From a74327a74159307f8b3547f70bc76737ce634929 Mon Sep 17 00:00:00 2001 From: Aleksandr Makarov Date: Mon, 13 Jul 2020 23:05:26 +0000 Subject: [PATCH 1/4] java/jni/client.c: add support for OpenSSL 1.1 This shall allow the java/jni to build with and link against OpenSSL 1.1. Additionally, the configuration program will not attempt to process the java/jni/ subdirectory if no --enable-jni has been specified. Signed-off-by: Aleksandr Makarov --- Makefile.am | 8 ++++++-- configure.ac | 10 ++++++---- java/jni/client.c | 21 ++++++++++++++++----- 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/Makefile.am b/Makefile.am index 10e38fd..9601de6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,9 +1,13 @@ ACLOCAL_AMFLAGS = -I m4 +if ENABLE_JNI +libest_jni = java/jni +endif + if ENABLE_CLIENT_ONLY -SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/client-brski +SUBDIRS = safe_c_stub src $(libest_jni) example/client example/client-simple example/client-brski else -SUBDIRS = safe_c_stub src java/jni example/client example/client-simple example/server example/proxy example/client-brski +SUBDIRS = safe_c_stub src $(libest_jni) example/client example/client-simple example/server example/proxy example/client-brski endif EXTRA_DIST = autogen.sh example/util LICENSE README.brski $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle diff --git a/configure.ac b/configure.ac index e02a54d..d648030 100644 --- a/configure.ac +++ b/configure.ac @@ -35,9 +35,9 @@ AM_COND_IF([FREEBSD], AC_MSG_RESULT([Skipping libdl check]), AC_ARG_ENABLE([jni], [AS_HELP_STRING([--enable-jni], [Enable support for JNI library])], - [jni_on=1], - [jni_on=0]) -AM_CONDITIONAL([ENABLE_JNI], [test x$jni_on = x1]) + [], + [enable_jni="no"]) +AM_CONDITIONAL([ENABLE_JNI], [test "$enable_jni" = "yes"]) AM_COND_IF([ENABLE_JNI], AC_MSG_RESULT([JNI support enabled]) AC_DEFINE([ENABLE_JNI]), @@ -198,5 +198,7 @@ AC_PREFIX_DEFAULT([/usr/local/est]) cp confdefs.h est_config.h -AC_CONFIG_FILES([Makefile version safe_c_stub/Makefile safe_c_stub/lib/Makefile java/jni/Makefile src/Makefile src/est/Makefile example/client/Makefile example/client-simple/Makefile example/client-brski/Makefile example/server/Makefile example/proxy/Makefile]) +AC_CONFIG_FILES([Makefile version safe_c_stub/Makefile safe_c_stub/lib/Makefile src/Makefile src/est/Makefile example/client/Makefile example/client-simple/Makefile example/client-brski/Makefile example/server/Makefile example/proxy/Makefile]) +AM_COND_IF([ENABLE_JNI], + [AC_CONFIG_FILES([java/jni/Makefile])]) AC_OUTPUT diff --git a/java/jni/client.c b/java/jni/client.c index 9a8a34e..f7aeefc 100644 --- a/java/jni/client.c +++ b/java/jni/client.c @@ -130,11 +130,18 @@ static int jni_est_client_X509_REQ_sign (X509_REQ *x, EVP_PKEY *pkey, const EVP_ { int rv; EVP_PKEY_CTX *pkctx = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; - EVP_MD_CTX_init(&mctx); +#ifdef HAVE_OLD_OPENSSL + EVP_MD_CTX md_ctx; + mctx = &md_ctx; - if (!EVP_DigestSignInit(&mctx, &pkctx, md, NULL, pkey)) { + EVP_MD_CTX_init(mctx); +#else + mctx = EVP_MD_CTX_new(); +#endif + + if (!EVP_DigestSignInit(mctx, &pkctx, md, NULL, pkey)) { return 0; } @@ -150,9 +157,13 @@ static int jni_est_client_X509_REQ_sign (X509_REQ *x, EVP_PKEY *pkey, const EVP_ x->req_info->enc.modified = 1; #endif - rv = X509_REQ_sign_ctx(x, &mctx); + rv = X509_REQ_sign_ctx(x, mctx); - EVP_MD_CTX_cleanup(&mctx); +#ifdef HAVE_OLD_OPENSSL + EVP_MD_CTX_cleanup(mctx); +#else + EVP_MD_CTX_free(mctx); +#endif return (rv); } From 0d6b817cbe45665091965967ff3e0f70138ad72a Mon Sep 17 00:00:00 2001 From: Aleksandr Makarov Date: Mon, 13 Jul 2020 23:42:42 +0000 Subject: [PATCH 2/4] Add --{enable,disable}-examples flag to toggle examples compilation Signed-off-by: Aleksandr Makarov --- Makefile.am | 11 +++++++---- configure.ac | 24 ++++++++++++++++++------ 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/Makefile.am b/Makefile.am index 9601de6..e2561e7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,10 +4,13 @@ if ENABLE_JNI libest_jni = java/jni endif -if ENABLE_CLIENT_ONLY -SUBDIRS = safe_c_stub src $(libest_jni) example/client example/client-simple example/client-brski -else -SUBDIRS = safe_c_stub src $(libest_jni) example/client example/client-simple example/server example/proxy example/client-brski +if ENABLE_EXAMPLES +if ENABLE_CLIENT_ONLY +examples = example/client example/client-simple example/client-brski +else +examples = example/client example/client-simple example/client-brski example/server example/proxy +endif endif +SUBDIRS = safe_c_stub src $(libest_jni) $(examples) EXTRA_DIST = autogen.sh example/util LICENSE README.brski $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle diff --git a/configure.ac b/configure.ac index d648030..95b3223 100644 --- a/configure.ac +++ b/configure.ac @@ -2,11 +2,6 @@ dnl Process this file with autoconf to produce a configure script. AC_INIT([libest],[3.2.0p],[libest-dev]) AC_CONFIG_AUX_DIR(config) AC_CONFIG_SRCDIR(src/est/est.c) -AC_CONFIG_SRCDIR(example/client/estclient.c) -AC_CONFIG_SRCDIR(example/client-simple/estclient-simple.c) -AC_CONFIG_SRCDIR(example/client-brski/estclient-brski.c) -AC_CONFIG_SRCDIR(example/server/estserver.c) -AC_CONFIG_SRCDIR(example/proxy/estproxy.c) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE @@ -80,6 +75,15 @@ AM_COND_IF([DISABLE_PTHREAD], [], [AC_CHECK_LIB([pthread], [pthread_create], [], [AC_MSG_FAILURE([can't find pthread lib])])]) +AC_ARG_ENABLE([examples], + [AS_HELP_STRING([--disable-examples], + [Disable examples compilation])], + [], + [enable_examples="yes"]) +AC_MSG_CHECKING(whether to build examples) +AM_CONDITIONAL([ENABLE_EXAMPLES], [test "$enable_examples" = "yes"]) +AM_COND_IF([ENABLE_EXAMPLES], AC_MSG_RESULT([yes]), AC_MSG_RESULT([no])) + AC_ARG_WITH([ssl-dir], [AS_HELP_STRING([--with-ssl-dir], [location of OpenSSL install folder, defaults to /usr/local/ssl])], @@ -198,7 +202,15 @@ AC_PREFIX_DEFAULT([/usr/local/est]) cp confdefs.h est_config.h -AC_CONFIG_FILES([Makefile version safe_c_stub/Makefile safe_c_stub/lib/Makefile src/Makefile src/est/Makefile example/client/Makefile example/client-simple/Makefile example/client-brski/Makefile example/server/Makefile example/proxy/Makefile]) +AC_CONFIG_FILES([Makefile version safe_c_stub/Makefile safe_c_stub/lib/Makefile src/Makefile src/est/Makefile]) AM_COND_IF([ENABLE_JNI], [AC_CONFIG_FILES([java/jni/Makefile])]) +AM_COND_IF([ENABLE_EXAMPLES], +[ + AC_CONFIG_FILES([example/client/Makefile example/client-simple/Makefile example/client-brski/Makefile]) + AM_COND_IF([ENABLE_CLIENT_ONLY], + [], + [AC_CONFIG_FILES([example/server/Makefile example/proxy/Makefile])]) +]) + AC_OUTPUT From 0f8de87ddd913e66ee57e2d24fd6232b5b1c6f43 Mon Sep 17 00:00:00 2001 From: Aleksandr Makarov Date: Tue, 14 Jul 2020 10:03:14 +0000 Subject: [PATCH 3/4] Add --with-system-libsafec flag to link against system libsafec Specifying the --with-system-libsafec flag shall allow the configuration program to search for and, if found, to link against the libsafec library that is installed in the system. After configuring --with-system-libsafec, the compilation will may with following error: In file included from /usr/include/libsafec/safe_lib.h:43, from est_server_http.c:39: /usr/include/libsafec/safe_types.h:42:9: error: unknown type name 'size_t' 42 | typedef size_t rsize_t; | ^~~~~~ The system libsafec lacks including stddef.h in its safe_types.h. Fix that by moving libsafec include directives below the openssl; the latter apparently does the inclusion of the necessary stddef.h at some point. Signed-off-by: Aleksandr Makarov --- Makefile.am | 6 +++++- configure.ac | 41 +++++++++++++++++++++++++++++---------- src/est/est_server_http.c | 6 +++--- 3 files changed, 39 insertions(+), 14 deletions(-) diff --git a/Makefile.am b/Makefile.am index e2561e7..d53b0d5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,5 +12,9 @@ examples = example/client example/client-simple example/client-brski example/ser endif endif -SUBDIRS = safe_c_stub src $(libest_jni) $(examples) +if ! WITH_SYSTEM_LIBSAFEC +builtin_libsafec = safe_c_stub +endif + +SUBDIRS = $(builtin_libsafec) src $(libest_jni) $(examples) EXTRA_DIST = autogen.sh example/util LICENSE README.brski $(srcdir)/build.gradle $(srcdir)/example/build_examples.gradle diff --git a/configure.ac b/configure.ac index 95b3223..048aa3c 100644 --- a/configure.ac +++ b/configure.ac @@ -10,6 +10,7 @@ AM_INIT_AUTOMAKE([subdir-objects]) AC_PROG_CC AM_PROG_CC_C_O +PKG_PROG_PKG_CONFIG LT_INIT AC_CANONICAL_HOST case $host in @@ -187,22 +188,39 @@ AC_ARG_WITH([libcoap-dir], ] ) -SAFEC_STUB_DIR='$(abs_top_builddir)/safe_c_stub' -AC_SUBST(SAFEC_STUB_DIR) -safecdir="$SAFEC_STUB_DIR" -AC_SUBST([SAFEC_DIR], "$safecdir") -AC_SUBST([SAFEC_CFLAGS], "$safecdir/include") -AC_SUBST([SAFEC_LDFLAGS], "$safecdir/lib") +AC_ARG_WITH(system-libsafec, + AS_HELP_STRING([--with-system-libsafec], + [select to use libsafec installed in the system]), + [], + [with_system_libsafec="no"]) -CFLAGS="$CFLAGS -Wall -I$safecdir/include" -LDFLAGS="$LDFLAGS -L$safecdir/lib" -LIBS="$LIBS -lsafe_lib" +AC_MSG_CHECKING(which libsafec to use) +AM_CONDITIONAL([WITH_SYSTEM_LIBSAFEC], [test "$with_system_libsafec" = "yes"]) +AM_COND_IF([WITH_SYSTEM_LIBSAFEC], AC_MSG_RESULT([system]), AC_MSG_RESULT([built-in])) +AM_COND_IF([WITH_SYSTEM_LIBSAFEC], +[ + PKG_CHECK_MODULES([libsafec], [libsafec]) + LIBS="$LIBS $libsafec_LIBS" + CFLAGS="$CFLAGS $libsafec_CFLAGS" + CPPFLAGS="$CPPFLAGS $libsafec_CFLAGS" +],[ + SAFEC_STUB_DIR='$(abs_top_builddir)/safe_c_stub' + AC_SUBST(SAFEC_STUB_DIR) + safecdir="$SAFEC_STUB_DIR" + AC_SUBST([SAFEC_DIR], "$safecdir") + AC_SUBST([SAFEC_CFLAGS], "$safecdir/include") + AC_SUBST([SAFEC_LDFLAGS], "$safecdir/lib") + + CFLAGS="$CFLAGS -Wall -I$safecdir/include" + LDFLAGS="$LDFLAGS -L$safecdir/lib" + LIBS="$LIBS -lsafe_lib" +]) AC_PREFIX_DEFAULT([/usr/local/est]) cp confdefs.h est_config.h -AC_CONFIG_FILES([Makefile version safe_c_stub/Makefile safe_c_stub/lib/Makefile src/Makefile src/est/Makefile]) +AC_CONFIG_FILES([Makefile version src/Makefile src/est/Makefile]) AM_COND_IF([ENABLE_JNI], [AC_CONFIG_FILES([java/jni/Makefile])]) AM_COND_IF([ENABLE_EXAMPLES], @@ -212,5 +230,8 @@ AM_COND_IF([ENABLE_EXAMPLES], [], [AC_CONFIG_FILES([example/server/Makefile example/proxy/Makefile])]) ]) +AM_COND_IF([WITH_SYSTEM_LIBSAFEC], + [], + [AC_CONFIG_FILES([safe_c_stub/Makefile safe_c_stub/lib/Makefile])]) AC_OUTPUT diff --git a/src/est/est_server_http.c b/src/est/est_server_http.c index 2a2de1f..4ce73c9 100644 --- a/src/est/est_server_http.c +++ b/src/est/est_server_http.c @@ -36,15 +36,15 @@ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // THE SOFTWARE. -#include "safe_lib.h" -#include "safe_str_lib.h" -#include "safe_mem_lib.h" #ifdef WIN32 #include #endif #include #include #include +#include "safe_lib.h" +#include "safe_str_lib.h" +#include "safe_mem_lib.h" #if defined(_WIN32) #define _CRT_SECURE_NO_WARNINGS // Disable deprecation warning in VS2005 #else From af537b3c47dcefa20609a1b35c16fab6d620d547 Mon Sep 17 00:00:00 2001 From: Aleksandr Makarov Date: Wed, 15 Jul 2020 11:25:05 +0000 Subject: [PATCH 4/4] configure.ac: Fix AC_ARG_ENABLE/AC_ARG_WITH macros Multiple tests in configure.ac are flawed: [--snip--] AC_ARG_ENABLE([pthreads], [AS_HELP_STRING([--disable-pthreads], [Disable support for pthreads])], [pthreads_on=1], [pthreads_on=0]) [--snip--] The third argument is "action-if-given" and the fourth argument is "action-if-not-given" [0]. Which means that, whether you pass --enable-pthreads or --disable-pthreads, the third argument will be executed, that is "pthreads_on=1". And if you pass neither, the fourth argument will be executed, i.e. "pthreads_on=0". We want `--enable-pthreads` and `--disable-pthreads` flags to do their job. The right way to do that will be to eliminate "action-if-given" and replace the user-defined `FEATURE_on=0|1` shell variables with the `enable_FEATURE` and `with_PACKAGE` shell variables provided by Autotools. [0] https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.69/autoconf.html#Package-Options Signed-off-by: Aleksandr Makarov --- configure.ac | 60 ++++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/configure.ac b/configure.ac index 048aa3c..0b930bf 100644 --- a/configure.ac +++ b/configure.ac @@ -43,9 +43,9 @@ AM_CONDITIONAL([JAVA_HOME_SET], [test ! -z "$JAVA_HOME"]) AC_ARG_ENABLE([client-only], [AS_HELP_STRING([--enable-client-only], [Enable the building of only the client mode of libEST])], - [clientonly_on=1], - [clientonly_on=0]) -AM_CONDITIONAL([ENABLE_CLIENT_ONLY], [test x$clientonly_on = x1]) + [], + [enable_client_only="no"]) +AM_CONDITIONAL([ENABLE_CLIENT_ONLY], [test "$enable_client_only" = "yes"]) AM_COND_IF([ENABLE_CLIENT_ONLY], AC_MSG_RESULT([Client only build enabled]) AC_DEFINE([ENABLE_CLIENT_ONLY]), @@ -54,9 +54,9 @@ AM_COND_IF([ENABLE_CLIENT_ONLY], AC_ARG_ENABLE([brski], [AS_HELP_STRING([--enable-brski], [Enable support for brski bootstrap functionality])], - [brski_on=1], - [brski_on=0]) -AM_CONDITIONAL([ENABLE_BRSKI], [test x$brski_on = x1]) + [], + [enable_brski="no"]) +AM_CONDITIONAL([ENABLE_BRSKI], [test "$enable_brski" = "yes"]) AM_COND_IF([ENABLE_BRSKI], AC_MSG_RESULT([BRSKI support enabled]) AC_DEFINE([ENABLE_BRSKI]), @@ -65,9 +65,9 @@ AM_COND_IF([ENABLE_BRSKI], AC_ARG_ENABLE([pthreads], [AS_HELP_STRING([--disable-pthreads], [Disable support for pthreads])], - [pthreads_on=1], - [pthreads_on=0]) -AM_CONDITIONAL([DISABLE_PTHREAD], [test x$pthreads_on = x1]) + [], + [enable_pthreads="yes"]) +AM_CONDITIONAL([DISABLE_PTHREAD], [test "$enable_pthreads" = "no"]) AM_COND_IF([DISABLE_PTHREAD], AC_MSG_RESULT([pthread support disabled]) AC_DEFINE([DISABLE_PTHREADS]), @@ -88,13 +88,13 @@ AM_COND_IF([ENABLE_EXAMPLES], AC_MSG_RESULT([yes]), AC_MSG_RESULT([no])) AC_ARG_WITH([ssl-dir], [AS_HELP_STRING([--with-ssl-dir], [location of OpenSSL install folder, defaults to /usr/local/ssl])], - [ssldir="$withval"], - [ssldir="/usr/local/ssl"]) -AC_SUBST([SSL_CFLAGS], "$ssldir/include") -AC_SUBST([SSL_LDFLAGS], "$ssldir/lib") + [], + [with_ssl_dir="/usr/local/ssl"]) +AC_SUBST([SSL_CFLAGS], "$with_ssl_dir/include") +AC_SUBST([SSL_LDFLAGS], "$with_ssl_dir/lib") -CFLAGS="$CFLAGS -Wall -I$ssldir/include" -LDFLAGS="$LDFLAGS -L$ssldir/lib" +CFLAGS="$CFLAGS -Wall -I$with_ssl_dir/include" +LDFLAGS="$LDFLAGS -L$with_ssl_dir/lib" if test "$is_freebsd" = "1" ; then AC_CHECK_LIB([crypto], [EVP_EncryptInit], [], [AC_MSG_FAILURE([can't find openssl crypto lib])] @@ -120,13 +120,13 @@ AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_reset], [], AC_ARG_WITH([libcurl-dir], [AS_HELP_STRING([--with-libcurl-dir], [enable support for client proxy using libcurl])], - [libcurldir="$withval"], - [with_libcurldir=no]) + [], + [with_libcurl_dir=no]) AS_IF( - [test "x$with_libcurldir" != xno], - [[CFLAGS="$CFLAGS -I$libcurldir/include"] - [LDFLAGS="$LDFLAGS -L$libcurldir/lib -lcurl"] + [test "$with_libcurl_dir" != "no"], + [[CFLAGS="$CFLAGS -I$with_libcurl_dir/include"] + [LDFLAGS="$LDFLAGS -L$with_libcurl_dir/lib -lcurl"] AC_CHECK_LIB( [curl], [curl_easy_init], @@ -143,17 +143,17 @@ AC_ARG_WITH([libcurl-dir], AC_ARG_WITH([uriparser-dir], [AS_HELP_STRING([--with-uriparser-dir], [enable support for path segments using uriparser])], - [uriparserdir="$withval"], - [with_uriparserdir=no]) + [], + [with_uriparser_dir=no]) dnl CFLAGS="$CFLAGS -Wall -I$uriparserdir/include" dnl CPPFLAGS="$CPPFLAGS -I$uriparser/include" dnl LDFLAGS="$LDFLAGS -L$uriparserdir/lib -luriparser" AS_IF( - [test "x$with_uriparserdir" != xno], - [[CFLAGS="$CFLAGS -I$uriparserdir/include"] - [LDFLAGS="$LDFLAGS -L$uriparserdir/lib -luriparser"] + [test "$with_uriparser_dir" != "no"], + [[CFLAGS="$CFLAGS -I$with_uriparser_dir/include"] + [LDFLAGS="$LDFLAGS -L$with_uriparser_dir/lib -luriparser"] AC_CHECK_LIB( [uriparser], [uriParseUriA], @@ -170,13 +170,13 @@ AC_ARG_WITH([uriparser-dir], AC_ARG_WITH([libcoap-dir], [AS_HELP_STRING([--with-libcoap-dir], [enable support for ESToCoAP using libcoap library])], - [libcoapdir="$withval"], - [with_libcoapdir=no]) + [], + [with_libcoap_dir=no]) AS_IF( - [test "x$with_libcoapdir" != xno], - [[CFLAGS="$CFLAGS -I$libcoapdir/include"] - [LDFLAGS="$LDFLAGS -L$libcoapdir/lib -lcoap-2-openssl"] + [test "$with_libcoap_dir" != "no"], + [[CFLAGS="$CFLAGS -I$with_libcoap_dir/include"] + [LDFLAGS="$LDFLAGS -L$with_libcoap_dir/lib -lcoap-2-openssl"] AC_CHECK_LIB( [coap-2-openssl], [coap_startup],