diff --git a/recipes-connectivity/README.md b/recipes-connectivity/README.md index 7267220..e8fc59b 100644 --- a/recipes-connectivity/README.md +++ b/recipes-connectivity/README.md @@ -48,7 +48,8 @@ This supports using `OpenSSH` version: 8.5p1, which was shipped with Yocto Hardk Socat ----- -This supports using `Socat` version: 1.8.0.0, which was shipped with Yocto Dunfell +This supports using `Socat` version: 1.7.3.4, which was shipped with Yocto Dunfell +And supports version 1.8.0.0 if updating the version of `Socat` in Yocto Dunfell - Usage: Change the line in the `meta-wolfssl/conf/layer.conf` from: diff --git a/recipes-connectivity/socat/files/socat-1.7.3.4.patch b/recipes-connectivity/socat/files/socat-1.7.3.4.patch new file mode 100644 index 0000000..48bf340 --- /dev/null +++ b/recipes-connectivity/socat/files/socat-1.7.3.4.patch @@ -0,0 +1,776 @@ +diff --git a/config.h.in b/config.h.in +index 17a6549..d60b9c7 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -633,6 +633,8 @@ + #undef WITH_EXT2 + #undef WITH_OPENSSL + #undef WITH_OPENSSL_METHOD ++#undef WITH_WOLFSSL ++#undef OPENSSL_NO_COMP + #undef WITH_RES_DEPRECATED /* AAONLY,PRIMARY */ + #define WITH_STREAMS 1 + #undef WITH_FIPS +diff --git a/configure.ac b/configure.ac +index d788dc1..3d33bc4 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -474,108 +474,175 @@ if test -n "$WITH_READLINE"; then + fi + fi + +-AC_MSG_CHECKING(whether to include openssl support) +-AC_ARG_ENABLE(openssl, [ --disable-openssl disable OpenSSL support], +- [ case "$enableval" in +- no) AC_MSG_RESULT(no); WITH_OPENSSL= ;; +- *) AC_MSG_RESULT(yes); WITH_OPENSSL=1 ;; +- esac], +- [ AC_MSG_RESULT(yes); WITH_OPENSSL=1 ]) +-# +-if test -n "$WITH_OPENSSL"; then +- AC_MSG_NOTICE(checking for components of OpenSSL) +- # first, we need to find the include file +- AC_CACHE_VAL(sc_cv_have_openssl_ssl_h, +- [AC_TRY_COMPILE([#include ],[;], +- [sc_cv_have_openssl_ssl_h=yes; OPENSSL_ROOT=""; ], +- [sc_cv_have_openssl_ssl_h=no +- for D in "/sw" "/usr/local" "/opt/freeware" "/usr/sfw" "/usr/local/ssl"; do +- I="$D/include" +- i="$I/openssl/ssl.h" +- if test -r "$i"; then +- #V_INCL="$V_INCL -I$I" +- CPPFLAGS="$CPPFLAGS -I$I" +- AC_MSG_NOTICE(found $i) +- sc_cv_have_openssl_ssl_h=yes; OPENSSL_ROOT="$D" +- break; ++AC_MSG_CHECKING(whether to include wolfSSL support) ++WOLFSSL_URL="https://www.wolfssl.com/download/" ++AC_ARG_WITH(wolfssl, ++ [ --with-wolfssl=PATH PATH to wolfssl install (default /usr/local) ], ++ [ ++ if test "x$withval" != "xno"; then ++ if test -d "$withval/lib"; then ++ LDFLAGS="-L${withval}/lib ${LDFLAGS}" ++ fi ++ if test -d "$withval/include"; then ++ CPPFLAGS="$CPPFLAGS -I${withval}/include -I${withval}/include/wolfssl" ++ fi ++ fi ++ ++ if test "x$withval" == "xyes" ; then ++ LDFLAGS="-L/usr/local/lib $LDFLAGS" ++ CPPFLAGS="-I/usr/local/include -I/usr/local/include/wolfssl $CPPFLAGS" ++ fi ++ ++ LIBS="$LIBS -lwolfssl" ++ ++ AC_MSG_RESULT([yes]) ++ ++ AC_DEFINE([WITH_WOLFSSL]) ++ AC_DEFINE([WITH_OPENSSL]) ++ AC_DEFINE([WITH_OPENSSL_METHOD]) ++ ++ # Note that we are disabling compression when using wolfSSL. ++ AC_DEFINE([OPENSSL_NO_COMP]) ++ ++ AC_CHECK_FUNC([wolfTLS_client_method], [AC_DEFINE([HAVE_TLS_client_method])], []) ++ AC_CHECK_FUNC([wolfTLS_server_method], [AC_DEFINE([HAVE_TLS_server_method])], []) ++ AC_CHECK_FUNC([wolfSSLv2_client_method], [AC_DEFINE([HAVE_SSLv2_client_method])], []) ++ AC_CHECK_FUNC([wolfSSLv2_server_method], [AC_DEFINE([HAVE_SSLv2_server_method])], []) ++ AC_CHECK_FUNC([wolfSSLv3_client_method], [AC_DEFINE([HAVE_SSLv3_client_method])], []) ++ AC_CHECK_FUNC([wolfSSLv3_server_method], [AC_DEFINE([HAVE_SSLv3_server_method])], []) ++ AC_CHECK_FUNC([wolfSSLv23_client_method], [AC_DEFINE([HAVE_SSLv23_client_method])], []) ++ AC_CHECK_FUNC([wolfSSLv23_server_method], [AC_DEFINE([HAVE_SSLv23_server_method])], []) ++ AC_CHECK_FUNC([wolfTLSv1_client_method], [AC_DEFINE([HAVE_TLSv1_client_method])], []) ++ AC_CHECK_FUNC([wolfTLSv1_server_method], [AC_DEFINE([HAVE_TLSv1_server_method])], []) ++ AC_CHECK_FUNC([wolfTLSv1_1_client_method], [AC_DEFINE([HAVE_TLSv1_1_client_method])], []) ++ AC_CHECK_FUNC([wolfTLSv1_1_server_method], [AC_DEFINE([HAVE_TLSv1_1_server_method])], []) ++ AC_CHECK_FUNC([wolfTLSv1_2_client_method], [AC_DEFINE([HAVE_TLSv1_2_client_method])], []) ++ AC_CHECK_FUNC([wolfTLSv1_2_server_method], [AC_DEFINE([HAVE_TLSv1_2_server_method])], []) ++ AC_CHECK_FUNC([wolfDTLSv1_client_method], [AC_DEFINE([HAVE_DTLSv1_client_method])], []) ++ AC_CHECK_FUNC([wolfDTLSv1_server_method], [AC_DEFINE([HAVE_DTLSv1_server_method])], []) ++ AC_CHECK_FUNC([wolfSSL_RAND_egd], [AC_DEFINE([HAVE_RAND_egd])], []) ++ AC_CHECK_FUNC([wolfSSL_DH_set0_pqg], [AC_DEFINE([HAVE_DH_set0_pqg])], []) ++ AC_CHECK_FUNC([wolfSSL_ASN1_STRING_data], [AC_DEFINE([HAVE_ASN1_STRING_get0_data])], []) ++ AC_CHECK_FUNC([wolfSSL_RAND_status], [AC_DEFINE([HAVE_RAND_status])], []) ++ ++ AC_MSG_CHECKING(for type WOLFSSL_EC_KEY) ++ AC_TRY_COMPILE([#include ], [EC_KEY *s;], [HAVE_TYPE_EC_KEY=yes], [HAVE_TYPE_EC_KEY=no]) ++ if test "$HAVE_TYPE_EC_KEY" = "yes" ++ then ++ AC_DEFINE([HAVE_TYPE_EC_KEY]) ++ AC_MSG_RESULT([yes]) ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ ], ++ [AC_MSG_RESULT([no])] ++) ++ ++if test "$WITH_WOLFSSL" = "no" ++then ++ AC_MSG_CHECKING(whether to include openssl support) ++ AC_ARG_ENABLE(openssl, [ --disable-openssl disable OpenSSL support], ++ [ case "$enableval" in ++ no) AC_MSG_RESULT(no); WITH_OPENSSL= ;; ++ *) AC_MSG_RESULT(yes); WITH_OPENSSL=1 ;; ++ esac], ++ [ AC_MSG_RESULT(yes); WITH_OPENSSL=1 ]) ++ ++ if test -n "$WITH_OPENSSL"; then ++ AC_MSG_NOTICE(checking for components of OpenSSL) ++ # first, we need to find the include file ++ AC_CACHE_VAL(sc_cv_have_openssl_ssl_h, ++ [AC_TRY_COMPILE([#include ],[;], ++ [sc_cv_have_openssl_ssl_h=yes; OPENSSL_ROOT=""; ], ++ [sc_cv_have_openssl_ssl_h=no ++ for D in "/sw" "/usr/local" "/opt/freeware" "/usr/sfw" "/usr/local/ssl"; do ++ I="$D/include" ++ i="$I/openssl/ssl.h" ++ if test -r "$i"; then ++ #V_INCL="$V_INCL -I$I" ++ CPPFLAGS="$CPPFLAGS -I$I" ++ AC_MSG_NOTICE(found $i) ++ sc_cv_have_openssl_ssl_h=yes; OPENSSL_ROOT="$D" ++ break; ++ fi ++ done]) ++ ]) ++ if test "$sc_cv_have_openssl_ssl_h" = "yes"; then ++ AC_DEFINE(HAVE_OPENSSL_SSL_H) ++ fi ++ AC_MSG_NOTICE(checked for openssl/ssl.h... $sc_cv_have_openssl_ssl_h) ++ fi # end checking for openssl/ssl.h ++ # ++ if test -n "$WITH_OPENSSL" -a "$sc_cv_have_openssl_ssl_h" = 'yes'; then ++ # next, we search for the openssl library (libssl.*) ++ # interesting: Linux only requires -lssl, FreeBSD requires -lssl -lcrypto ++ # Note, version OpenSSL 0.9.7j requires -lcrypto even on Linux. ++ AC_MSG_CHECKING(for libssl) ++ AC_CACHE_VAL(sc_cv_have_libssl, ++ [ LIBS0="$LIBS" ++ if test -n "$OPENSSL_ROOT"; then ++ L="$OPENSSL_ROOT/lib"; LIBS="$LIBS -L$L -lssl" ++ else ++ LIBS="$LIBS -lssl" ++ fi ++ AC_TRY_LINK([#include ], ++ [SSL_library_init();ERR_error_string()], ++ [sc_cv_have_libssl='yes'], ++ [ LIBS="$LIBS -lcrypto" ++ AC_TRY_LINK([#include ], ++ [SSL_library_init()], ++ [sc_cv_have_libssl='yes'], ++ [sc_cv_have_libssl='no']) ++ ]) ++ if test "$sc_cv_have_libssl" != 'yes'; then ++ LIBS="$LIBS0" ++ fi ++ ] ++ ) ++ if test "$sc_cv_have_libssl" = 'yes'; then ++ AC_DEFINE(HAVE_LIBSSL) ++ fi ++ AC_MSG_RESULT($sc_cv_have_libssl) ++ fi ++ # ++ # # a possible location for openssl (on Sourceforge/Solaris) ++ # AC_CHECK_FILE(/usr/local/ssl/lib, LIBS="$LIBS -L/usr/local/ssl/lib/") ++ # # sometimes on Solaris: ++ # AC_CHECK_FILE(/pkgs/lib, LIBS="$LIBS -L/pkgs/lib/") ++ # # for AIX 5.1 with Linux toolbox: ++ # AC_CHECK_FILE(/opt/freeware/lib, LIBS="$LIBS -L/opt/freeware/lib/") ++ # ++ # AC_CHECK_LIB(crypto, main) ++ # AC_CHECK_LIB(ssl, main) ++ # ++ # # MacOSX has openssl includes in another directory ++ # if test -d /sw/include/; then ++ # V_INCL="$V_INCL -I/sw/include" ++ # # and Solaris at sourceforge here: ++ # elif test -d /usr/local/ssl/include/; then ++ # V_INCL="$V_INCL -I/usr/local/ssl/include" ++ # # and AIX 5.1 with Linux toolbox: ++ # elif test -d /opt/freeware/include; then ++ # V_INCL="$V_INCL -I/opt/freeware/include" ++ # fi ++ #fi ++ if test -n "$WITH_OPENSSL"; then ++ if test "$sc_cv_have_openssl_ssl_h" = "yes" -a "$sc_cv_have_libssl" = "yes"; then ++ AC_DEFINE(WITH_OPENSSL) ++ else ++ AC_MSG_WARN([not all components of OpenSSL found, disabling it]); ++ fi + fi +- done]) +- ]) +- if test "$sc_cv_have_openssl_ssl_h" = "yes"; then +- AC_DEFINE(HAVE_OPENSSL_SSL_H) +- fi +- AC_MSG_NOTICE(checked for openssl/ssl.h... $sc_cv_have_openssl_ssl_h) +-fi # end checking for openssl/ssl.h +-# +-if test -n "$WITH_OPENSSL" -a "$sc_cv_have_openssl_ssl_h" = 'yes'; then +- # next, we search for the openssl library (libssl.*) +- # interesting: Linux only requires -lssl, FreeBSD requires -lssl -lcrypto +- # Note, version OpenSSL 0.9.7j requires -lcrypto even on Linux. +- AC_MSG_CHECKING(for libssl) +- AC_CACHE_VAL(sc_cv_have_libssl, +- [ LIBS0="$LIBS" +- if test -n "$OPENSSL_ROOT"; then +- L="$OPENSSL_ROOT/lib"; LIBS="$LIBS -L$L -lssl" +- else +- LIBS="$LIBS -lssl" +- fi +- AC_TRY_LINK([#include ], +- [SSL_library_init();ERR_error_string()], +- [sc_cv_have_libssl='yes'], +- [ LIBS="$LIBS -lcrypto" +- AC_TRY_LINK([#include ], +- [SSL_library_init()], +- [sc_cv_have_libssl='yes'], +- [sc_cv_have_libssl='no']) +- ]) +- if test "$sc_cv_have_libssl" != 'yes'; then +- LIBS="$LIBS0" +- fi +- ] +- ) +- if test "$sc_cv_have_libssl" = 'yes'; then +- AC_DEFINE(HAVE_LIBSSL) +- fi +- AC_MSG_RESULT($sc_cv_have_libssl) +-fi +-# +-# # a possible location for openssl (on Sourceforge/Solaris) +-# AC_CHECK_FILE(/usr/local/ssl/lib, LIBS="$LIBS -L/usr/local/ssl/lib/") +-# # sometimes on Solaris: +-# AC_CHECK_FILE(/pkgs/lib, LIBS="$LIBS -L/pkgs/lib/") +-# # for AIX 5.1 with Linux toolbox: +-# AC_CHECK_FILE(/opt/freeware/lib, LIBS="$LIBS -L/opt/freeware/lib/") +-# +-# AC_CHECK_LIB(crypto, main) +-# AC_CHECK_LIB(ssl, main) +-# +-# # MacOSX has openssl includes in another directory +-# if test -d /sw/include/; then +-# V_INCL="$V_INCL -I/sw/include" +-# # and Solaris at sourceforge here: +-# elif test -d /usr/local/ssl/include/; then +-# V_INCL="$V_INCL -I/usr/local/ssl/include" +-# # and AIX 5.1 with Linux toolbox: +-# elif test -d /opt/freeware/include; then +-# V_INCL="$V_INCL -I/opt/freeware/include" +-# fi +-#fi +-if test -n "$WITH_OPENSSL"; then +- if test "$sc_cv_have_openssl_ssl_h" = "yes" -a "$sc_cv_have_libssl" = "yes"; then +- AC_DEFINE(WITH_OPENSSL) +- else +- AC_MSG_WARN([not all components of OpenSSL found, disabling it]); +- fi +-fi + +-if test -n "$WITH_OPENSSL"; then +-AC_MSG_CHECKING(whether to include OpenSSL method option) +-AC_ARG_ENABLE(openssl-method, [ --enable-openssl-method enable OpenSSL method option], +- [case "$enableval" in +- no) AC_MSG_RESULT(no);; +- *) AC_DEFINE(WITH_OPENSSL_METHOD) WITH_OPENSSL_METHOD=1; AC_MSG_RESULT(yes);; +- esac], +- [AC_MSG_RESULT(no)]) ++ if test -n "$WITH_OPENSSL"; then ++ AC_MSG_CHECKING(whether to include OpenSSL method option) ++ AC_ARG_ENABLE(openssl-method, [ --enable-openssl-method enable OpenSSL method option], ++ [case "$enableval" in ++ no) AC_MSG_RESULT(no);; ++ *) AC_DEFINE(WITH_OPENSSL_METHOD) WITH_OPENSSL_METHOD=1; AC_MSG_RESULT(yes);; ++ esac], ++ [AC_MSG_RESULT(no)]) ++ fi + fi + + AC_MSG_CHECKING(whether to include deprecated resolver option) +@@ -586,92 +653,95 @@ AC_ARG_ENABLE(res-deprecated, [ --enable-res-deprecated enable deprecated + esac], + [AC_MSG_RESULT(no)]) + +-# check for fips support +-AC_MSG_CHECKING(whether to include openssl fips support) +-AC_ARG_ENABLE(fips, [ --enable-fips enable OpenSSL FIPS support], +- [ case "$enableval" in +- yes) AC_MSG_RESULT(yes); WITH_FIPS=1 ;; +- *) AC_MSG_RESULT(no); WITH_FIPS= ;; +- esac], +- [ AC_MSG_RESULT(no); WITH_FIPS= ]) +- +-if test -n "$WITH_FIPS"; then +- if test -n "$WITH_OPENSSL"; then +- AC_CHECK_PROG(HAVE_FIPSLD, fipsld, 1) +- if test "$sc_cv_have_openssl_ssl_h" != "yes" -o "$sc_cv_have_libssl" != "yes" -o ! "$HAVE_FIPSLD"; +- then +- AC_MSG_WARN([not all components of OpenSSL found, disabling FIPS]); +- WITH_FIPS= +- fi +- else +- AC_MSG_WARN([must enable OpenSSL to enable FIPS; use --enable-openssl]); +- fi +-fi ++if test "$WITH_WOLFSSL" = "no" ++then ++ # check for fips support ++ AC_MSG_CHECKING(whether to include openssl fips support) ++ AC_ARG_ENABLE(fips, [ --enable-fips enable OpenSSL FIPS support], ++ [ case "$enableval" in ++ yes) AC_MSG_RESULT(yes); WITH_FIPS=1 ;; ++ *) AC_MSG_RESULT(no); WITH_FIPS= ;; ++ esac], ++ [ AC_MSG_RESULT(no); WITH_FIPS= ]) ++ ++ if test -n "$WITH_FIPS"; then ++ if test -n "$WITH_OPENSSL"; then ++ AC_CHECK_PROG(HAVE_FIPSLD, fipsld, 1) ++ if test "$sc_cv_have_openssl_ssl_h" != "yes" -o "$sc_cv_have_libssl" != "yes" -o ! "$HAVE_FIPSLD"; ++ then ++ AC_MSG_WARN([not all components of OpenSSL found, disabling FIPS]); ++ WITH_FIPS= ++ fi ++ else ++ AC_MSG_WARN([must enable OpenSSL to enable FIPS; use --enable-openssl]); ++ fi ++ fi + +-if test -n "$WITH_FIPS"; then +- AC_MSG_CHECKING(for components of OpenSSL FIPS) +- # first, we need to find the include file +- AC_CACHE_VAL(sc_cv_have_openssl_fips_h, +- [AC_TRY_COMPILE([#define OPENSSL_FIPS +-#include +-#include ],[;], +- [sc_cv_have_openssl_fips_h=yes; ], +- [sv_cv_have_openssl_fips_h=no +- if test -n "$OPENSSL_ROOT"; then +- I="$OPENSSL_ROOT/include" +- i="$I/openssl/fips.h" +- if test -r "$i"; then +- AC_MSG_NOTICE(found $i) +- sc_cv_have_openssl_fips_h=yes; +- fi +- fi +- ] +- )] +- ) +- if test "$sv_cv_have_openssl_fips_h" = "yes"; then +- AC_DEFINE(HAVE_OPENSSL_FIPS_H) +- fi +- AC_MSG_NOTICE(checked for openssl/fips.h... $sc_cv_have_openssl_ssl_h) +-fi ++ if test -n "$WITH_FIPS"; then ++ AC_MSG_CHECKING(for components of OpenSSL FIPS) ++ # first, we need to find the include file ++ AC_CACHE_VAL(sc_cv_have_openssl_fips_h, ++ [AC_TRY_COMPILE([#define OPENSSL_FIPS ++ #include ++ #include ],[;], ++ [sc_cv_have_openssl_fips_h=yes; ], ++ [sv_cv_have_openssl_fips_h=no ++ if test -n "$OPENSSL_ROOT"; then ++ I="$OPENSSL_ROOT/include" ++ i="$I/openssl/fips.h" ++ if test -r "$i"; then ++ AC_MSG_NOTICE(found $i) ++ sc_cv_have_openssl_fips_h=yes; ++ fi ++ fi ++ ] ++ )] ++ ) ++ if test "$sv_cv_have_openssl_fips_h" = "yes"; then ++ AC_DEFINE(HAVE_OPENSSL_FIPS_H) ++ fi ++ AC_MSG_NOTICE(checked for openssl/fips.h... $sc_cv_have_openssl_ssl_h) ++ fi + +-if test -n "$WITH_FIPS" -a "$sc_cv_have_openssl_fips_h" = 'yes'; then +- # check for the libcrypto library with fips support +- AC_MSG_CHECKING(for libcrypto with FIPS support) +- AC_CACHE_VAL(sc_cv_have_libcrypto, +- [ LIBS0="$LIBS" +- echo $LIBS | grep -q "\-lcrypto" +- if test $? -ne 0; then +- if test -n "$OPENSSL_ROOT"; then +- L="$OPENSSL_ROOT/lib"; LIBS="$LIBS -L$L -lcrypto" +- else +- LIBS="$LIBS -lcrypto" +- fi +- fi +- AC_TRY_LINK([#define OPENSSL_FIPS +-#include +-#include ], +- [int res = FIPS_mode_set(1);], +- [sc_cv_have_libcrypto='yes'], +- [sc_cv_have_libcrypto='no'] +- ) +- if test "$sc_cv_have_libcrypto" != 'yes'; then +- LIBS="$LIBS0" +- fi +- ] +- ) +- if test "$sc_cv_have_libcrypto" = 'yes'; then +- AC_DEFINE(HAVE_LIBCRYPTO) +- fi +- AC_MSG_RESULT($sc_cv_have_libcrypto) +-fi ++ if test -n "$WITH_FIPS" -a "$sc_cv_have_openssl_fips_h" = 'yes'; then ++ # check for the libcrypto library with fips support ++ AC_MSG_CHECKING(for libcrypto with FIPS support) ++ AC_CACHE_VAL(sc_cv_have_libcrypto, ++ [ LIBS0="$LIBS" ++ echo $LIBS | grep -q "\-lcrypto" ++ if test $? -ne 0; then ++ if test -n "$OPENSSL_ROOT"; then ++ L="$OPENSSL_ROOT/lib"; LIBS="$LIBS -L$L -lcrypto" ++ else ++ LIBS="$LIBS -lcrypto" ++ fi ++ fi ++ AC_TRY_LINK([#define OPENSSL_FIPS ++ #include ++ #include ], ++ [int res = FIPS_mode_set(1);], ++ [sc_cv_have_libcrypto='yes'], ++ [sc_cv_have_libcrypto='no'] ++ ) ++ if test "$sc_cv_have_libcrypto" != 'yes'; then ++ LIBS="$LIBS0" ++ fi ++ ] ++ ) ++ if test "$sc_cv_have_libcrypto" = 'yes'; then ++ AC_DEFINE(HAVE_LIBCRYPTO) ++ fi ++ AC_MSG_RESULT($sc_cv_have_libcrypto) ++ fi + +-if test -n "$WITH_FIPS"; then +- if test "$sc_cv_have_openssl_fips_h" = 'yes' -a "$sc_cv_have_libcrypto" = 'yes'; then +- AC_DEFINE(WITH_FIPS) +- AC_DEFINE(OPENSSL_FIPS) +- else +- AC_MSG_WARN([not all components of OpenSSL FIPS found, disabling it]); +- fi ++ if test -n "$WITH_FIPS"; then ++ if test "$sc_cv_have_openssl_fips_h" = 'yes' -a "$sc_cv_have_libcrypto" = 'yes'; then ++ AC_DEFINE(WITH_FIPS) ++ AC_DEFINE(OPENSSL_FIPS) ++ else ++ AC_MSG_WARN([not all components of OpenSSL FIPS found, disabling it]); ++ fi ++ fi + fi + + AC_MSG_CHECKING(whether to include tun/tap address support) +@@ -1437,44 +1507,47 @@ AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), + dnl Search for unsetenv() + AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV)) + +-AC_CHECK_FUNC(TLS_client_method, AC_DEFINE(HAVE_TLS_client_method) ac_cv_have_tls_client_method=yes, AC_CHECK_LIB(crypt, TLS_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(TLS_server_method, AC_DEFINE(HAVE_TLS_server_method) ac_cv_have_tls_server_method=yes, AC_CHECK_LIB(crypt, TLS_server_method, [LIBS=-lcrypt $LIBS])) +-if test -n "$WITH_OPENSSL_METHOD" -o -z "$ac_cv_have_tls_client_method" -o -z "$ac_cv_have_tls_server_method" ; then +-dnl Search for SSLv2_client_method, SSLv2_server_method +-AC_CHECK_FUNC(SSLv2_client_method, AC_DEFINE(HAVE_SSLv2_client_method), AC_CHECK_LIB(crypt, SSLv2_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(SSLv2_server_method, AC_DEFINE(HAVE_SSLv2_server_method), AC_CHECK_LIB(crypt, SSLv2_server_method, [LIBS=-lcrypt $LIBS])) +-dnl +-AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(SSLv3_server_method, AC_DEFINE(HAVE_SSLv3_server_method), AC_CHECK_LIB(crypt, SSLv3_server_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(SSLv23_client_method, AC_DEFINE(HAVE_SSLv23_client_method), AC_CHECK_LIB(crypt, SSLv23_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(SSLv23_server_method, AC_DEFINE(HAVE_SSLv23_server_method), AC_CHECK_LIB(crypt, SSLv23_server_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(TLSv1_client_method, AC_DEFINE(HAVE_TLSv1_client_method), AC_CHECK_LIB(crypt, TLSv1_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(TLSv1_server_method, AC_DEFINE(HAVE_TLSv1_server_method), AC_CHECK_LIB(crypt, TLSv1_server_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(TLSv1_1_client_method, AC_DEFINE(HAVE_TLSv1_1_client_method), AC_CHECK_LIB(crypt, TLSv1_1_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(TLSv1_1_server_method, AC_DEFINE(HAVE_TLSv1_1_server_method), AC_CHECK_LIB(crypt, TLSv1_1_server_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(TLSv1_2_client_method, AC_DEFINE(HAVE_TLSv1_2_client_method), AC_CHECK_LIB(crypt, TLSv1_2_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(TLSv1_2_server_method, AC_DEFINE(HAVE_TLSv1_2_server_method), AC_CHECK_LIB(crypt, TLSv1_2_server_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(DTLSv1_client_method, AC_DEFINE(HAVE_DTLSv1_client_method), AC_CHECK_LIB(crypt, DTLSv1_client_method, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHECK_LIB(crypt, DTLSv1_server_method, [LIBS=-lcrypt $LIBS])) +-fi # $WITH_OPENSSL_METHOD +- +-AC_CHECK_FUNC(SSL_CTX_set_default_verify_paths, AC_DEFINE(HAVE_SSL_CTX_set_default_verify_paths)) +-AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS])) +-AC_CHECK_FUNC(RAND_status, AC_DEFINE(HAVE_RAND_status)) +-AC_CHECK_FUNC(SSL_CTX_clear_mode, AC_DEFINE(HAVE_SSL_CTX_clear_mode)) +- +-AC_MSG_CHECKING(for type EC_KEY) +-AC_CACHE_VAL(sc_cv_type_EC_TYPE, +-[AC_TRY_COMPILE([#include +-],[EC_KEY *s;], +-[sc_cv_type_EC_KEY=yes], +-[sc_cv_type_EC_KEY=no])]) +-if test $sc_cv_type_EC_KEY = yes; then +- AC_DEFINE(HAVE_TYPE_EC_KEY) +-fi +-AC_MSG_RESULT($sc_cv_type_EC_KEY) ++if test "$WITH_WOLFSSL" = "no" ++then ++ AC_CHECK_FUNC(TLS_client_method, AC_DEFINE(HAVE_TLS_client_method) ac_cv_have_tls_client_method=yes, AC_CHECK_LIB(crypt, TLS_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(TLS_server_method, AC_DEFINE(HAVE_TLS_server_method) ac_cv_have_tls_server_method=yes, AC_CHECK_LIB(crypt, TLS_server_method, [LIBS=-lcrypt $LIBS])) ++ if test -n "$WITH_OPENSSL_METHOD" -o -z "$ac_cv_have_tls_client_method" -o -z "$ac_cv_have_tls_server_method" ; then ++ dnl Search for SSLv2_client_method, SSLv2_server_method ++ AC_CHECK_FUNC(SSLv2_client_method, AC_DEFINE(HAVE_SSLv2_client_method), AC_CHECK_LIB(crypt, SSLv2_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(SSLv2_server_method, AC_DEFINE(HAVE_SSLv2_server_method), AC_CHECK_LIB(crypt, SSLv2_server_method, [LIBS=-lcrypt $LIBS])) ++ ++ AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(SSLv3_server_method, AC_DEFINE(HAVE_SSLv3_server_method), AC_CHECK_LIB(crypt, SSLv3_server_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(SSLv23_client_method, AC_DEFINE(HAVE_SSLv23_client_method), AC_CHECK_LIB(crypt, SSLv23_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(SSLv23_server_method, AC_DEFINE(HAVE_SSLv23_server_method), AC_CHECK_LIB(crypt, SSLv23_server_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(TLSv1_client_method, AC_DEFINE(HAVE_TLSv1_client_method), AC_CHECK_LIB(crypt, TLSv1_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(TLSv1_server_method, AC_DEFINE(HAVE_TLSv1_server_method), AC_CHECK_LIB(crypt, TLSv1_server_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(TLSv1_1_client_method, AC_DEFINE(HAVE_TLSv1_1_client_method), AC_CHECK_LIB(crypt, TLSv1_1_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(TLSv1_1_server_method, AC_DEFINE(HAVE_TLSv1_1_server_method), AC_CHECK_LIB(crypt, TLSv1_1_server_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(TLSv1_2_client_method, AC_DEFINE(HAVE_TLSv1_2_client_method), AC_CHECK_LIB(crypt, TLSv1_2_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(TLSv1_2_server_method, AC_DEFINE(HAVE_TLSv1_2_server_method), AC_CHECK_LIB(crypt, TLSv1_2_server_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(DTLSv1_client_method, AC_DEFINE(HAVE_DTLSv1_client_method), AC_CHECK_LIB(crypt, DTLSv1_client_method, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHECK_LIB(crypt, DTLSv1_server_method, [LIBS=-lcrypt $LIBS])) ++ fi # $WITH_OPENSSL_METHOD ++ ++ AC_CHECK_FUNC(SSL_CTX_set_default_verify_paths, AC_DEFINE(HAVE_SSL_CTX_set_default_verify_paths)) ++ AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS])) ++ AC_CHECK_FUNC(RAND_status, AC_DEFINE(HAVE_RAND_status)) ++ AC_CHECK_FUNC(SSL_CTX_clear_mode, AC_DEFINE(HAVE_SSL_CTX_clear_mode)) ++ ++ AC_MSG_CHECKING(for type EC_KEY) ++ AC_CACHE_VAL(sc_cv_type_EC_TYPE, ++ [AC_TRY_COMPILE([#include ++ ],[EC_KEY *s;], ++ [sc_cv_type_EC_KEY=yes], ++ [sc_cv_type_EC_KEY=no])]) ++ if test $sc_cv_type_EC_KEY = yes; then ++ AC_DEFINE(HAVE_TYPE_EC_KEY) ++ fi ++ AC_MSG_RESULT($sc_cv_type_EC_KEY) ++fi + + + dnl Run time checks +@@ -1976,18 +2049,21 @@ if test "$GCC" = yes; then + CFLAGS="$CFLAGS" + fi + +-# FIPS support requires compiling with fipsld. +-# fipsld requires the FIPSLD_CC variable to be set to the original CC. +-# This check must be done after all other checks that require compiling +-# so that fipsld is not used by the configure script itself. +-if test -n "$WITH_FIPS"; then +- if test "$sc_cv_have_openssl_fips_h" = 'yes' -a "$sc_cv_have_libcrypto" = 'yes'; then +- FIPSLD_CC=$CC +- if test "${FIPSLD+set}" != set ; then +- FIPSLD=fipsld +- fi +- CC="FIPSLD_CC=$CC $FIPSLD" +- fi ++if test "$WITH_WOLFSSL" = "no" ++then ++ # FIPS support requires compiling with fipsld. ++ # fipsld requires the FIPSLD_CC variable to be set to the original CC. ++ # This check must be done after all other checks that require compiling ++ # so that fipsld is not used by the configure script itself. ++ if test -n "$WITH_FIPS"; then ++ if test "$sc_cv_have_openssl_fips_h" = 'yes' -a "$sc_cv_have_libcrypto" = 'yes'; then ++ FIPSLD_CC=$CC ++ if test "${FIPSLD+set}" != set ; then ++ FIPSLD=fipsld ++ fi ++ CC="FIPSLD_CC=$CC $FIPSLD" ++ fi ++ fi + fi + AC_SUBST(FIPSLD_CC) + +@@ -2018,7 +2094,7 @@ AC_MSG_RESULT($sc_cv_var_environ) + if test "$BUILD_DATE"; then + AC_DEFINE_UNQUOTED(BUILD_DATE, ["$BUILD_DATE"]) + else +- AC_DEFINE(BUILD_DATE, [__DATE__" "__TIME__]) ++ AC_DEFINE([BUILD_DATE], [__DATE__" "__TIME__], []) + fi + + AC_OUTPUT(Makefile) +diff --git a/sysincludes.h b/sysincludes.h +index afcedd3..66fb76d 100644 +--- a/sysincludes.h ++++ b/sysincludes.h +@@ -181,6 +181,9 @@ + # endif + #endif /* WITH_READLINE */ + #if WITH_OPENSSL ++#if WITH_WOLFSSL ++#include ++#endif + #include + #include + #include +diff --git a/xio-openssl.c b/xio-openssl.c +index 132e8ea..b32959f 100644 +--- a/xio-openssl.c ++++ b/xio-openssl.c +@@ -625,9 +625,14 @@ int _xioopen_openssl_listen(struct single *xfd, + Msg(level, "I/O error"); /*!*/ + while (err = ERR_get_error()) { + ERR_error_string_n(err, error_string, sizeof(error_string)); +- Msg4(level, "SSL_accept(): %s / %s / %s / %s", error_string, +- ERR_lib_error_string(err), ERR_func_error_string(err), +- ERR_reason_error_string(err)); ++ #ifdef WITH_WOLFSSL ++ Msg2(level, "SSL_accept(): %s / %s", error_string, ++ ERR_reason_error_string(err)); ++ #else ++ Msg4(level, "SSL_accept(): %s / %s / %s / %s", error_string, ++ ERR_lib_error_string(err), ERR_func_error_string(err), ++ ERR_reason_error_string(err)); ++ #endif + } + /* Msg1(level, "SSL_accept(): %s", ERR_error_string(e, buf));*/ + } +@@ -719,7 +724,12 @@ int + bool opt_fips = false; + const SSL_METHOD *method = NULL; + char *me_str = NULL; /* method string */ ++/* By default, let wolfSSL pick the strongest cipher */ ++#ifdef WITH_WOLFSSL ++ char *ci_str = NULL; ++#else + char *ci_str = "HIGH:-NULL:-PSK:-aNULL"; /* cipher string */ ++#endif + char *opt_key = NULL; /* file name of client private key */ + char *opt_dhparam = NULL; /* file name of DH params */ + char *opt_cafile = NULL; /* certificate authority file */ +@@ -767,6 +777,10 @@ int + OpenSSL_add_all_digests(); + sycSSL_load_error_strings(); + ++#if defined(WITH_WOLFSSL) && defined(DEBUG_WOLFSSL) ++ wolfSSL_Debugging_ON(); ++#endif ++ + /* OpenSSL preparation */ + sycSSL_library_init(); + +@@ -786,7 +800,13 @@ int + #endif + #if HAVE_SSLv23_client_method + } else if (!strcasecmp(me_str, "SSL23")) { ++ #if defined(WITH_WOLFSSL) && defined(WOLFSSL_TLS13) ++ /* Can't use sycSSLv23_client_method because wolfSSL will default to ++ * TLS 1.3, which doesn't work with socat." */ ++ method = sycTLSv1_2_client_method(); ++ #else + method = sycSSLv23_client_method(); ++ #endif + #endif + #if HAVE_TLSv1_client_method + } else if (!strcasecmp(me_str, "TLS1") || !strcasecmp(me_str, "TLS1.0")) { +@@ -808,9 +828,9 @@ int + Error1("openssl-method=\"%s\": method unknown or not provided by library", me_str); + } + } else { +-#if HAVE_TLS_client_method ++#if HAVE_TLS_client_method && !(defined(WITH_WOLFSSL) && defined(WOLFSSL_TLS13)) + method = TLS_client_method(); +-#elif HAVE_SSLv23_client_method ++#elif HAVE_SSLv23_client_method && !(defined(WITH_WOLFSSL) && defined(WOLFSSL_TLS13)) + method = sycSSLv23_client_method(); + #elif HAVE_TLSv1_2_client_method + method = sycTLSv1_2_client_method(); +@@ -840,7 +860,13 @@ int + #endif + #if HAVE_SSLv23_server_method + } else if (!strcasecmp(me_str, "SSL23")) { ++ #if defined(WITH_WOLFSSL) && defined(WOLFSSL_TLS13) ++ /* Can't use sycSSLv23_server_method because wolfSSL will default to ++ * TLS 1.3, which doesn't work with socat." */ ++ method = sycTLSv1_2_server_method(); ++ #else + method = sycSSLv23_server_method(); ++ #endif + #endif + #if HAVE_TLSv1_server_method + } else if (!strcasecmp(me_str, "TLS1") || !strcasecmp(me_str, "TLS1.0")) { +@@ -862,9 +888,9 @@ int + Error1("openssl-method=\"%s\": method unknown or not provided by library", me_str); + } + } else { +-#if HAVE_TLS_server_method ++#if HAVE_TLS_server_method && !(defined(WITH_WOLFSSL) && defined(WOLFSSL_TLS13)) + method = TLS_server_method(); +-#elif HAVE_SSLv23_server_method ++#elif HAVE_SSLv23_server_method && !(defined(WITH_WOLFSSL) && defined(WOLFSSL_TLS13)) + method = sycSSLv23_server_method(); + #elif HAVE_TLSv1_2_server_method + method = sycTLSv1_2_server_method(); +@@ -1140,7 +1166,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char *funcname) { + Debug1("ERR_get_error(): %lx", e); + if + ( +-#if defined(OPENSSL_IS_BORINGSSL) ++#if defined(OPENSSL_IS_BORINGSSL) || defined(WITH_WOLFSSL) + 0 /* BoringSSL's RNG always succeeds. */ + #elif defined(HAVE_RAND_status) + ERR_GET_LIB(e) == ERR_LIB_RAND && RAND_status() != 1 +@@ -1568,9 +1594,14 @@ static int xioSSL_connect(struct single *xfd, const char *opt_commonname, + Msg(level, "I/O error"); /*!*/ + while (err = ERR_get_error()) { + ERR_error_string_n(err, error_string, sizeof(error_string)); +- Msg4(level, "SSL_connect(): %s / %s / %s / %s", error_string, +- ERR_lib_error_string(err), ERR_func_error_string(err), +- ERR_reason_error_string(err)); ++ #ifdef WITH_WOLFSSL ++ Msg2(level, "SSL_connect(): %s / %s", error_string, ++ ERR_reason_error_string(err)); ++ #else ++ Msg4(level, "SSL_connect(): %s / %s / %s / %s", error_string, ++ ERR_lib_error_string(err), ERR_func_error_string(err), ++ ERR_reason_error_string(err)); ++ #endif + } + } + status = STAT_RETRYLATER; +@@ -1628,9 +1659,14 @@ ssize_t xioread_openssl(struct single *pipe, void *buff, size_t bufsiz) { + Error("I/O error"); /*!*/ + while (err = ERR_get_error()) { + ERR_error_string_n(err, error_string, sizeof(error_string)); +- Error4("SSL_read(): %s / %s / %s / %s", error_string, +- ERR_lib_error_string(err), ERR_func_error_string(err), +- ERR_reason_error_string(err)); ++ #ifdef WITH_WOLFSSL ++ Error2("SSL_read(): %s / %s", error_string, ++ ERR_reason_error_string(err)); ++ #else ++ Error4("SSL_read(): %s / %s / %s / %s", error_string, ++ ERR_lib_error_string(err), ERR_func_error_string(err), ++ ERR_reason_error_string(err)); ++ #endif + } + } + break; +@@ -1687,9 +1723,14 @@ ssize_t xiowrite_openssl(struct single *pipe, const void *buff, size_t bufsiz) { + Error("I/O error"); /*!*/ + while (err = ERR_get_error()) { + ERR_error_string_n(err, error_string, sizeof(error_string)); +- Error4("SSL_write(): %s / %s / %s / %s", error_string, +- ERR_lib_error_string(err), ERR_func_error_string(err), +- ERR_reason_error_string(err)); ++ #ifdef WITH_WOLFSSL ++ Error2("SSL_write(): %s / %s", error_string, ++ ERR_reason_error_string(err)); ++ #else ++ Error4("SSL_write(): %s / %s / %s / %s", error_string, ++ ERR_lib_error_string(err), ERR_func_error_string(err), ++ ERR_reason_error_string(err)); ++ #endif + } + } + break; diff --git a/recipes-connectivity/socat/socat_1.7.3.4.bbappend b/recipes-connectivity/socat/socat_1.7.3.4.bbappend new file mode 100644 index 0000000..b93eb1e --- /dev/null +++ b/recipes-connectivity/socat/socat_1.7.3.4.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +SRC_URI += " file://socat-1.7.3.4.patch" +DEPENDS_remove = "openssl" +DEPENDS += "wolfssl" +EXTRA_OECONF += "--with-wolfssl=${STAGING_EXECPREFIXDIR}"