Import Upstream version 1.0.29
This commit is contained in:
parent
d08a5d8f0b
commit
1077a20a8c
39 changed files with 865 additions and 375 deletions
68
ChangeLog
68
ChangeLog
|
@ -1,11 +1,30 @@
|
|||
Version 1.0.29 October 09 2016
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Guus Sliepen (11):
|
||||
Preserve IPv6 scope_id in edges.
|
||||
Ensure compatibility with OpenSSL 1.1.0.
|
||||
Add -Wall to CFLAGS.
|
||||
Check return value of RSA_generate_key_ex().
|
||||
Force nul-termination of strings after vsnprintf().
|
||||
Log warnings about dropped packets only with debug level 5 or higher.
|
||||
Add a copy of ax_append_flag.m4.
|
||||
Add ax_require_defined.m4.
|
||||
Fix possibly unitialized variable.
|
||||
Fix compiler warnings about format string errors on BSD.
|
||||
Releasing 1.0.29.
|
||||
|
||||
Version 1.0.28 April 10 2016
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Guus Sliepen (5):
|
||||
Guus Sliepen (8):
|
||||
Fix compiling bsd/device.c on systems without utun.
|
||||
Really remove use of __DATE__ and __TIME__ to facilitate reproducible builds.
|
||||
Add systemd service files.
|
||||
Update .gitignore.
|
||||
Ensure the service files are in the tarball.
|
||||
Explicitly mention that LibreSSL can be used as well.
|
||||
Update links in the documentation.
|
||||
Releasing 1.0.28.
|
||||
|
||||
Version 1.0.27 April 10 2016
|
||||
|
@ -118,7 +137,20 @@ VittGam (1):
|
|||
Version 1.0.24 May 11 2014
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Guus Sliepen (13):
|
||||
Guus Sliepen (26):
|
||||
Mention in the manual that multiple Address staments are allowed.
|
||||
If no Port is specified, set myport to actual port of first listening socket.
|
||||
Enable compiler hardening flags by default.
|
||||
Update support for Solaris.
|
||||
Include <limits.h> for PATH_MAX.
|
||||
Stricter check for raw socket support.
|
||||
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||
Don't enable -fstack-protector-all.
|
||||
Remove or lower the priority of some debug messages.
|
||||
Clarify StrictSubnets.
|
||||
Attribution for various contributors.
|
||||
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||
Remove useless variable 'hard' from try_harder().
|
||||
Merge pull request #14 from luckyhacky/master
|
||||
Add an autoconf check for res_init().
|
||||
|
@ -138,40 +170,22 @@ Steffan Karger (3):
|
|||
Use cryptographically strong random when generating keys.
|
||||
Check RAND_bytes() return value, fail when getting random fails.
|
||||
|
||||
Florent Clairambault (2):
|
||||
Adding "conf.d" configuration dir support.
|
||||
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||
|
||||
Armin Fisslthaler (1):
|
||||
reload /etc/resolv.conf in SIGALRM handler
|
||||
|
||||
Loic Dachary (1):
|
||||
fix documentation typo
|
||||
|
||||
luckyhacky (1):
|
||||
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
||||
|
||||
refs/tags/1.0.23-android-1 March 11 2014
|
||||
------------------------------------------------------------------------
|
||||
|
||||
Guus Sliepen (13):
|
||||
Mention in the manual that multiple Address staments are allowed.
|
||||
If no Port is specified, set myport to actual port of first listening socket.
|
||||
Enable compiler hardening flags by default.
|
||||
Update support for Solaris.
|
||||
Include <limits.h> for PATH_MAX.
|
||||
Stricter check for raw socket support.
|
||||
Use hardcoded value for TUNNEWPPA if net/if_tun.h is missing on Solaris.
|
||||
Fix incorrectly merged bits from 80cd2ff73071941a5356555b85a00ee90dfd0e16.
|
||||
Don't enable -fstack-protector-all.
|
||||
Remove or lower the priority of some debug messages.
|
||||
Clarify StrictSubnets.
|
||||
Attribution for various contributors.
|
||||
Handle errors from TAP-Win32/64 adapter in a better way.
|
||||
|
||||
Florent Clairambault (2):
|
||||
Adding "conf.d" configuration dir support.
|
||||
Adding some documentation around the /etc/tinc/$NET/conf.d directory.
|
||||
|
||||
Vilbrekin (1):
|
||||
Update android build instructions. Disable PIE as this is not supported on some devices.
|
||||
|
||||
luckyhacky (1):
|
||||
update to openssl version 1.0.1g due to lack of heartbleed bug in prior version of openssl
|
||||
|
||||
Version 1.0.23 October 19 2013
|
||||
------------------------------------------------------------------------
|
||||
|
||||
|
|
|
@ -90,8 +90,11 @@ host_triplet = @host@
|
|||
subdir = .
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||
$(top_srcdir)/configure.ac
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
|
|
10
NEWS
10
NEWS
|
@ -1,3 +1,13 @@
|
|||
Version 1.0.29 October 9 2016
|
||||
|
||||
* Fix UDP communication with peers with link-local IPv6 addresses.
|
||||
|
||||
* Ensure compatibility with OpenSSL 1.1.0.
|
||||
|
||||
* Ensure autoreconf can be run without requiring autoconf-archive.
|
||||
|
||||
* Log warnings about dropped packets only at debug level 5.
|
||||
|
||||
Version 1.0.28 April 10 2016
|
||||
|
||||
* Fix compilation on BSD platforms.
|
||||
|
|
4
README
4
README
|
@ -1,4 +1,4 @@
|
|||
This is the README file for tinc version 1.0.28. Installation
|
||||
This is the README file for tinc version 1.0.29. Installation
|
||||
instructions may be found in the INSTALL file.
|
||||
|
||||
tinc is Copyright (C) 1998-2016 by:
|
||||
|
@ -55,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into
|
|||
Compatibility
|
||||
-------------
|
||||
|
||||
Version 1.0.28 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
Version 1.0.29 is compatible with 1.0pre8, 1.0 and later, but not with older
|
||||
versions of tinc.
|
||||
|
||||
|
||||
|
|
3
aclocal.m4
vendored
3
aclocal.m4
vendored
|
@ -1463,8 +1463,11 @@ AC_SUBST([am__untar])
|
|||
]) # _AM_PROG_TAR
|
||||
|
||||
m4_include([m4/attribute.m4])
|
||||
m4_include([m4/ax_append_flag.m4])
|
||||
m4_include([m4/ax_cflags_warn_all.m4])
|
||||
m4_include([m4/ax_check_compile_flag.m4])
|
||||
m4_include([m4/ax_check_link_flag.m4])
|
||||
m4_include([m4/ax_require_defined.m4])
|
||||
m4_include([m4/lzo.m4])
|
||||
m4_include([m4/openssl.m4])
|
||||
m4_include([m4/zlib.m4])
|
||||
|
|
111
config.guess
vendored
111
config.guess
vendored
|
@ -1,8 +1,8 @@
|
|||
#! /bin/sh
|
||||
# Attempt to guess a canonical system name.
|
||||
# Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
# Copyright 1992-2016 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2015-08-20'
|
||||
timestamp='2016-04-02'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
|
@ -27,7 +27,7 @@ timestamp='2015-08-20'
|
|||
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
|
||||
#
|
||||
# You can get the latest version of this script from:
|
||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
|
||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
|
||||
#
|
||||
# Please send patches to <config-patches@gnu.org>.
|
||||
|
||||
|
@ -50,7 +50,7 @@ version="\
|
|||
GNU config.guess ($timestamp)
|
||||
|
||||
Originally written by Per Bothner.
|
||||
Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
Copyright 1992-2016 Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
|
@ -237,6 +237,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:LibertyBSD:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:ekkoBSD:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
|
||||
exit ;;
|
||||
|
@ -268,42 +272,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
|
||||
case "$ALPHA_CPU_TYPE" in
|
||||
"EV4 (21064)")
|
||||
UNAME_MACHINE="alpha" ;;
|
||||
UNAME_MACHINE=alpha ;;
|
||||
"EV4.5 (21064)")
|
||||
UNAME_MACHINE="alpha" ;;
|
||||
UNAME_MACHINE=alpha ;;
|
||||
"LCA4 (21066/21068)")
|
||||
UNAME_MACHINE="alpha" ;;
|
||||
UNAME_MACHINE=alpha ;;
|
||||
"EV5 (21164)")
|
||||
UNAME_MACHINE="alphaev5" ;;
|
||||
UNAME_MACHINE=alphaev5 ;;
|
||||
"EV5.6 (21164A)")
|
||||
UNAME_MACHINE="alphaev56" ;;
|
||||
UNAME_MACHINE=alphaev56 ;;
|
||||
"EV5.6 (21164PC)")
|
||||
UNAME_MACHINE="alphapca56" ;;
|
||||
UNAME_MACHINE=alphapca56 ;;
|
||||
"EV5.7 (21164PC)")
|
||||
UNAME_MACHINE="alphapca57" ;;
|
||||
UNAME_MACHINE=alphapca57 ;;
|
||||
"EV6 (21264)")
|
||||
UNAME_MACHINE="alphaev6" ;;
|
||||
UNAME_MACHINE=alphaev6 ;;
|
||||
"EV6.7 (21264A)")
|
||||
UNAME_MACHINE="alphaev67" ;;
|
||||
UNAME_MACHINE=alphaev67 ;;
|
||||
"EV6.8CB (21264C)")
|
||||
UNAME_MACHINE="alphaev68" ;;
|
||||
UNAME_MACHINE=alphaev68 ;;
|
||||
"EV6.8AL (21264B)")
|
||||
UNAME_MACHINE="alphaev68" ;;
|
||||
UNAME_MACHINE=alphaev68 ;;
|
||||
"EV6.8CX (21264D)")
|
||||
UNAME_MACHINE="alphaev68" ;;
|
||||
UNAME_MACHINE=alphaev68 ;;
|
||||
"EV6.9A (21264/EV69A)")
|
||||
UNAME_MACHINE="alphaev69" ;;
|
||||
UNAME_MACHINE=alphaev69 ;;
|
||||
"EV7 (21364)")
|
||||
UNAME_MACHINE="alphaev7" ;;
|
||||
UNAME_MACHINE=alphaev7 ;;
|
||||
"EV7.9 (21364A)")
|
||||
UNAME_MACHINE="alphaev79" ;;
|
||||
UNAME_MACHINE=alphaev79 ;;
|
||||
esac
|
||||
# A Pn.n version is a patched version.
|
||||
# A Vn.n version is a released version.
|
||||
# A Tn.n version is a released field test version.
|
||||
# A Xn.n version is an unreleased experimental baselevel.
|
||||
# 1.2 uses "1.2" for uname -r.
|
||||
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
|
||||
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
|
||||
exitcode=$?
|
||||
trap '' 0
|
||||
|
@ -376,16 +380,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
exit ;;
|
||||
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
|
||||
eval $set_cc_for_build
|
||||
SUN_ARCH="i386"
|
||||
SUN_ARCH=i386
|
||||
# If there is a compiler, see if it is configured for 64-bit objects.
|
||||
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
|
||||
# This test works for both compilers.
|
||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
||||
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
|
||||
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
grep IS_64BIT_ARCH >/dev/null
|
||||
then
|
||||
SUN_ARCH="x86_64"
|
||||
SUN_ARCH=x86_64
|
||||
fi
|
||||
fi
|
||||
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
|
||||
|
@ -410,7 +414,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
|||
exit ;;
|
||||
sun*:*:4.2BSD:*)
|
||||
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
|
||||
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
|
||||
test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3
|
||||
case "`/bin/arch`" in
|
||||
sun3)
|
||||
echo m68k-sun-sunos${UNAME_RELEASE}
|
||||
|
@ -635,13 +639,13 @@ EOF
|
|||
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
|
||||
32) HP_ARCH=hppa2.0n ;;
|
||||
64) HP_ARCH=hppa2.0w ;;
|
||||
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
|
||||
esac ;;
|
||||
esac
|
||||
fi
|
||||
|
@ -680,11 +684,11 @@ EOF
|
|||
exit (0);
|
||||
}
|
||||
EOF
|
||||
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
||||
(CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
||||
test -z "$HP_ARCH" && HP_ARCH=hppa
|
||||
fi ;;
|
||||
esac
|
||||
if [ ${HP_ARCH} = "hppa2.0w" ]
|
||||
if [ ${HP_ARCH} = hppa2.0w ]
|
||||
then
|
||||
eval $set_cc_for_build
|
||||
|
||||
|
@ -697,12 +701,12 @@ EOF
|
|||
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
|
||||
# => hppa64-hp-hpux11.23
|
||||
|
||||
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
|
||||
if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
|
||||
grep -q __LP64__
|
||||
then
|
||||
HP_ARCH="hppa2.0w"
|
||||
HP_ARCH=hppa2.0w
|
||||
else
|
||||
HP_ARCH="hppa64"
|
||||
HP_ARCH=hppa64
|
||||
fi
|
||||
fi
|
||||
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
|
||||
|
@ -807,14 +811,14 @@ EOF
|
|||
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit ;;
|
||||
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
||||
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
|
||||
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
5000:UNIX_System_V:4.*:*)
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
||||
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
||||
|
@ -896,7 +900,7 @@ EOF
|
|||
exit ;;
|
||||
*:GNU/*:*:*)
|
||||
# other systems with GNU libc and userland
|
||||
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
|
||||
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
|
||||
exit ;;
|
||||
i*86:Minix:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-minix
|
||||
|
@ -919,7 +923,7 @@ EOF
|
|||
EV68*) UNAME_MACHINE=alphaev68 ;;
|
||||
esac
|
||||
objdump --private-headers /bin/sh | grep -q ld.so.1
|
||||
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
|
||||
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
arc:Linux:*:* | arceb:Linux:*:*)
|
||||
|
@ -965,6 +969,9 @@ EOF
|
|||
ia64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
k1om:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
m32r*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
|
||||
exit ;;
|
||||
|
@ -1120,7 +1127,7 @@ EOF
|
|||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i586.
|
||||
# Note: whatever this is, it MUST be the same as what config.sub
|
||||
# prints for the "djgpp" host, or else GDB configury will decide that
|
||||
# prints for the "djgpp" host, or else GDB configure will decide that
|
||||
# this is a cross-build.
|
||||
echo i586-pc-msdosdjgpp
|
||||
exit ;;
|
||||
|
@ -1269,6 +1276,9 @@ EOF
|
|||
SX-8R:SUPER-UX:*:*)
|
||||
echo sx8r-nec-superux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
SX-ACE:SUPER-UX:*:*)
|
||||
echo sxace-nec-superux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
Power*:Rhapsody:*:*)
|
||||
echo powerpc-apple-rhapsody${UNAME_RELEASE}
|
||||
exit ;;
|
||||
|
@ -1282,9 +1292,9 @@ EOF
|
|||
UNAME_PROCESSOR=powerpc
|
||||
fi
|
||||
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
|
||||
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
|
||||
if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
|
||||
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
|
||||
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
|
||||
grep IS_64BIT_ARCH >/dev/null
|
||||
then
|
||||
case $UNAME_PROCESSOR in
|
||||
|
@ -1306,7 +1316,7 @@ EOF
|
|||
exit ;;
|
||||
*:procnto*:*:* | *:QNX:[0123456789]*:*)
|
||||
UNAME_PROCESSOR=`uname -p`
|
||||
if test "$UNAME_PROCESSOR" = "x86"; then
|
||||
if test "$UNAME_PROCESSOR" = x86; then
|
||||
UNAME_PROCESSOR=i386
|
||||
UNAME_MACHINE=pc
|
||||
fi
|
||||
|
@ -1337,7 +1347,7 @@ EOF
|
|||
# "uname -m" is not consistent, so use $cputype instead. 386
|
||||
# is converted to i386 for consistency with other x86
|
||||
# operating systems.
|
||||
if test "$cputype" = "386"; then
|
||||
if test "$cputype" = 386; then
|
||||
UNAME_MACHINE=i386
|
||||
else
|
||||
UNAME_MACHINE="$cputype"
|
||||
|
@ -1379,7 +1389,7 @@ EOF
|
|||
echo i386-pc-xenix
|
||||
exit ;;
|
||||
i*86:skyos:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
|
||||
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'`
|
||||
exit ;;
|
||||
i*86:rdos:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-rdos
|
||||
|
@ -1390,6 +1400,9 @@ EOF
|
|||
x86_64:VMkernel:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-esx
|
||||
exit ;;
|
||||
amd64:Isilon\ OneFS:*:*)
|
||||
echo x86_64-unknown-onefs
|
||||
exit ;;
|
||||
esac
|
||||
|
||||
cat >&2 <<EOF
|
||||
|
@ -1399,9 +1412,9 @@ This script, last modified $timestamp, has failed to recognize
|
|||
the operating system you are using. It is advised that you
|
||||
download the most up to date version of the config scripts from
|
||||
|
||||
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
|
||||
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
|
||||
and
|
||||
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
|
||||
http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
|
||||
|
||||
If the version you run ($0) is already up to date, please
|
||||
send the following data and any information you think might be
|
||||
|
|
16
config.h.in
16
config.h.in
|
@ -21,6 +21,9 @@
|
|||
/* Define to 1 if you have the `asprintf' function. */
|
||||
#undef HAVE_ASPRINTF
|
||||
|
||||
/* Define to 1 if you have the `BN_GENCB_new' function. */
|
||||
#undef HAVE_BN_GENCB_NEW
|
||||
|
||||
/* Unknown BSD variant */
|
||||
#undef HAVE_BSD
|
||||
|
||||
|
@ -62,6 +65,12 @@
|
|||
/* DragonFly */
|
||||
#undef HAVE_DRAGONFLY
|
||||
|
||||
/* Define to 1 if you have the `ERR_remove_state' function. */
|
||||
#undef HAVE_ERR_REMOVE_STATE
|
||||
|
||||
/* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */
|
||||
#undef HAVE_EVP_CIPHER_CTX_NEW
|
||||
|
||||
/* Define to 1 if you have the `EVP_EncryptInit_ex' function. */
|
||||
#undef HAVE_EVP_ENCRYPTINIT_EX
|
||||
|
||||
|
@ -233,12 +242,15 @@
|
|||
/* Define to 1 if you have the `random' function. */
|
||||
#undef HAVE_RANDOM
|
||||
|
||||
/* Define to 1 if you have the `RAND_pseudo_bytes' function. */
|
||||
#undef HAVE_RAND_PSEUDO_BYTES
|
||||
/* Define to 1 if you have the `RAND_bytes' function. */
|
||||
#undef HAVE_RAND_BYTES
|
||||
|
||||
/* Define to 1 if you have the <resolv.h> header file. */
|
||||
#undef HAVE_RESOLV_H
|
||||
|
||||
/* Define to 1 if you have the `RSA_set0_key' function. */
|
||||
#undef HAVE_RSA_SET0_KEY
|
||||
|
||||
/* Define to 1 if you have the `select' function. */
|
||||
#undef HAVE_SELECT
|
||||
|
||||
|
|
20
config.sub
vendored
20
config.sub
vendored
|
@ -1,8 +1,8 @@
|
|||
#! /bin/sh
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
# Copyright 1992-2016 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2015-08-20'
|
||||
timestamp='2016-03-30'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
|
@ -33,7 +33,7 @@ timestamp='2015-08-20'
|
|||
# Otherwise, we print the canonical config type on stdout and succeed.
|
||||
|
||||
# You can get the latest version of this script from:
|
||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
|
||||
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
|
||||
|
||||
# This file is supposed to be the same for all GNU packages
|
||||
# and recognize all the CPU types, system types and aliases
|
||||
|
@ -53,8 +53,7 @@ timestamp='2015-08-20'
|
|||
me=`echo "$0" | sed -e 's,.*/,,'`
|
||||
|
||||
usage="\
|
||||
Usage: $0 [OPTION] CPU-MFR-OPSYS
|
||||
$0 [OPTION] ALIAS
|
||||
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
|
||||
|
||||
Canonicalize a configuration name.
|
||||
|
||||
|
@ -68,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
|
|||
version="\
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright 1992-2015 Free Software Foundation, Inc.
|
||||
Copyright 1992-2016 Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
|
@ -521,7 +520,7 @@ case $basic_machine in
|
|||
basic_machine=i386-pc
|
||||
os=-aros
|
||||
;;
|
||||
asmjs)
|
||||
asmjs)
|
||||
basic_machine=asmjs-unknown
|
||||
;;
|
||||
aux)
|
||||
|
@ -1383,7 +1382,7 @@ case $os in
|
|||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
|
||||
| -bitrig* | -openbsd* | -solidbsd* \
|
||||
| -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
|
||||
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
||||
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
|
@ -1399,7 +1398,8 @@ case $os in
|
|||
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
||||
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
|
||||
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
|
||||
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
|
||||
| -onefs* | -tirtos*)
|
||||
# Remember, each alternative MUST END IN *, to match a version number.
|
||||
;;
|
||||
-qnx*)
|
||||
|
@ -1531,6 +1531,8 @@ case $os in
|
|||
;;
|
||||
-nacl*)
|
||||
;;
|
||||
-ios)
|
||||
;;
|
||||
-none)
|
||||
;;
|
||||
*)
|
||||
|
|
124
configure
vendored
124
configure
vendored
|
@ -1,6 +1,6 @@
|
|||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.28.
|
||||
# Generated by GNU Autoconf 2.69 for tinc 1.0.29.
|
||||
#
|
||||
#
|
||||
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
|
||||
|
@ -577,8 +577,8 @@ MAKEFLAGS=
|
|||
# Identity of this package.
|
||||
PACKAGE_NAME='tinc'
|
||||
PACKAGE_TARNAME='tinc'
|
||||
PACKAGE_VERSION='1.0.28'
|
||||
PACKAGE_STRING='tinc 1.0.28'
|
||||
PACKAGE_VERSION='1.0.29'
|
||||
PACKAGE_STRING='tinc 1.0.29'
|
||||
PACKAGE_BUGREPORT=''
|
||||
PACKAGE_URL=''
|
||||
|
||||
|
@ -1331,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
|
|||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures tinc 1.0.28 to adapt to many kinds of systems.
|
||||
\`configure' configures tinc 1.0.29 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
|
@ -1402,7 +1402,7 @@ fi
|
|||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of tinc 1.0.28:";;
|
||||
short | recursive ) echo "Configuration of tinc 1.0.29:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
|
@ -1441,11 +1441,11 @@ Optional Packages:
|
|||
--with-lzo=DIR lzo base directory, or:
|
||||
--with-lzo-include=DIR lzo headers directory
|
||||
--with-lzo-lib=DIR lzo library directory
|
||||
--with-openssl=DIR OpenSSL base directory, or:
|
||||
--with-openssl=DIR LibreSSL/OpenSSL base directory, or:
|
||||
--with-openssl-include=DIR
|
||||
OpenSSL headers directory (without trailing
|
||||
LibreSSL/OpenSSL headers directory (without trailing
|
||||
/openssl)
|
||||
--with-openssl-lib=DIR OpenSSL library directory
|
||||
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
|
||||
|
||||
Some influential environment variables:
|
||||
CC C compiler command
|
||||
|
@ -1528,7 +1528,7 @@ fi
|
|||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
tinc configure 1.0.28
|
||||
tinc configure 1.0.29
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
|
@ -1993,7 +1993,7 @@ cat >config.log <<_ACEOF
|
|||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by tinc $as_me 1.0.28, which was
|
||||
It was created by tinc $as_me 1.0.29, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
|
@ -2857,7 +2857,7 @@ fi
|
|||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='tinc'
|
||||
VERSION='1.0.28'
|
||||
VERSION='1.0.29'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
|
@ -5376,6 +5376,79 @@ if test -d /sw/lib ; then
|
|||
fi
|
||||
|
||||
|
||||
ac_ext=c
|
||||
ac_cpp='$CPP $CPPFLAGS'
|
||||
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
|
||||
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
|
||||
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking CFLAGS for maximum warnings" >&5
|
||||
$as_echo_n "checking CFLAGS for maximum warnings... " >&6; }
|
||||
if ${ac_cv_cflags_warn_all+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
ac_cv_cflags_warn_all="no, unknown"
|
||||
ac_save_CFLAGS="$CFLAGS"
|
||||
for ac_arg in "-warn all % -warn all" "-pedantic % -Wall" "-xstrconst % -v" "-std1 % -verbose -w0 -warnprotos" "-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" "-ansi -ansiE % -fullwarn" "+ESlit % +w1" "-Xc % -pvctl,fullmsg" "-h conform % -h msglevel 2" #
|
||||
do CFLAGS="$ac_save_CFLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'`
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
int
|
||||
main ()
|
||||
{
|
||||
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_compile "$LINENO"; then :
|
||||
ac_cv_cflags_warn_all=`echo $ac_arg | sed -e 's,.*% *,,'` ; break
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
done
|
||||
CFLAGS="$ac_save_CFLAGS"
|
||||
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cflags_warn_all" >&5
|
||||
$as_echo "$ac_cv_cflags_warn_all" >&6; }
|
||||
|
||||
|
||||
case ".$ac_cv_cflags_warn_all" in
|
||||
.ok|.ok,*) ;;
|
||||
.|.no|.no,*) ;;
|
||||
*) if ${CFLAGS+:} false; then :
|
||||
case " $CFLAGS " in
|
||||
*" $ac_cv_cflags_warn_all "*)
|
||||
{ { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$ac_cv_cflags_warn_all"; } >&5
|
||||
(: CFLAGS already contains $ac_cv_cflags_warn_all) 2>&5
|
||||
ac_status=$?
|
||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||
test $ac_status = 0; }
|
||||
;;
|
||||
*)
|
||||
{ { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS \$ac_cv_cflags_warn_all\""; } >&5
|
||||
(: CFLAGS="$CFLAGS $ac_cv_cflags_warn_all") 2>&5
|
||||
ac_status=$?
|
||||
$as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
|
||||
test $ac_status = 0; }
|
||||
CFLAGS="$CFLAGS $ac_cv_cflags_warn_all"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
CFLAGS="$ac_cv_cflags_warn_all"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
ac_ext=c
|
||||
ac_cpp='$CPP $CPPFLAGS'
|
||||
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
|
||||
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
|
||||
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
||||
|
||||
|
||||
|
||||
# Check whether --enable-hardening was given.
|
||||
if test "${enable_hardening+set}" = set; then :
|
||||
enableval=$enable_hardening;
|
||||
|
@ -6981,7 +7054,7 @@ $as_echo "$ac_cv_lib_dl_dlopen" >&6; }
|
|||
if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
|
||||
LIBS="$LIBS -ldl"
|
||||
else
|
||||
as_fn_error $? "OpenSSL depends on libdl." "$LINENO" 5; break
|
||||
as_fn_error $? "LibreSSL/OpenSSL depends on libdl." "$LINENO" 5; break
|
||||
|
||||
fi
|
||||
|
||||
|
@ -7029,7 +7102,7 @@ if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
|
|||
_ACEOF
|
||||
|
||||
else
|
||||
as_fn_error $? "OpenSSL header files not found." "$LINENO" 5; break
|
||||
as_fn_error $? "LibreSSL/OpenSSL header files not found." "$LINENO" 5; break
|
||||
|
||||
fi
|
||||
|
||||
|
@ -7075,12 +7148,12 @@ $as_echo "$ac_cv_lib_crypto_EVP_EncryptInit_ex" >&6; }
|
|||
if test "x$ac_cv_lib_crypto_EVP_EncryptInit_ex" = xyes; then :
|
||||
LIBS="-lcrypto $LIBS"
|
||||
else
|
||||
as_fn_error $? "OpenSSL libraries not found." "$LINENO" 5
|
||||
as_fn_error $? "LibreSSL/OpenSSL libraries not found." "$LINENO" 5
|
||||
|
||||
fi
|
||||
|
||||
|
||||
for ac_func in RAND_pseudo_bytes EVP_EncryptInit_ex
|
||||
for ac_func in RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new
|
||||
do :
|
||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||
|
@ -7090,7 +7163,7 @@ if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
|
|||
_ACEOF
|
||||
|
||||
else
|
||||
as_fn_error $? "Missing OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
||||
as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
||||
fi
|
||||
done
|
||||
|
||||
|
@ -7101,10 +7174,23 @@ done
|
|||
if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes; then :
|
||||
|
||||
else
|
||||
as_fn_error $? "Missing OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
||||
as_fn_error $? "Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version." "$LINENO" 5; break
|
||||
fi
|
||||
|
||||
|
||||
for ac_func in BN_GENCB_new ERR_remove_state RSA_set0_key
|
||||
do :
|
||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
|
||||
# Check whether --enable-jumbograms was given.
|
||||
if test "${enable_jumbograms+set}" = set; then :
|
||||
|
@ -7695,7 +7781,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by tinc $as_me 1.0.28, which was
|
||||
This file was extended by tinc $as_me 1.0.29, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
|
@ -7761,7 +7847,7 @@ _ACEOF
|
|||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
tinc config.status 1.0.28
|
||||
tinc config.status 1.0.29
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
dnl Process this file with autoconf to produce a configure script.
|
||||
|
||||
AC_PREREQ(2.61)
|
||||
AC_INIT([tinc], [1.0.28])
|
||||
AC_INIT([tinc], [1.0.29])
|
||||
AC_CONFIG_SRCDIR([src/tincd.c])
|
||||
AM_INIT_AUTOMAKE([1.11 check-news std-options subdir-objects nostdinc silent-rules -Wall])
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
|
@ -152,6 +152,8 @@ fi
|
|||
dnl Compiler hardening flags
|
||||
dnl No -fstack-protector-all because it doesn't work on all platforms or architectures.
|
||||
|
||||
AX_CFLAGS_WARN_ALL(CFLAGS)
|
||||
|
||||
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags]))
|
||||
AS_IF([test "x$enable_hardening" != "xno"],
|
||||
[AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORTIFY_SOURCE=2"])
|
||||
|
|
|
@ -91,8 +91,11 @@ host_triplet = @host@
|
|||
subdir = distro
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||
$(top_srcdir)/configure.ac
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
|
|
|
@ -89,8 +89,11 @@ host_triplet = @host@
|
|||
subdir = doc
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||
$(top_srcdir)/configure.ac
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
|
|
|
@ -470,7 +470,7 @@ variables can be specified, in which case each address will be tried until a wor
|
|||
connection has been established.
|
||||
.It Va Cipher Li = Ar cipher Pq blowfish
|
||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
||||
Any cipher supported by OpenSSL is recognised.
|
||||
Any cipher supported by LibreSSL or OpenSSL is recognised.
|
||||
Furthermore, specifying
|
||||
.Qq none
|
||||
will turn off packet encryption.
|
||||
|
@ -485,7 +485,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
|||
10 (fast lzo) and 11 (best lzo).
|
||||
.It Va Digest Li = Ar digest Pq sha1
|
||||
The digest algorithm used to authenticate UDP packets.
|
||||
Any digest supported by OpenSSL is recognised.
|
||||
Any digest supported by LibreSSL or OpenSSL is recognised.
|
||||
Furthermore, specifying
|
||||
.Qq none
|
||||
will turn off packet authentication.
|
||||
|
@ -657,7 +657,7 @@ its connection to the virtual network device.
|
|||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr tincd 8 ,
|
||||
.Pa http://www.tinc-vpn.org/ ,
|
||||
.Pa https://www.tinc-vpn.org/ ,
|
||||
.Pa http://www.tldp.org/LDP/nag2/ .
|
||||
.Pp
|
||||
The full documentation for
|
||||
|
|
231
doc/tinc.info
231
doc/tinc.info
|
@ -147,7 +147,7 @@ will most likely compile and run, but it will not be able to send or
|
|||
receive data packets.
|
||||
|
||||
For an up to date list of supported platforms, please check the list
|
||||
on our website: <http://www.tinc-vpn.org/platforms/>.
|
||||
on our website: <https://www.tinc-vpn.org/platforms/>.
|
||||
|
||||
|
||||
File: tinc.info, Node: Preparations, Next: Installation, Prev: Introduction, Up: Top
|
||||
|
@ -219,12 +219,8 @@ File: tinc.info, Node: Configuration of OpenBSD kernels, Next: Configuration o
|
|||
2.1.3 Configuration of OpenBSD kernels
|
||||
--------------------------------------
|
||||
|
||||
For OpenBSD version 2.9 and higher, the tun driver is included in the
|
||||
default kernel configuration. There is also a kernel patch from
|
||||
<http://diehard.n-r-g.com/stuff/openbsd/> which adds a tap device to
|
||||
OpenBSD which should work with tinc, but with recent versions of
|
||||
OpenBSD, a tun device can act as a tap device by setting the link0
|
||||
option with ifconfig.
|
||||
Recent versions of OpenBSD come with both tun and tap devices enabled in
|
||||
the default kernel configuration.
|
||||
|
||||
|
||||
File: tinc.info, Node: Configuration of NetBSD kernels, Next: Configuration of Solaris kernels, Prev: Configuration of OpenBSD kernels, Up: Configuring the kernel
|
||||
|
@ -247,7 +243,7 @@ For Solaris 8 (SunOS 5.8) and higher, the tun driver may or may not be
|
|||
included in the default kernel configuration. If it isn't, the source
|
||||
can be downloaded from <http://vtun.sourceforge.net/tun/>. For x86 and
|
||||
sparc64 architectures, precompiled versions can be found at
|
||||
<http://www.monkey.org/~dugsong/fragroute/>. If the 'net/if_tun.h'
|
||||
<https://www.monkey.org/~dugsong/fragroute/>. If the 'net/if_tun.h'
|
||||
header file is missing, install it from the source package.
|
||||
|
||||
|
||||
|
@ -274,7 +270,8 @@ File: tinc.info, Node: Configuration of Windows, Prev: Configuration of Darwin
|
|||
------------------------------
|
||||
|
||||
You will need to install the latest TAP-Win32 driver from OpenVPN. You
|
||||
can download it from <http://openvpn.sourceforge.net>. Using the
|
||||
can download it from
|
||||
<https://openvpn.net/index.php/open-source/downloads.html>. Using the
|
||||
Network Connections control panel, configure the TAP-Win32 network
|
||||
interface in the same way as you would do from the tinc-up script, as
|
||||
explained in the rest of the documentation.
|
||||
|
@ -285,25 +282,25 @@ File: tinc.info, Node: Libraries, Prev: Configuring the kernel, Up: Preparati
|
|||
2.2 Libraries
|
||||
=============
|
||||
|
||||
Before you can configure or build tinc, you need to have the OpenSSL,
|
||||
zlib and lzo libraries installed on your system. If you try to
|
||||
Before you can configure or build tinc, you need to have the LibreSSL or
|
||||
OpenSSL, zlib and lzo libraries installed on your system. If you try to
|
||||
configure tinc without having them installed, configure will give you an
|
||||
error message, and stop.
|
||||
|
||||
* Menu:
|
||||
|
||||
* OpenSSL::
|
||||
* LibreSSL/OpenSSL::
|
||||
* zlib::
|
||||
* lzo::
|
||||
|
||||
|
||||
File: tinc.info, Node: OpenSSL, Next: zlib, Up: Libraries
|
||||
File: tinc.info, Node: LibreSSL/OpenSSL, Next: zlib, Up: Libraries
|
||||
|
||||
2.2.1 OpenSSL
|
||||
-------------
|
||||
2.2.1 LibreSSL/OpenSSL
|
||||
----------------------
|
||||
|
||||
For all cryptography-related functions, tinc uses the functions provided
|
||||
by the OpenSSL library.
|
||||
by the LibreSSL or the OpenSSL library.
|
||||
|
||||
If this library is not installed, you will get an error when
|
||||
configuring tinc for build. Support for running tinc with other
|
||||
|
@ -313,19 +310,22 @@ cryptographic libraries installed _may_ be added in the future.
|
|||
if available. Make sure you install the development AND runtime
|
||||
versions of this package.
|
||||
|
||||
If you have to install OpenSSL manually, you can get the source code
|
||||
from <http://www.openssl.org/>. Instructions on how to configure, build
|
||||
and install this package are included within the package. Please make
|
||||
sure you build development and runtime libraries (which is the default).
|
||||
If your operating system comes neither with LibreSSL or OpenSSL, you
|
||||
have to install one manually. It is recommended that you get the latest
|
||||
version of LibreSSL from <http://www.libressl.org/>. Instructions on
|
||||
how to configure, build and install this package are included within the
|
||||
package. Please make sure you build development and runtime libraries
|
||||
(which is the default).
|
||||
|
||||
If you installed the OpenSSL libraries from source, it may be
|
||||
necessary to let configure know where they are, by passing configure one
|
||||
of the -with-openssl-* parameters.
|
||||
If you installed the LibreSSL or OpenSSL libraries from source, it
|
||||
may be necessary to let configure know where they are, by passing
|
||||
configure one of the -with-openssl-* parameters. Note that you even
|
||||
have to use -with-openssl-* if you are using LibreSSL.
|
||||
|
||||
--with-openssl=DIR OpenSSL library and headers prefix
|
||||
--with-openssl-include=DIR OpenSSL headers directory
|
||||
--with-openssl=DIR LibreSSL/OpenSSL library and headers prefix
|
||||
--with-openssl-include=DIR LibreSSL/OpenSSL headers directory
|
||||
(Default is OPENSSL_DIR/include)
|
||||
--with-openssl-lib=DIR OpenSSL library directory
|
||||
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
|
||||
(Default is OPENSSL_DIR/lib)
|
||||
|
||||
License
|
||||
|
@ -334,7 +334,7 @@ License
|
|||
The complete source code of tinc is covered by the GNU GPL version 2.
|
||||
Since the license under which OpenSSL is distributed is not directly
|
||||
compatible with the terms of the GNU GPL
|
||||
<http://www.openssl.org/support/faq.html#LEGAL2>, we include an
|
||||
<https://www.openssl.org/support/faq.html#LEGAL2>, we include an
|
||||
exemption to the GPL (see also the file COPYING.README) to allow
|
||||
everyone to create a statically or dynamically linked executable:
|
||||
|
||||
|
@ -347,13 +347,13 @@ everyone to create a statically or dynamically linked executable:
|
|||
also present the following exemption:
|
||||
|
||||
Hereby I grant a special exception to the tinc VPN project
|
||||
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL
|
||||
library (http://www.openssl.org).
|
||||
(https://www.tinc-vpn.org/) to link the LZO library with the
|
||||
OpenSSL library (https://www.openssl.org).
|
||||
|
||||
Markus F.X.J. Oberhumer
|
||||
|
||||
|
||||
File: tinc.info, Node: zlib, Next: lzo, Prev: OpenSSL, Up: Libraries
|
||||
File: tinc.info, Node: zlib, Next: lzo, Prev: LibreSSL/OpenSSL, Up: Libraries
|
||||
|
||||
2.2.2 zlib
|
||||
----------
|
||||
|
@ -373,10 +373,9 @@ if available. Make sure you install the development AND runtime
|
|||
versions of this package.
|
||||
|
||||
If you have to install zlib manually, you can get the source code
|
||||
from <http://www.gzip.org/zlib/>. Instructions on how to configure,
|
||||
build and install this package are included within the package. Please
|
||||
make sure you build development and runtime libraries (which is the
|
||||
default).
|
||||
from <http://www.zlib.net/>. Instructions on how to configure, build
|
||||
and install this package are included within the package. Please make
|
||||
sure you build development and runtime libraries (which is the default).
|
||||
|
||||
|
||||
File: tinc.info, Node: lzo, Prev: zlib, Up: Libraries
|
||||
|
@ -398,7 +397,7 @@ if available. Make sure you install the development AND runtime
|
|||
versions of this package.
|
||||
|
||||
If you have to install lzo manually, you can get the source code from
|
||||
<http://www.oberhumer.com/opensource/lzo/>. Instructions on how to
|
||||
<https://www.oberhumer.com/opensource/lzo/>. Instructions on how to
|
||||
configure, build and install this package are included within the
|
||||
package. Please make sure you build development and runtime libraries
|
||||
(which is the default).
|
||||
|
@ -416,9 +415,7 @@ startup scripts and sample configurations.
|
|||
If you cannot use one of the precompiled packages, or you want to
|
||||
compile tinc for yourself, you can use the source. The source is
|
||||
distributed under the GNU General Public License (GPL). Download the
|
||||
source from the download page (http://www.tinc-vpn.org/download/), which
|
||||
has the checksums of these files listed; you may wish to check these
|
||||
with md5sum before continuing.
|
||||
source from the download page (https://www.tinc-vpn.org/download/).
|
||||
|
||||
Tinc comes in a convenient autoconf/automake package, which you can
|
||||
just treat the same as any other package. Which is just untar it, type
|
||||
|
@ -456,13 +453,13 @@ File: tinc.info, Node: Darwin (Mac OS X) build environment, Next: Cygwin (Wind
|
|||
3.1.1 Darwin (Mac OS X) build environment
|
||||
-----------------------------------------
|
||||
|
||||
In order to build tinc on Darwin, you need to install the Mac OS X
|
||||
Developer Tools from <http://developer.apple.com/tools/macosxtools.html>
|
||||
and preferably a recent version of Fink from
|
||||
<http://www.finkproject.org/>.
|
||||
In order to build tinc on Darwin, you need to install Xcode from
|
||||
<https://developer.apple.com/xcode/>. It might also help to install a
|
||||
recent version of Fink from <http://www.finkproject.org/>.
|
||||
|
||||
After installation use fink to download and install the following
|
||||
packages: autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
||||
You need to download and install LibreSSL (or OpenSSL) and LZO,
|
||||
either directly from their websites (see *note Libraries::) or using
|
||||
Fink.
|
||||
|
||||
|
||||
File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Windows) build environment, Prev: Darwin (Mac OS X) build environment, Up: Building and installing tinc
|
||||
|
@ -471,7 +468,7 @@ File: tinc.info, Node: Cygwin (Windows) build environment, Next: MinGW (Window
|
|||
----------------------------------------
|
||||
|
||||
If Cygwin hasn't already been installed, install it directly from
|
||||
<http://www.cygwin.com/>.
|
||||
<https://www.cygwin.com/>.
|
||||
|
||||
When tinc is compiled in a Cygwin environment, it can only be run in
|
||||
this environment, but all programs, including those started outside the
|
||||
|
@ -485,7 +482,8 @@ File: tinc.info, Node: MinGW (Windows) build environment, Prev: Cygwin (Window
|
|||
---------------------------------------
|
||||
|
||||
You will need to install the MinGW environment from
|
||||
<http://www.mingw.org>.
|
||||
<http://www.mingw.org>. You also need to download and install LibreSSL
|
||||
(or OpenSSL) and LZO.
|
||||
|
||||
When tinc is compiled using MinGW it runs natively under Windows, it
|
||||
is not necessary to keep MinGW installed.
|
||||
|
@ -1057,9 +1055,9 @@ Address = <IP ADDRESS|HOSTNAME> [<port>] [recommended]
|
|||
|
||||
Cipher = <CIPHER> (blowfish)
|
||||
The symmetric cipher algorithm used to encrypt UDP packets. Any
|
||||
cipher supported by OpenSSL is recognized. Furthermore, specifying
|
||||
"none" will turn off packet encryption. It is best to use only
|
||||
those ciphers which support CBC mode.
|
||||
cipher supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying "none" will turn off packet encryption. It
|
||||
is best to use only those ciphers which support CBC mode.
|
||||
|
||||
ClampMSS = <yes|no> (yes)
|
||||
This option specifies whether tinc should clamp the maximum segment
|
||||
|
@ -1074,8 +1072,8 @@ Compression = <LEVEL> (0)
|
|||
|
||||
Digest = <DIGEST> (sha1)
|
||||
The digest algorithm used to authenticate UDP packets. Any digest
|
||||
supported by OpenSSL is recognized. Furthermore, specifying "none"
|
||||
will turn off packet authentication.
|
||||
supported by LibreSSL or OpenSSL is recognized. Furthermore,
|
||||
specifying "none" will turn off packet authentication.
|
||||
|
||||
IndirectData = <yes|no> (no)
|
||||
This option specifies whether other tinc daemons besides the one
|
||||
|
@ -1137,7 +1135,7 @@ Subnet = <ADDRESS[/PREFIXLENGTH[#WEIGHT]]>
|
|||
Prefixlength is the number of bits set to 1 in the netmask part;
|
||||
for example: netmask 255.255.255.0 would become /24, 255.255.252.0
|
||||
becomes /22. This conforms to standard CIDR notation as described
|
||||
in RFC1519 (http://www.ietf.org/rfc/rfc1519.txt)
|
||||
in RFC1519 (https://www.ietf.org/rfc/rfc1519.txt)
|
||||
|
||||
A Subnet can be given a weight to indicate its priority over
|
||||
identical Subnets owned by different nodes. The default weight is
|
||||
|
@ -2098,7 +2096,7 @@ intercept. The encryption algorithm and message authentication
|
|||
algorithm can be changed in the configuration. The length of the
|
||||
message authentication codes is also adjustable. The length of the key
|
||||
for the encryption algorithm is always the default length used by
|
||||
OpenSSL.
|
||||
LibreSSL/OpenSSL.
|
||||
|
||||
* Menu:
|
||||
|
||||
|
@ -2256,8 +2254,8 @@ In August 2000, we discovered the existence of a security hole in all
|
|||
versions of tinc up to and including 1.0pre2. This had to do with the
|
||||
way we exchanged keys. Since then, we have been working on a new
|
||||
authentication scheme to make tinc as secure as possible. The current
|
||||
version uses the OpenSSL library and uses strong authentication with RSA
|
||||
keys.
|
||||
version uses the LibreSSL or OpenSSL library and uses strong
|
||||
authentication with RSA keys.
|
||||
|
||||
On the 29th of December 2001, Jerome Etienne posted a security
|
||||
analysis of tinc 1.0pre4. Due to a lack of sequence numbers and a
|
||||
|
@ -2393,12 +2391,12 @@ File: tinc.info, Node: Contact information, Next: Authors, Up: About us
|
|||
8.1 Contact information
|
||||
=======================
|
||||
|
||||
Tinc's website is at <http://www.tinc-vpn.org/>, this server is located
|
||||
Tinc's website is at <https://www.tinc-vpn.org/>, this server is located
|
||||
in the Netherlands.
|
||||
|
||||
We have an IRC channel on the FreeNode and OFTC IRC networks.
|
||||
Connect to irc.freenode.net (http://www.freenode.net/) or irc.oftc.net
|
||||
(http://www.oftc.net/) and join channel #tinc.
|
||||
Connect to irc.freenode.net (https://freenode.net/) or irc.oftc.net
|
||||
(https://www.oftc.net/) and join channel #tinc.
|
||||
|
||||
|
||||
File: tinc.info, Node: Authors, Prev: Contact information, Up: About us
|
||||
|
@ -2515,7 +2513,8 @@ Concept Index
|
|||
(line 206)
|
||||
* KEY_CHANGED: The meta-protocol. (line 63)
|
||||
* libraries: Libraries. (line 6)
|
||||
* license: OpenSSL. (line 35)
|
||||
* LibreSSL: LibreSSL/OpenSSL. (line 6)
|
||||
* license: LibreSSL/OpenSSL. (line 38)
|
||||
* LocalDiscovery: Main configuration variables.
|
||||
(line 212)
|
||||
* lzo: lzo. (line 6)
|
||||
|
@ -2542,7 +2541,7 @@ Concept Index
|
|||
* Network Administrators Guide: Configuration introduction.
|
||||
(line 15)
|
||||
* NODE: Scripts. (line 71)
|
||||
* OpenSSL: OpenSSL. (line 6)
|
||||
* OpenSSL: LibreSSL/OpenSSL. (line 6)
|
||||
* options: Runtime options. (line 9)
|
||||
* PEM format: Host configuration variables.
|
||||
(line 69)
|
||||
|
@ -2656,61 +2655,61 @@ Node: Introduction1105
|
|||
Node: Virtual Private Networks1915
|
||||
Node: tinc3639
|
||||
Node: Supported platforms5166
|
||||
Node: Preparations5866
|
||||
Node: Configuring the kernel6122
|
||||
Node: Configuration of Linux kernels6532
|
||||
Node: Configuration of FreeBSD kernels7387
|
||||
Node: Configuration of OpenBSD kernels7852
|
||||
Node: Configuration of NetBSD kernels8460
|
||||
Node: Configuration of Solaris kernels8865
|
||||
Node: Configuration of Darwin (Mac OS X) kernels9527
|
||||
Node: Configuration of Windows10346
|
||||
Node: Libraries10860
|
||||
Node: OpenSSL11248
|
||||
Node: zlib13536
|
||||
Node: lzo14564
|
||||
Node: Installation15546
|
||||
Node: Building and installing tinc16561
|
||||
Node: Darwin (Mac OS X) build environment17221
|
||||
Node: Cygwin (Windows) build environment17803
|
||||
Node: MinGW (Windows) build environment18391
|
||||
Node: System files18915
|
||||
Node: Device files19180
|
||||
Node: Other files19596
|
||||
Node: Configuration20209
|
||||
Node: Configuration introduction20520
|
||||
Node: Multiple networks21788
|
||||
Node: How connections work23214
|
||||
Node: Configuration files24436
|
||||
Node: Main configuration variables25930
|
||||
Node: Host configuration variables42187
|
||||
Node: Scripts47690
|
||||
Node: How to configure50956
|
||||
Node: Generating keypairs52214
|
||||
Node: Network interfaces52713
|
||||
Node: Example configuration54561
|
||||
Node: Running tinc59886
|
||||
Node: Runtime options60476
|
||||
Node: Signals63778
|
||||
Node: Debug levels64969
|
||||
Node: Solving problems65905
|
||||
Node: Error messages67457
|
||||
Node: Sending bug reports71466
|
||||
Node: Technical information72413
|
||||
Node: The connection72644
|
||||
Node: The UDP tunnel72956
|
||||
Node: The meta-connection76017
|
||||
Node: The meta-protocol77486
|
||||
Node: Security82503
|
||||
Node: Authentication protocol83636
|
||||
Node: Encryption of network packets88681
|
||||
Node: Security issues90057
|
||||
Node: Platform specific information91684
|
||||
Node: Interface configuration91912
|
||||
Node: Routes94383
|
||||
Node: About us96397
|
||||
Node: Contact information96572
|
||||
Node: Authors96976
|
||||
Node: Concept Index97381
|
||||
Node: Preparations5867
|
||||
Node: Configuring the kernel6123
|
||||
Node: Configuration of Linux kernels6533
|
||||
Node: Configuration of FreeBSD kernels7388
|
||||
Node: Configuration of OpenBSD kernels7853
|
||||
Node: Configuration of NetBSD kernels8210
|
||||
Node: Configuration of Solaris kernels8615
|
||||
Node: Configuration of Darwin (Mac OS X) kernels9278
|
||||
Node: Configuration of Windows10097
|
||||
Node: Libraries10637
|
||||
Node: LibreSSL/OpenSSL11046
|
||||
Node: zlib13588
|
||||
Node: lzo14620
|
||||
Node: Installation15603
|
||||
Node: Building and installing tinc16513
|
||||
Node: Darwin (Mac OS X) build environment17173
|
||||
Node: Cygwin (Windows) build environment17738
|
||||
Node: MinGW (Windows) build environment18327
|
||||
Node: System files18921
|
||||
Node: Device files19186
|
||||
Node: Other files19602
|
||||
Node: Configuration20215
|
||||
Node: Configuration introduction20526
|
||||
Node: Multiple networks21794
|
||||
Node: How connections work23220
|
||||
Node: Configuration files24442
|
||||
Node: Main configuration variables25936
|
||||
Node: Host configuration variables42193
|
||||
Node: Scripts47720
|
||||
Node: How to configure50986
|
||||
Node: Generating keypairs52244
|
||||
Node: Network interfaces52743
|
||||
Node: Example configuration54591
|
||||
Node: Running tinc59916
|
||||
Node: Runtime options60506
|
||||
Node: Signals63808
|
||||
Node: Debug levels64999
|
||||
Node: Solving problems65935
|
||||
Node: Error messages67487
|
||||
Node: Sending bug reports71496
|
||||
Node: Technical information72443
|
||||
Node: The connection72674
|
||||
Node: The UDP tunnel72986
|
||||
Node: The meta-connection76047
|
||||
Node: The meta-protocol77516
|
||||
Node: Security82533
|
||||
Node: Authentication protocol83675
|
||||
Node: Encryption of network packets88720
|
||||
Node: Security issues90096
|
||||
Node: Platform specific information91735
|
||||
Node: Interface configuration91963
|
||||
Node: Routes94434
|
||||
Node: About us96448
|
||||
Node: Contact information96623
|
||||
Node: Authors97026
|
||||
Node: Concept Index97431
|
||||
|
||||
End Tag Table
|
||||
|
|
|
@ -186,7 +186,7 @@ packets.
|
|||
@cindex release
|
||||
For an up to date list of supported platforms, please check the list on
|
||||
our website:
|
||||
@uref{http://www.tinc-vpn.org/platforms/}.
|
||||
@uref{https://www.tinc-vpn.org/platforms/}.
|
||||
|
||||
@c
|
||||
@c
|
||||
|
@ -268,12 +268,7 @@ The tap driver can be loaded with @code{kldload if_tap}, or by adding @code{if_t
|
|||
@node Configuration of OpenBSD kernels
|
||||
@subsection Configuration of OpenBSD kernels
|
||||
|
||||
For OpenBSD version 2.9 and higher,
|
||||
the tun driver is included in the default kernel configuration.
|
||||
There is also a kernel patch from @uref{http://diehard.n-r-g.com/stuff/openbsd/}
|
||||
which adds a tap device to OpenBSD which should work with tinc,
|
||||
but with recent versions of OpenBSD,
|
||||
a tun device can act as a tap device by setting the link0 option with ifconfig.
|
||||
Recent versions of OpenBSD come with both tun and tap devices enabled in the default kernel configuration.
|
||||
|
||||
|
||||
@c ==================================================================
|
||||
|
@ -293,7 +288,7 @@ Tunneling IPv6 may not work on NetBSD's tun device.
|
|||
For Solaris 8 (SunOS 5.8) and higher,
|
||||
the tun driver may or may not be included in the default kernel configuration.
|
||||
If it isn't, the source can be downloaded from @uref{http://vtun.sourceforge.net/tun/}.
|
||||
For x86 and sparc64 architectures, precompiled versions can be found at @uref{http://www.monkey.org/~dugsong/fragroute/}.
|
||||
For x86 and sparc64 architectures, precompiled versions can be found at @uref{https://www.monkey.org/~dugsong/fragroute/}.
|
||||
If the @file{net/if_tun.h} header file is missing, install it from the source package.
|
||||
|
||||
|
||||
|
@ -317,7 +312,7 @@ You can also omit the number, in which case the first free number will be chosen
|
|||
@subsection Configuration of Windows
|
||||
|
||||
You will need to install the latest TAP-Win32 driver from OpenVPN.
|
||||
You can download it from @uref{http://openvpn.sourceforge.net}.
|
||||
You can download it from @uref{https://openvpn.net/index.php/open-source/downloads.html}.
|
||||
Using the Network Connections control panel,
|
||||
configure the TAP-Win32 network interface in the same way as you would do from the tinc-up script,
|
||||
as explained in the rest of the documentation.
|
||||
|
@ -329,24 +324,25 @@ as explained in the rest of the documentation.
|
|||
|
||||
@cindex requirements
|
||||
@cindex libraries
|
||||
Before you can configure or build tinc, you need to have the OpenSSL,
|
||||
Before you can configure or build tinc, you need to have the LibreSSL or OpenSSL,
|
||||
zlib and lzo libraries installed on your system. If you try to configure tinc without
|
||||
having them installed, configure will give you an error message, and stop.
|
||||
|
||||
@menu
|
||||
* OpenSSL::
|
||||
* LibreSSL/OpenSSL::
|
||||
* zlib::
|
||||
* lzo::
|
||||
@end menu
|
||||
|
||||
|
||||
@c ==================================================================
|
||||
@node OpenSSL
|
||||
@subsection OpenSSL
|
||||
@node LibreSSL/OpenSSL
|
||||
@subsection LibreSSL/OpenSSL
|
||||
|
||||
@cindex LibreSSL
|
||||
@cindex OpenSSL
|
||||
For all cryptography-related functions, tinc uses the functions provided
|
||||
by the OpenSSL library.
|
||||
by the LibreSSL or the OpenSSL library.
|
||||
|
||||
If this library is not installed, you will get an error when configuring
|
||||
tinc for build. Support for running tinc with other cryptographic libraries
|
||||
|
@ -356,21 +352,23 @@ You can use your operating system's package manager to install this if
|
|||
available. Make sure you install the development AND runtime versions
|
||||
of this package.
|
||||
|
||||
If you have to install OpenSSL manually, you can get the source code
|
||||
from @url{http://www.openssl.org/}. Instructions on how to configure,
|
||||
build and install this package are included within the package. Please
|
||||
make sure you build development and runtime libraries (which is the
|
||||
If your operating system comes neither with LibreSSL or OpenSSL, you have to
|
||||
install one manually. It is recommended that you get the latest version of
|
||||
LibreSSL from @url{http://www.libressl.org/}. Instructions on how to
|
||||
configure, build and install this package are included within the package.
|
||||
Please make sure you build development and runtime libraries (which is the
|
||||
default).
|
||||
|
||||
If you installed the OpenSSL libraries from source, it may be necessary
|
||||
If you installed the LibreSSL or OpenSSL libraries from source, it may be necessary
|
||||
to let configure know where they are, by passing configure one of the
|
||||
--with-openssl-* parameters.
|
||||
--with-openssl-* parameters. Note that you even have to use --with-openssl-* if you
|
||||
are using LibreSSL.
|
||||
|
||||
@example
|
||||
--with-openssl=DIR OpenSSL library and headers prefix
|
||||
--with-openssl-include=DIR OpenSSL headers directory
|
||||
--with-openssl=DIR LibreSSL/OpenSSL library and headers prefix
|
||||
--with-openssl-include=DIR LibreSSL/OpenSSL headers directory
|
||||
(Default is OPENSSL_DIR/include)
|
||||
--with-openssl-lib=DIR OpenSSL library directory
|
||||
--with-openssl-lib=DIR LibreSSL/OpenSSL library directory
|
||||
(Default is OPENSSL_DIR/lib)
|
||||
@end example
|
||||
|
||||
|
@ -381,7 +379,7 @@ to let configure know where they are, by passing configure one of the
|
|||
The complete source code of tinc is covered by the GNU GPL version 2.
|
||||
Since the license under which OpenSSL is distributed is not directly
|
||||
compatible with the terms of the GNU GPL
|
||||
@uref{http://www.openssl.org/support/faq.html#LEGAL2}, we
|
||||
@uref{https://www.openssl.org/support/faq.html#LEGAL2}, we
|
||||
include an exemption to the GPL (see also the file COPYING.README) to allow
|
||||
everyone to create a statically or dynamically linked executable:
|
||||
|
||||
|
@ -397,8 +395,8 @@ we also present the following exemption:
|
|||
|
||||
@quotation
|
||||
Hereby I grant a special exception to the tinc VPN project
|
||||
(http://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
|
||||
(http://www.openssl.org).
|
||||
(https://www.tinc-vpn.org/) to link the LZO library with the OpenSSL library
|
||||
(https://www.openssl.org).
|
||||
|
||||
Markus F.X.J. Oberhumer
|
||||
@end quotation
|
||||
|
@ -423,7 +421,7 @@ available. Make sure you install the development AND runtime versions
|
|||
of this package.
|
||||
|
||||
If you have to install zlib manually, you can get the source code
|
||||
from @url{http://www.gzip.org/zlib/}. Instructions on how to configure,
|
||||
from @url{http://www.zlib.net/}. Instructions on how to configure,
|
||||
build and install this package are included within the package. Please
|
||||
make sure you build development and runtime libraries (which is the
|
||||
default).
|
||||
|
@ -447,7 +445,7 @@ available. Make sure you install the development AND runtime versions
|
|||
of this package.
|
||||
|
||||
If you have to install lzo manually, you can get the source code
|
||||
from @url{http://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure,
|
||||
from @url{https://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure,
|
||||
build and install this package are included within the package. Please
|
||||
make sure you build development and runtime libraries (which is the
|
||||
default).
|
||||
|
@ -473,9 +471,7 @@ system startup scripts and sample configurations.
|
|||
If you cannot use one of the precompiled packages, or you want to compile tinc
|
||||
for yourself, you can use the source. The source is distributed under
|
||||
the GNU General Public License (GPL). Download the source from the
|
||||
@uref{http://www.tinc-vpn.org/download/, download page}, which has
|
||||
the checksums of these files listed; you may wish to check these with
|
||||
md5sum before continuing.
|
||||
@uref{https://www.tinc-vpn.org/download/, download page}.
|
||||
|
||||
Tinc comes in a convenient autoconf/automake package, which you can just
|
||||
treat the same as any other package. Which is just untar it, type
|
||||
|
@ -512,19 +508,18 @@ The documentation that comes along with your distribution will tell you how to d
|
|||
@node Darwin (Mac OS X) build environment
|
||||
@subsection Darwin (Mac OS X) build environment
|
||||
|
||||
In order to build tinc on Darwin, you need to install the Mac OS X Developer Tools
|
||||
from @uref{http://developer.apple.com/tools/macosxtools.html} and
|
||||
preferably a recent version of Fink from @uref{http://www.finkproject.org/}.
|
||||
In order to build tinc on Darwin, you need to install Xcode from @uref{https://developer.apple.com/xcode/}.
|
||||
It might also help to install a recent version of Fink from @uref{http://www.finkproject.org/}.
|
||||
|
||||
After installation use fink to download and install the following packages:
|
||||
autoconf25, automake, dlcompat, m4, openssl, zlib and lzo.
|
||||
You need to download and install LibreSSL (or OpenSSL) and LZO,
|
||||
either directly from their websites (see @ref{Libraries}) or using Fink.
|
||||
|
||||
@c ==================================================================
|
||||
@node Cygwin (Windows) build environment
|
||||
@subsection Cygwin (Windows) build environment
|
||||
|
||||
If Cygwin hasn't already been installed, install it directly from
|
||||
@uref{http://www.cygwin.com/}.
|
||||
@uref{https://www.cygwin.com/}.
|
||||
|
||||
When tinc is compiled in a Cygwin environment, it can only be run in this environment,
|
||||
but all programs, including those started outside the Cygwin environment, will be able to use the VPN.
|
||||
|
@ -535,6 +530,7 @@ It will also support all features.
|
|||
@subsection MinGW (Windows) build environment
|
||||
|
||||
You will need to install the MinGW environment from @uref{http://www.mingw.org}.
|
||||
You also need to download and install LibreSSL (or OpenSSL) and LZO.
|
||||
|
||||
When tinc is compiled using MinGW it runs natively under Windows,
|
||||
it is not necessary to keep MinGW installed.
|
||||
|
@ -1149,7 +1145,7 @@ tried until a working connection has been established.
|
|||
@cindex Cipher
|
||||
@item Cipher = <@var{cipher}> (blowfish)
|
||||
The symmetric cipher algorithm used to encrypt UDP packets.
|
||||
Any cipher supported by OpenSSL is recognized.
|
||||
Any cipher supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying "none" will turn off packet encryption.
|
||||
It is best to use only those ciphers which support CBC mode.
|
||||
|
||||
|
@ -1168,7 +1164,7 @@ Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib),
|
|||
@cindex Digest
|
||||
@item Digest = <@var{digest}> (sha1)
|
||||
The digest algorithm used to authenticate UDP packets.
|
||||
Any digest supported by OpenSSL is recognized.
|
||||
Any digest supported by LibreSSL or OpenSSL is recognized.
|
||||
Furthermore, specifying "none" will turn off packet authentication.
|
||||
|
||||
@cindex IndirectData
|
||||
|
@ -1239,7 +1235,7 @@ MAC addresses are notated like 0:1a:2b:3c:4d:5e.
|
|||
Prefixlength is the number of bits set to 1 in the netmask part; for
|
||||
example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes
|
||||
/22. This conforms to standard CIDR notation as described in
|
||||
@uref{http://www.ietf.org/rfc/rfc1519.txt, RFC1519}
|
||||
@uref{https://www.ietf.org/rfc/rfc1519.txt, RFC1519}
|
||||
|
||||
@cindex Subnet weight
|
||||
A Subnet can be given a weight to indicate its priority over identical Subnets
|
||||
|
@ -2254,7 +2250,7 @@ eavesdroppers cannot get and cannot change any information at all from the
|
|||
packets they can intercept. The encryption algorithm and message authentication
|
||||
algorithm can be changed in the configuration. The length of the message
|
||||
authentication codes is also adjustable. The length of the key for the
|
||||
encryption algorithm is always the default length used by OpenSSL.
|
||||
encryption algorithm is always the default length used by LibreSSL/OpenSSL.
|
||||
|
||||
@menu
|
||||
* Authentication protocol::
|
||||
|
@ -2413,7 +2409,7 @@ the MACLength configuration variable.
|
|||
In August 2000, we discovered the existence of a security hole in all versions
|
||||
of tinc up to and including 1.0pre2. This had to do with the way we exchanged
|
||||
keys. Since then, we have been working on a new authentication scheme to make
|
||||
tinc as secure as possible. The current version uses the OpenSSL library and
|
||||
tinc as secure as possible. The current version uses the LibreSSL or OpenSSL library and
|
||||
uses strong authentication with RSA keys.
|
||||
|
||||
On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc
|
||||
|
@ -2586,14 +2582,14 @@ Adding routes to IPv6 subnets:
|
|||
@section Contact information
|
||||
|
||||
@cindex website
|
||||
Tinc's website is at @url{http://www.tinc-vpn.org/},
|
||||
Tinc's website is at @url{https://www.tinc-vpn.org/},
|
||||
this server is located in the Netherlands.
|
||||
|
||||
@cindex IRC
|
||||
We have an IRC channel on the FreeNode and OFTC IRC networks. Connect to
|
||||
@uref{http://www.freenode.net/, irc.freenode.net}
|
||||
@uref{https://freenode.net/, irc.freenode.net}
|
||||
or
|
||||
@uref{http://www.oftc.net/, irc.oftc.net}
|
||||
@uref{https://www.oftc.net/, irc.oftc.net}
|
||||
and join channel #tinc.
|
||||
|
||||
|
||||
|
|
|
@ -207,7 +207,7 @@ If you find any bugs, report them to tinc@tinc-vpn.org.
|
|||
A lot, especially security auditing.
|
||||
.Sh SEE ALSO
|
||||
.Xr tinc.conf 5 ,
|
||||
.Pa http://www.tinc-vpn.org/ ,
|
||||
.Pa https://www.tinc-vpn.org/ ,
|
||||
.Pa http://www.cabal.org/ .
|
||||
.Pp
|
||||
The full documentation for tinc is maintained as a Texinfo manual.
|
||||
|
|
|
@ -90,8 +90,11 @@ host_triplet = @host@
|
|||
subdir = m4
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||
$(top_srcdir)/configure.ac
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
|
|
69
m4/ax_append_flag.m4
Normal file
69
m4/ax_append_flag.m4
Normal file
|
@ -0,0 +1,69 @@
|
|||
# ===========================================================================
|
||||
# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE])
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# FLAG is appended to the FLAGS-VARIABLE shell variable, with a space
|
||||
# added in between.
|
||||
#
|
||||
# If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
|
||||
# CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains
|
||||
# FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly
|
||||
# FLAG.
|
||||
#
|
||||
# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
|
||||
# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by the
|
||||
# Free Software Foundation, either version 3 of the License, or (at your
|
||||
# option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||||
# Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along
|
||||
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception, the respective Autoconf Macro's copyright owner
|
||||
# gives unlimited permission to copy, distribute and modify the configure
|
||||
# scripts that are the output of Autoconf when processing the Macro. You
|
||||
# need not follow the terms of the GNU General Public License when using
|
||||
# or distributing such scripts, even though portions of the text of the
|
||||
# Macro appear in them. The GNU General Public License (GPL) does govern
|
||||
# all other use of the material that constitutes the Autoconf Macro.
|
||||
#
|
||||
# This special exception to the GPL applies to versions of the Autoconf
|
||||
# Macro released by the Autoconf Archive. When you make and distribute a
|
||||
# modified version of the Autoconf Macro, you may extend this special
|
||||
# exception to the GPL to apply to your modified version as well.
|
||||
|
||||
#serial 2
|
||||
|
||||
AC_DEFUN([AX_APPEND_FLAG],
|
||||
[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
|
||||
AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl
|
||||
AS_VAR_SET_IF(FLAGS,
|
||||
[case " AS_VAR_GET(FLAGS) " in
|
||||
*" $1 "*)
|
||||
AC_RUN_LOG([: FLAGS already contains $1])
|
||||
;;
|
||||
*)
|
||||
AC_RUN_LOG([: FLAGS="$FLAGS $1"])
|
||||
AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"])
|
||||
;;
|
||||
esac],
|
||||
[AS_VAR_SET(FLAGS,["$1"])])
|
||||
AS_VAR_POPDEF([FLAGS])dnl
|
||||
])dnl AX_APPEND_FLAG
|
122
m4/ax_cflags_warn_all.m4
Normal file
122
m4/ax_cflags_warn_all.m4
Normal file
|
@ -0,0 +1,122 @@
|
|||
# ===========================================================================
|
||||
# http://www.gnu.org/software/autoconf-archive/ax_cflags_warn_all.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_CFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
|
||||
# AX_CXXFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
|
||||
# AX_FCFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])]
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# Try to find a compiler option that enables most reasonable warnings.
|
||||
#
|
||||
# For the GNU compiler it will be -Wall (and -ansi -pedantic) The result
|
||||
# is added to the shellvar being CFLAGS, CXXFLAGS, or FCFLAGS by default.
|
||||
#
|
||||
# Currently this macro knows about the GCC, Solaris, Digital Unix, AIX,
|
||||
# HP-UX, IRIX, NEC SX-5 (Super-UX 10), Cray J90 (Unicos 10.0.0.8), and
|
||||
# Intel compilers. For a given compiler, the Fortran flags are much more
|
||||
# experimental than their C equivalents.
|
||||
#
|
||||
# - $1 shell-variable-to-add-to : CFLAGS, CXXFLAGS, or FCFLAGS
|
||||
# - $2 add-value-if-not-found : nothing
|
||||
# - $3 action-if-found : add value to shellvariable
|
||||
# - $4 action-if-not-found : nothing
|
||||
#
|
||||
# NOTE: These macros depend on AX_APPEND_FLAG.
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
|
||||
# Copyright (c) 2010 Rhys Ulerich <rhys.ulerich@gmail.com>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by the
|
||||
# Free Software Foundation; either version 3 of the License, or (at your
|
||||
# option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||||
# Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along
|
||||
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception, the respective Autoconf Macro's copyright owner
|
||||
# gives unlimited permission to copy, distribute and modify the configure
|
||||
# scripts that are the output of Autoconf when processing the Macro. You
|
||||
# need not follow the terms of the GNU General Public License when using
|
||||
# or distributing such scripts, even though portions of the text of the
|
||||
# Macro appear in them. The GNU General Public License (GPL) does govern
|
||||
# all other use of the material that constitutes the Autoconf Macro.
|
||||
#
|
||||
# This special exception to the GPL applies to versions of the Autoconf
|
||||
# Macro released by the Autoconf Archive. When you make and distribute a
|
||||
# modified version of the Autoconf Macro, you may extend this special
|
||||
# exception to the GPL to apply to your modified version as well.
|
||||
|
||||
#serial 15
|
||||
|
||||
AC_DEFUN([AX_FLAGS_WARN_ALL],[dnl
|
||||
AS_VAR_PUSHDEF([FLAGS],[_AC_LANG_PREFIX[]FLAGS])dnl
|
||||
AS_VAR_PUSHDEF([VAR],[ac_cv_[]_AC_LANG_ABBREV[]flags_warn_all])dnl
|
||||
AC_CACHE_CHECK([m4_ifval($1,$1,FLAGS) for maximum warnings],
|
||||
VAR,[VAR="no, unknown"
|
||||
ac_save_[]FLAGS="$[]FLAGS"
|
||||
for ac_arg dnl
|
||||
in "-warn all % -warn all" dnl Intel
|
||||
"-pedantic % -Wall" dnl GCC
|
||||
"-xstrconst % -v" dnl Solaris C
|
||||
"-std1 % -verbose -w0 -warnprotos" dnl Digital Unix
|
||||
"-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" dnl AIX
|
||||
"-ansi -ansiE % -fullwarn" dnl IRIX
|
||||
"+ESlit % +w1" dnl HP-UX C
|
||||
"-Xc % -pvctl[,]fullmsg" dnl NEC SX-5 (Super-UX 10)
|
||||
"-h conform % -h msglevel 2" dnl Cray C (Unicos)
|
||||
#
|
||||
do FLAGS="$ac_save_[]FLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'`
|
||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
|
||||
[VAR=`echo $ac_arg | sed -e 's,.*% *,,'` ; break])
|
||||
done
|
||||
FLAGS="$ac_save_[]FLAGS"
|
||||
])
|
||||
AS_VAR_POPDEF([FLAGS])dnl
|
||||
AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
|
||||
case ".$VAR" in
|
||||
.ok|.ok,*) m4_ifvaln($3,$3) ;;
|
||||
.|.no|.no,*) m4_default($4,[m4_ifval($2,[AX_APPEND_FLAG([$2], [$1])])]) ;;
|
||||
*) m4_default($3,[AX_APPEND_FLAG([$VAR], [$1])]) ;;
|
||||
esac
|
||||
AS_VAR_POPDEF([VAR])dnl
|
||||
])dnl AX_FLAGS_WARN_ALL
|
||||
dnl implementation tactics:
|
||||
dnl the for-argument contains a list of options. The first part of
|
||||
dnl these does only exist to detect the compiler - usually it is
|
||||
dnl a global option to enable -ansi or -extrawarnings. All other
|
||||
dnl compilers will fail about it. That was needed since a lot of
|
||||
dnl compilers will give false positives for some option-syntax
|
||||
dnl like -Woption or -Xoption as they think of it is a pass-through
|
||||
dnl to later compile stages or something. The "%" is used as a
|
||||
dnl delimiter. A non-option comment can be given after "%%" marks
|
||||
dnl which will be shown but not added to the respective C/CXXFLAGS.
|
||||
|
||||
AC_DEFUN([AX_CFLAGS_WARN_ALL],[dnl
|
||||
AC_LANG_PUSH([C])
|
||||
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
|
||||
AC_LANG_POP([C])
|
||||
])
|
||||
|
||||
AC_DEFUN([AX_CXXFLAGS_WARN_ALL],[dnl
|
||||
AC_LANG_PUSH([C++])
|
||||
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
|
||||
AC_LANG_POP([C++])
|
||||
])
|
||||
|
||||
AC_DEFUN([AX_FCFLAGS_WARN_ALL],[dnl
|
||||
AC_LANG_PUSH([Fortran])
|
||||
AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4])
|
||||
AC_LANG_POP([Fortran])
|
||||
])
|
37
m4/ax_require_defined.m4
Normal file
37
m4/ax_require_defined.m4
Normal file
|
@ -0,0 +1,37 @@
|
|||
# ===========================================================================
|
||||
# http://www.gnu.org/software/autoconf-archive/ax_require_defined.html
|
||||
# ===========================================================================
|
||||
#
|
||||
# SYNOPSIS
|
||||
#
|
||||
# AX_REQUIRE_DEFINED(MACRO)
|
||||
#
|
||||
# DESCRIPTION
|
||||
#
|
||||
# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have
|
||||
# been defined and thus are available for use. This avoids random issues
|
||||
# where a macro isn't expanded. Instead the configure script emits a
|
||||
# non-fatal:
|
||||
#
|
||||
# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found
|
||||
#
|
||||
# It's like AC_REQUIRE except it doesn't expand the required macro.
|
||||
#
|
||||
# Here's an example:
|
||||
#
|
||||
# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
|
||||
#
|
||||
# LICENSE
|
||||
#
|
||||
# Copyright (c) 2014 Mike Frysinger <vapier@gentoo.org>
|
||||
#
|
||||
# Copying and distribution of this file, with or without modification, are
|
||||
# permitted in any medium without royalty provided the copyright notice
|
||||
# and this notice are preserved. This file is offered as-is, without any
|
||||
# warranty.
|
||||
|
||||
#serial 1
|
||||
|
||||
AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
|
||||
m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
|
||||
])dnl AX_REQUIRE_DEFINED
|
|
@ -1,4 +1,4 @@
|
|||
dnl Check to find the OpenSSL headers/libraries
|
||||
dnl Check to find the LibreSSL/OpenSSL headers/libraries
|
||||
|
||||
AC_DEFUN([tinc_OPENSSL],
|
||||
[
|
||||
|
@ -10,47 +10,49 @@ AC_DEFUN([tinc_OPENSSL],
|
|||
[],
|
||||
[AC_CHECK_LIB(dl, dlopen,
|
||||
[LIBS="$LIBS -ldl"],
|
||||
[AC_MSG_ERROR([OpenSSL depends on libdl.]); break]
|
||||
[AC_MSG_ERROR([LibreSSL/OpenSSL depends on libdl.]); break]
|
||||
)]
|
||||
)
|
||||
;;
|
||||
esac
|
||||
|
||||
AC_ARG_WITH(openssl,
|
||||
AS_HELP_STRING([--with-openssl=DIR], [OpenSSL base directory, or:]),
|
||||
AS_HELP_STRING([--with-openssl=DIR], [LibreSSL/OpenSSL base directory, or:]),
|
||||
[openssl="$withval"
|
||||
CPPFLAGS="$CPPFLAGS -I$withval/include"
|
||||
LDFLAGS="$LDFLAGS -L$withval/lib"]
|
||||
)
|
||||
|
||||
AC_ARG_WITH(openssl-include,
|
||||
AS_HELP_STRING([--with-openssl-include=DIR], [OpenSSL headers directory (without trailing /openssl)]),
|
||||
AS_HELP_STRING([--with-openssl-include=DIR], [LibreSSL/OpenSSL headers directory (without trailing /openssl)]),
|
||||
[openssl_include="$withval"
|
||||
CPPFLAGS="$CPPFLAGS -I$withval"]
|
||||
)
|
||||
|
||||
AC_ARG_WITH(openssl-lib,
|
||||
AS_HELP_STRING([--with-openssl-lib=DIR], [OpenSSL library directory]),
|
||||
AS_HELP_STRING([--with-openssl-lib=DIR], [LibreSSL/OpenSSL library directory]),
|
||||
[openssl_lib="$withval"
|
||||
LDFLAGS="$LDFLAGS -L$withval"]
|
||||
)
|
||||
|
||||
AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h openssl/engine.h,
|
||||
[],
|
||||
[AC_MSG_ERROR([OpenSSL header files not found.]); break]
|
||||
[AC_MSG_ERROR([LibreSSL/OpenSSL header files not found.]); break]
|
||||
)
|
||||
|
||||
AC_CHECK_LIB(crypto, EVP_EncryptInit_ex,
|
||||
[LIBS="-lcrypto $LIBS"],
|
||||
[AC_MSG_ERROR([OpenSSL libraries not found.])]
|
||||
[AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])]
|
||||
)
|
||||
|
||||
AC_CHECK_FUNCS([RAND_pseudo_bytes EVP_EncryptInit_ex], ,
|
||||
[AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break],
|
||||
AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], ,
|
||||
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
|
||||
)
|
||||
|
||||
AC_CHECK_DECL([OpenSSL_add_all_algorithms], ,
|
||||
[AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break],
|
||||
[AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break],
|
||||
[#include <openssl/evp.h>]
|
||||
)
|
||||
|
||||
AC_CHECK_FUNCS([BN_GENCB_new ERR_remove_state RSA_set0_key], , , [#include <openssl/rsa.h>])
|
||||
])
|
||||
|
|
|
@ -105,8 +105,11 @@ sbin_PROGRAMS = tincd$(EXEEXT)
|
|||
subdir = src
|
||||
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||
am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \
|
||||
$(top_srcdir)/m4/ax_append_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_cflags_warn_all.m4 \
|
||||
$(top_srcdir)/m4/ax_check_compile_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/ax_check_link_flag.m4 \
|
||||
$(top_srcdir)/m4/ax_require_defined.m4 $(top_srcdir)/m4/lzo.m4 \
|
||||
$(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/zlib.m4 \
|
||||
$(top_srcdir)/configure.ac
|
||||
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
the code. Mail me if you found a bug.
|
||||
|
||||
Cleaned up and incorporated some of the ideas from the red-black tree
|
||||
library for inclusion into tinc (http://www.tinc-vpn.org/) by
|
||||
library for inclusion into tinc (https://www.tinc-vpn.org/) by
|
||||
Guus Sliepen <guus@tinc-vpn.org>.
|
||||
*/
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
the code. Mail me if you found a bug.
|
||||
|
||||
Cleaned up and incorporated some of the ideas from the red-black tree
|
||||
library for inclusion into tinc (http://www.tinc-vpn.org/) by
|
||||
library for inclusion into tinc (https://www.tinc-vpn.org/) by
|
||||
Guus Sliepen <guus@tinc-vpn.org>.
|
||||
*/
|
||||
|
||||
|
|
|
@ -198,18 +198,19 @@ static bool setup_device(void) {
|
|||
|
||||
// Guess what the corresponding interface is called
|
||||
|
||||
char *realname;
|
||||
char *realname = NULL;
|
||||
|
||||
#if defined(HAVE_FDEVNAME)
|
||||
realname = fdevname(device_fd) ? : device;
|
||||
realname = fdevname(device_fd);
|
||||
#elif defined(HAVE_DEVNAME)
|
||||
struct stat buf;
|
||||
if(!fstat(device_fd, &buf))
|
||||
realname = devname(buf.st_rdev, S_IFCHR) ? : device;
|
||||
#else
|
||||
realname = device;
|
||||
realname = devname(buf.st_rdev, S_IFCHR);
|
||||
#endif
|
||||
|
||||
if(!realname)
|
||||
realname = device;
|
||||
|
||||
if(!get_config_string(lookup_config(config_tree, "Interface"), &iface))
|
||||
iface = xstrdup(strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname);
|
||||
else if(strcmp(iface, strrchr(realname, '/') ? strrchr(realname, '/') + 1 : realname))
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
dropin.c -- a set of drop-in replacements for libc functions
|
||||
Copyright (C) 2000-2005 Ivo Timmermans,
|
||||
2000-2011 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -140,6 +140,7 @@ int vasprintf(char **buf, const char *fmt, va_list ap) {
|
|||
|
||||
va_copy(aq, ap);
|
||||
status = vsnprintf(*buf, len, fmt, aq);
|
||||
buf[len - 1] = 0;
|
||||
va_end(aq);
|
||||
|
||||
if(status >= 0)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
logger.c -- logging code
|
||||
Copyright (C) 2004-2006 Guus Sliepen <guus@tinc-vpn.org>
|
||||
Copyright (C) 2004-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2004-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -109,6 +109,7 @@ void logger(int priority, const char *format, ...) {
|
|||
char message[4096];
|
||||
const char *messages[] = {message};
|
||||
vsnprintf(message, sizeof(message), format, ap);
|
||||
message[sizeof message - 1] = 0;
|
||||
ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL);
|
||||
}
|
||||
#else
|
||||
|
|
|
@ -246,7 +246,7 @@ static void check_dead_connections(void) {
|
|||
if(c->status.active) {
|
||||
if(c->status.pinged) {
|
||||
ifdebug(CONNECTIONS) logger(LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds",
|
||||
c->name, c->hostname, (long)now - c->last_ping_time);
|
||||
c->name, c->hostname, (long)(now - c->last_ping_time));
|
||||
c->status.timeout = true;
|
||||
terminate_connection(c, true);
|
||||
} else if(c->last_ping_time + pinginterval <= now) {
|
||||
|
@ -275,7 +275,7 @@ static void check_dead_connections(void) {
|
|||
if(c->status.active) {
|
||||
ifdebug(CONNECTIONS) logger(LOG_INFO,
|
||||
"%s (%s) could not flush for %ld seconds (%d bytes remaining)",
|
||||
c->name, c->hostname, (long)now - c->last_flushed_time, c->outbuflen);
|
||||
c->name, c->hostname, (long)(now - c->last_flushed_time), c->outbuflen);
|
||||
c->status.timeout = true;
|
||||
terminate_connection(c, true);
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_packet.c -- Handles in- and outgoing VPN packets
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2010 Timothy Redaelli <timothy@redaelli.eu>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
|
@ -145,7 +145,7 @@ void send_mtu_probe(node_t *n) {
|
|||
len = 64;
|
||||
|
||||
memset(packet.data, 0, 14);
|
||||
RAND_pseudo_bytes(packet.data + 14, len - 14);
|
||||
RAND_bytes(packet.data + 14, len - 14);
|
||||
packet.len = len;
|
||||
if(i >= 4 && n->mtuprobes <= 10)
|
||||
packet.priority = -1;
|
||||
|
@ -314,10 +314,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|||
if(n->incipher) {
|
||||
outpkt = pkt[nextpkt++];
|
||||
|
||||
if(!EVP_DecryptInit_ex(&n->inctx, NULL, NULL, NULL, NULL)
|
||||
|| !EVP_DecryptUpdate(&n->inctx, (unsigned char *) &outpkt->seqno, &outlen,
|
||||
if(!EVP_DecryptInit_ex(n->inctx, NULL, NULL, NULL, NULL)
|
||||
|| !EVP_DecryptUpdate(n->inctx, (unsigned char *) &outpkt->seqno, &outlen,
|
||||
(unsigned char *) &inpkt->seqno, inpkt->len)
|
||||
|| !EVP_DecryptFinal_ex(&n->inctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
||||
|| !EVP_DecryptFinal_ex(n->inctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
||||
ifdebug(TRAFFIC) logger(LOG_DEBUG, "Error decrypting packet from %s (%s): %s",
|
||||
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return;
|
||||
|
@ -336,16 +336,16 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
|
|||
if(inpkt->seqno != n->received_seqno + 1) {
|
||||
if(inpkt->seqno >= n->received_seqno + replaywin * 8) {
|
||||
if(n->farfuture++ < replaywin >> 2) {
|
||||
logger(LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
|
||||
ifdebug(TRAFFIC) logger(LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)",
|
||||
n->name, n->hostname, inpkt->seqno - n->received_seqno - 1, n->farfuture);
|
||||
return;
|
||||
}
|
||||
logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
||||
ifdebug(TRAFFIC) logger(LOG_WARNING, "Lost %d packets from %s (%s)",
|
||||
inpkt->seqno - n->received_seqno - 1, n->name, n->hostname);
|
||||
memset(n->late, 0, replaywin);
|
||||
} else if (inpkt->seqno <= n->received_seqno) {
|
||||
if((n->received_seqno >= replaywin * 8 && inpkt->seqno <= n->received_seqno - replaywin * 8) || !(n->late[(inpkt->seqno / 8) % replaywin] & (1 << inpkt->seqno % 8))) {
|
||||
logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
||||
ifdebug(TRAFFIC) logger(LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d",
|
||||
n->name, n->hostname, inpkt->seqno, n->received_seqno);
|
||||
return;
|
||||
}
|
||||
|
@ -479,10 +479,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *origpkt) {
|
|||
if(n->outcipher) {
|
||||
outpkt = pkt[nextpkt++];
|
||||
|
||||
if(!EVP_EncryptInit_ex(&n->outctx, NULL, NULL, NULL, NULL)
|
||||
|| !EVP_EncryptUpdate(&n->outctx, (unsigned char *) &outpkt->seqno, &outlen,
|
||||
if(!EVP_EncryptInit_ex(n->outctx, NULL, NULL, NULL, NULL)
|
||||
|| !EVP_EncryptUpdate(n->outctx, (unsigned char *) &outpkt->seqno, &outlen,
|
||||
(unsigned char *) &inpkt->seqno, inpkt->len)
|
||||
|| !EVP_EncryptFinal_ex(&n->outctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
||||
|| !EVP_EncryptFinal_ex(n->outctx, (unsigned char *) &outpkt->seqno + outlen, &outpad)) {
|
||||
ifdebug(TRAFFIC) logger(LOG_ERR, "Error while encrypting packet to %s (%s): %s",
|
||||
n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
goto end;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
net_setup.c -- Setup.
|
||||
Copyright (C) 1998-2005 Ivo Timmermans,
|
||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2006 Scott Lamb <slamb@slamb.org>
|
||||
2010 Brandon Black <blblack@gmail.com>
|
||||
|
||||
|
@ -48,11 +48,22 @@
|
|||
char *myport;
|
||||
devops_t devops;
|
||||
|
||||
#ifndef HAVE_RSA_SET0_KEY
|
||||
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
|
||||
BN_free(r->n); r->n = n;
|
||||
BN_free(r->e); r->e = e;
|
||||
BN_free(r->d); r->d = d;
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
bool read_rsa_public_key(connection_t *c) {
|
||||
FILE *fp;
|
||||
char *pubname;
|
||||
char *hcfname;
|
||||
char *key;
|
||||
BIGNUM *n = NULL;
|
||||
BIGNUM *e = NULL;
|
||||
|
||||
if(!c->rsa_key) {
|
||||
c->rsa_key = RSA_new();
|
||||
|
@ -62,12 +73,19 @@ bool read_rsa_public_key(connection_t *c) {
|
|||
/* First, check for simple PublicKey statement */
|
||||
|
||||
if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
|
||||
if(BN_hex2bn(&c->rsa_key->n, key) != strlen(key)) {
|
||||
if(BN_hex2bn(&n, key) != strlen(key)) {
|
||||
free(key);
|
||||
logger(LOG_ERR, "Invalid PublicKey for %s!", c->name);
|
||||
return false;
|
||||
}
|
||||
BN_hex2bn(&c->rsa_key->e, "FFFF");
|
||||
free(key);
|
||||
BN_hex2bn(&e, "FFFF");
|
||||
if(!n || !e || RSA_set0_key(c->rsa_key, n, e, NULL) != 1) {
|
||||
BN_free(e);
|
||||
BN_free(n);
|
||||
logger(LOG_ERR, "RSA_set0_key() failed with PublicKey for %s!", c->name);
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -158,27 +176,39 @@ bool read_rsa_public_key(connection_t *c) {
|
|||
static bool read_rsa_private_key(void) {
|
||||
FILE *fp;
|
||||
char *fname, *key, *pubkey;
|
||||
BIGNUM *n = NULL;
|
||||
BIGNUM *e = NULL;
|
||||
BIGNUM *d = NULL;
|
||||
|
||||
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
|
||||
myself->connection->rsa_key = RSA_new();
|
||||
// RSA_blinding_on(myself->connection->rsa_key, NULL);
|
||||
if(BN_hex2bn(&myself->connection->rsa_key->d, key) != strlen(key)) {
|
||||
if(BN_hex2bn(&d, key) != strlen(key)) {
|
||||
logger(LOG_ERR, "Invalid PrivateKey for myself!");
|
||||
free(key);
|
||||
return false;
|
||||
}
|
||||
free(key);
|
||||
if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
|
||||
BN_free(d);
|
||||
logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
|
||||
return false;
|
||||
}
|
||||
if(BN_hex2bn(&myself->connection->rsa_key->n, pubkey) != strlen(pubkey)) {
|
||||
logger(LOG_ERR, "Invalid PublicKey for myself!");
|
||||
if(BN_hex2bn(&n, pubkey) != strlen(pubkey)) {
|
||||
free(pubkey);
|
||||
BN_free(d);
|
||||
logger(LOG_ERR, "Invalid PublicKey for myself!");
|
||||
return false;
|
||||
}
|
||||
free(pubkey);
|
||||
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
|
||||
BN_hex2bn(&e, "FFFF");
|
||||
if(!n || !e || !d || RSA_set0_key(myself->connection->rsa_key, n, e, d) != 1) {
|
||||
BN_free(d);
|
||||
BN_free(e);
|
||||
BN_free(n);
|
||||
logger(LOG_ERR, "RSA_set0_key() failed with PrivateKey for myself!");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -623,7 +653,7 @@ static bool setup_myself(void) {
|
|||
myself->incipher = EVP_bf_cbc();
|
||||
|
||||
if(myself->incipher)
|
||||
myself->inkeylength = myself->incipher->key_len + myself->incipher->iv_len;
|
||||
myself->inkeylength = EVP_CIPHER_key_length(myself->incipher) + EVP_CIPHER_iv_length(myself->incipher);
|
||||
else
|
||||
myself->inkeylength = 1;
|
||||
|
||||
|
@ -657,7 +687,7 @@ static bool setup_myself(void) {
|
|||
|
||||
if(get_config_int(lookup_config(config_tree, "MACLength"), &myself->inmaclength)) {
|
||||
if(myself->indigest) {
|
||||
if(myself->inmaclength > myself->indigest->md_size) {
|
||||
if(myself->inmaclength > EVP_MD_size(myself->indigest)) {
|
||||
logger(LOG_ERR, "MAC length exceeds size of digest!");
|
||||
return false;
|
||||
} else if(myself->inmaclength < 0) {
|
||||
|
|
21
src/netutl.c
21
src/netutl.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
netutl.c -- some supporting network utility code
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -231,6 +231,25 @@ void sockaddrunmap(sockaddr_t *sa) {
|
|||
}
|
||||
}
|
||||
|
||||
void sockaddr_setport(sockaddr_t *sa, const char *port) {
|
||||
uint16_t portnum = htons(atoi(port));
|
||||
if(!portnum)
|
||||
return;
|
||||
switch(sa->sa.sa_family) {
|
||||
case AF_INET:
|
||||
sa->in.sin_port = portnum;
|
||||
break;
|
||||
case AF_INET6:
|
||||
sa->in6.sin6_port = portnum;
|
||||
break;
|
||||
case AF_UNKNOWN:
|
||||
free(sa->unknown.port);
|
||||
sa->unknown.port = xstrdup(port);
|
||||
default:
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/* Subnet mask handling */
|
||||
|
||||
int maskcmp(const void *va, const void *vb, int masklen) {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
netutl.h -- header file for netutl.c
|
||||
Copyright (C) 1998-2005 Ivo Timmermans
|
||||
2000-2009 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -34,6 +34,7 @@ extern int sockaddrcmp_noport(const sockaddr_t *, const sockaddr_t *);
|
|||
extern void sockaddrunmap(sockaddr_t *);
|
||||
extern void sockaddrfree(sockaddr_t *);
|
||||
extern void sockaddrcpy(sockaddr_t *, const sockaddr_t *);
|
||||
extern void sockaddr_setport(sockaddr_t *, const char *);
|
||||
extern int maskcmp(const void *, const void *, int);
|
||||
extern void maskcpy(void *, const void *, int, int);
|
||||
extern void mask(void *, int, int);
|
||||
|
|
16
src/node.c
16
src/node.c
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
node.c -- node tree management
|
||||
Copyright (C) 2001-2011 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2016 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -57,8 +57,10 @@ node_t *new_node(void) {
|
|||
if(replaywin) n->late = xmalloc_and_zero(replaywin);
|
||||
n->subnet_tree = new_subnet_tree();
|
||||
n->edge_tree = new_edge_tree();
|
||||
EVP_CIPHER_CTX_init(&n->inctx);
|
||||
EVP_CIPHER_CTX_init(&n->outctx);
|
||||
n->inctx = EVP_CIPHER_CTX_new();
|
||||
n->outctx = EVP_CIPHER_CTX_new();
|
||||
if(!n->inctx || !n->outctx)
|
||||
abort();
|
||||
n->mtu = MTU;
|
||||
n->maxmtu = MTU;
|
||||
|
||||
|
@ -80,8 +82,8 @@ void free_node(node_t *n) {
|
|||
|
||||
sockaddrfree(&n->address);
|
||||
|
||||
EVP_CIPHER_CTX_cleanup(&n->inctx);
|
||||
EVP_CIPHER_CTX_cleanup(&n->outctx);
|
||||
EVP_CIPHER_CTX_free(n->outctx);
|
||||
EVP_CIPHER_CTX_free(n->inctx);
|
||||
|
||||
if(n->mtuevent)
|
||||
event_del(n->mtuevent);
|
||||
|
@ -172,8 +174,8 @@ void dump_nodes(void) {
|
|||
for(node = node_tree->head; node; node = node->next) {
|
||||
n = node->data;
|
||||
logger(LOG_DEBUG, " %s at %s cipher %d digest %d maclength %d compression %d options %x status %04x nexthop %s via %s pmtu %d (min %d max %d)",
|
||||
n->name, n->hostname, n->outcipher ? n->outcipher->nid : 0,
|
||||
n->outdigest ? n->outdigest->type : 0, n->outmaclength, n->outcompression,
|
||||
n->name, n->hostname, n->outcipher ? EVP_CIPHER_nid(n->outcipher) : 0,
|
||||
n->outdigest ? EVP_MD_type(n->outdigest) : 0, n->outmaclength, n->outcompression,
|
||||
n->options, bitfield_to_int(&n->status, sizeof n->status), n->nexthop ? n->nexthop->name : "-",
|
||||
n->via ? n->via->name : "-", n->mtu, n->minmtu, n->maxmtu);
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
node.h -- header for node.c
|
||||
Copyright (C) 2001-2012 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
Copyright (C) 2001-2016 Guus Sliepen <guus@tinc-vpn.org>,
|
||||
2001-2005 Ivo Timmermans
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
|
@ -50,12 +50,12 @@ typedef struct node_t {
|
|||
const EVP_CIPHER *incipher; /* Cipher type for UDP packets received from him */
|
||||
char *inkey; /* Cipher key and iv */
|
||||
int inkeylength; /* Cipher key and iv length */
|
||||
EVP_CIPHER_CTX inctx; /* Cipher context */
|
||||
EVP_CIPHER_CTX *inctx; /* Cipher context */
|
||||
|
||||
const EVP_CIPHER *outcipher; /* Cipher type for UDP packets sent to him*/
|
||||
char *outkey; /* Cipher key and iv */
|
||||
int outkeylength; /* Cipher key and iv length */
|
||||
EVP_CIPHER_CTX outctx; /* Cipher context */
|
||||
EVP_CIPHER_CTX *outctx; /* Cipher context */
|
||||
|
||||
const EVP_MD *indigest; /* Digest type for MAC of packets received from him */
|
||||
int inmaclength; /* Length of MAC */
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
protocol.c -- handle the meta-protocol, basic functions
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -75,10 +75,11 @@ bool send_request(connection_t *c, const char *format, ...) {
|
|||
input buffer anyway */
|
||||
|
||||
va_start(args, format);
|
||||
len = vsnprintf(buffer, MAXBUFSIZE, format, args);
|
||||
len = vsnprintf(buffer, sizeof buffer, format, args);
|
||||
buffer[sizeof buffer - 1] = 0;
|
||||
va_end(args);
|
||||
|
||||
if(len < 0 || len > MAXBUFSIZE - 1) {
|
||||
if(len < 0 || len > sizeof buffer - 1) {
|
||||
logger(LOG_ERR, "Output buffer overflow while sending request to %s (%s)",
|
||||
c->name, c->hostname);
|
||||
return false;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
protocol_auth.c -- handle the meta-protocol, authentication
|
||||
Copyright (C) 1999-2005 Ivo Timmermans,
|
||||
2000-2015 Guus Sliepen <guus@tinc-vpn.org>
|
||||
2000-2016 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
@ -125,8 +125,11 @@ bool send_metakey(connection_t *c) {
|
|||
|
||||
c->outkey = xrealloc(c->outkey, len);
|
||||
|
||||
if(!c->outctx)
|
||||
c->outctx = xmalloc_and_zero(sizeof(*c->outctx));
|
||||
if(!c->outctx) {
|
||||
c->outctx = EVP_CIPHER_CTX_new();
|
||||
if(!c->outctx)
|
||||
abort();
|
||||
}
|
||||
|
||||
/* Copy random data to the buffer */
|
||||
|
||||
|
@ -177,17 +180,17 @@ bool send_metakey(connection_t *c) {
|
|||
/* Send the meta key */
|
||||
|
||||
x = send_request(c, "%d %d %d %d %d %s", METAKEY,
|
||||
c->outcipher ? c->outcipher->nid : 0,
|
||||
c->outdigest ? c->outdigest->type : 0, c->outmaclength,
|
||||
c->outcipher ? EVP_CIPHER_nid(c->outcipher) : 0,
|
||||
c->outdigest ? EVP_MD_type(c->outdigest) : 0, c->outmaclength,
|
||||
c->outcompression, buffer);
|
||||
|
||||
/* Further outgoing requests are encrypted with the key we just generated */
|
||||
|
||||
if(c->outcipher) {
|
||||
if(!EVP_EncryptInit(c->outctx, c->outcipher,
|
||||
(unsigned char *)c->outkey + len - c->outcipher->key_len,
|
||||
(unsigned char *)c->outkey + len - c->outcipher->key_len -
|
||||
c->outcipher->iv_len)) {
|
||||
(unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher),
|
||||
(unsigned char *)c->outkey + len - EVP_CIPHER_key_length(c->outcipher) -
|
||||
EVP_CIPHER_iv_length(c->outcipher))) {
|
||||
logger(LOG_ERR, "Error during initialisation of cipher for %s (%s): %s",
|
||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return false;
|
||||
|
@ -223,8 +226,11 @@ bool metakey_h(connection_t *c) {
|
|||
|
||||
c->inkey = xrealloc(c->inkey, len);
|
||||
|
||||
if(!c->inctx)
|
||||
c->inctx = xmalloc_and_zero(sizeof(*c->inctx));
|
||||
if(!c->inctx) {
|
||||
c->inctx = EVP_CIPHER_CTX_new();
|
||||
if(!c->inctx)
|
||||
abort();
|
||||
}
|
||||
|
||||
/* Convert the challenge from hexadecimal back to binary */
|
||||
|
||||
|
@ -260,9 +266,9 @@ bool metakey_h(connection_t *c) {
|
|||
}
|
||||
|
||||
if(!EVP_DecryptInit(c->inctx, c->incipher,
|
||||
(unsigned char *)c->inkey + len - c->incipher->key_len,
|
||||
(unsigned char *)c->inkey + len - c->incipher->key_len -
|
||||
c->incipher->iv_len)) {
|
||||
(unsigned char *)c->inkey + len - EVP_CIPHER_key_length(c->incipher),
|
||||
(unsigned char *)c->inkey + len - EVP_CIPHER_key_length(c->incipher) -
|
||||
EVP_CIPHER_iv_length(c->incipher))) {
|
||||
logger(LOG_ERR, "Error during initialisation of cipher from %s (%s): %s",
|
||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return false;
|
||||
|
@ -283,7 +289,7 @@ bool metakey_h(connection_t *c) {
|
|||
return false;
|
||||
}
|
||||
|
||||
if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) {
|
||||
if(c->inmaclength > EVP_MD_size(c->indigest) || c->inmaclength < 0) {
|
||||
logger(LOG_ERR, "%s (%s) uses bogus MAC length!", c->name, c->hostname);
|
||||
return false;
|
||||
}
|
||||
|
@ -367,22 +373,29 @@ bool challenge_h(connection_t *c) {
|
|||
|
||||
bool send_chal_reply(connection_t *c) {
|
||||
char hash[EVP_MAX_MD_SIZE * 2 + 1];
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
|
||||
/* Calculate the hash from the challenge we received */
|
||||
|
||||
if(!EVP_DigestInit(&ctx, c->indigest)
|
||||
|| !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
|
||||
|| !EVP_DigestFinal(&ctx, (unsigned char *)hash, NULL)) {
|
||||
ctx = EVP_MD_CTX_create();
|
||||
if(!ctx)
|
||||
abort();
|
||||
|
||||
if(!EVP_DigestInit(ctx, c->indigest)
|
||||
|| !EVP_DigestUpdate(ctx, c->mychallenge, RSA_size(myself->connection->rsa_key))
|
||||
|| !EVP_DigestFinal(ctx, (unsigned char *)hash, NULL)) {
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
logger(LOG_ERR, "Error during calculation of response for %s (%s): %s",
|
||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return false;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
|
||||
/* Convert the hash to a hexadecimal formatted string */
|
||||
|
||||
bin2hex(hash, hash, c->indigest->md_size);
|
||||
hash[c->indigest->md_size * 2] = '\0';
|
||||
bin2hex(hash, hash, EVP_MD_size(c->indigest));
|
||||
hash[EVP_MD_size(c->indigest) * 2] = '\0';
|
||||
|
||||
/* Send the reply */
|
||||
|
||||
|
@ -392,7 +405,7 @@ bool send_chal_reply(connection_t *c) {
|
|||
bool chal_reply_h(connection_t *c) {
|
||||
char hishash[MAX_STRING_SIZE];
|
||||
char myhash[EVP_MAX_MD_SIZE];
|
||||
EVP_MD_CTX ctx;
|
||||
EVP_MD_CTX *ctx;
|
||||
|
||||
if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) {
|
||||
logger(LOG_ERR, "Got bad %s from %s (%s)", "CHAL_REPLY", c->name,
|
||||
|
@ -402,7 +415,7 @@ bool chal_reply_h(connection_t *c) {
|
|||
|
||||
/* Check if the length of the hash is all right */
|
||||
|
||||
if(strlen(hishash) != c->outdigest->md_size * 2) {
|
||||
if(strlen(hishash) != EVP_MD_size(c->outdigest) * 2) {
|
||||
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
||||
c->hostname, "wrong challenge reply length");
|
||||
return false;
|
||||
|
@ -410,24 +423,31 @@ bool chal_reply_h(connection_t *c) {
|
|||
|
||||
/* Convert the hash to binary format */
|
||||
|
||||
if(!hex2bin(hishash, hishash, c->outdigest->md_size)) {
|
||||
if(!hex2bin(hishash, hishash, EVP_MD_size(c->outdigest))) {
|
||||
logger(LOG_ERR, "Got bad %s from %s(%s): %s", "CHAL_REPLY", c->name, c->hostname, "invalid hash");
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Calculate the hash from the challenge we sent */
|
||||
|
||||
if(!EVP_DigestInit(&ctx, c->outdigest)
|
||||
|| !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key))
|
||||
|| !EVP_DigestFinal(&ctx, (unsigned char *)myhash, NULL)) {
|
||||
ctx = EVP_MD_CTX_create();
|
||||
if(!ctx)
|
||||
abort();
|
||||
|
||||
if(!EVP_DigestInit(ctx, c->outdigest)
|
||||
|| !EVP_DigestUpdate(ctx, c->hischallenge, RSA_size(c->rsa_key))
|
||||
|| !EVP_DigestFinal(ctx, (unsigned char *)myhash, NULL)) {
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
logger(LOG_ERR, "Error during calculation of response from %s (%s): %s",
|
||||
c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return false;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
|
||||
/* Verify the incoming hash with the calculated hash */
|
||||
|
||||
if(memcmp(hishash, myhash, c->outdigest->md_size)) {
|
||||
if(memcmp(hishash, myhash, EVP_MD_size(c->outdigest))) {
|
||||
logger(LOG_ERR, "Possible intruder %s (%s): %s", c->name,
|
||||
c->hostname, "wrong challenge reply");
|
||||
|
||||
|
@ -516,7 +536,6 @@ static void send_everything(connection_t *c) {
|
|||
|
||||
bool ack_h(connection_t *c) {
|
||||
char hisport[MAX_STRING_SIZE];
|
||||
char *hisaddress;
|
||||
int weight, mtu;
|
||||
uint32_t options;
|
||||
node_t *n;
|
||||
|
@ -585,9 +604,8 @@ bool ack_h(connection_t *c) {
|
|||
c->edge = new_edge();
|
||||
c->edge->from = myself;
|
||||
c->edge->to = n;
|
||||
sockaddr2str(&c->address, &hisaddress, NULL);
|
||||
c->edge->address = str2sockaddr(hisaddress, hisport);
|
||||
free(hisaddress);
|
||||
sockaddrcpy(&c->edge->address, &c->address);
|
||||
sockaddr_setport(&c->edge->address, hisport);
|
||||
c->edge->weight = (weight + c->estimated_weight) / 2;
|
||||
c->edge->connection = c;
|
||||
c->edge->options = c->options;
|
||||
|
|
|
@ -164,7 +164,7 @@ bool send_ans_key(node_t *to) {
|
|||
}
|
||||
|
||||
if(to->incipher)
|
||||
EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
|
||||
EVP_DecryptInit_ex(to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + EVP_CIPHER_key_length(to->incipher));
|
||||
|
||||
// Reset sequence number and late packet window
|
||||
mykeyused = true;
|
||||
|
@ -178,8 +178,8 @@ bool send_ans_key(node_t *to) {
|
|||
|
||||
return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
|
||||
myself->name, to->name, key,
|
||||
to->incipher ? to->incipher->nid : 0,
|
||||
to->indigest ? to->indigest->type : 0, to->inmaclength,
|
||||
to->incipher ? EVP_CIPHER_nid(to->incipher) : 0,
|
||||
to->indigest ? EVP_MD_type(to->indigest) : 0, to->inmaclength,
|
||||
to->incompression);
|
||||
}
|
||||
|
||||
|
@ -268,7 +268,7 @@ bool ans_key_h(connection_t *c) {
|
|||
return true;
|
||||
}
|
||||
|
||||
if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
|
||||
if(from->outkeylength != EVP_CIPHER_key_length(from->outcipher) + EVP_CIPHER_iv_length(from->outcipher)) {
|
||||
logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
|
||||
from->hostname);
|
||||
return true;
|
||||
|
@ -288,7 +288,7 @@ bool ans_key_h(connection_t *c) {
|
|||
return true;
|
||||
}
|
||||
|
||||
if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
|
||||
if(from->outmaclength > EVP_MD_size(from->outdigest) || from->outmaclength < 0) {
|
||||
logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
|
||||
from->name, from->hostname);
|
||||
return true;
|
||||
|
@ -305,7 +305,7 @@ bool ans_key_h(connection_t *c) {
|
|||
from->outcompression = compression;
|
||||
|
||||
if(from->outcipher)
|
||||
if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
|
||||
if(!EVP_EncryptInit_ex(from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + EVP_CIPHER_key_length(from->outcipher))) {
|
||||
logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
|
||||
from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
|
||||
return true;
|
||||
|
|
39
src/tincd.c
39
src/tincd.c
|
@ -336,7 +336,7 @@ static bool parse_options(int argc, char **argv) {
|
|||
|
||||
/* This function prettyprints the key generation process */
|
||||
|
||||
static void indicator(int a, int b, void *p) {
|
||||
static int indicator(int a, int b, BN_GENCB *cb) {
|
||||
switch (a) {
|
||||
case 0:
|
||||
fprintf(stderr, ".");
|
||||
|
@ -368,21 +368,50 @@ static void indicator(int a, int b, void *p) {
|
|||
default:
|
||||
fprintf(stderr, "?");
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifndef HAVE_BN_GENCB_NEW
|
||||
BN_GENCB *BN_GENCB_new(void) {
|
||||
return xmalloc_and_zero(sizeof(BN_GENCB));
|
||||
}
|
||||
|
||||
void BN_GENCB_free(BN_GENCB *cb) {
|
||||
free(cb);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
Generate a public/private RSA keypair, and ask for a file to store
|
||||
them in.
|
||||
*/
|
||||
static bool keygen(int bits) {
|
||||
BIGNUM *e = NULL;
|
||||
RSA *rsa_key;
|
||||
FILE *f;
|
||||
char *pubname, *privname;
|
||||
BN_GENCB *cb;
|
||||
int result;
|
||||
|
||||
fprintf(stderr, "Generating %d bits keys:\n", bits);
|
||||
rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL);
|
||||
|
||||
if(!rsa_key) {
|
||||
cb = BN_GENCB_new();
|
||||
if(!cb)
|
||||
abort();
|
||||
BN_GENCB_set(cb, indicator, NULL);
|
||||
|
||||
rsa_key = RSA_new();
|
||||
BN_hex2bn(&e, "10001");
|
||||
if(!rsa_key || !e)
|
||||
abort();
|
||||
|
||||
result = RSA_generate_key_ex(rsa_key, bits, e, cb);
|
||||
|
||||
BN_free(e);
|
||||
BN_GENCB_free(cb);
|
||||
|
||||
if(!result) {
|
||||
fprintf(stderr, "Error during key generation!\n");
|
||||
return false;
|
||||
} else
|
||||
|
@ -702,7 +731,11 @@ end:
|
|||
EVP_cleanup();
|
||||
ENGINE_cleanup();
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
#ifdef HAVE_ERR_REMOVE_STATE
|
||||
// OpenSSL claims this function was deprecated in 1.0.0,
|
||||
// but valgrind's leak detector shows you still need to call it to make sure OpenSSL cleans up properly.
|
||||
ERR_remove_state(0);
|
||||
#endif
|
||||
ERR_free_strings();
|
||||
|
||||
exit_configuration(&config_tree);
|
||||
|
|
|
@ -155,6 +155,7 @@ int xvasprintf(char **strp, const char *fmt, va_list ap) {
|
|||
int result = vsnprintf(buf, sizeof buf, fmt, ap);
|
||||
if(result < 0)
|
||||
exit(xalloc_exit_failure);
|
||||
buf[sizeof buf - 1] = 0;
|
||||
*strp = xstrdup(buf);
|
||||
#else
|
||||
int result = vasprintf(strp, fmt, ap);
|
||||
|
|
Loading…
Reference in a new issue