mirror of
https://github.com/3proxy/3proxy.git
synced 2026-07-16 17:30:11 +08:00
wolfSSL support added
This commit is contained in:
parent
3a66c0a4c0
commit
f173f8860d
4
.github/workflows/build-win32.yml
vendored
4
.github/workflows/build-win32.yml
vendored
@ -28,7 +28,7 @@ jobs:
|
|||||||
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||||
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||||
- name: install packages
|
- name: install packages
|
||||||
run: vcpkg install pcre2:x86-windows-static openssl:x86-windows-static
|
run: vcpkg install pcre2:x86-windows-static wolfssl[opensslcompat]:x86-windows-static
|
||||||
- name: Add msbuild to PATH
|
- name: Add msbuild to PATH
|
||||||
uses: microsoft/setup-msbuild@v3
|
uses: microsoft/setup-msbuild@v3
|
||||||
- name: make Windows MSVC
|
- name: make Windows MSVC
|
||||||
@ -41,7 +41,7 @@ jobs:
|
|||||||
set "LIB=%LIB%;c:/vcpkg/installed/x86-windows-static/lib"
|
set "LIB=%LIB%;c:/vcpkg/installed/x86-windows-static/lib"
|
||||||
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x86-windows-static/include"
|
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x86-windows-static/include"
|
||||||
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
||||||
nmake /F Makefile.msvc
|
nmake /F Makefile.msvc WOLFSSL=1
|
||||||
- name: Decode Certificate
|
- name: Decode Certificate
|
||||||
shell: pwsh
|
shell: pwsh
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
4
.github/workflows/build-win64.yml
vendored
4
.github/workflows/build-win64.yml
vendored
@ -29,7 +29,7 @@ jobs:
|
|||||||
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||||
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||||
- name: install packages
|
- name: install packages
|
||||||
run: vcpkg install pcre2:x64-windows-static openssl:x64-windows-static
|
run: vcpkg install pcre2:x64-windows-static wolfssl[opensslcompat]:x64-windows-static
|
||||||
- name: Add msbuild to PATH
|
- name: Add msbuild to PATH
|
||||||
uses: microsoft/setup-msbuild@v3
|
uses: microsoft/setup-msbuild@v3
|
||||||
- name: make Windows MSVC
|
- name: make Windows MSVC
|
||||||
@ -42,7 +42,7 @@ jobs:
|
|||||||
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include"
|
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include"
|
||||||
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
||||||
echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION%
|
echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION%
|
||||||
nmake /F Makefile.msvc
|
nmake /F Makefile.msvc WOLFSSL=1
|
||||||
- name: Decode Certificate
|
- name: Decode Certificate
|
||||||
shell: pwsh
|
shell: pwsh
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
4
.github/workflows/build-winarm64.yml
vendored
4
.github/workflows/build-winarm64.yml
vendored
@ -28,7 +28,7 @@ jobs:
|
|||||||
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||||
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
|
||||||
- name: install packages
|
- name: install packages
|
||||||
run: vcpkg install pcre2:arm64-windows-static openssl:arm64-windows-static
|
run: vcpkg install pcre2:arm64-windows-static wolfssl[opensslcompat]:arm64-windows-static
|
||||||
- name: Add msbuild to PATH
|
- name: Add msbuild to PATH
|
||||||
uses: microsoft/setup-msbuild@v3
|
uses: microsoft/setup-msbuild@v3
|
||||||
- name: make Windows MSVC
|
- name: make Windows MSVC
|
||||||
@ -41,7 +41,7 @@ jobs:
|
|||||||
set "LIB=%LIB%;c:/vcpkg/installed/arm64-windows-static/lib"
|
set "LIB=%LIB%;c:/vcpkg/installed/arm64-windows-static/lib"
|
||||||
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/arm64-windows-static/include"
|
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/arm64-windows-static/include"
|
||||||
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
|
||||||
nmake /F Makefile.msvc
|
nmake /F Makefile.msvc WOLFSSL=1
|
||||||
- name: Decode Certificate
|
- name: Decode Certificate
|
||||||
shell: pwsh
|
shell: pwsh
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
8
.github/workflows/c-cpp-Windows.yml
vendored
8
.github/workflows/c-cpp-Windows.yml
vendored
@ -21,7 +21,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v7
|
- uses: actions/checkout@v7
|
||||||
- name: install Windows libraries
|
- name: install Windows libraries
|
||||||
run: vcpkg install pcre2:x64-windows && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-openssl
|
run: vcpkg install pcre2:x64-windows wolfssl[opensslcompat]:x64-windows-static && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-wolfssl
|
||||||
- name: make Windows
|
- name: make Windows
|
||||||
run: make -f Makefile.win
|
run: make -f Makefile.win
|
||||||
env:
|
env:
|
||||||
@ -37,7 +37,7 @@ jobs:
|
|||||||
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
|
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
|
||||||
D:
|
D:
|
||||||
cd "D:/a/3proxy/3proxy"
|
cd "D:/a/3proxy/3proxy"
|
||||||
set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
|
set "LIB=%LIB%;c:/vcpkg/installed/x64-windows-static/lib;c:/vcpkg/installed/x64-windows/lib"
|
||||||
set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
|
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include;c:/vcpkg/installed/x64-windows/include"
|
||||||
nmake /F Makefile.msvc
|
nmake /F Makefile.msvc WOLFSSL=1
|
||||||
nmake /F Makefile.msvc clean
|
nmake /F Makefile.msvc clean
|
||||||
|
|||||||
15
.github/workflows/c-cpp-cmake.yml
vendored
15
.github/workflows/c-cpp-cmake.yml
vendored
@ -57,3 +57,18 @@ jobs:
|
|||||||
cmake --build .
|
cmake --build .
|
||||||
cd ..
|
cd ..
|
||||||
rmdir /s /q build
|
rmdir /s /q build
|
||||||
|
|
||||||
|
wolfssl:
|
||||||
|
name: "ubuntu-latest (wolfSSL)"
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v7
|
||||||
|
- name: Install wolfSSL
|
||||||
|
run: sudo apt install -y libwolfssl-dev
|
||||||
|
- name: make with CMake (wolfSSL preferred)
|
||||||
|
run: |
|
||||||
|
mkdir build
|
||||||
|
cd build
|
||||||
|
cmake ..
|
||||||
|
cmake --build .
|
||||||
|
cd .. && rm -rf build/
|
||||||
|
|||||||
123
CMakeLists.txt
123
CMakeLists.txt
@ -46,7 +46,8 @@ endif()
|
|||||||
|
|
||||||
# Options
|
# Options
|
||||||
option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON)
|
option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON)
|
||||||
option(3PROXY_USE_OPENSSL "Enable TLS/SSL support (requires OpenSSL)" ON)
|
option(3PROXY_USE_WOLFSSL "Enable TLS/SSL support via wolfSSL (preferred when detected)" ON)
|
||||||
|
option(3PROXY_USE_OPENSSL "Enable TLS/SSL support via OpenSSL (fallback when wolfSSL unavailable)" ON)
|
||||||
option(3PROXY_USE_PCRE2 "Enable PCRE2 regex filtering" ON)
|
option(3PROXY_USE_PCRE2 "Enable PCRE2 regex filtering" ON)
|
||||||
option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON)
|
option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON)
|
||||||
option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF)
|
option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF)
|
||||||
@ -253,17 +254,38 @@ endif()
|
|||||||
|
|
||||||
# Find dependencies
|
# Find dependencies
|
||||||
|
|
||||||
# OpenSSL
|
# TLS/SSL backend: prefer wolfSSL when detected, fall back to OpenSSL.
|
||||||
|
set(3PROXY_SSL_ENABLED FALSE)
|
||||||
|
set(3PROXY_SSL_WOLFSSL FALSE)
|
||||||
set(OPENSSL_FOUND FALSE)
|
set(OPENSSL_FOUND FALSE)
|
||||||
if(3PROXY_USE_OPENSSL)
|
set(WOLFSSL_FOUND FALSE)
|
||||||
|
|
||||||
|
if(3PROXY_USE_WOLFSSL)
|
||||||
|
find_path(WOLFSSL_INCLUDE_DIR NAMES wolfssl/options.h wolfssl/ssl.h)
|
||||||
|
find_library(WOLFSSL_LIBRARIES NAMES wolfssl)
|
||||||
|
if(WOLFSSL_INCLUDE_DIR AND WOLFSSL_LIBRARIES)
|
||||||
|
set(WOLFSSL_FOUND TRUE)
|
||||||
|
set(3PROXY_SSL_ENABLED TRUE)
|
||||||
|
set(3PROXY_SSL_WOLFSSL TRUE)
|
||||||
|
add_compile_definitions(WITH_SSL WITH_WOLFSSL)
|
||||||
|
message(STATUS "wolfSSL found: ${WOLFSSL_LIBRARIES} (preferred backend)")
|
||||||
|
else()
|
||||||
|
message(STATUS "wolfSSL not found, falling back to OpenSSL if enabled")
|
||||||
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
|
if(NOT 3PROXY_SSL_ENABLED AND 3PROXY_USE_OPENSSL)
|
||||||
find_package(OpenSSL REQUIRED)
|
find_package(OpenSSL REQUIRED)
|
||||||
if(OpenSSL_FOUND)
|
if(OpenSSL_FOUND)
|
||||||
set(OPENSSL_FOUND TRUE)
|
set(OPENSSL_FOUND TRUE)
|
||||||
|
set(3PROXY_SSL_ENABLED TRUE)
|
||||||
add_compile_definitions(WITH_SSL)
|
add_compile_definitions(WITH_SSL)
|
||||||
message(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
|
message(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
|
||||||
endif()
|
endif()
|
||||||
else()
|
elseif(NOT 3PROXY_SSL_ENABLED)
|
||||||
message(STATUS "OpenSSL disabled by user request")
|
message(STATUS "SSL disabled (neither wolfSSL nor OpenSSL enabled/found)")
|
||||||
|
elseif(3PROXY_SSL_WOLFSSL)
|
||||||
|
message(STATUS "OpenSSL skipped (wolfSSL in use)")
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
# PCRE2
|
# PCRE2
|
||||||
@ -305,8 +327,9 @@ if(ODBC_FOUND)
|
|||||||
add_compile_definitions(WITH_ODBC)
|
add_compile_definitions(WITH_ODBC)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
# Set NORADIUS if OpenSSL is not available (RADIUS requires MD5 from OpenSSL)
|
# Set NORADIUS if no SSL backend is available (RADIUS MD5 uses bundled md5, but
|
||||||
if(NOT OPENSSL_FOUND)
|
# keep the historical gate tied to SSL availability).
|
||||||
|
if(NOT 3PROXY_SSL_ENABLED)
|
||||||
add_compile_definitions(NORADIUS)
|
add_compile_definitions(NORADIUS)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
@ -328,10 +351,15 @@ set(3PROXY_CORE_SOURCES
|
|||||||
src/stringtable.c
|
src/stringtable.c
|
||||||
)
|
)
|
||||||
|
|
||||||
# BLAKE2 source for 3proxy_crypt
|
# BLAKE2 source for 3proxy_crypt (bundled reference impl; wolfSSL provides
|
||||||
|
# BLAKE2b natively via wc_Blake2b* when WITH_WOLFSSL is enabled)
|
||||||
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
set(MD_SOURCES)
|
||||||
|
else()
|
||||||
set(MD_SOURCES
|
set(MD_SOURCES
|
||||||
src/libs/blake2b-ref.c
|
src/libs/blake2b-ref.c
|
||||||
)
|
)
|
||||||
|
endif()
|
||||||
|
|
||||||
# ============================================================================
|
# ============================================================================
|
||||||
# Object libraries for common sources (shared between executables)
|
# Object libraries for common sources (shared between executables)
|
||||||
@ -350,13 +378,19 @@ target_include_directories(common_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
|||||||
add_library(base64_obj OBJECT src/base64.c)
|
add_library(base64_obj OBJECT src/base64.c)
|
||||||
target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||||
|
|
||||||
# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere)
|
# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere,
|
||||||
|
# wolfSSL when WITH_WOLFSSL is enabled)
|
||||||
if(WIN32)
|
if(WIN32)
|
||||||
add_library(mdhash_obj OBJECT src/mdhash.c)
|
add_library(mdhash_obj OBJECT src/mdhash.c)
|
||||||
|
elseif(3PROXY_SSL_WOLFSSL)
|
||||||
|
add_library(mdhash_obj OBJECT src/mdhash.c)
|
||||||
else()
|
else()
|
||||||
add_library(mdhash_obj OBJECT src/mdhash.c src/libs/md4.c src/libs/md5.c)
|
add_library(mdhash_obj OBJECT src/mdhash.c src/libs/md4.c src/libs/md5.c)
|
||||||
endif()
|
endif()
|
||||||
target_include_directories(mdhash_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
target_include_directories(mdhash_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||||
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
target_include_directories(mdhash_obj PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||||
|
endif()
|
||||||
|
|
||||||
# ============================================================================
|
# ============================================================================
|
||||||
# Object libraries for 3proxy (compiled WITHOUT WITHMAIN)
|
# Object libraries for 3proxy (compiled WITHOUT WITHMAIN)
|
||||||
@ -402,9 +436,13 @@ target_include_directories(ftp_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
|||||||
# 3proxy_crypt object for 3proxy (without WITHMAIN)
|
# 3proxy_crypt object for 3proxy (without WITHMAIN)
|
||||||
add_library(3proxy_crypt_obj OBJECT src/3proxy_crypt.c)
|
add_library(3proxy_crypt_obj OBJECT src/3proxy_crypt.c)
|
||||||
target_include_directories(3proxy_crypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
target_include_directories(3proxy_crypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_ENABLED)
|
||||||
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
target_include_directories(3proxy_crypt_obj PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||||
|
else()
|
||||||
target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR})
|
target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR})
|
||||||
endif()
|
endif()
|
||||||
|
endif()
|
||||||
|
|
||||||
# ============================================================================
|
# ============================================================================
|
||||||
# Main 3proxy executable
|
# Main 3proxy executable
|
||||||
@ -425,7 +463,7 @@ add_executable(3proxy
|
|||||||
)
|
)
|
||||||
target_sources(3proxy PRIVATE ${MD_SOURCES})
|
target_sources(3proxy PRIVATE ${MD_SOURCES})
|
||||||
|
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_ENABLED)
|
||||||
target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
|
target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
@ -437,9 +475,13 @@ target_include_directories(3proxy PRIVATE
|
|||||||
${CMAKE_CURRENT_SOURCE_DIR}/src
|
${CMAKE_CURRENT_SOURCE_DIR}/src
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
|
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
|
||||||
)
|
)
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_ENABLED)
|
||||||
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
target_include_directories(3proxy PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||||
|
else()
|
||||||
target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR})
|
target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR})
|
||||||
endif()
|
endif()
|
||||||
|
endif()
|
||||||
if(PCRE2_FOUND)
|
if(PCRE2_FOUND)
|
||||||
target_include_directories(3proxy PRIVATE ${PCRE2_INCLUDE_DIRS})
|
target_include_directories(3proxy PRIVATE ${PCRE2_INCLUDE_DIRS})
|
||||||
endif()
|
endif()
|
||||||
@ -454,10 +496,16 @@ if(ODBC_FOUND)
|
|||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
# OpenSSL linking
|
# SSL linking
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_ENABLED)
|
||||||
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
if(3PROXY_STATIC_LINK)
|
if(3PROXY_STATIC_LINK)
|
||||||
# Will be linked statically below (if static libraries are found)
|
# Will be linked statically below (if static library is found)
|
||||||
|
else()
|
||||||
|
target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES})
|
||||||
|
endif()
|
||||||
|
elseif(3PROXY_STATIC_LINK)
|
||||||
|
# OpenSSL static linking handled below
|
||||||
else()
|
else()
|
||||||
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
||||||
endif()
|
endif()
|
||||||
@ -474,14 +522,19 @@ if(PCRE2_FOUND)
|
|||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
# Static linking of OpenSSL and PCRE2 (when option is enabled)
|
# Static linking of SSL backend and PCRE2 (when option is enabled)
|
||||||
if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
|
if(3PROXY_STATIC_LINK AND ((3PROXY_SSL_ENABLED AND NOT 3PROXY_SSL_WOLFSSL) OR (3PROXY_SSL_WOLFSSL) OR PCRE2_FOUND))
|
||||||
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
||||||
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
||||||
|
|
||||||
set(_static_libs "")
|
set(_static_libs "")
|
||||||
|
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
find_library(_wolfssl_static_lib NAMES wolfssl)
|
||||||
|
if(_wolfssl_static_lib)
|
||||||
|
list(APPEND _static_libs ${_wolfssl_static_lib})
|
||||||
|
endif()
|
||||||
|
elseif(OpenSSL_FOUND)
|
||||||
find_library(_ssl_static_lib ssl)
|
find_library(_ssl_static_lib ssl)
|
||||||
find_library(_crypto_static_lib crypto)
|
find_library(_crypto_static_lib crypto)
|
||||||
if(_ssl_static_lib AND _crypto_static_lib)
|
if(_ssl_static_lib AND _crypto_static_lib)
|
||||||
@ -500,10 +553,12 @@ if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
|
|||||||
|
|
||||||
if(_static_libs)
|
if(_static_libs)
|
||||||
target_link_libraries(3proxy PRIVATE -Wl,-Bstatic ${_static_libs} -Wl,-Bdynamic)
|
target_link_libraries(3proxy PRIVATE -Wl,-Bstatic ${_static_libs} -Wl,-Bdynamic)
|
||||||
message(STATUS "Static linking enabled for OpenSSL/PCRE2")
|
message(STATUS "Static linking enabled for SSL backend/PCRE2")
|
||||||
else()
|
else()
|
||||||
message(WARNING "3PROXY_STATIC_LINK is ON but static libraries not found, falling back to dynamic")
|
message(WARNING "3PROXY_STATIC_LINK is ON but static libraries not found, falling back to dynamic")
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES})
|
||||||
|
elseif(OpenSSL_FOUND)
|
||||||
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
||||||
endif()
|
endif()
|
||||||
if(PCRE2_FOUND)
|
if(PCRE2_FOUND)
|
||||||
@ -537,11 +592,32 @@ target_include_directories(3proxy_crypt PRIVATE
|
|||||||
${CMAKE_CURRENT_SOURCE_DIR}/src
|
${CMAKE_CURRENT_SOURCE_DIR}/src
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
|
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
|
||||||
)
|
)
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_ENABLED)
|
||||||
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
target_include_directories(3proxy_crypt PRIVATE ${WOLFSSL_INCLUDE_DIR})
|
||||||
|
else()
|
||||||
target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR})
|
target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR})
|
||||||
endif()
|
endif()
|
||||||
|
endif()
|
||||||
target_link_libraries(3proxy_crypt PRIVATE Threads::Threads)
|
target_link_libraries(3proxy_crypt PRIVATE Threads::Threads)
|
||||||
if(OpenSSL_FOUND)
|
if(3PROXY_SSL_ENABLED)
|
||||||
|
if(3PROXY_SSL_WOLFSSL)
|
||||||
|
if(3PROXY_STATIC_LINK)
|
||||||
|
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
||||||
|
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
||||||
|
find_library(_wolfssl_static_lib_c NAMES wolfssl)
|
||||||
|
set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes})
|
||||||
|
if(_wolfssl_static_lib_c)
|
||||||
|
target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_wolfssl_static_lib_c} -Wl,-Bdynamic)
|
||||||
|
message(STATUS "3proxy_crypt: static wolfSSL")
|
||||||
|
else()
|
||||||
|
message(WARNING "3PROXY_STATIC_LINK is ON but static wolfSSL not found, using dynamic")
|
||||||
|
target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES})
|
||||||
|
endif()
|
||||||
|
else()
|
||||||
|
target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES})
|
||||||
|
endif()
|
||||||
|
else()
|
||||||
if(3PROXY_STATIC_LINK)
|
if(3PROXY_STATIC_LINK)
|
||||||
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
|
||||||
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
|
||||||
@ -559,6 +635,7 @@ if(OpenSSL_FOUND)
|
|||||||
target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
endif()
|
||||||
if("${3PROXY_BINARY_PREFIX}" STREQUAL "")
|
if("${3PROXY_BINARY_PREFIX}" STREQUAL "")
|
||||||
set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "mycrypt")
|
set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "mycrypt")
|
||||||
else()
|
else()
|
||||||
@ -848,6 +925,7 @@ message(STATUS " Build type: ${CMAKE_BUILD_TYPE}")
|
|||||||
message(STATUS "")
|
message(STATUS "")
|
||||||
message(STATUS " Options:")
|
message(STATUS " Options:")
|
||||||
message(STATUS " BUILD_SHARED: ${3PROXY_BUILD_SHARED}")
|
message(STATUS " BUILD_SHARED: ${3PROXY_BUILD_SHARED}")
|
||||||
|
message(STATUS " USE_WOLFSSL: ${3PROXY_USE_WOLFSSL}")
|
||||||
message(STATUS " USE_OPENSSL: ${3PROXY_USE_OPENSSL}")
|
message(STATUS " USE_OPENSSL: ${3PROXY_USE_OPENSSL}")
|
||||||
message(STATUS " USE_PCRE2: ${3PROXY_USE_PCRE2}")
|
message(STATUS " USE_PCRE2: ${3PROXY_USE_PCRE2}")
|
||||||
message(STATUS " USE_PAM: ${3PROXY_USE_PAM}")
|
message(STATUS " USE_PAM: ${3PROXY_USE_PAM}")
|
||||||
@ -865,6 +943,7 @@ if(WIN32)
|
|||||||
endif()
|
endif()
|
||||||
message(STATUS "")
|
message(STATUS "")
|
||||||
message(STATUS " Libraries found:")
|
message(STATUS " Libraries found:")
|
||||||
|
message(STATUS " wolfSSL: ${WOLFSSL_FOUND}")
|
||||||
message(STATUS " OpenSSL: ${OPENSSL_FOUND}")
|
message(STATUS " OpenSSL: ${OPENSSL_FOUND}")
|
||||||
message(STATUS " PCRE2: ${PCRE2_FOUND}")
|
message(STATUS " PCRE2: ${PCRE2_FOUND}")
|
||||||
message(STATUS " PAM: ${PAM_FOUND}")
|
message(STATUS " PAM: ${PAM_FOUND}")
|
||||||
|
|||||||
@ -47,6 +47,13 @@ ifeq ($(LIBSTATIC), true)
|
|||||||
STATIC_SUFFIX = -Wl,-Bdynamic
|
STATIC_SUFFIX = -Wl,-Bdynamic
|
||||||
ZLIB = -lz -lzstd
|
ZLIB = -lz -lzstd
|
||||||
endif
|
endif
|
||||||
|
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||||
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
|
||||||
|
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||||
|
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||||
|
ZLIB :=
|
||||||
|
else
|
||||||
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||||
ifeq ($(OPENSSL_CHECK), true)
|
ifeq ($(OPENSSL_CHECK), true)
|
||||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX)
|
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX)
|
||||||
@ -55,6 +62,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
|||||||
else
|
else
|
||||||
ZLIB :=
|
ZLIB :=
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||||
ifeq ($(PCRE_CHECK), true)
|
ifeq ($(PCRE_CHECK), true)
|
||||||
CFLAGS += -DWITH_PCRE
|
CFLAGS += -DWITH_PCRE
|
||||||
@ -66,7 +74,11 @@ ifeq ($(PAM_CHECK), true)
|
|||||||
PLUGINS += PamAuth
|
PLUGINS += PamAuth
|
||||||
endif
|
endif
|
||||||
|
|
||||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
BUNDLED_HASH_OBJS =
|
||||||
|
else
|
||||||
|
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||||
|
endif
|
||||||
include Makefile.inc
|
include Makefile.inc
|
||||||
|
|
||||||
DESTDIR ?=
|
DESTDIR ?=
|
||||||
|
|||||||
@ -51,6 +51,13 @@ ifeq ($(LIBSTATIC), true)
|
|||||||
ZLIB = -lz -lzstd
|
ZLIB = -lz -lzstd
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||||
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
|
||||||
|
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||||
|
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||||
|
ZLIB :=
|
||||||
|
else
|
||||||
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||||
ifeq ($(OPENSSL_CHECK), true)
|
ifeq ($(OPENSSL_CHECK), true)
|
||||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
|
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
|
||||||
@ -59,6 +66,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
|||||||
else
|
else
|
||||||
ZLIB :=
|
ZLIB :=
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||||
ifeq ($(PCRE_CHECK), true)
|
ifeq ($(PCRE_CHECK), true)
|
||||||
CFLAGS += -DWITH_PCRE
|
CFLAGS += -DWITH_PCRE
|
||||||
@ -69,7 +77,11 @@ PAM_CHECK ?= $(shell echo "\#include <security/pam_appl.h>\\n int main(){return
|
|||||||
ifeq ($(PAM_CHECK), true)
|
ifeq ($(PAM_CHECK), true)
|
||||||
PLUGINS += PamAuth
|
PLUGINS += PamAuth
|
||||||
endif
|
endif
|
||||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
BUNDLED_HASH_OBJS =
|
||||||
|
else
|
||||||
|
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||||
|
endif
|
||||||
include Makefile.inc
|
include Makefile.inc
|
||||||
|
|
||||||
allplugins:
|
allplugins:
|
||||||
|
|||||||
@ -31,12 +31,19 @@ COMPATLIBS =
|
|||||||
MAKEFILE = Makefile.Solaris
|
MAKEFILE = Makefile.Solaris
|
||||||
PLUGINS = StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
|
PLUGINS = StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
|
||||||
|
|
||||||
|
WOLFSSL_CHECK = $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testwssl testwssl.o -lwolfssl 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||||
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
LIBS += -lwolfssl
|
||||||
|
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||||
|
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||||
|
else
|
||||||
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||||
ifeq ($(OPENSSL_CHECK), true)
|
ifeq ($(OPENSSL_CHECK), true)
|
||||||
LIBS += -l crypto -l ssl
|
LIBS += -l crypto -l ssl
|
||||||
CFLAGS += -DWITH_SSL
|
CFLAGS += -DWITH_SSL
|
||||||
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||||
ifeq ($(PCRE_CHECK), true)
|
ifeq ($(PCRE_CHECK), true)
|
||||||
CFLAGS += -DWITH_PCRE
|
CFLAGS += -DWITH_PCRE
|
||||||
@ -44,7 +51,11 @@ ifeq ($(PCRE_CHECK), true)
|
|||||||
PCRE_LIBS = -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic
|
PCRE_LIBS = -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic
|
||||||
endif
|
endif
|
||||||
|
|
||||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
BUNDLED_HASH_OBJS =
|
||||||
|
else
|
||||||
|
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||||
|
endif
|
||||||
include Makefile.inc
|
include Makefile.inc
|
||||||
|
|
||||||
allplugins:
|
allplugins:
|
||||||
|
|||||||
@ -11,13 +11,22 @@ CRYPT_PREFIX = 3proxy_
|
|||||||
CC = cl
|
CC = cl
|
||||||
VERSION = $(VERSION)
|
VERSION = $(VERSION)
|
||||||
BUILDDATE = $(BUILDDATE)
|
BUILDDATE = $(BUILDDATE)
|
||||||
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
|
!IFDEF WOLFSSL
|
||||||
|
SSL_DEFS = /D "WITH_SSL" /D "WITH_WOLFSSL"
|
||||||
|
SSL_LIBS = wolfssl.lib
|
||||||
|
BUNDLED_HASH_OBJS =
|
||||||
|
!ELSE
|
||||||
|
SSL_DEFS = /D "WITH_SSL"
|
||||||
|
SSL_LIBS = libcrypto.lib libssl.lib
|
||||||
|
BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS)
|
||||||
|
!ENDIF
|
||||||
|
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" $(SSL_DEFS) /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
|
||||||
COUT = /Fo
|
COUT = /Fo
|
||||||
LN = link
|
LN = link
|
||||||
LDFLAGS = /nologo /subsystem:console /incremental:no
|
LDFLAGS = /nologo /subsystem:console /incremental:no
|
||||||
DLFLAGS = /DLL
|
DLFLAGS = /DLL
|
||||||
DLSUFFICS = .dll
|
DLSUFFICS = .dll
|
||||||
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib pcre2-8.lib
|
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib $(SSL_LIBS) pcre2-8.lib
|
||||||
LIBSPREFIX =
|
LIBSPREFIX =
|
||||||
LIBSSUFFIX = .lib
|
LIBSSUFFIX = .lib
|
||||||
LIBEXT = .lib
|
LIBEXT = .lib
|
||||||
|
|||||||
@ -49,6 +49,13 @@ ifeq ($(LIBSTATIC), true)
|
|||||||
STATIC_SUFFIX = -Wl,-Bdynamic
|
STATIC_SUFFIX = -Wl,-Bdynamic
|
||||||
ZLIB = -lz -lzstd
|
ZLIB = -lz -lzstd
|
||||||
endif
|
endif
|
||||||
|
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
|
||||||
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
|
||||||
|
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||||
|
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||||
|
ZLIB :=
|
||||||
|
else
|
||||||
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
|
||||||
ifeq ($(OPENSSL_CHECK), true)
|
ifeq ($(OPENSSL_CHECK), true)
|
||||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
|
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
|
||||||
@ -57,6 +64,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
|||||||
else
|
else
|
||||||
ZLIB :=
|
ZLIB :=
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
|
||||||
ifeq ($(PCRE_CHECK), true)
|
ifeq ($(PCRE_CHECK), true)
|
||||||
CFLAGS += -DWITH_PCRE
|
CFLAGS += -DWITH_PCRE
|
||||||
@ -68,7 +76,11 @@ ifeq ($(PAM_CHECK), true)
|
|||||||
PLUGINS += PamAuth
|
PLUGINS += PamAuth
|
||||||
endif
|
endif
|
||||||
|
|
||||||
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
BUNDLED_HASH_OBJS =
|
||||||
|
else
|
||||||
|
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
|
||||||
|
endif
|
||||||
include Makefile.inc
|
include Makefile.inc
|
||||||
|
|
||||||
DESTDIR ?=
|
DESTDIR ?=
|
||||||
|
|||||||
10
Makefile.win
10
Makefile.win
@ -42,6 +42,15 @@ ifeq ($(LIBSTATIC), true)
|
|||||||
STATIC_SUFFIX = -Wl,-Bdynamic
|
STATIC_SUFFIX = -Wl,-Bdynamic
|
||||||
ZLIB = -lz
|
ZLIB = -lz
|
||||||
endif
|
endif
|
||||||
|
WOLFSSL_CHECK = $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -o testwssl - 2>/dev/null && rm testwssl && echo true||echo false)
|
||||||
|
ifeq ($(WOLFSSL_CHECK), true)
|
||||||
|
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -lws2_32
|
||||||
|
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
|
||||||
|
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
|
||||||
|
ZLIB :=
|
||||||
|
BUNDLED_HASH_OBJS =
|
||||||
|
else
|
||||||
|
BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS)
|
||||||
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
|
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
|
||||||
ifeq ($(OPENSSL_CHECK), true)
|
ifeq ($(OPENSSL_CHECK), true)
|
||||||
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -lcrypt32
|
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -lcrypt32
|
||||||
@ -50,6 +59,7 @@ ifeq ($(OPENSSL_CHECK), true)
|
|||||||
else
|
else
|
||||||
ZLIB :=
|
ZLIB :=
|
||||||
endif
|
endif
|
||||||
|
endif
|
||||||
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
|
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
|
||||||
ifeq ($(PAM_CHECK), true)
|
ifeq ($(PAM_CHECK), true)
|
||||||
PLUGINS += PamAuth
|
PLUGINS += PamAuth
|
||||||
|
|||||||
@ -5,7 +5,6 @@
|
|||||||
please read License Agreement
|
please read License Agreement
|
||||||
|
|
||||||
*/
|
*/
|
||||||
#include "libs/blake2.h"
|
|
||||||
#include "mdhash.h"
|
#include "mdhash.h"
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
@ -52,7 +51,7 @@ unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPasswor
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Encrypt Unicode password to a 16-byte MD4 hash */
|
/* Encrypt Unicode password to a 16-byte MD4 hash */
|
||||||
ctx = mdh_init(MDH_MD4);
|
ctx = mdh_init(MDH_MD4, 16);
|
||||||
if(!ctx) return NULL;
|
if(!ctx) return NULL;
|
||||||
mdh_update(ctx, szUnicodePass, (nPasswordLen<<1));
|
mdh_update(ctx, szUnicodePass, (nPasswordLen<<1));
|
||||||
if(!mdh_final(ctx, szUnicodePass, &len)) {
|
if(!mdh_final(ctx, szUnicodePass, &len)) {
|
||||||
@ -89,7 +88,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
|||||||
sl = (int)(ep - sp);
|
sl = (int)(ep - sp);
|
||||||
magic = (unsigned char *)"$1$";
|
magic = (unsigned char *)"$1$";
|
||||||
|
|
||||||
ctx = mdh_init(MDH_MD5);
|
ctx = mdh_init(MDH_MD5, 16);
|
||||||
if(!ctx) {
|
if(!ctx) {
|
||||||
*passwd = 0;
|
*passwd = 0;
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -105,7 +104,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
|||||||
mdh_update(ctx, sp, (unsigned int)sl);
|
mdh_update(ctx, sp, (unsigned int)sl);
|
||||||
|
|
||||||
/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
|
/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
|
||||||
ctx1 = mdh_init(MDH_MD5);
|
ctx1 = mdh_init(MDH_MD5, 16);
|
||||||
if(!ctx1) {
|
if(!ctx1) {
|
||||||
mdh_free(ctx);
|
mdh_free(ctx);
|
||||||
*passwd = 0;
|
*passwd = 0;
|
||||||
@ -139,7 +138,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
|||||||
*/
|
*/
|
||||||
for(i=0;i<1000;i++) {
|
for(i=0;i<1000;i++) {
|
||||||
mdh_free(ctx1);
|
mdh_free(ctx1);
|
||||||
ctx1 = mdh_init(MDH_MD5);
|
ctx1 = mdh_init(MDH_MD5, 16);
|
||||||
if(!ctx1) { *passwd = 0; return NULL; }
|
if(!ctx1) { *passwd = 0; return NULL; }
|
||||||
if(i & 1)
|
if(i & 1)
|
||||||
mdh_update(ctx1, pw, (unsigned int)strlen((char *)pw));
|
mdh_update(ctx1, pw, (unsigned int)strlen((char *)pw));
|
||||||
@ -167,14 +166,17 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
|
|||||||
sl = (int)(ep - sp);
|
sl = (int)(ep - sp);
|
||||||
magic = (unsigned char *)"$3$";
|
magic = (unsigned char *)"$3$";
|
||||||
{
|
{
|
||||||
blake2b_state S;
|
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, MD5_SIZE);
|
||||||
if(blake2b_init(&S, MD5_SIZE) != 0 ||
|
unsigned int blen = MD5_SIZE;
|
||||||
blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
|
if(!bctx ||
|
||||||
blake2b_update(&S, sp, sl) != 0 ||
|
!mdh_update(bctx, pw, (unsigned int)(strlen((char *)pw) + 1)) ||
|
||||||
blake2b_final(&S, final, MD5_SIZE) != 0) {
|
!mdh_update(bctx, sp, (unsigned int)sl) ||
|
||||||
|
!mdh_final(bctx, final, &blen)) {
|
||||||
|
mdh_free(bctx);
|
||||||
*passwd = 0;
|
*passwd = 0;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
mdh_free(bctx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
@ -164,8 +164,8 @@ md4$(OBJSUFFICS): libs/md4.c libs/md4.h
|
|||||||
md5$(OBJSUFFICS): libs/md5.c libs/md5.h
|
md5$(OBJSUFFICS): libs/md5.c libs/md5.h
|
||||||
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
|
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
|
||||||
|
|
||||||
$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS)
|
$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS)
|
||||||
$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
|
$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
|
||||||
|
|
||||||
stringtable$(OBJSUFFICS): stringtable.c
|
stringtable$(OBJSUFFICS): stringtable.c
|
||||||
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
|
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
|
||||||
@ -179,6 +179,6 @@ ssl$(OBJSUFFICS): ssl.c structures.h proxy.h ssl.h
|
|||||||
pcre$(OBJSUFFICS): pcre.c structures.h
|
pcre$(OBJSUFFICS): pcre.c structures.h
|
||||||
$(CC) $(COUT)pcre$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITH_PCRE pcre.c
|
$(CC) $(COUT)pcre$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITH_PCRE pcre.c
|
||||||
|
|
||||||
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP)
|
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP)
|
||||||
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS)
|
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS)
|
||||||
|
|
||||||
|
|||||||
14
src/auth.c
14
src/auth.c
@ -7,7 +7,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "proxy.h"
|
#include "proxy.h"
|
||||||
#include "libs/blake2.h"
|
#include "mdhash.h"
|
||||||
|
|
||||||
void initbandlims(struct clientparam *param);
|
void initbandlims(struct clientparam *param);
|
||||||
|
|
||||||
@ -231,13 +231,17 @@ int strongauth(struct clientparam * param){
|
|||||||
if((unsigned)pwlen < pwl_table.recsize) {
|
if((unsigned)pwlen < pwl_table.recsize) {
|
||||||
if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0;
|
if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0;
|
||||||
} else {
|
} else {
|
||||||
blake2b_state S;
|
mdh_ctx *bctx;
|
||||||
unsigned hashsz;
|
unsigned hashsz;
|
||||||
|
unsigned int blen;
|
||||||
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
|
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
|
||||||
memset(buf, 0, pwl_table.recsize - 1);
|
memset(buf, 0, pwl_table.recsize - 1);
|
||||||
blake2b_init(&S, hashsz);
|
bctx = mdh_init(MDH_BLAKE2, hashsz);
|
||||||
blake2b_update(&S, param->password, pwlen + 1);
|
if(!bctx) return 6;
|
||||||
blake2b_final(&S, buf, hashsz);
|
mdh_update(bctx, param->password, pwlen + 1);
|
||||||
|
blen = hashsz;
|
||||||
|
mdh_final(bctx, buf, &blen);
|
||||||
|
mdh_free(bctx);
|
||||||
if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
|
if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
|
||||||
}
|
}
|
||||||
return 6;
|
return 6;
|
||||||
|
|||||||
@ -188,7 +188,7 @@ char *strNcpy(char *dest, const char *src, int n)
|
|||||||
void md5_calc(unsigned char *output, unsigned char *input,
|
void md5_calc(unsigned char *output, unsigned char *input,
|
||||||
unsigned int inlen)
|
unsigned int inlen)
|
||||||
{
|
{
|
||||||
mdh_ctx *ctx = mdh_init(MDH_MD5);
|
mdh_ctx *ctx = mdh_init(MDH_MD5, 16);
|
||||||
unsigned int len = 16;
|
unsigned int len = 16;
|
||||||
if(!ctx) return;
|
if(!ctx) return;
|
||||||
mdh_update(ctx, input, inlen);
|
mdh_update(ctx, input, inlen);
|
||||||
|
|||||||
14
src/conf.c
14
src/conf.c
@ -7,7 +7,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "proxy.h"
|
#include "proxy.h"
|
||||||
#include "libs/blake2.h"
|
#include "mdhash.h"
|
||||||
#ifdef WITH_SSL
|
#ifdef WITH_SSL
|
||||||
void ssl_install(void);
|
void ssl_install(void);
|
||||||
#endif
|
#endif
|
||||||
@ -543,13 +543,17 @@ static int h_users(int argc, unsigned char **argv){
|
|||||||
l = strlen(pw[1]);
|
l = strlen(pw[1]);
|
||||||
if(l > 255) l = 255;
|
if(l > 255) l = 255;
|
||||||
if((unsigned)l >= pwl_table.recsize) {
|
if((unsigned)l >= pwl_table.recsize) {
|
||||||
blake2b_state S;
|
mdh_ctx *bctx;
|
||||||
unsigned hashsz;
|
unsigned hashsz;
|
||||||
|
unsigned int blen;
|
||||||
if(*pass != CL) continue;
|
if(*pass != CL) continue;
|
||||||
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
|
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
|
||||||
blake2b_init(&S, hashsz);
|
bctx = mdh_init(MDH_BLAKE2, hashsz);
|
||||||
blake2b_update(&S, pw[1], l + 1);
|
if(!bctx) continue;
|
||||||
blake2b_final(&S, pass+1, hashsz);
|
mdh_update(bctx, pw[1], l + 1);
|
||||||
|
blen = hashsz;
|
||||||
|
mdh_final(bctx, (unsigned char *)pass+1, &blen);
|
||||||
|
mdh_free(bctx);
|
||||||
} else {
|
} else {
|
||||||
memcpy(pass + 1, pw[1], l);
|
memcpy(pass + 1, pw[1], l);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,18 +1,21 @@
|
|||||||
#include "proxy.h"
|
#include "proxy.h"
|
||||||
#include "libs/blake2.h"
|
#include "mdhash.h"
|
||||||
|
|
||||||
|
|
||||||
static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){
|
static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){
|
||||||
blake2b_state S;
|
|
||||||
int len;
|
int len;
|
||||||
|
unsigned int blen;
|
||||||
|
|
||||||
len = strlen((const char*)index);
|
len = strlen((const char*)index);
|
||||||
memset(hash, 0, ht->hash_size);
|
memset(hash, 0, ht->hash_size);
|
||||||
if(len <= ht->hash_size) memcpy(hash, index, len);
|
if(len <= ht->hash_size) memcpy(hash, index, len);
|
||||||
else {
|
else {
|
||||||
blake2b_init(&S, ht->hash_size);
|
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
|
||||||
blake2b_update(&S, index, strlen((const char*)index) + 1);
|
if(!bctx) return;
|
||||||
blake2b_final(&S, hash, ht->hash_size);
|
mdh_update(bctx, index, (unsigned int)(strlen((const char*)index) + 1));
|
||||||
|
blen = ht->hash_size;
|
||||||
|
mdh_final(bctx, hash, &blen);
|
||||||
|
mdh_free(bctx);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -23,7 +26,6 @@ static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *has
|
|||||||
}
|
}
|
||||||
|
|
||||||
void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
|
void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
|
||||||
blake2b_state S;
|
|
||||||
struct clientparam *param = (struct clientparam *)index;
|
struct clientparam *param = (struct clientparam *)index;
|
||||||
unsigned type = param->srv->authcachetype;
|
unsigned type = param->srv->authcachetype;
|
||||||
int len = 0, oplen = 0, acllen = 0, ulen = 0, plen = 0, hlen = 0, a1len = 0, a2len = 0, a3len = 0, p1len=0, p2len = 0;
|
int len = 0, oplen = 0, acllen = 0, ulen = 0, plen = 0, hlen = 0, a1len = 0, a2len = 0, a3len = 0, p1len=0, p2len = 0;
|
||||||
@ -55,31 +57,36 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
|
|||||||
if((type & 2048)){ memcpy(hash + offset, SAPORT(¶m->srv->intsa), p2len); offset += 2; }
|
if((type & 2048)){ memcpy(hash + offset, SAPORT(¶m->srv->intsa), p2len); offset += 2; }
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
blake2b_init(&S, ht->hash_size);
|
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
|
||||||
if((type & 2) && param->username)blake2b_update(&S, param->username, ulen);
|
unsigned int blen = ht->hash_size;
|
||||||
if((type & 4) && param->password)blake2b_update(&S, param->password, plen);
|
if(!bctx) { memcpy(param->hash, hash, ht->hash_size); return; }
|
||||||
if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(¶m->sincr), a1len);
|
if((type & 2) && param->username)mdh_update(bctx, param->username, ulen);
|
||||||
if((type & 16))blake2b_update(&S, ¶m->srv->acl, acllen);
|
if((type & 4) && param->password)mdh_update(bctx, param->password, plen);
|
||||||
if((type & 64))blake2b_update(&S, SAADDR(¶m->req), a2len);
|
if((type & 1) && !(type & 8))mdh_update(bctx, SAADDR(¶m->sincr), a1len);
|
||||||
if((type & 128))blake2b_update(&S, SAPORT(¶m->req), 2);
|
if((type & 16))mdh_update(bctx, ¶m->srv->acl, acllen);
|
||||||
if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen);
|
if((type & 64))mdh_update(bctx, SAADDR(¶m->req), a2len);
|
||||||
if((type & 512))blake2b_update(&S, ¶m->operation, sizeof(param->operation));
|
if((type & 128))mdh_update(bctx, SAPORT(¶m->req), 2);
|
||||||
if((type & 1024))blake2b_update(&S, SAADDR(¶m->srv->intsa), a3len);
|
if((type & 256) && param->hostname)mdh_update(bctx, param->hostname, hlen);
|
||||||
if((type & 2048))blake2b_update(&S, SAPORT(¶m->srv->intsa), 2);
|
if((type & 512))mdh_update(bctx, ¶m->operation, sizeof(param->operation));
|
||||||
blake2b_final(&S, hash, ht->hash_size);
|
if((type & 1024))mdh_update(bctx, SAADDR(¶m->srv->intsa), a3len);
|
||||||
|
if((type & 2048))mdh_update(bctx, SAPORT(¶m->srv->intsa), 2);
|
||||||
|
mdh_final(bctx, hash, &blen);
|
||||||
|
mdh_free(bctx);
|
||||||
}
|
}
|
||||||
memcpy(param->hash, hash, ht->hash_size);
|
memcpy(param->hash, hash, ht->hash_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
|
static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
|
||||||
struct clientparam *param = (struct clientparam *)index;
|
struct clientparam *param = (struct clientparam *)index;
|
||||||
blake2b_state S;
|
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
|
||||||
blake2b_init(&S, ht->hash_size);
|
unsigned int blen = ht->hash_size;
|
||||||
blake2b_update(&S, SAADDR(¶m->srv->intsa), SAADDRLEN(¶m->srv->intsa));
|
if(!bctx) return;
|
||||||
blake2b_update(&S, SAPORT(¶m->srv->intsa), 2);
|
mdh_update(bctx, SAADDR(¶m->srv->intsa), SAADDRLEN(¶m->srv->intsa));
|
||||||
blake2b_update(&S, SAADDR(¶m->sincr), SAADDRLEN(¶m->sincr));
|
mdh_update(bctx, SAPORT(¶m->srv->intsa), 2);
|
||||||
blake2b_update(&S, SAPORT(¶m->sincr), 2);
|
mdh_update(bctx, SAADDR(¶m->sincr), SAADDRLEN(¶m->sincr));
|
||||||
blake2b_final(&S, hash, ht->hash_size);
|
mdh_update(bctx, SAPORT(¶m->sincr), 2);
|
||||||
|
mdh_final(bctx, hash, &blen);
|
||||||
|
mdh_free(bctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32};
|
struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32};
|
||||||
|
|||||||
@ -26,6 +26,11 @@
|
|||||||
#ifndef _MD4_H
|
#ifndef _MD4_H
|
||||||
#define _MD4_H
|
#define _MD4_H
|
||||||
|
|
||||||
|
#ifdef WITH_WOLFSSL
|
||||||
|
#include <wolfssl/options.h>
|
||||||
|
#include <wolfssl/openssl/md4.h>
|
||||||
|
#else
|
||||||
|
|
||||||
#include <stddef.h> /* for size_t */
|
#include <stddef.h> /* for size_t */
|
||||||
|
|
||||||
/* Any 32-bit or wider unsigned integer data type will do */
|
/* Any 32-bit or wider unsigned integer data type will do */
|
||||||
@ -44,4 +49,6 @@ extern void MD4_Init(MD4_CTX *ctx);
|
|||||||
extern void MD4_Update(MD4_CTX *ctx, const void *data, size_t size);
|
extern void MD4_Update(MD4_CTX *ctx, const void *data, size_t size);
|
||||||
extern void MD4_Final(unsigned char *result, MD4_CTX *ctx);
|
extern void MD4_Final(unsigned char *result, MD4_CTX *ctx);
|
||||||
|
|
||||||
|
#endif /* !WITH_WOLFSSL */
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -26,6 +26,11 @@
|
|||||||
#ifndef _MD5_H
|
#ifndef _MD5_H
|
||||||
#define _MD5_H
|
#define _MD5_H
|
||||||
|
|
||||||
|
#ifdef WITH_WOLFSSL
|
||||||
|
#include <wolfssl/options.h>
|
||||||
|
#include <wolfssl/openssl/md5.h>
|
||||||
|
#else
|
||||||
|
|
||||||
/* Any 32-bit or wider unsigned integer data type will do */
|
/* Any 32-bit or wider unsigned integer data type will do */
|
||||||
typedef unsigned int MD5_u32plus;
|
typedef unsigned int MD5_u32plus;
|
||||||
|
|
||||||
@ -40,4 +45,6 @@ extern void MD5_Init(MD5_CTX *ctx);
|
|||||||
extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
|
extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
|
||||||
extern void MD5_Final(unsigned char *result, MD5_CTX *ctx);
|
extern void MD5_Final(unsigned char *result, MD5_CTX *ctx);
|
||||||
|
|
||||||
|
#endif /* !WITH_WOLFSSL */
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
217
src/mdhash.c
217
src/mdhash.c
@ -4,129 +4,202 @@
|
|||||||
|
|
||||||
please read License Agreement
|
please read License Agreement
|
||||||
|
|
||||||
MD4/MD5 hash implementation.
|
MD4/MD5/BLAKE2 hash implementation.
|
||||||
- Windows: CryptoAPI (CAPI). Supports both CALG_MD4 and CALG_MD5.
|
- Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2.
|
||||||
- Other platforms: bundled public-domain MD4/MD5 (Solar Designer, 2001).
|
- wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native wc_*).
|
||||||
|
- Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference.
|
||||||
*/
|
*/
|
||||||
#include "mdhash.h"
|
#include "mdhash.h"
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
#ifdef _WIN32
|
/* ----- BLAKE2 backend selection ----- */
|
||||||
|
#ifdef WITH_WOLFSSL
|
||||||
|
#include <wolfssl/options.h>
|
||||||
|
#include <wolfssl/wolfcrypt/blake2.h>
|
||||||
|
#define MDH_BLAKE2_BACKEND_WOLFSSL
|
||||||
|
#else
|
||||||
|
#include "libs/blake2.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* ----- MD4/MD5 backend selection ----- */
|
||||||
|
#if defined(_WIN32) && !defined(WITH_WOLFSSL)
|
||||||
|
#define MDH_MD_BACKEND_CAPI
|
||||||
#define WIN32_LEAN_AND_MEAN
|
#define WIN32_LEAN_AND_MEAN
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <wincrypt.h>
|
#include <wincrypt.h>
|
||||||
|
#else
|
||||||
|
#include "libs/md4.h"
|
||||||
|
#include "libs/md5.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
struct mdh_ctx {
|
struct mdh_ctx {
|
||||||
|
mdh_alg alg;
|
||||||
|
unsigned int outlen;
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
HCRYPTPROV hProv;
|
HCRYPTPROV hProv;
|
||||||
HCRYPTHASH hHash;
|
HCRYPTHASH hHash;
|
||||||
|
#else
|
||||||
|
union {
|
||||||
|
MD4_CTX md4;
|
||||||
|
MD5_CTX md5;
|
||||||
|
} u;
|
||||||
|
#endif
|
||||||
|
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||||
|
Blake2b blake2;
|
||||||
|
#else
|
||||||
|
blake2b_state blake2;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
mdh_ctx *mdh_init(mdh_alg alg)
|
mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen)
|
||||||
{
|
{
|
||||||
mdh_ctx *c;
|
mdh_ctx *c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
|
||||||
ALG_ID alg_id;
|
|
||||||
|
|
||||||
c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
|
|
||||||
if(!c) return NULL;
|
if(!c) return NULL;
|
||||||
c->hProv = 0;
|
memset(c, 0, sizeof(*c));
|
||||||
c->hHash = 0;
|
c->alg = alg;
|
||||||
|
c->outlen = outlen;
|
||||||
|
|
||||||
|
switch(alg) {
|
||||||
|
case MDH_MD4:
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL,
|
if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL,
|
||||||
CRYPT_VERIFYCONTEXT)) {
|
CRYPT_VERIFYCONTEXT)) {
|
||||||
free(c);
|
free(c);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
if(!CryptCreateHash(c->hProv, CALG_MD4, 0, 0, &c->hHash)) {
|
||||||
alg_id = (alg == MDH_MD4) ? CALG_MD4 : CALG_MD5;
|
|
||||||
if(!CryptCreateHash(c->hProv, alg_id, 0, 0, &c->hHash)) {
|
|
||||||
CryptReleaseContext(c->hProv, 0);
|
CryptReleaseContext(c->hProv, 0);
|
||||||
free(c);
|
free(c);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
return c;
|
#else
|
||||||
}
|
|
||||||
|
|
||||||
int mdh_update(mdh_ctx *c, const void *data, unsigned int len)
|
|
||||||
{
|
|
||||||
if(!c || !c->hHash) return 0;
|
|
||||||
if(len == 0) return 1;
|
|
||||||
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen)
|
|
||||||
{
|
|
||||||
DWORD l;
|
|
||||||
BOOL ok;
|
|
||||||
|
|
||||||
if(!c || !c->hHash || !outlen) return 0;
|
|
||||||
l = (DWORD)*outlen;
|
|
||||||
ok = CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0);
|
|
||||||
if(!ok) return 0;
|
|
||||||
*outlen = (unsigned int)l;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
void mdh_free(mdh_ctx *c)
|
|
||||||
{
|
|
||||||
if(!c) return;
|
|
||||||
if(c->hHash) CryptDestroyHash(c->hHash);
|
|
||||||
if(c->hProv) CryptReleaseContext(c->hProv, 0);
|
|
||||||
free(c);
|
|
||||||
}
|
|
||||||
|
|
||||||
#else /* !_WIN32 */
|
|
||||||
|
|
||||||
#include "libs/md4.h"
|
|
||||||
#include "libs/md5.h"
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
struct mdh_ctx {
|
|
||||||
int alg; /* MDH_MD4 or MDH_MD5 */
|
|
||||||
union {
|
|
||||||
MD4_CTX md4;
|
|
||||||
MD5_CTX md5;
|
|
||||||
} u;
|
|
||||||
};
|
|
||||||
|
|
||||||
mdh_ctx *mdh_init(mdh_alg alg)
|
|
||||||
{
|
|
||||||
mdh_ctx *c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
|
|
||||||
if(!c) return NULL;
|
|
||||||
c->alg = alg;
|
|
||||||
if(alg == MDH_MD4)
|
|
||||||
MD4_Init(&c->u.md4);
|
MD4_Init(&c->u.md4);
|
||||||
else
|
#endif
|
||||||
|
break;
|
||||||
|
case MDH_MD5:
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
|
if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL,
|
||||||
|
CRYPT_VERIFYCONTEXT)) {
|
||||||
|
free(c);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
if(!CryptCreateHash(c->hProv, CALG_MD5, 0, 0, &c->hHash)) {
|
||||||
|
CryptReleaseContext(c->hProv, 0);
|
||||||
|
free(c);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#else
|
||||||
MD5_Init(&c->u.md5);
|
MD5_Init(&c->u.md5);
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
case MDH_BLAKE2:
|
||||||
|
if(!outlen || outlen > 64) {
|
||||||
|
free(c);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||||
|
if(wc_InitBlake2b(&c->blake2, outlen) != 0) {
|
||||||
|
free(c);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
if(blake2b_init(&c->blake2, outlen) != 0) {
|
||||||
|
free(c);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
free(c);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
return c;
|
return c;
|
||||||
}
|
}
|
||||||
|
|
||||||
int mdh_update(mdh_ctx *c, const void *data, unsigned int len)
|
int mdh_update(mdh_ctx *c, const void *data, unsigned int len)
|
||||||
{
|
{
|
||||||
if(!c) return 0;
|
if(!c) return 0;
|
||||||
if(c->alg == MDH_MD4)
|
if(len == 0) return 1;
|
||||||
|
switch(c->alg) {
|
||||||
|
case MDH_MD4:
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
|
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
|
||||||
|
#else
|
||||||
MD4_Update(&c->u.md4, data, (size_t)len);
|
MD4_Update(&c->u.md4, data, (size_t)len);
|
||||||
else
|
return 1;
|
||||||
|
#endif
|
||||||
|
case MDH_MD5:
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
|
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
|
||||||
|
#else
|
||||||
MD5_Update(&c->u.md5, data, (unsigned long)len);
|
MD5_Update(&c->u.md5, data, (unsigned long)len);
|
||||||
return 1;
|
return 1;
|
||||||
|
#endif
|
||||||
|
case MDH_BLAKE2:
|
||||||
|
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||||
|
return wc_Blake2bUpdate(&c->blake2, (const byte *)data, len) == 0;
|
||||||
|
#else
|
||||||
|
return blake2b_update(&c->blake2, data, len) == 0;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen)
|
int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen)
|
||||||
{
|
{
|
||||||
if(!c || !outlen) return 0;
|
if(!c || !outlen) return 0;
|
||||||
if(c->alg == MDH_MD4)
|
switch(c->alg) {
|
||||||
|
case MDH_MD4:
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
|
{
|
||||||
|
DWORD l = (DWORD)*outlen;
|
||||||
|
if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0))
|
||||||
|
return 0;
|
||||||
|
*outlen = (unsigned int)l;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
#else
|
||||||
MD4_Final(out, &c->u.md4);
|
MD4_Final(out, &c->u.md4);
|
||||||
else
|
*outlen = 16;
|
||||||
|
return 1;
|
||||||
|
#endif
|
||||||
|
case MDH_MD5:
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
|
{
|
||||||
|
DWORD l = (DWORD)*outlen;
|
||||||
|
if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0))
|
||||||
|
return 0;
|
||||||
|
*outlen = (unsigned int)l;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
#else
|
||||||
MD5_Final(out, &c->u.md5);
|
MD5_Final(out, &c->u.md5);
|
||||||
*outlen = 16;
|
*outlen = 16;
|
||||||
return 1;
|
return 1;
|
||||||
|
#endif
|
||||||
|
case MDH_BLAKE2:
|
||||||
|
if(*outlen < c->outlen) return 0;
|
||||||
|
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
|
||||||
|
if(wc_Blake2bFinal(&c->blake2, out, c->outlen) != 0)
|
||||||
|
return 0;
|
||||||
|
#else
|
||||||
|
if(blake2b_final(&c->blake2, out, c->outlen) != 0)
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
*outlen = c->outlen;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void mdh_free(mdh_ctx *c)
|
void mdh_free(mdh_ctx *c)
|
||||||
{
|
{
|
||||||
if(!c) return;
|
if(!c) return;
|
||||||
|
#ifdef MDH_MD_BACKEND_CAPI
|
||||||
|
if(c->hHash) CryptDestroyHash(c->hHash);
|
||||||
|
if(c->hProv) CryptReleaseContext(c->hProv, 0);
|
||||||
|
#endif
|
||||||
memset(c, 0, sizeof(*c));
|
memset(c, 0, sizeof(*c));
|
||||||
free(c);
|
free(c);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* _WIN32 */
|
|
||||||
|
|||||||
16
src/mdhash.h
16
src/mdhash.h
@ -4,19 +4,23 @@
|
|||||||
|
|
||||||
please read License Agreement
|
please read License Agreement
|
||||||
|
|
||||||
Internal MD4/MD5 hash abstraction.
|
Internal MD4/MD5/BLAKE2 hash abstraction.
|
||||||
- Windows: CryptoAPI (CAPI) backed, no OpenSSL dependency for these hashes.
|
- Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2.
|
||||||
- Other platforms: OpenSSL EVP backed (requires WITH_SSL).
|
- wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native).
|
||||||
|
- Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference.
|
||||||
*/
|
*/
|
||||||
#ifndef _MDHASH_H
|
#ifndef _MDHASH_H
|
||||||
#define _MDHASH_H
|
#define _MDHASH_H
|
||||||
|
|
||||||
typedef enum { MDH_MD4, MDH_MD5 } mdh_alg;
|
typedef enum { MDH_MD4, MDH_MD5, MDH_BLAKE2 } mdh_alg;
|
||||||
|
|
||||||
typedef struct mdh_ctx mdh_ctx;
|
typedef struct mdh_ctx mdh_ctx;
|
||||||
|
|
||||||
/* Returns NULL on failure. */
|
/* alg selects the hash. outlen selects digest size:
|
||||||
mdh_ctx *mdh_init(mdh_alg alg);
|
- MD4/MD5: outlen ignored (fixed 16 bytes).
|
||||||
|
- BLAKE2: outlen is the requested digest length (1..64).
|
||||||
|
Returns NULL on failure. */
|
||||||
|
mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen);
|
||||||
|
|
||||||
/* Returns 1 on success, 0 on failure. */
|
/* Returns 1 on success, 0 on failure. */
|
||||||
int mdh_update(mdh_ctx *c, const void *data, unsigned int len);
|
int mdh_update(mdh_ctx *c, const void *data, unsigned int len);
|
||||||
|
|||||||
29
src/ssl.c
29
src/ssl.c
@ -6,11 +6,20 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "structures.h"
|
#include "structures.h"
|
||||||
|
#ifdef WITH_WOLFSSL
|
||||||
|
#include <wolfssl/options.h>
|
||||||
|
#include <wolfssl/openssl/crypto.h>
|
||||||
|
#include <wolfssl/openssl/x509.h>
|
||||||
|
#include <wolfssl/openssl/pem.h>
|
||||||
|
#include <wolfssl/openssl/ssl.h>
|
||||||
|
#include <wolfssl/openssl/err.h>
|
||||||
|
#else
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
#endif
|
||||||
#include "proxy.h"
|
#include "proxy.h"
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
|
|
||||||
@ -487,7 +496,7 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
ctx = SSL_CTX_new(SSLv23_server_method());
|
ctx = SSL_CTX_new(SSLv23_server_method());
|
||||||
#else
|
#else
|
||||||
ctx = SSL_CTX_new(TLS_server_method());
|
ctx = SSL_CTX_new(TLS_server_method());
|
||||||
@ -517,14 +526,17 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
|
|||||||
if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version);
|
if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version);
|
||||||
if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version);
|
if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version);
|
||||||
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
|
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||||
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
|
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
|
||||||
|
#elif defined(WITH_WOLFSSL)
|
||||||
|
/* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */
|
||||||
|
if(config->server_ciphersuites)wolfSSL_CTX_set_cipher_list(ctx, config->server_ciphersuites);
|
||||||
#endif
|
#endif
|
||||||
if(config->server_verify){
|
if(config->server_verify){
|
||||||
if(config->server_ca_file || config->server_ca_dir){
|
if(config->server_ca_file || config->server_ca_dir){
|
||||||
SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir);
|
SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir);
|
||||||
}
|
}
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
else if(config->server_ca_store){
|
else if(config->server_ca_store){
|
||||||
SSL_CTX_load_verify_store(ctx, config->server_ca_store);
|
SSL_CTX_load_verify_store(ctx, config->server_ca_store);
|
||||||
}
|
}
|
||||||
@ -655,7 +667,7 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
|
|||||||
srv->so._poll = ssl_poll;
|
srv->so._poll = ssl_poll;
|
||||||
}
|
}
|
||||||
if(sc && (sc->mitm || sc->cli)){
|
if(sc && (sc->mitm || sc->cli)){
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||||
sc->srv_ctx = SSL_CTX_new(SSLv23_client_method());
|
sc->srv_ctx = SSL_CTX_new(SSLv23_client_method());
|
||||||
#else
|
#else
|
||||||
sc->srv_ctx = SSL_CTX_new(TLS_client_method());
|
sc->srv_ctx = SSL_CTX_new(TLS_client_method());
|
||||||
@ -671,17 +683,20 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
|
|||||||
if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version);
|
if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version);
|
||||||
if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version);
|
if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version);
|
||||||
if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list);
|
if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list);
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||||
if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites);
|
if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites);
|
||||||
|
#elif defined(WITH_WOLFSSL)
|
||||||
|
/* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */
|
||||||
|
if(sc->client_ciphersuites)wolfSSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_ciphersuites);
|
||||||
#endif
|
#endif
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10200000L
|
#if (defined(WITH_WOLFSSL) && defined(HAVE_ALPN) && LIBWOLFSSL_VERSION_HEX >= 0x03007000) || (!defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10200000L)
|
||||||
if(sc->client_alpn_protos.protos_len)SSL_CTX_set_alpn_protos(sc->srv_ctx, sc->client_alpn_protos.protos, sc->client_alpn_protos.protos_len);
|
if(sc->client_alpn_protos.protos_len)SSL_CTX_set_alpn_protos(sc->srv_ctx, sc->client_alpn_protos.protos, sc->client_alpn_protos.protos_len);
|
||||||
#endif
|
#endif
|
||||||
if(sc->client_verify){
|
if(sc->client_verify){
|
||||||
if(sc->client_ca_file || sc->client_ca_dir){
|
if(sc->client_ca_file || sc->client_ca_dir){
|
||||||
SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir);
|
SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir);
|
||||||
}
|
}
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||||
else if(sc->client_ca_store){
|
else if(sc->client_ca_store){
|
||||||
SSL_CTX_load_verify_store(sc->srv_ctx, sc->client_ca_store);
|
SSL_CTX_load_verify_store(sc->srv_ctx, sc->client_ca_store);
|
||||||
}
|
}
|
||||||
|
|||||||
11
src/ssllib.c
11
src/ssllib.c
@ -14,12 +14,22 @@
|
|||||||
#include <sys/file.h>
|
#include <sys/file.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef WITH_WOLFSSL
|
||||||
|
#include <wolfssl/options.h>
|
||||||
|
#include <wolfssl/openssl/crypto.h>
|
||||||
|
#include <wolfssl/openssl/x509.h>
|
||||||
|
#include <wolfssl/openssl/x509v3.h>
|
||||||
|
#include <wolfssl/openssl/pem.h>
|
||||||
|
#include <wolfssl/openssl/ssl.h>
|
||||||
|
#include <wolfssl/openssl/err.h>
|
||||||
|
#else
|
||||||
#include <openssl/crypto.h>
|
#include <openssl/crypto.h>
|
||||||
#include <openssl/x509.h>
|
#include <openssl/x509.h>
|
||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "proxy.h"
|
#include "proxy.h"
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
@ -103,7 +113,6 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
|
|||||||
X509 *dst_cert = NULL;
|
X509 *dst_cert = NULL;
|
||||||
|
|
||||||
EVP_PKEY *pk = NULL;
|
EVP_PKEY *pk = NULL;
|
||||||
RSA *rsa = NULL;
|
|
||||||
|
|
||||||
unsigned char hash_sha256[32];
|
unsigned char hash_sha256[32];
|
||||||
char hash_name_sha256[(16*2) + 1];
|
char hash_name_sha256[(16*2) + 1];
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user