diff --git a/ChangeLog b/ChangeLog index 40b3bfb..29e545f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,19 @@ +Version 1.1pre14 May 01 2016 +------------------------------------------------------------------------ + +Guus Sliepen (2): + Revert "Remove tinc.service, it is not necessary." + Releasing 1.1pre14. + +Version 1.1pre13 April 30 2016 +------------------------------------------------------------------------ + +Guus Sliepen (4): + Fix BSD tun device support. + Remove tinc.service, it is not necessary. + AutoConnect now only chooses from nodes for which we know an address. + Releasing 1.1pre13. + Version 1.1pre12 April 24 2016 ------------------------------------------------------------------------ diff --git a/Makefile.in b/Makefile.in index f5f609a..cd24b01 100644 --- a/Makefile.in +++ b/Makefile.in @@ -90,8 +90,11 @@ host_triplet = @host@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/ax_append_flag.m4 \ + $(top_srcdir)/m4/ax_cflags_warn_all.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_link_flag.m4 \ + $(top_srcdir)/m4/ax_require_defined.m4 \ $(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \ $(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \ diff --git a/NEWS b/NEWS index bedca1c..674227e 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,13 @@ +# Version 1.1pre13 May 1 2016 + +* Add tinc.service back. + +# Version 1.1pre13 April 30 2016 + +* Fix BSD tun device support that was broken in 1.1pre12. +* Speed up AutoConnect when there are many host config files present without + an Address. + # Version 1.1pre12 April 24 2016 * Added a "--syslog" option to force logging to syslog even if running in the @@ -21,7 +31,7 @@ * Initial support for generating a tinc-up script from an invitation. * Many small fixes, documentation updates. -Thanks to Etienne Dechamps, thorkill, Vittorio Gambaletta, Martin Weinelt, +Thanks to Etienne Dechamps, Rafał Leśniak, Vittorio Gambaletta, Martin Weinelt, Sven-Haegar Koch, Florian Klink, LunnarShadow, Dato Simó, Jo-Philipp Wich, Jochen Voss, Nathan Stratton Treadway, Pierre Emeriaud, xentec, Samuel Thibault and Michael Tokarev for their contributions to this version of tinc. diff --git a/README b/README index a44853a..9b29f2c 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.1pre12. Installation +This is the README file for tinc version 1.1pre14. Installation instructions may be found in the INSTALL file. tinc is Copyright © 1998-2016 Ivo Timmermans, Guus Sliepen , and others. @@ -32,7 +32,7 @@ at your own risk. Compatibility ------------- -Version 1.1pre12 is compatible with 1.0pre8, 1.0 and later, but not with older +Version 1.1pre14 is compatible with 1.0pre8, 1.0 and later, but not with older versions of tinc. When the ExperimentalProtocol option is used, tinc is still compatible with diff --git a/THANKS b/THANKS index 527cc61..dfb0365 100644 --- a/THANKS +++ b/THANKS @@ -84,7 +84,6 @@ We would like to thank the following people for their contributions to tinc: * Sven-Haegar Koch * Teemu Kiviniemi * Thomas Tsiakalakis -* thorkill * Timothy Redaelli * Tomasz Fortuna * Tomislav Čohar diff --git a/aclocal.m4 b/aclocal.m4 index 8d101b4..005ea6d 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1151,8 +1151,11 @@ AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([m4/attribute.m4]) +m4_include([m4/ax_append_flag.m4]) +m4_include([m4/ax_cflags_warn_all.m4]) m4_include([m4/ax_check_compile_flag.m4]) m4_include([m4/ax_check_link_flag.m4]) +m4_include([m4/ax_require_defined.m4]) m4_include([m4/curses.m4]) m4_include([m4/libgcrypt.m4]) m4_include([m4/lzo.m4]) diff --git a/config.guess b/config.guess index 1659250..0967f2a 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2015-08-20' +timestamp='2016-04-02' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,7 +27,7 @@ timestamp='2015-08-20' # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # # Please send patches to . @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -237,6 +237,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-libertybsd${UNAME_RELEASE} + exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} exit ;; @@ -268,42 +272,42 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 @@ -376,16 +380,16 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build - SUN_ARCH="i386" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` @@ -410,7 +414,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x${UNAME_RELEASE}" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} @@ -635,13 +639,13 @@ EOF sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi @@ -680,11 +684,11 @@ EOF exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ ${HP_ARCH} = hppa2.0w ] then eval $set_cc_for_build @@ -697,12 +701,12 @@ EOF # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} @@ -807,14 +811,14 @@ EOF echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) @@ -896,7 +900,7 @@ EOF exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix @@ -919,7 +923,7 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arc:Linux:*:* | arceb:Linux:*:*) @@ -965,6 +969,9 @@ EOF ia64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; + k1om:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -1120,7 +1127,7 @@ EOF # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1269,6 +1276,9 @@ EOF SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1282,9 +1292,9 @@ EOF UNAME_PROCESSOR=powerpc fi if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in @@ -1306,7 +1316,7 @@ EOF exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi @@ -1337,7 +1347,7 @@ EOF # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" @@ -1379,7 +1389,7 @@ EOF echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE} | sed -e 's/ .*$//'` exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos @@ -1390,6 +1400,9 @@ EOF x86_64:VMkernel:*:*) echo ${UNAME_MACHINE}-unknown-esx exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; esac cat >&2 < header file. */ #undef HAVE_RESOLV_H +/* Define to 1 if you have the `RSA_set0_key' function. */ +#undef HAVE_RSA_SET0_KEY + /* Solaris/SunOS */ #undef HAVE_SOLARIS diff --git a/config.sub b/config.sub index 1acc966..8d39c4b 100755 --- a/config.sub +++ b/config.sub @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2015 Free Software Foundation, Inc. +# Copyright 1992-2016 Free Software Foundation, Inc. -timestamp='2015-08-20' +timestamp='2016-03-30' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -33,7 +33,7 @@ timestamp='2015-08-20' # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -53,8 +53,7 @@ timestamp='2015-08-20' me=`echo "$0" | sed -e 's,.*/,,'` usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. @@ -68,7 +67,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2015 Free Software Foundation, Inc. +Copyright 1992-2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -521,7 +520,7 @@ case $basic_machine in basic_machine=i386-pc os=-aros ;; - asmjs) + asmjs) basic_machine=asmjs-unknown ;; aux) @@ -1383,7 +1382,7 @@ case $os in | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ @@ -1399,7 +1398,8 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1531,6 +1531,8 @@ case $os in ;; -nacl*) ;; + -ios) + ;; -none) ;; *) diff --git a/configure b/configure index 61f340b..be77e27 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tinc tinc-1.1pre12. +# Generated by GNU Autoconf 2.69 for tinc 1.1pre14-18-ge6497a2. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='tinc' PACKAGE_TARNAME='tinc' -PACKAGE_VERSION='tinc-1.1pre12' -PACKAGE_STRING='tinc tinc-1.1pre12' +PACKAGE_VERSION='1.1pre14-18-ge6497a2' +PACKAGE_STRING='tinc 1.1pre14-18-ge6497a2' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1346,7 +1346,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tinc tinc-1.1pre12 to adapt to many kinds of systems. +\`configure' configures tinc 1.1pre14-18-ge6497a2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1417,7 +1417,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tinc tinc-1.1pre12:";; + short | recursive ) echo "Configuration of tinc 1.1pre14-18-ge6497a2:";; esac cat <<\_ACEOF @@ -1556,7 +1556,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tinc configure tinc-1.1pre12 +tinc configure 1.1pre14-18-ge6497a2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2021,7 +2021,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tinc $as_me tinc-1.1pre12, which was +It was created by tinc $as_me 1.1pre14-18-ge6497a2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4256,7 +4256,7 @@ fi # Define the identity of the package. PACKAGE='tinc' - VERSION='tinc-1.1pre12' + VERSION='1.1pre14-18-ge6497a2' cat >>confdefs.h <<_ACEOF @@ -5257,6 +5257,89 @@ if test -d /sw/lib; then : fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking CFLAGS for maximum warnings" >&5 +$as_echo_n "checking CFLAGS for maximum warnings... " >&6; } +if ${ac_cv_cflags_warn_all+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_cflags_warn_all="no, unknown" +ac_save_CFLAGS="$CFLAGS" +for ac_arg in "-warn all % -warn all" "-pedantic % -Wall" "-xstrconst % -v" "-std1 % -verbose -w0 -warnprotos" "-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" "-ansi -ansiE % -fullwarn" "+ESlit % +w1" "-Xc % -pvctl,fullmsg" "-h conform % -h msglevel 2" # +do CFLAGS="$ac_save_CFLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'` + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_cflags_warn_all=`echo $ac_arg | sed -e 's,.*% *,,'` ; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +CFLAGS="$ac_save_CFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cflags_warn_all" >&5 +$as_echo "$ac_cv_cflags_warn_all" >&6; } + + +case ".$ac_cv_cflags_warn_all" in + .ok|.ok,*) ;; + .|.no|.no,*) ;; + *) +if ${CFLAGS+:} false; then : + + case " $CFLAGS " in #( + *" $ac_cv_cflags_warn_all "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$ac_cv_cflags_warn_all"; } >&5 + (: CFLAGS already contains $ac_cv_cflags_warn_all) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CFLAGS " $ac_cv_cflags_warn_all" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + CFLAGS=$ac_cv_cflags_warn_all + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + (: CFLAGS="$CFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + ;; +esac + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + # Check whether --enable-hardening was given. if test "${enable_hardening+set}" = set; then : enableval=$enable_hardening; @@ -6911,7 +6994,7 @@ else fi - for ac_func in RAND_status EVP_EncryptInit_ex + for ac_func in RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -6945,6 +7028,19 @@ else fi + for ac_func in BN_GENCB_new ERR_remove_state RSA_set0_key +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + fi @@ -7676,7 +7772,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tinc $as_me tinc-1.1pre12, which was +This file was extended by tinc $as_me 1.1pre14-18-ge6497a2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7742,7 +7838,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tinc config.status tinc-1.1pre12 +tinc config.status 1.1pre14-18-ge6497a2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 4c0f926..1a032e6 100644 --- a/configure.ac +++ b/configure.ac @@ -140,6 +140,8 @@ AS_IF([test -d /sw/lib], [LIBS="$LIBS -L/sw/lib"]) dnl Compiler hardening flags dnl No -fstack-protector-all because it doesn't work on all platforms or architectures. +AX_CFLAGS_WARN_ALL(CFLAGS) + AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable compiler and linker hardening flags])) AS_IF([test "x$enable_hardening" != "xno"], [AX_CHECK_COMPILE_FLAG([-DFORTIFY_SOURCE=2], [CPPFLAGS="$CPPFLAGS -DFORTIFY_SOURCE=2"]) diff --git a/doc/Makefile.in b/doc/Makefile.in index 6f5c228..3f1feb6 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -89,8 +89,11 @@ host_triplet = @host@ subdir = doc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/ax_append_flag.m4 \ + $(top_srcdir)/m4/ax_cflags_warn_all.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_link_flag.m4 \ + $(top_srcdir)/m4/ax_require_defined.m4 \ $(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \ $(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \ diff --git a/doc/sample-config.tar.gz b/doc/sample-config.tar.gz index 474a24f..17863e9 100644 Binary files a/doc/sample-config.tar.gz and b/doc/sample-config.tar.gz differ diff --git a/gui/Makefile.in b/gui/Makefile.in index 2924e05..c81df2f 100644 --- a/gui/Makefile.in +++ b/gui/Makefile.in @@ -91,8 +91,11 @@ host_triplet = @host@ subdir = gui ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/ax_append_flag.m4 \ + $(top_srcdir)/m4/ax_cflags_warn_all.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_link_flag.m4 \ + $(top_srcdir)/m4/ax_require_defined.m4 \ $(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \ $(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \ diff --git a/m4/ax_append_flag.m4 b/m4/ax_append_flag.m4 new file mode 100644 index 0000000..08f2e07 --- /dev/null +++ b/m4/ax_append_flag.m4 @@ -0,0 +1,71 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE]) +# +# DESCRIPTION +# +# FLAG is appended to the FLAGS-VARIABLE shell variable, with a space +# added in between. +# +# If FLAGS-VARIABLE is not specified, the current language's flags (e.g. +# CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains +# FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly +# FLAG. +# +# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2011 Maarten Bosmans +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 6 + +AC_DEFUN([AX_APPEND_FLAG], +[dnl +AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF +AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])]) +AS_VAR_SET_IF(FLAGS,[ + AS_CASE([" AS_VAR_GET(FLAGS) "], + [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])], + [ + AS_VAR_APPEND(FLAGS,[" $1"]) + AC_RUN_LOG([: FLAGS="$FLAGS"]) + ]) + ], + [ + AS_VAR_SET(FLAGS,[$1]) + AC_RUN_LOG([: FLAGS="$FLAGS"]) + ]) +AS_VAR_POPDEF([FLAGS])dnl +])dnl AX_APPEND_FLAG diff --git a/m4/ax_cflags_warn_all.m4 b/m4/ax_cflags_warn_all.m4 new file mode 100644 index 0000000..1f07799 --- /dev/null +++ b/m4/ax_cflags_warn_all.m4 @@ -0,0 +1,122 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_cflags_warn_all.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])] +# AX_CXXFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])] +# AX_FCFLAGS_WARN_ALL [(shellvar [,default, [A/NA]])] +# +# DESCRIPTION +# +# Try to find a compiler option that enables most reasonable warnings. +# +# For the GNU compiler it will be -Wall (and -ansi -pedantic) The result +# is added to the shellvar being CFLAGS, CXXFLAGS, or FCFLAGS by default. +# +# Currently this macro knows about the GCC, Solaris, Digital Unix, AIX, +# HP-UX, IRIX, NEC SX-5 (Super-UX 10), Cray J90 (Unicos 10.0.0.8), and +# Intel compilers. For a given compiler, the Fortran flags are much more +# experimental than their C equivalents. +# +# - $1 shell-variable-to-add-to : CFLAGS, CXXFLAGS, or FCFLAGS +# - $2 add-value-if-not-found : nothing +# - $3 action-if-found : add value to shellvariable +# - $4 action-if-not-found : nothing +# +# NOTE: These macros depend on AX_APPEND_FLAG. +# +# LICENSE +# +# Copyright (c) 2008 Guido U. Draheim +# Copyright (c) 2010 Rhys Ulerich +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 15 + +AC_DEFUN([AX_FLAGS_WARN_ALL],[dnl +AS_VAR_PUSHDEF([FLAGS],[_AC_LANG_PREFIX[]FLAGS])dnl +AS_VAR_PUSHDEF([VAR],[ac_cv_[]_AC_LANG_ABBREV[]flags_warn_all])dnl +AC_CACHE_CHECK([m4_ifval($1,$1,FLAGS) for maximum warnings], +VAR,[VAR="no, unknown" +ac_save_[]FLAGS="$[]FLAGS" +for ac_arg dnl +in "-warn all % -warn all" dnl Intel + "-pedantic % -Wall" dnl GCC + "-xstrconst % -v" dnl Solaris C + "-std1 % -verbose -w0 -warnprotos" dnl Digital Unix + "-qlanglvl=ansi % -qsrcmsg -qinfo=all:noppt:noppc:noobs:nocnd" dnl AIX + "-ansi -ansiE % -fullwarn" dnl IRIX + "+ESlit % +w1" dnl HP-UX C + "-Xc % -pvctl[,]fullmsg" dnl NEC SX-5 (Super-UX 10) + "-h conform % -h msglevel 2" dnl Cray C (Unicos) + # +do FLAGS="$ac_save_[]FLAGS "`echo $ac_arg | sed -e 's,%%.*,,' -e 's,%,,'` + AC_COMPILE_IFELSE([AC_LANG_PROGRAM], + [VAR=`echo $ac_arg | sed -e 's,.*% *,,'` ; break]) +done +FLAGS="$ac_save_[]FLAGS" +]) +AS_VAR_POPDEF([FLAGS])dnl +AX_REQUIRE_DEFINED([AX_APPEND_FLAG]) +case ".$VAR" in + .ok|.ok,*) m4_ifvaln($3,$3) ;; + .|.no|.no,*) m4_default($4,[m4_ifval($2,[AX_APPEND_FLAG([$2], [$1])])]) ;; + *) m4_default($3,[AX_APPEND_FLAG([$VAR], [$1])]) ;; +esac +AS_VAR_POPDEF([VAR])dnl +])dnl AX_FLAGS_WARN_ALL +dnl implementation tactics: +dnl the for-argument contains a list of options. The first part of +dnl these does only exist to detect the compiler - usually it is +dnl a global option to enable -ansi or -extrawarnings. All other +dnl compilers will fail about it. That was needed since a lot of +dnl compilers will give false positives for some option-syntax +dnl like -Woption or -Xoption as they think of it is a pass-through +dnl to later compile stages or something. The "%" is used as a +dnl delimiter. A non-option comment can be given after "%%" marks +dnl which will be shown but not added to the respective C/CXXFLAGS. + +AC_DEFUN([AX_CFLAGS_WARN_ALL],[dnl +AC_LANG_PUSH([C]) +AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4]) +AC_LANG_POP([C]) +]) + +AC_DEFUN([AX_CXXFLAGS_WARN_ALL],[dnl +AC_LANG_PUSH([C++]) +AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4]) +AC_LANG_POP([C++]) +]) + +AC_DEFUN([AX_FCFLAGS_WARN_ALL],[dnl +AC_LANG_PUSH([Fortran]) +AX_FLAGS_WARN_ALL([$1], [$2], [$3], [$4]) +AC_LANG_POP([Fortran]) +]) diff --git a/m4/ax_require_defined.m4 b/m4/ax_require_defined.m4 new file mode 100644 index 0000000..cae1111 --- /dev/null +++ b/m4/ax_require_defined.m4 @@ -0,0 +1,37 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_require_defined.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_REQUIRE_DEFINED(MACRO) +# +# DESCRIPTION +# +# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have +# been defined and thus are available for use. This avoids random issues +# where a macro isn't expanded. Instead the configure script emits a +# non-fatal: +# +# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found +# +# It's like AC_REQUIRE except it doesn't expand the required macro. +# +# Here's an example: +# +# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) +# +# LICENSE +# +# Copyright (c) 2014 Mike Frysinger +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 1 + +AC_DEFUN([AX_REQUIRE_DEFINED], [dnl + m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])]) +])dnl AX_REQUIRE_DEFINED diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 26cbcbe..6bb33cf 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -45,7 +45,7 @@ AC_DEFUN([tinc_OPENSSL], [AC_MSG_ERROR([LibreSSL/OpenSSL libraries not found.])] ) - AC_CHECK_FUNCS([RAND_status EVP_EncryptInit_ex], , + AC_CHECK_FUNCS([RAND_bytes EVP_EncryptInit_ex EVP_CIPHER_CTX_new], , [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], ) @@ -53,4 +53,6 @@ AC_DEFUN([tinc_OPENSSL], [AC_MSG_ERROR([Missing LibreSSL/OpenSSL functionality, make sure you have installed the latest version.]); break], [#include ] ) + + AC_CHECK_FUNCS([BN_GENCB_new ERR_remove_state RSA_set0_key], , , [#include ]) ]) diff --git a/src/Makefile.in b/src/Makefile.in index da3ca9f..6d5a8ce 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -196,8 +196,11 @@ sbin_PROGRAMS = tincd$(EXEEXT) tinc$(EXEEXT) sptps_test$(EXEEXT) \ subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/ax_append_flag.m4 \ + $(top_srcdir)/m4/ax_cflags_warn_all.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_link_flag.m4 \ + $(top_srcdir)/m4/ax_require_defined.m4 \ $(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \ $(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \ diff --git a/src/bsd/device.c b/src/bsd/device.c index 0d41c96..5428262 100644 --- a/src/bsd/device.c +++ b/src/bsd/device.c @@ -349,13 +349,13 @@ static bool read_packet(vpn_packet_t *packet) { case DEVICE_TYPE_UTUN: case DEVICE_TYPE_TUNIFHEAD: { - if((inlen = read(device_fd, packet->data + 10, MTU - 10)) <= 0) { + if((inlen = read(device_fd, DATA(packet) + 10, MTU - 10)) <= 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Error while reading from %s %s: %s", device_info, device, strerror(errno)); return false; } - switch (packet->data[14] >> 4) { + switch (DATA(packet)[14] >> 4) { case 4: DATA(packet)[12] = 0x08; DATA(packet)[13] = 0x00; @@ -369,7 +369,7 @@ static bool read_packet(vpn_packet_t *packet) { default: logger(DEBUG_TRAFFIC, LOG_ERR, "Unknown IP version %d while reading packet from %s %s", - packet->data[14] >> 4, device_info, device); + DATA(packet)[14] >> 4, device_info, device); return false; } @@ -430,9 +430,9 @@ static bool write_packet(vpn_packet_t *packet) { return false; } - memcpy(packet->data + 10, &type, sizeof type); + memcpy(DATA(packet) + 10, &type, sizeof type); - if(write(device_fd, packet->data + 10, packet->len - 10) < 0) { + if(write(device_fd, DATA(packet) + 10, packet->len - 10) < 0) { logger(DEBUG_ALWAYS, LOG_ERR, "Can't write to %s %s: %s", device_info, device, strerror(errno)); return false; diff --git a/src/bsd/tunemu.c b/src/bsd/tunemu.c index 1ce9007..d2b9f3d 100644 --- a/src/bsd/tunemu.c +++ b/src/bsd/tunemu.c @@ -87,7 +87,7 @@ static void tun_error(char *format, ...) { va_list vl; va_start(vl, format); - vsnprintf(tunemu_error, ERROR_BUFFER_SIZE, format, vl); + vsnprintf(tunemu_error, sizeof tunemu_error, format, vl); va_end(vl); } diff --git a/src/dropin.c b/src/dropin.c index fe3b7ef..c7b558a 100644 --- a/src/dropin.c +++ b/src/dropin.c @@ -106,6 +106,7 @@ int vasprintf(char **buf, const char *fmt, va_list ap) { va_copy(aq, ap); status = vsnprintf(*buf, len, fmt, aq); + buf[len - 1] = 0; va_end(aq); if(status >= 0) diff --git a/src/logger.c b/src/logger.c index e46d926..6028e3d 100644 --- a/src/logger.c +++ b/src/logger.c @@ -110,20 +110,22 @@ void logger(int level, int priority, const char *format, ...) { va_start(ap, format); int len = vsnprintf(message, sizeof message, format, ap); + message[sizeof message - 1] = 0; va_end(ap); - if(len > 0 && len < sizeof message && message[len - 1] == '\n') + if(len > 0 && len < sizeof message - 1 && message[len - 1] == '\n') message[len - 1] = 0; real_logger(level, priority, message); } static void sptps_logger(sptps_t *s, int s_errno, const char *format, va_list ap) { - char message[1024] = ""; + char message[1024]; size_t msglen = sizeof message; int len = vsnprintf(message, msglen, format, ap); - if(len > 0 && len < sizeof message) { + message[sizeof message - 1] = 0; + if(len > 0 && len < sizeof message - 1) { if(message[len - 1] == '\n') message[--len] = 0; diff --git a/src/net.c b/src/net.c index 8328db9..4369ff4 100644 --- a/src/net.c +++ b/src/net.c @@ -42,6 +42,7 @@ static int sleeptime = 10; time_t last_config_check = 0; static timeout_t pingtimer; static timeout_t periodictimer; +static struct timeval last_periodic_run_time; /* Purge edges and subnets of unreachable nodes. Use carefully. */ @@ -93,29 +94,31 @@ void purge(void) { void terminate_connection(connection_t *c, bool report) { logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Closing connection with %s (%s)", c->name, c->hostname); - if(c->node && c->node->connection == c) - c->node->connection = NULL; + if(c->node) { + if(c->node->connection == c) + c->node->connection = NULL; - if(c->edge) { - if(report && !tunnelserver) - send_del_edge(everyone, c->edge); + if(c->edge) { + if(report && !tunnelserver) + send_del_edge(everyone, c->edge); - edge_del(c->edge); - c->edge = NULL; + edge_del(c->edge); + c->edge = NULL; - /* Run MST and SSSP algorithms */ + /* Run MST and SSSP algorithms */ - graph(); + graph(); - /* If the node is not reachable anymore but we remember it had an edge to us, clean it up */ + /* If the node is not reachable anymore but we remember it had an edge to us, clean it up */ - if(report && !c->node->status.reachable) { - edge_t *e; - e = lookup_edge(c->node, myself); - if(e) { - if(!tunnelserver) - send_del_edge(everyone, e); - edge_del(e); + if(report && !c->node->status.reachable) { + edge_t *e; + e = lookup_edge(c->node, myself); + if(e) { + if(!tunnelserver) + send_del_edge(everyone, e); + edge_del(e); + } } } } @@ -144,30 +147,76 @@ void terminate_connection(connection_t *c, bool report) { and close the connection. */ static void timeout_handler(void *data) { + + bool close_all_connections = false; + + /* + timeout_handler will start after 30 seconds from start of tincd + hold information about the elapsed time since last time the handler + has been run + */ + long sleep_time = now.tv_sec - last_periodic_run_time.tv_sec; + /* + It seems that finding sane default value is harder than expected + Since we send every second a UDP packet to make holepunching work + And default UDP state expire on firewalls is between 15-30 seconds + we drop all connections after 60 Seconds - UDPDiscoveryTimeout=30 + by default + */ + if (sleep_time > 2 * udp_discovery_timeout) { + logger(DEBUG_ALWAYS, LOG_ERR, "Awaking from dead after %ld seconds of sleep", sleep_time); + /* + Do not send any packets to tinc after we wake up. + The other node probably closed our connection but we still + are holding context information to them. This may happen on + laptops or any other hardware which can be suspended for some time. + Sending any data to node that wasn't expecting it will produce + annoying and misleading errors on the other side about failed signature + verification and or about missing sptps context + */ + close_all_connections = true; + } + last_periodic_run_time = now; + for list_each(connection_t, c, connection_list) { + // control connections (eg. tinc ctl) do not have any timeout if(c->status.control) continue; - if(c->last_ping_time + pingtimeout <= now.tv_sec) { - if(c->edge) { - try_tx(c->node, false); - if(c->status.pinged) { - logger(DEBUG_CONNECTIONS, LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds", c->name, c->hostname, (long)(now.tv_sec - c->last_ping_time)); - } else if(c->last_ping_time + pinginterval <= now.tv_sec) { - send_ping(c); - continue; - } else { - continue; - } - } else { - if(c->status.connecting) - logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout while connecting to %s (%s)", c->name, c->hostname); - else - logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout from %s (%s) during authentication", c->name, c->hostname); - } + if(close_all_connections) { + logger(DEBUG_ALWAYS, LOG_ERR, "Forcing connection close after sleep time %s (%s)", c->name, c->hostname); terminate_connection(c, c->edge); + continue; } + // Bail out early if we haven't reached the ping timeout for this node yet + if(c->last_ping_time + pingtimeout > now.tv_sec) + continue; + + // timeout during connection establishing + if(!c->edge) { + if(c->status.connecting) + logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout while connecting to %s (%s)", c->name, c->hostname); + else + logger(DEBUG_CONNECTIONS, LOG_WARNING, "Timeout from %s (%s) during authentication", c->name, c->hostname); + + terminate_connection(c, c->edge); + continue; + } + + // helps in UDP holepunching + try_tx(c->node, false); + + // timeout during ping + if(c->status.pinged) { + logger(DEBUG_CONNECTIONS, LOG_INFO, "%s (%s) didn't respond to PING in %ld seconds", c->name, c->hostname, (long)now.tv_sec - c->last_ping_time); + terminate_connection(c, c->edge); + continue; + } + + // check whether we need to send a new ping + if(c->last_ping_time + pinginterval <= now.tv_sec) + send_ping(c); } timeout_set(data, &(struct timeval){1, rand() % 100000}); @@ -210,19 +259,25 @@ static void periodic_handler(void *data) { and we are not already trying to make one, create an outgoing connection to this node. */ - int r = rand() % (node_tree->count - 1); - int i = 0; + int count = 0; + for splay_each(node_t, n, node_tree) { + if(n == myself || n->connection || !(n->status.has_address || n->status.reachable)) + continue; + count++; + } + + if(!count) + goto end; + + int r = rand() % count; for splay_each(node_t, n, node_tree) { - if(n == myself) + if(n == myself || n->connection || !(n->status.has_address || n->status.reachable)) continue; - if(i++ != r) + if(r--) continue; - if(n->connection) - break; - bool found = false; for list_each(outgoing_t, outgoing, outgoing_list) { @@ -239,6 +294,7 @@ static void periodic_handler(void *data) { list_insert_tail(outgoing_list, outgoing); setup_outgoing_connection(outgoing); } + break; } } else if(nc > 3) { @@ -287,6 +343,7 @@ static void periodic_handler(void *data) { } } +end: timeout_set(data, &(struct timeval){5, rand() % 100000}); } @@ -344,9 +401,14 @@ int reload_configuration(void) { for splay_each(subnet_t, subnet, subnet_tree) if (subnet->owner) subnet->expires = 1; + } - load_all_subnets(); + for splay_each(node_t, n, node_tree) + n->status.has_address = false; + load_all_nodes(); + + if(strictsubnets) { for splay_each(subnet_t, subnet, subnet_tree) { if (!subnet->owner) continue; @@ -444,6 +506,7 @@ void retry(void) { this is where it all happens... */ int main_loop(void) { + last_periodic_run_time = now; timeout_add(&pingtimer, timeout_handler, &pingtimer, &(struct timeval){pingtimeout, rand() % 100000}); timeout_add(&periodictimer, periodic_handler, &periodictimer, &(struct timeval){0, 0}); diff --git a/src/net.h b/src/net.h index c3c82de..7080869 100644 --- a/src/net.h +++ b/src/net.h @@ -217,7 +217,6 @@ extern void regenerate_key(void); extern void purge(void); extern void retry(void); extern int reload_configuration(void); -extern void load_all_subnets(void); extern void load_all_nodes(void); extern void try_tx(struct node_t *n, bool); diff --git a/src/net_packet.c b/src/net_packet.c index 21e6c2a..71f02a1 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -355,16 +355,16 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) { if(seqno != n->received_seqno + 1) { if(seqno >= n->received_seqno + replaywin * 8) { if(n->farfuture++ < replaywin >> 2) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)", + logger(DEBUG_TRAFFIC, LOG_WARNING, "Packet from %s (%s) is %d seqs in the future, dropped (%u)", n->name, n->hostname, seqno - n->received_seqno - 1, n->farfuture); return false; } - logger(DEBUG_ALWAYS, LOG_WARNING, "Lost %d packets from %s (%s)", + logger(DEBUG_TRAFFIC, LOG_WARNING, "Lost %d packets from %s (%s)", seqno - n->received_seqno - 1, n->name, n->hostname); memset(n->late, 0, replaywin); } else if (seqno <= n->received_seqno) { if((n->received_seqno >= replaywin * 8 && seqno <= n->received_seqno - replaywin * 8) || !(n->late[(seqno / 8) % replaywin] & (1 << seqno % 8))) { - logger(DEBUG_ALWAYS, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d", + logger(DEBUG_TRAFFIC, LOG_WARNING, "Got late or replayed packet from %s (%s), seqno %d, last received %d", n->name, n->hostname, seqno, n->received_seqno); return false; } @@ -436,7 +436,7 @@ void receive_tcppacket(connection_t *c, const char *buffer, int len) { bool receive_tcppacket_sptps(connection_t *c, const char *data, int len) { if (len < sizeof(node_id_t) + sizeof(node_id_t)) { - logger(DEBUG_ALWAYS, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname); + logger(DEBUG_PROTOCOL, LOG_ERR, "Got too short TCP SPTPS packet from %s (%s)", c->name, c->hostname); return false; } @@ -499,7 +499,7 @@ static void send_sptps_packet(node_t *n, vpn_packet_t *origpkt) { uint8_t type = 0; int offset = 0; - if(!(DATA(origpkt)[12] | DATA(origpkt)[13])) { + if((!(DATA(origpkt)[12] | DATA(origpkt)[13])) && (n->sptps.outstate)) { sptps_send_record(&n->sptps, PKT_PROBE, (char *)DATA(origpkt), origpkt->len); return; } @@ -767,7 +767,7 @@ bool send_sptps_data(node_t *to, node_t *from, int type, const void *data, size_ char buf[len + sizeof to->id + sizeof from->id]; char* buf_ptr = buf; memcpy(buf_ptr, &to->id, sizeof to->id); buf_ptr += sizeof to->id; memcpy(buf_ptr, &from->id, sizeof from->id); buf_ptr += sizeof from->id; - memcpy(buf_ptr, data, len); buf_ptr += len; + memcpy(buf_ptr, data, len); logger(DEBUG_TRAFFIC, LOG_INFO, "Sending packet from %s (%s) to %s (%s) via %s (%s) (TCP)", from->name, from->hostname, to->name, to->hostname, to->nexthop->name, to->nexthop->hostname); return send_sptps_tcppacket(to->nexthop->connection, buf, sizeof buf); } diff --git a/src/net_setup.c b/src/net_setup.c index 30e6f84..b0a0c95 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -324,62 +324,6 @@ void regenerate_key(void) { n->status.validkey_in = false; } -/* - Read Subnets from all host config files -*/ -void load_all_subnets(void) { - DIR *dir; - struct dirent *ent; - char dname[PATH_MAX]; - - snprintf(dname, sizeof dname, "%s" SLASH "hosts", confbase); - dir = opendir(dname); - if(!dir) { - logger(DEBUG_ALWAYS, LOG_ERR, "Could not open %s: %s", dname, strerror(errno)); - return; - } - - while((ent = readdir(dir))) { - if(!check_id(ent->d_name)) - continue; - - node_t *n = lookup_node(ent->d_name); - #ifdef _DIRENT_HAVE_D_TYPE - //if(ent->d_type != DT_REG) - // continue; - #endif - - splay_tree_t *config_tree; - init_configuration(&config_tree); - read_config_options(config_tree, ent->d_name); - read_host_config(config_tree, ent->d_name); - - if(!n) { - n = new_node(); - n->name = xstrdup(ent->d_name); - node_add(n); - } - - for(config_t *cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) { - subnet_t *s, *s2; - - if(!get_config_subnet(cfg, &s)) - continue; - - if((s2 = lookup_subnet(n, s))) { - s2->expires = -1; - free(s); - } else { - subnet_add(n, s); - } - } - - exit_configuration(&config_tree); - } - - closedir(dir); -} - void load_all_nodes(void) { DIR *dir; struct dirent *ent; @@ -397,18 +341,43 @@ void load_all_nodes(void) { continue; node_t *n = lookup_node(ent->d_name); - if(n) - continue; - n = new_node(); - n->name = xstrdup(ent->d_name); - node_add(n); + splay_tree_t *config_tree; + init_configuration(&config_tree); + read_config_options(config_tree, ent->d_name); + read_host_config(config_tree, ent->d_name); + + if(!n) { + n = new_node(); + n->name = xstrdup(ent->d_name); + node_add(n); + } + + if(strictsubnets) { + for(config_t *cfg = lookup_config(config_tree, "Subnet"); cfg; cfg = lookup_config_next(config_tree, cfg)) { + subnet_t *s, *s2; + + if(!get_config_subnet(cfg, &s)) + continue; + + if((s2 = lookup_subnet(n, s))) { + s2->expires = -1; + free(s); + } else { + subnet_add(n, s); + } + } + } + + if(lookup_config(config_tree, "Address")) + n->status.has_address = true; + + exit_configuration(&config_tree); } closedir(dir); } - char *get_name(void) { char *name = NULL; char *returned_name; @@ -707,7 +676,7 @@ static bool add_listen_address(char *address, bool bindto) { int udp_fd = setup_vpn_in_socket((sockaddr_t *) aip->ai_addr); - if(tcp_fd < 0) { + if(udp_fd < 0) { close(tcp_fd); continue; } @@ -947,10 +916,7 @@ static bool setup_myself(void) { graph(); - if(strictsubnets) - load_all_subnets(); - else if(autoconnect) - load_all_nodes(); + load_all_nodes(); /* Open device */ diff --git a/src/net_socket.c b/src/net_socket.c index bafea64..8259d9a 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -534,6 +534,8 @@ begin: } else if(proxytype == PROXY_EXEC) { result = 0; } else { + if(!proxyai) + abort(); result = connect(c->socket, proxyai->ai_addr, proxyai->ai_addrlen); freeaddrinfo(proxyai); } diff --git a/src/netutl.c b/src/netutl.c index 2eebb64..a9ad17c 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -234,3 +234,22 @@ void sockaddrunmap(sockaddr_t *sa) { sa->in.sin_family = AF_INET; } } + +void sockaddr_setport(sockaddr_t *sa, const char *port) { + uint16_t portnum = htons(atoi(port)); + if(!portnum) + return; + switch(sa->sa.sa_family) { + case AF_INET: + sa->in.sin_port = portnum; + break; + case AF_INET6: + sa->in6.sin6_port = portnum; + break; + case AF_UNKNOWN: + free(sa->unknown.port); + sa->unknown.port = xstrdup(port); + default: + return; + } +} diff --git a/src/netutl.h b/src/netutl.h index 471cae7..2e2f293 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -34,5 +34,6 @@ extern int sockaddrcmp_noport(const sockaddr_t *, const sockaddr_t *); extern void sockaddrunmap(sockaddr_t *); extern void sockaddrfree(sockaddr_t *); extern void sockaddrcpy(sockaddr_t *, const sockaddr_t *); +extern void sockaddr_setport(sockaddr_t *, const char *); #endif /* __TINC_NETUTL_H__ */ diff --git a/src/node.h b/src/node.h index 6ca6432..b48fe88 100644 --- a/src/node.h +++ b/src/node.h @@ -40,7 +40,8 @@ typedef struct node_status_t { unsigned int send_locally:1; /* 1 if the next UDP packet should be sent on the local network */ unsigned int udppacket:1; /* 1 if the most recently received packet was UDP */ unsigned int validkey_in:1; /* 1 if we have sent a valid key to him */ - unsigned int unused:21; + unsigned int has_address:1; /* 1 if we know an external address for this node */ + unsigned int unused:20; } node_status_t; typedef struct node_t { diff --git a/src/openssl/cipher.c b/src/openssl/cipher.c index 04aee27..ae9640f 100644 --- a/src/openssl/cipher.c +++ b/src/openssl/cipher.c @@ -28,14 +28,16 @@ #include "../xalloc.h" struct cipher { - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; const EVP_CIPHER *cipher; }; static cipher_t *cipher_open(const EVP_CIPHER *evp_cipher) { cipher_t *cipher = xzalloc(sizeof *cipher); cipher->cipher = evp_cipher; - EVP_CIPHER_CTX_init(&cipher->ctx); + cipher->ctx = EVP_CIPHER_CTX_new(); + if(!cipher->ctx) + abort(); return cipher; } @@ -68,7 +70,7 @@ void cipher_close(cipher_t *cipher) { if(!cipher) return; - EVP_CIPHER_CTX_cleanup(&cipher->ctx); + EVP_CIPHER_CTX_free(cipher->ctx); free(cipher); } @@ -76,23 +78,23 @@ size_t cipher_keylength(const cipher_t *cipher) { if(!cipher || !cipher->cipher) return 0; - return cipher->cipher->key_len + cipher->cipher->iv_len; + return EVP_CIPHER_key_length(cipher->cipher) + EVP_CIPHER_iv_length(cipher->cipher); } size_t cipher_blocksize(const cipher_t *cipher) { if(!cipher || !cipher->cipher) return 1; - return cipher->cipher->block_size; + return EVP_CIPHER_block_size(cipher->cipher); } bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) { bool result; if(encrypt) - result = EVP_EncryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + cipher->cipher->key_len); + result = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + EVP_CIPHER_key_length(cipher->cipher)); else - result = EVP_DecryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + cipher->cipher->key_len); + result = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key, (unsigned char *)key + EVP_CIPHER_key_length(cipher->cipher)); if(result) return true; @@ -105,9 +107,9 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry bool result; if(encrypt) - result = EVP_EncryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - cipher->cipher->key_len, (unsigned char *)key + len - cipher->cipher->iv_len - cipher->cipher->key_len); + result = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - EVP_CIPHER_key_length(cipher->cipher), (unsigned char *)key + len - EVP_CIPHER_iv_length(cipher->cipher) - EVP_CIPHER_key_length(cipher->cipher)); else - result = EVP_DecryptInit_ex(&cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - cipher->cipher->key_len, (unsigned char *)key + len - cipher->cipher->iv_len - cipher->cipher->key_len); + result = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, (unsigned char *)key + len - EVP_CIPHER_key_length(cipher->cipher), (unsigned char *)key + len - EVP_CIPHER_iv_length(cipher->cipher) - EVP_CIPHER_key_length(cipher->cipher)); if(result) return true; @@ -119,15 +121,15 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { if(oneshot) { int len, pad; - if(EVP_EncryptInit_ex(&cipher->ctx, NULL, NULL, NULL, NULL) - && EVP_EncryptUpdate(&cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) - && EVP_EncryptFinal(&cipher->ctx, (unsigned char *)outdata + len, &pad)) { + if(EVP_EncryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL) + && EVP_EncryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) + && EVP_EncryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) { if(outlen) *outlen = len + pad; return true; } } else { int len; - if(EVP_EncryptUpdate(&cipher->ctx, outdata, &len, indata, inlen)) { + if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) { if(outlen) *outlen = len; return true; } @@ -140,15 +142,15 @@ bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *ou bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) { if(oneshot) { int len, pad; - if(EVP_DecryptInit_ex(&cipher->ctx, NULL, NULL, NULL, NULL) - && EVP_DecryptUpdate(&cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) - && EVP_DecryptFinal(&cipher->ctx, (unsigned char *)outdata + len, &pad)) { + if(EVP_DecryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL) + && EVP_DecryptUpdate(cipher->ctx, (unsigned char *)outdata, &len, indata, inlen) + && EVP_DecryptFinal(cipher->ctx, (unsigned char *)outdata + len, &pad)) { if(outlen) *outlen = len + pad; return true; } } else { int len; - if(EVP_EncryptUpdate(&cipher->ctx, outdata, &len, indata, inlen)) { + if(EVP_EncryptUpdate(cipher->ctx, outdata, &len, indata, inlen)) { if(outlen) *outlen = len; return true; } @@ -162,9 +164,9 @@ int cipher_get_nid(const cipher_t *cipher) { if(!cipher || !cipher->cipher) return 0; - return cipher->cipher->nid; + return EVP_CIPHER_nid(cipher->cipher); } bool cipher_active(const cipher_t *cipher) { - return cipher && cipher->cipher && cipher->cipher->nid != 0; + return cipher && cipher->cipher && EVP_CIPHER_nid(cipher->cipher) != 0; } diff --git a/src/openssl/digest.c b/src/openssl/digest.c index 0e600b9..c303785 100644 --- a/src/openssl/digest.c +++ b/src/openssl/digest.c @@ -93,14 +93,19 @@ bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *out return false; } } else { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx = EVP_MD_CTX_create(); + if(!ctx) + abort(); - if(!EVP_DigestInit(&ctx, digest->digest) - || !EVP_DigestUpdate(&ctx, indata, inlen) - || !EVP_DigestFinal(&ctx, tmpdata, NULL)) { + if(!EVP_DigestInit(ctx, digest->digest) + || !EVP_DigestUpdate(ctx, indata, inlen) + || !EVP_DigestFinal(ctx, tmpdata, NULL)) { logger(DEBUG_ALWAYS, LOG_DEBUG, "Error creating digest: %s", ERR_error_string(ERR_get_error(), NULL)); + EVP_MD_CTX_destroy(ctx); return false; } + + EVP_MD_CTX_destroy(ctx); } memcpy(outdata, tmpdata, digest->maclength); @@ -118,14 +123,14 @@ int digest_get_nid(const digest_t *digest) { if(!digest || !digest->digest) return 0; - return digest->digest->type; + return EVP_MD_type(digest->digest); } size_t digest_keylength(const digest_t *digest) { if(!digest || !digest->digest) return 0; - return digest->digest->md_size; + return EVP_MD_size(digest->digest); } size_t digest_length(const digest_t *digest) { @@ -136,5 +141,5 @@ size_t digest_length(const digest_t *digest) { } bool digest_active(const digest_t *digest) { - return digest && digest->digest && digest->digest->type != 0; + return digest && digest->digest && EVP_MD_type(digest->digest) != 0; } diff --git a/src/openssl/rsa.c b/src/openssl/rsa.c index 9c1f498..3033bcd 100644 --- a/src/openssl/rsa.c +++ b/src/openssl/rsa.c @@ -30,28 +30,51 @@ typedef RSA rsa_t; // Set RSA keys +#ifndef HAVE_RSA_SET0_KEY +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { + BN_free(r->n); r->n = n; + BN_free(r->e); r->e = e; + BN_free(r->d); r->d = d; + return 1; +} +#endif + rsa_t *rsa_set_hex_public_key(char *n, char *e) { + BIGNUM *bn_n = NULL; + BIGNUM *bn_e = NULL; + + if(BN_hex2bn(&bn_n, n) != strlen(n) || BN_hex2bn(&bn_e, e) != strlen(e)) { + BN_free(bn_e); + BN_free(bn_n); + return false; + } + rsa_t *rsa = RSA_new(); if(!rsa) return NULL; - - if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e)) { - RSA_free(rsa); - return false; - } + + RSA_set0_key(rsa, bn_n, bn_e, NULL); return rsa; } rsa_t *rsa_set_hex_private_key(char *n, char *e, char *d) { + BIGNUM *bn_n = NULL; + BIGNUM *bn_e = NULL; + BIGNUM *bn_d = NULL; + + if(BN_hex2bn(&bn_n, n) != strlen(n) || BN_hex2bn(&bn_e, e) != strlen(e) || BN_hex2bn(&bn_d, d) != strlen(d)) { + BN_free(bn_d); + BN_free(bn_e); + BN_free(bn_n); + return false; + } + rsa_t *rsa = RSA_new(); if(!rsa) return NULL; - if(BN_hex2bn(&rsa->n, n) != strlen(n) || BN_hex2bn(&rsa->e, e) != strlen(e) || BN_hex2bn(&rsa->d, d) != strlen(d)) { - RSA_free(rsa); - return false; - } + RSA_set0_key(rsa, bn_n, bn_e, bn_d); return rsa; } diff --git a/src/openssl/rsagen.c b/src/openssl/rsagen.c index 3a8c8ad..b7eb629 100644 --- a/src/openssl/rsagen.c +++ b/src/openssl/rsagen.c @@ -27,10 +27,11 @@ typedef RSA rsa_t; #include "../logger.h" #include "../rsagen.h" +#include "../xalloc.h" /* This function prettyprints the key generation process */ -static void indicator(int a, int b, void *p) { +static int indicator(int a, int b, BN_GENCB *cb) { switch (a) { case 0: fprintf(stderr, "."); @@ -62,12 +63,45 @@ static void indicator(int a, int b, void *p) { default: fprintf(stderr, "?"); } + + return 1; } // Generate RSA key +#ifndef HAVE_BN_GENCB_NEW +BN_GENCB *BN_GENCB_new(void) { + return xzalloc(sizeof(BN_GENCB)); +} + +void BN_GENCB_free(BN_GENCB *cb) { + free(cb); +} +#endif + rsa_t *rsa_generate(size_t bits, unsigned long exponent) { - return RSA_generate_key(bits, exponent, indicator, NULL); + BIGNUM *bn_e = BN_new(); + rsa_t *rsa = RSA_new(); + BN_GENCB *cb = BN_GENCB_new(); + + if(!bn_e || !rsa || !cb) + abort(); + + BN_set_word(bn_e, exponent); + BN_GENCB_set(cb, indicator, NULL); + + int result = RSA_generate_key_ex(rsa, bits, bn_e, cb); + + BN_GENCB_free(cb); + BN_free(bn_e); + + if(!result) { + fprintf(stderr, "Error during key generation!\n"); + RSA_free(rsa); + return NULL; + } + + return rsa; } // Write PEM RSA keys diff --git a/src/protocol.c b/src/protocol.c index f533a93..b9abccc 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -72,10 +72,11 @@ bool send_request(connection_t *c, const char *format, ...) { input buffer anyway */ va_start(args, format); - len = vsnprintf(request, MAXBUFSIZE, format, args); + len = vsnprintf(request, sizeof request, format, args); + request[sizeof request - 1] = 0; va_end(args); - if(len < 0 || len > MAXBUFSIZE - 1) { + if(len < 0 || len > sizeof request - 1) { logger(DEBUG_ALWAYS, LOG_ERR, "Output buffer overflow while sending request to %s (%s)", c->name, c->hostname); return false; diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 0a7ad1c..31b1f1e 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -790,7 +790,6 @@ bool ack_h(connection_t *c, const char *request) { return upgrade_h(c, request); char hisport[MAX_STRING_SIZE]; - char *hisaddress; int weight, mtu; uint32_t options; node_t *n; @@ -867,19 +866,14 @@ bool ack_h(connection_t *c, const char *request) { c->edge = new_edge(); c->edge->from = myself; c->edge->to = n; - sockaddr2str(&c->address, &hisaddress, NULL); - c->edge->address = str2sockaddr(hisaddress, hisport); - free(hisaddress); + sockaddrcpy(&c->edge->address, &c->address); + sockaddr_setport(&c->edge->address, hisport); sockaddr_t local_sa; socklen_t local_salen = sizeof local_sa; if (getsockname(c->socket, &local_sa.sa, &local_salen) < 0) logger(DEBUG_ALWAYS, LOG_WARNING, "Could not get local socket address for connection with %s", c->name); - else { - char *local_address; - sockaddr2str(&local_sa, &local_address, NULL); - c->edge->local_address = str2sockaddr(local_address, myport); - free(local_address); - } + else + sockaddr_setport(&local_sa, myport); c->edge->weight = (weight + c->estimated_weight) / 2; c->edge->connection = c; c->edge->options = c->options; diff --git a/src/sptps.c b/src/sptps.c index 712d50e..a1fd5e7 100644 --- a/src/sptps.c +++ b/src/sptps.c @@ -547,8 +547,6 @@ size_t sptps_receive_data(sptps_t *s, const void *data, size_t len) { memcpy(s->inbuf + s->buflen, data, toread); total_read += toread; s->buflen += toread; - len -= toread; - data += toread; // If we don't have a whole record, exit. if(s->buflen < s->reclen + (s->instate ? 19UL : 3UL)) diff --git a/src/tincctl.c b/src/tincctl.c index e42ec2c..465c981 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -560,6 +560,7 @@ bool sendline(int fd, char *format, ...) { va_start(ap, format); blen = vsnprintf(buffer, sizeof buffer, format, ap); + buffer[sizeof buffer - 1] = 0; va_end(ap); if(blen < 1 || blen >= sizeof buffer) @@ -718,6 +719,13 @@ bool connect_tincd(bool verbose) { } fclose(f); + if ((pid == 0) || (kill(pid, 0) && (errno == ESRCH))) { + fprintf(stderr, "Could not find tincd running at pid %d\n", pid); + /* clean up the stale socket and pid file */ + unlink(pidfilename); + unlink(unixsocketname); + return false; + } #ifndef HAVE_MINGW struct sockaddr_un sa; @@ -878,7 +886,7 @@ static int cmd_start(int argc, char *argv[]) { if(!pid) { close(pfd[0]); - char buf[100] = ""; + char buf[100]; snprintf(buf, sizeof buf, "%d", pfd[1]); setenv("TINC_UMBILICAL", buf, true); exit(execvp(c, nargv)); @@ -1384,7 +1392,7 @@ static int cmd_pid(int argc, char *argv[]) { return 1; } - if(!connect_tincd(true) && !pid) + if(!connect_tincd(true) || !pid) return 1; printf("%d\n", pid); @@ -2513,6 +2521,7 @@ static int cmd_verify(int argc, char *argv[]) { char *newline = memchr(data, '\n', len); if(!newline || (newline - data > MAX_STRING_SIZE - 1)) { fprintf(stderr, "Invalid input\n"); + free(data); return 1; } @@ -2525,11 +2534,13 @@ static int cmd_verify(int argc, char *argv[]) { if(sscanf(data, "Signature = %s %ld %s", signer, &t, sig) != 3 || strlen(sig) != 86 || !t || !check_id(signer)) { fprintf(stderr, "Invalid input\n"); + free(data); return 1; } if(node && strcmp(node, signer)) { fprintf(stderr, "Signature is not made by %s\n", node); + free(data); return 1; } @@ -2823,8 +2834,10 @@ static int cmd_shell(int argc, char *argv[]) { if(nargc == argc) continue; - if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit")) + if(!strcasecmp(nargv[argc], "exit") || !strcasecmp(nargv[argc], "quit")) { + free(nargv); return result; + } bool found = false; diff --git a/systemd/Makefile.in b/systemd/Makefile.in index 4bc2d27..44e6bb2 100644 --- a/systemd/Makefile.in +++ b/systemd/Makefile.in @@ -91,8 +91,11 @@ host_triplet = @host@ subdir = systemd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/ax_append_flag.m4 \ + $(top_srcdir)/m4/ax_cflags_warn_all.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_link_flag.m4 \ + $(top_srcdir)/m4/ax_require_defined.m4 \ $(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \ $(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \ diff --git a/test/Makefile.in b/test/Makefile.in index 885674d..0dbe653 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -91,8 +91,11 @@ check_PROGRAMS = pong$(EXEEXT) subdir = test ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/attribute.m4 \ + $(top_srcdir)/m4/ax_append_flag.m4 \ + $(top_srcdir)/m4/ax_cflags_warn_all.m4 \ $(top_srcdir)/m4/ax_check_compile_flag.m4 \ $(top_srcdir)/m4/ax_check_link_flag.m4 \ + $(top_srcdir)/m4/ax_require_defined.m4 \ $(top_srcdir)/m4/curses.m4 $(top_srcdir)/m4/libgcrypt.m4 \ $(top_srcdir)/m4/lzo.m4 $(top_srcdir)/m4/miniupnpc.m4 \ $(top_srcdir)/m4/openssl.m4 $(top_srcdir)/m4/readline.m4 \