diff options
| author | Andrii Melnychenko <a.melnychenko@vyos.io> | 2025-09-29 18:37:29 +0200 |
|---|---|---|
| committer | Denys Fedoryshchenko <denys.f@collabora.com> | 2025-12-10 19:17:36 +0200 |
| commit | b4015f9ec2d58b80155e6691d82b5f3b6023a560 (patch) | |
| tree | 39f2506d4929cc30bef3f1029c26e5728122ee37 | |
| parent | c912d09018828745e3bcba268cd02a611e324d54 (diff) | |
| download | accel-ppp-b4015f9ec2d58b80155e6691d82b5f3b6023a560.tar.gz accel-ppp-b4015f9ec2d58b80155e6691d82b5f3b6023a560.zip | |
crypto: Removed CRYPTO_OPENSSL definition.
OpenSSL is now mandatory.
Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
| -rw-r--r-- | CMakeLists.txt | 1 | ||||
| -rw-r--r-- | accel-pppd/ctrl/sstp/sstp.c | 25 | ||||
| -rw-r--r-- | accel-pppd/extra/chap-secrets.c | 24 | ||||
| -rw-r--r-- | accel-pppd/main.c | 6 |
4 files changed, 1 insertions, 55 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index e9a97718..ba0bf113 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -79,7 +79,6 @@ if (NOT BUILD_DRIVER_ONLY) IF(NOT CRYPTO_LIBRARY) message(FATAL_ERROR "${Esc}[31mRequired libcrypto-0.9.8 or probably later (openssl-0.9.8) not found.\n Install libssl-dev and run cmake again${Esc}[m") ENDIF(NOT CRYPTO_LIBRARY) - add_definitions(-DCRYPTO_OPENSSL) set(crypto_lib crypto ssl) add_subdirectory(accel-pppd) diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c index 3c831f64..1006501a 100644 --- a/accel-pppd/ctrl/sstp/sstp.c +++ b/accel-pppd/ctrl/sstp/sstp.c @@ -107,9 +107,7 @@ struct buffer_t { struct sstp_stream_t { union { int fd; -#ifdef CRYPTO_OPENSSL SSL *ssl; -#endif }; ssize_t (*read)(struct sstp_stream_t *stream, void *buf, size_t count); ssize_t (*recv)(struct sstp_stream_t *stream, void *buf, size_t count, int flags); @@ -158,9 +156,7 @@ static struct sstp_serv_t { struct sockaddr_t addr; -#ifdef CRYPTO_OPENSSL SSL_CTX *ssl_ctx; -#endif } serv; static int conf_timeout = SSTP_NEGOTIOATION_TIMEOUT; @@ -501,7 +497,6 @@ static struct sstp_stream_t *stream_init(int fd) /* ssl stream */ -#ifdef CRYPTO_OPENSSL static ssize_t ssl_stream_read(struct sstp_stream_t *stream, void *buf, size_t count) { int ret, err; @@ -597,7 +592,6 @@ error: ssl_stream_free(stream); return NULL; } -#endif /* proxy */ @@ -1543,12 +1537,10 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct uint8_t hash; unsigned int len; struct npioctl np; -#ifdef CRYPTO_OPENSSL typeof(*msg) buf; uint8_t md[EVP_MAX_MD_SIZE], *ptr; const EVP_MD *evp; unsigned int mdlen; -#endif if (conf_verbose) log_ppp_info2("recv [SSTP SSTP_MSG_CALL_CONNECTED]\n"); @@ -1586,9 +1578,7 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct log_ppp_error("sstp: invalid SHA256 Cert Hash\n"); return sstp_abort(conn, 0); } -#ifdef CRYPTO_OPENSSL evp = EVP_sha256(); -#endif } else if (hash & CERT_HASH_PROTOCOL_SHA1) { len = SHA_DIGEST_LENGTH; if (conf_hash_sha1.len == len && @@ -1596,9 +1586,7 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct log_ppp_error("sstp: invalid SHA1 Cert Hash\n"); return sstp_abort(conn, 0); } -#ifdef CRYPTO_OPENSSL evp = EVP_sha1(); -#endif } else { log_ppp_error("sstp: invalid Hash Protocol 0x%02x\n", msg->attr.hash_protocol_bitmask); @@ -1623,7 +1611,6 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct return 0; } -#ifdef CRYPTO_OPENSSL ptr = mempcpy(md, SSTP_CMK_SEED, SSTP_CMK_SEED_SIZE); *ptr++ = len; *ptr++ = 0; @@ -1639,7 +1626,6 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct log_ppp_error("sstp: invalid Compound MAC\n"); return sstp_abort(conn, 0); } -#endif } if (conn->timeout_timer.tpd) @@ -2271,11 +2257,9 @@ static void sstp_start(struct sstp_conn_t *conn) { log_debug("sstp: starting\n"); -#ifdef CRYPTO_OPENSSL if (serv.ssl_ctx) conn->stream = ssl_stream_init(conn->hnd.fd, serv.ssl_ctx); else -#endif conn->stream = stream_init(conn->hnd.fd); if (!conn->stream) { log_error("sstp: stream open error: %s\n", strerror(errno)); @@ -2455,17 +2439,14 @@ static void sstp_serv_close(struct triton_context_t *ctx) triton_md_unregister_handler(&serv->hnd, 1); triton_context_unregister(ctx); -#ifdef CRYPTO_OPENSSL if (serv->ssl_ctx) SSL_CTX_free(serv->ssl_ctx); serv->ssl_ctx = NULL; -#endif if (serv->addr.u.sa.sa_family == AF_UNIX && serv->addr.u.sun.sun_path[0]) unlink(serv->addr.u.sun.sun_path); } -#ifdef CRYPTO_OPENSSL #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME static int ssl_servername(SSL *ssl, int *al, void *arg) { @@ -2754,7 +2735,6 @@ error: if (in && !BIO_free(in)) abort(); } -#endif static void ev_mppe_keys(struct ev_mppe_keys_t *ev) { @@ -2839,12 +2819,9 @@ static void load_config(void) opt = conf_get_opt("sstp", "accept"); conf_proxyproto = opt && strhas(opt, "proxy", ','); -#ifdef CRYPTO_OPENSSL ssl_load_config(&serv, conf_hostname); opt = serv.ssl_ctx ? "enabled" : "disabled"; -#else - opt = "not available"; -#endif + if (conf_verbose) { log_info2("sstp: SSL/TLS support %s, PROXY support %s\n", opt, conf_proxyproto ? "enabled" : "disabled"); diff --git a/accel-pppd/extra/chap-secrets.c b/accel-pppd/extra/chap-secrets.c index 501653be..5fd0102c 100644 --- a/accel-pppd/extra/chap-secrets.c +++ b/accel-pppd/extra/chap-secrets.c @@ -6,12 +6,10 @@ #include <netinet/in.h> #include <arpa/inet.h> -#ifdef CRYPTO_OPENSSL #include <openssl/md4.h> #include <openssl/sha.h> #include <openssl/des.h> #include <openssl/evp.h> -#endif #include "pwdb.h" #include "ipdb.h" @@ -32,13 +30,11 @@ static int conf_netmask = 0; static void *pd_key; static struct ipdb_t ipdb; -#ifdef CRYPTO_OPENSSL struct hash_chain { struct list_head entry; const EVP_MD *md; }; -#endif struct cs_pd_t { @@ -49,9 +45,7 @@ struct cs_pd_t char *pool; }; -#ifdef CRYPTO_OPENSSL static LIST_HEAD(hash_chain); -#endif static char *skip_word(char *ptr) { @@ -129,19 +123,16 @@ static struct cs_pd_t *create_pd(struct ap_session *ses, const char *username) int n; struct cs_pd_t *pd; struct in_addr in; -#ifdef CRYPTO_OPENSSL char username_hash[EVP_MAX_MD_SIZE * 2 + 1]; uint8_t hash[EVP_MAX_MD_SIZE]; struct hash_chain *hc; EVP_MD_CTX *md_ctx = NULL; char c; int i; -#endif if (!conf_chap_secrets) return NULL; -#ifdef CRYPTO_OPENSSL if (conf_encrypted && !list_empty(&hash_chain)) { unsigned int size = 0; list_for_each_entry(hc, &hash_chain, entry) { @@ -159,7 +150,6 @@ static struct cs_pd_t *create_pd(struct ap_session *ses, const char *username) username = username_hash; } -#endif f = fopen(conf_chap_secrets, "r"); if (!f) { @@ -195,10 +185,8 @@ out: return NULL; found: -#ifdef CRYPTO_OPENSSL if (conf_encrypted && strlen(ptr[1]) != 32) goto out; -#endif pd = _malloc(sizeof(*pd)); if (!pd) { @@ -208,7 +196,6 @@ found: memset(pd, 0, sizeof(*pd)); pd->pd.key = &pd_key; -#ifdef CRYPTO_OPENSSL if (conf_encrypted) { pd->passwd = _malloc(16); if (!pd->passwd) { @@ -224,7 +211,6 @@ found: ptr[1][i*2 + 2] = c; } } else -#endif { pd->passwd = _strdup(ptr[1]); if (!pd->passwd) { @@ -338,10 +324,8 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char { struct cs_pd_t *pd = find_pd(ses); -#ifdef CRYPTO_OPENSSL if (conf_encrypted) return NULL; -#endif if (!pd) pd = create_pd(ses, username); @@ -352,7 +336,6 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char return _strdup(pd->passwd); } -#ifdef CRYPTO_OPENSSL static void des_encrypt(const uint8_t *input, const uint8_t *key, uint8_t *output) { int i, j, parity; @@ -687,7 +670,6 @@ static int check_passwd(struct pwdb_t *pwdb, struct ap_session *ses, pwdb_callba return r; } -#endif static struct ipdb_t ipdb = { .get_ipv4 = get_ip, @@ -695,12 +677,9 @@ static struct ipdb_t ipdb = { static struct pwdb_t pwdb = { .get_passwd = get_passwd, -#ifdef CRYPTO_OPENSSL .check = check_passwd, -#endif }; -#ifdef CRYPTO_OPENSSL static void clear_hash_chain(void) { struct hash_chain *hc; @@ -734,7 +713,6 @@ static void parse_hash_chain(const char *opt) ptr1 = ptr2 + 1; } } -#endif static void parse_gw_ip_address(const char *opt) { @@ -795,12 +773,10 @@ static void load_config(void) else conf_encrypted = 0; -#ifdef CRYPTO_OPENSSL clear_hash_chain(); opt = conf_get_opt("chap-secrets", "username-hash"); if (opt) parse_hash_chain(opt); -#endif } static void init(void) diff --git a/accel-pppd/main.c b/accel-pppd/main.c index bbc36d95..dcbbc0a4 100644 --- a/accel-pppd/main.c +++ b/accel-pppd/main.c @@ -16,9 +16,7 @@ #include <sys/wait.h> #include <sys/resource.h> -#ifdef CRYPTO_OPENSSL #include <openssl/ssl.h> -#endif #include "triton/triton.h" @@ -43,7 +41,6 @@ static int term; static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; static pthread_cond_t cond = PTHREAD_COND_INITIALIZER; -#ifdef CRYPTO_OPENSSL #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) static pthread_mutex_t *ssl_lock_cs; @@ -85,7 +82,6 @@ static void openssl_init(void) ssl_lock_init(); #endif } -#endif static void change_limits(void) { @@ -393,9 +389,7 @@ int main(int _argc, char **_argv) change_limits(); -#ifdef CRYPTO_OPENSSL openssl_init(); -#endif triton_register_init(0, log_version); |
