Remove the --disable-ssl configure option and accompanying ENABLE_SSL
defines in the master/2.4 branch, to reduce the code and testing
complexity a bit.
This does not remove to runtime option to run without SSL, just the compile
time option to not include any SSL-related code.
During the community meeting in November 2014 there were no objections
amongst he developers present. Also, this has been announced on the -users
and -devel mailing lists two weeks ago, without any response whatsoever.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <54A4248A.1090501@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9371
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -79,13 +79,6 @@ AC_ARG_ENABLE( |
79 | 79 |
) |
80 | 80 |
|
81 | 81 |
AC_ARG_ENABLE( |
82 |
- [ssl], |
|
83 |
- [AS_HELP_STRING([--disable-ssl], [disable SSL support for TLS-based key exchange @<:@default=yes@:>@])], |
|
84 |
- , |
|
85 |
- [enable_ssl="yes"] |
|
86 |
-) |
|
87 |
- |
|
88 |
-AC_ARG_ENABLE( |
|
89 | 82 |
[x509-alt-username], |
90 | 83 |
[AS_HELP_STRING([--enable-x509-alt-username], [enable the --x509-username-field feature @<:@default=no@:>@])], |
91 | 84 |
, |
... | ... |
@@ -1080,19 +1073,11 @@ case "${with_crypto_library}" in |
1080 | 1080 |
;; |
1081 | 1081 |
esac |
1082 | 1082 |
|
1083 |
-if test "${enable_ssl}" = "yes"; then |
|
1084 |
- test "${enable_crypto}" != "yes" && AC_MSG_ERROR([crypto must be enabled for ssl]) |
|
1085 |
- test "${have_crypto_ssl}" != "yes" && AC_MSG_ERROR([${with_ssl_library} ssl is required but missing]) |
|
1086 |
- OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_SSL_CFLAGS}" |
|
1087 |
- OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_SSL_LIBS}" |
|
1088 |
- AC_DEFINE([ENABLE_SSL], [1], [Enable ssl library]) |
|
1089 |
-fi |
|
1090 |
- |
|
1091 | 1083 |
if test "${enable_crypto}" = "yes"; then |
1092 | 1084 |
test "${have_crypto_crypto}" != "yes" && AC_MSG_ERROR([${with_crypto_library} crypto is required but missing]) |
1093 | 1085 |
test "${enable_crypto_ofb_cfb}" = "yes" && AC_DEFINE([ENABLE_OFB_CFB_MODE], [1], [Enable OFB and CFB cipher modes]) |
1094 |
- OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS}" |
|
1095 |
- OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS}" |
|
1086 |
+ OPTIONAL_CRYPTO_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${CRYPTO_CRYPTO_CFLAGS} ${CRYPTO_SSL_CFLAGS}" |
|
1087 |
+ OPTIONAL_CRYPTO_LIBS="${OPTIONAL_CRYPTO_LIBS} ${CRYPTO_CRYPTO_LIBS} ${CRYPTO_SSL_LIBS}" |
|
1096 | 1088 |
AC_DEFINE([ENABLE_CRYPTO], [1], [Enable crypto library]) |
1097 | 1089 |
fi |
1098 | 1090 |
|
... | ... |
@@ -1135,7 +1120,7 @@ fi |
1135 | 1135 |
|
1136 | 1136 |
if test "${enable_pkcs11}" = "yes"; then |
1137 | 1137 |
test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing]) |
1138 |
- test "${enable_ssl}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if SSL is enabled]) |
|
1138 |
+ test "${enable_crypto}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if crypto is enabled]) |
|
1139 | 1139 |
OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}" |
1140 | 1140 |
OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}" |
1141 | 1141 |
AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11]) |
... | ... |
@@ -60,12 +60,12 @@ |
60 | 60 |
* |
61 | 61 |
* @par Settings that control this module's activity |
62 | 62 |
* Whether or not the Data Channel Crypto module is active depends on the |
63 |
- * compile-time \c ENABLE_CRYPTO and \c ENABLE_SSL preprocessor macros. How it |
|
64 |
- * processes packets received from the \link data_control Data Channel |
|
65 |
- * Control module\endlink at runtime depends on the associated \c |
|
66 |
- * crypto_options structure. To perform cryptographic operations, the \c |
|
67 |
- * crypto_options.key_ctx_bi must contain the correct cipher and HMAC |
|
68 |
- * security parameters for the direction the packet is traveling in. |
|
63 |
+ * compile-time \c ENABLE_CRYPTO preprocessor macro. How it processes packets |
|
64 |
+ * received from the \link data_control Data Channel Control module\endlink at |
|
65 |
+ * runtime depends on the associated \c crypto_options structure. To perform |
|
66 |
+ * cryptographic operations, the \c crypto_options.key_ctx_bi must contain the |
|
67 |
+ * correct cipher and HMAC security parameters for the direction the packet is |
|
68 |
+ * traveling in. |
|
69 | 69 |
* |
70 | 70 |
* @par Crypto algorithms |
71 | 71 |
* This module uses the crypto algorithm implementations of the external |
... | ... |
@@ -235,7 +235,7 @@ EXPAND_ONLY_PREDEF = NO |
235 | 235 |
SEARCH_INCLUDES = YES |
236 | 236 |
INCLUDE_PATH = |
237 | 237 |
INCLUDE_FILE_PATTERNS = |
238 |
-PREDEFINED = WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER ENABLE_CRYPTO ENABLE_CRYPTO_OPENSSL ENABLE_SSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY |
|
238 |
+PREDEFINED = WIN32 NTLM USE_LZO ENABLE_FRAGMENT P2MP P2MP_SERVER ENABLE_CRYPTO ENABLE_CRYPTO_OPENSSL ENABLE_PLUGIN ENABLE_MANAGEMENT ENABLE_OCC HAVE_GETTIMEOFDAY |
|
239 | 239 |
EXPAND_AS_DEFINED = |
240 | 240 |
SKIP_FUNCTION_MACROS = YES |
241 | 241 |
#--------------------------------------------------------------------------- |
... | ... |
@@ -27,7 +27,7 @@ |
27 | 27 |
|
28 | 28 |
#define OPENVPN_PLUGIN_VERSION 3 |
29 | 29 |
|
30 |
-#ifdef ENABLE_SSL |
|
30 |
+#ifdef ENABLE_CRYPTO |
|
31 | 31 |
#ifdef ENABLE_CRYPTO_POLARSSL |
32 | 32 |
#include <polarssl/x509_crt.h> |
33 | 33 |
#ifndef __OPENVPN_X509_CERT_T_DECLARED |
... | ... |
@@ -358,9 +358,9 @@ struct openvpn_plugin_args_open_return |
358 | 358 |
* *per_client_context : the per-client context pointer which was returned by |
359 | 359 |
* openvpn_plugin_client_constructor_v1, if defined. |
360 | 360 |
* |
361 |
- * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with ENABLE_SSL defined) |
|
361 |
+ * current_cert_depth : Certificate depth of the certificate being passed over (only if compiled with ENABLE_CRYPTO defined) |
|
362 | 362 |
* |
363 |
- * *current_cert : X509 Certificate object received from the client (only if compiled with ENABLE_SSL defined) |
|
363 |
+ * *current_cert : X509 Certificate object received from the client (only if compiled with ENABLE_CRYPTO defined) |
|
364 | 364 |
* |
365 | 365 |
*/ |
366 | 366 |
struct openvpn_plugin_args_func_in |
... | ... |
@@ -370,7 +370,7 @@ struct openvpn_plugin_args_func_in |
370 | 370 |
const char ** const envp; |
371 | 371 |
openvpn_plugin_handle_t handle; |
372 | 372 |
void *per_client_context; |
373 |
-#ifdef ENABLE_SSL |
|
373 |
+#ifdef ENABLE_CRYPTO |
|
374 | 374 |
int current_cert_depth; |
375 | 375 |
openvpn_x509_cert_t *current_cert; |
376 | 376 |
#else |
... | ... |
@@ -726,8 +726,6 @@ test_crypto (const struct crypto_options *co, struct frame* frame) |
726 | 726 |
gc_free (&gc); |
727 | 727 |
} |
728 | 728 |
|
729 |
-#ifdef ENABLE_SSL |
|
730 |
- |
|
731 | 729 |
void |
732 | 730 |
get_tls_handshake_key (const struct key_type *key_type, |
733 | 731 |
struct key_ctx_bi *ctx, |
... | ... |
@@ -799,7 +797,6 @@ get_tls_handshake_key (const struct key_type *key_type, |
799 | 799 |
CLEAR (*ctx); |
800 | 800 |
} |
801 | 801 |
} |
802 |
-#endif |
|
803 | 802 |
|
804 | 803 |
/* header and footer for static key file */ |
805 | 804 |
static const char static_key_head[] = "-----BEGIN OpenVPN Static key V1-----"; |
... | ... |
@@ -1322,23 +1319,6 @@ get_random() |
1322 | 1322 |
return l; |
1323 | 1323 |
} |
1324 | 1324 |
|
1325 |
-#ifndef ENABLE_SSL |
|
1326 |
- |
|
1327 |
-void |
|
1328 |
-init_ssl_lib (void) |
|
1329 |
-{ |
|
1330 |
- crypto_init_lib (); |
|
1331 |
-} |
|
1332 |
- |
|
1333 |
-void |
|
1334 |
-free_ssl_lib (void) |
|
1335 |
-{ |
|
1336 |
- crypto_uninit_lib (); |
|
1337 |
- prng_uninit(); |
|
1338 |
-} |
|
1339 |
- |
|
1340 |
-#endif /* ENABLE_SSL */ |
|
1341 |
- |
|
1342 | 1325 |
/* |
1343 | 1326 |
* md5 functions |
1344 | 1327 |
*/ |
... | ... |
@@ -413,8 +413,6 @@ void key2_print (const struct key2* k, |
413 | 413 |
const char* prefix0, |
414 | 414 |
const char* prefix1); |
415 | 415 |
|
416 |
-#ifdef ENABLE_SSL |
|
417 |
- |
|
418 | 416 |
#define GHK_INLINE (1<<0) |
419 | 417 |
void get_tls_handshake_key (const struct key_type *key_type, |
420 | 418 |
struct key_ctx_bi *ctx, |
... | ... |
@@ -422,13 +420,6 @@ void get_tls_handshake_key (const struct key_type *key_type, |
422 | 422 |
const int key_direction, |
423 | 423 |
const unsigned int flags); |
424 | 424 |
|
425 |
-#else |
|
426 |
- |
|
427 |
-void init_ssl_lib (void); |
|
428 |
-void free_ssl_lib (void); |
|
429 |
- |
|
430 |
-#endif /* ENABLE_SSL */ |
|
431 |
- |
|
432 | 425 |
/* |
433 | 426 |
* md5 functions |
434 | 427 |
*/ |
... | ... |
@@ -145,14 +145,6 @@ crypto_init_lib_engine (const char *engine_name) |
145 | 145 |
void |
146 | 146 |
crypto_init_lib (void) |
147 | 147 |
{ |
148 |
-#ifndef ENABLE_SSL |
|
149 |
- /* If SSL is enabled init is taken care of in ssl_openssl.c */ |
|
150 |
-#ifndef ENABLE_SMALL |
|
151 |
- ERR_load_crypto_strings (); |
|
152 |
-#endif |
|
153 |
- OpenSSL_add_all_algorithms (); |
|
154 |
-#endif |
|
155 |
- |
|
156 | 148 |
/* |
157 | 149 |
* If you build the OpenSSL library and OpenVPN with |
158 | 150 |
* CRYPTO_MDEBUG, you will get a listing of OpenSSL |
... | ... |
@@ -167,14 +159,6 @@ crypto_init_lib (void) |
167 | 167 |
void |
168 | 168 |
crypto_uninit_lib (void) |
169 | 169 |
{ |
170 |
-#ifndef ENABLE_SSL |
|
171 |
- /* If SSL is enabled cleanup is taken care of in ssl_openssl.c */ |
|
172 |
- EVP_cleanup (); |
|
173 |
-#ifndef ENABLE_SMALL |
|
174 |
- ERR_free_strings (); |
|
175 |
-#endif |
|
176 |
-#endif |
|
177 |
- |
|
178 | 170 |
#ifdef CRYPTO_MDEBUG |
179 | 171 |
FILE* fp = fopen ("sdlog", "w"); |
180 | 172 |
ASSERT (fp); |
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
static inline void |
36 | 36 |
check_tls (struct context *c) |
37 | 37 |
{ |
38 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
38 |
+#if defined(ENABLE_CRYPTO) |
|
39 | 39 |
void check_tls_dowork (struct context *c); |
40 | 40 |
if (c->c2.tls_multi) |
41 | 41 |
check_tls_dowork (c); |
... | ... |
@@ -49,7 +49,7 @@ check_tls (struct context *c) |
49 | 49 |
static inline void |
50 | 50 |
check_tls_errors (struct context *c) |
51 | 51 |
{ |
52 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
52 |
+#if defined(ENABLE_CRYPTO) |
|
53 | 53 |
void check_tls_errors_co (struct context *c); |
54 | 54 |
void check_tls_errors_nco (struct context *c); |
55 | 55 |
if (c->c2.tls_multi && c->c2.tls_exit_signal) |
... | ... |
@@ -88,7 +88,7 @@ show_wait_status (struct context *c) |
88 | 88 |
* traffic on the control-channel. |
89 | 89 |
* |
90 | 90 |
*/ |
91 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
91 |
+#ifdef ENABLE_CRYPTO |
|
92 | 92 |
void |
93 | 93 |
check_tls_dowork (struct context *c) |
94 | 94 |
{ |
... | ... |
@@ -117,9 +117,6 @@ check_tls_dowork (struct context *c) |
117 | 117 |
if (wakeup) |
118 | 118 |
context_reschedule_sec (c, wakeup); |
119 | 119 |
} |
120 |
-#endif |
|
121 |
- |
|
122 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
123 | 120 |
|
124 | 121 |
void |
125 | 122 |
check_tls_errors_co (struct context *c) |
... | ... |
@@ -133,8 +130,7 @@ check_tls_errors_nco (struct context *c) |
133 | 133 |
{ |
134 | 134 |
register_signal (c, c->c2.tls_exit_signal, "tls-error"); /* SOFT-SIGUSR1 -- TLS error */ |
135 | 135 |
} |
136 |
- |
|
137 |
-#endif |
|
136 |
+#endif /* ENABLE_CRYPTO */ |
|
138 | 137 |
|
139 | 138 |
#if P2MP |
140 | 139 |
|
... | ... |
@@ -239,7 +235,7 @@ check_connection_established_dowork (struct context *c) |
239 | 239 |
bool |
240 | 240 |
send_control_channel_string (struct context *c, const char *str, int msglevel) |
241 | 241 |
{ |
242 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
242 |
+#ifdef ENABLE_CRYPTO |
|
243 | 243 |
if (c->c2.tls_multi) { |
244 | 244 |
struct gc_arena gc = gc_new (); |
245 | 245 |
bool stat; |
... | ... |
@@ -264,7 +260,7 @@ send_control_channel_string (struct context *c, const char *str, int msglevel) |
264 | 264 |
gc_free (&gc); |
265 | 265 |
return stat; |
266 | 266 |
} |
267 |
-#endif |
|
267 |
+#endif /* ENABLE_CRYPTO */ |
|
268 | 268 |
return true; |
269 | 269 |
} |
270 | 270 |
|
... | ... |
@@ -457,7 +453,6 @@ encrypt_sign (struct context *c, bool comp_frag) |
457 | 457 |
} |
458 | 458 |
|
459 | 459 |
#ifdef ENABLE_CRYPTO |
460 |
-#ifdef ENABLE_SSL |
|
461 | 460 |
/* |
462 | 461 |
* If TLS mode, get the key we will use to encrypt |
463 | 462 |
* the packet. |
... | ... |
@@ -466,7 +461,6 @@ encrypt_sign (struct context *c, bool comp_frag) |
466 | 466 |
{ |
467 | 467 |
tls_pre_encrypt (c->c2.tls_multi, &c->c2.buf, &c->c2.crypto_options); |
468 | 468 |
} |
469 |
-#endif |
|
470 | 469 |
|
471 | 470 |
/* |
472 | 471 |
* Encrypt the packet and write an optional |
... | ... |
@@ -480,7 +474,6 @@ encrypt_sign (struct context *c, bool comp_frag) |
480 | 480 |
link_socket_get_outgoing_addr (&c->c2.buf, get_link_socket_info (c), |
481 | 481 |
&c->c2.to_link_addr); |
482 | 482 |
#ifdef ENABLE_CRYPTO |
483 |
-#ifdef ENABLE_SSL |
|
484 | 483 |
/* |
485 | 484 |
* In TLS mode, prepend the appropriate one-byte opcode |
486 | 485 |
* to the packet which identifies it as a data channel |
... | ... |
@@ -493,7 +486,6 @@ encrypt_sign (struct context *c, bool comp_frag) |
493 | 493 |
tls_post_encrypt (c->c2.tls_multi, &c->c2.buf); |
494 | 494 |
} |
495 | 495 |
#endif |
496 |
-#endif |
|
497 | 496 |
|
498 | 497 |
/* if null encryption, copy result to read_tun_buf */ |
499 | 498 |
buffer_turnover (orig_buf, &c->c2.to_link, &c->c2.buf, &b->read_tun_buf); |
... | ... |
@@ -783,7 +775,6 @@ process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bo |
783 | 783 |
link_socket_bad_incoming_addr (&c->c2.buf, lsi, &c->c2.from); |
784 | 784 |
|
785 | 785 |
#ifdef ENABLE_CRYPTO |
786 |
-#ifdef ENABLE_SSL |
|
787 | 786 |
if (c->c2.tls_multi) |
788 | 787 |
{ |
789 | 788 |
/* |
... | ... |
@@ -813,7 +804,6 @@ process_incoming_link_part1 (struct context *c, struct link_socket_info *lsi, bo |
813 | 813 |
if (c->c2.context_auth != CAS_SUCCEEDED) |
814 | 814 |
c->c2.buf.len = 0; |
815 | 815 |
#endif |
816 |
-#endif /* ENABLE_SSL */ |
|
817 | 816 |
|
818 | 817 |
/* authenticate and decrypt the incoming packet */ |
819 | 818 |
decrypt_status = openvpn_decrypt (&c->c2.buf, c->c2.buffers->decrypt_buf, &c->c2.crypto_options, &c->c2.frame); |
... | ... |
@@ -410,7 +410,7 @@ next_connection_entry (struct context *c) |
410 | 410 |
static void |
411 | 411 |
init_query_passwords (struct context *c) |
412 | 412 |
{ |
413 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
413 |
+#ifdef ENABLE_CRYPTO |
|
414 | 414 |
/* Certificate password input */ |
415 | 415 |
if (c->options.key_pass_file) |
416 | 416 |
pem_password_setup (c->options.key_pass_file); |
... | ... |
@@ -792,7 +792,7 @@ uninit_static (void) |
792 | 792 |
close_port_share (); |
793 | 793 |
#endif |
794 | 794 |
|
795 |
-#if defined(MEASURE_TLS_HANDSHAKE_STATS) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
795 |
+#if defined(MEASURE_TLS_HANDSHAKE_STATS) && defined(ENABLE_CRYPTO) |
|
796 | 796 |
show_tls_performance_stats (); |
797 | 797 |
#endif |
798 | 798 |
} |
... | ... |
@@ -835,10 +835,7 @@ print_openssl_info (const struct options *options) |
835 | 835 |
*/ |
836 | 836 |
#ifdef ENABLE_CRYPTO |
837 | 837 |
if (options->show_ciphers || options->show_digests || options->show_engines |
838 |
-#ifdef ENABLE_SSL |
|
839 |
- || options->show_tls_ciphers || options->show_curves |
|
840 |
-#endif |
|
841 |
- ) |
|
838 |
+ || options->show_tls_ciphers || options->show_curves) |
|
842 | 839 |
{ |
843 | 840 |
if (options->show_ciphers) |
844 | 841 |
show_available_ciphers (); |
... | ... |
@@ -846,12 +843,10 @@ print_openssl_info (const struct options *options) |
846 | 846 |
show_available_digests (); |
847 | 847 |
if (options->show_engines) |
848 | 848 |
show_available_engines (); |
849 |
-#ifdef ENABLE_SSL |
|
850 | 849 |
if (options->show_tls_ciphers) |
851 | 850 |
show_available_tls_ciphers (options->cipher_list); |
852 | 851 |
if (options->show_curves) |
853 | 852 |
show_available_curves(); |
854 |
-#endif |
|
855 | 853 |
return true; |
856 | 854 |
} |
857 | 855 |
#endif |
... | ... |
@@ -901,10 +896,8 @@ do_persist_tuntap (const struct options *options) |
901 | 901 |
|| options->ifconfig_remote_netmask |
902 | 902 |
#ifdef ENABLE_CRYPTO |
903 | 903 |
|| options->shared_secret_file |
904 |
-#ifdef ENABLE_SSL |
|
905 | 904 |
|| options->tls_server || options->tls_client |
906 | 905 |
#endif |
907 |
-#endif |
|
908 | 906 |
) |
909 | 907 |
msg (M_FATAL|M_OPTERR, |
910 | 908 |
"options --mktun or --rmtun should only be used together with --dev"); |
... | ... |
@@ -1012,7 +1005,7 @@ const char * |
1012 | 1012 |
format_common_name (struct context *c, struct gc_arena *gc) |
1013 | 1013 |
{ |
1014 | 1014 |
struct buffer out = alloc_buf_gc (256, gc); |
1015 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1015 |
+#ifdef ENABLE_CRYPTO |
|
1016 | 1016 |
if (c->c2.tls_multi) |
1017 | 1017 |
{ |
1018 | 1018 |
buf_printf (&out, "[%s] ", tls_common_name (c->c2.tls_multi, false)); |
... | ... |
@@ -1102,9 +1095,7 @@ do_init_timers (struct context *c, bool deferred) |
1102 | 1102 |
#ifdef ENABLE_CRYPTO |
1103 | 1103 |
if (c->options.packet_id_file) |
1104 | 1104 |
event_timeout_init (&c->c2.packet_id_persist_interval, 60, now); |
1105 |
-#endif |
|
1106 | 1105 |
|
1107 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1108 | 1106 |
/* initialize tmp_int optimization that limits the number of times we call |
1109 | 1107 |
tls_multi_process in the main event loop */ |
1110 | 1108 |
interval_init (&c->c2.tmp_int, TLS_MULTI_HORIZON, TLS_MULTI_REFRESH); |
... | ... |
@@ -1797,7 +1788,7 @@ do_deferred_options (struct context *c, const unsigned int found) |
1797 | 1797 |
if (found & OPT_P_SETENV) |
1798 | 1798 |
msg (D_PUSH, "OPTIONS IMPORT: environment modified"); |
1799 | 1799 |
|
1800 |
-#ifdef ENABLE_SSL |
|
1800 |
+#ifdef ENABLE_CRYPTO |
|
1801 | 1801 |
if (found & OPT_P_PEER_ID) |
1802 | 1802 |
{ |
1803 | 1803 |
msg (D_PUSH, "OPTIONS IMPORT: peer-id set"); |
... | ... |
@@ -1928,13 +1919,11 @@ key_schedule_free (struct key_schedule *ks, bool free_ssl_ctx) |
1928 | 1928 |
{ |
1929 | 1929 |
#ifdef ENABLE_CRYPTO |
1930 | 1930 |
free_key_ctx_bi (&ks->static_key); |
1931 |
-#ifdef ENABLE_SSL |
|
1932 | 1931 |
if (tls_ctx_initialised(&ks->ssl_ctx) && free_ssl_ctx) |
1933 | 1932 |
{ |
1934 | 1933 |
tls_ctx_free (&ks->ssl_ctx); |
1935 | 1934 |
free_key_ctx_bi (&ks->tls_auth_key); |
1936 | 1935 |
} |
1937 |
-#endif /* ENABLE_SSL */ |
|
1938 | 1936 |
#endif /* ENABLE_CRYPTO */ |
1939 | 1937 |
CLEAR (*ks); |
1940 | 1938 |
} |
... | ... |
@@ -2054,8 +2043,6 @@ do_init_crypto_static (struct context *c, const unsigned int flags) |
2054 | 2054 |
options->use_iv); |
2055 | 2055 |
} |
2056 | 2056 |
|
2057 |
-#ifdef ENABLE_SSL |
|
2058 |
- |
|
2059 | 2057 |
/* |
2060 | 2058 |
* Initialize the persistent component of OpenVPN's TLS mode, |
2061 | 2059 |
* which is preserved across SIGUSR1 resets. |
... | ... |
@@ -2303,10 +2290,6 @@ do_init_finalize_tls_frame (struct context *c) |
2303 | 2303 |
} |
2304 | 2304 |
} |
2305 | 2305 |
|
2306 |
-#endif /* ENABLE_SSL */ |
|
2307 |
-#endif /* ENABLE_CRYPTO */ |
|
2308 |
- |
|
2309 |
-#ifdef ENABLE_CRYPTO |
|
2310 | 2306 |
/* |
2311 | 2307 |
* No encryption or authentication. |
2312 | 2308 |
*/ |
... | ... |
@@ -2325,16 +2308,14 @@ do_init_crypto (struct context *c, const unsigned int flags) |
2325 | 2325 |
#ifdef ENABLE_CRYPTO |
2326 | 2326 |
if (c->options.shared_secret_file) |
2327 | 2327 |
do_init_crypto_static (c, flags); |
2328 |
-#ifdef ENABLE_SSL |
|
2329 | 2328 |
else if (c->options.tls_server || c->options.tls_client) |
2330 | 2329 |
do_init_crypto_tls (c, flags); |
2331 |
-#endif |
|
2332 | 2330 |
else /* no encryption or authentication. */ |
2333 | 2331 |
do_init_crypto_none (c); |
2334 | 2332 |
#else /* ENABLE_CRYPTO */ |
2335 | 2333 |
msg (M_WARN, |
2336 | 2334 |
"******* WARNING *******: " PACKAGE_NAME |
2337 |
- " built without OpenSSL -- encryption and authentication features disabled -- all data will be tunnelled as cleartext"); |
|
2335 |
+ " built without crypto library -- encryption and authentication features disabled -- all data will be tunnelled as cleartext"); |
|
2338 | 2336 |
#endif /* ENABLE_CRYPTO */ |
2339 | 2337 |
} |
2340 | 2338 |
|
... | ... |
@@ -2503,7 +2484,6 @@ do_option_warnings (struct context *c) |
2503 | 2503 |
if (!o->use_iv) |
2504 | 2504 |
msg (M_WARN, "WARNING: You have disabled Crypto IVs (--no-iv) which may make " PACKAGE_NAME " less secure"); |
2505 | 2505 |
|
2506 |
-#ifdef ENABLE_SSL |
|
2507 | 2506 |
if (o->tls_server) |
2508 | 2507 |
warn_on_use_of_common_subnets (); |
2509 | 2508 |
if (o->tls_client |
... | ... |
@@ -2513,7 +2493,6 @@ do_option_warnings (struct context *c) |
2513 | 2513 |
&& !o->remote_cert_eku) |
2514 | 2514 |
msg (M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."); |
2515 | 2515 |
#endif |
2516 |
-#endif |
|
2517 | 2516 |
|
2518 | 2517 |
#ifndef CONNECT_NONBLOCK |
2519 | 2518 |
if (o->ce.connect_timeout_defined) |
... | ... |
@@ -2535,7 +2514,7 @@ do_option_warnings (struct context *c) |
2535 | 2535 |
static void |
2536 | 2536 |
do_init_frame_tls (struct context *c) |
2537 | 2537 |
{ |
2538 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
2538 |
+#ifdef ENABLE_CRYPTO |
|
2539 | 2539 |
do_init_finalize_tls_frame (c); |
2540 | 2540 |
#endif |
2541 | 2541 |
} |
... | ... |
@@ -2733,9 +2712,7 @@ do_compute_occ_strings (struct context *c) |
2733 | 2733 |
options_string_version (c->c2.options_string_remote, &gc), |
2734 | 2734 |
md5sum ((uint8_t*)c->c2.options_string_remote, |
2735 | 2735 |
strlen (c->c2.options_string_remote), 9, &gc)); |
2736 |
-#endif |
|
2737 | 2736 |
|
2738 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
2739 | 2737 |
if (c->c2.tls_multi) |
2740 | 2738 |
tls_multi_init_set_options (c->c2.tls_multi, |
2741 | 2739 |
c->c2.options_string_local, |
... | ... |
@@ -2821,7 +2798,7 @@ do_close_free_buf (struct context *c) |
2821 | 2821 |
static void |
2822 | 2822 |
do_close_tls (struct context *c) |
2823 | 2823 |
{ |
2824 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
2824 |
+#ifdef ENABLE_CRYPTO |
|
2825 | 2825 |
if (c->c2.tls_multi) |
2826 | 2826 |
{ |
2827 | 2827 |
tls_multi_free (c->c2.tls_multi, true); |
... | ... |
@@ -3072,7 +3049,7 @@ do_setup_fast_io (struct context *c) |
3072 | 3072 |
static void |
3073 | 3073 |
do_signal_on_tls_errors (struct context *c) |
3074 | 3074 |
{ |
3075 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
3075 |
+#ifdef ENABLE_CRYPTO |
|
3076 | 3076 |
if (c->options.tls_exit) |
3077 | 3077 |
c->c2.tls_exit_signal = SIGTERM; |
3078 | 3078 |
else |
... | ... |
@@ -3624,12 +3601,10 @@ inherit_context_child (struct context *dest, |
3624 | 3624 |
|
3625 | 3625 |
#ifdef ENABLE_CRYPTO |
3626 | 3626 |
dest->c1.ks.key_type = src->c1.ks.key_type; |
3627 |
-#ifdef ENABLE_SSL |
|
3628 | 3627 |
/* inherit SSL context */ |
3629 | 3628 |
dest->c1.ks.ssl_ctx = src->c1.ks.ssl_ctx; |
3630 | 3629 |
dest->c1.ks.tls_auth_key = src->c1.ks.tls_auth_key; |
3631 | 3630 |
#endif |
3632 |
-#endif |
|
3633 | 3631 |
|
3634 | 3632 |
/* options */ |
3635 | 3633 |
dest->options = src->options; |
... | ... |
@@ -3701,7 +3676,7 @@ inherit_context_top (struct context *dest, |
3701 | 3701 |
/* detach plugins */ |
3702 | 3702 |
dest->plugins_owned = false; |
3703 | 3703 |
|
3704 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
3704 |
+#ifdef ENABLE_CRYPTO |
|
3705 | 3705 |
dest->c2.tls_multi = NULL; |
3706 | 3706 |
#endif |
3707 | 3707 |
|
... | ... |
@@ -701,7 +701,7 @@ man_query_need_str (struct management *man, const char *type, const char *action |
701 | 701 |
static void |
702 | 702 |
man_forget_passwords (struct management *man) |
703 | 703 |
{ |
704 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
704 |
+#ifdef ENABLE_CRYPTO |
|
705 | 705 |
ssl_purge_auth (false); |
706 | 706 |
msg (M_CLIENT, "SUCCESS: Passwords were forgotten"); |
707 | 707 |
#endif |
... | ... |
@@ -1695,7 +1695,7 @@ man_reset_client_socket (struct management *man, const bool exiting) |
1695 | 1695 |
} |
1696 | 1696 |
if (!exiting) |
1697 | 1697 |
{ |
1698 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1698 |
+#ifdef ENABLE_CRYPTO |
|
1699 | 1699 |
if (man->settings.flags & MF_FORGET_DISCONNECT) |
1700 | 1700 |
ssl_purge_auth (false); |
1701 | 1701 |
#endif |
... | ... |
@@ -62,14 +62,11 @@ struct key_schedule |
62 | 62 |
/* pre-shared static key, read from a file */ |
63 | 63 |
struct key_ctx_bi static_key; |
64 | 64 |
|
65 |
-#ifdef ENABLE_SSL |
|
66 | 65 |
/* our global SSL context */ |
67 | 66 |
struct tls_root_ctx ssl_ctx; |
68 | 67 |
|
69 | 68 |
/* optional authentication HMAC key for TLS control channel */ |
70 | 69 |
struct key_ctx_bi tls_auth_key; |
71 |
- |
|
72 |
-#endif /* ENABLE_SSL */ |
|
73 | 70 |
#else /* ENABLE_CRYPTO */ |
74 | 71 |
int dummy; |
75 | 72 |
#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -335,8 +332,6 @@ struct context_2 |
335 | 335 |
/* |
336 | 336 |
* TLS-mode crypto objects. |
337 | 337 |
*/ |
338 |
-#ifdef ENABLE_SSL |
|
339 |
- |
|
340 | 338 |
struct tls_multi *tls_multi; /**< TLS state structure for this VPN |
341 | 339 |
* tunnel. */ |
342 | 340 |
|
... | ... |
@@ -357,8 +352,6 @@ struct context_2 |
357 | 357 |
/* throw this signal on TLS errors */ |
358 | 358 |
int tls_exit_signal; |
359 | 359 |
|
360 |
-#endif /* ENABLE_SSL */ |
|
361 |
- |
|
362 | 360 |
struct crypto_options crypto_options; |
363 | 361 |
/**< Security parameters and crypto state |
364 | 362 |
* used by the \link data_crypto Data |
... | ... |
@@ -566,7 +559,7 @@ struct context |
566 | 566 |
* have been compiled in. |
567 | 567 |
*/ |
568 | 568 |
|
569 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
569 |
+#ifdef ENABLE_CRYPTO |
|
570 | 570 |
#define TLS_MODE(c) ((c)->c2.tls_multi != NULL) |
571 | 571 |
#define PROTO_DUMP_FLAGS (check_debug_level (D_LINK_RW_VERBOSE) ? (PD_SHOW_DATA|PD_VERBOSE) : 0) |
572 | 572 |
#define PROTO_DUMP(buf, gc) protocol_dump((buf), \ |
... | ... |
@@ -68,7 +68,6 @@ const char title_string[] = |
68 | 68 |
#endif |
69 | 69 |
" " TARGET_ALIAS |
70 | 70 |
#ifdef ENABLE_CRYPTO |
71 |
-#ifdef ENABLE_SSL |
|
72 | 71 |
#if defined(ENABLE_CRYPTO_POLARSSL) |
73 | 72 |
" [SSL (PolarSSL)]" |
74 | 73 |
#elif defined(ENABLE_CRYPTO_OPENSSL) |
... | ... |
@@ -76,15 +75,6 @@ const char title_string[] = |
76 | 76 |
#else |
77 | 77 |
" [SSL]" |
78 | 78 |
#endif /* defined(ENABLE_CRYPTO_POLARSSL) */ |
79 |
-#else /* ! ENABLE_SSL */ |
|
80 |
-#if defined(ENABLE_CRYPTO_POLARSSL) |
|
81 |
- " [CRYPTO (PolarSSL)]" |
|
82 |
-#elif defined(ENABLE_CRYPTO_OPENSSL) |
|
83 |
- " [CRYPTO (OpenSSL)]" |
|
84 |
-#else |
|
85 |
- " [CRYPTO]" |
|
86 |
-#endif /* defined(ENABLE_CRYPTO_POLARSSL) */ |
|
87 |
-#endif /* ENABLE_SSL */ |
|
88 | 79 |
#endif /* ENABLE_CRYPTO */ |
89 | 80 |
#ifdef USE_COMP |
90 | 81 |
#ifdef ENABLE_LZO |
... | ... |
@@ -548,7 +538,6 @@ static const char usage_message[] = |
548 | 548 |
"--use-prediction-resistance: Enable prediction resistance on the random\n" |
549 | 549 |
" number generator.\n" |
550 | 550 |
#endif |
551 |
-#ifdef ENABLE_SSL |
|
552 | 551 |
"\n" |
553 | 552 |
"TLS Key Negotiation Options:\n" |
554 | 553 |
"(These options are meaningful only for TLS-mode)\n" |
... | ... |
@@ -633,7 +622,6 @@ static const char usage_message[] = |
633 | 633 |
"--remote-cert-tls t: Require that peer certificate was signed with explicit\n" |
634 | 634 |
" key usage and extended key usage based on RFC3280 TLS rules.\n" |
635 | 635 |
" t = 'client' | 'server'.\n" |
636 |
-#endif /* ENABLE_SSL */ |
|
637 | 636 |
#ifdef ENABLE_PKCS11 |
638 | 637 |
"\n" |
639 | 638 |
"PKCS#11 Options:\n" |
... | ... |
@@ -658,9 +646,7 @@ static const char usage_message[] = |
658 | 658 |
"--show-ciphers : Show cipher algorithms to use with --cipher option.\n" |
659 | 659 |
"--show-digests : Show message digest algorithms to use with --auth option.\n" |
660 | 660 |
"--show-engines : Show hardware crypto accelerator engines (if available).\n" |
661 |
-#ifdef ENABLE_SSL |
|
662 | 661 |
"--show-tls : Show all TLS ciphers (TLS used only as a control channel).\n" |
663 |
-#endif |
|
664 | 662 |
#ifdef WIN32 |
665 | 663 |
"\n" |
666 | 664 |
"Windows Specific:\n" |
... | ... |
@@ -846,7 +832,6 @@ init_options (struct options *o, const bool init_gc) |
846 | 846 |
#ifdef ENABLE_PREDICTION_RESISTANCE |
847 | 847 |
o->use_prediction_resistance = false; |
848 | 848 |
#endif |
849 |
-#ifdef ENABLE_SSL |
|
850 | 849 |
o->key_method = 2; |
851 | 850 |
o->tls_timeout = 2; |
852 | 851 |
o->renegotiate_seconds = 3600; |
... | ... |
@@ -856,7 +841,6 @@ init_options (struct options *o, const bool init_gc) |
856 | 856 |
#ifdef ENABLE_X509ALTUSERNAME |
857 | 857 |
o->x509_username_field = X509_USERNAME_FIELD_DEFAULT; |
858 | 858 |
#endif |
859 |
-#endif /* ENABLE_SSL */ |
|
860 | 859 |
#endif /* ENABLE_CRYPTO */ |
861 | 860 |
#ifdef ENABLE_PKCS11 |
862 | 861 |
o->pkcs11_pin_cache_period = -1; |
... | ... |
@@ -1047,7 +1031,7 @@ string_substitute (const char *src, int from, int to, struct gc_arena *gc) |
1047 | 1047 |
return ret; |
1048 | 1048 |
} |
1049 | 1049 |
|
1050 |
-#ifdef ENABLE_SSL |
|
1050 |
+#ifdef ENABLE_CRYPTO |
|
1051 | 1051 |
static uint8_t * |
1052 | 1052 |
parse_hash_fingerprint(const char *str, int nbytes, int msglevel, struct gc_arena *gc) |
1053 | 1053 |
{ |
... | ... |
@@ -1430,11 +1414,9 @@ show_settings (const struct options *o) |
1430 | 1430 |
SHOW_BOOL (show_digests); |
1431 | 1431 |
SHOW_BOOL (show_engines); |
1432 | 1432 |
SHOW_BOOL (genkey); |
1433 |
-#ifdef ENABLE_SSL |
|
1434 | 1433 |
SHOW_STR (key_pass_file); |
1435 | 1434 |
SHOW_BOOL (show_tls_ciphers); |
1436 | 1435 |
#endif |
1437 |
-#endif |
|
1438 | 1436 |
|
1439 | 1437 |
SHOW_INT (connect_retry_max); |
1440 | 1438 |
show_connection_entries (o); |
... | ... |
@@ -1588,7 +1570,6 @@ show_settings (const struct options *o) |
1588 | 1588 |
SHOW_BOOL (use_prediction_resistance); |
1589 | 1589 |
#endif |
1590 | 1590 |
|
1591 |
-#ifdef ENABLE_SSL |
|
1592 | 1591 |
SHOW_BOOL (tls_server); |
1593 | 1592 |
SHOW_BOOL (tls_client); |
1594 | 1593 |
SHOW_INT (key_method); |
... | ... |
@@ -1640,8 +1621,7 @@ show_settings (const struct options *o) |
1640 | 1640 |
SHOW_BOOL (tls_exit); |
1641 | 1641 |
|
1642 | 1642 |
SHOW_STR (tls_auth_file); |
1643 |
-#endif |
|
1644 |
-#endif |
|
1643 |
+#endif /* ENABLE_CRYPTO */ |
|
1645 | 1644 |
|
1646 | 1645 |
#ifdef ENABLE_PKCS11 |
1647 | 1646 |
{ |
... | ... |
@@ -1857,7 +1837,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
1857 | 1857 |
msg (M_USAGE, "--inetd nowait can only be used with --proto tcp-server"); |
1858 | 1858 |
|
1859 | 1859 |
if (options->inetd == INETD_NOWAIT |
1860 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
1860 |
+#ifdef ENABLE_CRYPTO |
|
1861 | 1861 |
&& !(options->tls_server || options->tls_client) |
1862 | 1862 |
#endif |
1863 | 1863 |
) |
... | ... |
@@ -2150,8 +2130,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2150 | 2150 |
/* |
2151 | 2151 |
* SSL/TLS mode sanity checks. |
2152 | 2152 |
*/ |
2153 |
- |
|
2154 |
-#ifdef ENABLE_SSL |
|
2155 | 2153 |
if (options->tls_server + options->tls_client + |
2156 | 2154 |
(options->shared_secret_file != NULL) > 1) |
2157 | 2155 |
msg (M_USAGE, "specify only one of --tls-server, --tls-client, or --secret"); |
... | ... |
@@ -2328,7 +2306,6 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2328 | 2328 |
} |
2329 | 2329 |
#undef MUST_BE_UNDEF |
2330 | 2330 |
#endif /* ENABLE_CRYPTO */ |
2331 |
-#endif /* ENABLE_SSL */ |
|
2332 | 2331 |
|
2333 | 2332 |
#if P2MP |
2334 | 2333 |
if (options->auth_user_pass_file && !options->pull) |
... | ... |
@@ -2707,8 +2684,8 @@ options_postprocess_filechecks (struct options *options) |
2707 | 2707 |
{ |
2708 | 2708 |
bool errs = false; |
2709 | 2709 |
|
2710 |
+#ifdef ENABLE_CRYPTO |
|
2710 | 2711 |
/* ** SSL/TLS/crypto related files ** */ |
2711 |
-#ifdef ENABLE_SSL |
|
2712 | 2712 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->dh_file, R_OK, "--dh"); |
2713 | 2713 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->ca_file, R_OK, "--ca"); |
2714 | 2714 |
errs |= check_file_access_chroot (options->chroot_dir, CHKACC_FILE, options->ca_path, R_OK, "--capath"); |
... | ... |
@@ -2732,20 +2709,15 @@ options_postprocess_filechecks (struct options *options) |
2732 | 2732 |
|
2733 | 2733 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->tls_auth_file, R_OK, |
2734 | 2734 |
"--tls-auth"); |
2735 |
-#endif /* ENABLE_SSL */ |
|
2736 |
-#ifdef ENABLE_CRYPTO |
|
2737 | 2735 |
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->shared_secret_file, R_OK, |
2738 | 2736 |
"--secret"); |
2739 | 2737 |
errs |= check_file_access (CHKACC_DIRPATH|CHKACC_FILEXSTWR, |
2740 | 2738 |
options->packet_id_file, R_OK|W_OK, "--replay-persist"); |
2741 |
-#endif /* ENABLE_CRYPTO */ |
|
2742 |
- |
|
2743 | 2739 |
|
2744 | 2740 |
/* ** Password files ** */ |
2745 |
-#ifdef ENABLE_SSL |
|
2746 | 2741 |
errs |= check_file_access (CHKACC_FILE, options->key_pass_file, R_OK, |
2747 | 2742 |
"--askpass"); |
2748 |
-#endif /* ENABLE_SSL */ |
|
2743 |
+#endif /* ENABLE_CRYPTO */ |
|
2749 | 2744 |
#ifdef ENABLE_MANAGEMENT |
2750 | 2745 |
errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN, |
2751 | 2746 |
options->management_user_pass, R_OK, |
... | ... |
@@ -2768,10 +2740,10 @@ options_postprocess_filechecks (struct options *options) |
2768 | 2768 |
R_OK|W_OK, "--status"); |
2769 | 2769 |
|
2770 | 2770 |
/* ** Config related ** */ |
2771 |
-#ifdef ENABLE_SSL |
|
2771 |
+#ifdef ENABLE_CRYPTO |
|
2772 | 2772 |
errs |= check_file_access_chroot (options->chroot_dir, CHKACC_FILE, options->tls_export_cert, |
2773 | 2773 |
R_OK|W_OK|X_OK, "--tls-export-cert"); |
2774 |
-#endif /* ENABLE_SSL */ |
|
2774 |
+#endif /* ENABLE_CRYPTO */ |
|
2775 | 2775 |
#if P2MP_SERVER |
2776 | 2776 |
errs |= check_file_access_chroot (options->chroot_dir, CHKACC_FILE, options->client_config_dir, |
2777 | 2777 |
R_OK|X_OK, "--client-config-dir"); |
... | ... |
@@ -3000,13 +2972,8 @@ options_string (const struct options *o, |
3000 | 3000 |
|
3001 | 3001 |
#ifdef ENABLE_CRYPTO |
3002 | 3002 |
|
3003 |
-#ifdef ENABLE_SSL |
|
3004 | 3003 |
#define TLS_CLIENT (o->tls_client) |
3005 | 3004 |
#define TLS_SERVER (o->tls_server) |
3006 |
-#else |
|
3007 |
-#define TLS_CLIENT (false) |
|
3008 |
-#define TLS_SERVER (false) |
|
3009 |
-#endif |
|
3010 | 3005 |
|
3011 | 3006 |
/* |
3012 | 3007 |
* Key direction |
... | ... |
@@ -3049,7 +3016,6 @@ options_string (const struct options *o, |
3049 | 3049 |
#endif |
3050 | 3050 |
} |
3051 | 3051 |
|
3052 |
-#ifdef ENABLE_SSL |
|
3053 | 3052 |
/* |
3054 | 3053 |
* SSL Options |
3055 | 3054 |
*/ |
... | ... |
@@ -3078,7 +3044,6 @@ options_string (const struct options *o, |
3078 | 3078 |
buf_printf (&out, ",tls-server"); |
3079 | 3079 |
} |
3080 | 3080 |
} |
3081 |
-#endif /* ENABLE_SSL */ |
|
3082 | 3081 |
|
3083 | 3082 |
#undef TLS_CLIENT |
3084 | 3083 |
#undef TLS_SERVER |
... | ... |
@@ -3401,7 +3366,7 @@ usage (void) |
3401 | 3401 |
struct options o; |
3402 | 3402 |
init_options (&o, true); |
3403 | 3403 |
|
3404 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
3404 |
+#ifdef ENABLE_CRYPTO |
|
3405 | 3405 |
fprintf (fp, usage_message, |
3406 | 3406 |
title_string, |
3407 | 3407 |
o.ce.connect_retry_seconds, |
... | ... |
@@ -3412,15 +3377,6 @@ usage (void) |
3412 | 3412 |
o.replay_window, o.replay_time, |
3413 | 3413 |
o.tls_timeout, o.renegotiate_seconds, |
3414 | 3414 |
o.handshake_window, o.transition_window); |
3415 |
-#elif defined(ENABLE_CRYPTO) |
|
3416 |
- fprintf (fp, usage_message, |
|
3417 |
- title_string, |
|
3418 |
- o.ce.connect_retry_seconds, |
|
3419 |
- o.ce.local_port, o.ce.remote_port, |
|
3420 |
- TUN_MTU_DEFAULT, TAP_MTU_EXTRA_DEFAULT, |
|
3421 |
- o.verbosity, |
|
3422 |
- o.authname, o.ciphername, |
|
3423 |
- o.replay_window, o.replay_time); |
|
3424 | 3415 |
#else |
3425 | 3416 |
fprintf (fp, usage_message, |
3426 | 3417 |
title_string, |
... | ... |
@@ -3446,7 +3402,7 @@ usage_small (void) |
3446 | 3446 |
void |
3447 | 3447 |
show_library_versions(const unsigned int flags) |
3448 | 3448 |
{ |
3449 |
-#ifdef ENABLE_SSL |
|
3449 |
+#ifdef ENABLE_CRYPTO |
|
3450 | 3450 |
#define SSL_LIB_VER_STR get_ssl_library_version() |
3451 | 3451 |
#else |
3452 | 3452 |
#define SSL_LIB_VER_STR "" |
... | ... |
@@ -6517,7 +6473,6 @@ add_option (struct options *options, |
6517 | 6517 |
options->use_prediction_resistance = true; |
6518 | 6518 |
} |
6519 | 6519 |
#endif |
6520 |
-#ifdef ENABLE_SSL |
|
6521 | 6520 |
else if (streq (p[0], "show-tls")) |
6522 | 6521 |
{ |
6523 | 6522 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
... | ... |
@@ -6954,7 +6909,6 @@ add_option (struct options *options, |
6954 | 6954 |
options->x509_username_field = p[1]; |
6955 | 6955 |
} |
6956 | 6956 |
#endif /* ENABLE_X509ALTUSERNAME */ |
6957 |
-#endif /* ENABLE_SSL */ |
|
6958 | 6957 |
#endif /* ENABLE_CRYPTO */ |
6959 | 6958 |
#ifdef ENABLE_PKCS11 |
6960 | 6959 |
else if (streq (p[0], "show-pkcs11-ids")) |
... | ... |
@@ -195,10 +195,8 @@ struct options |
195 | 195 |
bool show_ciphers; |
196 | 196 |
bool show_digests; |
197 | 197 |
bool show_engines; |
198 |
-#ifdef ENABLE_SSL |
|
199 | 198 |
bool show_tls_ciphers; |
200 | 199 |
bool show_curves; |
201 |
-#endif |
|
202 | 200 |
bool genkey; |
203 | 201 |
#endif |
204 | 202 |
|
... | ... |
@@ -500,7 +498,6 @@ struct options |
500 | 500 |
bool use_prediction_resistance; |
501 | 501 |
#endif |
502 | 502 |
|
503 |
-#ifdef ENABLE_SSL |
|
504 | 503 |
/* TLS (control channel) parms */ |
505 | 504 |
bool tls_server; |
506 | 505 |
bool tls_client; |
... | ... |
@@ -582,7 +579,6 @@ struct options |
582 | 582 |
|
583 | 583 |
bool tls_exit; |
584 | 584 |
|
585 |
-#endif /* ENABLE_SSL */ |
|
586 | 585 |
#endif /* ENABLE_CRYPTO */ |
587 | 586 |
|
588 | 587 |
#ifdef ENABLE_X509_TRACK |
... | ... |
@@ -420,7 +420,7 @@ plugin_call_item (const struct plugin *p, |
420 | 420 |
const struct argv *av, |
421 | 421 |
struct openvpn_plugin_string_list **retlist, |
422 | 422 |
const char **envp |
423 |
-#ifdef ENABLE_SSL |
|
423 |
+#ifdef ENABLE_CRYPTO |
|
424 | 424 |
, int certdepth, |
425 | 425 |
openvpn_x509_cert_t *current_cert |
426 | 426 |
#endif |
... | ... |
@@ -449,7 +449,7 @@ plugin_call_item (const struct plugin *p, |
449 | 449 |
(const char ** const) envp, |
450 | 450 |
p->plugin_handle, |
451 | 451 |
per_client_context, |
452 |
-#ifdef ENABLE_SSL |
|
452 |
+#ifdef ENABLE_CRYPTO |
|
453 | 453 |
(current_cert ? certdepth : -1), |
454 | 454 |
current_cert |
455 | 455 |
#else |
... | ... |
@@ -659,7 +659,7 @@ plugin_call_ssl (const struct plugin_list *pl, |
659 | 659 |
const struct argv *av, |
660 | 660 |
struct plugin_return *pr, |
661 | 661 |
struct env_set *es |
662 |
-#ifdef ENABLE_SSL |
|
662 |
+#ifdef ENABLE_CRYPTO |
|
663 | 663 |
, int certdepth, |
664 | 664 |
openvpn_x509_cert_t *current_cert |
665 | 665 |
#endif |
... | ... |
@@ -689,7 +689,7 @@ plugin_call_ssl (const struct plugin_list *pl, |
689 | 689 |
av, |
690 | 690 |
pr ? &pr->list[i] : NULL, |
691 | 691 |
envp |
692 |
-#ifdef ENABLE_SSL |
|
692 |
+#ifdef ENABLE_CRYPTO |
|
693 | 693 |
,certdepth, |
694 | 694 |
current_cert |
695 | 695 |
#endif |
... | ... |
@@ -127,7 +127,7 @@ int plugin_call_ssl (const struct plugin_list *pl, |
127 | 127 |
const struct argv *av, |
128 | 128 |
struct plugin_return *pr, |
129 | 129 |
struct env_set *es |
130 |
-#ifdef ENABLE_SSL |
|
130 |
+#ifdef ENABLE_CRYPTO |
|
131 | 131 |
, int current_cert_depth, |
132 | 132 |
openvpn_x509_cert_t *current_cert |
133 | 133 |
#endif |
... | ... |
@@ -183,7 +183,7 @@ plugin_call_ssl (const struct plugin_list *pl, |
183 | 183 |
const struct argv *av, |
184 | 184 |
struct plugin_return *pr, |
185 | 185 |
struct env_set *es |
186 |
-#ifdef ENABLE_SSL |
|
186 |
+#ifdef ENABLE_CRYPTO |
|
187 | 187 |
, int current_cert_depth, |
188 | 188 |
openvpn_x509_cert_t *current_cert |
189 | 189 |
#endif |
... | ... |
@@ -202,7 +202,7 @@ plugin_call(const struct plugin_list *pl, |
202 | 202 |
struct env_set *es) |
203 | 203 |
{ |
204 | 204 |
return plugin_call_ssl(pl, type, av, pr, es |
205 |
-#ifdef ENABLE_SSL |
|
205 |
+#ifdef ENABLE_CRYPTO |
|
206 | 206 |
, -1, NULL |
207 | 207 |
#endif |
208 | 208 |
); |
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
|
36 | 36 |
#include "syshead.h" |
37 | 37 |
|
38 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
38 |
+#ifdef ENABLE_CRYPTO |
|
39 | 39 |
|
40 | 40 |
#include "buffer.h" |
41 | 41 |
#include "error.h" |
... | ... |
@@ -754,4 +754,4 @@ reliable_debug_print (const struct reliable *rel, char *desc) |
754 | 754 |
|
755 | 755 |
#else |
756 | 756 |
static void dummy(void) {} |
757 |
-#endif /* ENABLE_CRYPTO && ENABLE_SSL*/ |
|
757 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -29,7 +29,7 @@ |
29 | 29 |
*/ |
30 | 30 |
|
31 | 31 |
|
32 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
32 |
+#ifdef ENABLE_CRYPTO |
|
33 | 33 |
|
34 | 34 |
#ifndef RELIABLE_H |
35 | 35 |
#define RELIABLE_H |
... | ... |
@@ -477,4 +477,4 @@ void reliable_ack_debug_print (const struct reliable_ack *ack, char *desc); |
477 | 477 |
|
478 | 478 |
|
479 | 479 |
#endif /* RELIABLE_H */ |
480 |
-#endif /* ENABLE_CRYPTO && ENABLE_SSL */ |
|
480 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -39,7 +39,7 @@ |
39 | 39 |
|
40 | 40 |
#include "syshead.h" |
41 | 41 |
|
42 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
42 |
+#ifdef ENABLE_CRYPTO |
|
43 | 43 |
|
44 | 44 |
#include "error.h" |
45 | 45 |
#include "common.h" |
... | ... |
@@ -64,4 +64,4 @@ session_id_print (const struct session_id *sid, struct gc_arena *gc) |
64 | 64 |
|
65 | 65 |
#else |
66 | 66 |
static void dummy(void) {} |
67 |
-#endif /* ENABLE_CRYPTO && ENABLE_SSL*/ |
|
67 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -30,7 +30,7 @@ |
30 | 30 |
* negotiated). |
31 | 31 |
*/ |
32 | 32 |
|
33 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
33 |
+#ifdef ENABLE_CRYPTO |
|
34 | 34 |
|
35 | 35 |
#ifndef SESSION_ID_H |
36 | 36 |
#define SESSION_ID_H |
... | ... |
@@ -83,4 +83,4 @@ void session_id_random (struct session_id *sid); |
83 | 83 |
const char *session_id_print (const struct session_id *sid, struct gc_arena *gc); |
84 | 84 |
|
85 | 85 |
#endif /* SESSION_ID_H */ |
86 |
-#endif /* ENABLE_CRYPTO && ENABLE_SSL */ |
|
86 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -43,7 +43,7 @@ |
43 | 43 |
|
44 | 44 |
#include "syshead.h" |
45 | 45 |
|
46 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
46 |
+#if defined(ENABLE_CRYPTO) |
|
47 | 47 |
|
48 | 48 |
#include "error.h" |
49 | 49 |
#include "common.h" |
... | ... |
@@ -3625,4 +3625,4 @@ done: |
3625 | 3625 |
|
3626 | 3626 |
#else |
3627 | 3627 |
static void dummy(void) {} |
3628 |
-#endif /* ENABLE_CRYPTO && ENABLE_SSL*/ |
|
3628 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -30,7 +30,7 @@ |
30 | 30 |
#ifndef OPENVPN_SSL_H |
31 | 31 |
#define OPENVPN_SSL_H |
32 | 32 |
|
33 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
33 |
+#if defined(ENABLE_CRYPTO) |
|
34 | 34 |
|
35 | 35 |
#include "basic.h" |
36 | 36 |
#include "common.h" |
... | ... |
@@ -512,6 +512,6 @@ void show_tls_performance_stats(void); |
512 | 512 |
/*#define EXTRACT_X509_FIELD_TEST*/ |
513 | 513 |
void extract_x509_field_test (void); |
514 | 514 |
|
515 |
-#endif /* ENABLE_CRYPTO && ENABLE_SSL */ |
|
515 |
+#endif /* ENABLE_CRYPTO */ |
|
516 | 516 |
|
517 | 517 |
#endif |
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
|
36 | 36 |
#include "syshead.h" |
37 | 37 |
|
38 |
-#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) |
|
38 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) |
|
39 | 39 |
|
40 | 40 |
#include "errlevel.h" |
41 | 41 |
#include "buffer.h" |
... | ... |
@@ -1457,4 +1457,4 @@ get_ssl_library_version(void) |
1457 | 1457 |
return SSLeay_version(SSLEAY_VERSION); |
1458 | 1458 |
} |
1459 | 1459 |
|
1460 |
-#endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */ |
|
1460 |
+#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */ |
... | ... |
@@ -36,7 +36,7 @@ |
36 | 36 |
|
37 | 37 |
#include "syshead.h" |
38 | 38 |
|
39 |
-#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) |
|
39 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_POLARSSL) |
|
40 | 40 |
|
41 | 41 |
#include "errlevel.h" |
42 | 42 |
#include "ssl_backend.h" |
... | ... |
@@ -1171,4 +1171,4 @@ get_ssl_library_version(void) |
1171 | 1171 |
return polar_version; |
1172 | 1172 |
} |
1173 | 1173 |
|
1174 |
-#endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) */ |
|
1174 |
+#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_POLARSSL) */ |
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
|
36 | 36 |
#include "syshead.h" |
37 | 37 |
|
38 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
38 |
+#ifdef ENABLE_CRYPTO |
|
39 | 39 |
|
40 | 40 |
#include "misc.h" |
41 | 41 |
#include "manage.h" |
... | ... |
@@ -1268,4 +1268,4 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session) |
1268 | 1268 |
gc_free (&gc); |
1269 | 1269 |
} |
1270 | 1270 |
} |
1271 |
-#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) */ |
|
1271 |
+#endif /* ENABLE_CRYPTO */ |
... | ... |
@@ -30,7 +30,7 @@ |
30 | 30 |
#ifndef SSL_VERIFY_H_ |
31 | 31 |
#define SSL_VERIFY_H_ |
32 | 32 |
|
33 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
33 |
+#ifdef ENABLE_CRYPTO |
|
34 | 34 |
|
35 | 35 |
#include "syshead.h" |
36 | 36 |
#include "misc.h" |
... | ... |
@@ -236,6 +236,6 @@ tls_client_reason (struct tls_multi *multi) |
236 | 236 |
#endif |
237 | 237 |
} |
238 | 238 |
|
239 |
-#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) */ |
|
239 |
+#endif /* ENABLE_CRYPTO */ |
|
240 | 240 |
|
241 | 241 |
#endif /* SSL_VERIFY_H_ */ |
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
|
36 | 36 |
#include "syshead.h" |
37 | 37 |
|
38 |
-#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) |
|
38 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) |
|
39 | 39 |
|
40 | 40 |
#include "ssl_verify_openssl.h" |
41 | 41 |
|
... | ... |
@@ -625,4 +625,4 @@ end: |
625 | 625 |
return retval; |
626 | 626 |
} |
627 | 627 |
|
628 |
-#endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) */ |
|
628 |
+#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */ |
... | ... |
@@ -35,7 +35,7 @@ |
35 | 35 |
|
36 | 36 |
#include "syshead.h" |
37 | 37 |
|
38 |
-#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) |
|
38 |
+#if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_POLARSSL) |
|
39 | 39 |
|
40 | 40 |
#include "ssl_verify.h" |
41 | 41 |
#include <polarssl/error.h> |
... | ... |
@@ -403,4 +403,4 @@ end: |
403 | 403 |
return retval; |
404 | 404 |
} |
405 | 405 |
|
406 |
-#endif /* #if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) */ |
|
406 |
+#endif /* #if defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_POLARSSL) */ |
... | ... |
@@ -517,7 +517,7 @@ socket_defined (const socket_descriptor_t sd) |
517 | 517 |
* Do we have point-to-multipoint capability? |
518 | 518 |
*/ |
519 | 519 |
|
520 |
-#if defined(ENABLE_CLIENT_SERVER) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined(HAVE_GETTIMEOFDAY_NANOSECONDS) |
|
520 |
+#if defined(ENABLE_CLIENT_SERVER) && defined(ENABLE_CRYPTO) && defined(HAVE_GETTIMEOFDAY_NANOSECONDS) |
|
521 | 521 |
#define P2MP 1 |
522 | 522 |
#else |
523 | 523 |
#define P2MP 0 |
... | ... |
@@ -554,7 +554,7 @@ socket_defined (const socket_descriptor_t sd) |
554 | 554 |
/* |
555 | 555 |
* Enable external private key |
556 | 556 |
*/ |
557 |
-#if defined(ENABLE_MANAGEMENT) && defined(ENABLE_SSL) |
|
557 |
+#if defined(ENABLE_MANAGEMENT) && defined(ENABLE_CRYPTO) |
|
558 | 558 |
#define MANAGMENT_EXTERNAL_KEY |
559 | 559 |
#endif |
560 | 560 |
|
... | ... |
@@ -621,14 +621,14 @@ socket_defined (const socket_descriptor_t sd) |
621 | 621 |
/* |
622 | 622 |
* Do we have CryptoAPI capability? |
623 | 623 |
*/ |
624 |
-#if defined(WIN32) && defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL) |
|
624 |
+#if defined(WIN32) && defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) |
|
625 | 625 |
#define ENABLE_CRYPTOAPI |
626 | 626 |
#endif |
627 | 627 |
|
628 | 628 |
/* |
629 | 629 |
* Enable x509-track feature? |
630 | 630 |
*/ |
631 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) && defined (ENABLE_CRYPTO_OPENSSL) |
|
631 |
+#if defined(ENABLE_CRYPTO) && defined (ENABLE_CRYPTO_OPENSSL) |
|
632 | 632 |
#define ENABLE_X509_TRACK |
633 | 633 |
#endif |
634 | 634 |
|
... | ... |
@@ -697,7 +697,7 @@ socket_defined (const socket_descriptor_t sd) |
697 | 697 |
/* |
698 | 698 |
* Do we support pushing peer info? |
699 | 699 |
*/ |
700 |
-#if defined(ENABLE_CRYPTO) && defined(ENABLE_SSL) |
|
700 |
+#if defined(ENABLE_CRYPTO) |
|
701 | 701 |
#define ENABLE_PUSH_PEER_INFO |
702 | 702 |
#endif |
703 | 703 |
|