summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrii Melnychenko <a.melnychenko@vyos.io>2025-09-29 18:37:29 +0200
committerDenys Fedoryshchenko <denys.f@collabora.com>2025-12-10 19:17:36 +0200
commitb4015f9ec2d58b80155e6691d82b5f3b6023a560 (patch)
tree39f2506d4929cc30bef3f1029c26e5728122ee37
parentc912d09018828745e3bcba268cd02a611e324d54 (diff)
downloadaccel-ppp-b4015f9ec2d58b80155e6691d82b5f3b6023a560.tar.gz
accel-ppp-b4015f9ec2d58b80155e6691d82b5f3b6023a560.zip
crypto: Removed CRYPTO_OPENSSL definition.
OpenSSL is now mandatory. Signed-off-by: Andrii Melnychenko <a.melnychenko@vyos.io>
-rw-r--r--CMakeLists.txt1
-rw-r--r--accel-pppd/ctrl/sstp/sstp.c25
-rw-r--r--accel-pppd/extra/chap-secrets.c24
-rw-r--r--accel-pppd/main.c6
4 files changed, 1 insertions, 55 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index e9a97718..ba0bf113 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -79,7 +79,6 @@ if (NOT BUILD_DRIVER_ONLY)
IF(NOT CRYPTO_LIBRARY)
message(FATAL_ERROR "${Esc}[31mRequired libcrypto-0.9.8 or probably later (openssl-0.9.8) not found.\n Install libssl-dev and run cmake again${Esc}[m")
ENDIF(NOT CRYPTO_LIBRARY)
- add_definitions(-DCRYPTO_OPENSSL)
set(crypto_lib crypto ssl)
add_subdirectory(accel-pppd)
diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c
index 3c831f64..1006501a 100644
--- a/accel-pppd/ctrl/sstp/sstp.c
+++ b/accel-pppd/ctrl/sstp/sstp.c
@@ -107,9 +107,7 @@ struct buffer_t {
struct sstp_stream_t {
union {
int fd;
-#ifdef CRYPTO_OPENSSL
SSL *ssl;
-#endif
};
ssize_t (*read)(struct sstp_stream_t *stream, void *buf, size_t count);
ssize_t (*recv)(struct sstp_stream_t *stream, void *buf, size_t count, int flags);
@@ -158,9 +156,7 @@ static struct sstp_serv_t {
struct sockaddr_t addr;
-#ifdef CRYPTO_OPENSSL
SSL_CTX *ssl_ctx;
-#endif
} serv;
static int conf_timeout = SSTP_NEGOTIOATION_TIMEOUT;
@@ -501,7 +497,6 @@ static struct sstp_stream_t *stream_init(int fd)
/* ssl stream */
-#ifdef CRYPTO_OPENSSL
static ssize_t ssl_stream_read(struct sstp_stream_t *stream, void *buf, size_t count)
{
int ret, err;
@@ -597,7 +592,6 @@ error:
ssl_stream_free(stream);
return NULL;
}
-#endif
/* proxy */
@@ -1543,12 +1537,10 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
uint8_t hash;
unsigned int len;
struct npioctl np;
-#ifdef CRYPTO_OPENSSL
typeof(*msg) buf;
uint8_t md[EVP_MAX_MD_SIZE], *ptr;
const EVP_MD *evp;
unsigned int mdlen;
-#endif
if (conf_verbose)
log_ppp_info2("recv [SSTP SSTP_MSG_CALL_CONNECTED]\n");
@@ -1586,9 +1578,7 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
log_ppp_error("sstp: invalid SHA256 Cert Hash\n");
return sstp_abort(conn, 0);
}
-#ifdef CRYPTO_OPENSSL
evp = EVP_sha256();
-#endif
} else if (hash & CERT_HASH_PROTOCOL_SHA1) {
len = SHA_DIGEST_LENGTH;
if (conf_hash_sha1.len == len &&
@@ -1596,9 +1586,7 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
log_ppp_error("sstp: invalid SHA1 Cert Hash\n");
return sstp_abort(conn, 0);
}
-#ifdef CRYPTO_OPENSSL
evp = EVP_sha1();
-#endif
} else {
log_ppp_error("sstp: invalid Hash Protocol 0x%02x\n",
msg->attr.hash_protocol_bitmask);
@@ -1623,7 +1611,6 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
return 0;
}
-#ifdef CRYPTO_OPENSSL
ptr = mempcpy(md, SSTP_CMK_SEED, SSTP_CMK_SEED_SIZE);
*ptr++ = len;
*ptr++ = 0;
@@ -1639,7 +1626,6 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct
log_ppp_error("sstp: invalid Compound MAC\n");
return sstp_abort(conn, 0);
}
-#endif
}
if (conn->timeout_timer.tpd)
@@ -2271,11 +2257,9 @@ static void sstp_start(struct sstp_conn_t *conn)
{
log_debug("sstp: starting\n");
-#ifdef CRYPTO_OPENSSL
if (serv.ssl_ctx)
conn->stream = ssl_stream_init(conn->hnd.fd, serv.ssl_ctx);
else
-#endif
conn->stream = stream_init(conn->hnd.fd);
if (!conn->stream) {
log_error("sstp: stream open error: %s\n", strerror(errno));
@@ -2455,17 +2439,14 @@ static void sstp_serv_close(struct triton_context_t *ctx)
triton_md_unregister_handler(&serv->hnd, 1);
triton_context_unregister(ctx);
-#ifdef CRYPTO_OPENSSL
if (serv->ssl_ctx)
SSL_CTX_free(serv->ssl_ctx);
serv->ssl_ctx = NULL;
-#endif
if (serv->addr.u.sa.sa_family == AF_UNIX && serv->addr.u.sun.sun_path[0])
unlink(serv->addr.u.sun.sun_path);
}
-#ifdef CRYPTO_OPENSSL
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
static int ssl_servername(SSL *ssl, int *al, void *arg)
{
@@ -2754,7 +2735,6 @@ error:
if (in && !BIO_free(in))
abort();
}
-#endif
static void ev_mppe_keys(struct ev_mppe_keys_t *ev)
{
@@ -2839,12 +2819,9 @@ static void load_config(void)
opt = conf_get_opt("sstp", "accept");
conf_proxyproto = opt && strhas(opt, "proxy", ',');
-#ifdef CRYPTO_OPENSSL
ssl_load_config(&serv, conf_hostname);
opt = serv.ssl_ctx ? "enabled" : "disabled";
-#else
- opt = "not available";
-#endif
+
if (conf_verbose) {
log_info2("sstp: SSL/TLS support %s, PROXY support %s\n",
opt, conf_proxyproto ? "enabled" : "disabled");
diff --git a/accel-pppd/extra/chap-secrets.c b/accel-pppd/extra/chap-secrets.c
index 501653be..5fd0102c 100644
--- a/accel-pppd/extra/chap-secrets.c
+++ b/accel-pppd/extra/chap-secrets.c
@@ -6,12 +6,10 @@
#include <netinet/in.h>
#include <arpa/inet.h>
-#ifdef CRYPTO_OPENSSL
#include <openssl/md4.h>
#include <openssl/sha.h>
#include <openssl/des.h>
#include <openssl/evp.h>
-#endif
#include "pwdb.h"
#include "ipdb.h"
@@ -32,13 +30,11 @@ static int conf_netmask = 0;
static void *pd_key;
static struct ipdb_t ipdb;
-#ifdef CRYPTO_OPENSSL
struct hash_chain
{
struct list_head entry;
const EVP_MD *md;
};
-#endif
struct cs_pd_t
{
@@ -49,9 +45,7 @@ struct cs_pd_t
char *pool;
};
-#ifdef CRYPTO_OPENSSL
static LIST_HEAD(hash_chain);
-#endif
static char *skip_word(char *ptr)
{
@@ -129,19 +123,16 @@ static struct cs_pd_t *create_pd(struct ap_session *ses, const char *username)
int n;
struct cs_pd_t *pd;
struct in_addr in;
-#ifdef CRYPTO_OPENSSL
char username_hash[EVP_MAX_MD_SIZE * 2 + 1];
uint8_t hash[EVP_MAX_MD_SIZE];
struct hash_chain *hc;
EVP_MD_CTX *md_ctx = NULL;
char c;
int i;
-#endif
if (!conf_chap_secrets)
return NULL;
-#ifdef CRYPTO_OPENSSL
if (conf_encrypted && !list_empty(&hash_chain)) {
unsigned int size = 0;
list_for_each_entry(hc, &hash_chain, entry) {
@@ -159,7 +150,6 @@ static struct cs_pd_t *create_pd(struct ap_session *ses, const char *username)
username = username_hash;
}
-#endif
f = fopen(conf_chap_secrets, "r");
if (!f) {
@@ -195,10 +185,8 @@ out:
return NULL;
found:
-#ifdef CRYPTO_OPENSSL
if (conf_encrypted && strlen(ptr[1]) != 32)
goto out;
-#endif
pd = _malloc(sizeof(*pd));
if (!pd) {
@@ -208,7 +196,6 @@ found:
memset(pd, 0, sizeof(*pd));
pd->pd.key = &pd_key;
-#ifdef CRYPTO_OPENSSL
if (conf_encrypted) {
pd->passwd = _malloc(16);
if (!pd->passwd) {
@@ -224,7 +211,6 @@ found:
ptr[1][i*2 + 2] = c;
}
} else
-#endif
{
pd->passwd = _strdup(ptr[1]);
if (!pd->passwd) {
@@ -338,10 +324,8 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char
{
struct cs_pd_t *pd = find_pd(ses);
-#ifdef CRYPTO_OPENSSL
if (conf_encrypted)
return NULL;
-#endif
if (!pd)
pd = create_pd(ses, username);
@@ -352,7 +336,6 @@ static char* get_passwd(struct pwdb_t *pwdb, struct ap_session *ses, const char
return _strdup(pd->passwd);
}
-#ifdef CRYPTO_OPENSSL
static void des_encrypt(const uint8_t *input, const uint8_t *key, uint8_t *output)
{
int i, j, parity;
@@ -687,7 +670,6 @@ static int check_passwd(struct pwdb_t *pwdb, struct ap_session *ses, pwdb_callba
return r;
}
-#endif
static struct ipdb_t ipdb = {
.get_ipv4 = get_ip,
@@ -695,12 +677,9 @@ static struct ipdb_t ipdb = {
static struct pwdb_t pwdb = {
.get_passwd = get_passwd,
-#ifdef CRYPTO_OPENSSL
.check = check_passwd,
-#endif
};
-#ifdef CRYPTO_OPENSSL
static void clear_hash_chain(void)
{
struct hash_chain *hc;
@@ -734,7 +713,6 @@ static void parse_hash_chain(const char *opt)
ptr1 = ptr2 + 1;
}
}
-#endif
static void parse_gw_ip_address(const char *opt)
{
@@ -795,12 +773,10 @@ static void load_config(void)
else
conf_encrypted = 0;
-#ifdef CRYPTO_OPENSSL
clear_hash_chain();
opt = conf_get_opt("chap-secrets", "username-hash");
if (opt)
parse_hash_chain(opt);
-#endif
}
static void init(void)
diff --git a/accel-pppd/main.c b/accel-pppd/main.c
index bbc36d95..dcbbc0a4 100644
--- a/accel-pppd/main.c
+++ b/accel-pppd/main.c
@@ -16,9 +16,7 @@
#include <sys/wait.h>
#include <sys/resource.h>
-#ifdef CRYPTO_OPENSSL
#include <openssl/ssl.h>
-#endif
#include "triton/triton.h"
@@ -43,7 +41,6 @@ static int term;
static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
-#ifdef CRYPTO_OPENSSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static pthread_mutex_t *ssl_lock_cs;
@@ -85,7 +82,6 @@ static void openssl_init(void)
ssl_lock_init();
#endif
}
-#endif
static void change_limits(void)
{
@@ -393,9 +389,7 @@ int main(int _argc, char **_argv)
change_limits();
-#ifdef CRYPTO_OPENSSL
openssl_init();
-#endif
triton_register_init(0, log_version);