------------
The OpenSSL library is used for all cryptographic functions. You can find it at
-https://www.openssl.org/. You will need version 1.0.1 or later with support for
+https://www.openssl.org/. You will need version 1.1.0 or later with support for
AES256 and SHA256 enabled. If this library is not installed on your system, the
configure script will fail. The manual in doc/tinc.texi contains more detailed
information on how to install this library. Alternatively, you may also use the
LDFLAGS="$LDFLAGS -L$withval"]
)
- AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h,
+ AC_CHECK_HEADERS([openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h],
[],
[AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break]
)
- AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
+ AC_CHECK_LIB(crypto, OPENSSL_init_crypto,
[LIBS="-lcrypto $LIBS"],
[AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
)
- AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
- [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
- )
-
- AC_CHECK_DECLS([OpenSSL_add_all_algorithms, EVP_aes_256_cfb], ,
- [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
- [#include <openssl/evp.h>]
- )
-
- AC_CHECK_FUNCS([BN_GENCB_new RSA_set0_key], , , [#include <openssl/rsa.h>])
+ AC_DEFINE(HAVE_OPENSSL, 1, [enable OpenSSL support])
])
#include <openssl/rsa.h>
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_cleanup(c)
-#endif
-
#include "avl_tree.h"
#define OPTION_INDIRECT 0x0001
char *myport;
devops_t devops;
-#ifndef HAVE_RSA_SET0_KEY
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
- BN_free(r->n);
- r->n = n;
- BN_free(r->e);
- r->e = e;
- BN_free(r->d);
- r->d = d;
- return 1;
-}
-#endif
-
bool read_rsa_public_key(connection_t *c) {
FILE *fp;
char *pubname;
#include <openssl/rsa.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
-#endif
#include <openssl/bn.h>
#ifdef HAVE_LZO
return 1;
}
-#ifndef HAVE_BN_GENCB_NEW
-BN_GENCB *BN_GENCB_new(void) {
- return xmalloc_and_zero(sizeof(BN_GENCB));
-}
-
-void BN_GENCB_free(BN_GENCB *cb) {
- free(cb);
-}
-#endif
-
/*
Generate a public/private RSA keypair, and ask for a file to store
them in.
init_configuration(&config_tree);
-#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-#endif
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- OpenSSL_add_all_algorithms();
-#endif
if(generate_keys) {
read_server_config();
free(priority);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- EVP_cleanup();
- ERR_free_strings();
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
-#endif
-
exit_configuration(&config_tree);
list_delete_list(cmdline_conf);
free_names();
projects / tinc / commitdiff