From 781b10c0c9156d64a72d729ff36cd64b2e06256a Mon Sep 17 00:00:00 2001 From: Johannes Bauer Date: Tue, 16 Jan 2018 18:59:50 +0100 Subject: [PATCH] Assume system-wide installed OpenSSL v1.1 After Debian has pretty much migrated to v1.1, we now assume that OpenSSL is preinstalled system-wide -- it's not experimental anymore. Currently we assume it's preinstalled in /usr/local. --- Makefile | 20 +++++++------------- build_openssl | 19 ------------------- luksrku.c | 12 ++++++++---- 3 files changed, 15 insertions(+), 36 deletions(-) delete mode 100755 build_openssl diff --git a/Makefile b/Makefile index 6c673f5..e0bc81e 100644 --- a/Makefile +++ b/Makefile @@ -2,13 +2,10 @@ all: luksrku luksrku-config INSTALL_PREFIX := /usr/local/ -OPENSSL_DIR := `pwd`/openssl-1.1.0e/ -#OPENSSL_DIR := /home/joe/openssl/ -#LIBDIR := /usr/lib/x86_64-linux-gnu/ -LIBDIR := $(OPENSSL_DIR) -CFLAGS := -std=c11 -Wall -Wextra -O2 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -I$(OPENSSL_DIR)include +CFLAGS := -std=c11 -Wall -Wextra -O2 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter #CFLAGS += -g -DDEBUG -LDFLAGS := -L$(OPENSSL_DIR) -lcrypto -lssl +LDFLAGS := -lcrypto -lssl +LDFLAGS += -L/usr/local/lib #LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a #LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a -ldl @@ -20,24 +17,21 @@ install: all cp luksrku luksrku-config $(INSTALL_PREFIX)sbin/ chown root:root $(INSTALL_PREFIX)sbin/luksrku $(INSTALL_PREFIX)sbin/luksrku-config chmod 755 $(INSTALL_PREFIX)sbin/luksrku $(INSTALL_PREFIX)sbin/luksrku-config - cp -a $(OPENSSL_DIR)libssl* $(OPENSSL_DIR)libcrypto* $(INSTALL_PREFIX)lib/ - ldconfig clean: rm -f $(OBJS) $(OBJS_CFG) luksrku luksrku-config valgrind: luksrku - LD_LIBRARY_PATH=$(OPENSSL_DIR) valgrind --leak-check=full --show-leak-kinds=all ./luksrku -v --client-mode -k client_keys.bin -#LD_LIBRARY_PATH=$(OPENSSL_DIR) valgrind --leak-check=full --show-leak-kinds=all ./luksrku -v --server-mode -k server_key.bin + valgrind --leak-check=full --show-leak-kinds=all ./luksrku -v --client-mode -k client_keys.bin test: luksrku - LD_LIBRARY_PATH=$(OPENSSL_DIR) ./luksrku -v --server-mode -k server_key.bin + ./luksrku -v --server-mode -k server_key.bin gdb: luksrku - LD_LIBRARY_PATH=$(OPENSSL_DIR) gdb --args ./luksrku -v --server-mode -k server_key.bin + gdb --args ./luksrku -v --server-mode -k server_key.bin testclient: luksrku - LD_LIBRARY_PATH=$(OPENSSL_DIR) ./luksrku -v --client-mode -k client_keys.bin + ./luksrku -v --client-mode -k client_keys.bin derive: luksrku-config ./luksrku-config server server_key.txt server_key.bin diff --git a/build_openssl b/build_openssl deleted file mode 100755 index 5d298d8..0000000 --- a/build_openssl +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# -# - -VERSION="1.1.0e" -URL="https://www.openssl.org/source/openssl-${VERSION}.tar.gz" -LOCAL_TARGZ="openssl-${VERSION}.tar.gz" -LOCAL_DIR="openssl-${VERSION}" - -if [ ! -f "$LOCAL_TARGZ" ]; then - wget "$URL" -fi - -if [ ! -d "$LOCAL_DIR" ]; then - tar xfz "$LOCAL_TARGZ" - cd "$LOCAL_DIR" - ./config - make -j 16 -fi diff --git a/luksrku.c b/luksrku.c index b643f3e..12da48c 100644 --- a/luksrku.c +++ b/luksrku.c @@ -33,6 +33,10 @@ #include "log.h" #include "keyfile.h" +#if OPENSSL_VERSION_NUMBER < 0x010100000 +#error "luksrku requires at least OpenSSL v1.1 to work." +#endif + int main(int argc, char **argv) { #ifdef DEBUG fprintf(stderr, "WARNING: This has been compiled in DEBUG mode and uses reduced security.\n"); @@ -66,7 +70,7 @@ int main(int argc, char **argv) { #ifdef DEBUG keydb_dump(&keydb); #endif - + if (keydb.entrycnt == 0) { log_msg(LLVL_FATAL, "Key database file %s contains no keys.", options.keydbfile); success = false; @@ -79,13 +83,13 @@ int main(int argc, char **argv) { success = false; break; } - + if (keydb_disk_key_count(&keydb) != 0) { log_msg(LLVL_FATAL, "Server configuration files may not contain disk unlocking keys."); success = false; break; } - + if (!dtls_server(keydb_getentry(&keydb, 0), &options)) { log_msg(LLVL_FATAL, "Failed to start DTLS server."); success = false; @@ -99,7 +103,7 @@ int main(int argc, char **argv) { } } } while (false); - + keydb_free(&keydb); if (!success) { exit(EXIT_FAILURE);