mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 04:02:15 +02:00
Code

Ported minicrypto lib to OS X for PolarSSL optimization.

Browse Source 
These scripts

  scripts/mac/build-minicrypto
  scripts/mac/build-polarssl

will now build PolarSSL (on OSX) with libminicrypto linkage.
Currently, only SHA1/256/512 implementations from OpenSSL are
built in libminicrypto.  We leave the current PolarSSL AES
implementation as-is since it now implements AES-NI.

Also added portable openssl/build-openssl script.
This commit is contained in:
James Yonan 2014-03-04 17:42:00 -07:00
parent ebd47cb635
commit 074dbafa27
22 changed files with 395 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
minicrypto/build-minicrypto-osx Executable file
View File

@ -0,0 +1,139 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
if [ -z "$ARCH" ]; then
echo "ARCH var must be defined (x86_64|i386)"
exit 1
fi
[ -z "$DL" ] && DL=~/Downloads
. $O3/vars-$TARGET
. $O3/lib-versions
DEST=minicrypto/minicrypto-$PLATFORM
GLOBAL_COMPILE_FLAGS="$MIN_DEPLOY_TARGET $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC"
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
[ -z "$GCC_AS_CMD" ] && GCC_AS_CMD="$GCC_CMD"
[ -z "$AR_CMD" ] && AR_CMD=ar
# the directory where this script lives
H=$O3/minicrypto
if [ "$NO_WIPE" != "1" ]; then
# unzip OpenSSL
rm -rf $OPENSSL_VERSION
tar xfz $DL/$OPENSSL_VERSION.tar.gz
fi
OPENSSL_DIR=$(pwd)/$OPENSSL_VERSION
# make build directory
mkdir -p minicrypto
rm -rf minicrypto/minicrypto-$PLATFORM/$ARCH
mkdir -p minicrypto/minicrypto-$PLATFORM/$ARCH/build.tmp
cd minicrypto/minicrypto-$PLATFORM/$ARCH/build.tmp
mkdir openssl
# copy files from OpenSSL tree
# AES (not necessary now that PolarSSL has AES optimizations)
#cp $OPENSSL_DIR/crypto/aes/asm/aesni-x86_64.pl .
if [ "$ARCH" = "x86_64" ]; then
# General
cp $O3/polarssl/intel_cpu.c .
cp $OPENSSL_DIR/crypto/perlasm/x86_64-xlate.pl .
cp $OPENSSL_DIR/crypto/x86_64cpuid.pl .
# SHA general
cp $OPENSSL_DIR/crypto/md32_common.h .
cp $OPENSSL_DIR/crypto/sha/sha.h openssl
# SHA1
cp $OPENSSL_DIR/crypto/sha/sha_locl.h .
cp $OPENSSL_DIR/crypto/sha/sha1dgst.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha1-x86_64.pl .
# SHA256
cp $OPENSSL_DIR/crypto/sha/sha256.c .
# SHA512
cp $OPENSSL_DIR/crypto/sha/sha512.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha512-x86_64.pl .
# convert perl ASM to .s
for f in x86_64cpuid sha1-x86_64 ; do
perl $f.pl macosx >$f.s
done
perl sha512-x86_64.pl macosx sha512-x86_64.s
perl sha512-x86_64.pl macosx sha256-x86_64.s
elif [ "$ARCH" = "i386" ]; then
# General
cp $O3/polarssl/intel_cpu.c .
cp $OPENSSL_DIR/crypto/perlasm/x86asm.pl .
cp $OPENSSL_DIR/crypto/perlasm/x86gas.pl .
cp $OPENSSL_DIR/crypto/x86cpuid.pl .
# SHA general
cp $OPENSSL_DIR/crypto/md32_common.h .
cp $OPENSSL_DIR/crypto/sha/sha.h openssl
# SHA1
cp $OPENSSL_DIR/crypto/sha/sha_locl.h .
cp $OPENSSL_DIR/crypto/sha/sha1dgst.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha1-586.pl .
# SHA256
cp $OPENSSL_DIR/crypto/sha/sha256.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha256-586.pl .
# SHA512
cp $OPENSSL_DIR/crypto/sha/sha512.c .
cp $OPENSSL_DIR/crypto/sha/asm/sha512-586.pl .
# convert perl ASM to .s
for f in x86cpuid sha1-586 sha256-586 sha512-586 ; do
perl $f.pl macosx >$f.s
done
fi
cat >openssl/crypto.h <<EOF
#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
#define fips_md_init_ctx(alg, cx) int alg##_Init(cx##_CTX *c)
void OPENSSL_cleanse(void *ptr, unsigned long len);
#define OPENSSL_VERSION_PTEXT " minicrypto"
EOF
# irrelevant headers
touch openssl/e_os2.h
touch openssl/opensslconf.h
touch openssl/opensslv.h
touch aes_locl.h
touch cryptlib.h
touch crypto.h
# build C/ASM files
for f in *.c *.s ; do
COMPILE_FLAGS="-arch $ARCH -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM"
CMD="$GCC_CMD $GLOBAL_COMPILE_FLAGS $COMPILE_FLAGS -I. -c $f"
echo $CMD
$CMD
done
CMD="$AR_CMD crs ../libminicrypto.a *.o"
echo $CMD
$CMD
echo SYMBOLS
nm ../libminicrypto.a
exit 0

51
openssl/build-openssl Executable file
View File

@ -0,0 +1,51 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$TARGET" ]; then
echo TARGET var must be defined
exit 1
fi
if [ -z "$OPENSSL_TARGET" ]; then
echo "OPENSSL_TARGET var must be defined"
exit 1
fi
# GNU sed differs from BSD sed
if sed --version 2>&1 | grep -q GNU ; then
mysed='sed -i'
else
mysed='sed -i ""'
fi
[ -z "$GCC_CMD" ] && GCC_CMD=gcc
[ -z "$LINK_MODE" ] && LINK_MODE=static
[ "$LINK_MODE" = "static" ] && LINK_MODE=no-shared
[ -z "$DL" ] && DL=~/Downloads
. $O3/vars-$TARGET
. $O3/lib-versions
OPENSSL=$OPENSSL_VERSION
DIST=$(pwd)/openssl/openssl-$PLATFORM
[ "$ARCH" ] && DIST=$DIST/$ARCH
rm -rf $OPENSSL $DIST
mkdir -p $DIST
tar xfz $DL/$OPENSSL.tar.gz
pushd $OPENSSL
./Configure $OPENSSL_TARGET $LINK_MODE threads no-idea no-mdc2 no-rc5 --prefix=$DIST
$mysed -e "s|-O3|$LIB_OPT_LEVEL $MIN_DEPLOY_TARGET $OTHER_COMPILER_FLAGS $LIB_FPIC|" Makefile
#$mysed -e "s|ERR_load_COMP_strings()|//ERR_load_COMP_strings()|" crypto/err/err_all.c
make CC="$GCC_CMD" -j ${MAKE_JOBS:-1} build_libs
touch apps/openssl
touch openssl.pc
touch libcrypto.pc
touch libssl.pc
make install_sw
popd
exit 0

23
openvpn/common/arch.hpp Normal file
View File

@ -0,0 +1,23 @@
//
// arch.hpp
// OpenVPN
//
// Copyright (c) 2014 OpenVPN Technologies, Inc. All rights reserved.
//
// define an ARCH_x macro that describes our target architecture
#ifndef OPENVPN_COMMON_ARCH_H
#define OPENVPN_COMMON_ARCH_H
#if defined(__amd64__) || defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64)
# define OPENVPN_ARCH_x86_64
#elif defined(__i386__) || defined(_M_IX86)
# define OPENVPN_ARCH_i386
#elif defined(__aarch64__) || defined(__arm64__)
# define OPENVPN_ARCH_ARM64
#elif defined(__arm__) || defined(_M_ARM)
# define OPENVPN_ARCH_ARM
#endif
#endif

10
openvpn/init/engineinit.hpp
View File

@ -12,11 +12,13 @@
#include <string>
#include <openvpn/common/arch.hpp>
#if defined(USE_OPENSSL)
#include <openvpn/openssl/util/engine.hpp>
#endif
#if 0
#if defined(USE_MINICRYPTO) && (defined(OPENVPN_ARCH_x86_64) || defined(OPENVPN_ARCH_i386))
extern "C" {
void OPENSSL_cpuid_setup();
}
@ -28,12 +30,10 @@ namespace openvpn {
{
#if defined(USE_OPENSSL)
openssl_setup_engine(engine);
#elif defined(USE_MINICRYPTO) && (defined(OPENVPN_ARCH_x86_64) || defined(OPENVPN_ARCH_i386))
OPENSSL_cpuid_setup();
#endif
}
#if 0
OPENSSL_cpuid_setup();
#endif
}
#endif

17
polarssl/build-polarssl
View File

@ -5,7 +5,7 @@
# AES_NI=1 -- enable AES_NI processor optimization
# EXTERNAL_RNG=1 -- disable all internal RNG implementations (caller must provide)
# ENABLE_TESTING=1 -- run PolarSSL test scripts after build
# DEBUG_BUILD=1 -- enable minimal testing on target
# DEBUG_BUILD=1 or SELF_TEST=1 -- enable minimal testing on target
# ENABLE_SERVER=1 -- enable SSL/TLS server code
# ENABLE_FS_IO=1 -- enable PolarSSL file I/O
# VERBOSE=1 -- see build commands
@ -88,7 +88,7 @@ if [ "$ENABLE_TESTING" = "1" ]; then
fi
# enable minimal testing on target
if [ "$DEBUG_BUILD" = "1" ]; then
if [ "$DEBUG_BUILD" = "1" ] || [ "$SELF_TEST" = "1" ]; then
echo "#define POLARSSL_SELF_TEST" >>$OPC
fi
@ -99,7 +99,7 @@ elif [ "$APPLE_FAMILY" = "1" ]; then
OPT="$OPT -DCMAKE_TOOLCHAIN_FILE=$PD/apple.cmake"
fi
# OpenSSL
# Minicrypto
if [ "$USE_MINICRYPTO" = "1" ]; then
OPT="$OPT -DMINICRYPTO=1"
if [ "$MINICRYPTO_DIR" ]; then
@ -108,11 +108,13 @@ if [ "$USE_MINICRYPTO" = "1" ]; then
if [ "$OSSLCRYPTO_DIR" ]; then
OPT="$OPT -DOSSLCRYPTO_DIR=$OSSLCRYPTO_DIR"
fi
echo "#define POLARSSL_AES_ALT" >>$OPC
if [ "$MINICRYPTO_NO_AES" != "1" ]; then
echo "#define POLARSSL_AES_ALT" >>$OPC
fi
echo "#define POLARSSL_SHA1_ALT" >>$OPC
echo "#define POLARSSL_SHA2_ALT" >>$OPC
echo "#define POLARSSL_SHA4_ALT" >>$OPC
if [ "$AES_NI" = "1" ]; then
echo "#define POLARSSL_SHA256_ALT" >>$OPC
echo "#define POLARSSL_SHA512_ALT" >>$OPC
if [ "$AES_NI" = "1" ] && [ "$MINICRYPTO_NO_AES" != "1" ]; then
echo "#define POLARSSL_USE_OPENSSL_AES_NI" >>$OPC
fi
fi
@ -152,5 +154,4 @@ fi
# copy headers
cp -a ../$POLARSSL_VERSION/include/polarssl include/
exit 0

3
polarssl/config.h
View File

@ -917,7 +917,10 @@
*
* This modules adds support for the AES-NI instructions on x86-64
*/
// JY added
#ifndef POLARSSL_AES_ALT
#define POLARSSL_AESNI_C
#endif
/**
* \def POLARSSL_AES_C

85
polarssl/polarssl-minicrypto.patch
View File

@ -245,19 +245,19 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha1_alt.h polarssl.new/include/polars
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polarssl/sha2_alt.h
--- polarssl-1.2.7/include/polarssl/sha2_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha2_alt.h 2013-06-07 17:43:56.000000000 -0600
diff -uNr polarssl-1.2.7/include/polarssl/sha256_alt.h polarssl.new/include/polarssl/sha256_alt.h
--- polarssl-1.2.7/include/polarssl/sha256_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha256_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,71 @@
+/*
+ * Use OpenSSL implementation of SHA2 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha2.h when
+ * POLARSSL_SHA2_ALT is defined.
+ * Use OpenSSL implementation of SHA256 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha256.h when
+ * POLARSSL_SHA256_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha2_context {
+struct openssl_sha256_context {
+ SHA_LONG h[8];
+ SHA_LONG Nl,Nh;
+ SHA_LONG data[SHA_LBLOCK];
@ -266,29 +266,29 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
+
+typedef struct
+{
+ struct openssl_sha2_context octx;
+ struct openssl_sha256_context octx;
+
+ unsigned char ipad[64]; /*!< HMAC: inner padding */
+ unsigned char opad[64]; /*!< HMAC: outer padding */
+ int is224; /*!< 0 => SHA-256, else SHA-224 */
+}
+sha2_context;
+sha256_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA224_Init(struct openssl_sha2_context *c);
+int SHA224_Update(struct openssl_sha2_context *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, struct openssl_sha2_context *c);
+int SHA224_Init(struct openssl_sha256_context *c);
+int SHA224_Update(struct openssl_sha256_context *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, struct openssl_sha256_context *c);
+
+int SHA256_Init(struct openssl_sha2_context *c);
+int SHA256_Update(struct openssl_sha2_context *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, struct openssl_sha2_context *c);
+int SHA256_Init(struct openssl_sha256_context *c);
+int SHA256_Update(struct openssl_sha256_context *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, struct openssl_sha256_context *c);
+
+void sha256_block_data_order(struct openssl_sha2_context *c, const void *p, size_t num);
+void sha256_block_data_order(struct openssl_sha256_context *c, const void *p, size_t num);
+
+static inline void sha2_starts( sha2_context *ctx, int is224 )
+static inline void sha256_starts( sha256_context *ctx, int is224 )
+{
+ if ((ctx->is224 = is224))
+ SHA224_Init(&ctx->octx);
@ -296,7 +296,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
+ SHA256_Init(&ctx->octx);
+}
+
+static inline void sha2_update( sha2_context *ctx, const unsigned char *input, size_t ilen )
+static inline void sha256_update( sha256_context *ctx, const unsigned char *input, size_t ilen )
+{
+ if (ctx->is224)
+ SHA224_Update(&ctx->octx, input, ilen);
@ -304,7 +304,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
+ SHA256_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha2_finish( sha2_context *ctx, unsigned char output[32] )
+static inline void sha256_finish( sha256_context *ctx, unsigned char output[32] )
+{
+ if (ctx->is224)
+ SHA224_Final(output, &ctx->octx);
@ -312,7 +312,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
+ SHA256_Final(output, &ctx->octx);
+}
+
+static inline void sha2_process( sha2_context *ctx, const unsigned char data[64] )
+static inline void sha256_process( sha256_context *ctx, const unsigned char data[64] )
+{
+ sha256_block_data_order(&ctx->octx, data, 1);
+}
@ -320,19 +320,19 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha2_alt.h polarssl.new/include/polars
+#ifdef __cplusplus
+}
+#endif
diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polarssl/sha4_alt.h
--- polarssl-1.2.7/include/polarssl/sha4_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha4_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,67 @@
diff -uNr polarssl-1.2.7/include/polarssl/sha512_alt.h polarssl.new/include/polarssl/sha512_alt.h
--- polarssl-1.2.7/include/polarssl/sha512_alt.h 1969-12-31 17:00:00.000000000 -0700
+++ polarssl.new/include/polarssl/sha512_alt.h 2013-06-07 17:43:56.000000000 -0600
@@ -0,0 +1,74 @@
+/*
+ * Use OpenSSL implementation of SHA4 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha4.h when
+ * POLARSSL_SHA4_ALT is defined.
+ * Use OpenSSL implementation of SHA512 methods to get asm and hardware acceleration.
+ * Don't include this file directly, it is included by sha512.h when
+ * POLARSSL_SHA512_ALT is defined.
+ */
+
+#include "polarssl/sha_openssl.h"
+
+struct openssl_sha4_context {
+struct openssl_sha512_context {
+ SHA_LONG64 h[8];
+ SHA_LONG64 Nl,Nh;
+ union {
@ -344,27 +344,29 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
+
+typedef struct
+{
+ struct openssl_sha4_context octx;
+ struct openssl_sha512_context octx;
+
+ unsigned char ipad[128]; /*!< HMAC: inner padding */
+ unsigned char opad[128]; /*!< HMAC: outer padding */
+ int is384; /*!< 0 => SHA-512, else SHA-384 */
+}
+sha4_context;
+sha512_context;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int SHA384_Init(struct openssl_sha4_context *c);
+int SHA384_Update(struct openssl_sha4_context *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, struct openssl_sha4_context *c);
+int SHA384_Init(struct openssl_sha512_context *c);
+int SHA384_Update(struct openssl_sha512_context *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, struct openssl_sha512_context *c);
+
+int SHA512_Init(struct openssl_sha4_context *c);
+int SHA512_Update(struct openssl_sha4_context *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, struct openssl_sha4_context *c);
+int SHA512_Init(struct openssl_sha512_context *c);
+int SHA512_Update(struct openssl_sha512_context *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, struct openssl_sha512_context *c);
+
+static inline void sha4_starts( sha4_context *ctx, int is384 )
+void sha512_block_data_order(struct openssl_sha512_context *c, const void *p, size_t num);
+
+static inline void sha512_starts( sha512_context *ctx, int is384 )
+{
+ if ((ctx->is384 = is384))
+ SHA384_Init(&ctx->octx);
@ -372,7 +374,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
+ SHA512_Init(&ctx->octx);
+}
+
+static inline void sha4_update( sha4_context *ctx, const unsigned char *input, size_t ilen )
+static inline void sha512_update( sha512_context *ctx, const unsigned char *input, size_t ilen )
+{
+ if (ctx->is384)
+ SHA384_Update(&ctx->octx, input, ilen);
@ -380,7 +382,7 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
+ SHA512_Update(&ctx->octx, input, ilen);
+}
+
+static inline void sha4_finish( sha4_context *ctx, unsigned char output[64] )
+static inline void sha512_finish( sha512_context *ctx, unsigned char output[64] )
+{
+ if (ctx->is384)
+ SHA384_Final(output, &ctx->octx);
@ -388,6 +390,11 @@ diff -uNr polarssl-1.2.7/include/polarssl/sha4_alt.h polarssl.new/include/polars
+ SHA512_Final(output, &ctx->octx);
+}
+
+static inline void sha512_process( sha512_context *ctx, const unsigned char data[128] )
+{
+ sha512_block_data_order(&ctx->octx, data, 1);
+}
+
+#ifdef __cplusplus
+}
+#endif

3
scripts/build
View File

@ -91,7 +91,8 @@ if [ "$PSSL" = "1" ]; then
LIBDIRS="$LIBDIRS -L$DEP_DIR/polarssl/polarssl-$PLATFORM$DBG_DIR_SUFFIX/library"
if [ "$MINI" = "1" ]; then
LIBS="$LIBS -lminicrypto"
LIBDIRS="$LIBDIRS -L$DEP_DIR/openssl/openssl-$PLATFORM/lib"
LIBDIRS="$LIBDIRS -L$DEP_DIR/minicrypto/minicrypto-$PLATFORM"
CPPFLAGS="$CPPFLAGS -DUSE_MINICRYPTO"
NOSSL=1
fi
fi

34
scripts/linux/build-openssl
View File

@ -1,30 +1,28 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$1" ]; then
echo "usage: build-openssl x64|arm"
exit 1
fi
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$DEP_DIR" ]; then
echo DEP_DIR var must point to ovpn3 dependency tree
exit 1
fi
cd $DEP_DIR
[ -z "$LINK_MODE" ] && LINK_MODE=static
[ "$LINK_MODE" = "static" ] && LINK_MODE=no-shared
rm -rf openssl
mkdir openssl
case $1 in
x64*)
OPENSSL_TARGET=linux-x86_64
JOBS=4
export OPENSSL_TARGET=linux-x86_64
;;
arm*)
OPENSSL_TARGET=linux-armv4
JOBS=1
export OPENSSL_TARGET=linux-armv4
;;
*)
echo "unknown platform"
@ -32,19 +30,5 @@ arm*)
;;
esac
. $O3/lib-versions
export DIST=$(pwd)/openssl/openssl-linux
rm -rf $OPENSSL_VERSION $DIST
mkdir -p $DIST
tar xfz $DL/$OPENSSL_VERSION.tar.gz
cd $OPENSSL_VERSION
. $O3/vars-linux
./Configure $OPENSSL_TARGET $LINK_MODE threads no-idea no-mdc2 no-rc5 --prefix=$DIST
sed -i -e "s|-O3|$PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_FPIC $LIB_OPT_LEVEL|" Makefile
make -j $JOBS build_libs
touch apps/openssl
touch openssl.pc
touch libcrypto.pc
touch libssl.pc
make install_sw
TARGET=linux $O3/openssl/build-openssl
exit 0

4
scripts/mac/build-all
View File

@ -9,8 +9,10 @@ cd $DEP_DIR
rm -rf boost* lz4* lzo* minicrypto openssl* polarssl* snappy*
echo "******* BOOST"
$O3/scripts/mac/build-boost
echo "******* MINICRYPTO"
$O3/scripts/mac/build-minicrypto
echo "******* POLARSSL"
$O3/scripts/mac/build-polarssl
OSX_SERVER=0 $O3/scripts/mac/build-polarssl
echo "******* SNAPPY"
$O3/scripts/mac/build-snappy
echo "******* LZ4"

12
scripts/mac/build-minicrypto
View File

@ -15,8 +15,14 @@ cd $DEP_DIR
rm -rf minicrypto
mkdir minicrypto
for target in ios-dbg ios ; do
echo '***************' TARGET $target
TARGET=$target $O3/minicrypto/build-minicrypto
for target in osx osx-dbg ; do
echo '***************' Minicrypto-32 $target
TARGET=$target ARCH=i386 $O3/minicrypto/build-minicrypto-osx
echo '***************' Minicrypto-64 $target
TARGET=$target ARCH=x86_64 $O3/minicrypto/build-minicrypto-osx
cd minicrypto/minicrypto-$target
lipo -create */libminicrypto.a -output libminicrypto.a
lipo -info libminicrypto.a
cd ../..
done
exit 0

33
scripts/mac/build-openssl Executable file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env bash
set -e
[ "$DEP_DIR" ] && cd $DEP_DIR
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$DEP_DIR" ]; then
echo DEP_DIR var must point to ovpn3 dependency tree
exit 1
fi
cd $DEP_DIR
rm -rf openssl
mkdir openssl
for target in osx ; do
echo '***************' OpenSSL-32 $target
TARGET=$target OPENSSL_TARGET=darwin-i386-cc ARCH=i386 $O3/openssl/build-openssl
echo '***************' OpenSSL-64 $target
TARGET=$target OPENSSL_TARGET=darwin64-x86_64-cc ARCH=x86_64 $O3/openssl/build-openssl
cd openssl/openssl-$target
cp -a x86_64/include .
rm include/openssl/opensslconf.h # contains 32/64-bit specific references
for l in libcrypto.a libssl.a ; do
lipo -create */lib/$l -output $l
done
mkdir lib
mv *.a lib
cd ../..
done
exit 0

37
scripts/mac/build-openssl-small
View File

@ -1,37 +0,0 @@
#!/usr/bin/env bash
set -e
if [ -z "$O3" ]; then
echo O3 var must point to ovpn3 tree
exit 1
fi
if [ -z "$DEP_DIR" ]; then
echo DEP_DIR var must point to ovpn3 dependency tree
exit 1
fi
cd $DEP_DIR
. $O3/lib-versions
[ -z "$DL" ] && DL=~/Downloads
rm -rf openssl
mkdir openssl
for TARGET in osx ; do
. $O3/vars-$TARGET
export OPENSSL=$OPENSSL_VERSION
export DIST=$(pwd)/openssl-$PLATFORM
rm -rf $OPENSSL $DIST
tar xfz $DL/$OPENSSL.tar.gz
pushd $OPENSSL
OSSL_FLAGS="no-shared threads no-idea no-mdc2 no-rc5 no-engine no-comp no-hw no-ssl2 no-ssl3 no-zlib no-rc2 no-cast no-md2 no-ripemd no-camellia no-seed no-krb5 no-socks no-ecdsa no-ec no-ecdh no-md2 no-whirlpool no-dsa no-cms no-jpake no-gost"
#OSSL_FLAGS="no-shared threads no-comp no-zlib"
./Configure $OPENSSL_TARGET $OSSL_FLAGS --prefix=$DIST
sed -i "" -e "s|-O3|$LIB_OPT_LEVEL $PLATFORM_FLAGS|" Makefile
sed -i "" -e "s|ERR_load_COMP_strings()|//ERR_load_COMP_strings()|" crypto/err/err_all.c
make CC="clang" -j 4 build_libs
touch apps/openssl
touch openssl.pc
touch libcrypto.pc
touch libssl.pc
make install_sw
popd
mv $DIST openssl
done
exit 0

9
scripts/mac/build-polarssl
View File

@ -11,9 +11,6 @@ if [ -z "$DEP_DIR" ]; then
fi
cd $DEP_DIR
mini=0
#[ "$DISABLE_MINICRYPTO" = "1" ] && mini=0
rm -rf polarssl
mkdir polarssl
@ -21,7 +18,7 @@ if [ "$OSX_ONLY" != "1" ]; then
# for ios, build with minicrypto
for target in ios-dbg ios ; do
echo '***************' TARGET $target
VERBOSE=1 TARGET=$target USE_MINICRYPTO=$mini MINICRYPTO_DIR=$(pwd)/minicrypto/minicrypto-$target $O3/polarssl/build-polarssl
VERBOSE=1 TARGET=$target USE_MINICRYPTO=0 $O3/polarssl/build-polarssl
mv polarssl-$target polarssl
[ "$IOS_DBG_ONLY" = "1" ] && exit
done
@ -35,11 +32,11 @@ if [ "$OSX_ONLY" != "1" ]; then
fi
# osx
[ -z "$OSX_MINICRYPTO" ] && OSX_MINICRYPTO=0
[ -z "$OSX_MINICRYPTO" ] && OSX_MINICRYPTO=1
[ -z "$OSX_SERVER" ] && OSX_SERVER=1
for target in osx osx-dbg ; do
echo '***************' TARGET $target
VERBOSE=1 TARGET=$target USE_MINICRYPTO=$OSX_MINICRYPTO ENABLE_SERVER=$OSX_SERVER $O3/polarssl/build-polarssl
VERBOSE=1 TARGET=$target USE_MINICRYPTO=$OSX_MINICRYPTO MINICRYPTO_NO_AES=1 ENABLE_SERVER=$OSX_SERVER $O3/polarssl/build-polarssl
mv polarssl-$target polarssl/
done
exit 0

10
test/ovpncli/README.txt
View File

@ -1,17 +1,17 @@
Build on Mac:
With PolarSSL:
GCC_EXTRA="-ferror-limit=4" STRIP=1 PSSL=1 SNAP=1 LZ4=1 build cli
GCC_EXTRA="-ferror-limit=4" STRIP=1 PSSL=1 MINI=1 SNAP=1 LZ4=1 build cli
With PolarSSL and C++11 for optimized move constructors:
GCC_EXTRA="-ferror-limit=4 -std=c++11" STRIP=1 PSSL=1 SNAP=1 LZ4=1 build cli
With PolarSSL/AppleCrypto hybrid:
GCC_EXTRA="-ferror-limit=4" STRIP=1 HYBRID=1 SNAP=1 LZ4=1 build cli
GCC_EXTRA="-ferror-limit=4 -std=c++11" STRIP=1 PSSL=1 MINI=1 SNAP=1 LZ4=1 build cli
With OpenSSL:
GCC_EXTRA="-ferror-limit=4" STRIP=1 OSSL=1 SNAP=1 LZ4=1 build cli
With PolarSSL/AppleCrypto hybrid:
GCC_EXTRA="-ferror-limit=4" STRIP=1 HYBRID=1 SNAP=1 LZ4=1 build cli
Build on Linux:
With OpenSSL:

37
test/ssl/README.txt
View File

@ -1,41 +1,44 @@
Building proto.cpp sample:
On Mac:
On Mac/Linux:
Build with PolarSSL client and server + minicrypto lib:
PSSL=1 MINI=1 build proto
Build with PolarSSL client and server (no ASM crypto algs):
GCC_EXTRA="-ferror-limit=4 -DUSE_POLARSSL_SERVER" PSSL=1 SNAP=1 LZ4=1 build proto
Build with PolarSSL client and OpenSSL server:
GCC_EXTRA="-ferror-limit=4 -Wno-deprecated-declarations" PSSL=1 SNAP=1 LZ4=1 OSSL=1 build proto
On Linux:
PSSL=1 build proto
Build with OpenSSL client and server:
build proto
OSSL=1 build proto
Build with PolarSSL client and OpenSSL server:
PSSL=1 build proto
Build with PolarSSL client and server:
GCC_EXTRA="-DUSE_POLARSSL_SERVER" PSSL=1 build proto
PSSL=1 OSSL=1 build proto
Variations:
To simulate more data-channel activity and less SSL renegotiations
(RENEG default is 90):
To simulate less data-channel activity and more SSL renegotiations
(RENEG default is 900):
GCC_EXTRA="-DRENEG=900" build proto
GCC_EXTRA="-DRENEG=90" build proto
For verbose output, lower the number of xmit/recv iterations by defining
ITER to be 10000 or less, e.g.
GCC_EXTRA="-DITER=1000" build proto
Crypto self-test (PolarSSL must be built with DEBUG_BUILD=1 or SELF_TEST=1):
./proto test
Caveats:
When using PolarSSL as both client and server, make sure to build
PolarSSL on Mac OS X with OSX_SERVER=1.
Typical output:
$ time ./proto

33
test/ssl/proto.cpp
View File

@ -29,7 +29,7 @@
// how many virtual seconds between SSL renegotiations
#ifndef RENEG
#define RENEG 90
#define RENEG 900
#endif
// number of threads to use for test
@ -82,6 +82,21 @@
#include <openvpn/ssl/proto.hpp>
#include <openvpn/init/initprocess.hpp>
#if !(defined(USE_OPENSSL) || defined(USE_POLARSSL) || defined(USE_APPLE_SSL))
#error Must define one or more of USE_OPENSSL, USE_POLARSSL, USE_APPLE_SSL.
#endif
#if defined(USE_OPENSSL) && (defined(USE_POLARSSL) || defined(USE_APPLE_SSL))
#undef USE_OPENSSL
#define USE_OPENSSL_SERVER
#elif !defined(USE_OPENSSL) && defined(USE_POLARSSL)
#define USE_POLARSSL_SERVER
#elif defined(USE_OPENSSL) && !defined(USE_POLARSSL)
#define USE_OPENSSL_SERVER
#else
#error no server setup
#endif
#if defined(USE_OPENSSL) || defined(USE_OPENSSL_SERVER)
#include <openvpn/openssl/util/init.hpp>
@ -120,15 +135,17 @@
using namespace openvpn;
// server Crypto/SSL/Rand implementation (usually OpenSSL-based)
// server Crypto/SSL/Rand implementation
#if defined(USE_POLARSSL_SERVER)
typedef PolarSSLCryptoAPI ServerCryptoAPI;
typedef PolarSSLContext<PolarSSLRandom> ServerSSLAPI;
typedef PolarSSLRandom ServerRandomAPI;
#else // if defined(USE_OPENSSL_SERVER)
#elif defined(USE_OPENSSL_SERVER)
typedef OpenSSLCryptoAPI ServerCryptoAPI;
typedef OpenSSLContext ServerSSLAPI;
typedef OpenSSLRandom ServerRandomAPI;
#else
#error No server SSL implementation defined
#endif
// client SSL implementation can be OpenSSL, Apple SSL, or PolarSSL
@ -861,11 +878,17 @@ int test(const int thread_num)
return 0;
}
int main(int /*argc*/, char* /*argv*/[])
int main(int argc, char* argv[])
{
// process-wide initialization
InitProcess::init();
SelfTest::crypto_self_test();
if (argc >= 2 && !strcmp(argv[1], "test"))
{
const std::string out = SelfTest::crypto_self_test();
OPENVPN_LOG(out);
return 0;
}
#if N_THREADS >= 2 && OPENVPN_MULTITHREAD
boost::thread* threads[N_THREADS];

2
test/ssl/protowin.h
View File

@ -1,2 +1,2 @@
#define RENEG 900
//#define RENEG 900
//#define ITER 1000

4
vars-linux
View File

@ -1,8 +1,6 @@
export JAVA_DIR=/usr/lib/jvm/java-7-openjdk-amd64
[ -z "$DEP_DIR" ] && export DEP_DIR=$HOME/linux
export PLATFORM=linux
export LIB_OPT_LEVEL="-O3"
export LIB_FPIC=""
export OTHER_COMPILER_FLAGS=""
export LIB_OPT_LEVEL="-O3"
export LIB_FPIC="-fPIC"
export LIB_FPIC=""

4
vars-osx
View File

@ -3,8 +3,8 @@ export DEP_DIR=$HOME/src/mac
export APPLE_FAMILY=1
export GPP_CMD=clang++
export GCC_CMD=clang
export PLATFORM_FLAGS="-arch x86_64 -arch i386 -mmacosx-version-min=10.6"
export MIN_DEPLOY_TARGET="-mmacosx-version-min=10.6"
export PLATFORM_FLAGS="-arch x86_64 -arch i386 $MIN_DEPLOY_TARGET"
export OTHER_COMPILER_FLAGS="-fvisibility=hidden -fvisibility-inlines-hidden"
export LIB_OPT_LEVEL="-O3"
export LIB_FPIC=""
export OPENSSL_TARGET=darwin64-x86_64-cc

3
vars-osx-dbg
View File

@ -4,7 +4,8 @@ export APPLE_FAMILY=1
export DEBUG_BUILD=1
export GPP_CMD=clang++
export GCC_CMD=clang
export PLATFORM_FLAGS="-arch x86_64 -arch i386 -mmacosx-version-min=10.6"
export MIN_DEPLOY_TARGET="-mmacosx-version-min=10.6"
export PLATFORM_FLAGS="-arch x86_64 -arch i386 $MIN_DEPLOY_TARGET"
export OTHER_COMPILER_FLAGS="-g"
export LIB_OPT_LEVEL="-O0"
export LIB_FPIC=""

2
vars-reset
View File

@ -1,11 +1,11 @@
unset PLATFORM
unset PLATFORM_FLAGS
unset MIN_DEPLOY_TARGET
unset OTHER_COMPILER_FLAGS
unset IOS_SDK
unset BOOST_DIR
unset BOOST_STAGE
unset OPENSSL_DIR
unset OPENSSL_TARGET
unset SNAPPY_DIR
unset LZ4_DIR
unset JAVA_DIR