From 1a7bc0de8a3e2743580741391c86ad629e84277f Mon Sep 17 00:00:00 2001 From: DM Cyber Security <128435685+dmcys@users.noreply.github.com> Date: Mon, 8 May 2023 20:00:39 +0000 Subject: [PATCH] Add files via upload --- linux/i2pd-openssl/ChangeLog | 953 +++++++++++++++++++++++++++ linux/i2pd-openssl/LICENSE | 27 + linux/i2pd-openssl/Makefile | 187 ++++++ linux/i2pd-openssl/Makefile.bsd | 13 + linux/i2pd-openssl/Makefile.homebrew | 57 ++ linux/i2pd-openssl/Makefile.linux | 87 +++ linux/i2pd-openssl/Makefile.mingw | 59 ++ linux/i2pd-openssl/Makefile.osx | 34 + linux/i2pd-openssl/filelist.mk | 26 + 9 files changed, 1443 insertions(+) create mode 100644 linux/i2pd-openssl/ChangeLog create mode 100644 linux/i2pd-openssl/LICENSE create mode 100644 linux/i2pd-openssl/Makefile create mode 100644 linux/i2pd-openssl/Makefile.bsd create mode 100644 linux/i2pd-openssl/Makefile.homebrew create mode 100644 linux/i2pd-openssl/Makefile.linux create mode 100644 linux/i2pd-openssl/Makefile.mingw create mode 100644 linux/i2pd-openssl/Makefile.osx create mode 100644 linux/i2pd-openssl/filelist.mk diff --git a/linux/i2pd-openssl/ChangeLog b/linux/i2pd-openssl/ChangeLog new file mode 100644 index 0000000..b6005d4 --- /dev/null +++ b/linux/i2pd-openssl/ChangeLog @@ -0,0 +1,953 @@ +# for this file format description, +# see https://github.com/olivierlacan/keep-a-changelog + +## [2.47.0] - 2023-03-11 +### Added +- Congestion caps +- SAM UDP port parameter +- Support domain addresses for yggdrasil reseeds +### Changed +- DHT for floodfills instead plain list +- Process router's messages in separate thread +- Don't publish non-reachable router +- Send and check target destination in first streaming SYN packet +- Reseeds list +### Fixed +- Memory leak in windows network state detection +- Reseed attempts from invalid address + +## [2.46.1] - 2023-02-20 +### Fixed +- Race condition while getting router's peer profile +- Creation of new router.info +- Displaying LeaseSets in the webconsole +- Crash when processing ACK request + +## [2.46.0] - 2023-02-15 +### Added +- Limit number of acked SSU2 packets to 511 +- Localization to Swedish, Portuguese, Turkish, Polish +- Periodically send Datetime block in NTCP2 and SSU2 +- Don't select random port from reserved +- In memory table for peer profiles +- Store if router was unreachable in it's peer profile +- Show IPv6 addresses in square brackets in webconsole +- Check referer when processing Addresshelper +### Changed +- Algorithm for tunnel creation success rate calculation +- Drop incoming NTCP2 and SSU2 connection if published IP doesn't match actual endpoint +- Exclude actually unreachable router from netdb for 2 hours +- Select first hop from high bandwidth peers for client tunnels +- Drop too long or too short LeaseSet +- Delete router from netdb if became invalid after update +- Terminate existing session if clock skew detected +- Close previous UDP socket if open before reopening +- Minimal version for floodfill is 0.9.51 +- Sort transports by endpoints in webconsole +### Fixed +- Deadlock during processing I2NP block with Garlic in ECIES encrypted message to router +- Race condition with encrypted LeaseSets +- HTTP query detection +- Connection attempts to IPs from invalid ranges +- Publish "0.0.0.0" in RouterInfo +- Crash upon receiving PeerTest 7 +- Tunnels for closed SAM session socket +- Missing NTCP2 address in RouterInfo if enabled back + +## [2.45.1] - 2023-01-11 +### Added +- Full Cone NAT status error +### Changed +- Drop duplicated I2NP messages in SSU2 +- Set rejection code 30 if tunnel with id already exists +- Network status is always OK if peer test msg 5 received +### Fixed +- UPnP crash if SSU2 or NTCP2 is disabled +- Crash on termination for some platforms + +## [2.45.0] - 2023-01-03 +### Added +- Test for Symmetric NAT with peer test msgs 6 and 7 +- Webconsole "No Descriptors" router error state +- 1 and 15 seconds bandwidth calculation for i2pcontrol +- Show non-zero send queue size for transports in web console +- Compressible padding for I2P addresses +- Localization to Czech +- Don't accept incoming session from invalid/reserved addresses for NTCP2 and SSU2 +- Limit simultaneous tunnel build requests by 4 per pool +### Changed +- Removed SSU support +- Reduced bandwidth calculation interval from 60 to 15 seconds +- Increased default max transit tunnels number from 2500 to 5000 or 10000 for floodfill +- Transit tunnels limit is doubled if floodfill mode is enabled +- NTCP2 and SSU2 timestamps are rounded to seconds +- Drop RouterInfos and LeaseSets with timestamp from future +- Don't delete unreachable routers if tunnel creation success rate is too low +- Refuse duplicated incoming pending NTCP2 session from same IP +- Don't send SSU2 termination again if termination received block received +- Handle standard network error for SSU2 without throwing an exception +- Don't select overloaded peer for next tunnel +- Remove "X-Requested-With" in HTTP Proxy for non-AJAX requests +### Fixed +- File descriptors leak +- Random crash on AddressBook update +- Crash if incorrect LeaseSet size +- Spamming to log if no descriptors +- ::1 address in RouterInfo +- SSU2 network error handling (especially for Windows) +- Race condition with pending outgoing SSU2 sessions +- RTT self-reduction for long-live streams + +## [2.44.0] - 2022-11-20 +### Added +- SSL connection for server I2P tunnels +- Localization to Italian and Spanish +- SSU2 through SOCKS5 UDP proxy +- Reload tunnels through web console +- SSU2 send immediate ack request flag +- SSU2 send and verify path challenge +- Configurable ssu2.mtu4 and ssu2.mtu6 +### Changed +- SSU2 is enabled and SSU is disabled by default +- Separate network status and error +- Random selection between NTCP2 and SSU2 priority +- Added notbob.i2p to jump services +- Remove DoNotTrack flag from HTTP Request header +- Skip addresshelper page if destination was not changed +- SSU2 allow different ports from RelayReponse and HolePunch +- SSU2 resend PeerTest msg 1 and msg 2 +- SSU2 Send Retry instead SessionCreated if clock skew detected +### Fixed +- Long HTTP headers for HTTP proxy and HTTP server tunnel +- SSU2 resends and resend limits +- Crash at startup if addressbook is disabled +- NTCP2 ipv6 connection through SOCKS5 proxy +- SSU2 SessionRequest with zero token +- SSU2 MTU less than 1280 +- SSU2 port=1 +- Incorrect addresses from network interfaces +- Definitions for Darwin PPC; do not use pthread_setname_np + +## [2.43.0] - 2022-08-22 +### Added +- Complete SSU2 implementation +- Localization to Chinese +- Send RouterInfo update for long live sessions +- Explicit ipv6 ranges of known tunnel brokers for MTU detection +- Always send "Connection: close" and strip out Keep-Alive for server HTTP tunnel +- Show ports for all transports in web console +- Translation of webconsole site title +- Support for Windows ProgramData path when running as service +- Ability to turn off address book +- Handle signals TSTP and CONT to stop and resume network +### Changed +- Case insensitive headers for server HTTP tunnel +- Do not show 'Address registration' line if LeaseSet is encrypted +- SSU2 transports have higher priority than SSU +- Disable ElGamal precalculated table if no SSU +- Deprecate limits.ntcpsoft, limits.ntcphard and limits.ntcpthreads config options +- SSU2 is enabled and SSU is disabled by default for new installations +### Fixed +- Typo with Referer header name in HTTP proxy +- Can't handle garlic message from an exploratory tunnel +- Incorrect encryption key for exploratory lookup reply +- Bound checks issues in LeaseSets code +- MTU detection on Windows +- Crash on stop of active server tunnel +- Send datagram to wrong destination in SAM +- Incorrect static key in RouterInfo if the keys were regenerated +- Duplicated sessions in BOB + +## [2.42.1] - 2022-05-24 +### Fixed +- Incorrect jump link in HTTP Proxy + +## [2.42.0] - 2022-05-22 +### Added +- Preliminary SSU2 implementation +- Tunnel length variance +- Localization to French +- Daily cleanup of obsolete peer profiles +- Ordered jump services list in HTTP proxy +- Win32 service +- Show port for local non-published SSU addresses in web console +### Changed +- Maximum RouterInfo length increased to 3K +- Skip unknown addresses in RouterInfo +- Don't pick own router for peer test +- Reseeds list +- Internal numeric id for families +- Use ipv6 preference only when netinet headers not used +- Close stream if delete requested +- Remove version from title in web console +- Drop MESHNET build option +- Set data path before initialization +- Don't show registration block in web console if token is not provided +### Fixed +- Encrypted LeaseSet for EdDSA signature +- Clients tunnels are not built if clock is not synced on start +- Incorrect processing of i2cp.dontPublishLeaseSet param +- UDP tunnels reload +- Build for LibreSSL 3.5.2 +- Race condition in short tunnel build message +- Race condition in local RouterInfo buffer allocation + +## [2.41.0] - 2022-02-20 +### Added +- Clock syncronization through SSU +- Drop routers older than 6 months on start +- Localization to German +- Don't send streaming ack too frequently +- Select compatible outbound tunnel for I2CP messages +- Restart webconsole's acceptor in case of exception +### Changed +- Use builtin bitswap for endian on windows +- Send SessionCreated before connection close if clock skew +- Try another floodfill for publishing if no compatible tunnels found +- Reduce memory usage for RouterInfo structures +- Avoid duplicated addresses in RouterInfo. Check presence of netId and version +- Use TCP/IP sockets for I2CP on Android instead local sockets +- Return uptime as integer in I2PControl +- Reseed servers list/cerificates +- Webconsole's dark style colors +### Fixed +- Attempt to use Yggdrasil on start on Android +- Attempts to send peer tests to itself +- Severe packets drop in SSU +- Crash on tunnel tests +- Loading addressbook subscriptions from config +- Multiple I2CP session to the same destination +- Build on Apple Silicon + +## [2.40.0] - 2021-11-29 +### Added +- Keep alive parameter for client tunnels +- Support openssl 3.0.0 +- Localization to Armenian +- Show git commit info in version +- Windows menu item for opening datadir +- Reseed if too few floodfills +- Don't publish old and replacing tunnel in LeaseSet +- Webconsole light/dark theme depending on system settings (via CSS) +### Changed +- Set gzip compression to false by default +- Build tunnel through ECIES routers only +- Removed ElGamal support for tunnels +- Moved webconsole resources to separate file +- Pick tunnels with compatible transport with another tunnel of floodfill +- Use common cleanup timer for all SSU sessions +- Reduced memory usage +- Reseed servers list +- i18n code called from ClientContext +### Fixed +- Tunnels reload +- Some typos in log messages +- Cleanup relay requests table +- Server tunnel is not published +- Build on GNU/Hurd. Disable pthread_setname_np +- Crash when incorrect sigtype used with blinding + +## [2.39.0] - 2021-08-23 +### Added +- Short tunnel build messages +- Localization. To: Russian, Ukrainian, Turkmen, Uzbek and Afrikaans +- Custom CSS styles for webconsole +- Avoid slow tunnels with more than 250 ms per hop +- Process DELAY_REQUESTED streaming option +- "certsdir" options for certificates location +- Keep own RouterInfo in NetBb +- Pick ECIES routers only for tunnels on non-x64 +- NTP sync through ipv6 +- Allow ipv6 addresses for UDP server tunnels +### Changed +- Rekey of all routers to ECIES +- Better distribution for random tunnel's peer selection +- Yggdrasil reseed for v0.4, added two more +- Encryption type 0,4 by default for server tunnels +- Handle i2cp.dontPublishLeaseSet param for all destinations +- reg.i2p for subscriptions +- LeaseSet type 3 by default +- Don't allocate payload buffer for every single ECIESx25519 message +- Prefer public ipv6 instead rfc4941 +- Optimal padding for one-time ECIESx25519 message +- Don't send datetime block for one-time ECIESx25519 message with one-time key +- Router with expired introducer is still valid +- Don't disable floodfill if still reachable by ipv6 +- Set minimal version for floodfill to 0.9.38 +- Eliminate extra lookups for sequential fragments on tunnel endpoint +- Consistent path for explicit peers +- Always create new tunnel from exploratory pool +- Don't try to connect to a router not reachable from us +- Mark additional ipv6 addresses/nets as reserved (#1679) +### Fixed +- Zero-hop tunnels +- Crash upon SAM session termination +- Build with boost < 1.55.0 +- Address type for NTCP2 acceptors +- Check of ipv4/ipv6 address +- Request router to send to if not in NetDb +- Count outbound traffic for zero-hop tunnels +- URLdecode domain for registration string generator in webconsole + +## [2.38.0] - 2021-05-17 +### Added +- Publish ipv6 introducers +- Bind ipv6 or yggdrasil NTCP2 acceptor to specified address +- Support .b32.i2p addresses and hostnames for SAM STREAM CREATE +- ipv6 peer tests +- Publish iexp param for introducers +- Show ipv6 network status on the webconsole +- EdDSA signing keys can also be blinded +- Show router version on the webconsole +### Changed +- Rekey of all routers but floodfills to ECIES +- Increased number of precalculated x25519 keys to 15 +- Don't publish LeaseSet without inbound tunnels +- Reseed from compatible address(ipv4 or ipv6) +- Recongnize v4 and v6 SSU addresses without host +- Inbound tunnel gateway must be ipv4 compatible +- Don't select next introducers from existing sessions +- Set X bandwidth for floodfill by default +### Fixed +- Incoming ECIES-x25519 session doesn't send updated LeaseSet +- Unique local address for server tunnels +- Race condition for LeaseSet creation in I2CP +- Relay tag for ipv6 introducer +- Already expired introducers +- Find connected router for first peer in tunnel +- Failed outgoing ECIES-x25519 session's tagset stays forever +- Yggdrasil address disappears if router becomes unreachable through ipv6 +- Ignore SSU address/introducers if port is not specified +- Check identity and signature length for SSU SessionConfirmed + +## [2.37.0] - 2021-03-15 +### Added +- Address registration line for reg.i2p and stats.i2p through the web console +- "4" and "6" caps for addresses without published IP address +- Mesh and Proxy network statuses +- Symmetric NAT network status error +- Bind server tunnel connection to specified address +- lookuplocal BOB extended command +- address4 and address6 parameters to bind outgoing connections to +- Rekey of low-bandwidth routers to ECIES +- Popup notification windows when unable to parse config for Windows +### Changed +- Floodfills with "U" cap are not ignored anymore +- Check transports reachability between tunnel peers and between router and floodfill +- NTCP2 and reseed HTTP proxy support authorization now +- Show actual IP addresses for proxy connections +- Publish and handle SSU addreses without host +- Outbound tunnel endpoint must be ipv4 compatible +- Logging optimization +- Removed Windows service +### Fixed +- Incoming SSU session terminates after 5 seconds +- Outgoing NTCP2 ipv4 session even if ipv4 is disabled +- No incoming Yggdrasil connection if connected through NTCP2 proxy +- Race condition between tunnel build and floodfill requests decryption for ECIES routers +- Numeric bandwidth limitation +- Yggdrasil for Android + +## [2.36.0] - 2021-02-15 +### Added +- Encrypted lookup and publications to ECIES-x25519 floodfiils +- Yggdrasil transports and reseeds +- Dump addressbook in hosts.txt format +- Request RouterInfo through exploratory tunnels if direct connection to fllodfill is not possible +- Threads naming +- Check if public x25519 key is valid +- ECIES-X25519-AEAD-Ratchet for shared local destination +- LeaseSet creation timeout for I2CP session +- Resend RouterInfo after some interval for longer NTCP2 sessions +- Select reachable router of inbound tunnel gateway +- Reseed if no compatible routers in netdb +- Refresh on swipe in Android webconsole +### Changed +- reg.i2p for default addressbook instead inr.i2p +- ECIES-x25519 (crypto type 4) for new routers +- Try to connect to all compatible addresses from peer's RouterInfo +- Replace LeaseSet completely if store type changes +- Try ECIES-X25519-AEAD-Ratchet tag before ElGamal +- Don't detach ECIES-X25519-AEAD-Ratchet session from destination immediately +- Viewport and styles on error in HTTP proxy +- Don't create notification when Windows taskbar restarted +- Cumulative SSU ACK bitfields +- limit tunnel length to 8 hops +- Limit tunnels quantity to 16 +### Fixed +- Handling chunked HTTP response in addressbook +- Missing ECIES-X25519-AEAD-Ratchet tags for multiple streams with the same destination +- Correct NAME for NAMING REPLY in SAM +- SSU crash on termination +- Offline signature length for stream close packet +- Don't send updated LeaseSet through a terminated session +- Decryption of follow-on ECIES-X25519-AEAD-Ratchet NSR messages +- Non-confirmed LeaseSet is resent too late for ECIES-X25519-AEAD-Ratchet session + +## [2.35.0] - 2020-11-30 +### Added +- ECIES-x25519 routers +- Random intro keys for SSU +- Graceful shutdown timer for windows +- Send queue for I2CP messages +- Update DSA router keys to EdDSA +- TCP_QUICKACK for NTCP2 sockets on Linux +### Changed +- Exclude floodfills with DSA signatures and < 0.9.28 +- Random intervals between tunnel tests and manage for tunnel pools +- Don't replace an addressbook record by one with DSA signature +- Publish RouterInfo after update +- Create paired inbound tunnels if no inbound tunnels yet +- Reseed servers list +### Fixed +- Transient signature length, if different from identity +- Terminate I2CP session if destroyed +- RouterInfo publishing confirmation +- Check if ECIES-X25519-AEAD-Ratchet session expired before generating more tags +- Correct block size for delivery type local for ECIES-X25519-AEAD-Ratchet + +## [2.34.0] - 2020-10-27 +### Added +- Ping responses for streaming +- STREAM FORWARD for SAM +- Tunnels through ECIES-x25519 routers +- Single thread for I2CP +- Shared transient destination between proxies +- Database lookups from ECIES destinations with ratchets response +- Handle WebDAV HTTP methods +- Don't try to connect or build tunnels if offline +- Validate IP when trying connect to remote peer +- Handle ICMP responses and WinAPI errors for SSU +### Changed +- Removed NTCP +- Dropped gcc 4.7 support +- Encyption type 0,4 by default for client tunnels +- Stripped out some HTTP header for HTTP server response +- HTTP 1.1 addressbook requests +- Set LeaseSet type to 3 for ratchets if not specified +- Handle SSU v4 and v6 messages in one thread +- Eliminate DH keys thread +### Fixed +- Random crashes on I2CP session disconnect +- Stream through racthets hangs if first SYN was not acked +- Check "Last-Modified" instead "If-Modified-Since" for addressbook reponse +- Trim behind ECIESx25519 tags +- Few bugs with Android main activity +- QT visual and layout issues + +## [2.33.0] - 2020-08-24 +### Added +- Shared transient addresses +- crypto.ratchet.inboundTags paramater +- Multiple encryption keys through I2CP +- Pre-calculated x25519 ephemeral keys +- Change datagram routing path if nothing comes back in 10 seconds +- Shared routing path for datagram session +### Changed +- UDP tunnels send mix of repliable and raw datagrams in bulk +- Encrypt SSU packet again upon resend +- Start new tunnel message if remaining buffer is too small +- Use LeaseSet2 for ECIES-X25519-AEAD-Ratchet automatically +- Save new ECIES-X25519-AEAD-Ratchet session with NSR tagset +- Generate random padding lengths for ECIES-X25519-AEAD-Ratchet in bulk +- Webconsole layout +- Reseed servers list +### Fixed +- Don't connect through terminated SAM destination +- Differentiate UDP server sessions by port +- ECIES-X25519-AEAD-Ratchet through I2CP +- Don't save invalid address to AddressBook +- ECDSA signatures names in SAM +- AppArmor profile + +## [2.32.1] - 2020-06-02 +### Added +- Read explicit peers in tunnels config +### Fixed +- Generation of tags for detached sessions +- Non-updating LeaseSet1 +- Start when deprecated websocket options present in i2pd.conf + +## [2.32.0] - 2020-05-25 +### Added +- Multiple encryption types for local destinations +- Next key and tagset for ECIES-X25519-AEAD-Ratchet +- NTCP2 through SOCKS proxy +- Throw error message if any port to bind is occupied +- gzip parameter for UDP tunnels +- Show ECIES-X25519-AEAD-Ratchet sessions and tags on the web console +- Simplified implementation of gzip for no compression mode +- Allow ECIES-X25519-AEAD-Ratchet session restart after 2 minutes +- Added logrotate config for rpm package +### Changed +- Select peers for client tunnels among routers >= 0.9.36 +- Check ECIES flag for encrypted lookup reply +- Streaming MTU size 1812 for ECIES-X25519-AEAD-Ratchet +- Don't calculate checksum for Data message send through ECIES-X25519-AEAD-Ratchet +- Catch network connectivity status for Windows +- Stop as soon as no more transit tunnels during graceful shutdown for Android +- RouterInfo gzip compression level depends on size +- Send response to received datagram from ECIES-X25519-AEAD-Ratchet session +- Update webconsole functional +- Increased max transit tunnels limit +- Reseeds list +- Dropped windows support in cmake +### Fixed +- Correct timestamp check for LeaseSet2 +- Encrypted leaseset without authentication +- Change SOCKS proxy connection response for clients without socks5h support (#1336) + +## [2.31.0] - 2020-04-10 +### Added +- NTCP2 through HTTP proxy +- Publish LeaseSet2 for I2CP destinations +- Show status page on main activity for android +- Handle ECIESFlag in DatabaseLookup at floodfill +- C++17 features for eligible compilers +### Changed +- Droped Websockets and Lua support +- Send DeliveryStatusMsg for LeaseSet for ECIES-X25519-AEAD-Ratchet +- Keep sending new session reply until established for ECIES-X25519-AEAD-Ratchet +- Updated SSU log messages +- Reopen SSU socket on exception +- Security hardening headers in web console +- Various web console changes +- Various QT changes +### Fixed +- NTCP2 socket descriptors leak +- Race condition with router's identity in transport sessions +- Not terminated streams remain forever + +## [2.30.0] - 2020-02-25 +### Added +- Single threaded SAM +- Experimental support of ECIES-X25519-AEAD-Ratchet crypto type +### Changed +- Minimal MTU size is 1280 for ipv6 +- Use unordered_map instead map for destination's sessions and tags list +- Use std::shuffle instead std::random_shuffle +- SAM is single threaded by default +- Reseeds list +### Fixed +- Correct termination of streaming destination +- Extra ',' in RouterInfo response in I2PControl +- SAM crash on session termination +- Storage for Android 10 + +## [2.29.0] - 2019-10-21 +### Added +- Client auth flag for b33 address +### Changed +- Remove incoming NTCP2 session from pending list when established +- Handle errors for NTCP2 SessionConfrimed send +### Fixed +- Failure to start on Windows XP +- SAM crash if invalid lookup address +- Possible crash when UPnP enabled on shutdown + +## [2.28.0] - 2019-08-27 +### Added +- RAW datagrams in SAM +- Publishing encrypted LeaseSet2 with DH or PSH authentication +- Ability to disable battery optimization for Android +- Transport Network ID Check +### Changed +- Set and handle published encrypted flag for LeaseSet2 +### Fixed +- ReceiveID changes in the same stream +- "\r\n" command terminator in SAM +- Addressbook lines with signatures + +## [2.27.0] - 2019-07-03 +### Added +- Support of PSK and DH authentication for encrypted LeaseSet2 +### Changed +- Uptime is based on monotonic timer +### Fixed +- BOB status command response +- Correct NTCP2 port if NTCP is disabled +- Flood encrypted LeaseSet2 with store hash + +## [2.26.0] - 2019-06-07 +### Added +- HTTP method "PROPFIND" +- Detection of external ipv6 address through the SSU +- NTCP2 publishing depends on network status +### Changed +- ntcp is disabled by default, ntcp2 is published by default +- Response to BOB's "list" command +- ipv6 address is not longer NTCP's local endpoint's address +- Reseeds list +- HTTP_REFERER stripping in httpproxy (#823) +### Fixed +- Check and handle incorrect BOB input +- Ignore introducers for NTCP or NTCP2 addresses +- RouterInfo check from NTCP2 + +## [2.25.0] - 2019-05-09 +### Added +- Create, publish and handle encrypted LeaseSet2 +- Support of b33 addresses +- RedDSA key blinding +- .b32.i2p addresses in jump links +- ntcp2.addressv6 parameter +### Changed +- Allow HTTP headers without value +- Set data directory from external storage path for Android +- addresshelper support is configurable per tunnel +- gradlew script for android build +### Fixed +- Deletion of expired encrypted LeaseSet2 on floodfills +- ipv6 fallback address +- SSU incoming packets routing + +## [2.24.0] - 2019-03-21 +### Added +- Support of transient keys for LeaseSet2 +- Support of encrypted LeaseSet2 +- Recognize signature type 11 (RedDSA) +- Support websocket connections over HTTP proxy +- Ability to disable full addressbook persist +### Changed +- Don't load peer profiles if non-persistant +- REUSE_ADDR for ipv6 acceptors +- Reset eTags if addressbook can't be loaded +### Fixed +- Build with boost 1.70 +- Filter out unspecified addresses from RouterInfo +- Check floodfill status change +- Correct SAM response for invalid key +- SAM crash on termination for Windows +- Race condition for publishing + +## [2.23.0] - 2019-01-21 +### Added +- Standard LeaseSet2 support +- Ability to adjust timestamps through the NTP +- Ability to disable peer profile persist +- Request permission for android >= 6 +- Initial addressbook to android assets +- Cancel graceful shutdown for android +- Russian translation for android +### Changed +- Chacha20 and Poly1305 implementation +- Eliminate extra copy of NTCP2 send buffers +- Extract content of tunnel.d from assets on android +- Removed name resolvers from transports +- Update reseed certificates +### Fixed +- LeaseSet published content verification +- Exclude invalid LeaseSets from the list on a floodfill +- Build for OpenWrt with openssl 1.1.1 + +## [2.22.0] - 2018-11-09 +### Added +- Multiple tunnel config files from tunnels.d folder +### Changed +- Fetch own RouterInfo upon SessionRequest for NTCP2 +- Faster XOR between AES blocks for non AVX capable CPUs +### Fixed +- Fixed NTCP2 termination send + +## [2.21.1] - 2018-10-22 +### Changed +- cost=13 for unpublished NTCP2 address +### Fixed +- Handle I2NP messages longer than 32K + +## [2.21.0] - 2018-10-04 +### Added +- EdDSA, x25519 and SipHash from openssl 1.1.1 +- NTCP2 ipv6 incoming connections +- Show total number of destination's outgoing tags in the web console +### Changed +- Android build with openssl 1.1.1/boost 1.64 +- Bandwidth classes 'P' and 'X' don't add 'O' anymore +### Fixed +- Update own RouterInfo if no SSU +- Recognize 'P' and 'X' routers as high bandwidth without 'O' +- NTCP address doesn't disappear if NTCP2 enabled +- Android with api 26+ + +## [2.20.0] - 2018-08-23 +### Added +- Full implementation of NTCP2 +- Assets for android +### Changed +- armeabi-v7a and x86 in one apk for android +- NTCP2 is enabled by default +- Show lease's expiration time in readable format in the web console +### Fixed +- Correct names for transports in the web console + +## [2.19.0] - 2018-06-26 +### Added +- ECIES support for RouterInfo +- HTTP outproxy authorization +- AVX/AESNI runtime detection +- Initial implementation of NTCP2 +- I2CP session reconfigure +- I2CP method ClientServicesInfo +- Datagrams to websocks +### Changed +- RouterInfo uses EdDSA signature by default +- Remove stream bans +- Android build system changed to gradle +- Multiple changes in QT GUI +- Dockerfile +### Fixed +- zero tunnelID issue +- tunnels reload +- headers in webconsole +- XSS in webconsole from SAM session name +- build for gcc 8 +- cmake build scripts +- systemd service files +- some netbsd issues + +## [2.18.0] - 2018-01-30 +### Added +- Show tunnel nicknames for I2CP destination in WebUI +- Re-create HTTP and SOCKS proxy by tunnel reload +- Graceful shutdown as soon as no more transit tunnels +### Changed +- Regenerate shared local destination by tunnel reload +- Use transient local destination by default if not specified +- Return correct code if pid file can't be created +- Timing and number of attempts for adressbook requests +- Certificates list +### Fixed +- Malformed addressbook subsctiption request +- Build with boost 1.66 +- Few race conditions for SAM +- Check LeaseSet's signature before update + +## [2.17.0] - 2017-12-04 +### Added +- Reseed through HTTP and SOCKS proxy +- Show status of client services through web console +- Change log level through web connsole +- transient keys for tunnels +- i2p.streaming.initialAckDelay parameter +- CRYPTO_TYPE for SAM destination +- signature and crypto type for newkeys BOB command +### Changed +- Correct publication of ECIES destinations +- Disable RSA signatures completely +### Fixed +- CVE-2017-17066 +- Possible buffer overflow for RSA-4096 +- Shutdown from web console for Windows +- Web console page layout +## [2.16.0] - 2017-11-13 +### Added +- https and "Connect" method for HTTP proxy +- outproxy for HTTP proxy +- initial support of ECIES crypto +- NTCP soft and hard descriptors limits +- Support full timestamps in logs +### Changed +- Faster implementation of GOST R 34.11 hash +- Reject routers with RSA signtures +- Reload config and shudown from Windows GUI +- Update tunnels address(destination) without restart +### Fixed +- BOB crashes if destination is not set +- Correct SAM tunnel name +- QT GUI issues + +## [2.15.0] - 2017-08-17 +### Added +- QT GUI +- Ability to add and remove I2P tunnels without restart +- Ability to disable SOCKS outproxy option +### Changed +- Strip-out Accept-* hedaers in HTTP proxy +- Don't run peer test if nat=false +- Separate output of NTCP and SSU sessions in Transports tab +### Fixed +- Handle lines with comments in hosts.txt file for address book +- Run router with empty netdb for testnet +- Skip expired introducers by iexp + +## [2.14.0] - 2017-06-01 +### Added +- Transit traffic bandwidth limitation +- NTCP connections through HTTP and SOCKS proxies +- Ability to disable address helper for HTTP proxy +### Changed +- Reseed servers list +- Minimal required version is 4.0 for Android +### Fixed +- Ignore comments in addressbook feed + +## [2.13.0] - 2017-04-06 +### Added +- Persist local destination's tags +- GOST signature types 9 and 10 +- Exploratory tunnels configuration +### Changed +- Reseed servers list +- Inactive NTCP sockets get closed faster +- Some EdDSA speed up +### Fixed +- Multiple acceptors for SAM +- Follow on data after STREAM CREATE for SAM +- Memory leaks + +## [2.12.0] - 2017-02-14 +### Added +- Additional HTTP and SOCKS proxy tunnels +- Reseed from ZIP archive +- Some stats in a main window for Windows version +### Changed +- Reseed servers list +- MTU of 1488 for ipv6 +- Android and Mac OS X versions use OpenSSL 1.1 +- New logo for Android +### Fixed +- Multiple memory leaks +- Incomptibility of some EdDSA private keys with Java +- Clock skew for Windows XP +- Occasional crashes with I2PSnark + +## [2.11.0] - 2016-12-18 +### Added +- Websockets support +- Reseed through a floodfill +- Tunnel configuration for HTTP and SOCKS proxy +- Zero-hops tunnels for destinations +- Multiple acceptors for SAM +### Changed +- Reseed servers list +- DHT uses AVX if applicable +- New logo +- LeaseSet lookups +### Fixed +- HTTP Proxy connection reset for Windows +- Crash upon SAM session termination +- Can't connect to a destination for a longer time after restart +- Mass packet loss for UDP tunnels + +## [2.10.2] - 2016-12-04 +### Fixed +- Fixes UPnP discovery bug, producing excessive CPU usage +- Fixes sudden SSU thread stop for Windows. + +## [2.10.1] - 2016-11-07 +### Fixed +- Fixed some performance issues for Windows and Android + +## [2.10.0] - 2016-10-17 +### Added +- Datagram i2p tunnels +- Unique local addresses for server tunnels +- Configurable list of reseed servers and initial addressbook +- Configurable netid +- Initial iOS support + +### Changed +- Reduced file descriptors usage +- Strict reseed checks enabled by default + +## Fixed +- Multiple fixes in I2CP and BOB implementations + +## [2.9.0] - 2016-08-12 +### Changed +- Proxy refactoring & speedup +- Transmission-I2P support +- Graceful shutdown for Windows +- Android without QT +- Reduced number of timers in SSU +- ipv6 peer test support +- Reseed from SU3 file + +## [2.8.0] - 2016-06-20 +### Added +- Basic Android support +- I2CP implementation +- 'doxygen' target + +### Changed +- I2PControl refactoring & fixes (proper jsonrpc responses on errors) +- boost::regex no more needed + +### Fixed +- initscripts: added openrc one, in sysv-ish make I2PD_PORT optional +- properly close NTCP sessions (memleak) + +## [2.7.0] - 2016-05-18 +### Added +- Precomputed El-Gamal/DH tables +- Configurable limit of transit tunnels + +### Changed +- Speed-up of asymmetric crypto for non-x64 platforms +- Refactoring of web-console + +## [2.6.0] - 2016-03-31 +### Added +- Graceful shutdown on SIGINT +- Numeric bandwidth limits (was: by router class) +- Jumpservices in web-console +- Logging to syslog +- Tray icon for windows application + +### Changed +- Logs refactoring +- Improved statistics in web-console + +### Deprecated: +- Renamed main/tunnels config files (will use old, if found, but emits warning) + +## [2.5.1] - 2016-03-10 +### Fixed +- Doesn't create ~/.i2pd dir if missing + +## [2.5.0] - 2016-03-04 +### Added +- IRC server tunnels +- SOCKS outproxy support +- Support for gzipped addressbook updates +- Support for router families + +### Changed +- Shared RTT/RTO between streams +- Filesystem work refactoring + +## [2.4.0] - 2016-02-03 +### Added +- X-I2P-* headers for server http-tunnels +- I2CP options for I2P tunnels +- Show I2P tunnels in webconsole + +### Changed +- Refactoring of cmdline/config parsing + +## [2.3.0] - 2016-01-12 +### Added +- Support for new router bandwidth class codes (P and X) +- I2PControl supports external webui +- Added --pidfile and --notransit parameters +- Ability to specify signature type for i2p tunnel + +### Changed +- Fixed multiple floodfill-related bugs +- New webconsole layout + +## [2.2.0] - 2015-12-22 +### Added +- Ability to connect to router without ip via introducer + +### Changed +- Persist temporary encryption keys for local destinations +- Performance improvements for EdDSA +- New addressbook structure + +## [2.1.0] - 2015-11-12 +### Added +- Implementation of EdDSA + +### Changed +- EdDSA is default signature type for new RouterInfos diff --git a/linux/i2pd-openssl/LICENSE b/linux/i2pd-openssl/LICENSE new file mode 100644 index 0000000..9a1e452 --- /dev/null +++ b/linux/i2pd-openssl/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2013-2020, The PurpleI2P Project + +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are +permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of +conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of +conditions and the following disclaimer in the documentation and/or other materials +provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used +to endorse or promote products derived from this software without specific prior written +permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR +TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/linux/i2pd-openssl/Makefile b/linux/i2pd-openssl/Makefile new file mode 100644 index 0000000..0861ec0 --- /dev/null +++ b/linux/i2pd-openssl/Makefile @@ -0,0 +1,187 @@ +.DEFAULT_GOAL := all + +SYS := $(shell $(CXX) -dumpmachine) + +ifneq (, $(findstring darwin, $(SYS))) + SHARED_SUFFIX = dylib +else ifneq (, $(findstring mingw, $(SYS))$(findstring windows-gnu, $(SYS))$(findstring cygwin, $(SYS))) + SHARED_SUFFIX = dll +else + SHARED_SUFFIX = so +endif + +SHLIB := libi2pd.$(SHARED_SUFFIX) +ARLIB := libi2pd.a +SHLIB_LANG := libi2pdlang.$(SHARED_SUFFIX) +ARLIB_LANG := libi2pdlang.a +SHLIB_CLIENT := libi2pdclient.$(SHARED_SUFFIX) +ARLIB_CLIENT := libi2pdclient.a +SHLIB_WRAP := libi2pdwrapper.$(SHARED_SUFFIX) +ARLIB_WRAP := libi2pdwrapper.a +I2PD := i2pd + +LIB_SRC_DIR := libi2pd +LIB_CLIENT_SRC_DIR := libi2pd_client +WRAP_SRC_DIR := libi2pd_wrapper +LANG_SRC_DIR := i18n +DAEMON_SRC_DIR := daemon + +# import source files lists +include filelist.mk + +USE_AESNI := $(or $(USE_AESNI),yes) +USE_STATIC := $(or $(USE_STATIC),no) +USE_UPNP := $(or $(USE_UPNP),no) +DEBUG := $(or $(DEBUG),yes) + +# for debugging purposes only, when commit hash needed in trunk builds in i2pd version string +USE_GIT_VERSION := $(or $(USE_GIT_VERSION),no) + +# for MacOS only, waiting for "1", not "yes" +HOMEBREW := $(or $(HOMEBREW),0) + +ifeq ($(DEBUG),yes) + CXX_DEBUG = -g +else + CXX_DEBUG = -Os + LD_DEBUG = -s +endif + +ifneq (, $(DESTDIR)) + PREFIX = $(DESTDIR) +endif + +ifneq (, $(findstring darwin, $(SYS))) + DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp + ifeq ($(HOMEBREW),1) + include Makefile.homebrew + else + include Makefile.osx + endif +else ifneq (, $(findstring mingw, $(SYS))$(findstring windows-gnu, $(SYS))$(findstring cygwin, $(SYS))) + DAEMON_SRC += Win32/DaemonWin32.cpp Win32/Win32App.cpp Win32/Win32Service.cpp Win32/Win32NetState.cpp + include Makefile.mingw +else ifneq (, $(findstring linux, $(SYS))$(findstring gnu, $(SYS))) + DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp + include Makefile.linux +else ifneq (, $(findstring freebsd, $(SYS))$(findstring openbsd, $(SYS))) + DAEMON_SRC += $(DAEMON_SRC_DIR)/UnixDaemon.cpp + include Makefile.bsd +else # not supported + $(error Not supported platform) +endif + +INCFLAGS += -I$(LIB_SRC_DIR) -I$(LIB_CLIENT_SRC_DIR) -I$(LANG_SRC_DIR) +DEFINES += -DOPENSSL_SUPPRESS_DEPRECATED +NEEDED_CXXFLAGS += -MMD -MP + +ifeq ($(USE_GIT_VERSION),yes) + GIT_VERSION := $(shell git describe --tags) + DEFINES += -DGITVER=$(GIT_VERSION) +endif + +LIB_OBJS += $(patsubst %.cpp,obj/%.o,$(LIB_SRC)) +LIB_CLIENT_OBJS += $(patsubst %.cpp,obj/%.o,$(LIB_CLIENT_SRC)) +LANG_OBJS += $(patsubst %.cpp,obj/%.o,$(LANG_SRC)) +DAEMON_OBJS += $(patsubst %.cpp,obj/%.o,$(DAEMON_SRC)) +WRAP_LIB_OBJS += $(patsubst %.cpp,obj/%.o,$(WRAP_LIB_SRC)) +DEPS += $(LIB_OBJS:.o=.d) $(LIB_CLIENT_OBJS:.o=.d) $(LANG_OBJS:.o=.d) $(DAEMON_OBJS:.o=.d) $(WRAP_LIB_OBJS:.o=.d) + +## Build all code (libi2pd, libi2pdclient, libi2pdlang), link it to .a and build binary +all: $(ARLIB) $(ARLIB_CLIENT) $(ARLIB_LANG) $(I2PD) + +mk_obj_dir: + @mkdir -p obj/$(LIB_SRC_DIR) + @mkdir -p obj/$(LIB_CLIENT_SRC_DIR) + @mkdir -p obj/$(LANG_SRC_DIR) + @mkdir -p obj/$(DAEMON_SRC_DIR) + @mkdir -p obj/$(WRAP_SRC_DIR) + @mkdir -p obj/Win32 + +api: $(SHLIB) $(ARLIB) +client: $(SHLIB_CLIENT) $(ARLIB_CLIENT) +lang: $(SHLIB_LANG) $(ARLIB_LANG) +api_client: api client lang +wrapper: api_client $(SHLIB_WRAP) $(ARLIB_WRAP) + +## NOTE: The NEEDED_CXXFLAGS are here so that CXXFLAGS can be specified at build time +## **without** overwriting the CXXFLAGS which we need in order to build. +## For example, when adding 'hardening flags' to the build +## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove +## -std=c++11. If you want to remove this variable please do so in a way that allows setting +## custom FLAGS to work at build-time. + +obj/%.o: %.cpp | mk_obj_dir + $(CXX) $(CXXFLAGS) $(NEEDED_CXXFLAGS) $(DEFINES) $(INCFLAGS) -c -o $@ $< + +# '-' is 'ignore if missing' on first run +-include $(DEPS) + +$(I2PD): $(DAEMON_OBJS) $(ARLIB) $(ARLIB_CLIENT) $(ARLIB_LANG) + $(CXX) -o $@ $(DEFINES) $(LDFLAGS) $^ $(LDLIBS) + +$(SHLIB): $(LIB_OBJS) +ifneq ($(USE_STATIC),yes) + $(CXX) $(LDFLAGS) -shared -o $@ $^ $(LDLIBS) +endif + +$(SHLIB_CLIENT): $(LIB_CLIENT_OBJS) $(SHLIB) $(SHLIB_LANG) +ifneq ($(USE_STATIC),yes) + $(CXX) $(LDFLAGS) -shared -o $@ $^ $(LDLIBS) $(SHLIB) $(SHLIB_LANG) +endif + +$(SHLIB_WRAP): $(WRAP_LIB_OBJS) +ifneq ($(USE_STATIC),yes) + $(CXX) $(LDFLAGS) -shared -o $@ $^ $(LDLIBS) +endif + +$(SHLIB_LANG): $(LANG_OBJS) +ifneq ($(USE_STATIC),yes) + $(CXX) $(LDFLAGS) -shared -o $@ $^ $(LDLIBS) +endif + +$(ARLIB): $(LIB_OBJS) + $(AR) -r $@ $^ + +$(ARLIB_CLIENT): $(LIB_CLIENT_OBJS) + $(AR) -r $@ $^ + +$(ARLIB_WRAP): $(WRAP_LIB_OBJS) + $(AR) -r $@ $^ + +$(ARLIB_LANG): $(LANG_OBJS) + $(AR) -r $@ $^ + +clean: + $(RM) -r obj + $(RM) -r docs/generated + $(RM) $(I2PD) $(SHLIB) $(ARLIB) $(SHLIB_CLIENT) $(ARLIB_CLIENT) $(SHLIB_LANG) $(ARLIB_LANG) $(SHLIB_WRAP) $(ARLIB_WRAP) + +strip: $(I2PD) $(SHLIB) $(SHLIB_CLIENT) $(SHLIB_LANG) + strip $^ + +LATEST_TAG=$(shell git describe --tags --abbrev=0 openssl) +BRANCH=$(shell git rev-parse --abbrev-ref HEAD) +dist: + git archive --format=tar.gz -9 --worktree-attributes \ + --prefix=i2pd_$(LATEST_TAG)/ $(LATEST_TAG) -o i2pd_$(LATEST_TAG).tar.gz + +last-dist: + git archive --format=tar.gz -9 --worktree-attributes \ + --prefix=i2pd_$(LATEST_TAG)/ $(BRANCH) -o ../i2pd_$(LATEST_TAG).orig.tar.gz + +doxygen: + doxygen -s docs/Doxyfile + +.PHONY: all +.PHONY: clean +.PHONY: doxygen +.PHONY: dist +.PHONY: last-dist +.PHONY: api +.PHONY: api_client +.PHONY: client +.PHONY: lang +.PHONY: mk_obj_dir +.PHONY: install +.PHONY: strip diff --git a/linux/i2pd-openssl/Makefile.bsd b/linux/i2pd-openssl/Makefile.bsd new file mode 100644 index 0000000..0054319 --- /dev/null +++ b/linux/i2pd-openssl/Makefile.bsd @@ -0,0 +1,13 @@ +CXX = clang++ +CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-misleading-indentation +## NOTE: NEEDED_CXXFLAGS is here so that custom CXXFLAGS can be specified at build time +## **without** overwriting the CXXFLAGS which we need in order to build. +## For example, when adding 'hardening flags' to the build +## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove +## -std=c++11. If you want to remove this variable please do so in a way that allows setting +## custom FLAGS to work at build-time. +NEEDED_CXXFLAGS = -std=c++11 +DEFINES = -D_GLIBCXX_USE_NANOSLEEP=1 +INCFLAGS = -I/usr/include/ -I/usr/local/include/ +LDFLAGS = ${LD_DEBUG} -Wl,-rpath,/usr/local/lib -L/usr/local/lib +LDLIBS = -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread diff --git a/linux/i2pd-openssl/Makefile.homebrew b/linux/i2pd-openssl/Makefile.homebrew new file mode 100644 index 0000000..88b2a9e --- /dev/null +++ b/linux/i2pd-openssl/Makefile.homebrew @@ -0,0 +1,57 @@ +# root directory holding homebrew +BREWROOT = /usr/local +BOOSTROOT = ${BREWROOT}/opt/boost +SSLROOT = ${BREWROOT}/opt/openssl@1.1 +UPNPROOT = ${BREWROOT}/opt/miniupnpc +CXXFLAGS = ${CXX_DEBUG} -Wall -std=c++11 -DMAC_OSX -Wno-overloaded-virtual +INCFLAGS = -I${SSLROOT}/include -I${BOOSTROOT}/include +LDFLAGS = ${LD_DEBUG} + +ifndef TRAVIS + CXX = clang++ +endif + +ifeq ($(USE_STATIC),yes) + LDLIBS = -lz ${SSLROOT}/lib/libcrypto.a ${SSLROOT}/lib/libssl.a ${BOOSTROOT}/lib/libboost_system.a ${BOOSTROOT}/lib/libboost_date_time.a ${BOOSTROOT}/lib/libboost_filesystem.a ${BOOSTROOT}/lib/libboost_program_options.a -lpthread +else + LDFLAGS += -L${SSLROOT}/lib -L${BOOSTROOT}/lib + LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread +endif + +ifeq ($(USE_UPNP),yes) + LDFLAGS += -ldl + CXXFLAGS += -DUSE_UPNP + INCFLAGS += -I${UPNPROOT}/include + ifeq ($(USE_STATIC),yes) + LDLIBS += ${UPNPROOT}/lib/libminiupnpc.a + else + LDFLAGS += -L${UPNPROOT}/lib + LDLIBS += -lminiupnpc + endif +endif + +# OSX Notes +# http://www.hutsby.net/2011/08/macs-with-aes-ni.html +# Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2 +# Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic +ifeq ($(USE_AESNI),yes) + CXXFLAGS += -D__AES__ -maes +endif + +install: all + install -d ${PREFIX}/bin + install -m 755 ${I2PD} ${PREFIX}/bin + install -d ${PREFIX}/etc ${PREFIX}/etc/i2pd ${PREFIX}/etc/i2pd/tunnels.conf.d + install -m 644 contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/etc/i2pd + install -d ${PREFIX}/share ${PREFIX}/share/doc ${PREFIX}/share/doc/i2pd + install -m 644 ChangeLog LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/share/doc/i2pd + install -d ${PREFIX}/share/i2pd + @cp -R contrib/certificates ${PREFIX}/share/i2pd/ + install -d ${PREFIX}/share/man ${PREFIX}/share/man/man1 + @gzip -kf debian/i2pd.1 && install debian/i2pd.1.gz ${PREFIX}/share/man/man1 + install -d ${PREFIX}/var ${PREFIX}/var/lib ${PREFIX}/var/lib/i2pd + @ln -sf ${PREFIX}/share/i2pd/certificates ${PREFIX}/var/lib/i2pd/certificates + @ln -sf ${PREFIX}/etc/i2pd/tunnels.conf.d ${PREFIX}/var/lib/i2pd/tunnels.d + @ln -sf ${PREFIX}/etc/i2pd/i2pd.conf ${PREFIX}/var/lib/i2pd/i2pd.conf + @ln -sf ${PREFIX}/etc/i2pd/subscriptions.txt ${PREFIX}/var/lib/i2pd/subscriptions.txt + @ln -sf ${PREFIX}/etc/i2pd/tunnels.conf ${PREFIX}/var/lib/i2pd/tunnels.conf diff --git a/linux/i2pd-openssl/Makefile.linux b/linux/i2pd-openssl/Makefile.linux new file mode 100644 index 0000000..6c7a461 --- /dev/null +++ b/linux/i2pd-openssl/Makefile.linux @@ -0,0 +1,87 @@ +# set defaults instead redefine +CXXFLAGS ?= ${CXX_DEBUG} -Wall -Wextra -Wno-unused-parameter -pedantic -Wno-psabi +LDFLAGS ?= ${LD_DEBUG} + +## NOTE: The NEEDED_CXXFLAGS are here so that custom CXXFLAGS can be specified at build time +## **without** overwriting the CXXFLAGS which we need in order to build. +## For example, when adding 'hardening flags' to the build +## (e.g. -fstack-protector-strong -Wformat -Werror=format-security), we do not want to remove +## -std=c++11. If you want to remove this variable please do so in a way that allows setting +## custom FDLAGS to work at build-time. + +# detect proper flag for c++11 support by compilers +CXXVER := $(shell $(CXX) -dumpversion) +ifeq ($(shell expr match $(CXX) 'clang'),5) + NEEDED_CXXFLAGS += -std=c++11 +else ifeq ($(shell expr match ${CXXVER} "4\.[0-9][0-9]"),4) # gcc >= 4.10 + NEEDED_CXXFLAGS += -std=c++11 +else ifeq ($(shell expr match ${CXXVER} "4\.[8-9]"),3) # gcc 4.8 - 4.9 + NEEDED_CXXFLAGS += -std=c++11 -D_GLIBCXX_USE_NANOSLEEP=1 +else ifeq ($(shell expr match ${CXXVER} "[5-6]"),1) # gcc 5 - 6 + NEEDED_CXXFLAGS += -std=c++11 + LDLIBS = -latomic +else ifeq ($(shell expr match ${CXXVER} "[7-9]"),1) # gcc 7 - 9 + NEEDED_CXXFLAGS += -std=c++17 + LDLIBS = -latomic +else ifeq ($(shell expr match ${CXXVER} "1[0-9]"),2) # gcc 10+ +# NEEDED_CXXFLAGS += -std=c++20 + NEEDED_CXXFLAGS += -std=c++17 + LDLIBS = -latomic +else # not supported +$(error Compiler too old) +endif + +NEEDED_CXXFLAGS += -fPIC + +ifeq ($(USE_STATIC),yes) +# NOTE: on glibc you will get this warning: +# Using 'getaddrinfo' in statically linked applications requires at runtime +# the shared libraries from the glibc version used for linking + LIBDIR := /usr/lib/$(SYS) + LDLIBS += $(LIBDIR)/libboost_system.a + LDLIBS += $(LIBDIR)/libboost_date_time.a + LDLIBS += $(LIBDIR)/libboost_filesystem.a + LDLIBS += $(LIBDIR)/libboost_program_options.a + LDLIBS += $(LIBDIR)/libssl.a + LDLIBS += $(LIBDIR)/libcrypto.a + LDLIBS += $(LIBDIR)/libz.a +ifeq ($(USE_UPNP),yes) + LDLIBS += $(LIBDIR)/libminiupnpc.a +endif + LDLIBS += -lpthread -ldl +else + LDLIBS += -lcrypto -lssl -lz -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread +ifeq ($(USE_UPNP),yes) + LDLIBS += -lminiupnpc +endif +endif + +# UPNP Support (miniupnpc 1.5 and higher) +ifeq ($(USE_UPNP),yes) + DEFINES += -DUSE_UPNP +endif + +ifeq ($(USE_AESNI),yes) +ifneq (, $(findstring i386, $(SYS))$(findstring i686, $(SYS))$(findstring x86_64, $(SYS))) # only x86-based CPU supports that + NEEDED_CXXFLAGS += -maes + DEFINES += -D__AES__ +endif +endif + +install: all + install -d ${PREFIX}/bin + install -m 755 ${I2PD} ${PREFIX}/bin + install -d ${PREFIX}/etc ${PREFIX}/etc/i2pd ${PREFIX}/etc/i2pd/tunnels.conf.d + install -m 644 contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/etc/i2pd + install -d ${PREFIX}/share ${PREFIX}/share/doc ${PREFIX}/share/doc/i2pd + install -m 644 ChangeLog LICENSE README.md contrib/i2pd.conf contrib/subscriptions.txt contrib/tunnels.conf ${PREFIX}/share/doc/i2pd + install -d ${PREFIX}/share/i2pd + @cp -R contrib/certificates ${PREFIX}/share/i2pd/ + install -d ${PREFIX}/share/man ${PREFIX}/share/man/man1 + @gzip -kf debian/i2pd.1 && install debian/i2pd.1.gz ${PREFIX}/share/man/man1 + install -d ${PREFIX}/var ${PREFIX}/var/lib ${PREFIX}/var/lib/i2pd + @ln -sf ${PREFIX}/share/i2pd/certificates ${PREFIX}/var/lib/i2pd/certificates + @ln -sf ${PREFIX}/etc/i2pd/tunnels.conf.d ${PREFIX}/var/lib/i2pd/tunnels.d + @ln -sf ${PREFIX}/etc/i2pd/i2pd.conf ${PREFIX}/var/lib/i2pd/i2pd.conf + @ln -sf ${PREFIX}/etc/i2pd/subscriptions.txt ${PREFIX}/var/lib/i2pd/subscriptions.txt + @ln -sf ${PREFIX}/etc/i2pd/tunnels.conf ${PREFIX}/var/lib/i2pd/tunnels.conf diff --git a/linux/i2pd-openssl/Makefile.mingw b/linux/i2pd-openssl/Makefile.mingw new file mode 100644 index 0000000..6cd1908 --- /dev/null +++ b/linux/i2pd-openssl/Makefile.mingw @@ -0,0 +1,59 @@ +# Build application with GUI (tray, main window) +USE_WIN32_APP := yes + +WINDRES = windres + +CXXFLAGS := $(CXX_DEBUG) -fPIC -msse +INCFLAGS := -I$(DAEMON_SRC_DIR) -IWin32 +LDFLAGS := ${LD_DEBUG} -static + +NEEDED_CXXFLAGS += -std=c++17 +DEFINES += -DWIN32_LEAN_AND_MEAN + +# Boost libraries suffix +BOOST_SUFFIX = -mt + +# UPNP Support +ifeq ($(USE_UPNP),yes) + DEFINES += -DUSE_UPNP -DMINIUPNP_STATICLIB + LDLIBS = -lminiupnpc +endif + +LDLIBS += \ + -lboost_system$(BOOST_SUFFIX) \ + -lboost_date_time$(BOOST_SUFFIX) \ + -lboost_filesystem$(BOOST_SUFFIX) \ + -lboost_program_options$(BOOST_SUFFIX) \ + -lssl \ + -lcrypto \ + -lz \ + -lwsock32 \ + -lws2_32 \ + -lgdi32 \ + -liphlpapi \ + -lole32 \ + -luuid \ + -lpthread + +ifeq ($(USE_WIN32_APP), yes) + DEFINES += -DWIN32_APP + LDFLAGS += -mwindows + DAEMON_RC += Win32/Resource.rc + DAEMON_OBJS += $(patsubst %.rc,obj/%.o,$(DAEMON_RC)) +endif + +ifeq ($(USE_WINXP_FLAGS), yes) + DEFINES += -DWINVER=0x0501 -D_WIN32_WINNT=0x0501 +endif + +ifeq ($(USE_AESNI),yes) + NEEDED_CXXFLAGS += -maes + DEFINES += -D__AES__ +endif + +ifeq ($(USE_ASLR),yes) + LDFLAGS += -Wl,--nxcompat -Wl,--high-entropy-va -Wl,--dynamicbase,--export-all-symbols +endif + +obj/%.o : %.rc | mk_obj_dir + $(WINDRES) $(DEFINES) $(INCFLAGS) --preprocessor-arg=-MMD --preprocessor-arg=-MP --preprocessor-arg=-MF$@.d -i $< -o $@ diff --git a/linux/i2pd-openssl/Makefile.osx b/linux/i2pd-openssl/Makefile.osx new file mode 100644 index 0000000..e069aaf --- /dev/null +++ b/linux/i2pd-openssl/Makefile.osx @@ -0,0 +1,34 @@ +CXX = clang++ +CXXFLAGS := ${CXX_DEBUG} -Wall -std=c++11 +INCFLAGS = -I/usr/local/include +DEFINES := -DMAC_OSX +LDFLAGS := -Wl,-rpath,/usr/local/lib -L/usr/local/lib +LDFLAGS += -Wl,-dead_strip +LDFLAGS += -Wl,-dead_strip_dylibs +LDFLAGS += -Wl,-bind_at_load + +ifeq ($(USE_STATIC),yes) + LDLIBS = -lz /usr/local/lib/libcrypto.a /usr/local/lib/libssl.a /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread +else + LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread +endif + +ifeq ($(USE_UPNP),yes) + LDFLAGS += -ldl + DEFINES += -DUSE_UPNP + ifeq ($(USE_STATIC),yes) + LDLIBS += /usr/local/lib/libminiupnpc.a + else + LDLIBS += -lminiupnpc + endif +endif + +OSARCH = $(shell uname -p) + +ifneq ($(OSARCH),powerpc) + ifeq ($(USE_AESNI),yes) + CXXFLAGS += -D__AES__ -maes + else + CXXFLAGS += -msse + endif +endif diff --git a/linux/i2pd-openssl/filelist.mk b/linux/i2pd-openssl/filelist.mk new file mode 100644 index 0000000..d8f503e --- /dev/null +++ b/linux/i2pd-openssl/filelist.mk @@ -0,0 +1,26 @@ +#LIB_SRC = \ +# BloomFilter.cpp Gzip.cpp Crypto.cpp Datagram.cpp Garlic.cpp I2NPProtocol.cpp LeaseSet.cpp \ +# Log.cpp NTCPSession.cpp NetDb.cpp NetDbRequests.cpp Profiling.cpp \ +# Reseed.cpp RouterContext.cpp RouterInfo.cpp Signature.cpp SSU.cpp \ +# SSUSession.cpp SSUData.cpp Streaming.cpp Identity.cpp TransitTunnel.cpp \ +# Transports.cpp Tunnel.cpp TunnelEndpoint.cpp TunnelPool.cpp TunnelGateway.cpp \ +# Destination.cpp Base.cpp I2PEndian.cpp FS.cpp Config.cpp Family.cpp \ +# Config.cpp HTTP.cpp Timestamp.cpp util.cpp api.cpp Gost.cpp + +LIB_SRC = $(wildcard $(LIB_SRC_DIR)/*.cpp) + +#LIB_CLIENT_SRC = \ +# AddressBook.cpp BOB.cpp ClientContext.cpp I2PTunnel.cpp I2PService.cpp MatchedDestination.cpp \ +# SAM.cpp SOCKS.cpp HTTPProxy.cpp I2CP.cpp + +LIB_CLIENT_SRC = $(wildcard $(LIB_CLIENT_SRC_DIR)/*.cpp) + +# also: Daemon{Linux,Win32}.cpp will be added later +#DAEMON_SRC = \ +# HTTPServer.cpp I2PControl.cpp UPnP.cpp Daemon.cpp i2pd.cpp + +LANG_SRC = $(wildcard $(LANG_SRC_DIR)/*.cpp) + +WRAP_LIB_SRC = $(wildcard $(WRAP_SRC_DIR)/*.cpp) + +DAEMON_SRC = $(wildcard $(DAEMON_SRC_DIR)/*.cpp)