#endif |
... | ... |
@@ -1068,7 +1068,7 @@ const char * |
1068 | 1068 |
format_common_name (struct context *c, struct gc_arena *gc) |
1069 | 1069 |
{ |
1070 | 1070 |
struct buffer out = alloc_buf_gc (256, gc); |
1071 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
1071 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1072 | 1072 |
if (c->c2.tls_multi) |
1073 | 1073 |
{ |
1074 | 1074 |
buf_printf (&out, "[%s] ", tls_common_name (c->c2.tls_multi, false)); |
... | ... |
@@ -1155,12 +1155,12 @@ do_init_timers (struct context *c, bool deferred) |
1155 | 1155 |
#endif |
1156 | 1156 |
|
1157 | 1157 |
/* initialize packet_id persistence timer */ |
1158 |
-#ifdef USE_CRYPTO |
|
1158 |
+#ifdef ENABLE_CRYPTO |
|
1159 | 1159 |
if (c->options.packet_id_file) |
1160 | 1160 |
event_timeout_init (&c->c2.packet_id_persist_interval, 60, now); |
1161 | 1161 |
#endif |
1162 | 1162 |
|
1163 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
1163 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1164 | 1164 |
/* initialize tmp_int optimization that limits the number of times we call |
1165 | 1165 |
tls_multi_process in the main event loop */ |
1166 | 1166 |
interval_init (&c->c2.tmp_int, TLS_MULTI_HORIZON, TLS_MULTI_REFRESH); |
... | ... |
@@ -1967,20 +1967,20 @@ frame_finalize_options (struct context *c, const struct options *o) |
1967 | 1967 |
static void |
1968 | 1968 |
key_schedule_free (struct key_schedule *ks, bool free_ssl_ctx) |
1969 | 1969 |
{ |
1970 |
-#ifdef USE_CRYPTO |
|
1970 |
+#ifdef ENABLE_CRYPTO |
|
1971 | 1971 |
free_key_ctx_bi (&ks->static_key); |
1972 |
-#ifdef USE_SSL |
|
1972 |
+#ifdef ENABLE_SSL |
|
1973 | 1973 |
if (tls_ctx_initialised(&ks->ssl_ctx) && free_ssl_ctx) |
1974 | 1974 |
{ |
1975 | 1975 |
tls_ctx_free (&ks->ssl_ctx); |
1976 | 1976 |
free_key_ctx_bi (&ks->tls_auth_key); |
1977 | 1977 |
} |
1978 |
-#endif /* USE_SSL */ |
|
1979 |
-#endif /* USE_CRYPTO */ |
|
1978 |
+#endif /* ENABLE_SSL */ |
|
1979 |
+#endif /* ENABLE_CRYPTO */ |
|
1980 | 1980 |
CLEAR (*ks); |
1981 | 1981 |
} |
1982 | 1982 |
|
1983 |
-#ifdef USE_CRYPTO |
|
1983 |
+#ifdef ENABLE_CRYPTO |
|
1984 | 1984 |
|
1985 | 1985 |
static void |
1986 | 1986 |
init_crypto_pre (struct context *c, const unsigned int flags) |
... | ... |
@@ -2091,7 +2091,7 @@ do_init_crypto_static (struct context *c, const unsigned int flags) |
2091 | 2091 |
options->use_iv); |
2092 | 2092 |
} |
2093 | 2093 |
|
2094 |
-#ifdef USE_SSL |
|
2094 |
+#ifdef ENABLE_SSL |
|
2095 | 2095 |
|
2096 | 2096 |
/* |
2097 | 2097 |
* Initialize the persistent component of OpenVPN's TLS mode, |
... | ... |
@@ -2332,10 +2332,10 @@ do_init_finalize_tls_frame (struct context *c) |
2332 | 2332 |
} |
2333 | 2333 |
} |
2334 | 2334 |
|
2335 |
-#endif /* USE_SSL */ |
|
2336 |
-#endif /* USE_CRYPTO */ |
|
2335 |
+#endif /* ENABLE_SSL */ |
|
2336 |
+#endif /* ENABLE_CRYPTO */ |
|
2337 | 2337 |
|
2338 |
-#ifdef USE_CRYPTO |
|
2338 |
+#ifdef ENABLE_CRYPTO |
|
2339 | 2339 |
/* |
2340 | 2340 |
* No encryption or authentication. |
2341 | 2341 |
*/ |
... | ... |
@@ -2351,20 +2351,20 @@ do_init_crypto_none (const struct context *c) |
2351 | 2351 |
static void |
2352 | 2352 |
do_init_crypto (struct context *c, const unsigned int flags) |
2353 | 2353 |
{ |
2354 |
-#ifdef USE_CRYPTO |
|
2354 |
+#ifdef ENABLE_CRYPTO |
|
2355 | 2355 |
if (c->options.shared_secret_file) |
2356 | 2356 |
do_init_crypto_static (c, flags); |
2357 |
-#ifdef USE_SSL |
|
2357 |
+#ifdef ENABLE_SSL |
|
2358 | 2358 |
else if (c->options.tls_server || c->options.tls_client) |
2359 | 2359 |
do_init_crypto_tls (c, flags); |
2360 | 2360 |
#endif |
2361 | 2361 |
else /* no encryption or authentication. */ |
2362 | 2362 |
do_init_crypto_none (c); |
2363 |
-#else /* USE_CRYPTO */ |
|
2363 |
+#else /* ENABLE_CRYPTO */ |
|
2364 | 2364 |
msg (M_WARN, |
2365 | 2365 |
"******* WARNING *******: " PACKAGE_NAME |
2366 | 2366 |
" built without OpenSSL -- encryption and authentication features disabled -- all data will be tunnelled as cleartext"); |
2367 |
-#endif /* USE_CRYPTO */ |
|
2367 |
+#endif /* ENABLE_CRYPTO */ |
|
2368 | 2368 |
} |
2369 | 2369 |
|
2370 | 2370 |
static void |
... | ... |
@@ -2503,13 +2503,13 @@ do_option_warnings (struct context *c) |
2503 | 2503 |
#endif |
2504 | 2504 |
#endif |
2505 | 2505 |
|
2506 |
-#ifdef USE_CRYPTO |
|
2506 |
+#ifdef ENABLE_CRYPTO |
|
2507 | 2507 |
if (!o->replay) |
2508 | 2508 |
msg (M_WARN, "WARNING: You have disabled Replay Protection (--no-replay) which may make " PACKAGE_NAME " less secure"); |
2509 | 2509 |
if (!o->use_iv) |
2510 | 2510 |
msg (M_WARN, "WARNING: You have disabled Crypto IVs (--no-iv) which may make " PACKAGE_NAME " less secure"); |
2511 | 2511 |
|
2512 |
-#ifdef USE_SSL |
|
2512 |
+#ifdef ENABLE_SSL |
|
2513 | 2513 |
if (o->tls_server) |
2514 | 2514 |
warn_on_use_of_common_subnets (); |
2515 | 2515 |
if (o->tls_client |
... | ... |
@@ -2542,7 +2542,7 @@ do_option_warnings (struct context *c) |
2542 | 2542 |
static void |
2543 | 2543 |
do_init_frame_tls (struct context *c) |
2544 | 2544 |
{ |
2545 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
2545 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
2546 | 2546 |
do_init_finalize_tls_frame (c); |
2547 | 2547 |
#endif |
2548 | 2548 |
} |
... | ... |
@@ -2559,7 +2559,7 @@ init_context_buffers (const struct frame *frame) |
2559 | 2559 |
|
2560 | 2560 |
b->aux_buf = alloc_buf (BUF_SIZE (frame)); |
2561 | 2561 |
|
2562 |
-#ifdef USE_CRYPTO |
|
2562 |
+#ifdef ENABLE_CRYPTO |
|
2563 | 2563 |
b->encrypt_buf = alloc_buf (BUF_SIZE (frame)); |
2564 | 2564 |
b->decrypt_buf = alloc_buf (BUF_SIZE (frame)); |
2565 | 2565 |
#endif |
... | ... |
@@ -2586,7 +2586,7 @@ free_context_buffers (struct context_buffers *b) |
2586 | 2586 |
free_buf (&b->lzo_decompress_buf); |
2587 | 2587 |
#endif |
2588 | 2588 |
|
2589 |
-#ifdef USE_CRYPTO |
|
2589 |
+#ifdef ENABLE_CRYPTO |
|
2590 | 2590 |
free_buf (&b->encrypt_buf); |
2591 | 2591 |
free_buf (&b->decrypt_buf); |
2592 | 2592 |
#endif |
... | ... |
@@ -2735,7 +2735,7 @@ do_compute_occ_strings (struct context *c) |
2735 | 2735 |
msg (D_SHOW_OCC, "Expected Remote Options String: '%s'", |
2736 | 2736 |
c->c2.options_string_remote); |
2737 | 2737 |
|
2738 |
-#ifdef USE_CRYPTO |
|
2738 |
+#ifdef ENABLE_CRYPTO |
|
2739 | 2739 |
msg (D_SHOW_OCC_HASH, "Local Options hash (VER=%s): '%s'", |
2740 | 2740 |
options_string_version (c->c2.options_string_local, &gc), |
2741 | 2741 |
md5sum ((uint8_t*)c->c2.options_string_local, |
... | ... |
@@ -2746,7 +2746,7 @@ do_compute_occ_strings (struct context *c) |
2746 | 2746 |
strlen (c->c2.options_string_remote), 9, &gc)); |
2747 | 2747 |
#endif |
2748 | 2748 |
|
2749 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
2749 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
2750 | 2750 |
if (c->c2.tls_multi) |
2751 | 2751 |
tls_multi_init_set_options (c->c2.tls_multi, |
2752 | 2752 |
c->c2.options_string_local, |
... | ... |
@@ -2832,7 +2832,7 @@ do_close_free_buf (struct context *c) |
2832 | 2832 |
static void |
2833 | 2833 |
do_close_tls (struct context *c) |
2834 | 2834 |
{ |
2835 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
2835 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
2836 | 2836 |
if (c->c2.tls_multi) |
2837 | 2837 |
{ |
2838 | 2838 |
tls_multi_free (c->c2.tls_multi, true); |
... | ... |
@@ -2888,7 +2888,7 @@ do_close_link_socket (struct context *c) |
2888 | 2888 |
static void |
2889 | 2889 |
do_close_packet_id (struct context *c) |
2890 | 2890 |
{ |
2891 |
-#ifdef USE_CRYPTO |
|
2891 |
+#ifdef ENABLE_CRYPTO |
|
2892 | 2892 |
packet_id_free (&c->c2.packet_id); |
2893 | 2893 |
packet_id_persist_save (&c->c1.pid_persist); |
2894 | 2894 |
if (!(c->sig->signal_received == SIGUSR1)) |
... | ... |
@@ -3066,7 +3066,7 @@ do_setup_fast_io (struct context *c) |
3066 | 3066 |
static void |
3067 | 3067 |
do_signal_on_tls_errors (struct context *c) |
3068 | 3068 |
{ |
3069 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
3069 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
3070 | 3070 |
if (c->options.tls_exit) |
3071 | 3071 |
c->c2.tls_exit_signal = SIGTERM; |
3072 | 3072 |
else |
... | ... |
@@ -3611,9 +3611,9 @@ inherit_context_child (struct context *dest, |
3611 | 3611 |
/* c1 init */ |
3612 | 3612 |
packet_id_persist_init (&dest->c1.pid_persist); |
3613 | 3613 |
|
3614 |
-#ifdef USE_CRYPTO |
|
3614 |
+#ifdef ENABLE_CRYPTO |
|
3615 | 3615 |
dest->c1.ks.key_type = src->c1.ks.key_type; |
3616 |
-#ifdef USE_SSL |
|
3616 |
+#ifdef ENABLE_SSL |
|
3617 | 3617 |
/* inherit SSL context */ |
3618 | 3618 |
dest->c1.ks.ssl_ctx = src->c1.ks.ssl_ctx; |
3619 | 3619 |
dest->c1.ks.tls_auth_key = src->c1.ks.tls_auth_key; |
... | ... |
@@ -3690,7 +3690,7 @@ inherit_context_top (struct context *dest, |
3690 | 3690 |
/* detach plugins */ |
3691 | 3691 |
dest->plugins_owned = false; |
3692 | 3692 |
|
3693 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
3693 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
3694 | 3694 |
dest->c2.tls_multi = NULL; |
3695 | 3695 |
#endif |
3696 | 3696 |
|
... | ... |
@@ -3735,7 +3735,7 @@ close_context (struct context *c, int sig, unsigned int flags) |
3735 | 3735 |
context_gc_free (c); |
3736 | 3736 |
} |
3737 | 3737 |
|
3738 |
-#ifdef USE_CRYPTO |
|
3738 |
+#ifdef ENABLE_CRYPTO |
|
3739 | 3739 |
|
3740 | 3740 |
/* |
3741 | 3741 |
* Do a loopback test |
... | ... |
@@ -3768,7 +3768,7 @@ test_crypto_thread (void *arg) |
3768 | 3768 |
bool |
3769 | 3769 |
do_test_crypto (const struct options *o) |
3770 | 3770 |
{ |
3771 |
-#ifdef USE_CRYPTO |
|
3771 |
+#ifdef ENABLE_CRYPTO |
|
3772 | 3772 |
if (o->test_crypto) |
3773 | 3773 |
{ |
3774 | 3774 |
struct context c; |
... | ... |
@@ -699,7 +699,7 @@ man_query_need_str (struct management *man, const char *type, const char *action |
699 | 699 |
static void |
700 | 700 |
man_forget_passwords (struct management *man) |
701 | 701 |
{ |
702 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
702 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
703 | 703 |
ssl_purge_auth (false); |
704 | 704 |
msg (M_CLIENT, "SUCCESS: Passwords were forgotten"); |
705 | 705 |
#endif |
... | ... |
@@ -1714,7 +1714,7 @@ man_reset_client_socket (struct management *man, const bool exiting) |
1714 | 1714 |
} |
1715 | 1715 |
if (!exiting) |
1716 | 1716 |
{ |
1717 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
1717 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1718 | 1718 |
if (man->settings.flags & MF_FORGET_DISCONNECT) |
1719 | 1719 |
ssl_purge_auth (false); |
1720 | 1720 |
#endif |
... | ... |
@@ -194,7 +194,7 @@ int openvpn_chdir (const char* dir); |
194 | 194 |
extern int inetd_socket_descriptor; |
195 | 195 |
void save_inetd_socket_descriptor (void); |
196 | 196 |
|
197 |
-/* init random() function, only used as source for weak random numbers, when !USE_CRYPTO */ |
|
197 |
+/* init random() function, only used as source for weak random numbers, when !ENABLE_CRYPTO */ |
|
198 | 198 |
void init_random_seed(void); |
199 | 199 |
|
200 | 200 |
/* set/delete environmental variable */ |
... | ... |
@@ -252,7 +252,7 @@ void sleep_milliseconds (unsigned int n); |
252 | 252 |
void sleep_until_signal (void); |
253 | 253 |
|
254 | 254 |
/* an analogue to the random() function, but use OpenSSL functions if available */ |
255 |
-#ifdef USE_CRYPTO |
|
255 |
+#ifdef ENABLE_CRYPTO |
|
256 | 256 |
long int get_random(void); |
257 | 257 |
#else |
258 | 258 |
#define get_random random |
... | ... |
@@ -273,7 +273,7 @@ bool delete_file (const char *filename); |
273 | 273 |
/* return true if pathname is absolute */ |
274 | 274 |
bool absolute_pathname (const char *pathname); |
275 | 275 |
|
276 |
-/* prepend a random prefix to hostname (need USE_CRYPTO) */ |
|
276 |
+/* prepend a random prefix to hostname (need ENABLE_CRYPTO) */ |
|
277 | 277 |
const char *hostname_randomize(const char *hostname, struct gc_arena *gc); |
278 | 278 |
|
279 | 279 |
/* |
... | ... |
@@ -55,24 +55,24 @@ |
55 | 55 |
|
56 | 56 |
struct key_schedule |
57 | 57 |
{ |
58 |
-#ifdef USE_CRYPTO |
|
58 |
+#ifdef ENABLE_CRYPTO |
|
59 | 59 |
/* which cipher, HMAC digest, and key sizes are we using? */ |
60 | 60 |
struct key_type key_type; |
61 | 61 |
|
62 | 62 |
/* pre-shared static key, read from a file */ |
63 | 63 |
struct key_ctx_bi static_key; |
64 | 64 |
|
65 |
-#ifdef USE_SSL |
|
65 |
+#ifdef ENABLE_SSL |
|
66 | 66 |
/* our global SSL context */ |
67 | 67 |
struct tls_root_ctx ssl_ctx; |
68 | 68 |
|
69 | 69 |
/* optional authentication HMAC key for TLS control channel */ |
70 | 70 |
struct key_ctx_bi tls_auth_key; |
71 | 71 |
|
72 |
-#endif /* USE_SSL */ |
|
73 |
-#else /* USE_CRYPTO */ |
|
72 |
+#endif /* ENABLE_SSL */ |
|
73 |
+#else /* ENABLE_CRYPTO */ |
|
74 | 74 |
int dummy; |
75 |
-#endif /* USE_CRYPTO */ |
|
75 |
+#endif /* ENABLE_CRYPTO */ |
|
76 | 76 |
}; |
77 | 77 |
|
78 | 78 |
/* |
... | ... |
@@ -99,7 +99,7 @@ struct context_buffers |
99 | 99 |
struct buffer aux_buf; |
100 | 100 |
|
101 | 101 |
/* workspace buffers used by crypto routines */ |
102 |
-#ifdef USE_CRYPTO |
|
102 |
+#ifdef ENABLE_CRYPTO |
|
103 | 103 |
struct buffer encrypt_buf; |
104 | 104 |
struct buffer decrypt_buf; |
105 | 105 |
#endif |
... | ... |
@@ -331,12 +331,12 @@ struct context_2 |
331 | 331 |
int occ_mtu_load_n_tries; |
332 | 332 |
#endif |
333 | 333 |
|
334 |
-#ifdef USE_CRYPTO |
|
334 |
+#ifdef ENABLE_CRYPTO |
|
335 | 335 |
|
336 | 336 |
/* |
337 | 337 |
* TLS-mode crypto objects. |
338 | 338 |
*/ |
339 |
-#ifdef USE_SSL |
|
339 |
+#ifdef ENABLE_SSL |
|
340 | 340 |
|
341 | 341 |
struct tls_multi *tls_multi; /**< TLS state structure for this VPN |
342 | 342 |
* tunnel. */ |
... | ... |
@@ -358,7 +358,7 @@ struct context_2 |
358 | 358 |
/* throw this signal on TLS errors */ |
359 | 359 |
int tls_exit_signal; |
360 | 360 |
|
361 |
-#endif /* USE_SSL */ |
|
361 |
+#endif /* ENABLE_SSL */ |
|
362 | 362 |
|
363 | 363 |
struct crypto_options crypto_options; |
364 | 364 |
/**< Security parameters and crypto state |
... | ... |
@@ -370,7 +370,7 @@ struct context_2 |
370 | 370 |
struct packet_id packet_id; |
371 | 371 |
struct event_timeout packet_id_persist_interval; |
372 | 372 |
|
373 |
-#endif /* USE_CRYPTO */ |
|
373 |
+#endif /* ENABLE_CRYPTO */ |
|
374 | 374 |
|
375 | 375 |
#ifdef ENABLE_LZO |
376 | 376 |
struct lzo_compress_workspace lzo_compwork; |
... | ... |
@@ -566,7 +566,7 @@ struct context |
566 | 566 |
* have been compiled in. |
567 | 567 |
*/ |
568 | 568 |
|
569 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
569 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
570 | 570 |
#define TLS_MODE(c) ((c)->c2.tls_multi != NULL) |
571 | 571 |
#define PROTO_DUMP_FLAGS (check_debug_level (D_LINK_RW_VERBOSE) ? (PD_SHOW_DATA|PD_VERBOSE) : 0) |
572 | 572 |
#define PROTO_DUMP(buf, gc) protocol_dump((buf), \ |
... | ... |
@@ -579,13 +579,13 @@ struct context |
579 | 579 |
#define PROTO_DUMP(buf, gc) format_hex (BPTR (buf), BLEN (buf), 80, gc) |
580 | 580 |
#endif |
581 | 581 |
|
582 |
-#ifdef USE_CRYPTO |
|
582 |
+#ifdef ENABLE_CRYPTO |
|
583 | 583 |
#define MD5SUM(buf, len, gc) md5sum((buf), (len), 0, (gc)) |
584 | 584 |
#else |
585 | 585 |
#define MD5SUM(buf, len, gc) "[unavailable]" |
586 | 586 |
#endif |
587 | 587 |
|
588 |
-#ifdef USE_CRYPTO |
|
588 |
+#ifdef ENABLE_CRYPTO |
|
589 | 589 |
#define CIPHER_ENABLED(c) (c->c1.ks.key_type.cipher != NULL) |
590 | 590 |
#else |
591 | 591 |
#define CIPHER_ENABLED(c) (false) |
... | ... |
@@ -56,25 +56,25 @@ |
56 | 56 |
const char title_string[] = |
57 | 57 |
PACKAGE_STRING |
58 | 58 |
" " TARGET_ALIAS |
59 |
-#ifdef USE_CRYPTO |
|
60 |
-#ifdef USE_SSL |
|
61 |
-#if defined(USE_POLARSSL) |
|
59 |
+#ifdef ENABLE_CRYPTO |
|
60 |
+#ifdef ENABLE_SSL |
|
61 |
+#if defined(ENABLE_CRYPTO_POLARSSL) |
|
62 | 62 |
" [SSL (PolarSSL)]" |
63 |
-#elif defined(USE_OPENSSL) |
|
63 |
+#elif defined(ENABLE_CRYPTO_OPENSSL) |
|
64 | 64 |
" [SSL (OpenSSL)]" |
65 | 65 |
#else |
66 | 66 |
" [SSL]" |
67 |
-#endif /* defined(USE_POLARSSL) */ |
|
68 |
-#else /* ! USE_SSL */ |
|
69 |
-#if defined(USE_POLARSSL) |
|
67 |
+#endif /* defined(ENABLE_CRYPTO_POLARSSL) */ |
|
68 |
+#else /* ! ENABLE_SSL */ |
|
69 |
+#if defined(ENABLE_CRYPTO_POLARSSL) |
|
70 | 70 |
" [CRYPTO (PolarSSL)]" |
71 |
-#elif defined(USE_OPENSSL) |
|
71 |
+#elif defined(ENABLE_CRYPTO_OPENSSL) |
|
72 | 72 |
" [CRYPTO (OpenSSL)]" |
73 | 73 |
#else |
74 | 74 |
" [CRYPTO]" |
75 |
-#endif /* defined(USE_POLARSSL) */ |
|
76 |
-#endif /* USE_SSL */ |
|
77 |
-#endif /* USE_CRYPTO */ |
|
75 |
+#endif /* defined(ENABLE_CRYPTO_POLARSSL) */ |
|
76 |
+#endif /* ENABLE_SSL */ |
|
77 |
+#endif /* ENABLE_CRYPTO */ |
|
78 | 78 |
#ifdef ENABLE_LZO |
79 | 79 |
#ifdef ENABLE_LZO_STUB |
80 | 80 |
" [LZO (STUB)]" |
... | ... |
@@ -503,7 +503,7 @@ static const char usage_message[] = |
503 | 503 |
"--explicit-exit-notify [n] : On exit/restart, send exit signal to\n" |
504 | 504 |
" server/remote. n = # of retries, default=1.\n" |
505 | 505 |
#endif |
506 |
-#ifdef USE_CRYPTO |
|
506 |
+#ifdef ENABLE_CRYPTO |
|
507 | 507 |
"\n" |
508 | 508 |
"Data Channel Encryption Options (must be compatible between peers):\n" |
509 | 509 |
"(These options are meaningful for both Static Key & TLS-mode)\n" |
... | ... |
@@ -526,7 +526,7 @@ static const char usage_message[] = |
526 | 526 |
"--keysize n : Size of cipher key in bits (optional).\n" |
527 | 527 |
" If unspecified, defaults to cipher-specific default.\n" |
528 | 528 |
#endif |
529 |
-#ifndef USE_POLARSSL |
|
529 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
530 | 530 |
"--engine [name] : Enable OpenSSL hardware crypto engine functionality.\n" |
531 | 531 |
#endif |
532 | 532 |
"--no-replay : Disable replay protection.\n" |
... | ... |
@@ -539,7 +539,7 @@ static const char usage_message[] = |
539 | 539 |
" using file.\n" |
540 | 540 |
"--test-crypto : Run a self-test of crypto features enabled.\n" |
541 | 541 |
" For debugging only.\n" |
542 |
-#ifdef USE_SSL |
|
542 |
+#ifdef ENABLE_SSL |
|
543 | 543 |
"\n" |
544 | 544 |
"TLS Key Negotiation Options:\n" |
545 | 545 |
"(These options are meaningful only for TLS-mode)\n" |
... | ... |
@@ -549,7 +549,7 @@ static const char usage_message[] = |
549 | 549 |
" number, such as 1 (default), 2, etc.\n" |
550 | 550 |
"--ca file : Certificate authority file in .pem format containing\n" |
551 | 551 |
" root certificate.\n" |
552 |
-#ifndef USE_POLARSSL |
|
552 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
553 | 553 |
"--capath dir : A directory of trusted certificates (CAs" |
554 | 554 |
#if OPENSSL_VERSION_NUMBER >= 0x00907000L |
555 | 555 |
" and CRLs).\n" |
... | ... |
@@ -557,7 +557,7 @@ static const char usage_message[] = |
557 | 557 |
").\n" |
558 | 558 |
" WARNING: no support of CRL available with this version.\n" |
559 | 559 |
#endif /* OPENSSL_VERSION_NUMBER >= 0x00907000L */ |
560 |
-#endif /* USE_POLARSSL */ |
|
560 |
+#endif /* ENABLE_CRYPTO_POLARSSL */ |
|
561 | 561 |
"--dh file : File containing Diffie Hellman parameters\n" |
562 | 562 |
" in .pem format (for --tls-server only).\n" |
563 | 563 |
" Use \"openssl dhparam -out dh1024.pem 1024\" to generate.\n" |
... | ... |
@@ -565,7 +565,7 @@ static const char usage_message[] = |
565 | 565 |
" by a Certificate Authority in --ca file.\n" |
566 | 566 |
"--extra-certs file : one or more PEM certs that complete the cert chain.\n" |
567 | 567 |
"--key file : Local private key in .pem format.\n" |
568 |
-#ifndef USE_POLARSSL |
|
568 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
569 | 569 |
"--pkcs12 file : PKCS#12 file containing local private key, local certificate\n" |
570 | 570 |
" and optionally the root CA certificate.\n" |
571 | 571 |
#endif |
... | ... |
@@ -616,7 +616,7 @@ static const char usage_message[] = |
616 | 616 |
"--x509-track x : Save peer X509 attribute x in environment for use by\n" |
617 | 617 |
" plugins and management interface.\n" |
618 | 618 |
#endif |
619 |
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L || USE_POLARSSL |
|
619 |
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L || ENABLE_CRYPTO_POLARSSL |
|
620 | 620 |
"--remote-cert-ku v ... : Require that the peer certificate was signed with\n" |
621 | 621 |
" explicit key usage, you can specify more than one value.\n" |
622 | 622 |
" value should be given in hex format.\n" |
... | ... |
@@ -626,8 +626,8 @@ static const char usage_message[] = |
626 | 626 |
"--remote-cert-tls t: Require that peer certificate was signed with explicit\n" |
627 | 627 |
" key usage and extended key usage based on RFC3280 TLS rules.\n" |
628 | 628 |
" t = 'client' | 'server'.\n" |
629 |
-#endif /* OPENSSL_VERSION_NUMBER || USE_POLARSSL */ |
|
630 |
-#endif /* USE_SSL */ |
|
629 |
+#endif /* OPENSSL_VERSION_NUMBER || ENABLE_CRYPTO_POLARSSL */ |
|
630 |
+#endif /* ENABLE_SSL */ |
|
631 | 631 |
#ifdef ENABLE_PKCS11 |
632 | 632 |
"\n" |
633 | 633 |
"PKCS#11 Options:\n" |
... | ... |
@@ -652,7 +652,7 @@ static const char usage_message[] = |
652 | 652 |
"--show-ciphers : Show cipher algorithms to use with --cipher option.\n" |
653 | 653 |
"--show-digests : Show message digest algorithms to use with --auth option.\n" |
654 | 654 |
"--show-engines : Show hardware crypto accelerator engines (if available).\n" |
655 |
-#ifdef USE_SSL |
|
655 |
+#ifdef ENABLE_SSL |
|
656 | 656 |
"--show-tls : Show all TLS ciphers (TLS used only as a control channel).\n" |
657 | 657 |
#endif |
658 | 658 |
#ifdef WIN32 |
... | ... |
@@ -718,7 +718,7 @@ static const char usage_message[] = |
718 | 718 |
"--genkey : Generate a random key to be used as a shared secret,\n" |
719 | 719 |
" for use with the --secret option.\n" |
720 | 720 |
"--secret file : Write key to file.\n" |
721 |
-#endif /* USE_CRYPTO */ |
|
721 |
+#endif /* ENABLE_CRYPTO */ |
|
722 | 722 |
#ifdef TUNSETPERSIST |
723 | 723 |
"\n" |
724 | 724 |
"Tun/tap config mode (available with linux 2.4+):\n" |
... | ... |
@@ -819,7 +819,7 @@ init_options (struct options *o, const bool init_gc) |
819 | 819 |
o->scheduled_exit_interval = 5; |
820 | 820 |
o->server_poll_timeout = 0; |
821 | 821 |
#endif |
822 |
-#ifdef USE_CRYPTO |
|
822 |
+#ifdef ENABLE_CRYPTO |
|
823 | 823 |
o->ciphername = "BF-CBC"; |
824 | 824 |
o->ciphername_defined = true; |
825 | 825 |
o->authname = "SHA1"; |
... | ... |
@@ -831,7 +831,7 @@ init_options (struct options *o, const bool init_gc) |
831 | 831 |
o->replay_time = DEFAULT_TIME_BACKTRACK; |
832 | 832 |
o->use_iv = true; |
833 | 833 |
o->key_direction = KEY_DIRECTION_BIDIRECTIONAL; |
834 |
-#ifdef USE_SSL |
|
834 |
+#ifdef ENABLE_SSL |
|
835 | 835 |
o->key_method = 2; |
836 | 836 |
o->tls_timeout = 2; |
837 | 837 |
o->renegotiate_seconds = 3600; |
... | ... |
@@ -840,8 +840,8 @@ init_options (struct options *o, const bool init_gc) |
840 | 840 |
#ifdef ENABLE_X509ALTUSERNAME |
841 | 841 |
o->x509_username_field = X509_USERNAME_FIELD_DEFAULT; |
842 | 842 |
#endif |
843 |
-#endif /* USE_SSL */ |
|
844 |
-#endif /* USE_CRYPTO */ |
|
843 |
+#endif /* ENABLE_SSL */ |
|
844 |
+#endif /* ENABLE_CRYPTO */ |
|
845 | 845 |
#ifdef ENABLE_PKCS11 |
846 | 846 |
o->pkcs11_pin_cache_period = -1; |
847 | 847 |
#endif /* ENABLE_PKCS11 */ |
... | ... |
@@ -1050,7 +1050,7 @@ is_stateful_restart (const struct options *o) |
1050 | 1050 |
return is_persist_option (o) || connection_list_defined (o); |
1051 | 1051 |
} |
1052 | 1052 |
|
1053 |
-#ifdef USE_SSL |
|
1053 |
+#ifdef ENABLE_SSL |
|
1054 | 1054 |
static uint8_t * |
1055 | 1055 |
parse_hash_fingerprint(const char *str, int nbytes, int msglevel, struct gc_arena *gc) |
1056 | 1056 |
{ |
... | ... |
@@ -1419,12 +1419,12 @@ show_settings (const struct options *o) |
1419 | 1419 |
SHOW_INT (persist_mode); |
1420 | 1420 |
#endif |
1421 | 1421 |
|
1422 |
-#ifdef USE_CRYPTO |
|
1422 |
+#ifdef ENABLE_CRYPTO |
|
1423 | 1423 |
SHOW_BOOL (show_ciphers); |
1424 | 1424 |
SHOW_BOOL (show_digests); |
1425 | 1425 |
SHOW_BOOL (show_engines); |
1426 | 1426 |
SHOW_BOOL (genkey); |
1427 |
-#ifdef USE_SSL |
|
1427 |
+#ifdef ENABLE_SSL |
|
1428 | 1428 |
SHOW_STR (key_pass_file); |
1429 | 1429 |
SHOW_BOOL (show_tls_ciphers); |
1430 | 1430 |
#endif |
... | ... |
@@ -1555,7 +1555,7 @@ show_settings (const struct options *o) |
1555 | 1555 |
plugin_option_list_print (o->plugin_list, D_SHOW_PARMS); |
1556 | 1556 |
#endif |
1557 | 1557 |
|
1558 |
-#ifdef USE_CRYPTO |
|
1558 |
+#ifdef ENABLE_CRYPTO |
|
1559 | 1559 |
SHOW_STR (shared_secret_file); |
1560 | 1560 |
SHOW_INT (key_direction); |
1561 | 1561 |
SHOW_BOOL (ciphername_defined); |
... | ... |
@@ -1565,9 +1565,9 @@ show_settings (const struct options *o) |
1565 | 1565 |
SHOW_STR (prng_hash); |
1566 | 1566 |
SHOW_INT (prng_nonce_secret_len); |
1567 | 1567 |
SHOW_INT (keysize); |
1568 |
-#ifndef USE_POLARSSL |
|
1568 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
1569 | 1569 |
SHOW_BOOL (engine); |
1570 |
-#endif /* USE_POLARSSL */ |
|
1570 |
+#endif /* ENABLE_CRYPTO_POLARSSL */ |
|
1571 | 1571 |
SHOW_BOOL (replay); |
1572 | 1572 |
SHOW_BOOL (mute_replay_warnings); |
1573 | 1573 |
SHOW_INT (replay_window); |
... | ... |
@@ -1576,7 +1576,7 @@ show_settings (const struct options *o) |
1576 | 1576 |
SHOW_BOOL (use_iv); |
1577 | 1577 |
SHOW_BOOL (test_crypto); |
1578 | 1578 |
|
1579 |
-#ifdef USE_SSL |
|
1579 |
+#ifdef ENABLE_SSL |
|
1580 | 1580 |
SHOW_BOOL (tls_server); |
1581 | 1581 |
SHOW_BOOL (tls_client); |
1582 | 1582 |
SHOW_INT (key_method); |
... | ... |
@@ -1585,7 +1585,7 @@ show_settings (const struct options *o) |
1585 | 1585 |
SHOW_STR (dh_file); |
1586 | 1586 |
SHOW_STR (cert_file); |
1587 | 1587 |
SHOW_STR (priv_key_file); |
1588 |
-#ifndef USE_POLARSSL |
|
1588 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
1589 | 1589 |
SHOW_STR (pkcs12_file); |
1590 | 1590 |
#endif |
1591 | 1591 |
#ifdef ENABLE_CRYPTOAPI |
... | ... |
@@ -1892,7 +1892,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
1892 | 1892 |
|
1893 | 1893 |
init_options (&defaults, true); |
1894 | 1894 |
|
1895 |
-#ifdef USE_CRYPTO |
|
1895 |
+#ifdef ENABLE_CRYPTO |
|
1896 | 1896 |
if (options->test_crypto) |
1897 | 1897 |
{ |
1898 | 1898 |
notnull (options->shared_secret_file, "key file (--secret)"); |
... | ... |
@@ -1930,7 +1930,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
1930 | 1930 |
msg (M_USAGE, "--inetd nowait can only be used with --proto tcp-server"); |
1931 | 1931 |
|
1932 | 1932 |
if (options->inetd == INETD_NOWAIT |
1933 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
1933 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1934 | 1934 |
&& !(options->tls_server || options->tls_client) |
1935 | 1935 |
#endif |
1936 | 1936 |
) |
... | ... |
@@ -2218,7 +2218,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2218 | 2218 |
} |
2219 | 2219 |
#endif /* P2MP_SERVER */ |
2220 | 2220 |
|
2221 |
-#ifdef USE_CRYPTO |
|
2221 |
+#ifdef ENABLE_CRYPTO |
|
2222 | 2222 |
|
2223 | 2223 |
/* |
2224 | 2224 |
* Check consistency of replay options |
... | ... |
@@ -2237,7 +2237,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2237 | 2237 |
* SSL/TLS mode sanity checks. |
2238 | 2238 |
*/ |
2239 | 2239 |
|
2240 |
-#ifdef USE_SSL |
|
2240 |
+#ifdef ENABLE_SSL |
|
2241 | 2241 |
if (options->tls_server + options->tls_client + |
2242 | 2242 |
(options->shared_secret_file != NULL) > 1) |
2243 | 2243 |
msg (M_USAGE, "specify only one of --tls-server, --tls-client, or --secret"); |
... | ... |
@@ -2286,7 +2286,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2286 | 2286 |
#endif |
2287 | 2287 |
if (options->pkcs12_file) |
2288 | 2288 |
{ |
2289 |
-#ifdef USE_POLARSSL |
|
2289 |
+#ifdef ENABLE_CRYPTO_POLARSSL |
|
2290 | 2290 |
msg(M_USAGE, "Parameter --pkcs12 cannot be used with the PolarSSL version version of OpenVPN."); |
2291 | 2291 |
#else |
2292 | 2292 |
if (options->ca_path) |
... | ... |
@@ -2299,7 +2299,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2299 | 2299 |
} |
2300 | 2300 |
else |
2301 | 2301 |
{ |
2302 |
-#ifdef USE_POLARSSL |
|
2302 |
+#ifdef ENABLE_CRYPTO_POLARSSL |
|
2303 | 2303 |
if (!(options->ca_file)) |
2304 | 2304 |
msg(M_USAGE, "You must define CA file (--ca)"); |
2305 | 2305 |
if (options->ca_path) |
... | ... |
@@ -2348,7 +2348,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2348 | 2348 |
MUST_BE_UNDEF (dh_file); |
2349 | 2349 |
MUST_BE_UNDEF (cert_file); |
2350 | 2350 |
MUST_BE_UNDEF (priv_key_file); |
2351 |
-#ifndef USE_POLARSSL |
|
2351 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
2352 | 2352 |
MUST_BE_UNDEF (pkcs12_file); |
2353 | 2353 |
#endif |
2354 | 2354 |
MUST_BE_UNDEF (cipher_list); |
... | ... |
@@ -2383,8 +2383,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2383 | 2383 |
msg (M_USAGE, err, "--pull"); |
2384 | 2384 |
} |
2385 | 2385 |
#undef MUST_BE_UNDEF |
2386 |
-#endif /* USE_CRYPTO */ |
|
2387 |
-#endif /* USE_SSL */ |
|
2386 |
+#endif /* ENABLE_CRYPTO */ |
|
2387 |
+#endif /* ENABLE_SSL */ |
|
2388 | 2388 |
|
2389 | 2389 |
#if P2MP |
2390 | 2390 |
if (options->auth_user_pass_file && !options->pull) |
... | ... |
@@ -2667,7 +2667,7 @@ options_postprocess_filechecks (struct options *options) |
2667 | 2667 |
bool errs = false; |
2668 | 2668 |
|
2669 | 2669 |
/* ** SSL/TLS/crypto related files ** */ |
2670 |
-#ifdef USE_SSL |
|
2670 |
+#ifdef ENABLE_SSL |
|
2671 | 2671 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->dh_file, R_OK, "--dh"); |
2672 | 2672 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->ca_file, R_OK, "--ca"); |
2673 | 2673 |
errs |= check_file_access (CHKACC_FILE, options->ca_path, R_OK, "--capath"); |
... | ... |
@@ -2688,20 +2688,20 @@ options_postprocess_filechecks (struct options *options) |
2688 | 2688 |
|
2689 | 2689 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->tls_auth_file, R_OK, |
2690 | 2690 |
"--tls-auth"); |
2691 |
-#endif /* USE_SSL */ |
|
2692 |
-#ifdef USE_CRYPTO |
|
2691 |
+#endif /* ENABLE_SSL */ |
|
2692 |
+#ifdef ENABLE_CRYPTO |
|
2693 | 2693 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->shared_secret_file, R_OK, |
2694 | 2694 |
"--secret"); |
2695 | 2695 |
errs |= check_file_access (CHKACC_DIRPATH|CHKACC_FILEXSTWR, |
2696 | 2696 |
options->packet_id_file, R_OK|W_OK, "--replay-persist"); |
2697 |
-#endif /* USE_CRYPTO */ |
|
2697 |
+#endif /* ENABLE_CRYPTO */ |
|
2698 | 2698 |
|
2699 | 2699 |
|
2700 | 2700 |
/* ** Password files ** */ |
2701 |
-#ifdef USE_SSL |
|
2701 |
+#ifdef ENABLE_SSL |
|
2702 | 2702 |
errs |= check_file_access (CHKACC_FILE, options->key_pass_file, R_OK, |
2703 | 2703 |
"--askpass"); |
2704 |
-#endif /* USE_SSL */ |
|
2704 |
+#endif /* ENABLE_SSL */ |
|
2705 | 2705 |
#ifdef ENABLE_MANAGEMENT |
2706 | 2706 |
errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN, |
2707 | 2707 |
options->management_user_pass, R_OK, |
... | ... |
@@ -2726,10 +2726,10 @@ options_postprocess_filechecks (struct options *options) |
2726 | 2726 |
R_OK|W_OK, "--status"); |
2727 | 2727 |
|
2728 | 2728 |
/* ** Config related ** */ |
2729 |
-#ifdef USE_SSL |
|
2729 |
+#ifdef ENABLE_SSL |
|
2730 | 2730 |
errs |= check_file_access (CHKACC_FILE, options->tls_export_cert, |
2731 | 2731 |
R_OK|W_OK|X_OK, "--tls-export-cert"); |
2732 |
-#endif /* USE_SSL */ |
|
2732 |
+#endif /* ENABLE_SSL */ |
|
2733 | 2733 |
#if P2MP_SERVER |
2734 | 2734 |
errs |= check_file_access (CHKACC_FILE, options->client_config_dir, |
2735 | 2735 |
R_OK|X_OK, "--client-config-dir"); |
... | ... |
@@ -2968,9 +2968,9 @@ options_string (const struct options *o, |
2968 | 2968 |
buf_printf (&out, ",mtu-dynamic"); |
2969 | 2969 |
#endif |
2970 | 2970 |
|
2971 |
-#ifdef USE_CRYPTO |
|
2971 |
+#ifdef ENABLE_CRYPTO |
|
2972 | 2972 |
|
2973 |
-#ifdef USE_SSL |
|
2973 |
+#ifdef ENABLE_SSL |
|
2974 | 2974 |
#define TLS_CLIENT (o->tls_client) |
2975 | 2975 |
#define TLS_SERVER (o->tls_server) |
2976 | 2976 |
#else |
... | ... |
@@ -3014,7 +3014,7 @@ options_string (const struct options *o, |
3014 | 3014 |
buf_printf (&out, ",no-iv"); |
3015 | 3015 |
} |
3016 | 3016 |
|
3017 |
-#ifdef USE_SSL |
|
3017 |
+#ifdef ENABLE_SSL |
|
3018 | 3018 |
/* |
3019 | 3019 |
* SSL Options |
3020 | 3020 |
*/ |
... | ... |
@@ -3043,12 +3043,12 @@ options_string (const struct options *o, |
3043 | 3043 |
buf_printf (&out, ",tls-server"); |
3044 | 3044 |
} |
3045 | 3045 |
} |
3046 |
-#endif /* USE_SSL */ |
|
3046 |
+#endif /* ENABLE_SSL */ |
|
3047 | 3047 |
|
3048 | 3048 |
#undef TLS_CLIENT |
3049 | 3049 |
#undef TLS_SERVER |
3050 | 3050 |
|
3051 |
-#endif /* USE_CRYPTO */ |
|
3051 |
+#endif /* ENABLE_CRYPTO */ |
|
3052 | 3052 |
|
3053 | 3053 |
return BSTR (&out); |
3054 | 3054 |
} |
... | ... |
@@ -3357,7 +3357,7 @@ usage (void) |
3357 | 3357 |
struct options o; |
3358 | 3358 |
init_options (&o, true); |
3359 | 3359 |
|
3360 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
3360 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
3361 | 3361 |
fprintf (fp, usage_message, |
3362 | 3362 |
title_string, |
3363 | 3363 |
o.ce.connect_retry_seconds, |
... | ... |
@@ -3368,7 +3368,7 @@ usage (void) |
3368 | 3368 |
o.replay_window, o.replay_time, |
3369 | 3369 |
o.tls_timeout, o.renegotiate_seconds, |
3370 | 3370 |
o.handshake_window, o.transition_window); |
3371 |
-#elif defined(USE_CRYPTO) |
|
3371 |
+#elif defined(ENABLE_CRYPTO) |
|
3372 | 3372 |
fprintf (fp, usage_message, |
3373 | 3373 |
title_string, |
3374 | 3374 |
o.ce.connect_retry_seconds, |
... | ... |
@@ -6211,7 +6211,7 @@ add_option (struct options *options, |
6211 | 6211 |
options->lzo &= ~LZO_ADAPTIVE; |
6212 | 6212 |
} |
6213 | 6213 |
#endif /* ENABLE_LZO */ |
6214 |
-#ifdef USE_CRYPTO |
|
6214 |
+#ifdef ENABLE_CRYPTO |
|
6215 | 6215 |
else if (streq (p[0], "show-ciphers")) |
6216 | 6216 |
{ |
6217 | 6217 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6383,7 +6383,7 @@ add_option (struct options *options, |
6383 | 6383 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
6384 | 6384 |
options->test_crypto = true; |
6385 | 6385 |
} |
6386 |
-#ifndef USE_POLARSSL |
|
6386 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
6387 | 6387 |
else if (streq (p[0], "engine")) |
6388 | 6388 |
{ |
6389 | 6389 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6394,7 +6394,7 @@ add_option (struct options *options, |
6394 | 6394 |
else |
6395 | 6395 |
options->engine = "auto"; |
6396 | 6396 |
} |
6397 |
-#endif /* USE_POLARSSL */ |
|
6397 |
+#endif /* ENABLE_CRYPTO_POLARSSL */ |
|
6398 | 6398 |
#ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH |
6399 | 6399 |
else if (streq (p[0], "keysize") && p[1]) |
6400 | 6400 |
{ |
... | ... |
@@ -6410,7 +6410,7 @@ add_option (struct options *options, |
6410 | 6410 |
options->keysize = keysize; |
6411 | 6411 |
} |
6412 | 6412 |
#endif |
6413 |
-#ifdef USE_SSL |
|
6413 |
+#ifdef ENABLE_SSL |
|
6414 | 6414 |
else if (streq (p[0], "show-tls")) |
6415 | 6415 |
{ |
6416 | 6416 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6437,13 +6437,13 @@ add_option (struct options *options, |
6437 | 6437 |
} |
6438 | 6438 |
#endif |
6439 | 6439 |
} |
6440 |
-#ifndef USE_POLARSSL |
|
6440 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
6441 | 6441 |
else if (streq (p[0], "capath") && p[1]) |
6442 | 6442 |
{ |
6443 | 6443 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
6444 | 6444 |
options->ca_path = p[1]; |
6445 | 6445 |
} |
6446 |
-#endif /* USE_POLARSSL */ |
|
6446 |
+#endif /* ENABLE_CRYPTO_POLARSSL */ |
|
6447 | 6447 |
else if (streq (p[0], "dh") && p[1]) |
6448 | 6448 |
{ |
6449 | 6449 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6500,7 +6500,7 @@ add_option (struct options *options, |
6500 | 6500 |
} |
6501 | 6501 |
#endif |
6502 | 6502 |
} |
6503 |
-#ifndef USE_POLARSSL |
|
6503 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
6504 | 6504 |
else if (streq (p[0], "pkcs12") && p[1]) |
6505 | 6505 |
{ |
6506 | 6506 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6512,7 +6512,7 @@ add_option (struct options *options, |
6512 | 6512 |
} |
6513 | 6513 |
#endif |
6514 | 6514 |
} |
6515 |
-#endif /* USE_POLARSSL */ |
|
6515 |
+#endif /* ENABLE_CRYPTO_POLARSSL */ |
|
6516 | 6516 |
else if (streq (p[0], "askpass")) |
6517 | 6517 |
{ |
6518 | 6518 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6574,7 +6574,7 @@ add_option (struct options *options, |
6574 | 6574 |
warn_multiple_script (options->tls_verify, "tls-verify"); |
6575 | 6575 |
options->tls_verify = string_substitute (p[1], ',', ' ', &options->gc); |
6576 | 6576 |
} |
6577 |
-#ifndef USE_POLARSSL |
|
6577 |
+#ifndef ENABLE_CRYPTO_POLARSSL |
|
6578 | 6578 |
else if (streq (p[0], "tls-export-cert") && p[1]) |
6579 | 6579 |
{ |
6580 | 6580 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6599,7 +6599,7 @@ add_option (struct options *options, |
6599 | 6599 |
goto err; |
6600 | 6600 |
} |
6601 | 6601 |
} |
6602 |
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L || USE_POLARSSL |
|
6602 |
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L || ENABLE_CRYPTO_POLARSSL |
|
6603 | 6603 |
else if (streq (p[0], "remote-cert-ku")) |
6604 | 6604 |
{ |
6605 | 6605 |
int j; |
... | ... |
@@ -6716,8 +6716,8 @@ add_option (struct options *options, |
6716 | 6716 |
options->x509_username_field = p[1]; |
6717 | 6717 |
} |
6718 | 6718 |
#endif /* ENABLE_X509ALTUSERNAME */ |
6719 |
-#endif /* USE_SSL */ |
|
6720 |
-#endif /* USE_CRYPTO */ |
|
6719 |
+#endif /* ENABLE_SSL */ |
|
6720 |
+#endif /* ENABLE_CRYPTO */ |
|
6721 | 6721 |
#ifdef ENABLE_PKCS11 |
6722 | 6722 |
else if (streq (p[0], "show-pkcs11-ids") && p[1]) |
6723 | 6723 |
{ |
... | ... |
@@ -80,7 +80,7 @@ struct options_pre_pull |
80 | 80 |
}; |
81 | 81 |
|
82 | 82 |
#endif |
83 |
-#if defined(USE_CRYPTO) && !defined(USE_OPENSSL) && !defined(USE_POLARSSL) |
|
83 |
+#if defined(ENABLE_CRYPTO) && !defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_POLARSSL) |
|
84 | 84 |
# error "At least one of OpenSSL or PolarSSL needs to be defined." |
85 | 85 |
#endif |
86 | 86 |
|
... | ... |
@@ -211,12 +211,12 @@ struct options |
211 | 211 |
bool persist_config; |
212 | 212 |
int persist_mode; |
213 | 213 |
|
214 |
-#ifdef USE_CRYPTO |
|
214 |
+#ifdef ENABLE_CRYPTO |
|
215 | 215 |
const char *key_pass_file; |
216 | 216 |
bool show_ciphers; |
217 | 217 |
bool show_digests; |
218 | 218 |
bool show_engines; |
219 |
-#ifdef USE_SSL |
|
219 |
+#ifdef ENABLE_SSL |
|
220 | 220 |
bool show_tls_ciphers; |
221 | 221 |
#endif |
222 | 222 |
bool genkey; |
... | ... |
@@ -498,7 +498,7 @@ struct options |
498 | 498 |
#endif |
499 | 499 |
#endif |
500 | 500 |
|
501 |
-#ifdef USE_CRYPTO |
|
501 |
+#ifdef ENABLE_CRYPTO |
|
502 | 502 |
/* Cipher parms */ |
503 | 503 |
const char *shared_secret_file; |
504 | 504 |
#if ENABLE_INLINE_FILES |
... | ... |
@@ -521,7 +521,7 @@ struct options |
521 | 521 |
bool use_iv; |
522 | 522 |
bool test_crypto; |
523 | 523 |
|
524 |
-#ifdef USE_SSL |
|
524 |
+#ifdef ENABLE_SSL |
|
525 | 525 |
/* TLS (control channel) parms */ |
526 | 526 |
bool tls_server; |
527 | 527 |
bool tls_client; |
... | ... |
@@ -605,8 +605,8 @@ struct options |
605 | 605 |
|
606 | 606 |
bool tls_exit; |
607 | 607 |
|
608 |
-#endif /* USE_SSL */ |
|
609 |
-#endif /* USE_CRYPTO */ |
|
608 |
+#endif /* ENABLE_SSL */ |
|
609 |
+#endif /* ENABLE_CRYPTO */ |
|
610 | 610 |
|
611 | 611 |
#ifdef ENABLE_X509_TRACK |
612 | 612 |
const struct x509_track *x509_track; |
... | ... |
@@ -33,7 +33,7 @@ |
33 | 33 |
|
34 | 34 |
#include "syshead.h" |
35 | 35 |
|
36 |
-#ifdef USE_CRYPTO |
|
36 |
+#ifdef ENABLE_CRYPTO |
|
37 | 37 |
|
38 | 38 |
#include "packet_id.h" |
39 | 39 |
#include "misc.h" |
... | ... |
@@ -593,4 +593,4 @@ packet_id_interactive_test () |
593 | 593 |
} |
594 | 594 |
#endif |
595 | 595 |
|
596 |
-#endif /* USE_CRYPTO */ |
|
596 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -28,7 +28,7 @@ |
28 | 28 |
* attempts to replay them back later. |
29 | 29 |
*/ |
30 | 30 |
|
31 |
-#ifdef USE_CRYPTO |
|
31 |
+#ifdef ENABLE_CRYPTO |
|
32 | 32 |
|
33 | 33 |
#ifndef PACKET_ID_H |
34 | 34 |
#define PACKET_ID_H |
... | ... |
@@ -335,4 +335,4 @@ packet_id_reap_test (struct packet_id_rec *p) |
335 | 335 |
} |
336 | 336 |
|
337 | 337 |
#endif /* PACKET_ID_H */ |
338 |
-#endif /* USE_CRYPTO */ |
|
338 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(ENABLE_PKCS11) && defined(USE_POLARSSL) |
|
32 |
+#if defined(ENABLE_PKCS11) && defined(ENABLE_CRYPTO_POLARSSL) |
|
33 | 33 |
|
34 | 34 |
#include "errlevel.h" |
35 | 35 |
#include "pkcs11_backend.h" |
... | ... |
@@ -117,4 +117,4 @@ cleanup: |
117 | 117 |
|
118 | 118 |
return ret; |
119 | 119 |
} |
120 |
-#endif /* defined(ENABLE_PKCS11) && defined(USE_POLARSSL) */ |
|
120 |
+#endif /* defined(ENABLE_PKCS11) && defined(ENABLE_CRYPTO_POLARSSL) */ |
... | ... |
@@ -351,9 +351,9 @@ plugin_call_item (const struct plugin *p, |
351 | 351 |
const struct argv *av, |
352 | 352 |
struct openvpn_plugin_string_list **retlist, |
353 | 353 |
const char **envp |
354 |
-#ifdef USE_SSL |
|
354 |
+#ifdef ENABLE_SSL |
|
355 | 355 |
, int certdepth, |
356 |
- x509_cert_t *current_cert |
|
356 |
+ openvpn_x509_cert_t *current_cert |
|
357 | 357 |
#endif |
358 | 358 |
) |
359 | 359 |
{ |
... | ... |
@@ -380,7 +380,7 @@ plugin_call_item (const struct plugin *p, |
380 | 380 |
(const char ** const) envp, |
381 | 381 |
p->plugin_handle, |
382 | 382 |
per_client_context, |
383 |
-#ifdef USE_SSL |
|
383 |
+#ifdef ENABLE_SSL |
|
384 | 384 |
(current_cert ? certdepth : -1), |
385 | 385 |
current_cert |
386 | 386 |
#else |
... | ... |
@@ -590,9 +590,9 @@ plugin_call_ssl (const struct plugin_list *pl, |
590 | 590 |
const struct argv *av, |
591 | 591 |
struct plugin_return *pr, |
592 | 592 |
struct env_set *es |
593 |
-#ifdef USE_SSL |
|
593 |
+#ifdef ENABLE_SSL |
|
594 | 594 |
, int certdepth, |
595 |
- x509_cert_t *current_cert |
|
595 |
+ openvpn_x509_cert_t *current_cert |
|
596 | 596 |
#endif |
597 | 597 |
) |
598 | 598 |
{ |
... | ... |
@@ -620,7 +620,7 @@ plugin_call_ssl (const struct plugin_list *pl, |
620 | 620 |
av, |
621 | 621 |
pr ? &pr->list[i] : NULL, |
622 | 622 |
envp |
623 |
-#ifdef USE_SSL |
|
623 |
+#ifdef ENABLE_SSL |
|
624 | 624 |
,certdepth, |
625 | 625 |
current_cert |
626 | 626 |
#endif |
... | ... |
@@ -29,10 +29,10 @@ |
29 | 29 |
#ifndef OPENVPN_PLUGIN_H |
30 | 30 |
#define OPENVPN_PLUGIN_H |
31 | 31 |
|
32 |
-#ifdef USE_OPENSSL |
|
32 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
33 | 33 |
#include "ssl_verify_openssl.h" |
34 | 34 |
#endif |
35 |
-#ifdef USE_POLARSSL |
|
35 |
+#ifdef ENABLE_CRYPTO_POLARSSL |
|
36 | 36 |
#include "ssl_verify_polarssl.h" |
37 | 37 |
#endif |
38 | 38 |
#include "openvpn-plugin.h" |
... | ... |
@@ -127,9 +127,9 @@ int plugin_call_ssl (const struct plugin_list *pl, |
127 | 127 |
const struct argv *av, |
128 | 128 |
struct plugin_return *pr, |
129 | 129 |
struct env_set *es |
130 |
-#ifdef USE_SSL |
|
130 |
+#ifdef ENABLE_SSL |
|
131 | 131 |
, int current_cert_depth, |
132 |
- x509_cert_t *current_cert |
|
132 |
+ openvpn_x509_cert_t *current_cert |
|
133 | 133 |
#endif |
134 | 134 |
); |
135 | 135 |
|
... | ... |
@@ -183,9 +183,9 @@ plugin_call_ssl (const struct plugin_list *pl, |
183 | 183 |
const struct argv *av, |
184 | 184 |
struct plugin_return *pr, |
185 | 185 |
struct env_set *es |
186 |
-#ifdef USE_SSL |
|
186 |
+#ifdef ENABLE_SSL |
|
187 | 187 |
, int current_cert_depth, |
188 |
- x509_cert_t *current_cert |
|
188 |
+ openvpn_x509_cert_t *current_cert |
|
189 | 189 |
#endif |
190 | 190 |
) |
191 | 191 |
{ |
... | ... |
@@ -202,7 +202,7 @@ plugin_call(const struct plugin_list *pl, |
202 | 202 |
struct env_set *es) |
203 | 203 |
{ |
204 | 204 |
return plugin_call_ssl(pl, type, av, pr, es |
205 |
-#ifdef USE_SSL |
|
205 |
+#ifdef ENABLE_SSL |
|
206 | 206 |
, -1, NULL |
207 | 207 |
#endif |
208 | 208 |
); |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
32 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
33 | 33 |
|
34 | 34 |
#include "buffer.h" |
35 | 35 |
#include "error.h" |
... | ... |
@@ -748,4 +748,4 @@ reliable_debug_print (const struct reliable *rel, char *desc) |
748 | 748 |
|
749 | 749 |
#else |
750 | 750 |
static void dummy(void) {} |
751 |
-#endif /* USE_CRYPTO && USE_SSL*/ |
|
751 |
+#endif /* ENABLE_CRYPTO && ENABLE_SSL*/ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
*/ |
30 | 30 |
|
31 | 31 |
|
32 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
32 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
33 | 33 |
|
34 | 34 |
#ifndef RELIABLE_H |
35 | 35 |
#define RELIABLE_H |
... | ... |
@@ -477,4 +477,4 @@ void reliable_ack_debug_print (const struct reliable_ack *ack, char *desc); |
477 | 477 |
|
478 | 478 |
|
479 | 479 |
#endif /* RELIABLE_H */ |
480 |
-#endif /* USE_CRYPTO && USE_SSL */ |
|
480 |
+#endif /* ENABLE_CRYPTO && ENABLE_SSL */ |
... | ... |
@@ -33,7 +33,7 @@ |
33 | 33 |
|
34 | 34 |
#include "syshead.h" |
35 | 35 |
|
36 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
36 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
37 | 37 |
|
38 | 38 |
#include "error.h" |
39 | 39 |
#include "common.h" |
... | ... |
@@ -58,4 +58,4 @@ session_id_print (const struct session_id *sid, struct gc_arena *gc) |
58 | 58 |
|
59 | 59 |
#else |
60 | 60 |
static void dummy(void) {} |
61 |
-#endif /* USE_CRYPTO && USE_SSL*/ |
|
61 |
+#endif /* ENABLE_CRYPTO && ENABLE_SSL*/ |
... | ... |
@@ -30,7 +30,7 @@ |
30 | 30 |
* negotiated). |
31 | 31 |
*/ |
32 | 32 |
|
33 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
33 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
34 | 34 |
|
35 | 35 |
#ifndef SESSION_ID_H |
36 | 36 |
#define SESSION_ID_H |
... | ... |
@@ -83,4 +83,4 @@ void session_id_random (struct session_id *sid); |
83 | 83 |
const char *session_id_print (const struct session_id *sid, struct gc_arena *gc); |
84 | 84 |
|
85 | 85 |
#endif /* SESSION_ID_H */ |
86 |
-#endif /* USE_CRYPTO && USE_SSL */ |
|
86 |
+#endif /* ENABLE_CRYPTO && ENABLE_SSL */ |
... | ... |
@@ -41,7 +41,7 @@ |
41 | 41 |
|
42 | 42 |
#include "syshead.h" |
43 | 43 |
|
44 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
44 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
45 | 45 |
|
46 | 46 |
#include "error.h" |
47 | 47 |
#include "common.h" |
... | ... |
@@ -342,7 +342,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) |
342 | 342 |
#ifdef MANAGMENT_EXTERNAL_KEY |
343 | 343 |
else if ((options->management_flags & MF_EXTERNAL_KEY) && options->cert_file) |
344 | 344 |
{ |
345 |
- x509_cert_t *my_cert = NULL; |
|
345 |
+ openvpn_x509_cert_t *my_cert = NULL; |
|
346 | 346 |
tls_ctx_load_cert_file(new_ctx, options->cert_file, options->cert_file_inline, |
347 | 347 |
&my_cert); |
348 | 348 |
tls_ctx_use_external_private_key(new_ctx, my_cert); |
... | ... |
@@ -3370,4 +3370,4 @@ done: |
3370 | 3370 |
|
3371 | 3371 |
#else |
3372 | 3372 |
static void dummy(void) {} |
3373 |
-#endif /* USE_CRYPTO && USE_SSL*/ |
|
3373 |
+#endif /* ENABLE_CRYPTO && ENABLE_SSL*/ |
... | ... |
@@ -30,7 +30,7 @@ |
30 | 30 |
#ifndef OPENVPN_SSL_H |
31 | 31 |
#define OPENVPN_SSL_H |
32 | 32 |
|
33 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
33 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
34 | 34 |
|
35 | 35 |
#include "basic.h" |
36 | 36 |
#include "common.h" |
... | ... |
@@ -502,6 +502,6 @@ void show_tls_performance_stats(void); |
502 | 502 |
/*#define EXTRACT_X509_FIELD_TEST*/ |
503 | 503 |
void extract_x509_field_test (void); |
504 | 504 |
|
505 |
-#endif /* USE_CRYPTO && USE_SSL */ |
|
505 |
+#endif /* ENABLE_CRYPTO && ENABLE_SSL */ |
|
506 | 506 |
|
507 | 507 |
#endif |
... | ... |
@@ -33,11 +33,11 @@ |
33 | 33 |
|
34 | 34 |
#include "buffer.h" |
35 | 35 |
|
36 |
-#ifdef USE_OPENSSL |
|
36 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
37 | 37 |
#include "ssl_openssl.h" |
38 | 38 |
#include "ssl_verify_openssl.h" |
39 | 39 |
#endif |
40 |
-#ifdef USE_POLARSSL |
|
40 |
+#ifdef ENABLE_CRYPTO_POLARSSL |
|
41 | 41 |
#include "ssl_polarssl.h" |
42 | 42 |
#include "ssl_verify_polarssl.h" |
43 | 43 |
#endif |
... | ... |
@@ -193,7 +193,7 @@ void tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file, |
193 | 193 |
#if ENABLE_INLINE_FILES |
194 | 194 |
const char *cert_file_inline, |
195 | 195 |
#endif |
196 |
- x509_cert_t **x509 |
|
196 |
+ openvpn_x509_cert_t **x509 |
|
197 | 197 |
); |
198 | 198 |
|
199 | 199 |
/** |
... | ... |
@@ -201,7 +201,7 @@ void tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file, |
201 | 201 |
* |
202 | 202 |
* @param x509 certificate to free |
203 | 203 |
*/ |
204 |
-void tls_ctx_free_cert_file (x509_cert_t *x509); |
|
204 |
+void tls_ctx_free_cert_file (openvpn_x509_cert_t *x509); |
|
205 | 205 |
|
206 | 206 |
/** |
207 | 207 |
* Load private key file into the given TLS context. |
... | ... |
@@ -233,7 +233,7 @@ int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file |
233 | 233 |
* @return 1 if an error occurred, 0 if parsing was |
234 | 234 |
* successful. |
235 | 235 |
*/ |
236 |
-int tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, x509_cert_t *cert); |
|
236 |
+int tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, openvpn_x509_cert_t *cert); |
|
237 | 237 |
|
238 | 238 |
#endif |
239 | 239 |
|
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_SSL) && defined(USE_OPENSSL) |
|
32 |
+#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) |
|
33 | 33 |
|
34 | 34 |
#include "errlevel.h" |
35 | 35 |
#include "buffer.h" |
... | ... |
@@ -1020,13 +1020,13 @@ key_state_write_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf) |
1020 | 1020 |
int ret = 0; |
1021 | 1021 |
perf_push (PERF_BIO_WRITE_PLAINTEXT); |
1022 | 1022 |
|
1023 |
-#ifdef USE_OPENSSL |
|
1023 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
1024 | 1024 |
ASSERT (NULL != ks_ssl); |
1025 | 1025 |
|
1026 | 1026 |
ret = bio_write (ks_ssl->ssl_bio, BPTR(buf), BLEN(buf), |
1027 | 1027 |
"tls_write_plaintext"); |
1028 | 1028 |
bio_write_post (ret, buf); |
1029 |
-#endif /* USE_OPENSSL */ |
|
1029 |
+#endif /* ENABLE_CRYPTO_OPENSSL */ |
|
1030 | 1030 |
|
1031 | 1031 |
perf_pop (); |
1032 | 1032 |
return ret; |
... | ... |
@@ -1187,4 +1187,4 @@ get_highest_preference_tls_cipher (char *buf, int size) |
1187 | 1187 |
SSL_CTX_free (ctx); |
1188 | 1188 |
} |
1189 | 1189 |
|
1190 |
-#endif /* defined(USE_SSL) && defined(USE_OPENSSL) */ |
|
1190 |
+#endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_SSL) && defined(USE_POLARSSL) |
|
32 |
+#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) |
|
33 | 33 |
|
34 | 34 |
#include "errlevel.h" |
35 | 35 |
#include "ssl_backend.h" |
... | ... |
@@ -243,7 +243,7 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file, |
243 | 243 |
#if ENABLE_INLINE_FILES |
244 | 244 |
const char *cert_file_inline, |
245 | 245 |
#endif |
246 |
- x509_cert_t **x509 |
|
246 |
+ openvpn_x509_cert_t **x509 |
|
247 | 247 |
) |
248 | 248 |
{ |
249 | 249 |
ASSERT(NULL != ctx); |
... | ... |
@@ -270,7 +270,7 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file, |
270 | 270 |
} |
271 | 271 |
|
272 | 272 |
void |
273 |
-tls_ctx_free_cert_file (x509_cert_t *x509) |
|
273 |
+tls_ctx_free_cert_file (openvpn_x509_cert_t *x509) |
|
274 | 274 |
{ |
275 | 275 |
x509_free(x509); |
276 | 276 |
} |
... | ... |
@@ -334,7 +334,7 @@ tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file |
334 | 334 |
#ifdef MANAGMENT_EXTERNAL_KEY |
335 | 335 |
|
336 | 336 |
int |
337 |
-tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, x509_cert_t *cert) |
|
337 |
+tls_ctx_use_external_private_key (struct tls_root_ctx *ctx, openvpn_x509_cert_t *cert) |
|
338 | 338 |
{ |
339 | 339 |
msg(M_FATAL, "Use of management external keys not yet supported for PolarSSL."); |
340 | 340 |
return false; |
... | ... |
@@ -865,4 +865,4 @@ get_highest_preference_tls_cipher (char *buf, int size) |
865 | 865 |
strncpynt (buf, cipher_name, size); |
866 | 866 |
} |
867 | 867 |
|
868 |
-#endif /* defined(USE_SSL) && defined(USE_POLARSSL) */ |
|
868 |
+#endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) */ |
... | ... |
@@ -29,14 +29,14 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
32 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
33 | 33 |
|
34 | 34 |
#include "misc.h" |
35 | 35 |
#include "manage.h" |
36 | 36 |
#include "ssl_verify.h" |
37 | 37 |
#include "ssl_verify_backend.h" |
38 | 38 |
|
39 |
-#ifdef USE_OPENSSL |
|
39 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
40 | 40 |
#include "ssl_verify_openssl.h" |
41 | 41 |
#endif |
42 | 42 |
|
... | ... |
@@ -296,7 +296,7 @@ print_nsCertType (int type) |
296 | 296 |
* @param subject the peer's extracted common name |
297 | 297 |
*/ |
298 | 298 |
static result_t |
299 |
-verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert, |
|
299 |
+verify_peer_cert(const struct tls_options *opt, openvpn_x509_cert_t *peer_cert, |
|
300 | 300 |
const char *subject, const char *common_name) |
301 | 301 |
{ |
302 | 302 |
/* verify certificate nsCertType */ |
... | ... |
@@ -315,7 +315,7 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert, |
315 | 315 |
} |
316 | 316 |
} |
317 | 317 |
|
318 |
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L || USE_POLARSSL |
|
318 |
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L || ENABLE_CRYPTO_POLARSSL |
|
319 | 319 |
|
320 | 320 |
/* verify certificate ku */ |
321 | 321 |
if (opt->remote_cert_ku[0] != 0) |
... | ... |
@@ -369,7 +369,7 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert, |
369 | 369 |
* environment for later verification by scripts and plugins. |
370 | 370 |
*/ |
371 | 371 |
static void |
372 |
-verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth, |
|
372 |
+verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert_depth, |
|
373 | 373 |
const char *subject, const char *common_name |
374 | 374 |
#ifdef ENABLE_X509_TRACK |
375 | 375 |
, const struct x509_track *x509_track |
... | ... |
@@ -425,7 +425,7 @@ verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth, |
425 | 425 |
*/ |
426 | 426 |
static result_t |
427 | 427 |
verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es, |
428 |
- int cert_depth, x509_cert_t *cert, char *subject) |
|
428 |
+ int cert_depth, openvpn_x509_cert_t *cert, char *subject) |
|
429 | 429 |
{ |
430 | 430 |
if (plugin_defined (plugins, OPENVPN_PLUGIN_TLS_VERIFY)) |
431 | 431 |
{ |
... | ... |
@@ -454,7 +454,7 @@ verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es, |
454 | 454 |
} |
455 | 455 |
|
456 | 456 |
static const char * |
457 |
-verify_cert_export_cert(x509_cert_t *peercert, const char *tmp_dir, struct gc_arena *gc) |
|
457 |
+verify_cert_export_cert(openvpn_x509_cert_t *peercert, const char *tmp_dir, struct gc_arena *gc) |
|
458 | 458 |
{ |
459 | 459 |
FILE *peercert_file; |
460 | 460 |
const char *peercert_filename=""; |
... | ... |
@@ -486,7 +486,7 @@ verify_cert_export_cert(x509_cert_t *peercert, const char *tmp_dir, struct gc_ar |
486 | 486 |
*/ |
487 | 487 |
static result_t |
488 | 488 |
verify_cert_call_command(const char *verify_command, struct env_set *es, |
489 |
- int cert_depth, x509_cert_t *cert, char *subject, const char *verify_export_cert) |
|
489 |
+ int cert_depth, openvpn_x509_cert_t *cert, char *subject, const char *verify_export_cert) |
|
490 | 490 |
{ |
491 | 491 |
const char *tmp_file = NULL; |
492 | 492 |
int ret; |
... | ... |
@@ -533,7 +533,7 @@ verify_cert_call_command(const char *verify_command, struct env_set *es, |
533 | 533 |
* check peer cert against CRL directory |
534 | 534 |
*/ |
535 | 535 |
static result_t |
536 |
-verify_check_crl_dir(const char *crl_dir, x509_cert_t *cert) |
|
536 |
+verify_check_crl_dir(const char *crl_dir, openvpn_x509_cert_t *cert) |
|
537 | 537 |
{ |
538 | 538 |
char fn[256]; |
539 | 539 |
int fd; |
... | ... |
@@ -560,7 +560,7 @@ verify_check_crl_dir(const char *crl_dir, x509_cert_t *cert) |
560 | 560 |
} |
561 | 561 |
|
562 | 562 |
result_t |
563 |
-verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth) |
|
563 |
+verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth) |
|
564 | 564 |
{ |
565 | 565 |
char *subject = NULL; |
566 | 566 |
char common_name[TLS_USERNAME_LEN] = {0}; |
... | ... |
@@ -1215,4 +1215,4 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session) |
1215 | 1215 |
gc_free (&gc); |
1216 | 1216 |
} |
1217 | 1217 |
} |
1218 |
-#endif /* defined(USE_CRYPTO) && defined(USE_SSL) */ |
|
1218 |
+#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) */ |
... | ... |
@@ -36,10 +36,10 @@ |
36 | 36 |
#include "ssl_common.h" |
37 | 37 |
|
38 | 38 |
/* Include OpenSSL-specific code */ |
39 |
-#ifdef USE_OPENSSL |
|
39 |
+#ifdef ENABLE_CRYPTO_OPENSSL |
|
40 | 40 |
#include "ssl_verify_openssl.h" |
41 | 41 |
#endif |
42 |
-#ifdef USE_POLARSSL |
|
42 |
+#ifdef ENABLE_CRYPTO_POLARSSL |
|
43 | 43 |
#include "ssl_verify_polarssl.h" |
44 | 44 |
#endif |
45 | 45 |
|
... | ... |
@@ -55,7 +55,7 @@ typedef enum { SUCCESS=0, FAILURE=1 } result_t; |
55 | 55 |
* |
56 | 56 |
* @return \c SUCCESS if verification was successful, \c FAILURE on failure. |
57 | 57 |
*/ |
58 |
-result_t verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth); |
|
58 |
+result_t verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth); |
|
59 | 59 |
|
60 | 60 |
/* |
61 | 61 |
* Remember the given certificate hash, allowing the certificate chain to be |
... | ... |
@@ -86,7 +86,7 @@ void cert_hash_remember (struct tls_session *session, const int cert_depth, |
86 | 86 |
* |
87 | 87 |
* @return a string containing the subject |
88 | 88 |
*/ |
89 |
-char *x509_get_subject (x509_cert_t *cert); |
|
89 |
+char *x509_get_subject (openvpn_x509_cert_t *cert); |
|
90 | 90 |
|
91 | 91 |
/* |
92 | 92 |
* Free a subject string as returned by \c verify_get_subject() |
... | ... |
@@ -103,7 +103,7 @@ void x509_free_subject (char *subject); |
103 | 103 |
* |
104 | 104 |
* @return a string containing the SHA1 hash of the certificate |
105 | 105 |
*/ |
106 |
-unsigned char *x509_get_sha1_hash (x509_cert_t *cert); |
|
106 |
+unsigned char *x509_get_sha1_hash (openvpn_x509_cert_t *cert); |
|
107 | 107 |
|
108 | 108 |
/* |
109 | 109 |
* Free a hash as returned by \c verify_get_hash() |
... | ... |
@@ -126,7 +126,7 @@ void x509_free_sha1_hash (unsigned char *hash); |
126 | 126 |
* @return \c FAILURE, \c or SUCCESS |
127 | 127 |
*/ |
128 | 128 |
result_t x509_get_username (char *common_name, int cn_len, |
129 |
- char * x509_username_field, x509_cert_t *peer_cert); |
|
129 |
+ char * x509_username_field, openvpn_x509_cert_t *peer_cert); |
|
130 | 130 |
|
131 | 131 |
/* |
132 | 132 |
* Return the certificate's serial number. |
... | ... |
@@ -138,7 +138,7 @@ result_t x509_get_username (char *common_name, int cn_len, |
138 | 138 |
* |
139 | 139 |
* @return The certificate's serial number. |
140 | 140 |
*/ |
141 |
-char *x509_get_serial (x509_cert_t *cert); |
|
141 |
+char *x509_get_serial (openvpn_x509_cert_t *cert); |
|
142 | 142 |
|
143 | 143 |
/* |
144 | 144 |
* Free a serial number string as returned by \c verify_get_serial() |
... | ... |
@@ -156,7 +156,7 @@ void x509_free_serial (char *serial); |
156 | 156 |
* @param cert_depth Depth of the certificate |
157 | 157 |
* @param cert Certificate to set the environment for |
158 | 158 |
*/ |
159 |
-void x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert); |
|
159 |
+void x509_setenv (struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert); |
|
160 | 160 |
|
161 | 161 |
#ifdef ENABLE_X509_TRACK |
162 | 162 |
|
... | ... |
@@ -195,7 +195,7 @@ void x509_track_add (const struct x509_track **ll_head, const char *name, |
195 | 195 |
* @param cert Certificate to set the environment for |
196 | 196 |
*/ |
197 | 197 |
void x509_setenv_track (const struct x509_track *xt, struct env_set *es, |
198 |
- const int depth, x509_cert_t *x509); |
|
198 |
+ const int depth, openvpn_x509_cert_t *x509); |
|
199 | 199 |
|
200 | 200 |
#endif |
201 | 201 |
|
... | ... |
@@ -210,9 +210,9 @@ void x509_setenv_track (const struct x509_track *xt, struct env_set *es, |
210 | 210 |
* the expected bit set. \c FAILURE if the certificate does |
211 | 211 |
* not have NS cert type verification or the wrong bit set. |
212 | 212 |
*/ |
213 |
-result_t x509_verify_ns_cert_type(const x509_cert_t *cert, const int usage); |
|
213 |
+result_t x509_verify_ns_cert_type(const openvpn_x509_cert_t *cert, const int usage); |
|
214 | 214 |
|
215 |
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L || USE_POLARSSL |
|
215 |
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L || ENABLE_CRYPTO_POLARSSL |
|
216 | 216 |
|
217 | 217 |
/* |
218 | 218 |
* Verify X.509 key usage extension field. |
... | ... |
@@ -224,7 +224,7 @@ result_t x509_verify_ns_cert_type(const x509_cert_t *cert, const int usage); |
224 | 224 |
* @return \c SUCCESS if one of the key usage values matches, \c FAILURE |
225 | 225 |
* if key usage is not enabled, or the values do not match. |
226 | 226 |
*/ |
227 |
-result_t x509_verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku, |
|
227 |
+result_t x509_verify_cert_ku (openvpn_x509_cert_t *x509, const unsigned * const expected_ku, |
|
228 | 228 |
int expected_len); |
229 | 229 |
|
230 | 230 |
/* |
... | ... |
@@ -240,7 +240,7 @@ result_t x509_verify_cert_ku (x509_cert_t *x509, const unsigned * const expected |
240 | 240 |
* extended key usage fields, \c FAILURE if extended key |
241 | 241 |
* usage is not enabled, or the values do not match. |
242 | 242 |
*/ |
243 |
-result_t x509_verify_cert_eku (x509_cert_t *x509, const char * const expected_oid); |
|
243 |
+result_t x509_verify_cert_eku (openvpn_x509_cert_t *x509, const char * const expected_oid); |
|
244 | 244 |
|
245 | 245 |
#endif |
246 | 246 |
|
... | ... |
@@ -253,7 +253,7 @@ result_t x509_verify_cert_eku (x509_cert_t *x509, const char * const expected_oi |
253 | 253 |
* |
254 | 254 |
* |
255 | 255 |
*/ |
256 |
-result_t x509_write_pem(FILE *peercert_file, x509_cert_t *peercert); |
|
256 |
+result_t x509_write_pem(FILE *peercert_file, openvpn_x509_cert_t *peercert); |
|
257 | 257 |
|
258 | 258 |
/* |
259 | 259 |
* Check the certificate against a CRL file. |
... | ... |
@@ -266,7 +266,7 @@ result_t x509_write_pem(FILE *peercert_file, x509_cert_t *peercert); |
266 | 266 |
* certificate or does not contain an entry for it. |
267 | 267 |
* \c FAILURE otherwise. |
268 | 268 |
*/ |
269 |
-result_t x509_verify_crl(const char *crl_file, x509_cert_t *cert, |
|
269 |
+result_t x509_verify_crl(const char *crl_file, openvpn_x509_cert_t *cert, |
|
270 | 270 |
const char *subject); |
271 | 271 |
|
272 | 272 |
#endif /* SSL_VERIFY_BACKEND_H_ */ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_SSL) && defined(USE_OPENSSL) |
|
32 |
+#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) |
|
33 | 33 |
|
34 | 34 |
#include "ssl_verify.h" |
35 | 35 |
#include "ssl_verify_backend.h" |
... | ... |
@@ -210,7 +210,7 @@ x509_get_username (char *common_name, int cn_len, |
210 | 210 |
} |
211 | 211 |
|
212 | 212 |
char * |
213 |
-x509_get_serial (x509_cert_t *cert) |
|
213 |
+x509_get_serial (openvpn_x509_cert_t *cert) |
|
214 | 214 |
{ |
215 | 215 |
ASN1_INTEGER *asn1_i; |
216 | 216 |
BIGNUM *bignum; |
... | ... |
@@ -401,7 +401,7 @@ x509_setenv_track (const struct x509_track *xt, struct env_set *es, const int de |
401 | 401 |
* X509_{cert_depth}_{name}={value} |
402 | 402 |
*/ |
403 | 403 |
void |
404 |
-x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *peer_cert) |
|
404 |
+x509_setenv (struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert) |
|
405 | 405 |
{ |
406 | 406 |
int i, n; |
407 | 407 |
int fn_nid; |
... | ... |
@@ -449,7 +449,7 @@ x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *peer_cert) |
449 | 449 |
} |
450 | 450 |
|
451 | 451 |
result_t |
452 |
-x509_verify_ns_cert_type(const x509_cert_t *peer_cert, const int usage) |
|
452 |
+x509_verify_ns_cert_type(const openvpn_x509_cert_t *peer_cert, const int usage) |
|
453 | 453 |
{ |
454 | 454 |
if (usage == NS_CERT_CHECK_NONE) |
455 | 455 |
return SUCCESS; |
... | ... |
@@ -623,4 +623,4 @@ end: |
623 | 623 |
return retval; |
624 | 624 |
} |
625 | 625 |
|
626 |
-#endif /* defined(USE_SSL) && defined(USE_OPENSSL) */ |
|
626 |
+#endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */ |
... | ... |
@@ -32,7 +32,11 @@ |
32 | 32 |
#define SSL_VERIFY_OPENSSL_H_ |
33 | 33 |
|
34 | 34 |
#include <openssl/x509.h> |
35 |
-typedef X509 x509_cert_t; |
|
35 |
+ |
|
36 |
+#ifndef __OPENVPN_X509_CERT_T_DECLARED |
|
37 |
+#define __OPENVPN_X509_CERT_T_DECLARED |
|
38 |
+typedef X509 openvpn_x509_cert_t; |
|
39 |
+#endif |
|
36 | 40 |
|
37 | 41 |
/** @name Function for authenticating a new connection from a remote OpenVPN peer |
38 | 42 |
* @{ */ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
|
30 | 30 |
#include "syshead.h" |
31 | 31 |
|
32 |
-#if defined(USE_SSL) && defined(USE_POLARSSL) |
|
32 |
+#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) |
|
33 | 33 |
|
34 | 34 |
#include "ssl_verify.h" |
35 | 35 |
#include <polarssl/sha1.h> |
... | ... |
@@ -189,7 +189,7 @@ x509_free_subject (char *subject) |
189 | 189 |
* X509_{cert_depth}_{name}={value} |
190 | 190 |
*/ |
191 | 191 |
void |
192 |
-x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert) |
|
192 |
+x509_setenv (struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert) |
|
193 | 193 |
{ |
194 | 194 |
int i; |
195 | 195 |
unsigned char c; |
... | ... |
@@ -422,4 +422,4 @@ end: |
422 | 422 |
return retval; |
423 | 423 |
} |
424 | 424 |
|
425 |
-#endif /* #if defined(USE_SSL) && defined(USE_POLARSSL) */ |
|
425 |
+#endif /* #if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) */ |
... | ... |
@@ -35,7 +35,10 @@ |
35 | 35 |
#include "manage.h" |
36 | 36 |
#include <polarssl/x509.h> |
37 | 37 |
|
38 |
-typedef x509_cert x509_cert_t; |
|
38 |
+#ifndef __OPENVPN_X509_CERT_T_DECLARED |
|
39 |
+#define __OPENVPN_X509_CERT_T_DECLARED |
|
40 |
+typedef x509_cert openvpn_x509_cert_t; |
|
41 |
+#endif |
|
39 | 42 |
|
40 | 43 |
/** @name Function for authenticating a new connection from a remote OpenVPN peer |
41 | 44 |
* @{ */ |
... | ... |
@@ -481,7 +481,7 @@ socket_defined (const socket_descriptor_t sd) |
481 | 481 |
* Do we have point-to-multipoint capability? |
482 | 482 |
*/ |
483 | 483 |
|
484 |
-#if defined(ENABLE_CLIENT_SERVER) && defined(USE_CRYPTO) && defined(USE_SSL) && defined(HAVE_GETTIMEOFDAY) |
|
484 |
+#if defined(ENABLE_CLIENT_SERVER) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined(HAVE_GETTIMEOFDAY) |
|
485 | 485 |
#define P2MP 1 |
486 | 486 |
#else |
487 | 487 |
#define P2MP 0 |
... | ... |
@@ -518,7 +518,7 @@ socket_defined (const socket_descriptor_t sd) |
518 | 518 |
/* |
519 | 519 |
* Enable external private key |
520 | 520 |
*/ |
521 |
-#if defined(ENABLE_MANAGEMENT) && defined(USE_SSL) && !defined(USE_POLARSSL) |
|
521 |
+#if defined(ENABLE_MANAGEMENT) && defined(ENABLE_SSL) && !defined(ENABLE_CRYPTO_POLARSSL) |
|
522 | 522 |
#define MANAGMENT_EXTERNAL_KEY |
523 | 523 |
#endif |
524 | 524 |
|
... | ... |
@@ -567,7 +567,7 @@ socket_defined (const socket_descriptor_t sd) |
567 | 567 |
/* |
568 | 568 |
* Should we include NTLM proxy functionality |
569 | 569 |
*/ |
570 |
-#if defined(USE_CRYPTO) && defined(ENABLE_HTTP_PROXY) |
|
570 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_HTTP_PROXY) |
|
571 | 571 |
#define NTLM 1 |
572 | 572 |
#else |
573 | 573 |
#define NTLM 0 |
... | ... |
@@ -576,7 +576,7 @@ socket_defined (const socket_descriptor_t sd) |
576 | 576 |
/* |
577 | 577 |
* Should we include proxy digest auth functionality |
578 | 578 |
*/ |
579 |
-#if defined(USE_CRYPTO) && defined(ENABLE_HTTP_PROXY) |
|
579 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_HTTP_PROXY) |
|
580 | 580 |
#define PROXY_DIGEST_AUTH 1 |
581 | 581 |
#else |
582 | 582 |
#define PROXY_DIGEST_AUTH 0 |
... | ... |
@@ -592,14 +592,14 @@ socket_defined (const socket_descriptor_t sd) |
592 | 592 |
/* |
593 | 593 |
* Do we have CryptoAPI capability? |
594 | 594 |
*/ |
595 |
-#if defined(WIN32) && defined(USE_CRYPTO) && defined(USE_SSL) && defined(USE_OPENSSL) |
|
595 |
+#if defined(WIN32) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) |
|
596 | 596 |
#define ENABLE_CRYPTOAPI |
597 | 597 |
#endif |
598 | 598 |
|
599 | 599 |
/* |
600 | 600 |
* Enable x509-track feature? |
601 | 601 |
*/ |
602 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) && defined (USE_OPENSSL) |
|
602 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined (ENABLE_CRYPTO_OPENSSL) |
|
603 | 603 |
#define ENABLE_X509_TRACK |
604 | 604 |
#endif |
605 | 605 |
|
... | ... |
@@ -690,7 +690,7 @@ socket_defined (const socket_descriptor_t sd) |
690 | 690 |
/* |
691 | 691 |
* Do we support pushing peer info? |
692 | 692 |
*/ |
693 |
-#if defined(USE_CRYPTO) && defined(USE_SSL) |
|
693 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
694 | 694 |
#define ENABLE_PUSH_PEER_INFO |
695 | 695 |
#endif |
696 | 696 |
|