mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
Ported minicrypto lib to OS X for PolarSSL optimization.
These scripts scripts/mac/build-minicrypto scripts/mac/build-polarssl will now build PolarSSL (on OSX) with libminicrypto linkage. Currently, only SHA1/256/512 implementations from OpenSSL are built in libminicrypto. We leave the current PolarSSL AES implementation as-is since it now implements AES-NI. Also added portable openssl/build-openssl script.
This commit is contained in:
parent
ebd47cb635
commit
074dbafa27
139
minicrypto/build-minicrypto-osx
Executable file
139
minicrypto/build-minicrypto-osx
Executable file
@ -0,0 +1,139 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
if [ -z "$O3" ]; then
|
||||
echo O3 var must point to ovpn3 tree
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$TARGET" ]; then
|
||||
echo TARGET var must be defined
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$ARCH" ]; then
|
||||
echo "ARCH var must be defined (x86_64|i386)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
[ -z "$DL" ] && DL=~/Downloads
|
||||
|
||||
. $O3/vars-$TARGET
|
||||
. $O3/lib-versions
|
||||
|
||||
DEST=minicrypto/minicrypto-$PLATFORM
|
||||
|
||||
GLOBAL_COMPILE_FLAGS="$MIN_DEPLOY_TARGET $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC"
|
||||
|
||||
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
|
||||
[ -z "$GCC_AS_CMD" ] && GCC_AS_CMD="$GCC_CMD"
|
||||
[ -z "$AR_CMD" ] && AR_CMD=ar
|
||||
|
||||
# the directory where this script lives
|
||||
H=$O3/minicrypto
|
||||
|
||||
if [ "$NO_WIPE" != "1" ]; then
|
||||
# unzip OpenSSL
|
||||
rm -rf $OPENSSL_VERSION
|
||||
tar xfz $DL/$OPENSSL_VERSION.tar.gz
|
||||
fi
|
||||
|
||||
OPENSSL_DIR=$(pwd)/$OPENSSL_VERSION
|
||||
|
||||
# make build directory
|
||||
mkdir -p minicrypto
|
||||
rm -rf minicrypto/minicrypto-$PLATFORM/$ARCH
|
||||
mkdir -p minicrypto/minicrypto-$PLATFORM/$ARCH/build.tmp
|
||||
cd minicrypto/minicrypto-$PLATFORM/$ARCH/build.tmp
|
||||
mkdir openssl
|
||||
|
||||
# copy files from OpenSSL tree
|
||||
|
||||
# AES (not necessary now that PolarSSL has AES optimizations)
|
||||
#cp $OPENSSL_DIR/crypto/aes/asm/aesni-x86_64.pl .
|
||||
|
||||
if [ "$ARCH" = "x86_64" ]; then
|
||||
# General
|
||||
cp $O3/polarssl/intel_cpu.c .
|
||||
cp $OPENSSL_DIR/crypto/perlasm/x86_64-xlate.pl .
|
||||
cp $OPENSSL_DIR/crypto/x86_64cpuid.pl .
|
||||
|
||||
# SHA general
|
||||
cp $OPENSSL_DIR/crypto/md32_common.h .
|
||||
cp $OPENSSL_DIR/crypto/sha/sha.h openssl
|
||||
|
||||
# SHA1
|
||||
cp $OPENSSL_DIR/crypto/sha/sha_locl.h .
|
||||
cp $OPENSSL_DIR/crypto/sha/sha1dgst.c .
|
||||
cp $OPENSSL_DIR/crypto/sha/asm/sha1-x86_64.pl .
|
||||
|
||||
# SHA256
|
||||
cp $OPENSSL_DIR/crypto/sha/sha256.c .
|
||||
|
||||
# SHA512
|
||||
cp $OPENSSL_DIR/crypto/sha/sha512.c .
|
||||
cp $OPENSSL_DIR/crypto/sha/asm/sha512-x86_64.pl .
|
||||
|
||||
# convert perl ASM to .s
|
||||
for f in x86_64cpuid sha1-x86_64 ; do
|
||||
perl $f.pl macosx >$f.s
|
||||
done
|
||||
perl sha512-x86_64.pl macosx sha512-x86_64.s
|
||||
perl sha512-x86_64.pl macosx sha256-x86_64.s
|
||||
elif [ "$ARCH" = "i386" ]; then
|
||||
# General
|
||||
cp $O3/polarssl/intel_cpu.c .
|
||||
cp $OPENSSL_DIR/crypto/perlasm/x86asm.pl .
|
||||
cp $OPENSSL_DIR/crypto/perlasm/x86gas.pl .
|
||||
cp $OPENSSL_DIR/crypto/x86cpuid.pl .
|
||||
|
||||
# SHA general
|
||||
cp $OPENSSL_DIR/crypto/md32_common.h .
|
||||
cp $OPENSSL_DIR/crypto/sha/sha.h openssl
|
||||
|
||||
# SHA1
|
||||
cp $OPENSSL_DIR/crypto/sha/sha_locl.h .
|
||||
cp $OPENSSL_DIR/crypto/sha/sha1dgst.c .
|
||||
cp $OPENSSL_DIR/crypto/sha/asm/sha1-586.pl .
|
||||
|
||||
# SHA256
|
||||
cp $OPENSSL_DIR/crypto/sha/sha256.c .
|
||||
cp $OPENSSL_DIR/crypto/sha/asm/sha256-586.pl .
|
||||
|
||||
# SHA512
|
||||
cp $OPENSSL_DIR/crypto/sha/sha512.c .
|
||||
cp $OPENSSL_DIR/crypto/sha/asm/sha512-586.pl .
|
||||
|
||||
# convert perl ASM to .s
|
||||
for f in x86cpuid sha1-586 sha256-586 sha512-586 ; do
|
||||
perl $f.pl macosx >$f.s
|
||||
done
|
||||
fi
|
||||
|
||||
cat >openssl/crypto.h <<EOF
|
||||
#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
|
||||
#define fips_md_init_ctx(alg, cx) int alg##_Init(cx##_CTX *c)
|
||||
void OPENSSL_cleanse(void *ptr, unsigned long len);
|
||||
#define OPENSSL_VERSION_PTEXT " minicrypto"
|
||||
EOF
|
||||
|
||||
# irrelevant headers
|
||||
touch openssl/e_os2.h
|
||||
touch openssl/opensslconf.h
|
||||
touch openssl/opensslv.h
|
||||
touch aes_locl.h
|
||||
touch cryptlib.h
|
||||
touch crypto.h
|
||||
|
||||
# build C/ASM files
|
||||
for f in *.c *.s ; do
|
||||
COMPILE_FLAGS="-arch $ARCH -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"
|
||||
CMD="$GCC_CMD $GLOBAL_COMPILE_FLAGS $COMPILE_FLAGS -I. -c $f"
|
||||
echo $CMD
|
||||
$CMD
|
||||
done
|
||||
|
||||
CMD="$AR_CMD crs ../libminicrypto.a *.o"
|
||||
echo $CMD
|
||||
$CMD
|
||||
echo SYMBOLS
|
||||
nm ../libminicrypto.a
|
||||
exit 0
|
51
openssl/build-openssl
Executable file
51
openssl/build-openssl
Executable file
@ -0,0 +1,51 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
if [ -z "$O3" ]; then
|
||||
echo O3 var must point to ovpn3 tree
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$TARGET" ]; then
|
||||
echo TARGET var must be defined
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$OPENSSL_TARGET" ]; then
|
||||
echo "OPENSSL_TARGET var must be defined"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# GNU sed differs from BSD sed
|
||||
if sed --version 2>&1 | grep -q GNU ; then
|
||||
mysed='sed -i'
|
||||
else
|
||||
mysed='sed -i ""'
|
||||
fi
|
||||
|
||||
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
|
||||
|
||||
[ -z "$LINK_MODE" ] && LINK_MODE=static
|
||||
[ "$LINK_MODE" = "static" ] && LINK_MODE=no-shared
|
||||
|
||||
[ -z "$DL" ] && DL=~/Downloads
|
||||
|
||||
. $O3/vars-$TARGET
|
||||
. $O3/lib-versions
|
||||
|
||||
OPENSSL=$OPENSSL_VERSION
|
||||
DIST=$(pwd)/openssl/openssl-$PLATFORM
|
||||
[ "$ARCH" ] && DIST=$DIST/$ARCH
|
||||
rm -rf $OPENSSL $DIST
|
||||
mkdir -p $DIST
|
||||
tar xfz $DL/$OPENSSL.tar.gz
|
||||
pushd $OPENSSL
|
||||
./Configure $OPENSSL_TARGET $LINK_MODE threads no-idea no-mdc2 no-rc5 --prefix=$DIST
|
||||
$mysed -e "s|-O3|$LIB_OPT_LEVEL $MIN_DEPLOY_TARGET $OTHER_COMPILER_FLAGS $LIB_FPIC|" Makefile
|
||||
#$mysed -e "s|ERR_load_COMP_strings()|//ERR_load_COMP_strings()|" crypto/err/err_all.c
|
||||
make CC="$GCC_CMD" -j ${MAKE_JOBS:-1} build_libs
|
||||
touch apps/openssl
|
||||
touch openssl.pc
|
||||
touch libcrypto.pc
|
||||
touch libssl.pc
|
||||
make install_sw
|
||||
popd
|
||||
|
||||
exit 0
|
23
openvpn/common/arch.hpp
Normal file
23
openvpn/common/arch.hpp
Normal file
@ -0,0 +1,23 @@
|
||||
//
|
||||
// arch.hpp
|
||||
// OpenVPN
|
||||
//
|
||||
// Copyright (c) 2014 OpenVPN Technologies, Inc. All rights reserved.
|
||||
//
|
||||
|
||||
// define an ARCH_x macro that describes our target architecture
|
||||
|
||||
#ifndef OPENVPN_COMMON_ARCH_H
|
||||
#define OPENVPN_COMMON_ARCH_H
|
||||
|
||||
#if defined(__amd64__) || defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64)
|
||||
# define OPENVPN_ARCH_x86_64
|
||||
#elif defined(__i386__) || defined(_M_IX86)
|
||||
# define OPENVPN_ARCH_i386
|
||||
#elif defined(__aarch64__) || defined(__arm64__)
|
||||
# define OPENVPN_ARCH_ARM64
|
||||
#elif defined(__arm__) || defined(_M_ARM)
|
||||
# define OPENVPN_ARCH_ARM
|
||||
#endif
|
||||
|
||||
#endif
|
@ -12,11 +12,13 @@
|
||||
|
||||
#include <string>
|
||||
|
||||
#include <openvpn/common/arch.hpp>
|
||||
|
||||
#if defined(USE_OPENSSL)
|
||||
#include <openvpn/openssl/util/engine.hpp>
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
#if defined(USE_MINICRYPTO) && (defined(OPENVPN_ARCH_x86_64) || defined(OPENVPN_ARCH_i386))
|
||||
extern "C" {
|
||||
void OPENSSL_cpuid_setup();
|
||||
}
|
||||
@ -28,12 +30,10 @@ namespace openvpn {
|
||||
{
|
||||
#if defined(USE_OPENSSL)
|
||||
openssl_setup_engine(engine);
|
||||
#elif defined(USE_MINICRYPTO) && (defined(OPENVPN_ARCH_x86_64) || defined(OPENVPN_ARCH_i386))
|
||||
OPENSSL_cpuid_setup();
|
||||
#endif
|
||||
}
|
||||
|
||||
#if 0
|
||||
OPENSSL_cpuid_setup();
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -5,7 +5,7 @@
|
||||
# AES_NI=1 -- enable AES_NI processor optimization
|
||||
# EXTERNAL_RNG=1 -- disable all internal RNG implementations (caller must provide)
|
||||
# ENABLE_TESTING=1 -- run PolarSSL test scripts after build
|
||||
# DEBUG_BUILD=1 -- enable minimal testing on target
|
||||
# DEBUG_BUILD=1 or SELF_TEST=1 -- enable minimal testing on target
|
||||
# ENABLE_SERVER=1 -- enable SSL/TLS server code
|
||||
# ENABLE_FS_IO=1 -- enable PolarSSL file I/O
|
||||
# VERBOSE=1 -- see build commands
|
||||
@ -88,7 +88,7 @@ if [ "$ENABLE_TESTING" = "1" ]; then
|
||||
fi
|
||||
|
||||
# enable minimal testing on target
|
||||
if [ "$DEBUG_BUILD" = "1" ]; then
|
||||
if [ "$DEBUG_BUILD" = "1" ] || [ "$SELF_TEST" = "1" ]; then
|
||||
echo "#define POLARSSL_SELF_TEST" >>$OPC
|
||||
fi
|
||||
|
||||
@ -99,7 +99,7 @@ elif [ "$APPLE_FAMILY" = "1" ]; then
|
||||
OPT="$OPT -DCMAKE_TOOLCHAIN_FILE=$PD/apple.cmake"
|
||||
fi
|
||||
|
||||
# OpenSSL
|
||||
# Minicrypto
|
||||
if [ "$USE_MINICRYPTO" = "1" ]; then
|
||||
OPT="$OPT -DMINICRYPTO=1"
|
||||
if [ "$MINICRYPTO_DIR" ]; then
|
||||
@ -108,11 +108,13 @@ if [ "$USE_MINICRYPTO" = "1" ]; then
|
||||
if [ "$OSSLCRYPTO_DIR" ]; then
|
||||
OPT="$OPT -DOSSLCRYPTO_DIR=$OSSLCRYPTO_DIR"
|
||||
fi
|
||||
echo "#define POLARSSL_AES_ALT" >>$OPC
|
||||
if [ "$MINICRYPTO_NO_AES" != "1" ]; then
|
||||
echo "#define POLARSSL_AES_ALT" >>$OPC
|
||||
fi
|
||||
echo "#define POLARSSL_SHA1_ALT" >>$OPC
|
||||
echo "#define POLARSSL_SHA2_ALT" >>$OPC
|
||||
echo "#define POLARSSL_SHA4_ALT" >>$OPC
|
||||
if [ "$AES_NI" = "1" ]; then
|
||||
echo "#define POLARSSL_SHA256_ALT" >>$OPC
|
||||
echo "#define POLARSSL_SHA512_ALT" >>$OPC
|
||||
if [ "$AES_NI" = "1" ] && [ "$MINICRYPTO_NO_AES" != "1" ]; then
|
||||
echo "#define POLARSSL_USE_OPENSSL_AES_NI" >>$OPC
|
||||
fi
|
||||
fi
|
||||
@ -152,5 +154,4 @@ fi
|
||||
|
||||
# copy headers
|
||||
cp -a ../$POLARSSL_VERSION/include/polarssl include/
|
||||
|
||||
exit 0
|
||||
|
@ -917,7 +917,10 @@
|
||||
*
|
||||
* This modules adds support for the AES-NI instructions on x86-64
|
||||
*/
|
||||
// JY added
|
||||
#ifndef POLARSSL_AES_ALT
|
||||
#define POLARSSL_AESNI_C
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \def POLARSSL_AES_C
|
||||
|
@ -245,19 +245,19 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha1_alt.h polarssl.new/include/polars
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polarssl/sha2_alt.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha2_alt.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/sha2_alt.h 2013-06-07 17:43:56.000000000 -0600
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha256_alt.h polarssl.new/include/polarssl/sha256_alt.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha256_alt.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/sha256_alt.h 2013-06-07 17:43:56.000000000 -0600
|
||||
@@ -0,0 +1,71 @@
|
||||
+/*
|
||||
+ * Use OpenSSL implementation of SHA2 methods to get asm and hardware acceleration.
|
||||
+ * Don't include this file directly, it is included by sha2.h when
|
||||
+ * POLARSSL_SHA2_ALT is defined.
|
||||
+ * Use OpenSSL implementation of SHA256 methods to get asm and hardware acceleration.
|
||||
+ * Don't include this file directly, it is included by sha256.h when
|
||||
+ * POLARSSL_SHA256_ALT is defined.
|
||||
+ */
|
||||
+
|
||||
+#include "polarssl/sha_openssl.h"
|
||||
+
|
||||
+struct openssl_sha2_context {
|
||||
+struct openssl_sha256_context {
|
||||
+ SHA_LONG h[8];
|
||||
+ SHA_LONG Nl,Nh;
|
||||
+ SHA_LONG data[SHA_LBLOCK];
|
||||
@ -266,29 +266,29 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
|
||||
+
|
||||
+typedef struct
|
||||
+{
|
||||
+ struct openssl_sha2_context octx;
|
||||
+ struct openssl_sha256_context octx;
|
||||
+
|
||||
+ unsigned char ipad[64]; /*!< HMAC: inner padding */
|
||||
+ unsigned char opad[64]; /*!< HMAC: outer padding */
|
||||
+ int is224; /*!< 0 => SHA-256, else SHA-224 */
|
||||
+}
|
||||
+sha2_context;
|
||||
+sha256_context;
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+extern "C" {
|
||||
+#endif
|
||||
+
|
||||
+int SHA224_Init(struct openssl_sha2_context *c);
|
||||
+int SHA224_Update(struct openssl_sha2_context *c, const void *data, size_t len);
|
||||
+int SHA224_Final(unsigned char *md, struct openssl_sha2_context *c);
|
||||
+int SHA224_Init(struct openssl_sha256_context *c);
|
||||
+int SHA224_Update(struct openssl_sha256_context *c, const void *data, size_t len);
|
||||
+int SHA224_Final(unsigned char *md, struct openssl_sha256_context *c);
|
||||
+
|
||||
+int SHA256_Init(struct openssl_sha2_context *c);
|
||||
+int SHA256_Update(struct openssl_sha2_context *c, const void *data, size_t len);
|
||||
+int SHA256_Final(unsigned char *md, struct openssl_sha2_context *c);
|
||||
+int SHA256_Init(struct openssl_sha256_context *c);
|
||||
+int SHA256_Update(struct openssl_sha256_context *c, const void *data, size_t len);
|
||||
+int SHA256_Final(unsigned char *md, struct openssl_sha256_context *c);
|
||||
+
|
||||
+void sha256_block_data_order(struct openssl_sha2_context *c, const void *p, size_t num);
|
||||
+void sha256_block_data_order(struct openssl_sha256_context *c, const void *p, size_t num);
|
||||
+
|
||||
+static inline void sha2_starts( sha2_context *ctx, int is224 )
|
||||
+static inline void sha256_starts( sha256_context *ctx, int is224 )
|
||||
+{
|
||||
+ if ((ctx->is224 = is224))
|
||||
+ SHA224_Init(&ctx->octx);
|
||||
@ -296,7 +296,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
|
||||
+ SHA256_Init(&ctx->octx);
|
||||
+}
|
||||
+
|
||||
+static inline void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen )
|
||||
+static inline void sha256_update( sha256_context *ctx, const unsigned char *input, size_t ilen )
|
||||
+{
|
||||
+ if (ctx->is224)
|
||||
+ SHA224_Update(&ctx->octx, input, ilen);
|
||||
@ -304,7 +304,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
|
||||
+ SHA256_Update(&ctx->octx, input, ilen);
|
||||
+}
|
||||
+
|
||||
+static inline void sha2_finish( sha2_context *ctx, unsigned char output[32] )
|
||||
+static inline void sha256_finish( sha256_context *ctx, unsigned char output[32] )
|
||||
+{
|
||||
+ if (ctx->is224)
|
||||
+ SHA224_Final(output, &ctx->octx);
|
||||
@ -312,7 +312,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
|
||||
+ SHA256_Final(output, &ctx->octx);
|
||||
+}
|
||||
+
|
||||
+static inline void sha2_process( sha2_context *ctx, const unsigned char data[64] )
|
||||
+static inline void sha256_process( sha256_context *ctx, const unsigned char data[64] )
|
||||
+{
|
||||
+ sha256_block_data_order(&ctx->octx, data, 1);
|
||||
+}
|
||||
@ -320,19 +320,19 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polarssl/sha4_alt.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha4_alt.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/sha4_alt.h 2013-06-07 17:43:56.000000000 -0600
|
||||
@@ -0,0 +1,67 @@
|
||||
diff -uNr polarssl-1.2.7/include/polarssl/sha512_alt.h polarssl.new/include/polarssl/sha512_alt.h
|
||||
--- polarssl-1.2.7/include/polarssl/sha512_alt.h 1969-12-31 17:00:00.000000000 -0700
|
||||
+++ polarssl.new/include/polarssl/sha512_alt.h 2013-06-07 17:43:56.000000000 -0600
|
||||
@@ -0,0 +1,74 @@
|
||||
+/*
|
||||
+ * Use OpenSSL implementation of SHA4 methods to get asm and hardware acceleration.
|
||||
+ * Don't include this file directly, it is included by sha4.h when
|
||||
+ * POLARSSL_SHA4_ALT is defined.
|
||||
+ * Use OpenSSL implementation of SHA512 methods to get asm and hardware acceleration.
|
||||
+ * Don't include this file directly, it is included by sha512.h when
|
||||
+ * POLARSSL_SHA512_ALT is defined.
|
||||
+ */
|
||||
+
|
||||
+#include "polarssl/sha_openssl.h"
|
||||
+
|
||||
+struct openssl_sha4_context {
|
||||
+struct openssl_sha512_context {
|
||||
+ SHA_LONG64 h[8];
|
||||
+ SHA_LONG64 Nl,Nh;
|
||||
+ union {
|
||||
@ -344,27 +344,29 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
|
||||
+
|
||||
+typedef struct
|
||||
+{
|
||||
+ struct openssl_sha4_context octx;
|
||||
+ struct openssl_sha512_context octx;
|
||||
+
|
||||
+ unsigned char ipad[128]; /*!< HMAC: inner padding */
|
||||
+ unsigned char opad[128]; /*!< HMAC: outer padding */
|
||||
+ int is384; /*!< 0 => SHA-512, else SHA-384 */
|
||||
+}
|
||||
+sha4_context;
|
||||
+sha512_context;
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+extern "C" {
|
||||
+#endif
|
||||
+
|
||||
+int SHA384_Init(struct openssl_sha4_context *c);
|
||||
+int SHA384_Update(struct openssl_sha4_context *c, const void *data, size_t len);
|
||||
+int SHA384_Final(unsigned char *md, struct openssl_sha4_context *c);
|
||||
+int SHA384_Init(struct openssl_sha512_context *c);
|
||||
+int SHA384_Update(struct openssl_sha512_context *c, const void *data, size_t len);
|
||||
+int SHA384_Final(unsigned char *md, struct openssl_sha512_context *c);
|
||||
+
|
||||
+int SHA512_Init(struct openssl_sha4_context *c);
|
||||
+int SHA512_Update(struct openssl_sha4_context *c, const void *data, size_t len);
|
||||
+int SHA512_Final(unsigned char *md, struct openssl_sha4_context *c);
|
||||
+int SHA512_Init(struct openssl_sha512_context *c);
|
||||
+int SHA512_Update(struct openssl_sha512_context *c, const void *data, size_t len);
|
||||
+int SHA512_Final(unsigned char *md, struct openssl_sha512_context *c);
|
||||
+
|
||||
+static inline void sha4_starts( sha4_context *ctx, int is384 )
|
||||
+void sha512_block_data_order(struct openssl_sha512_context *c, const void *p, size_t num);
|
||||
+
|
||||
+static inline void sha512_starts( sha512_context *ctx, int is384 )
|
||||
+{
|
||||
+ if ((ctx->is384 = is384))
|
||||
+ SHA384_Init(&ctx->octx);
|
||||
@ -372,7 +374,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
|
||||
+ SHA512_Init(&ctx->octx);
|
||||
+}
|
||||
+
|
||||
+static inline void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen )
|
||||
+static inline void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen )
|
||||
+{
|
||||
+ if (ctx->is384)
|
||||
+ SHA384_Update(&ctx->octx, input, ilen);
|
||||
@ -380,7 +382,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
|
||||
+ SHA512_Update(&ctx->octx, input, ilen);
|
||||
+}
|
||||
+
|
||||
+static inline void sha4_finish( sha4_context *ctx, unsigned char output[64] )
|
||||
+static inline void sha512_finish( sha512_context *ctx, unsigned char output[64] )
|
||||
+{
|
||||
+ if (ctx->is384)
|
||||
+ SHA384_Final(output, &ctx->octx);
|
||||
@ -388,6 +390,11 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
|
||||
+ SHA512_Final(output, &ctx->octx);
|
||||
+}
|
||||
+
|
||||
+static inline void sha512_process( sha512_context *ctx, const unsigned char data[128] )
|
||||
+{
|
||||
+ sha512_block_data_order(&ctx->octx, data, 1);
|
||||
+}
|
||||
+
|
||||
+#ifdef __cplusplus
|
||||
+}
|
||||
+#endif
|
||||
|
@ -91,7 +91,8 @@ if [ "$PSSL" = "1" ]; then
|
||||
LIBDIRS="$LIBDIRS -L$DEP_DIR/polarssl/polarssl-$PLATFORM$DBG_DIR_SUFFIX/library"
|
||||
if [ "$MINI" = "1" ]; then
|
||||
LIBS="$LIBS -lminicrypto"
|
||||
LIBDIRS="$LIBDIRS -L$DEP_DIR/openssl/openssl-$PLATFORM/lib"
|
||||
LIBDIRS="$LIBDIRS -L$DEP_DIR/minicrypto/minicrypto-$PLATFORM"
|
||||
CPPFLAGS="$CPPFLAGS -DUSE_MINICRYPTO"
|
||||
NOSSL=1
|
||||
fi
|
||||
fi
|
||||
|
@ -1,30 +1,28 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
if [ -z "$O3" ]; then
|
||||
echo O3 var must point to ovpn3 tree
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$1" ]; then
|
||||
echo "usage: build-openssl x64|arm"
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$O3" ]; then
|
||||
echo O3 var must point to ovpn3 tree
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$DEP_DIR" ]; then
|
||||
echo DEP_DIR var must point to ovpn3 dependency tree
|
||||
exit 1
|
||||
fi
|
||||
cd $DEP_DIR
|
||||
|
||||
[ -z "$LINK_MODE" ] && LINK_MODE=static
|
||||
[ "$LINK_MODE" = "static" ] && LINK_MODE=no-shared
|
||||
rm -rf openssl
|
||||
mkdir openssl
|
||||
|
||||
case $1 in
|
||||
x64*)
|
||||
OPENSSL_TARGET=linux-x86_64
|
||||
JOBS=4
|
||||
export OPENSSL_TARGET=linux-x86_64
|
||||
;;
|
||||
arm*)
|
||||
OPENSSL_TARGET=linux-armv4
|
||||
JOBS=1
|
||||
export OPENSSL_TARGET=linux-armv4
|
||||
;;
|
||||
*)
|
||||
echo "unknown platform"
|
||||
@ -32,19 +30,5 @@ arm*)
|
||||
;;
|
||||
esac
|
||||
|
||||
. $O3/lib-versions
|
||||
export DIST=$(pwd)/openssl/openssl-linux
|
||||
rm -rf $OPENSSL_VERSION $DIST
|
||||
mkdir -p $DIST
|
||||
tar xfz $DL/$OPENSSL_VERSION.tar.gz
|
||||
cd $OPENSSL_VERSION
|
||||
. $O3/vars-linux
|
||||
./Configure $OPENSSL_TARGET $LINK_MODE threads no-idea no-mdc2 no-rc5 --prefix=$DIST
|
||||
sed -i -e "s|-O3|$PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_FPIC $LIB_OPT_LEVEL|" Makefile
|
||||
make -j $JOBS build_libs
|
||||
touch apps/openssl
|
||||
touch openssl.pc
|
||||
touch libcrypto.pc
|
||||
touch libssl.pc
|
||||
make install_sw
|
||||
TARGET=linux $O3/openssl/build-openssl
|
||||
exit 0
|
||||
|
@ -9,8 +9,10 @@ cd $DEP_DIR
|
||||
rm -rf boost* lz4* lzo* minicrypto openssl* polarssl* snappy*
|
||||
echo "******* BOOST"
|
||||
$O3/scripts/mac/build-boost
|
||||
echo "******* MINICRYPTO"
|
||||
$O3/scripts/mac/build-minicrypto
|
||||
echo "******* POLARSSL"
|
||||
$O3/scripts/mac/build-polarssl
|
||||
OSX_SERVER=0 $O3/scripts/mac/build-polarssl
|
||||
echo "******* SNAPPY"
|
||||
$O3/scripts/mac/build-snappy
|
||||
echo "******* LZ4"
|
||||
|
@ -15,8 +15,14 @@ cd $DEP_DIR
|
||||
rm -rf minicrypto
|
||||
mkdir minicrypto
|
||||
|
||||
for target in ios-dbg ios ; do
|
||||
echo '***************' TARGET $target
|
||||
TARGET=$target $O3/minicrypto/build-minicrypto
|
||||
for target in osx osx-dbg ; do
|
||||
echo '***************' Minicrypto-32 $target
|
||||
TARGET=$target ARCH=i386 $O3/minicrypto/build-minicrypto-osx
|
||||
echo '***************' Minicrypto-64 $target
|
||||
TARGET=$target ARCH=x86_64 $O3/minicrypto/build-minicrypto-osx
|
||||
cd minicrypto/minicrypto-$target
|
||||
lipo -create */libminicrypto.a -output libminicrypto.a
|
||||
lipo -info libminicrypto.a
|
||||
cd ../..
|
||||
done
|
||||
exit 0
|
||||
|
33
scripts/mac/build-openssl
Executable file
33
scripts/mac/build-openssl
Executable file
@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
[ "$DEP_DIR" ] && cd $DEP_DIR
|
||||
if [ -z "$O3" ]; then
|
||||
echo O3 var must point to ovpn3 tree
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$DEP_DIR" ]; then
|
||||
echo DEP_DIR var must point to ovpn3 dependency tree
|
||||
exit 1
|
||||
fi
|
||||
cd $DEP_DIR
|
||||
|
||||
rm -rf openssl
|
||||
mkdir openssl
|
||||
|
||||
for target in osx ; do
|
||||
echo '***************' OpenSSL-32 $target
|
||||
TARGET=$target OPENSSL_TARGET=darwin-i386-cc ARCH=i386 $O3/openssl/build-openssl
|
||||
echo '***************' OpenSSL-64 $target
|
||||
TARGET=$target OPENSSL_TARGET=darwin64-x86_64-cc ARCH=x86_64 $O3/openssl/build-openssl
|
||||
cd openssl/openssl-$target
|
||||
cp -a x86_64/include .
|
||||
rm include/openssl/opensslconf.h # contains 32/64-bit specific references
|
||||
for l in libcrypto.a libssl.a ; do
|
||||
lipo -create */lib/$l -output $l
|
||||
done
|
||||
mkdir lib
|
||||
mv *.a lib
|
||||
cd ../..
|
||||
done
|
||||
exit 0
|
@ -1,37 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
if [ -z "$O3" ]; then
|
||||
echo O3 var must point to ovpn3 tree
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$DEP_DIR" ]; then
|
||||
echo DEP_DIR var must point to ovpn3 dependency tree
|
||||
exit 1
|
||||
fi
|
||||
cd $DEP_DIR
|
||||
. $O3/lib-versions
|
||||
[ -z "$DL" ] && DL=~/Downloads
|
||||
rm -rf openssl
|
||||
mkdir openssl
|
||||
for TARGET in osx ; do
|
||||
. $O3/vars-$TARGET
|
||||
export OPENSSL=$OPENSSL_VERSION
|
||||
export DIST=$(pwd)/openssl-$PLATFORM
|
||||
rm -rf $OPENSSL $DIST
|
||||
tar xfz $DL/$OPENSSL.tar.gz
|
||||
pushd $OPENSSL
|
||||
OSSL_FLAGS="no-shared threads no-idea no-mdc2 no-rc5 no-engine no-comp no-hw no-ssl2 no-ssl3 no-zlib no-rc2 no-cast no-md2 no-ripemd no-camellia no-seed no-krb5 no-socks no-ecdsa no-ec no-ecdh no-md2 no-whirlpool no-dsa no-cms no-jpake no-gost"
|
||||
#OSSL_FLAGS="no-shared threads no-comp no-zlib"
|
||||
./Configure $OPENSSL_TARGET $OSSL_FLAGS --prefix=$DIST
|
||||
sed -i "" -e "s|-O3|$LIB_OPT_LEVEL $PLATFORM_FLAGS|" Makefile
|
||||
sed -i "" -e "s|ERR_load_COMP_strings()|//ERR_load_COMP_strings()|" crypto/err/err_all.c
|
||||
make CC="clang" -j 4 build_libs
|
||||
touch apps/openssl
|
||||
touch openssl.pc
|
||||
touch libcrypto.pc
|
||||
touch libssl.pc
|
||||
make install_sw
|
||||
popd
|
||||
mv $DIST openssl
|
||||
done
|
||||
exit 0
|
@ -11,9 +11,6 @@ if [ -z "$DEP_DIR" ]; then
|
||||
fi
|
||||
cd $DEP_DIR
|
||||
|
||||
mini=0
|
||||
#[ "$DISABLE_MINICRYPTO" = "1" ] && mini=0
|
||||
|
||||
rm -rf polarssl
|
||||
mkdir polarssl
|
||||
|
||||
@ -21,7 +18,7 @@ if [ "$OSX_ONLY" != "1" ]; then
|
||||
# for ios, build with minicrypto
|
||||
for target in ios-dbg ios ; do
|
||||
echo '***************' TARGET $target
|
||||
VERBOSE=1 TARGET=$target USE_MINICRYPTO=$mini MINICRYPTO_DIR=$(pwd)/minicrypto/minicrypto-$target $O3/polarssl/build-polarssl
|
||||
VERBOSE=1 TARGET=$target USE_MINICRYPTO=0 $O3/polarssl/build-polarssl
|
||||
mv polarssl-$target polarssl
|
||||
[ "$IOS_DBG_ONLY" = "1" ] && exit
|
||||
done
|
||||
@ -35,11 +32,11 @@ if [ "$OSX_ONLY" != "1" ]; then
|
||||
fi
|
||||
|
||||
# osx
|
||||
[ -z "$OSX_MINICRYPTO" ] && OSX_MINICRYPTO=0
|
||||
[ -z "$OSX_MINICRYPTO" ] && OSX_MINICRYPTO=1
|
||||
[ -z "$OSX_SERVER" ] && OSX_SERVER=1
|
||||
for target in osx osx-dbg ; do
|
||||
echo '***************' TARGET $target
|
||||
VERBOSE=1 TARGET=$target USE_MINICRYPTO=$OSX_MINICRYPTO ENABLE_SERVER=$OSX_SERVER $O3/polarssl/build-polarssl
|
||||
VERBOSE=1 TARGET=$target USE_MINICRYPTO=$OSX_MINICRYPTO MINICRYPTO_NO_AES=1 ENABLE_SERVER=$OSX_SERVER $O3/polarssl/build-polarssl
|
||||
mv polarssl-$target polarssl/
|
||||
done
|
||||
exit 0
|
||||
|
@ -1,17 +1,17 @@
|
||||
Build on Mac:
|
||||
|
||||
With PolarSSL:
|
||||
GCC_EXTRA="-ferror-limit=4" STRIP=1 PSSL=1 SNAP=1 LZ4=1 build cli
|
||||
GCC_EXTRA="-ferror-limit=4" STRIP=1 PSSL=1 MINI=1 SNAP=1 LZ4=1 build cli
|
||||
|
||||
With PolarSSL and C++11 for optimized move constructors:
|
||||
GCC_EXTRA="-ferror-limit=4 -std=c++11" STRIP=1 PSSL=1 SNAP=1 LZ4=1 build cli
|
||||
|
||||
With PolarSSL/AppleCrypto hybrid:
|
||||
GCC_EXTRA="-ferror-limit=4" STRIP=1 HYBRID=1 SNAP=1 LZ4=1 build cli
|
||||
GCC_EXTRA="-ferror-limit=4 -std=c++11" STRIP=1 PSSL=1 MINI=1 SNAP=1 LZ4=1 build cli
|
||||
|
||||
With OpenSSL:
|
||||
GCC_EXTRA="-ferror-limit=4" STRIP=1 OSSL=1 SNAP=1 LZ4=1 build cli
|
||||
|
||||
With PolarSSL/AppleCrypto hybrid:
|
||||
GCC_EXTRA="-ferror-limit=4" STRIP=1 HYBRID=1 SNAP=1 LZ4=1 build cli
|
||||
|
||||
Build on Linux:
|
||||
|
||||
With OpenSSL:
|
||||
|
@ -1,41 +1,44 @@
|
||||
Building proto.cpp sample:
|
||||
|
||||
On Mac:
|
||||
On Mac/Linux:
|
||||
|
||||
Build with PolarSSL client and server + minicrypto lib:
|
||||
|
||||
PSSL=1 MINI=1 build proto
|
||||
|
||||
Build with PolarSSL client and server (no ASM crypto algs):
|
||||
|
||||
GCC_EXTRA="-ferror-limit=4 -DUSE_POLARSSL_SERVER" PSSL=1 SNAP=1 LZ4=1 build proto
|
||||
|
||||
Build with PolarSSL client and OpenSSL server:
|
||||
|
||||
GCC_EXTRA="-ferror-limit=4 -Wno-deprecated-declarations" PSSL=1 SNAP=1 LZ4=1 OSSL=1 build proto
|
||||
|
||||
On Linux:
|
||||
PSSL=1 build proto
|
||||
|
||||
Build with OpenSSL client and server:
|
||||
|
||||
build proto
|
||||
OSSL=1 build proto
|
||||
|
||||
Build with PolarSSL client and OpenSSL server:
|
||||
|
||||
PSSL=1 build proto
|
||||
|
||||
Build with PolarSSL client and server:
|
||||
|
||||
GCC_EXTRA="-DUSE_POLARSSL_SERVER" PSSL=1 build proto
|
||||
PSSL=1 OSSL=1 build proto
|
||||
|
||||
Variations:
|
||||
|
||||
To simulate more data-channel activity and less SSL renegotiations
|
||||
(RENEG default is 90):
|
||||
To simulate less data-channel activity and more SSL renegotiations
|
||||
(RENEG default is 900):
|
||||
|
||||
GCC_EXTRA="-DRENEG=900" build proto
|
||||
GCC_EXTRA="-DRENEG=90" build proto
|
||||
|
||||
For verbose output, lower the number of xmit/recv iterations by defining
|
||||
ITER to be 10000 or less, e.g.
|
||||
|
||||
GCC_EXTRA="-DITER=1000" build proto
|
||||
|
||||
Crypto self-test (PolarSSL must be built with DEBUG_BUILD=1 or SELF_TEST=1):
|
||||
|
||||
./proto test
|
||||
|
||||
Caveats:
|
||||
|
||||
When using PolarSSL as both client and server, make sure to build
|
||||
PolarSSL on Mac OS X with OSX_SERVER=1.
|
||||
|
||||
Typical output:
|
||||
|
||||
$ time ./proto
|
||||
|
@ -29,7 +29,7 @@
|
||||
|
||||
// how many virtual seconds between SSL renegotiations
|
||||
#ifndef RENEG
|
||||
#define RENEG 90
|
||||
#define RENEG 900
|
||||
#endif
|
||||
|
||||
// number of threads to use for test
|
||||
@ -82,6 +82,21 @@
|
||||
#include <openvpn/ssl/proto.hpp>
|
||||
#include <openvpn/init/initprocess.hpp>
|
||||
|
||||
#if !(defined(USE_OPENSSL) || defined(USE_POLARSSL) || defined(USE_APPLE_SSL))
|
||||
#error Must define one or more of USE_OPENSSL, USE_POLARSSL, USE_APPLE_SSL.
|
||||
#endif
|
||||
|
||||
#if defined(USE_OPENSSL) && (defined(USE_POLARSSL) || defined(USE_APPLE_SSL))
|
||||
#undef USE_OPENSSL
|
||||
#define USE_OPENSSL_SERVER
|
||||
#elif !defined(USE_OPENSSL) && defined(USE_POLARSSL)
|
||||
#define USE_POLARSSL_SERVER
|
||||
#elif defined(USE_OPENSSL) && !defined(USE_POLARSSL)
|
||||
#define USE_OPENSSL_SERVER
|
||||
#else
|
||||
#error no server setup
|
||||
#endif
|
||||
|
||||
#if defined(USE_OPENSSL) || defined(USE_OPENSSL_SERVER)
|
||||
#include <openvpn/openssl/util/init.hpp>
|
||||
|
||||
@ -120,15 +135,17 @@
|
||||
|
||||
using namespace openvpn;
|
||||
|
||||
// server Crypto/SSL/Rand implementation (usually OpenSSL-based)
|
||||
// server Crypto/SSL/Rand implementation
|
||||
#if defined(USE_POLARSSL_SERVER)
|
||||
typedef PolarSSLCryptoAPI ServerCryptoAPI;
|
||||
typedef PolarSSLContext<PolarSSLRandom> ServerSSLAPI;
|
||||
typedef PolarSSLRandom ServerRandomAPI;
|
||||
#else // if defined(USE_OPENSSL_SERVER)
|
||||
#elif defined(USE_OPENSSL_SERVER)
|
||||
typedef OpenSSLCryptoAPI ServerCryptoAPI;
|
||||
typedef OpenSSLContext ServerSSLAPI;
|
||||
typedef OpenSSLRandom ServerRandomAPI;
|
||||
#else
|
||||
#error No server SSL implementation defined
|
||||
#endif
|
||||
|
||||
// client SSL implementation can be OpenSSL, Apple SSL, or PolarSSL
|
||||
@ -861,11 +878,17 @@ int test(const int thread_num)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int main(int /*argc*/, char* /*argv*/[])
|
||||
int main(int argc, char* argv[])
|
||||
{
|
||||
// process-wide initialization
|
||||
InitProcess::init();
|
||||
SelfTest::crypto_self_test();
|
||||
|
||||
if (argc >= 2 && !strcmp(argv[1], "test"))
|
||||
{
|
||||
const std::string out = SelfTest::crypto_self_test();
|
||||
OPENVPN_LOG(out);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if N_THREADS >= 2 && OPENVPN_MULTITHREAD
|
||||
boost::thread* threads[N_THREADS];
|
||||
|
@ -1,2 +1,2 @@
|
||||
#define RENEG 900
|
||||
//#define RENEG 900
|
||||
//#define ITER 1000
|
||||
|
@ -1,8 +1,6 @@
|
||||
export JAVA_DIR=/usr/lib/jvm/java-7-openjdk-amd64
|
||||
[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/linux
|
||||
export PLATFORM=linux
|
||||
export LIB_OPT_LEVEL="-O3"
|
||||
export LIB_FPIC=""
|
||||
export OTHER_COMPILER_FLAGS=""
|
||||
export LIB_OPT_LEVEL="-O3"
|
||||
export LIB_FPIC="-fPIC"
|
||||
export LIB_FPIC=""
|
||||
|
4
vars-osx
4
vars-osx
@ -3,8 +3,8 @@ export DEP_DIR=$HOME/src/mac
|
||||
export APPLE_FAMILY=1
|
||||
export GPP_CMD=clang++
|
||||
export GCC_CMD=clang
|
||||
export PLATFORM_FLAGS="-arch x86_64 -arch i386 -mmacosx-version-min=10.6"
|
||||
export MIN_DEPLOY_TARGET="-mmacosx-version-min=10.6"
|
||||
export PLATFORM_FLAGS="-arch x86_64 -arch i386 $MIN_DEPLOY_TARGET"
|
||||
export OTHER_COMPILER_FLAGS="-fvisibility=hidden -fvisibility-inlines-hidden"
|
||||
export LIB_OPT_LEVEL="-O3"
|
||||
export LIB_FPIC=""
|
||||
export OPENSSL_TARGET=darwin64-x86_64-cc
|
||||
|
@ -4,7 +4,8 @@ export APPLE_FAMILY=1
|
||||
export DEBUG_BUILD=1
|
||||
export GPP_CMD=clang++
|
||||
export GCC_CMD=clang
|
||||
export PLATFORM_FLAGS="-arch x86_64 -arch i386 -mmacosx-version-min=10.6"
|
||||
export MIN_DEPLOY_TARGET="-mmacosx-version-min=10.6"
|
||||
export PLATFORM_FLAGS="-arch x86_64 -arch i386 $MIN_DEPLOY_TARGET"
|
||||
export OTHER_COMPILER_FLAGS="-g"
|
||||
export LIB_OPT_LEVEL="-O0"
|
||||
export LIB_FPIC=""
|
||||
|
@ -1,11 +1,11 @@
|
||||
unset PLATFORM
|
||||
unset PLATFORM_FLAGS
|
||||
unset MIN_DEPLOY_TARGET
|
||||
unset OTHER_COMPILER_FLAGS
|
||||
unset IOS_SDK
|
||||
unset BOOST_DIR
|
||||
unset BOOST_STAGE
|
||||
unset OPENSSL_DIR
|
||||
unset OPENSSL_TARGET
|
||||
unset SNAPPY_DIR
|
||||
unset LZ4_DIR
|
||||
unset JAVA_DIR
|
||||
|
Loading…
Reference in New Issue
Block a user