From f173f8860d59d5f1f67a814453eb2b66eef361fc Mon Sep 17 00:00:00 2001 From: Vladimir Dubrovin <3proxy@3proxy.ru> Date: Mon, 13 Jul 2026 20:24:51 +0300 Subject: [PATCH] wolfSSL support added --- .github/workflows/build-win32.yml | 4 +- .github/workflows/build-win64.yml | 4 +- .github/workflows/build-winarm64.yml | 4 +- .github/workflows/c-cpp-Windows.yml | 8 +- .github/workflows/c-cpp-cmake.yml | 15 ++ CMakeLists.txt | 163 +++++++++++++----- Makefile.FreeBSD | 14 +- Makefile.Linux | 14 +- Makefile.Solaris | 13 +- Makefile.msvc | 13 +- Makefile.unix | 14 +- Makefile.win | 10 ++ src/3proxy_crypt.c | 22 +-- src/Makefile.inc | 8 +- src/auth.c | 14 +- src/authradius.c | 2 +- src/conf.c | 14 +- src/hashtables.c | 57 ++++--- src/libs/md4.h | 7 + src/libs/md5.h | 7 + src/mdhash.c | 243 +++++++++++++++++---------- src/mdhash.h | 16 +- src/ssl.c | 29 +++- src/ssllib.c | 11 +- 24 files changed, 499 insertions(+), 207 deletions(-) diff --git a/.github/workflows/build-win32.yml b/.github/workflows/build-win32.yml index 15c5f38..2715926 100644 --- a/.github/workflows/build-win32.yml +++ b/.github/workflows/build-win32.yml @@ -28,7 +28,7 @@ jobs: echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: install packages - run: vcpkg install pcre2:x86-windows-static openssl:x86-windows-static + run: vcpkg install pcre2:x86-windows-static wolfssl[opensslcompat]:x86-windows-static - name: Add msbuild to PATH uses: microsoft/setup-msbuild@v3 - name: make Windows MSVC @@ -41,7 +41,7 @@ jobs: set "LIB=%LIB%;c:/vcpkg/installed/x86-windows-static/lib" set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x86-windows-static/include" echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c - nmake /F Makefile.msvc + nmake /F Makefile.msvc WOLFSSL=1 - name: Decode Certificate shell: pwsh run: | diff --git a/.github/workflows/build-win64.yml b/.github/workflows/build-win64.yml index 5c3e5b3..291b064 100644 --- a/.github/workflows/build-win64.yml +++ b/.github/workflows/build-win64.yml @@ -29,7 +29,7 @@ jobs: echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: install packages - run: vcpkg install pcre2:x64-windows-static openssl:x64-windows-static + run: vcpkg install pcre2:x64-windows-static wolfssl[opensslcompat]:x64-windows-static - name: Add msbuild to PATH uses: microsoft/setup-msbuild@v3 - name: make Windows MSVC @@ -42,7 +42,7 @@ jobs: set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include" echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION% - nmake /F Makefile.msvc + nmake /F Makefile.msvc WOLFSSL=1 - name: Decode Certificate shell: pwsh run: | diff --git a/.github/workflows/build-winarm64.yml b/.github/workflows/build-winarm64.yml index b6dfc0f..d84ab33 100644 --- a/.github/workflows/build-winarm64.yml +++ b/.github/workflows/build-winarm64.yml @@ -28,7 +28,7 @@ jobs: echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append - name: install packages - run: vcpkg install pcre2:arm64-windows-static openssl:arm64-windows-static + run: vcpkg install pcre2:arm64-windows-static wolfssl[opensslcompat]:arm64-windows-static - name: Add msbuild to PATH uses: microsoft/setup-msbuild@v3 - name: make Windows MSVC @@ -41,7 +41,7 @@ jobs: set "LIB=%LIB%;c:/vcpkg/installed/arm64-windows-static/lib" set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/arm64-windows-static/include" echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c - nmake /F Makefile.msvc + nmake /F Makefile.msvc WOLFSSL=1 - name: Decode Certificate shell: pwsh run: | diff --git a/.github/workflows/c-cpp-Windows.yml b/.github/workflows/c-cpp-Windows.yml index 49b9307..7ba7056 100644 --- a/.github/workflows/c-cpp-Windows.yml +++ b/.github/workflows/c-cpp-Windows.yml @@ -21,7 +21,7 @@ jobs: steps: - uses: actions/checkout@v7 - name: install Windows libraries - run: vcpkg install pcre2:x64-windows && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-openssl + run: vcpkg install pcre2:x64-windows wolfssl[opensslcompat]:x64-windows-static && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-wolfssl - name: make Windows run: make -f Makefile.win env: @@ -37,7 +37,7 @@ jobs: call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat" D: cd "D:/a/3proxy/3proxy" - set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib" - set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include" - nmake /F Makefile.msvc + set "LIB=%LIB%;c:/vcpkg/installed/x64-windows-static/lib;c:/vcpkg/installed/x64-windows/lib" + set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include;c:/vcpkg/installed/x64-windows/include" + nmake /F Makefile.msvc WOLFSSL=1 nmake /F Makefile.msvc clean diff --git a/.github/workflows/c-cpp-cmake.yml b/.github/workflows/c-cpp-cmake.yml index 1777668..17457ab 100644 --- a/.github/workflows/c-cpp-cmake.yml +++ b/.github/workflows/c-cpp-cmake.yml @@ -57,3 +57,18 @@ jobs: cmake --build . cd .. rmdir /s /q build + + wolfssl: + name: "ubuntu-latest (wolfSSL)" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v7 + - name: Install wolfSSL + run: sudo apt install -y libwolfssl-dev + - name: make with CMake (wolfSSL preferred) + run: | + mkdir build + cd build + cmake .. + cmake --build . + cd .. && rm -rf build/ diff --git a/CMakeLists.txt b/CMakeLists.txt index 25bcd76..77bdf40 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -46,7 +46,8 @@ endif() # Options option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON) -option(3PROXY_USE_OPENSSL "Enable TLS/SSL support (requires OpenSSL)" ON) +option(3PROXY_USE_WOLFSSL "Enable TLS/SSL support via wolfSSL (preferred when detected)" ON) +option(3PROXY_USE_OPENSSL "Enable TLS/SSL support via OpenSSL (fallback when wolfSSL unavailable)" ON) option(3PROXY_USE_PCRE2 "Enable PCRE2 regex filtering" ON) option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON) option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF) @@ -253,17 +254,38 @@ endif() # Find dependencies -# OpenSSL +# TLS/SSL backend: prefer wolfSSL when detected, fall back to OpenSSL. +set(3PROXY_SSL_ENABLED FALSE) +set(3PROXY_SSL_WOLFSSL FALSE) set(OPENSSL_FOUND FALSE) -if(3PROXY_USE_OPENSSL) +set(WOLFSSL_FOUND FALSE) + +if(3PROXY_USE_WOLFSSL) + find_path(WOLFSSL_INCLUDE_DIR NAMES wolfssl/options.h wolfssl/ssl.h) + find_library(WOLFSSL_LIBRARIES NAMES wolfssl) + if(WOLFSSL_INCLUDE_DIR AND WOLFSSL_LIBRARIES) + set(WOLFSSL_FOUND TRUE) + set(3PROXY_SSL_ENABLED TRUE) + set(3PROXY_SSL_WOLFSSL TRUE) + add_compile_definitions(WITH_SSL WITH_WOLFSSL) + message(STATUS "wolfSSL found: ${WOLFSSL_LIBRARIES} (preferred backend)") + else() + message(STATUS "wolfSSL not found, falling back to OpenSSL if enabled") + endif() +endif() + +if(NOT 3PROXY_SSL_ENABLED AND 3PROXY_USE_OPENSSL) find_package(OpenSSL REQUIRED) if(OpenSSL_FOUND) set(OPENSSL_FOUND TRUE) + set(3PROXY_SSL_ENABLED TRUE) add_compile_definitions(WITH_SSL) message(STATUS "OpenSSL found: ${OPENSSL_VERSION}") endif() -else() - message(STATUS "OpenSSL disabled by user request") +elseif(NOT 3PROXY_SSL_ENABLED) + message(STATUS "SSL disabled (neither wolfSSL nor OpenSSL enabled/found)") +elseif(3PROXY_SSL_WOLFSSL) + message(STATUS "OpenSSL skipped (wolfSSL in use)") endif() # PCRE2 @@ -305,8 +327,9 @@ if(ODBC_FOUND) add_compile_definitions(WITH_ODBC) endif() -# Set NORADIUS if OpenSSL is not available (RADIUS requires MD5 from OpenSSL) -if(NOT OPENSSL_FOUND) +# Set NORADIUS if no SSL backend is available (RADIUS MD5 uses bundled md5, but +# keep the historical gate tied to SSL availability). +if(NOT 3PROXY_SSL_ENABLED) add_compile_definitions(NORADIUS) endif() @@ -328,10 +351,15 @@ set(3PROXY_CORE_SOURCES src/stringtable.c ) -# BLAKE2 source for 3proxy_crypt -set(MD_SOURCES - src/libs/blake2b-ref.c -) +# BLAKE2 source for 3proxy_crypt (bundled reference impl; wolfSSL provides +# BLAKE2b natively via wc_Blake2b* when WITH_WOLFSSL is enabled) +if(3PROXY_SSL_WOLFSSL) + set(MD_SOURCES) +else() + set(MD_SOURCES + src/libs/blake2b-ref.c + ) +endif() # ============================================================================ # Object libraries for common sources (shared between executables) @@ -350,13 +378,19 @@ target_include_directories(common_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) add_library(base64_obj OBJECT src/base64.c) target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) -# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere) +# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere, +# wolfSSL when WITH_WOLFSSL is enabled) if(WIN32) add_library(mdhash_obj OBJECT src/mdhash.c) +elseif(3PROXY_SSL_WOLFSSL) + add_library(mdhash_obj OBJECT src/mdhash.c) else() add_library(mdhash_obj OBJECT src/mdhash.c src/libs/md4.c src/libs/md5.c) endif() target_include_directories(mdhash_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) +if(3PROXY_SSL_WOLFSSL) + target_include_directories(mdhash_obj PRIVATE ${WOLFSSL_INCLUDE_DIR}) +endif() # ============================================================================ # Object libraries for 3proxy (compiled WITHOUT WITHMAIN) @@ -402,8 +436,12 @@ target_include_directories(ftp_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) # 3proxy_crypt object for 3proxy (without WITHMAIN) add_library(3proxy_crypt_obj OBJECT src/3proxy_crypt.c) target_include_directories(3proxy_crypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src) -if(OpenSSL_FOUND) - target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR}) +if(3PROXY_SSL_ENABLED) + if(3PROXY_SSL_WOLFSSL) + target_include_directories(3proxy_crypt_obj PRIVATE ${WOLFSSL_INCLUDE_DIR}) + else() + target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR}) + endif() endif() # ============================================================================ @@ -425,7 +463,7 @@ add_executable(3proxy ) target_sources(3proxy PRIVATE ${MD_SOURCES}) -if(OpenSSL_FOUND) +if(3PROXY_SSL_ENABLED) target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c) endif() @@ -437,8 +475,12 @@ target_include_directories(3proxy PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src/libs ) -if(OpenSSL_FOUND) - target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR}) +if(3PROXY_SSL_ENABLED) + if(3PROXY_SSL_WOLFSSL) + target_include_directories(3proxy PRIVATE ${WOLFSSL_INCLUDE_DIR}) + else() + target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR}) + endif() endif() if(PCRE2_FOUND) target_include_directories(3proxy PRIVATE ${PCRE2_INCLUDE_DIRS}) @@ -454,10 +496,16 @@ if(ODBC_FOUND) endif() endif() -# OpenSSL linking -if(OpenSSL_FOUND) - if(3PROXY_STATIC_LINK) - # Will be linked statically below (if static libraries are found) +# SSL linking +if(3PROXY_SSL_ENABLED) + if(3PROXY_SSL_WOLFSSL) + if(3PROXY_STATIC_LINK) + # Will be linked statically below (if static library is found) + else() + target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES}) + endif() + elseif(3PROXY_STATIC_LINK) + # OpenSSL static linking handled below else() target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto) endif() @@ -474,14 +522,19 @@ if(PCRE2_FOUND) endif() endif() -# Static linking of OpenSSL and PCRE2 (when option is enabled) -if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND)) +# Static linking of SSL backend and PCRE2 (when option is enabled) +if(3PROXY_STATIC_LINK AND ((3PROXY_SSL_ENABLED AND NOT 3PROXY_SSL_WOLFSSL) OR (3PROXY_SSL_WOLFSSL) OR PCRE2_FOUND)) set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES}) set(CMAKE_FIND_LIBRARY_SUFFIXES ".a") set(_static_libs "") - if(OpenSSL_FOUND) + if(3PROXY_SSL_WOLFSSL) + find_library(_wolfssl_static_lib NAMES wolfssl) + if(_wolfssl_static_lib) + list(APPEND _static_libs ${_wolfssl_static_lib}) + endif() + elseif(OpenSSL_FOUND) find_library(_ssl_static_lib ssl) find_library(_crypto_static_lib crypto) if(_ssl_static_lib AND _crypto_static_lib) @@ -500,10 +553,12 @@ if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND)) if(_static_libs) target_link_libraries(3proxy PRIVATE -Wl,-Bstatic ${_static_libs} -Wl,-Bdynamic) - message(STATUS "Static linking enabled for OpenSSL/PCRE2") + message(STATUS "Static linking enabled for SSL backend/PCRE2") else() message(WARNING "3PROXY_STATIC_LINK is ON but static libraries not found, falling back to dynamic") - if(OpenSSL_FOUND) + if(3PROXY_SSL_WOLFSSL) + target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES}) + elseif(OpenSSL_FOUND) target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto) endif() if(PCRE2_FOUND) @@ -537,26 +592,48 @@ target_include_directories(3proxy_crypt PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR}/src/libs ) -if(OpenSSL_FOUND) - target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR}) +if(3PROXY_SSL_ENABLED) + if(3PROXY_SSL_WOLFSSL) + target_include_directories(3proxy_crypt PRIVATE ${WOLFSSL_INCLUDE_DIR}) + else() + target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR}) + endif() endif() target_link_libraries(3proxy_crypt PRIVATE Threads::Threads) -if(OpenSSL_FOUND) - if(3PROXY_STATIC_LINK) - set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES}) - set(CMAKE_FIND_LIBRARY_SUFFIXES ".a") - find_library(_ssl_static_lib ssl) - find_library(_crypto_static_lib crypto) - set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes}) - if(_ssl_static_lib AND _crypto_static_lib) - target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_ssl_static_lib} ${_crypto_static_lib} -Wl,-Bdynamic) - message(STATUS "3proxy_crypt: static OpenSSL") +if(3PROXY_SSL_ENABLED) + if(3PROXY_SSL_WOLFSSL) + if(3PROXY_STATIC_LINK) + set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES}) + set(CMAKE_FIND_LIBRARY_SUFFIXES ".a") + find_library(_wolfssl_static_lib_c NAMES wolfssl) + set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes}) + if(_wolfssl_static_lib_c) + target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_wolfssl_static_lib_c} -Wl,-Bdynamic) + message(STATUS "3proxy_crypt: static wolfSSL") + else() + message(WARNING "3PROXY_STATIC_LINK is ON but static wolfSSL not found, using dynamic") + target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES}) + endif() else() - message(WARNING "3PROXY_STATIC_LINK is ON but static OpenSSL not found, using dynamic") - target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto) + target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES}) endif() else() - target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto) + if(3PROXY_STATIC_LINK) + set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES}) + set(CMAKE_FIND_LIBRARY_SUFFIXES ".a") + find_library(_ssl_static_lib ssl) + find_library(_crypto_static_lib crypto) + set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes}) + if(_ssl_static_lib AND _crypto_static_lib) + target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_ssl_static_lib} ${_crypto_static_lib} -Wl,-Bdynamic) + message(STATUS "3proxy_crypt: static OpenSSL") + else() + message(WARNING "3PROXY_STATIC_LINK is ON but static OpenSSL not found, using dynamic") + target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto) + endif() + else() + target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto) + endif() endif() endif() if("${3PROXY_BINARY_PREFIX}" STREQUAL "") @@ -848,7 +925,8 @@ message(STATUS " Build type: ${CMAKE_BUILD_TYPE}") message(STATUS "") message(STATUS " Options:") message(STATUS " BUILD_SHARED: ${3PROXY_BUILD_SHARED}") -message(STATUS " USE_OPENSSL: ${3PROXY_USE_OPENSSL}") +message(STATUS " USE_WOLFSSL: ${3PROXY_USE_WOLFSSL}") +message(STATUS " USE_OPENSSL: ${3PROXY_USE_OPENSSL}") message(STATUS " USE_PCRE2: ${3PROXY_USE_PCRE2}") message(STATUS " USE_PAM: ${3PROXY_USE_PAM}") message(STATUS " USE_ODBC: ${3PROXY_USE_ODBC}") @@ -865,6 +943,7 @@ if(WIN32) endif() message(STATUS "") message(STATUS " Libraries found:") +message(STATUS " wolfSSL: ${WOLFSSL_FOUND}") message(STATUS " OpenSSL: ${OPENSSL_FOUND}") message(STATUS " PCRE2: ${PCRE2_FOUND}") message(STATUS " PAM: ${PAM_FOUND}") diff --git a/Makefile.FreeBSD b/Makefile.FreeBSD index a8c461d..e049233 100644 --- a/Makefile.FreeBSD +++ b/Makefile.FreeBSD @@ -47,6 +47,13 @@ ifeq ($(LIBSTATIC), true) STATIC_SUFFIX = -Wl,-Bdynamic ZLIB = -lz -lzstd endif +WOLFSSL_CHECK ?= $(shell echo "\#include \\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false) +ifeq ($(WOLFSSL_CHECK), true) + LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) + CFLAGS += -DWITH_SSL -DWITH_WOLFSSL + SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS) + ZLIB := +else OPENSSL_CHECK ?= $(shell echo "\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false) ifeq ($(OPENSSL_CHECK), true) LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) @@ -55,6 +62,7 @@ ifeq ($(OPENSSL_CHECK), true) else ZLIB := endif +endif PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false) ifeq ($(PCRE_CHECK), true) CFLAGS += -DWITH_PCRE @@ -66,7 +74,11 @@ ifeq ($(PAM_CHECK), true) PLUGINS += PamAuth endif -BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) +ifeq ($(WOLFSSL_CHECK), true) + BUNDLED_HASH_OBJS = +else + BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) +endif include Makefile.inc DESTDIR ?= diff --git a/Makefile.Linux b/Makefile.Linux index 0578ccf..519a0b0 100644 --- a/Makefile.Linux +++ b/Makefile.Linux @@ -51,6 +51,13 @@ ifeq ($(LIBSTATIC), true) ZLIB = -lz -lzstd endif +WOLFSSL_CHECK ?= $(shell echo "\#include \\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false) +ifeq ($(WOLFSSL_CHECK), true) + LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) + CFLAGS += -DWITH_SSL -DWITH_WOLFSSL + SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS) + ZLIB := +else OPENSSL_CHECK ?= $(shell echo "\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false) ifeq ($(OPENSSL_CHECK), true) LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) @@ -59,6 +66,7 @@ ifeq ($(OPENSSL_CHECK), true) else ZLIB := endif +endif PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false) ifeq ($(PCRE_CHECK), true) CFLAGS += -DWITH_PCRE @@ -69,7 +77,11 @@ PAM_CHECK ?= $(shell echo "\#include \\n int main(){return ifeq ($(PAM_CHECK), true) PLUGINS += PamAuth endif -BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) +ifeq ($(WOLFSSL_CHECK), true) + BUNDLED_HASH_OBJS = +else + BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) +endif include Makefile.inc allplugins: diff --git a/Makefile.Solaris b/Makefile.Solaris index 3d68d4e..771f42a 100644 --- a/Makefile.Solaris +++ b/Makefile.Solaris @@ -31,12 +31,19 @@ COMPATLIBS = MAKEFILE = Makefile.Solaris PLUGINS = StringsPlugin TrafficPlugin TransparentPlugin FilePlugin +WOLFSSL_CHECK = $(shell echo "\#include \\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testwssl testwssl.o -lwolfssl 2>/dev/null && rm testwssl testwssl.o && echo true||echo false) +ifeq ($(WOLFSSL_CHECK), true) + LIBS += -lwolfssl + CFLAGS += -DWITH_SSL -DWITH_WOLFSSL + SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS) +else OPENSSL_CHECK = $(shell echo "\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false) ifeq ($(OPENSSL_CHECK), true) LIBS += -l crypto -l ssl CFLAGS += -DWITH_SSL SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS) endif +endif PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic 2>/dev/null && rm testpcre testpcre.o && echo true||echo false) ifeq ($(PCRE_CHECK), true) CFLAGS += -DWITH_PCRE @@ -44,7 +51,11 @@ ifeq ($(PCRE_CHECK), true) PCRE_LIBS = -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic endif -BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) +ifeq ($(WOLFSSL_CHECK), true) + BUNDLED_HASH_OBJS = +else + BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) +endif include Makefile.inc allplugins: diff --git a/Makefile.msvc b/Makefile.msvc index f88d3e6..0e051e0 100644 --- a/Makefile.msvc +++ b/Makefile.msvc @@ -11,13 +11,22 @@ CRYPT_PREFIX = 3proxy_ CC = cl VERSION = $(VERSION) BUILDDATE = $(BUILDDATE) -CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION) +!IFDEF WOLFSSL +SSL_DEFS = /D "WITH_SSL" /D "WITH_WOLFSSL" +SSL_LIBS = wolfssl.lib +BUNDLED_HASH_OBJS = +!ELSE +SSL_DEFS = /D "WITH_SSL" +SSL_LIBS = libcrypto.lib libssl.lib +BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS) +!ENDIF +CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" $(SSL_DEFS) /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION) COUT = /Fo LN = link LDFLAGS = /nologo /subsystem:console /incremental:no DLFLAGS = /DLL DLSUFFICS = .dll -LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib pcre2-8.lib +LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib $(SSL_LIBS) pcre2-8.lib LIBSPREFIX = LIBSSUFFIX = .lib LIBEXT = .lib diff --git a/Makefile.unix b/Makefile.unix index 311a851..21bf403 100644 --- a/Makefile.unix +++ b/Makefile.unix @@ -49,6 +49,13 @@ ifeq ($(LIBSTATIC), true) STATIC_SUFFIX = -Wl,-Bdynamic ZLIB = -lz -lzstd endif +WOLFSSL_CHECK ?= $(shell echo "\#include \\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false) +ifeq ($(WOLFSSL_CHECK), true) + LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) + CFLAGS += -DWITH_SSL -DWITH_WOLFSSL + SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS) + ZLIB := +else OPENSSL_CHECK ?= $(shell echo "\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false) ifeq ($(OPENSSL_CHECK), true) LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) @@ -57,6 +64,7 @@ ifeq ($(OPENSSL_CHECK), true) else ZLIB := endif +endif PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include \\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false) ifeq ($(PCRE_CHECK), true) CFLAGS += -DWITH_PCRE @@ -68,7 +76,11 @@ ifeq ($(PAM_CHECK), true) PLUGINS += PamAuth endif -BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) +ifeq ($(WOLFSSL_CHECK), true) + BUNDLED_HASH_OBJS = +else + BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS) +endif include Makefile.inc DESTDIR ?= diff --git a/Makefile.win b/Makefile.win index 51efb02..609ee87 100644 --- a/Makefile.win +++ b/Makefile.win @@ -42,6 +42,15 @@ ifeq ($(LIBSTATIC), true) STATIC_SUFFIX = -Wl,-Bdynamic ZLIB = -lz endif +WOLFSSL_CHECK = $(shell echo "\#include \\n\#include \\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -o testwssl - 2>/dev/null && rm testwssl && echo true||echo false) +ifeq ($(WOLFSSL_CHECK), true) + LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -lws2_32 + CFLAGS += -DWITH_SSL -DWITH_WOLFSSL + SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS) + ZLIB := + BUNDLED_HASH_OBJS = +else + BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS) OPENSSL_CHECK = $(shell echo "\#include \\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -o testssl - 2>/dev/null && rm testssl && echo true||echo false) ifeq ($(OPENSSL_CHECK), true) LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -lcrypt32 @@ -50,6 +59,7 @@ ifeq ($(OPENSSL_CHECK), true) else ZLIB := endif +endif PAM_CHECK = $(shell echo "\#include \\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false) ifeq ($(PAM_CHECK), true) PLUGINS += PamAuth diff --git a/src/3proxy_crypt.c b/src/3proxy_crypt.c index aa5356f..af65e15 100644 --- a/src/3proxy_crypt.c +++ b/src/3proxy_crypt.c @@ -5,7 +5,6 @@ please read License Agreement */ -#include "libs/blake2.h" #include "mdhash.h" #include @@ -52,7 +51,7 @@ unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPasswor } /* Encrypt Unicode password to a 16-byte MD4 hash */ - ctx = mdh_init(MDH_MD4); + ctx = mdh_init(MDH_MD4, 16); if(!ctx) return NULL; mdh_update(ctx, szUnicodePass, (nPasswordLen<<1)); if(!mdh_final(ctx, szUnicodePass, &len)) { @@ -89,7 +88,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi sl = (int)(ep - sp); magic = (unsigned char *)"$1$"; - ctx = mdh_init(MDH_MD5); + ctx = mdh_init(MDH_MD5, 16); if(!ctx) { *passwd = 0; return NULL; @@ -105,7 +104,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi mdh_update(ctx, sp, (unsigned int)sl); /* Then just as many unsigned characters of the MD5(pw,salt,pw) */ - ctx1 = mdh_init(MDH_MD5); + ctx1 = mdh_init(MDH_MD5, 16); if(!ctx1) { mdh_free(ctx); *passwd = 0; @@ -139,7 +138,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi */ for(i=0;i<1000;i++) { mdh_free(ctx1); - ctx1 = mdh_init(MDH_MD5); + ctx1 = mdh_init(MDH_MD5, 16); if(!ctx1) { *passwd = 0; return NULL; } if(i & 1) mdh_update(ctx1, pw, (unsigned int)strlen((char *)pw)); @@ -167,14 +166,17 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi sl = (int)(ep - sp); magic = (unsigned char *)"$3$"; { - blake2b_state S; - if(blake2b_init(&S, MD5_SIZE) != 0 || - blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 || - blake2b_update(&S, sp, sl) != 0 || - blake2b_final(&S, final, MD5_SIZE) != 0) { + mdh_ctx *bctx = mdh_init(MDH_BLAKE2, MD5_SIZE); + unsigned int blen = MD5_SIZE; + if(!bctx || + !mdh_update(bctx, pw, (unsigned int)(strlen((char *)pw) + 1)) || + !mdh_update(bctx, sp, (unsigned int)sl) || + !mdh_final(bctx, final, &blen)) { + mdh_free(bctx); *passwd = 0; return NULL; } + mdh_free(bctx); } } else { diff --git a/src/Makefile.inc b/src/Makefile.inc index f8b10d8..08561e6 100644 --- a/src/Makefile.inc +++ b/src/Makefile.inc @@ -164,8 +164,8 @@ md4$(OBJSUFFICS): libs/md4.c libs/md4.h md5$(OBJSUFFICS): libs/md5.c libs/md5.h $(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c -$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) - $(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS) +$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) + $(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS) stringtable$(OBJSUFFICS): stringtable.c $(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c @@ -179,6 +179,6 @@ ssl$(OBJSUFFICS): ssl.c structures.h proxy.h ssl.h pcre$(OBJSUFFICS): pcre.c structures.h $(CC) $(COUT)pcre$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITH_PCRE pcre.c -$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP) - $(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS) +$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP) + $(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS) diff --git a/src/auth.c b/src/auth.c index cfb04ee..628503e 100644 --- a/src/auth.c +++ b/src/auth.c @@ -7,7 +7,7 @@ */ #include "proxy.h" -#include "libs/blake2.h" +#include "mdhash.h" void initbandlims(struct clientparam *param); @@ -231,13 +231,17 @@ int strongauth(struct clientparam * param){ if((unsigned)pwlen < pwl_table.recsize) { if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0; } else { - blake2b_state S; + mdh_ctx *bctx; unsigned hashsz; + unsigned int blen; hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64; memset(buf, 0, pwl_table.recsize - 1); - blake2b_init(&S, hashsz); - blake2b_update(&S, param->password, pwlen + 1); - blake2b_final(&S, buf, hashsz); + bctx = mdh_init(MDH_BLAKE2, hashsz); + if(!bctx) return 6; + mdh_update(bctx, param->password, pwlen + 1); + blen = hashsz; + mdh_final(bctx, buf, &blen); + mdh_free(bctx); if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0; } return 6; diff --git a/src/authradius.c b/src/authradius.c index 4feadf7..78033dc 100644 --- a/src/authradius.c +++ b/src/authradius.c @@ -188,7 +188,7 @@ char *strNcpy(char *dest, const char *src, int n) void md5_calc(unsigned char *output, unsigned char *input, unsigned int inlen) { - mdh_ctx *ctx = mdh_init(MDH_MD5); + mdh_ctx *ctx = mdh_init(MDH_MD5, 16); unsigned int len = 16; if(!ctx) return; mdh_update(ctx, input, inlen); diff --git a/src/conf.c b/src/conf.c index f2ee039..0d348ab 100644 --- a/src/conf.c +++ b/src/conf.c @@ -7,7 +7,7 @@ */ #include "proxy.h" -#include "libs/blake2.h" +#include "mdhash.h" #ifdef WITH_SSL void ssl_install(void); #endif @@ -543,13 +543,17 @@ static int h_users(int argc, unsigned char **argv){ l = strlen(pw[1]); if(l > 255) l = 255; if((unsigned)l >= pwl_table.recsize) { - blake2b_state S; + mdh_ctx *bctx; unsigned hashsz; + unsigned int blen; if(*pass != CL) continue; hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64; - blake2b_init(&S, hashsz); - blake2b_update(&S, pw[1], l + 1); - blake2b_final(&S, pass+1, hashsz); + bctx = mdh_init(MDH_BLAKE2, hashsz); + if(!bctx) continue; + mdh_update(bctx, pw[1], l + 1); + blen = hashsz; + mdh_final(bctx, (unsigned char *)pass+1, &blen); + mdh_free(bctx); } else { memcpy(pass + 1, pw[1], l); } diff --git a/src/hashtables.c b/src/hashtables.c index e46d10b..52aa880 100644 --- a/src/hashtables.c +++ b/src/hashtables.c @@ -1,18 +1,21 @@ #include "proxy.h" -#include "libs/blake2.h" +#include "mdhash.h" static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){ - blake2b_state S; int len; + unsigned int blen; len = strlen((const char*)index); memset(hash, 0, ht->hash_size); if(len <= ht->hash_size) memcpy(hash, index, len); else { - blake2b_init(&S, ht->hash_size); - blake2b_update(&S, index, strlen((const char*)index) + 1); - blake2b_final(&S, hash, ht->hash_size); + mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size); + if(!bctx) return; + mdh_update(bctx, index, (unsigned int)(strlen((const char*)index) + 1)); + blen = ht->hash_size; + mdh_final(bctx, hash, &blen); + mdh_free(bctx); } } @@ -23,7 +26,6 @@ static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *has } void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){ - blake2b_state S; struct clientparam *param = (struct clientparam *)index; unsigned type = param->srv->authcachetype; int len = 0, oplen = 0, acllen = 0, ulen = 0, plen = 0, hlen = 0, a1len = 0, a2len = 0, a3len = 0, p1len=0, p2len = 0; @@ -55,31 +57,36 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){ if((type & 2048)){ memcpy(hash + offset, SAPORT(¶m->srv->intsa), p2len); offset += 2; } } else { - blake2b_init(&S, ht->hash_size); - if((type & 2) && param->username)blake2b_update(&S, param->username, ulen); - if((type & 4) && param->password)blake2b_update(&S, param->password, plen); - if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(¶m->sincr), a1len); - if((type & 16))blake2b_update(&S, ¶m->srv->acl, acllen); - if((type & 64))blake2b_update(&S, SAADDR(¶m->req), a2len); - if((type & 128))blake2b_update(&S, SAPORT(¶m->req), 2); - if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen); - if((type & 512))blake2b_update(&S, ¶m->operation, sizeof(param->operation)); - if((type & 1024))blake2b_update(&S, SAADDR(¶m->srv->intsa), a3len); - if((type & 2048))blake2b_update(&S, SAPORT(¶m->srv->intsa), 2); - blake2b_final(&S, hash, ht->hash_size); + mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size); + unsigned int blen = ht->hash_size; + if(!bctx) { memcpy(param->hash, hash, ht->hash_size); return; } + if((type & 2) && param->username)mdh_update(bctx, param->username, ulen); + if((type & 4) && param->password)mdh_update(bctx, param->password, plen); + if((type & 1) && !(type & 8))mdh_update(bctx, SAADDR(¶m->sincr), a1len); + if((type & 16))mdh_update(bctx, ¶m->srv->acl, acllen); + if((type & 64))mdh_update(bctx, SAADDR(¶m->req), a2len); + if((type & 128))mdh_update(bctx, SAPORT(¶m->req), 2); + if((type & 256) && param->hostname)mdh_update(bctx, param->hostname, hlen); + if((type & 512))mdh_update(bctx, ¶m->operation, sizeof(param->operation)); + if((type & 1024))mdh_update(bctx, SAADDR(¶m->srv->intsa), a3len); + if((type & 2048))mdh_update(bctx, SAPORT(¶m->srv->intsa), 2); + mdh_final(bctx, hash, &blen); + mdh_free(bctx); } memcpy(param->hash, hash, ht->hash_size); } static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){ struct clientparam *param = (struct clientparam *)index; - blake2b_state S; - blake2b_init(&S, ht->hash_size); - blake2b_update(&S, SAADDR(¶m->srv->intsa), SAADDRLEN(¶m->srv->intsa)); - blake2b_update(&S, SAPORT(¶m->srv->intsa), 2); - blake2b_update(&S, SAADDR(¶m->sincr), SAADDRLEN(¶m->sincr)); - blake2b_update(&S, SAPORT(¶m->sincr), 2); - blake2b_final(&S, hash, ht->hash_size); + mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size); + unsigned int blen = ht->hash_size; + if(!bctx) return; + mdh_update(bctx, SAADDR(¶m->srv->intsa), SAADDRLEN(¶m->srv->intsa)); + mdh_update(bctx, SAPORT(¶m->srv->intsa), 2); + mdh_update(bctx, SAADDR(¶m->sincr), SAADDRLEN(¶m->sincr)); + mdh_update(bctx, SAPORT(¶m->sincr), 2); + mdh_final(bctx, hash, &blen); + mdh_free(bctx); } struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32}; diff --git a/src/libs/md4.h b/src/libs/md4.h index 7bc9ee4..aa64985 100644 --- a/src/libs/md4.h +++ b/src/libs/md4.h @@ -26,6 +26,11 @@ #ifndef _MD4_H #define _MD4_H +#ifdef WITH_WOLFSSL +#include +#include +#else + #include /* for size_t */ /* Any 32-bit or wider unsigned integer data type will do */ @@ -44,4 +49,6 @@ extern void MD4_Init(MD4_CTX *ctx); extern void MD4_Update(MD4_CTX *ctx, const void *data, size_t size); extern void MD4_Final(unsigned char *result, MD4_CTX *ctx); +#endif /* !WITH_WOLFSSL */ + #endif diff --git a/src/libs/md5.h b/src/libs/md5.h index 7faca7d..d9f1dd7 100644 --- a/src/libs/md5.h +++ b/src/libs/md5.h @@ -26,6 +26,11 @@ #ifndef _MD5_H #define _MD5_H +#ifdef WITH_WOLFSSL +#include +#include +#else + /* Any 32-bit or wider unsigned integer data type will do */ typedef unsigned int MD5_u32plus; @@ -40,4 +45,6 @@ extern void MD5_Init(MD5_CTX *ctx); extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size); extern void MD5_Final(unsigned char *result, MD5_CTX *ctx); +#endif /* !WITH_WOLFSSL */ + #endif diff --git a/src/mdhash.c b/src/mdhash.c index 6b3f313..f144468 100644 --- a/src/mdhash.c +++ b/src/mdhash.c @@ -4,129 +4,202 @@ please read License Agreement - MD4/MD5 hash implementation. - - Windows: CryptoAPI (CAPI). Supports both CALG_MD4 and CALG_MD5. - - Other platforms: bundled public-domain MD4/MD5 (Solar Designer, 2001). + MD4/MD5/BLAKE2 hash implementation. + - Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2. + - wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native wc_*). + - Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference. */ #include "mdhash.h" #include +#include -#ifdef _WIN32 +/* ----- BLAKE2 backend selection ----- */ +#ifdef WITH_WOLFSSL +#include +#include +#define MDH_BLAKE2_BACKEND_WOLFSSL +#else +#include "libs/blake2.h" +#endif +/* ----- MD4/MD5 backend selection ----- */ +#if defined(_WIN32) && !defined(WITH_WOLFSSL) +#define MDH_MD_BACKEND_CAPI #define WIN32_LEAN_AND_MEAN #include #include - -struct mdh_ctx { - HCRYPTPROV hProv; - HCRYPTHASH hHash; -}; - -mdh_ctx *mdh_init(mdh_alg alg) -{ - mdh_ctx *c; - ALG_ID alg_id; - - c = (mdh_ctx *)malloc(sizeof(mdh_ctx)); - if(!c) return NULL; - c->hProv = 0; - c->hHash = 0; - - if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT)) { - free(c); - return NULL; - } - - alg_id = (alg == MDH_MD4) ? CALG_MD4 : CALG_MD5; - if(!CryptCreateHash(c->hProv, alg_id, 0, 0, &c->hHash)) { - CryptReleaseContext(c->hProv, 0); - free(c); - return NULL; - } - return c; -} - -int mdh_update(mdh_ctx *c, const void *data, unsigned int len) -{ - if(!c || !c->hHash) return 0; - if(len == 0) return 1; - return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0; -} - -int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen) -{ - DWORD l; - BOOL ok; - - if(!c || !c->hHash || !outlen) return 0; - l = (DWORD)*outlen; - ok = CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0); - if(!ok) return 0; - *outlen = (unsigned int)l; - return 1; -} - -void mdh_free(mdh_ctx *c) -{ - if(!c) return; - if(c->hHash) CryptDestroyHash(c->hHash); - if(c->hProv) CryptReleaseContext(c->hProv, 0); - free(c); -} - -#else /* !_WIN32 */ - +#else #include "libs/md4.h" #include "libs/md5.h" -#include +#endif struct mdh_ctx { - int alg; /* MDH_MD4 or MDH_MD5 */ + mdh_alg alg; + unsigned int outlen; +#ifdef MDH_MD_BACKEND_CAPI + HCRYPTPROV hProv; + HCRYPTHASH hHash; +#else union { MD4_CTX md4; MD5_CTX md5; } u; +#endif +#ifdef MDH_BLAKE2_BACKEND_WOLFSSL + Blake2b blake2; +#else + blake2b_state blake2; +#endif }; -mdh_ctx *mdh_init(mdh_alg alg) +mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen) { mdh_ctx *c = (mdh_ctx *)malloc(sizeof(mdh_ctx)); if(!c) return NULL; + memset(c, 0, sizeof(*c)); c->alg = alg; - if(alg == MDH_MD4) - MD4_Init(&c->u.md4); - else - MD5_Init(&c->u.md5); + c->outlen = outlen; + + switch(alg) { + case MDH_MD4: +#ifdef MDH_MD_BACKEND_CAPI + if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { + free(c); + return NULL; + } + if(!CryptCreateHash(c->hProv, CALG_MD4, 0, 0, &c->hHash)) { + CryptReleaseContext(c->hProv, 0); + free(c); + return NULL; + } +#else + MD4_Init(&c->u.md4); +#endif + break; + case MDH_MD5: +#ifdef MDH_MD_BACKEND_CAPI + if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT)) { + free(c); + return NULL; + } + if(!CryptCreateHash(c->hProv, CALG_MD5, 0, 0, &c->hHash)) { + CryptReleaseContext(c->hProv, 0); + free(c); + return NULL; + } +#else + MD5_Init(&c->u.md5); +#endif + break; + case MDH_BLAKE2: + if(!outlen || outlen > 64) { + free(c); + return NULL; + } +#ifdef MDH_BLAKE2_BACKEND_WOLFSSL + if(wc_InitBlake2b(&c->blake2, outlen) != 0) { + free(c); + return NULL; + } +#else + if(blake2b_init(&c->blake2, outlen) != 0) { + free(c); + return NULL; + } +#endif + break; + default: + free(c); + return NULL; + } return c; } int mdh_update(mdh_ctx *c, const void *data, unsigned int len) { if(!c) return 0; - if(c->alg == MDH_MD4) - MD4_Update(&c->u.md4, data, (size_t)len); - else - MD5_Update(&c->u.md5, data, (unsigned long)len); - return 1; + if(len == 0) return 1; + switch(c->alg) { + case MDH_MD4: +#ifdef MDH_MD_BACKEND_CAPI + return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0; +#else + MD4_Update(&c->u.md4, data, (size_t)len); + return 1; +#endif + case MDH_MD5: +#ifdef MDH_MD_BACKEND_CAPI + return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0; +#else + MD5_Update(&c->u.md5, data, (unsigned long)len); + return 1; +#endif + case MDH_BLAKE2: +#ifdef MDH_BLAKE2_BACKEND_WOLFSSL + return wc_Blake2bUpdate(&c->blake2, (const byte *)data, len) == 0; +#else + return blake2b_update(&c->blake2, data, len) == 0; +#endif + } + return 0; } int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen) { if(!c || !outlen) return 0; - if(c->alg == MDH_MD4) - MD4_Final(out, &c->u.md4); - else - MD5_Final(out, &c->u.md5); - *outlen = 16; - return 1; + switch(c->alg) { + case MDH_MD4: +#ifdef MDH_MD_BACKEND_CAPI + { + DWORD l = (DWORD)*outlen; + if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0)) + return 0; + *outlen = (unsigned int)l; + return 1; + } +#else + MD4_Final(out, &c->u.md4); + *outlen = 16; + return 1; +#endif + case MDH_MD5: +#ifdef MDH_MD_BACKEND_CAPI + { + DWORD l = (DWORD)*outlen; + if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0)) + return 0; + *outlen = (unsigned int)l; + return 1; + } +#else + MD5_Final(out, &c->u.md5); + *outlen = 16; + return 1; +#endif + case MDH_BLAKE2: + if(*outlen < c->outlen) return 0; +#ifdef MDH_BLAKE2_BACKEND_WOLFSSL + if(wc_Blake2bFinal(&c->blake2, out, c->outlen) != 0) + return 0; +#else + if(blake2b_final(&c->blake2, out, c->outlen) != 0) + return 0; +#endif + *outlen = c->outlen; + return 1; + } + return 0; } void mdh_free(mdh_ctx *c) { if(!c) return; +#ifdef MDH_MD_BACKEND_CAPI + if(c->hHash) CryptDestroyHash(c->hHash); + if(c->hProv) CryptReleaseContext(c->hProv, 0); +#endif memset(c, 0, sizeof(*c)); free(c); } - -#endif /* _WIN32 */ diff --git a/src/mdhash.h b/src/mdhash.h index a48e5c6..3632fa9 100644 --- a/src/mdhash.h +++ b/src/mdhash.h @@ -4,19 +4,23 @@ please read License Agreement - Internal MD4/MD5 hash abstraction. - - Windows: CryptoAPI (CAPI) backed, no OpenSSL dependency for these hashes. - - Other platforms: OpenSSL EVP backed (requires WITH_SSL). + Internal MD4/MD5/BLAKE2 hash abstraction. + - Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2. + - wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native). + - Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference. */ #ifndef _MDHASH_H #define _MDHASH_H -typedef enum { MDH_MD4, MDH_MD5 } mdh_alg; +typedef enum { MDH_MD4, MDH_MD5, MDH_BLAKE2 } mdh_alg; typedef struct mdh_ctx mdh_ctx; -/* Returns NULL on failure. */ -mdh_ctx *mdh_init(mdh_alg alg); +/* alg selects the hash. outlen selects digest size: + - MD4/MD5: outlen ignored (fixed 16 bytes). + - BLAKE2: outlen is the requested digest length (1..64). + Returns NULL on failure. */ +mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen); /* Returns 1 on success, 0 on failure. */ int mdh_update(mdh_ctx *c, const void *data, unsigned int len); diff --git a/src/ssl.c b/src/ssl.c index 355f1da..2dfa7a8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6,11 +6,20 @@ */ #include "structures.h" +#ifdef WITH_WOLFSSL +#include +#include +#include +#include +#include +#include +#else #include #include #include #include #include +#endif #include "proxy.h" #include "ssl.h" @@ -487,7 +496,7 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke int err = 0; -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L ctx = SSL_CTX_new(SSLv23_server_method()); #else ctx = SSL_CTX_new(TLS_server_method()); @@ -517,14 +526,17 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version); if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version); if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list); -#if OPENSSL_VERSION_NUMBER >= 0x10101000L +#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites); +#elif defined(WITH_WOLFSSL) + /* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */ + if(config->server_ciphersuites)wolfSSL_CTX_set_cipher_list(ctx, config->server_ciphersuites); #endif if(config->server_verify){ if(config->server_ca_file || config->server_ca_dir){ SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir); } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L else if(config->server_ca_store){ SSL_CTX_load_verify_store(ctx, config->server_ca_store); } @@ -655,7 +667,7 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){ srv->so._poll = ssl_poll; } if(sc && (sc->mitm || sc->cli)){ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L sc->srv_ctx = SSL_CTX_new(SSLv23_client_method()); #else sc->srv_ctx = SSL_CTX_new(TLS_client_method()); @@ -671,17 +683,20 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){ if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version); if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version); if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list); -#if OPENSSL_VERSION_NUMBER >= 0x10101000L +#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites); +#elif defined(WITH_WOLFSSL) + /* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */ + if(sc->client_ciphersuites)wolfSSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_ciphersuites); #endif -#if OPENSSL_VERSION_NUMBER >= 0x10200000L +#if (defined(WITH_WOLFSSL) && defined(HAVE_ALPN) && LIBWOLFSSL_VERSION_HEX >= 0x03007000) || (!defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10200000L) if(sc->client_alpn_protos.protos_len)SSL_CTX_set_alpn_protos(sc->srv_ctx, sc->client_alpn_protos.protos, sc->client_alpn_protos.protos_len); #endif if(sc->client_verify){ if(sc->client_ca_file || sc->client_ca_dir){ SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir); } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L else if(sc->client_ca_store){ SSL_CTX_load_verify_store(sc->srv_ctx, sc->client_ca_store); } diff --git a/src/ssllib.c b/src/ssllib.c index 62a132a..9b67d8e 100644 --- a/src/ssllib.c +++ b/src/ssllib.c @@ -14,12 +14,22 @@ #include #endif +#ifdef WITH_WOLFSSL +#include +#include +#include +#include +#include +#include +#include +#else #include #include #include #include #include #include +#endif #include "proxy.h" #include "ssl.h" @@ -103,7 +113,6 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config) X509 *dst_cert = NULL; EVP_PKEY *pk = NULL; - RSA *rsa = NULL; unsigned char hash_sha256[32]; char hash_name_sha256[(16*2) + 1];