Assume system-wide installed OpenSSL v1.1
After Debian has pretty much migrated to v1.1, we now assume that OpenSSL is preinstalled system-wide -- it's not experimental anymore. Currently we assume it's preinstalled in /usr/local.
This commit is contained in:
parent
b8659ae8fc
commit
781b10c0c9
20
Makefile
20
Makefile
@ -2,13 +2,10 @@
|
|||||||
all: luksrku luksrku-config
|
all: luksrku luksrku-config
|
||||||
|
|
||||||
INSTALL_PREFIX := /usr/local/
|
INSTALL_PREFIX := /usr/local/
|
||||||
OPENSSL_DIR := `pwd`/openssl-1.1.0e/
|
CFLAGS := -std=c11 -Wall -Wextra -O2 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter
|
||||||
#OPENSSL_DIR := /home/joe/openssl/
|
|
||||||
#LIBDIR := /usr/lib/x86_64-linux-gnu/
|
|
||||||
LIBDIR := $(OPENSSL_DIR)
|
|
||||||
CFLAGS := -std=c11 -Wall -Wextra -O2 -pthread -D_POSIX_SOURCE -D_XOPEN_SOURCE=500 -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -I$(OPENSSL_DIR)include
|
|
||||||
#CFLAGS += -g -DDEBUG
|
#CFLAGS += -g -DDEBUG
|
||||||
LDFLAGS := -L$(OPENSSL_DIR) -lcrypto -lssl
|
LDFLAGS := -lcrypto -lssl
|
||||||
|
LDFLAGS += -L/usr/local/lib
|
||||||
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a
|
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a
|
||||||
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a -ldl
|
#LDFLAGS := -static $(LIBDIR)libssl.a $(LIBDIR)libcrypto.a -ldl
|
||||||
|
|
||||||
@ -20,24 +17,21 @@ install: all
|
|||||||
cp luksrku luksrku-config $(INSTALL_PREFIX)sbin/
|
cp luksrku luksrku-config $(INSTALL_PREFIX)sbin/
|
||||||
chown root:root $(INSTALL_PREFIX)sbin/luksrku $(INSTALL_PREFIX)sbin/luksrku-config
|
chown root:root $(INSTALL_PREFIX)sbin/luksrku $(INSTALL_PREFIX)sbin/luksrku-config
|
||||||
chmod 755 $(INSTALL_PREFIX)sbin/luksrku $(INSTALL_PREFIX)sbin/luksrku-config
|
chmod 755 $(INSTALL_PREFIX)sbin/luksrku $(INSTALL_PREFIX)sbin/luksrku-config
|
||||||
cp -a $(OPENSSL_DIR)libssl* $(OPENSSL_DIR)libcrypto* $(INSTALL_PREFIX)lib/
|
|
||||||
ldconfig
|
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -f $(OBJS) $(OBJS_CFG) luksrku luksrku-config
|
rm -f $(OBJS) $(OBJS_CFG) luksrku luksrku-config
|
||||||
|
|
||||||
valgrind: luksrku
|
valgrind: luksrku
|
||||||
LD_LIBRARY_PATH=$(OPENSSL_DIR) valgrind --leak-check=full --show-leak-kinds=all ./luksrku -v --client-mode -k client_keys.bin
|
valgrind --leak-check=full --show-leak-kinds=all ./luksrku -v --client-mode -k client_keys.bin
|
||||||
#LD_LIBRARY_PATH=$(OPENSSL_DIR) valgrind --leak-check=full --show-leak-kinds=all ./luksrku -v --server-mode -k server_key.bin
|
|
||||||
|
|
||||||
test: luksrku
|
test: luksrku
|
||||||
LD_LIBRARY_PATH=$(OPENSSL_DIR) ./luksrku -v --server-mode -k server_key.bin
|
./luksrku -v --server-mode -k server_key.bin
|
||||||
|
|
||||||
gdb: luksrku
|
gdb: luksrku
|
||||||
LD_LIBRARY_PATH=$(OPENSSL_DIR) gdb --args ./luksrku -v --server-mode -k server_key.bin
|
gdb --args ./luksrku -v --server-mode -k server_key.bin
|
||||||
|
|
||||||
testclient: luksrku
|
testclient: luksrku
|
||||||
LD_LIBRARY_PATH=$(OPENSSL_DIR) ./luksrku -v --client-mode -k client_keys.bin
|
./luksrku -v --client-mode -k client_keys.bin
|
||||||
|
|
||||||
derive: luksrku-config
|
derive: luksrku-config
|
||||||
./luksrku-config server server_key.txt server_key.bin
|
./luksrku-config server server_key.txt server_key.bin
|
||||||
|
@ -1,19 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
VERSION="1.1.0e"
|
|
||||||
URL="https://www.openssl.org/source/openssl-${VERSION}.tar.gz"
|
|
||||||
LOCAL_TARGZ="openssl-${VERSION}.tar.gz"
|
|
||||||
LOCAL_DIR="openssl-${VERSION}"
|
|
||||||
|
|
||||||
if [ ! -f "$LOCAL_TARGZ" ]; then
|
|
||||||
wget "$URL"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -d "$LOCAL_DIR" ]; then
|
|
||||||
tar xfz "$LOCAL_TARGZ"
|
|
||||||
cd "$LOCAL_DIR"
|
|
||||||
./config
|
|
||||||
make -j 16
|
|
||||||
fi
|
|
12
luksrku.c
12
luksrku.c
@ -33,6 +33,10 @@
|
|||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "keyfile.h"
|
#include "keyfile.h"
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER < 0x010100000
|
||||||
|
#error "luksrku requires at least OpenSSL v1.1 to work."
|
||||||
|
#endif
|
||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
fprintf(stderr, "WARNING: This has been compiled in DEBUG mode and uses reduced security.\n");
|
fprintf(stderr, "WARNING: This has been compiled in DEBUG mode and uses reduced security.\n");
|
||||||
@ -66,7 +70,7 @@ int main(int argc, char **argv) {
|
|||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
keydb_dump(&keydb);
|
keydb_dump(&keydb);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (keydb.entrycnt == 0) {
|
if (keydb.entrycnt == 0) {
|
||||||
log_msg(LLVL_FATAL, "Key database file %s contains no keys.", options.keydbfile);
|
log_msg(LLVL_FATAL, "Key database file %s contains no keys.", options.keydbfile);
|
||||||
success = false;
|
success = false;
|
||||||
@ -79,13 +83,13 @@ int main(int argc, char **argv) {
|
|||||||
success = false;
|
success = false;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keydb_disk_key_count(&keydb) != 0) {
|
if (keydb_disk_key_count(&keydb) != 0) {
|
||||||
log_msg(LLVL_FATAL, "Server configuration files may not contain disk unlocking keys.");
|
log_msg(LLVL_FATAL, "Server configuration files may not contain disk unlocking keys.");
|
||||||
success = false;
|
success = false;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!dtls_server(keydb_getentry(&keydb, 0), &options)) {
|
if (!dtls_server(keydb_getentry(&keydb, 0), &options)) {
|
||||||
log_msg(LLVL_FATAL, "Failed to start DTLS server.");
|
log_msg(LLVL_FATAL, "Failed to start DTLS server.");
|
||||||
success = false;
|
success = false;
|
||||||
@ -99,7 +103,7 @@ int main(int argc, char **argv) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} while (false);
|
} while (false);
|
||||||
|
|
||||||
keydb_free(&keydb);
|
keydb_free(&keydb);
|
||||||
if (!success) {
|
if (!success) {
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
|
Loading…
Reference in New Issue
Block a user