Removing the OpenSSL library for CyaSSL.

OpenSSL license was not compatible with the GPL license.
This commit is contained in:
vemax78 2014-05-15 21:43:21 +02:00
parent e1023a388e
commit 3573dd4251
19 changed files with 434 additions and 1110 deletions

140
COPYING
View File

@ -1,6 +1,6 @@
SmartCAPWAP -- An Open Source CAPWAP WTP / AC SmartCAPWAP -- An Open Source CAPWAP WTP / AC
Copyright (C) 2012-2013 Massimo Vellucci <vemax78@gmail.com> Copyright (C) 2012-2014 Massimo Vellucci <vemax78@gmail.com>
This distribution contains multiple components, some This distribution contains multiple components, some
of which fall under different licenses. By using SmartCAPWAP of which fall under different licenses. By using SmartCAPWAP
@ -18,137 +18,17 @@ Libconfig license:
Libconfig is Copyright (C) Mark Lindner, and is licensed under the LGPL. Libconfig is Copyright (C) Mark Lindner, and is licensed under the LGPL.
Hostapd license: Libxml2 license:
------------ ------------
Hostapd is Copyright (C) Jouni Malinen <j@w1.fi> and contributors, Libxml2 is Copyright (C) Daniel Veillard, and is licensed under the MIT.
and is licensed under the BSD license.
OpenSSL License: Libjson-c license:
------------
Libjson-c is Copyright (C) Eric Haszlakiewicz, and is licensed under the MIT.
CyaSSL License:
---------------- ----------------
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of CyaSSL is Copyright (C) wolfSSL Inc, and is licensed under the GPL license version 2.
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact openssl-core@openssl.org.
/* ====================================================================
* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
Original SSLeay License
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
GNU Public License (GPL)
------------------------
SmartCAWAP, Libconfig distributions are
licensed under the GPL version 2 (see COPYRIGHT.GPL).

View File

@ -18,14 +18,19 @@ Requirements
* libjson0-dev * libjson0-dev
* libnl-dev * libnl-dev
* libtool * libtool
* libssl-dev
* libxml2-dev * libxml2-dev
* cyassl 3.0 or newer
Build Build
----- -----
Run: CyaSSL:
./configure --enable-dtls --enable-psk --prefix=/usr/
make
make install
SmartCAPWAP:
autoreconf -f -i autoreconf -f -i
./configure ./configure
make make

View File

@ -27,11 +27,8 @@ AM_CFLAGS = \
-D_REENTRANT \ -D_REENTRANT \
-D_GNU_SOURCE -D_GNU_SOURCE
AM_CFLAGS += $(LIBXML2_CFLAGS) AM_CFLAGS += $(LIBXML2_CFLAGS) \
$(CYASSL_CFLAGS)
if DTLS_ENABLED
AM_CFLAGS += $(SSL_CFLAGS)
endif
INCLUDES = \ INCLUDES = \
-I$(top_srcdir)/build \ -I$(top_srcdir)/build \
@ -92,8 +89,5 @@ ac_LDADD = \
$(CONFIG_LIBS) \ $(CONFIG_LIBS) \
$(PTHREAD_LIBS) \ $(PTHREAD_LIBS) \
$(LIBXML2_LIBS) \ $(LIBXML2_LIBS) \
$(LIBJSON_LIBS) $(LIBJSON_LIBS) \
$(CYASSL_LIBS)
if DTLS_ENABLED
ac_LDADD += $(SSL_LIBS)
endif

View File

@ -27,7 +27,7 @@ AM_CFLAGS = \
-D_GNU_SOURCE -D_GNU_SOURCE
if DTLS_ENABLED if DTLS_ENABLED
AM_CFLAGS += $(SSL_CFLAGS) AM_CFLAGS += $(CYASSL_CFLAGS)
endif endif
INCLUDES = \ INCLUDES = \
@ -63,7 +63,7 @@ wtp_LDADD = \
$(CONFIG_LIBS) $(CONFIG_LIBS)
if DTLS_ENABLED if DTLS_ENABLED
wtp_LDADD += $(SSL_LIBS) wtp_LDADD += $(CYASSL_LIBS)
endif endif
if BUILD_WTP_WIFI_DRIVERS_NL80211 if BUILD_WTP_WIFI_DRIVERS_NL80211

View File

@ -61,7 +61,6 @@ application: {
calist = "/etc/capwap/ca.crt"; calist = "/etc/capwap/ca.crt";
certificate = "/etc/capwap/ac.crt"; certificate = "/etc/capwap/ac.crt";
privatekey = "/etc/capwap/ac.key"; privatekey = "/etc/capwap/ac.key";
privatekeypassword = "";
}; };
}; };
@ -81,7 +80,7 @@ backend: {
version = "1.0"; version = "1.0";
server: ( server: (
{ url = "http://127.0.0.1/csoap.php"; } { url = "http://127.0.0.1/csoap.php"; }
#{ url = "https://127.0.0.1/csoap.php"; x509: { calist = "/etc/capwap/casoap.crt"; certificate = "/etc/capwap/clientsoap.crt"; privatekey = "/etc/capwap/clientsoap.key"; privatekeypassword = ""; }; } #{ url = "https://127.0.0.1/csoap.php"; x509: { calist = "/etc/capwap/casoap.crt"; certificate = "/etc/capwap/clientsoap.crt"; privatekey = "/etc/capwap/clientsoap.key"; }; }
); );
}; };

View File

@ -1,26 +1,26 @@
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 2 (0x2) Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IT, ST=Italy, L=Rome, O=Capwap CA, CN=CAPWAP_CA/emailAddress=ca@localhost Issuer: C=IT, ST=IT, L=Rome, O=SmartCAPWAP, OU=SmartCAPWAP, CN=SmartCAPWAP CA/name=SmartCAPWAP/emailAddress=vemax78@gmail.com
Validity Validity
Not Before: Apr 11 17:49:25 2009 GMT Not Before: May 15 18:02:09 2014 GMT
Not After : Apr 9 17:49:25 2019 GMT Not After : May 12 18:02:09 2024 GMT
Subject: C=IT, ST=Italy, L=Rome, O=Capwap AC, CN=CAPWAP_AC/emailAddress=ac@localhost Subject: C=IT, ST=IT, L=Rome, O=SmartCAPWAP, OU=SmartCAPWAP, CN=ac1/name=SmartCAPWAP/emailAddress=vemax78@gmail.com
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: rsaEncryption Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit) Public-Key: (1024 bit)
Modulus (1024 bit): Modulus:
00:e2:9f:90:f6:f5:c5:52:23:cc:8d:28:6c:7c:0b: 00:c3:98:2b:82:c3:1b:aa:13:8d:16:e4:d6:7f:c0:
4a:ec:0d:50:de:0d:37:0d:de:75:cb:61:d8:58:e3: 88:d9:f8:2a:52:46:92:be:c2:3d:91:04:07:7a:fb:
3f:ec:cb:5b:b5:e0:ca:87:93:cf:22:f3:7d:35:cf: c6:d1:3b:cc:8a:a0:c2:cd:25:b8:22:9c:11:c4:d5:
2d:ef:ad:a4:8a:d3:8c:ec:7f:d2:7e:19:cb:11:15: ca:be:23:43:af:76:80:fd:65:bc:38:4b:66:1c:ac:
28:b0:ee:74:33:e2:21:24:70:d0:e4:22:2f:eb:59: 05:b1:d2:a4:5b:57:ed:c9:62:e3:67:6e:83:37:c1:
3d:ef:c4:c2:1b:f7:7d:1b:ac:3c:f8:46:c9:0a:f4: cc:38:a7:9b:0b:87:52:da:b1:83:7b:19:4d:99:48:
12:b0:71:11:0d:52:84:d9:a9:76:84:68:33:c6:7c: 96:c9:a3:6d:ad:93:8f:62:ee:f1:38:8a:81:99:0e:
54:1a:4c:34:f4:22:ad:fb:4c:7b:2e:ee:1a:fe:b3: 27:f6:70:ac:0e:93:06:3b:a4:b9:5c:6c:ed:ab:be:
0d:18:38:16:46:48:9d:7a:b7 27:db:52:72:f5:7e:10:36:a5
Exponent: 65537 (0x10001) Exponent: 65537 (0x10001)
X509v3 extensions: X509v3 extensions:
X509v3 Basic Constraints: X509v3 Basic Constraints:
@ -30,44 +30,47 @@ Certificate:
Netscape Comment: Netscape Comment:
Easy-RSA Generated Server Certificate Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier: X509v3 Subject Key Identifier:
63:7B:01:7C:B6:2B:DC:D5:E4:BD:A1:AC:D4:BB:E0:6F:A6:07:16:A4 C6:FE:48:73:99:7A:9E:24:87:8B:43:F8:13:6F:27:FB:4A:71:4D:22
X509v3 Authority Key Identifier: X509v3 Authority Key Identifier:
keyid:49:62:46:06:E1:E5:D3:3A:08:79:C6:D6:FE:93:A8:D9:AA:75:EB:E4 keyid:B8:BE:B2:CB:C6:68:BD:0A:BB:E5:BC:DE:AE:56:FE:25:E6:E4:B3:1C
DirName:/C=IT/ST=Italy/L=Rome/O=Capwap CA/CN=CAPWAP_CA/emailAddress=ca@localhost DirName:/C=IT/ST=IT/L=Rome/O=SmartCAPWAP/OU=SmartCAPWAP/CN=SmartCAPWAP CA/name=SmartCAPWAP/emailAddress=vemax78@gmail.com
serial:94:59:55:20:58:F6:66:33 serial:9A:6A:C6:B2:AA:33:22:C5
X509v3 Extended Key Usage: X509v3 Extended Key Usage:
TLS Web Server Authentication TLS Web Server Authentication
X509v3 Key Usage: X509v3 Key Usage:
Digital Signature, Key Encipherment Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
0a:be:9e:6c:a1:c6:0c:a6:d3:5e:92:6b:09:21:78:99:f0:83: 78:50:cf:ba:f0:b7:98:92:ae:e9:88:ce:10:43:79:22:03:bf:
a1:a4:2f:56:56:55:51:61:f4:04:a5:fe:9a:c4:95:76:01:f3: ad:9f:1b:87:26:00:37:c0:11:21:bd:9e:e9:40:92:1a:0b:50:
72:96:18:e2:96:f9:8d:cf:6d:32:6c:39:9c:92:a2:41:39:e2: a1:de:a5:00:df:8c:4b:5d:6d:09:75:6e:4e:f3:c2:4b:9e:6b:
3f:32:ef:73:75:f0:3e:f4:9c:93:af:31:63:c7:55:2e:8d:de: 08:fe:d0:5c:27:98:fe:30:c9:96:a9:b5:2c:dc:ed:0b:c2:2d:
ab:99:59:82:36:54:49:ef:ef:13:a7:26:db:8f:2e:93:0c:a1: 3e:aa:b7:fd:54:be:17:5e:2f:35:5a:f1:8f:ae:49:3b:87:d5:
d5:b5:e6:5d:7a:a4:3f:1d:8e:ad:73:c5:32:ba:24:d2:4a:f5: 99:8e:04:3a:e6:33:fd:30:4a:70:ac:34:c5:9c:0a:57:c6:ab:
ae:95:18:98:07:80:fc:be:95:45:ce:50:ab:fc:6e:90:7a:8b: 26:e7:98:bf:5d:ac:13:4a:6b:8e:e3:af:5e:e6:9b:e2:80:80:
28:5d b9:ce
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDmTCCAwKgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJJVDEO MIIEMjCCA5ugAwIBAgIBATANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMCSVQx
MAwGA1UECBMFSXRhbHkxDTALBgNVBAcTBFJvbWUxEjAQBgNVBAoTCUNhcHdhcCBD CzAJBgNVBAgTAklUMQ0wCwYDVQQHEwRSb21lMRQwEgYDVQQKEwtTbWFydENBUFdB
QTESMBAGA1UEAxQJQ0FQV0FQX0NBMRswGQYJKoZIhvcNAQkBFgxjYUBsb2NhbGhv UDEUMBIGA1UECxMLU21hcnRDQVBXQVAxFzAVBgNVBAMTDlNtYXJ0Q0FQV0FQIENB
c3QwHhcNMDkwNDExMTc0OTI1WhcNMTkwNDA5MTc0OTI1WjBxMQswCQYDVQQGEwJJ MRQwEgYDVQQpEwtTbWFydENBUFdBUDEgMB4GCSqGSIb3DQEJARYRdmVtYXg3OEBn
VDEOMAwGA1UECBMFSXRhbHkxDTALBgNVBAcTBFJvbWUxEjAQBgNVBAoTCUNhcHdh bWFpbC5jb20wHhcNMTQwNTE1MTgwMjA5WhcNMjQwNTEyMTgwMjA5WjCBmzELMAkG
cCBBQzESMBAGA1UEAxQJQ0FQV0FQX0FDMRswGQYJKoZIhvcNAQkBFgxhY0Bsb2Nh A1UEBhMCSVQxCzAJBgNVBAgTAklUMQ0wCwYDVQQHEwRSb21lMRQwEgYDVQQKEwtT
bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOKfkPb1xVIjzI0obHwL bWFydENBUFdBUDEUMBIGA1UECxMLU21hcnRDQVBXQVAxDDAKBgNVBAMTA2FjMTEU
SuwNUN4NNw3edcth2FjjP+zLW7XgyoeTzyLzfTXPLe+tpIrTjOx/0n4ZyxEVKLDu MBIGA1UEKRMLU21hcnRDQVBXQVAxIDAeBgkqhkiG9w0BCQEWEXZlbWF4NzhAZ21h
dDPiISRw0OQiL+tZPe/Ewhv3fRusPPhGyQr0ErBxEQ1ShNmpdoRoM8Z8VBpMNPQi aWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDmCuCwxuqE40W5NZ/
rftMey7uGv6zDRg4FkZInXq3AgMBAAGjggE/MIIBOzAJBgNVHRMEAjAAMBEGCWCG wIjZ+CpSRpK+wj2RBAd6+8bRO8yKoMLNJbginBHE1cq+I0OvdoD9Zbw4S2YcrAWx
SAGG+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVk 0qRbV+3JYuNnboM3wcw4p5sLh1LasYN7GU2ZSJbJo22tk49i7vE4ioGZDif2cKwO
IFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUY3sBfLYr3NXkvaGs1Lvgb6YH kwY7pLlcbO2rvifbUnL1fhA2pQIDAQABo4IBdzCCAXMwCQYDVR0TBAIwADARBglg
FqQwgaMGA1UdIwSBmzCBmIAUSWJGBuHl0zoIecbW/pOo2ap16+ShdaRzMHExCzAJ hkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRl
BgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTESMBAGA1UE ZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFMb+SHOZep4kh4tD+BNvJ/tK
ChMJQ2Fwd2FwIENBMRIwEAYDVQQDFAlDQVBXQVBfQ0ExGzAZBgkqhkiG9w0BCQEW cU0iMIHbBgNVHSMEgdMwgdCAFLi+ssvGaL0Ku+W83q5W/iXm5LMcoYGspIGpMIGm
DGNhQGxvY2FsaG9zdIIJAJRZVSBY9mYzMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsG MQswCQYDVQQGEwJJVDELMAkGA1UECBMCSVQxDTALBgNVBAcTBFJvbWUxFDASBgNV
A1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOBgQAKvp5socYMptNekmsJIXiZ8IOh BAoTC1NtYXJ0Q0FQV0FQMRQwEgYDVQQLEwtTbWFydENBUFdBUDEXMBUGA1UEAxMO
pC9WVlVRYfQEpf6axJV2AfNylhjilvmNz20ybDmckqJBOeI/Mu9zdfA+9JyTrzFj U21hcnRDQVBXQVAgQ0ExFDASBgNVBCkTC1NtYXJ0Q0FQV0FQMSAwHgYJKoZIhvcN
x1Uujd6rmVmCNlRJ7+8Tpybbjy6TDKHVteZdeqQ/HY6tc8UyuiTSSvWulRiYB4D8 AQkBFhF2ZW1heDc4QGdtYWlsLmNvbYIJAJpqxrKqMyLFMBMGA1UdJQQMMAoGCCsG
vpVFzlCr/G6QeosoXQ== AQUFBwMBMAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQUFAAOBgQB4UM+68LeYkq7p
iM4QQ3kiA7+tnxuHJgA3wBEhvZ7pQJIaC1Ch3qUA34xLXW0JdW5O88JLnmsI/tBc
J5j+MMmWqbUs3O0Lwi0+qrf9VL4XXi81WvGPrkk7h9WZjgQ65jP9MEpwrDTFnApX
xqsm55i/XawTSmuO469e5pvigIC5zg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -1,15 +1,16 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIICWwIBAAKBgQDin5D29cVSI8yNKGx8C0rsDVDeDTcN3nXLYdhY4z/sy1u14MqH MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMOYK4LDG6oTjRbk
k88i8301zy3vraSK04zsf9J+GcsRFSiw7nQz4iEkcNDkIi/rWT3vxMIb930brDz4 1n/AiNn4KlJGkr7CPZEEB3r7xtE7zIqgws0luCKcEcTVyr4jQ692gP1lvDhLZhys
RskK9BKwcRENUoTZqXaEaDPGfFQaTDT0Iq37THsu7hr+sw0YOBZGSJ16twIDAQAB BbHSpFtX7cli42dugzfBzDinmwuHUtqxg3sZTZlIlsmjba2Tj2Lu8TiKgZkOJ/Zw
AoGAM0gEV735rsKnEPIqyk8L3yqMOBMpeBv079buS/7wgjbqQ9fgPJm376LFnJ2L rA6TBjukuVxs7au+J9tScvV+EDalAgMBAAECgYBh1N8OjKBttVHAvb08MQVCYQpq
OYdDip6gbwvlp99SUkVFdfQfmwjmBDk1IfEWYiPO4CUrsIUzid2KtueZW5c6Cm0Q FLqZh3Zb7nP/Y6fSR+LLBBXrno43YXDRz02VRPY58UAbfqNiVPRCKxi+FOn3li5l
RMutCQrsZw9s6VpL9bmV0zsm3MYNYfERs0rPOIW9I3YyrEECQQD5t5V4Uj7+gpZO LN9ad1S510MNg652vpKFnCQjpHDrxOQPxQHGc0XNeF4Xo12IhFxh0DbktloC3/Og
Qvb+tYAVb8NcYTPBfdVbZJ8MRrs9tH2Y2AkuE1D+g7S5qq+Ld1tBIcCeKhlG4+ee PXL0UdvMhZ+X0ErQEQJBAOqLxRYeUSB9HeSFcgNejd0wkM7DKoNyFmJ0jwEb46vO
ClH20s3RAkEA6FM8eGKOhZ4nmu4yzwdMJnqY0d4+56805VS5Z+uJJiXvCXKQ+wQr mKJuA4CFbinX6PZfei8nXbZIBN5p3IS0TA7MU/b+erMCQQDVfEsfmEPUYx7M1oec
e/8BLsWRLxXlqijshsWzHID2g8i/rlC6BwJADiHqrqWQ9Rx03zcA/YdOGWh62PaT rT4+AeSO7KzcC83zeVEmEljwP3zvbM8gn7PLsJAU3K0HEh6scocP6UosTI4o6Ohw
VEcH1SVLrwktvZ9CYG0Rj+797XmMt9lGGBGIM5ZybUEarx1k1VfmLZ7ekQJAKPOD ppVHAkEAsjCp9RnnTKWBlmIDsqedY9RHz63amK6ObxJaqt8DYz28HHs0UeoNPeD4
FTVKKgNWt9iE3DlNEvtJNLUYIX6gtEva4paB9ld5axDmvVhe0dyBON1aWhJiCTxt 7mSvMS/ZNGkWudr3XCKWPg/iIp5HnQJBAMALdtzuMZ5+qDdmiUn1QrevJjc4S2wL
dNQkXkHdMh2QrAlOwQJAcoEhG5Zl0wATXSCFvbvaJKiH9Ab1IjlCtNI3O/+TgQjN pnJu4QQZny5IPpB3VoCniasjowlRVsm0kClbQYqbt2DQYVYF5wtnn4MCQQCz7Rcj
ZQMA0nO5ZJ3p266M8zh2hgIRdNstv4oilqh/3DnO3g== eEZN1STdLv6K03cWKW8nqk+yLgsDFOZpzhIq5ezk/oEX38+1k/KCqwy+9xlQ/oJJ
-----END RSA PRIVATE KEY----- 5lGEUmKCh2XYCBcq
-----END PRIVATE KEY-----

View File

@ -1,20 +1,23 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDNzCCAqCgAwIBAgIJAJRZVSBY9mYzMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNV MIID3TCCA0agAwIBAgIJAJpqxrKqMyLFMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD
BAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTESMBAGA1UEChMJ VQQGEwJJVDELMAkGA1UECBMCSVQxDTALBgNVBAcTBFJvbWUxFDASBgNVBAoTC1Nt
Q2Fwd2FwIENBMRIwEAYDVQQDFAlDQVBXQVBfQ0ExGzAZBgkqhkiG9w0BCQEWDGNh YXJ0Q0FQV0FQMRQwEgYDVQQLEwtTbWFydENBUFdBUDEXMBUGA1UEAxMOU21hcnRD
QGxvY2FsaG9zdDAeFw0wOTA0MTExNzQ2MzlaFw0xOTA0MDkxNzQ2MzlaMHExCzAJ QVBXQVAgQ0ExFDASBgNVBCkTC1NtYXJ0Q0FQV0FQMSAwHgYJKoZIhvcNAQkBFhF2
BgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsGA1UEBxMEUm9tZTESMBAGA1UE ZW1heDc4QGdtYWlsLmNvbTAeFw0xNDA1MTUxODAxNDNaFw0yNDA1MTIxODAxNDNa
ChMJQ2Fwd2FwIENBMRIwEAYDVQQDFAlDQVBXQVBfQ0ExGzAZBgkqhkiG9w0BCQEW MIGmMQswCQYDVQQGEwJJVDELMAkGA1UECBMCSVQxDTALBgNVBAcTBFJvbWUxFDAS
DGNhQGxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw0gvx6qo BgNVBAoTC1NtYXJ0Q0FQV0FQMRQwEgYDVQQLEwtTbWFydENBUFdBUDEXMBUGA1UE
B4fd23/dU5yBdj/TKzVM1/kC/bwRRFjNd2FIMpjsJ7drbwhZo5CrOSFyKn8X4Exr AxMOU21hcnRDQVBXQVAgQ0ExFDASBgNVBCkTC1NtYXJ0Q0FQV0FQMSAwHgYJKoZI
EdkfMjjNFi6mZVmdFfJO4ex+6qJqc1m52AocUEOkyG/52LOnCTsT91yps97obPUF hvcNAQkBFhF2ZW1heDc4QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
8ezK0m9a5dnuoJ8q7lxbGu7m0PJ0Qgws3dsCAwEAAaOB1jCB0zAdBgNVHQ4EFgQU gYkCgYEA72PBMR4HQ+rA+ifXJdMtUujlUQX1yrtXZ0HMdKbHbAbfoY3Rvyfdwo2i
SWJGBuHl0zoIecbW/pOo2ap16+QwgaMGA1UdIwSBmzCBmIAUSWJGBuHl0zoIecbW TMaZYomyCASawZRzkZJvPchu/q9au/UdLuTmeaUCDpvIkibMK5tahTgP5x90IMGu
/pOo2ap16+ShdaRzMHExCzAJBgNVBAYTAklUMQ4wDAYDVQQIEwVJdGFseTENMAsG +uzdgZQaPbv+fjYkAmMGkZYYTha8GhH+vNloSb6n8oUh2eGf1kUCAwEAAaOCAQ8w
A1UEBxMEUm9tZTESMBAGA1UEChMJQ2Fwd2FwIENBMRIwEAYDVQQDFAlDQVBXQVBf ggELMB0GA1UdDgQWBBS4vrLLxmi9CrvlvN6uVv4l5uSzHDCB2wYDVR0jBIHTMIHQ
Q0ExGzAZBgkqhkiG9w0BCQEWDGNhQGxvY2FsaG9zdIIJAJRZVSBY9mYzMAwGA1Ud gBS4vrLLxmi9CrvlvN6uVv4l5uSzHKGBrKSBqTCBpjELMAkGA1UEBhMCSVQxCzAJ
EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAsHOGDPcwslke/Ux3bp2tZj4MizTL BgNVBAgTAklUMQ0wCwYDVQQHEwRSb21lMRQwEgYDVQQKEwtTbWFydENBUFdBUDEU
DJqTRbqoiQLOTfUI7KU0GQ2m+ywTwhpiUPhmqqmgtGKXbL9mQB/qcG6HGNzdRc56 MBIGA1UECxMLU21hcnRDQVBXQVAxFzAVBgNVBAMTDlNtYXJ0Q0FQV0FQIENBMRQw
4ttc1RVErhmM/LZEFjyHamuOryUY5FmS78XXBGFRkvPAap9OSQU4vXPfehYFCL+p EgYDVQQpEwtTbWFydENBUFdBUDEgMB4GCSqGSIb3DQEJARYRdmVtYXg3OEBnbWFp
/L9CoKunApUqH3g= bC5jb22CCQCaasayqjMixTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
ANZuFab2/jLSakpGc0nZjCWAlXm29TCkL1i0yxmpjgbg/tqZrSAb1tuK5IANI7Tz
deOObRRxjjRGgSHnFLcKXmJeGjTmIdX7DLALWQALmc0GG+A1T1vHqVKc3YqjmUP3
4X/JgFqJnF1KkKmcDLiLBmA8W4+rLPe3kKhNloKQ9G1m
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -70,7 +70,6 @@ application: {
calist = "/etc/capwap/ca.crt"; calist = "/etc/capwap/ca.crt";
certificate = "/etc/capwap/wtp.crt"; certificate = "/etc/capwap/wtp.crt";
privatekey = "/etc/capwap/wtp.key"; privatekey = "/etc/capwap/wtp.key";
privatekeypassword = "";
}; };
}; };

View File

@ -1,70 +1,73 @@
Certificate: Certificate:
Data: Data:
Version: 3 (0x2) Version: 3 (0x2)
Serial Number: 3 (0x3) Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IT, ST=Italy, L=Rome, O=Capwap CA, CN=CAPWAP_CA/emailAddress=ca@localhost Issuer: C=IT, ST=IT, L=Rome, O=SmartCAPWAP, OU=SmartCAPWAP, CN=SmartCAPWAP CA/name=SmartCAPWAP/emailAddress=vemax78@gmail.com
Validity Validity
Not Before: Apr 11 17:50:00 2009 GMT Not Before: May 15 18:02:22 2014 GMT
Not After : Apr 9 17:50:00 2019 GMT Not After : May 12 18:02:22 2024 GMT
Subject: C=IT, ST=Italy, L=Rome, O=Capwap WTP, CN=CAPWAP_WTP/emailAddress=wtp@localhost Subject: C=IT, ST=IT, L=Rome, O=SmartCAPWAP, OU=SmartCAPWAP, CN=wtp1/name=SmartCAPWAP/emailAddress=vemax78@gmail.com
Subject Public Key Info: Subject Public Key Info:
Public Key Algorithm: rsaEncryption Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit) Public-Key: (1024 bit)
Modulus (1024 bit): Modulus:
00:d4:78:02:6f:d8:52:3b:ea:7c:13:a9:d4:74:58: 00:b2:b1:a5:56:a7:ef:4d:76:76:0c:09:0f:5e:c3:
4c:d9:6d:e9:54:76:ea:6c:74:8a:70:b7:f8:72:9e: 4b:cd:9c:80:ae:1b:fa:8a:63:6b:3e:5d:df:18:e5:
71:63:bc:db:6e:43:d8:c6:6b:34:94:e4:28:98:a2: 30:25:4a:bf:02:90:a0:1a:db:d9:7b:d3:c0:f2:5b:
5b:16:9e:a8:9e:19:50:61:01:d3:f6:fd:37:e7:8b: 82:de:07:bd:4c:43:66:4d:39:6c:fe:88:d5:1a:ac:
be:9e:bf:bc:96:c2:3e:d3:fa:fe:1a:76:42:5c:92: 47:d0:4c:2d:e0:05:4d:95:80:b5:61:df:84:03:cb:
76:73:1f:97:94:42:38:93:d0:56:a5:b2:b1:5f:ba: 26:f7:b3:77:8c:e5:28:9e:71:5e:4b:01:42:64:64:
90:90:17:f4:88:cb:c6:35:9b:7d:0f:a4:75:6d:d2: d4:1f:8b:e2:c6:12:af:9f:64:de:63:f0:b2:ff:fb:
bb:b2:1d:cf:55:9d:e7:9b:03:35:fe:6f:1b:df:10: 0e:82:d8:ba:cf:a9:21:7f:43:4f:c9:19:e0:50:e1:
3d:58:7b:77:1c:e5:ba:a5:75 90:ac:ce:d2:ab:dc:87:b9:9f
Exponent: 65537 (0x10001) Exponent: 65537 (0x10001)
X509v3 extensions: X509v3 extensions:
X509v3 Basic Constraints: X509v3 Basic Constraints:
CA:FALSE CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
Netscape Comment: Netscape Comment:
Easy-RSA Generated Certificate Easy-RSA Generated Certificate
X509v3 Subject Key Identifier: X509v3 Subject Key Identifier:
53:EB:37:11:23:CC:27:53:89:04:2F:08:C5:05:47:D4:65:23:73:2D 5D:1C:43:55:79:96:EC:CD:9F:81:47:7F:23:F2:88:C4:80:EF:7A:C6
X509v3 Authority Key Identifier: X509v3 Authority Key Identifier:
keyid:49:62:46:06:E1:E5:D3:3A:08:79:C6:D6:FE:93:A8:D9:AA:75:EB:E4 keyid:B8:BE:B2:CB:C6:68:BD:0A:BB:E5:BC:DE:AE:56:FE:25:E6:E4:B3:1C
DirName:/C=IT/ST=Italy/L=Rome/O=Capwap CA/CN=CAPWAP_CA/emailAddress=ca@localhost DirName:/C=IT/ST=IT/L=Rome/O=SmartCAPWAP/OU=SmartCAPWAP/CN=SmartCAPWAP CA/name=SmartCAPWAP/emailAddress=vemax78@gmail.com
serial:94:59:55:20:58:F6:66:33 serial:9A:6A:C6:B2:AA:33:22:C5
X509v3 Extended Key Usage: X509v3 Extended Key Usage:
TLS Web Client Authentication TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption Signature Algorithm: sha1WithRSAEncryption
57:93:d6:43:0b:e6:5f:b7:77:2c:1d:d3:b0:4c:6a:35:62:ec: 2e:1b:fb:12:36:08:97:f4:93:2d:5e:5a:94:e0:67:a9:69:9c:
5b:56:e5:f7:34:b9:c7:8d:9f:e7:cb:12:0d:f0:cf:c7:a3:c1: d3:24:8b:51:87:b4:fd:02:cd:29:9c:54:5f:5c:27:4c:02:08:
24:0f:64:f2:a2:ab:f7:80:e8:a5:66:8a:c3:2f:9b:4f:87:d7: 6a:64:79:84:a9:dd:df:f4:9d:7d:b7:19:e9:26:a6:01:af:a7:
8e:27:e7:29:73:cc:fc:4c:0d:fb:8f:74:ee:7c:bd:ce:d3:01: b4:00:50:51:9d:64:be:f6:38:6b:1d:04:e7:2d:34:16:26:75:
ee:69:1f:42:56:6f:e1:b3:6c:c3:a1:4d:60:14:06:ba:a7:38: 88:01:98:d8:4e:db:3f:a2:f1:9d:d7:9d:cd:8a:07:8a:82:b1:
a0:78:1d:a9:cd:39:90:f2:33:6c:fb:48:cb:6e:80:00:ce:7c: 9f:59:be:4c:e1:0f:8e:2f:ea:cc:98:0a:e1:54:6c:f4:00:a9:
50:e2:e7:6f:83:f1:86:be:39:5c:0c:64:1f:01:7c:1b:9f:e6: 21:fa:9d:ed:81:4d:c6:1f:cd:20:bb:4a:ed:4d:61:50:be:af:
ea:e2 02:f0
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDgjCCAuugAwIBAgIBAzANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJJVDEO MIIEGTCCA4KgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBpjELMAkGA1UEBhMCSVQx
MAwGA1UECBMFSXRhbHkxDTALBgNVBAcTBFJvbWUxEjAQBgNVBAoTCUNhcHdhcCBD CzAJBgNVBAgTAklUMQ0wCwYDVQQHEwRSb21lMRQwEgYDVQQKEwtTbWFydENBUFdB
QTESMBAGA1UEAxQJQ0FQV0FQX0NBMRswGQYJKoZIhvcNAQkBFgxjYUBsb2NhbGhv UDEUMBIGA1UECxMLU21hcnRDQVBXQVAxFzAVBgNVBAMTDlNtYXJ0Q0FQV0FQIENB
c3QwHhcNMDkwNDExMTc1MDAwWhcNMTkwNDA5MTc1MDAwWjB0MQswCQYDVQQGEwJJ MRQwEgYDVQQpEwtTbWFydENBUFdBUDEgMB4GCSqGSIb3DQEJARYRdmVtYXg3OEBn
VDEOMAwGA1UECBMFSXRhbHkxDTALBgNVBAcTBFJvbWUxEzARBgNVBAoTCkNhcHdh bWFpbC5jb20wHhcNMTQwNTE1MTgwMjIyWhcNMjQwNTEyMTgwMjIyWjCBnDELMAkG
cCBXVFAxEzARBgNVBAMUCkNBUFdBUF9XVFAxHDAaBgkqhkiG9w0BCQEWDXd0cEBs A1UEBhMCSVQxCzAJBgNVBAgTAklUMQ0wCwYDVQQHEwRSb21lMRQwEgYDVQQKEwtT
b2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANR4Am/YUjvqfBOp bWFydENBUFdBUDEUMBIGA1UECxMLU21hcnRDQVBXQVAxDTALBgNVBAMTBHd0cDEx
1HRYTNlt6VR26mx0inC3+HKecWO8225D2MZrNJTkKJiiWxaeqJ4ZUGEB0/b9N+eL FDASBgNVBCkTC1NtYXJ0Q0FQV0FQMSAwHgYJKoZIhvcNAQkBFhF2ZW1heDc4QGdt
vp6/vJbCPtP6/hp2QlySdnMfl5RCOJPQVqWysV+6kJAX9IjLxjWbfQ+kdW3Su7Id YWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsrGlVqfvTXZ2DAkP
z1Wd55sDNf5vG98QPVh7dxzluqV1AgMBAAGjggElMIIBITAJBgNVHRMEAjAAMC0G XsNLzZyArhv6imNrPl3fGOUwJUq/ApCgGtvZe9PA8luC3ge9TENmTTls/ojVGqxH
CWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD 0Ewt4AVNlYC1Yd+EA8sm97N3jOUonnFeSwFCZGTUH4vixhKvn2TeY/Cy//sOgti6
VR0OBBYEFFPrNxEjzCdTiQQvCMUFR9RlI3MtMIGjBgNVHSMEgZswgZiAFEliRgbh z6khf0NPyRngUOGQrM7Sq9yHuZ8CAwEAAaOCAV0wggFZMAkGA1UdEwQCMAAwCwYD
5dM6CHnG1v6TqNmqdevkoXWkczBxMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFSXRh VR0PBAQDAgTwMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2Vy
bHkxDTALBgNVBAcTBFJvbWUxEjAQBgNVBAoTCUNhcHdhcCBDQTESMBAGA1UEAxQJ dGlmaWNhdGUwHQYDVR0OBBYEFF0cQ1V5luzNn4FHfyPyiMSA73rGMIHbBgNVHSME
Q0FQV0FQX0NBMRswGQYJKoZIhvcNAQkBFgxjYUBsb2NhbGhvc3SCCQCUWVUgWPZm gdMwgdCAFLi+ssvGaL0Ku+W83q5W/iXm5LMcoYGspIGpMIGmMQswCQYDVQQGEwJJ
MzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEF VDELMAkGA1UECBMCSVQxDTALBgNVBAcTBFJvbWUxFDASBgNVBAoTC1NtYXJ0Q0FQ
BQADgYEAV5PWQwvmX7d3LB3TsExqNWLsW1bl9zS5x42f58sSDfDPx6PBJA9k8qKr V0FQMRQwEgYDVQQLEwtTbWFydENBUFdBUDEXMBUGA1UEAxMOU21hcnRDQVBXQVAg
94DopWaKwy+bT4fXjifnKXPM/EwN+4907ny9ztMB7mkfQlZv4bNsw6FNYBQGuqc4 Q0ExFDASBgNVBCkTC1NtYXJ0Q0FQV0FQMSAwHgYJKoZIhvcNAQkBFhF2ZW1heDc4
oHgdqc05kPIzbPtIy26AAM58UOLnb4Pxhr45XAxkHwF8G5/m6uI= QGdtYWlsLmNvbYIJAJpqxrKqMyLFMBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqG
SIb3DQEBBQUAA4GBAC4b+xI2CJf0ky1eWpTgZ6lpnNMki1GHtP0CzSmcVF9cJ0wC
CGpkeYSp3d/0nX23GekmpgGvp7QAUFGdZL72OGsdBOctNBYmdYgBmNhO2z+i8Z3X
nc2KB4qCsZ9ZvkzhD44v6syYCuFUbPQAqSH6ne2BTcYfzSC7Su1NYVC+rwLw
-----END CERTIFICATE----- -----END CERTIFICATE-----

View File

@ -1,15 +1,16 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIICXAIBAAKBgQDUeAJv2FI76nwTqdR0WEzZbelUdupsdIpwt/hynnFjvNtuQ9jG MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALKxpVan7012dgwJ
azSU5CiYolsWnqieGVBhAdP2/Tfni76ev7yWwj7T+v4adkJcknZzH5eUQjiT0Fal D17DS82cgK4b+opjaz5d3xjlMCVKvwKQoBrb2XvTwPJbgt4HvUxDZk05bP6I1Rqs
srFfupCQF/SIy8Y1m30PpHVt0ruyHc9VneebAzX+bxvfED1Ye3cc5bqldQIDAQAB R9BMLeAFTZWAtWHfhAPLJvezd4zlKJ5xXksBQmRk1B+L4sYSr59k3mPwsv/7DoLY
AoGAAIP2BY1xzaFpAac0079vGEvy9/h94xt5RoK7wJNv1P0dTyws93ZFH2NaUdx6 us+pIX9DT8kZ4FDhkKzO0qvch7mfAgMBAAECgYB3oUyChi1EG9GN3ybmFzMRdPwF
+hgScqe/ES0u9XdxzkcBhGMUswvNmofgk9w/ynQhey7g739TXeEh76zMphNVJf0z FAAYU9TBTREF1rHz1WWpLu+w64xfRPWAi1lCkcXeX6UGgDKC+VJJ6BqvzcBLgkjh
pawFFP/FIIgYVf7CdHkQ8cU4LEvTUCxAE5bICHMuOgCiEQECQQDz5/PSc/ZuMOZq GBaWBCN/F782Ss4svt1dyRrixixUw+RfJLakKSdFPsrdIHctdSLIKsSl4wxj+9ek
ngYOCaf3p3CQdeFcFOeU3ldxW8j5eZR2Xdhu5CCeY5ELPq+yW4+J+6KBAVh6Q8Uv NmGbOBm/2ZJazSzgEQJBAN5abmR53pRdGKgfFKeqUo+ygWSi1IDFqn0niw7DS4TU
MwDCSqrBAkEA3wEBMgaJvpEijv6P6Ryc+khazEASDAbvUmrcUD0t14aPrCoAHAUU 3h/QuI9qWZQlTIK8ibguvpc7wHUK4IZ0pk7TwmN1H6cCQQDNu+4vw2Xe2CFjEkLI
stCCcn8zV4MqETPr7bO9joh/oh7IpCGrtQJAMYzTydNpIuWoScykqkFn8DYB9jcc X1stba8tsdqP04BGFectrxoeUhLMZtG2Y0ZCx+BjAACXTqfchsSjv+G9Fj/QHJLg
e1p72ZB57zuYTqZWdN2H1K9fuQ29L62if/d956hJUS/2y4/tBTO1WcNVgQJBALQK TxVJAkB8VQjBejvxrhTpfWepUV4VJ/WedkZpMx5gGUpymNWTkwwZsjZhS1CHvEuK
jJuF2cmoRV1rOma6+iW7KstCYw+gvbEtoyeI7SzXb8FQu3vjwj1HyDmGZr4doGX5 Fy7TJKBCJJE7YTenN3b/QP3Da2ylAkEAwVzMdR/Vcyj32EGleuYEsCHS78OlhGBo
JF5pwf2ESH9sGRMiOA0CQGKVeegxodjqwNEY8WqJjgROHkI1aJhdHVehAcCLhtGX w3Z6nTlh9vV0raBFooKT2tg5UVMDOzK2GlKgJreF104+E7+HXEN34QJAYF76xuMm
WBcQEK73GJC5Kb4yTg0VEFkIWeGpy0aDnOyTJlNrQKc= bKi3V1bI7/t8hXs87LLHjR90PHNzLdy61lWxMvb8oWe8KjDyaE253h24a6tEPzT1
-----END RSA PRIVATE KEY----- a8lIpqpuuuvTbg==
-----END PRIVATE KEY-----

View File

@ -70,18 +70,6 @@ AC_ARG_ENABLE(
[enable_wtp="yes"] [enable_wtp="yes"]
) )
AC_ARG_WITH(
[ssl-library],
[AS_HELP_STRING([--with-ssl-library=library], [build with the given crypto library, TYPE=openssl|cyassl @<:@default=openssl@:>@])],
[
case "${withval}" in
openssl|cyassl) ;;
*) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
esac
],
[with_ssl_library="openssl"]
)
AC_ARG_WITH( AC_ARG_WITH(
[mem-check], [mem-check],
[AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|internal|valgrind @<:@default=internal@:>@])], [AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=no|internal|valgrind @<:@default=internal@:>@])],
@ -194,14 +182,13 @@ AC_DEFINE_UNQUOTED([LIBCONFIG_LOOKUP_INT_ARG], [$LIBCONFIG_LOOKUP_INT_ARG], [con
AC_CHECK_HEADER([pthread.h], [], [AC_MSG_ERROR(You need the pthread headers)]) AC_CHECK_HEADER([pthread.h], [], [AC_MSG_ERROR(You need the pthread headers)])
AC_CHECK_LIB([pthread], [pthread_create], [PTHREAD_LIBS="-lpthread"], [AC_MSG_ERROR(You need the pthread library)]) AC_CHECK_LIB([pthread], [pthread_create], [PTHREAD_LIBS="-lpthread"], [AC_MSG_ERROR(You need the pthread library)])
# Check XML2 library # Check SSL library
PKG_CHECK_MODULES( PKG_CHECK_MODULES([CYASSL], [cyassl >= 3.0.0], [have_cyassl_ssl="yes"], [have_cyassl_ssl="no"])
[LIBXML2],
[libxml-2.0 >= 2.6]
)
# Check JSON library # Check JSON library
if test "${enable_ac}" = "yes"; then if test "${enable_ac}" = "yes"; then
test "x${have_cyassl_ssl}" != "xyes" && AC_MSG_ERROR(You need the cyassl library)
PKG_CHECK_MODULES( PKG_CHECK_MODULES(
[LIBJSON], [LIBJSON],
[json-c >= 0.11], [json-c >= 0.11],
@ -213,6 +200,12 @@ if test "${enable_ac}" = "yes"; then
[AC_MSG_ERROR(You need the libjson)] [AC_MSG_ERROR(You need the libjson)]
)] )]
) )
# Check XML2 library
PKG_CHECK_MODULES(
[LIBXML2],
[libxml-2.0 >= 2.6]
)
fi fi
# Check nl80211 # Check nl80211
@ -235,79 +228,8 @@ if test "${enable_wifi_drivers_nl80211}" = "yes"; then
fi fi
AM_CONDITIONAL([BUILD_WTP_WIFI_DRIVERS_NL80211], [test "${enable_wifi_drivers_nl80211}" = "yes"]) AM_CONDITIONAL([BUILD_WTP_WIFI_DRIVERS_NL80211], [test "${enable_wifi_drivers_nl80211}" = "yes"])
# Check SSL library
if test "${with_ssl_library}" = "openssl"; then
PKG_CHECK_MODULES(
[OPENSSL_CRYPTO],
[libcrypto >= 1.0.0],
[have_openssl_crypto="yes"],
[AC_CHECK_LIB(
[crypto],
[RSA_new],
[
have_openssl_crypto="yes"
OPENSSL_CRYPTO_LIBS="-lcrypto"
]
)]
)
PKG_CHECK_MODULES(
[OPENSSL_SSL],
[libssl >= 1.0.0],
[have_openssl_ssl="yes"],
[AC_CHECK_LIB(
[ssl],
[SSL_CTX_new],
[
have_openssl_ssl="yes"
OPENSSL_SSL_LIBS="-lssl"
]
)]
)
if test "x${have_openssl_ssl}" = "xyes"; then
have_openssl_engine="yes"
OPENSSL_SSL_LIBS="${OPENSSL_SSL_LIBS} -ldl"
#saved_CFLAGS="${CFLAGS}"
#saved_LIBS="${LIBS}"
#CFLAGS="${CFLAGS} ${OPENSSL_SSL_CFLAGS}"
#LIBS="${LIBS} ${OPENSSL_SSL_LIBS}"
#AC_CHECK_FUNC([SSL_CTX_set_cookie_generate_cb], , [AC_MSG_ERROR([${with_ssl_library} SSL_CTX_set_cookie_generate_cb function is required but missing])])
#AC_CHECK_FUNC([SSL_CTX_set_cookie_verify_cb], , [AC_MSG_ERROR([${with_ssl_library} SSL_CTX_set_cookie_verify_cb function is required but missing])])
#CFLAGS="${saved_CFLAGS}"
#LIBS="${saved_LIBS}"
fi
elif test "${with_ssl_library}" = "cyassl"; then
AC_CHECK_HEADER([cyassl/ssl.h], [], [AC_MSG_ERROR(You need the cyassl headers)])
AC_CHECK_HEADER([cyassl/openssl/ssl.h], [], [AC_MSG_ERROR(You need the cyassl opensslextra headers)])
AC_CHECK_LIB([cyassl], [CyaSSL_Init], [], [AC_MSG_ERROR(You need the cyassl library)])
have_cyassl_engine="yes"
have_cyassl_ssl="yes"
fi
case "${with_ssl_library}" in
openssl)
have_crypto_engine="${have_openssl_engine}"
have_crypto_crypto="${have_openssl_crypto}"
have_crypto_ssl="${have_openssl_ssl}"
SSL_CFLAGS="${OPENSSL_CRYPTO_CFLAGS} ${OPENSSL_SSL_CFLAGS}"
SSL_LIBS="${OPENSSL_SSL_LIBS}"
test "x${have_crypto_engine}" = "xyes" && AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [Use ssl library])
;;
cyassl)
have_crypto_engine="${have_cyassl_engine}"
have_crypto_crypto="${have_cyassl_ssl}"
have_crypto_ssl="${have_cyassl_ssl}"
SSL_CFLAGS=""
SSL_LIBS="-lcyassl"
test "x${have_crypto_engine}" = "xyes" && AC_DEFINE([HAVE_CYASSL_ENGINE], [1], [Use ssl library])
;;
esac
if test "${enable_dtls}" = "yes"; then if test "${enable_dtls}" = "yes"; then
test "x${have_crypto_engine}" != "xyes" && AC_MSG_ERROR([${with_ssl_library} engine is required but missing]) test "x${have_cyassl_ssl}" != "xyes" && AC_MSG_ERROR(You need the cyassl library)
test "x${have_crypto_ssl}" != "xyes" && AC_MSG_ERROR([${with_ssl_library} ssl is required but missing])
test "x${have_crypto_crypto}" != "xyes" && AC_MSG_ERROR([${with_ssl_library} crypto is required but missing])
AC_DEFINE([ENABLE_DTLS], [1], [Enable DTLS]) AC_DEFINE([ENABLE_DTLS], [1], [Enable DTLS])
fi fi

View File

@ -447,12 +447,6 @@ static int ac_parsing_configuration_1_0(config_t* config) {
} }
} }
if (config_lookup_string(config, "application.dtls.x509.privatekeypassword", &configString) == CONFIG_TRUE) {
if (strlen(configString) > 0) {
dtlsparam.cert.pwdprivatekey = capwap_duplicate_string(configString);
}
}
if (dtlsparam.cert.fileca && dtlsparam.cert.filecert && dtlsparam.cert.filekey) { if (dtlsparam.cert.fileca && dtlsparam.cert.filecert && dtlsparam.cert.filekey) {
if (capwap_crypt_createcontext(&g_ac.dtlscontext, &dtlsparam)) { if (capwap_crypt_createcontext(&g_ac.dtlscontext, &dtlsparam)) {
g_ac.enabledtls = 1; g_ac.enabledtls = 1;
@ -471,10 +465,6 @@ static int ac_parsing_configuration_1_0(config_t* config) {
if (dtlsparam.cert.filekey) { if (dtlsparam.cert.filekey) {
capwap_free(dtlsparam.cert.filekey); capwap_free(dtlsparam.cert.filekey);
} }
if (dtlsparam.cert.pwdprivatekey) {
capwap_free(dtlsparam.cert.pwdprivatekey);
}
} else if (dtlsparam.mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) { } else if (dtlsparam.mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) {
if (config_lookup_string(config, "application.dtls.presharedkey.hint", &configString) == CONFIG_TRUE) { if (config_lookup_string(config, "application.dtls.presharedkey.hint", &configString) == CONFIG_TRUE) {
if (strlen(configString) > 0) { if (strlen(configString) > 0) {
@ -630,7 +620,6 @@ static int ac_parsing_configuration_1_0(config_t* config) {
char* calist = NULL; char* calist = NULL;
char* certificate = NULL; char* certificate = NULL;
char* privatekey = NULL; char* privatekey = NULL;
char* privatekeypassword = NULL;
config_setting_t* configSSL; config_setting_t* configSSL;
/* */ /* */
@ -658,17 +647,11 @@ static int ac_parsing_configuration_1_0(config_t* config) {
} }
} }
if (config_setting_lookup_string(configSSL, "privatekeypassword", &configString) == CONFIG_TRUE) {
if (strlen(configString) > 0) {
privatekeypassword = capwap_duplicate_string(configString);
}
}
/* */ /* */
if (calist && certificate && privatekey) { if (calist && certificate && privatekey) {
server->sslcontext = capwap_socket_crypto_createcontext(calist, certificate, privatekey, privatekeypassword); server->sslcontext = capwap_socket_crypto_createcontext(calist, certificate, privatekey);
if (!server->sslcontext) { if (!server->sslcontext) {
capwap_logging_error("Invalid configuration file, invalid backend.server.x509 value"); capwap_logging_error("Invalid configuration file, unable to initialize crypto library");
return 0; return 0;
} }
} else { } else {
@ -680,9 +663,6 @@ static int ac_parsing_configuration_1_0(config_t* config) {
capwap_free(calist); capwap_free(calist);
capwap_free(certificate); capwap_free(certificate);
capwap_free(privatekey); capwap_free(privatekey);
if (privatekeypassword) {
capwap_free(privatekeypassword);
}
} }
/* Add item */ /* Add item */
@ -824,7 +804,7 @@ int main(int argc, char** argv) {
capwap_init_rand(); capwap_init_rand();
/* Init crypt */ /* Init crypt */
if (!capwap_crypt_init()) { if (capwap_crypt_init()) {
capwap_logging_fatal("Error to init crypt engine"); capwap_logging_fatal("Error to init crypt engine");
return CAPWAP_CRYPT_ERROR; return CAPWAP_CRYPT_ERROR;
} }

View File

@ -831,7 +831,7 @@ int ac_execute(void) {
} }
} else if (check == CAPWAP_DTLS_PACKET) { } else if (check == CAPWAP_DTLS_PACKET) {
/* Before create new session check if receive DTLS Client Hello */ /* Before create new session check if receive DTLS Client Hello */
if (capwap_sanity_check_dtls_clienthello(&((char*)buffer)[sizeof(struct capwap_dtls_header)], buffersize - sizeof(struct capwap_dtls_header))) { if (capwap_crypt_has_dtls_clienthello(&((char*)buffer)[sizeof(struct capwap_dtls_header)], buffersize - sizeof(struct capwap_dtls_header))) {
struct capwap_socket ctrlsock; struct capwap_socket ctrlsock;
/* Retrive socket info */ /* Retrive socket info */
@ -868,7 +868,7 @@ int ac_execute(void) {
if (!plain) { if (!plain) {
if (buffersize <= sizeof(struct capwap_dtls_header)) { if (buffersize <= sizeof(struct capwap_dtls_header)) {
plain = -1; plain = -1;
} else if (!capwap_sanity_check_dtls_clienthello(&((char*)buffer)[sizeof(struct capwap_dtls_header)], buffersize - sizeof(struct capwap_dtls_header))) { } else if (!capwap_crypt_has_dtls_clienthello(&((char*)buffer)[sizeof(struct capwap_dtls_header)], buffersize - sizeof(struct capwap_dtls_header))) {
plain = -1; plain = -1;
} }
} }

View File

@ -1,518 +1,228 @@
#include "capwap.h" #include "capwap.h"
#include "capwap_dtls.h" #include "capwap_dtls.h"
#include "capwap_protocol.h" #include "capwap_protocol.h"
#include <cyassl/options.h>
#include <openssl/ssl.h> #include <cyassl/ssl.h>
#include <openssl/bio.h> #include <cyassl/ctaocrypt/sha.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/conf.h>
#ifdef CAPWAP_MULTITHREADING_ENABLE
#include <pthread.h>
static pthread_mutex_t* l_mutex_buffer = NULL;
#endif
#define CAPWAP_DTLS_CERT_VERIFY_DEPTH 1
#define CAPWAP_DTLS_MTU_SIZE 16384
#define OPENSSL_EXDATA_APPLICATION 0
#define OPENSSL_EXDATA_DTLSCONTEXT 1
#define OPENSSL_EXDATA_DTLS 2
/* */ /* */
static int capwap_bio_method_new(BIO* bio); static const char g_char2hex[] = {
static int capwap_bio_method_free(BIO* bio); 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,
static int capwap_bio_method_puts(BIO* bio, const char* str); -1, -1, -1, -1, -1, -1, -1,
static int capwap_bio_method_read(BIO* bio, char* str, int length); 10, 11, 12, 13, 14, 15, /* Upper Case A - F */
static int capwap_bio_method_write(BIO* bio, const char* str, int length); -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
static long capwap_bio_method_ctrl(BIO* bio, int cmd, long num, void* ptr); 10, 11, 12, 13, 14, 15 /* Lower Case a - f */
/* OpenSSL BIO methods */
static BIO_METHOD bio_methods_memory = {
BIO_TYPE_DGRAM,
"dtls capwap packet",
capwap_bio_method_write,
capwap_bio_method_read,
capwap_bio_method_puts,
NULL,
capwap_bio_method_ctrl,
capwap_bio_method_new,
capwap_bio_method_free,
NULL,
};
/* OpenSSL BIO custom data */
struct bio_capwap_data {
int mtu;
struct sockaddr_storage peer;
struct capwap_dtls* dtls;
capwap_bio_send send;
void* param;
}; };
static const int g_char2hex_length = sizeof(g_char2hex) / sizeof(g_char2hex[0]);
/* */ /* */
static BIO* capwap_bio_new() { static int capwap_bio_method_recv(CYASSL* ssl, char* buffer, int length, void* context) {
BIO* result; struct capwap_dtls* dtls = (struct capwap_dtls*)context;
result = BIO_new(&bio_methods_memory);
if (result) {
memset(result->ptr, 0, sizeof(struct bio_capwap_data));
}
return result;
}
/* */
static int capwap_bio_method_new(BIO* bio) {
bio->init = 1;
bio->num = 0;
bio->flags = 0;
bio->ptr = (char*)capwap_alloc(sizeof(struct bio_capwap_data));
return 1;
}
/* */
static int capwap_bio_method_free(BIO* bio) {
if (bio == NULL) {
return 0;
} else if (bio->ptr) {
capwap_free(bio->ptr);
}
return 1;
}
/* */
static int capwap_bio_method_puts(BIO* bio, const char* str) {
return capwap_bio_method_write(bio, str, strlen(str));
}
/* */
static int capwap_bio_method_read(BIO* bio, char* str, int length) {
struct bio_capwap_data* data = (struct bio_capwap_data*)bio->ptr;
struct capwap_dtls_header* dtlspreamble; struct capwap_dtls_header* dtlspreamble;
int size; int size;
/* Check read packet */ /* Check read packet */
if ((data->dtls->length < sizeof(struct capwap_dtls_header)) || !data->dtls->buffer) { if ((dtls->length < sizeof(struct capwap_dtls_header)) || !dtls->buffer) {
if (!data->dtls->length && !data->dtls->buffer) { if (!dtls->length && !dtls->buffer) {
BIO_set_retry_read(bio); /* Notify empty buffer */ return CYASSL_CBIO_ERR_WANT_READ; /* Notify empty buffer */
} }
return -1; return CYASSL_CBIO_ERR_GENERAL;
} }
/* Check DTLS Capwap Preamble */ /* Check DTLS Capwap Preamble */
dtlspreamble = (struct capwap_dtls_header*)data->dtls->buffer; dtlspreamble = (struct capwap_dtls_header*)dtls->buffer;
if ((dtlspreamble->preamble.version != CAPWAP_PROTOCOL_VERSION) || (dtlspreamble->preamble.type != CAPWAP_PREAMBLE_DTLS_HEADER)) { if ((dtlspreamble->preamble.version != CAPWAP_PROTOCOL_VERSION) || (dtlspreamble->preamble.type != CAPWAP_PREAMBLE_DTLS_HEADER)) {
capwap_logging_debug("Wrong DTLS Capwap Preamble"); capwap_logging_debug("Wrong DTLS Capwap Preamble");
return -1; /* Wrong DTLS Capwap Preamble */ return CYASSL_CBIO_ERR_GENERAL; /* Wrong DTLS Capwap Preamble */
} }
/* */ /* */
size = data->dtls->length - sizeof(struct capwap_dtls_header); size = dtls->length - sizeof(struct capwap_dtls_header);
data->dtls->length = 0; dtls->length = 0;
data->dtls->buffer += sizeof(struct capwap_dtls_header); dtls->buffer += sizeof(struct capwap_dtls_header);
if (size > length) { if (size > length) {
data->dtls->buffer = NULL; dtls->buffer = NULL;
return -1; return CYASSL_CBIO_ERR_GENERAL;
} }
/* Copy DTLS packet */ /* Copy DTLS packet */
memcpy(str, data->dtls->buffer, size); memcpy(buffer, dtls->buffer, size);
data->dtls->buffer = NULL; dtls->buffer = NULL;
return size; return size;
} }
/* */ /* */
static int capwap_bio_method_write(BIO* bio, const char* str, int length) { static int capwap_bio_method_send(CYASSL* ssl, char* buffer, int length, void* context) {
struct bio_capwap_data* data = (struct bio_capwap_data*)bio->ptr; char data[CAPWAP_MAX_PACKET_SIZE];
char buffer[CAPWAP_MAX_PACKET_SIZE]; struct capwap_dtls* dtls = (struct capwap_dtls*)context;
struct capwap_dtls_header* dtlspreamble = (struct capwap_dtls_header*)&buffer[0]; struct capwap_dtls_header* dtlspreamble = (struct capwap_dtls_header*)data;
/* Check for maxium size of packet */ /* Check for maxium size of packet */
if (length > (CAPWAP_MAX_PACKET_SIZE - sizeof(struct capwap_dtls_header))) { if (length > (CAPWAP_MAX_PACKET_SIZE - sizeof(struct capwap_dtls_header))) {
return -1; return CYASSL_CBIO_ERR_GENERAL;
} }
/* Create DTLS Capwap Preamble */ /* Create DTLS Capwap Preamble */
dtlspreamble->preamble.version = CAPWAP_PROTOCOL_VERSION; dtlspreamble->preamble.version = CAPWAP_PROTOCOL_VERSION;
dtlspreamble->preamble.type = CAPWAP_PREAMBLE_DTLS_HEADER; dtlspreamble->preamble.type = CAPWAP_PREAMBLE_DTLS_HEADER;
dtlspreamble->reserved1 = dtlspreamble->reserved2 = dtlspreamble->reserved3 = 0; dtlspreamble->reserved1 = dtlspreamble->reserved2 = dtlspreamble->reserved3 = 0;
memcpy(&buffer[0] + sizeof(struct capwap_dtls_header), str, length); memcpy(&data[0] + sizeof(struct capwap_dtls_header), buffer, length);
/* Send packet */ /* Send packet */
if (!data->send(data->dtls, buffer, length + sizeof(struct capwap_dtls_header), data->param)) { if (!dtls->send(dtls, data, length + sizeof(struct capwap_dtls_header), dtls->sendparam)) {
return -1; return CYASSL_CBIO_ERR_GENERAL;
} }
/* Don't return size of DTLS Capwap Preamble */ /* Don't return size of DTLS Capwap Preamble */
return length; return length;
} }
/* */
static long capwap_bio_method_ctrl(BIO* bio, int cmd, long num, void* ptr) {
long result = 1;
struct bio_capwap_data* data = (struct bio_capwap_data*)bio->ptr;
switch (cmd) {
case BIO_CTRL_RESET: {
result = 0;
break;
}
case BIO_CTRL_EOF: {
result = 0;
break;
}
case BIO_CTRL_INFO: {
result = 0;
break;
}
case BIO_CTRL_GET_CLOSE: {
result = bio->shutdown;
break;
}
case BIO_CTRL_SET_CLOSE: {
bio->shutdown = (int)num;
break;
}
case BIO_CTRL_WPENDING:
case BIO_CTRL_PENDING: {
result = 0;
break;
}
case BIO_CTRL_DUP:
case BIO_CTRL_FLUSH: {
result = 1;
break;
}
case BIO_CTRL_PUSH: {
result = 0;
break;
}
case BIO_CTRL_POP: {
result = 0;
break;
}
case BIO_CTRL_DGRAM_QUERY_MTU: {
data->mtu = CAPWAP_DTLS_MTU_SIZE;
result = data->mtu;
break;
}
case BIO_CTRL_DGRAM_GET_MTU: {
result = data->mtu;
break;
}
case BIO_CTRL_DGRAM_SET_MTU: {
data->mtu = (int)num;
result = data->mtu;
break;
}
case BIO_CTRL_DGRAM_SET_PEER: {
memcpy(&data->peer, ptr, sizeof(struct sockaddr_storage));
break;
}
case BIO_CTRL_DGRAM_GET_PEER: {
memcpy(ptr, &data->peer, sizeof(struct sockaddr_storage));
break;
}
case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: {
break;
}
default: {
result = 0;
break;
}
}
return result;
}
#ifdef CAPWAP_MULTITHREADING_ENABLE
/* */
unsigned long capwap_openssl_idcallback(void) {
return (unsigned long)pthread_self();
}
/* */
void capwap_openssl_lockingcallback(int mode, int n, const char* file, int line) {
ASSERT(l_mutex_buffer != NULL);
if (mode & CRYPTO_LOCK) {
pthread_mutex_lock(&l_mutex_buffer[n]);
} else {
pthread_mutex_unlock(&l_mutex_buffer[n]);
}
}
#endif
/* */ /* */
int capwap_crypt_init() { int capwap_crypt_init() {
#ifdef CAPWAP_MULTITHREADING_ENABLE int result;
int i;
int numlocks;
#endif
SSL_load_error_strings(); /* Init library */
SSL_library_init(); result = CyaSSL_Init();
OpenSSL_add_all_algorithms(); if (result != SSL_SUCCESS) {
return -1;
#ifdef CAPWAP_MULTITHREADING_ENABLE
/* Configure OpenSSL thread-safe */
numlocks = CRYPTO_num_locks();
l_mutex_buffer = (pthread_mutex_t*)capwap_alloc(numlocks * sizeof(pthread_mutex_t));
for (i = 0; i < numlocks; i++) {
pthread_mutex_init(&l_mutex_buffer[i], NULL);
} }
/* OpenSSL thread-safe callbacks */ return 0;
CRYPTO_set_id_callback(capwap_openssl_idcallback);
CRYPTO_set_locking_callback(capwap_openssl_lockingcallback);
#endif
return 1;
} }
/* */ /* */
void capwap_crypt_free() { void capwap_crypt_free() {
/* Clear error queue */ CyaSSL_Cleanup();
ERR_clear_error();
ERR_remove_state(0);
ERR_remove_thread_state(NULL);
/* */
#ifdef CAPWAP_MULTITHREADING_ENABLE
int i;
int numlocks;
ASSERT(l_mutex_buffer != NULL);
/* */
CRYPTO_set_id_callback(NULL);
CRYPTO_set_locking_callback(NULL);
/* */
numlocks = CRYPTO_num_locks();
for (i = 0; i < numlocks; i++) {
pthread_mutex_destroy(&l_mutex_buffer[i]);
}
capwap_free(l_mutex_buffer);
l_mutex_buffer = NULL;
#endif
/* */
ERR_free_strings();
RAND_cleanup();
ENGINE_cleanup();
EVP_cleanup();
OBJ_cleanup();
CONF_modules_finish();
CONF_modules_free();
CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data();
sk_SSL_COMP_free (SSL_COMP_get_compression_methods());
} }
/* */ /* */
static int check_passwd(char* buffer, int size, int rwflag, void* userdata) { static int capwap_crypt_verifycertificate(int preverify_ok, CYASSL_X509_STORE_CTX* ctx) {
int length;
struct capwap_dtls_context* dtlscontext = (struct capwap_dtls_context*)userdata;
ASSERT(dtlscontext != NULL);
ASSERT(dtlscontext->mode == CAPWAP_DTLS_MODE_CERTIFICATE);
ASSERT(dtlscontext->cert.pwdprivatekey != NULL);
length = strlen(dtlscontext->cert.pwdprivatekey);
if (!buffer || (size < (length + 1))) {
return 0;
}
strcpy(buffer, dtlscontext->cert.pwdprivatekey);
return length;
}
/* */
static int verify_certificate(int preverify_ok, X509_STORE_CTX* ctx) {
int err;
int depth;
X509* err_cert;
char buf[256];
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
X509_verify_cert_error_string(err);
depth = X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
if (depth > CAPWAP_DTLS_CERT_VERIFY_DEPTH) {
preverify_ok = 0;
err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
X509_STORE_CTX_set_error(ctx, err);
}
if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
}
return preverify_ok; return preverify_ok;
} }
static int create_cookie(SSL* ssl, unsigned char* cookie, unsigned int* cookie_len) { /* */
int length; static unsigned int capwap_crypt_psk_client(CYASSL* ssl, const char* hint, char* identity, unsigned int max_identity_len, unsigned char* psk, unsigned int max_psk_len) {
unsigned char* buffer; struct capwap_dtls* dtls = (struct capwap_dtls*)CyaSSL_GetIOReadCtx(ssl);
struct sockaddr_storage peer;
struct capwap_app_data* appdata; ASSERT(dtls != NULL);
ASSERT(dtls->dtlscontext != NULL);
/* */ /* */
appdata = (struct capwap_app_data*)SSL_get_app_data(ssl); if ((max_identity_len < strlen(dtls->dtlscontext->presharedkey.identity)) || (max_psk_len < dtls->dtlscontext->presharedkey.pskkeylength)) {
if (!appdata) {
return 0;
}
/* Read peer information */
if (BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer) < 0) {
return 0;
}
/* Create buffer with peer's address and port */
if (peer.ss_family == AF_INET) {
length = sizeof(struct in_addr) + sizeof(in_port_t);
} else if (peer.ss_family == AF_INET6) {
length = sizeof(struct in6_addr) + sizeof(in_port_t);
} else {
return 0; return 0;
} }
/* */ /* */
buffer = capwap_alloc(length); strcpy(identity, dtls->dtlscontext->presharedkey.identity);
if (peer.ss_family == AF_INET) { memcpy(psk, dtls->dtlscontext->presharedkey.pskkey, dtls->dtlscontext->presharedkey.pskkeylength);
struct sockaddr_in* peeripv4 = (struct sockaddr_in*)&peer; return dtls->dtlscontext->presharedkey.pskkeylength;
memcpy(buffer, &peeripv4->sin_port, sizeof(in_port_t));
memcpy(buffer + sizeof(in_port_t), &peeripv4->sin_addr, sizeof(struct in_addr));
} else if (peer.ss_family == AF_INET6) {
struct sockaddr_in6* peeripv6 = (struct sockaddr_in6*)&peer;
memcpy(buffer, &peeripv6->sin6_port, sizeof(in_port_t));
memcpy(buffer + sizeof(in_port_t), &peeripv6->sin6_addr, sizeof(struct in6_addr));
}
/* Calculate HMAC of buffer using the secret */
HMAC(EVP_sha1(), appdata->cookie, CAPWAP_COOKIE_SECRET_LENGTH, buffer, length, cookie, cookie_len);
capwap_free(buffer);
return 1;
} }
/* */ /* */
static int generate_cookie(SSL* ssl, unsigned char* cookie, unsigned int* cookie_len) { static unsigned int capwap_crypt_psk_server(CYASSL* ssl, const char* identity, unsigned char* psk, unsigned int max_psk_len) {
unsigned int resultlength; struct capwap_dtls* dtls = (struct capwap_dtls*)CyaSSL_GetIOReadCtx(ssl);
unsigned char result[EVP_MAX_MD_SIZE];
if (!create_cookie(ssl, &result[0], &resultlength)) { ASSERT(dtls != NULL);
return 0; ASSERT(dtls->dtlscontext != NULL);
}
/* Cookie generated */
memcpy(cookie, result, resultlength);
*cookie_len = resultlength;
return 1;
}
/* */
static int verify_cookie(SSL* ssl, unsigned char* cookie, unsigned int cookie_len) {
unsigned int resultlength;
unsigned char result[EVP_MAX_MD_SIZE];
if (!create_cookie(ssl, &result[0], &resultlength)) {
return 0;
}
/* Check cookie */
if ((cookie_len != resultlength) || (memcmp(result, cookie, resultlength) != 0)) {
return 0;
}
return 1;
}
/* */
static unsigned int capwap_crypt_psk_client(SSL* ssl, const char* hint, char* identity, unsigned int max_identity_len, unsigned char* psk, unsigned int max_psk_len) {
struct capwap_dtls_context* dtlscontext = (struct capwap_dtls_context*)SSL_get_ex_data(ssl, OPENSSL_EXDATA_DTLSCONTEXT);
ASSERT(dtlscontext != NULL);
/* */ /* */
if ((max_identity_len < strlen(dtlscontext->presharedkey.identity)) || (max_psk_len < dtlscontext->presharedkey.pskkeylength)) { if (strcmp(identity, dtls->dtlscontext->presharedkey.identity) || (max_psk_len < dtls->dtlscontext->presharedkey.pskkeylength)) {
return 0; return 0;
} }
/* */ /* */
strcpy(identity, dtlscontext->presharedkey.identity); memcpy(psk, dtls->dtlscontext->presharedkey.pskkey, dtls->dtlscontext->presharedkey.pskkeylength);
memcpy(psk, dtlscontext->presharedkey.pskkey, dtlscontext->presharedkey.pskkeylength); return dtls->dtlscontext->presharedkey.pskkeylength;
return dtlscontext->presharedkey.pskkeylength;
}
/* */
static unsigned int capwap_crypt_psk_server(SSL* ssl, const char* identity, unsigned char* psk, unsigned int max_psk_len) {
struct capwap_dtls_context* dtlscontext = (struct capwap_dtls_context*)SSL_get_ex_data(ssl, OPENSSL_EXDATA_DTLSCONTEXT);
ASSERT(dtlscontext != NULL);
/* */
if (strcmp(identity, dtlscontext->presharedkey.identity) || (max_psk_len < dtlscontext->presharedkey.pskkeylength)) {
return 0;
}
/* */
memcpy(psk, dtlscontext->presharedkey.pskkey, dtlscontext->presharedkey.pskkeylength);
return dtlscontext->presharedkey.pskkeylength;
} }
/* */ /* */
static unsigned int capwap_crypt_psk_to_bin(char* pskkey, unsigned char** pskbin) { static unsigned int capwap_crypt_psk_to_bin(char* pskkey, unsigned char** pskbin) {
int i, j;
int length; int length;
BIGNUM* bn = NULL; int result;
unsigned char* buffer;
/* */
if (!BN_hex2bn(&bn, pskkey)) {
if (bn) {
BN_free(bn);
}
/* Convert string to hex */
length = strlen(pskkey);
if (!length || (length % 2)) {
return 0; return 0;
} }
/* Convert into binary */ /* */
*pskbin = (unsigned char*)capwap_alloc(BN_num_bytes(bn)); result = length / 2;
length = BN_bn2bin(bn, *pskbin); buffer = (unsigned char*)capwap_alloc(result);
BN_free(bn); for (i = 0, j = 0; i < length; i += 2, j++) {
char valuehi = pskkey[i] - 48;
char valuelo = pskkey[i + 1] - 48;
return length; /* Check value */
if ((valuehi < 0) || (valuehi >= g_char2hex_length) || (valuelo < 0) || (valuelo >= g_char2hex_length)) {
capwap_free(buffer);
return 0;
}
/* */
valuehi = g_char2hex[(int)valuehi];
valuelo = g_char2hex[(int)valuelo];
/* Check value */
if ((valuehi < 0) || (valuelo < 0)) {
capwap_free(buffer);
return 0;
}
/* */
buffer[j] = (unsigned char)(((unsigned char)valuehi << 4) | (unsigned char)valuelo);
}
/* */
*pskbin = buffer;
return result;
}
/* */
static int capwap_crypt_createcookie(CYASSL* ssl, unsigned char* buffer, int size, void* context) {
int length;
unsigned char temp[32];
Sha sha;
byte digest[SHA_DIGEST_SIZE];
struct capwap_dtls* dtls = (struct capwap_dtls*)context;
if (size != SHA_DIGEST_SIZE) {
return -1;
}
/* Create buffer with peer's address and port */
if (dtls->peeraddr.ss_family == AF_INET) {
struct sockaddr_in* peeripv4 = (struct sockaddr_in*)&dtls->peeraddr;
length = sizeof(struct in_addr) + sizeof(in_port_t);
memcpy(temp, &peeripv4->sin_port, sizeof(in_port_t));
memcpy(temp + sizeof(in_port_t), &peeripv4->sin_addr, sizeof(struct in_addr));
} else if (dtls->peeraddr.ss_family == AF_INET6) {
struct sockaddr_in6* peeripv6 = (struct sockaddr_in6*)&dtls->peeraddr;
length = sizeof(struct in6_addr) + sizeof(in_port_t);
memcpy(temp, &peeripv6->sin6_port, sizeof(in_port_t));
memcpy(temp + sizeof(in_port_t), &peeripv6->sin6_addr, sizeof(struct in6_addr));
} else {
return -1;
}
/* */
if (InitSha(&sha)) {
return -1;
}
ShaUpdate(&sha, temp, length);
ShaFinal(&sha, digest);
/* */
memcpy(buffer, digest, SHA_DIGEST_SIZE);
return SHA_DIGEST_SIZE;
} }
/* */ /* */
@ -525,12 +235,18 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
dtlscontext->mode = param->mode; dtlscontext->mode = param->mode;
/* Alloc context */ /* Alloc context */
dtlscontext->sslcontext = (void*)SSL_CTX_new(((param->type == CAPWAP_DTLS_SERVER) ? DTLSv1_server_method() : DTLSv1_client_method())); dtlscontext->sslcontext = (void*)CyaSSL_CTX_new(((param->type == CAPWAP_DTLS_SERVER) ? CyaDTLSv1_server_method() : CyaDTLSv1_client_method()));
if (!dtlscontext->sslcontext) { if (!dtlscontext->sslcontext) {
capwap_logging_debug("Error to initialize dtls context"); capwap_logging_debug("Error to initialize dtls context");
return 0; return 0;
} }
/* Set context IO */
CyaSSL_SetIORecv((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_recv);
CyaSSL_SetIOSend((CYASSL_CTX*)dtlscontext->sslcontext, capwap_bio_method_send);
CyaSSL_CTX_SetGenCookie((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_createcookie);
/* */
if (dtlscontext->mode == CAPWAP_DTLS_MODE_CERTIFICATE) { if (dtlscontext->mode == CAPWAP_DTLS_MODE_CERTIFICATE) {
/* Check context */ /* Check context */
if (!param->cert.filecert || !strlen(param->cert.filecert)) { if (!param->cert.filecert || !strlen(param->cert.filecert)) {
@ -548,45 +264,34 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
} }
/* Public certificate */ /* Public certificate */
if (!SSL_CTX_use_certificate_file((SSL_CTX*)dtlscontext->sslcontext, param->cert.filecert, SSL_FILETYPE_PEM)) { if (!CyaSSL_CTX_use_certificate_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filecert, SSL_FILETYPE_PEM)) {
capwap_logging_debug("Error to load certificate file"); capwap_logging_debug("Error to load certificate file");
capwap_crypt_freecontext(dtlscontext); capwap_crypt_freecontext(dtlscontext);
return 0; return 0;
} }
/* Passwork decrypt privatekey */
dtlscontext->cert.pwdprivatekey = capwap_duplicate_string((param->cert.pwdprivatekey ? param->cert.pwdprivatekey : ""));
SSL_CTX_set_default_passwd_cb((SSL_CTX*)dtlscontext->sslcontext, check_passwd);
SSL_CTX_set_default_passwd_cb_userdata((SSL_CTX*)dtlscontext->sslcontext, dtlscontext);
/* Private key */ /* Private key */
if (!SSL_CTX_use_PrivateKey_file((SSL_CTX*)dtlscontext->sslcontext, param->cert.filekey, SSL_FILETYPE_PEM)) { if (!CyaSSL_CTX_use_PrivateKey_file((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.filekey, SSL_FILETYPE_PEM)) {
capwap_logging_debug("Error to load private key file"); capwap_logging_debug("Error to load private key file");
capwap_crypt_freecontext(dtlscontext); capwap_crypt_freecontext(dtlscontext);
return 0; return 0;
} }
if (!SSL_CTX_check_private_key((SSL_CTX*)dtlscontext->sslcontext)) { if (!CyaSSL_CTX_check_private_key((CYASSL_CTX*)dtlscontext->sslcontext)) {
capwap_logging_debug("Error to check private key"); capwap_logging_debug("Error to check private key");
capwap_crypt_freecontext(dtlscontext); capwap_crypt_freecontext(dtlscontext);
return 0; return 0;
} }
/* Certificate Authority */ /* Certificate Authority */
if (!SSL_CTX_load_verify_locations((SSL_CTX*)dtlscontext->sslcontext, param->cert.fileca, NULL)) { if (!CyaSSL_CTX_load_verify_locations((CYASSL_CTX*)dtlscontext->sslcontext, param->cert.fileca, NULL)) {
capwap_logging_debug("Error to load ca file"); capwap_logging_debug("Error to load ca file");
capwap_crypt_freecontext(dtlscontext); capwap_crypt_freecontext(dtlscontext);
return 0; return 0;
} }
/*if (!SSL_CTX_set_default_verify_paths((SSL_CTX*)dtlscontext->sslcontext)) {
capwap_crypt_freecontext(dtlscontext);
return 0;
}*/
/* Verify certificate callback */ /* Verify certificate callback */
SSL_CTX_set_verify((SSL_CTX*)dtlscontext->sslcontext, ((param->type == CAPWAP_DTLS_SERVER) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_PEER), verify_certificate); CyaSSL_CTX_set_verify((CYASSL_CTX*)dtlscontext->sslcontext, ((param->type == CAPWAP_DTLS_SERVER) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_PEER), capwap_crypt_verifycertificate);
/* Cipher list: /* Cipher list:
TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA
@ -594,7 +299,7 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA
*/ */
if (!SSL_CTX_set_cipher_list((SSL_CTX*)dtlscontext->sslcontext, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DHE-RSA-AES256-SHA")) { if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA:DHE-RSA-AES256-SHA")) {
capwap_logging_debug("Error to select cipher list"); capwap_logging_debug("Error to select cipher list");
capwap_crypt_freecontext(dtlscontext); capwap_crypt_freecontext(dtlscontext);
return 0; return 0;
@ -606,7 +311,7 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
TLS_PSK_WITH_AES_256_CBC_SHA TLS_PSK_WITH_AES_256_CBC_SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA TLS_DHE_PSK_WITH_AES_256_CBC_SHA
*/ */
if (!SSL_CTX_set_cipher_list((SSL_CTX*)dtlscontext->sslcontext, "PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA")) { if (!CyaSSL_CTX_set_cipher_list((CYASSL_CTX*)dtlscontext->sslcontext, "PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA")) {
capwap_logging_debug("Error to select cipher list"); capwap_logging_debug("Error to select cipher list");
capwap_crypt_freecontext(dtlscontext); capwap_crypt_freecontext(dtlscontext);
return 0; return 0;
@ -615,7 +320,7 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
/* */ /* */
if (dtlscontext->type == CAPWAP_DTLS_SERVER) { if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
if (param->presharedkey.hint) { if (param->presharedkey.hint) {
SSL_CTX_use_psk_identity_hint((SSL_CTX*)dtlscontext->sslcontext, param->presharedkey.hint); CyaSSL_CTX_use_psk_identity_hint((CYASSL_CTX*)dtlscontext->sslcontext, param->presharedkey.hint);
} else { } else {
capwap_logging_debug("Error to presharedkey hint"); capwap_logging_debug("Error to presharedkey hint");
capwap_crypt_freecontext(dtlscontext); capwap_crypt_freecontext(dtlscontext);
@ -634,9 +339,9 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
/* */ /* */
if (dtlscontext->type == CAPWAP_DTLS_SERVER) { if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
SSL_CTX_set_psk_server_callback((SSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_server); CyaSSL_CTX_set_psk_server_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_server);
} else { } else {
SSL_CTX_set_psk_client_callback((SSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_client); CyaSSL_CTX_set_psk_client_callback((CYASSL_CTX*)dtlscontext->sslcontext, capwap_crypt_psk_client);
} }
} else { } else {
capwap_logging_debug("Invalid DTLS mode"); capwap_logging_debug("Invalid DTLS mode");
@ -644,13 +349,6 @@ int capwap_crypt_createcontext(struct capwap_dtls_context* dtlscontext, struct c
return 0; return 0;
} }
/* Cookie callback */
RAND_bytes(dtlscontext->cookie, CAPWAP_COOKIE_SECRET_LENGTH);
SSL_CTX_set_cookie_generate_cb((SSL_CTX*)dtlscontext->sslcontext, generate_cookie);
SSL_CTX_set_cookie_verify_cb((SSL_CTX*)dtlscontext->sslcontext, verify_cookie);
/* */
SSL_CTX_set_read_ahead((SSL_CTX*)dtlscontext->sslcontext, 1);
return 1; return 1;
} }
@ -659,11 +357,7 @@ void capwap_crypt_freecontext(struct capwap_dtls_context* dtlscontext) {
ASSERT(dtlscontext != NULL); ASSERT(dtlscontext != NULL);
/* */ /* */
if (dtlscontext->mode == CAPWAP_DTLS_MODE_CERTIFICATE) { if (dtlscontext->mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) {
if (dtlscontext->cert.pwdprivatekey) {
capwap_free(dtlscontext->cert.pwdprivatekey);
}
} else {
if (dtlscontext->presharedkey.identity) { if (dtlscontext->presharedkey.identity) {
capwap_free(dtlscontext->presharedkey.identity); capwap_free(dtlscontext->presharedkey.identity);
} }
@ -675,80 +369,42 @@ void capwap_crypt_freecontext(struct capwap_dtls_context* dtlscontext) {
/* Free context */ /* Free context */
if (dtlscontext->sslcontext) { if (dtlscontext->sslcontext) {
SSL_CTX_free((SSL_CTX*)dtlscontext->sslcontext); CyaSSL_CTX_free((CYASSL_CTX*)dtlscontext->sslcontext);
} }
memset(dtlscontext, 0, sizeof(struct capwap_dtls)); memset(dtlscontext, 0, sizeof(struct capwap_dtls_context));
} }
/* */ /* */
int capwap_crypt_createsession(struct capwap_dtls* dtls, int sessiontype, struct capwap_dtls_context* dtlscontext, capwap_bio_send biosend, void* param) { int capwap_crypt_createsession(struct capwap_dtls* dtls, int sessiontype, struct capwap_dtls_context* dtlscontext, capwap_bio_send biosend, void* param) {
BIO* bio;
struct capwap_app_data* appdata;
ASSERT(dtls != NULL); ASSERT(dtls != NULL);
ASSERT(dtlscontext != NULL); ASSERT(dtlscontext != NULL);
ASSERT(dtlscontext->sslcontext != NULL);
ASSERT(biosend != NULL); ASSERT(biosend != NULL);
memset(dtls, 0, sizeof(struct capwap_dtls)); memset(dtls, 0, sizeof(struct capwap_dtls));
/* Create ssl session */ /* Create ssl session */
dtls->sslsession = (void*)SSL_new((SSL_CTX*)dtlscontext->sslcontext); dtls->sslsession = (void*)CyaSSL_new((CYASSL_CTX*)dtlscontext->sslcontext);
if (!dtls->sslsession) { if (!dtls->sslsession) {
capwap_logging_debug("Error to initialize dtls session"); capwap_logging_debug("Error to initialize dtls session");
return 0; return 0;
} }
/* Create BIO */ /* Send callback */
bio = capwap_bio_new(); dtls->send = biosend;
if (!bio) { dtls->sendparam = param;
capwap_logging_debug("Error to initialize bio");
capwap_crypt_free(dtls);
return 0;
} else {
struct bio_capwap_data* data = (struct bio_capwap_data*)bio->ptr;
data->dtls = dtls;
data->send = biosend;
data->param = param;
}
/* Configure BIO */
SSL_set_bio((SSL*)dtls->sslsession, bio, bio);
/* In server mode enable cookie exchange */
if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
SSL_set_options((SSL*)dtls->sslsession, SSL_OP_COOKIE_EXCHANGE);
}
/* Set static MTU size */
SSL_set_options((SSL*)dtls->sslsession, SSL_OP_NO_QUERY_MTU);
SSL_set_mtu((SSL*)dtls->sslsession, CAPWAP_DTLS_MTU_SIZE);
/* */ /* */
SSL_set_verify_depth((SSL*)dtls->sslsession, CAPWAP_DTLS_CERT_VERIFY_DEPTH + 1); CyaSSL_set_using_nonblock((CYASSL*)dtls->sslsession, 1);
CyaSSL_SetIOReadCtx((CYASSL*)dtls->sslsession, (void*)dtls);
/* */ CyaSSL_SetIOWriteCtx((CYASSL*)dtls->sslsession, (void*)dtls);
SSL_set_read_ahead((SSL*)dtls->sslsession, 1); CyaSSL_SetCookieCtx((CYASSL*)dtls->sslsession, (void*)dtls);
/* */
ERR_clear_error();
if (dtlscontext->type == CAPWAP_DTLS_SERVER) {
SSL_set_accept_state((SSL*)dtls->sslsession);
} else {
SSL_set_connect_state((SSL*)dtls->sslsession);
}
/* SSL session app data */
appdata = (struct capwap_app_data*)capwap_alloc(sizeof(struct capwap_app_data));
appdata->cookie = &dtlscontext->cookie[0];
SSL_set_ex_data((SSL*)dtls->sslsession, OPENSSL_EXDATA_APPLICATION, (void*)appdata);
SSL_set_ex_data((SSL*)dtls->sslsession, OPENSSL_EXDATA_DTLSCONTEXT, (void*)dtlscontext);
SSL_set_ex_data((SSL*)dtls->sslsession, OPENSSL_EXDATA_DTLS, (void*)dtls);
/* */ /* */
dtls->action = CAPWAP_DTLS_ACTION_NONE; dtls->action = CAPWAP_DTLS_ACTION_NONE;
dtls->session = sessiontype; dtls->session = sessiontype;
dtls->dtlscontext = dtlscontext;
dtls->enable = 1; dtls->enable = 1;
return 1; return 1;
@ -762,10 +418,16 @@ static int capwap_crypt_handshake(struct capwap_dtls* dtls) {
ASSERT(dtls->enable != 0); ASSERT(dtls->enable != 0);
ASSERT((dtls->action == CAPWAP_DTLS_ACTION_NONE) || (dtls->action == CAPWAP_DTLS_ACTION_HANDSHAKE)); ASSERT((dtls->action == CAPWAP_DTLS_ACTION_NONE) || (dtls->action == CAPWAP_DTLS_ACTION_HANDSHAKE));
ERR_clear_error(); /* */
result = SSL_do_handshake((SSL*)dtls->sslsession); if (dtls->dtlscontext->type == CAPWAP_DTLS_SERVER) {
if (result <= 0) { result = CyaSSL_accept((CYASSL*)dtls->sslsession);
result = SSL_get_error((SSL*)dtls->sslsession, result); } else {
result = CyaSSL_connect((CYASSL*)dtls->sslsession);
}
/* */
if (result != SSL_SUCCESS) {
result = CyaSSL_get_error((CYASSL*)dtls->sslsession, 0);
if ((result == SSL_ERROR_WANT_READ) || (result == SSL_ERROR_WANT_WRITE)) { if ((result == SSL_ERROR_WANT_READ) || (result == SSL_ERROR_WANT_WRITE)) {
/* Incomplete handshake */ /* Incomplete handshake */
dtls->action = CAPWAP_DTLS_ACTION_HANDSHAKE; dtls->action = CAPWAP_DTLS_ACTION_HANDSHAKE;
@ -776,14 +438,7 @@ static int capwap_crypt_handshake(struct capwap_dtls* dtls) {
dtls->action = CAPWAP_DTLS_ACTION_ERROR; dtls->action = CAPWAP_DTLS_ACTION_ERROR;
return CAPWAP_HANDSHAKE_ERROR; return CAPWAP_HANDSHAKE_ERROR;
} }
/* Check certificate */
result = SSL_get_verify_result((SSL*)dtls->sslsession);
if (result != X509_V_OK) {
dtls->action = CAPWAP_DTLS_ACTION_ERROR;
return CAPWAP_HANDSHAKE_ERROR;
}
/* Handshake complete */ /* Handshake complete */
dtls->action = CAPWAP_DTLS_ACTION_DATA; dtls->action = CAPWAP_DTLS_ACTION_DATA;
return CAPWAP_HANDSHAKE_COMPLETE; return CAPWAP_HANDSHAKE_COMPLETE;
@ -791,10 +446,7 @@ static int capwap_crypt_handshake(struct capwap_dtls* dtls) {
/* */ /* */
int capwap_crypt_open(struct capwap_dtls* dtls, struct sockaddr_storage* peeraddr) { int capwap_crypt_open(struct capwap_dtls* dtls, struct sockaddr_storage* peeraddr) {
if (BIO_dgram_set_peer(SSL_get_rbio((SSL*)dtls->sslsession), peeraddr) < 0) { memcpy(&dtls->peeraddr, peeraddr, sizeof(struct sockaddr_storage));
return CAPWAP_HANDSHAKE_ERROR;
}
return capwap_crypt_handshake(dtls); return capwap_crypt_handshake(dtls);
} }
@ -803,8 +455,8 @@ void capwap_crypt_close(struct capwap_dtls* dtls) {
ASSERT(dtls != NULL); ASSERT(dtls != NULL);
ASSERT(dtls->enable != 0); ASSERT(dtls->enable != 0);
if ((dtls->action == CAPWAP_DTLS_ACTION_DATA) || (dtls->action == CAPWAP_DTLS_ACTION_SHUTDOWN)) { if (dtls->sslsession) {
SSL_shutdown((SSL*)dtls->sslsession); CyaSSL_shutdown((CYASSL*)dtls->sslsession);
} }
} }
@ -814,19 +466,9 @@ void capwap_crypt_freesession(struct capwap_dtls* dtls) {
/* Free SSL session */ /* Free SSL session */
if (dtls->sslsession) { if (dtls->sslsession) {
struct capwap_app_data* appdata = (struct capwap_app_data*)SSL_get_ex_data(dtls->sslsession, OPENSSL_EXDATA_APPLICATION); CyaSSL_free((CYASSL*)dtls->sslsession);
if (appdata) {
capwap_free(appdata);
}
SSL_free((SSL*)dtls->sslsession);
} }
/* */
ERR_clear_error();
ERR_remove_state(0);
ERR_remove_thread_state(NULL);
/* */ /* */
memset(dtls, 0, sizeof(struct capwap_dtls)); memset(dtls, 0, sizeof(struct capwap_dtls));
} }
@ -847,8 +489,7 @@ int capwap_crypt_sendto(struct capwap_dtls* dtls, int sock, void* buffer, int si
return 0; return 0;
} }
ERR_clear_error(); return CyaSSL_write((CYASSL*)dtls->sslsession, buffer, size);
return SSL_write((SSL*)dtls->sslsession, buffer, size);
} }
/* */ /* */
@ -908,22 +549,13 @@ int capwap_decrypt_packet(struct capwap_dtls* dtls, void* encrybuffer, int size,
result = CAPWAP_ERROR_AGAIN; /* Don't parsing DTLS packet */ result = CAPWAP_ERROR_AGAIN; /* Don't parsing DTLS packet */
} }
} else if (dtls->action == CAPWAP_DTLS_ACTION_DATA) { } else if (dtls->action == CAPWAP_DTLS_ACTION_DATA) {
ERR_clear_error(); result = CyaSSL_read((CYASSL*)dtls->sslsession, (plainbuffer ? plainbuffer : encrybuffer), maxsize);
result = SSL_read((SSL*)dtls->sslsession, (plainbuffer ? plainbuffer : encrybuffer), maxsize);
if (!result) { if (!result) {
int shutdown; dtls->action = CAPWAP_DTLS_ACTION_SHUTDOWN;
result = CAPWAP_ERROR_SHUTDOWN;
/* Check shutdown status */
shutdown = SSL_get_shutdown((SSL*)dtls->sslsession);
if (shutdown & SSL_RECEIVED_SHUTDOWN) {
dtls->action = CAPWAP_DTLS_ACTION_SHUTDOWN;
result = CAPWAP_ERROR_SHUTDOWN;
} else {
result = CAPWAP_ERROR_AGAIN;
}
} else if (result < 0) { } else if (result < 0) {
/* Check error */ /* Check error */
sslerror = SSL_get_error((SSL*)dtls->sslsession, result); sslerror = CyaSSL_get_error((CYASSL*)dtls->sslsession, 0);
if ((sslerror == SSL_ERROR_WANT_READ) || (sslerror == SSL_ERROR_WANT_WRITE)) { if ((sslerror == SSL_ERROR_WANT_READ) || (sslerror == SSL_ERROR_WANT_WRITE)) {
result = CAPWAP_ERROR_AGAIN; /* DTLS Renegotiation */ result = CAPWAP_ERROR_AGAIN; /* DTLS Renegotiation */
} else { } else {
@ -952,7 +584,7 @@ int capwap_decrypt_packet(struct capwap_dtls* dtls, void* encrybuffer, int size,
#define DTLS_HANDSHAKE_LAYER_CLIENT_HELLO 1 #define DTLS_HANDSHAKE_LAYER_CLIENT_HELLO 1
/* */ /* */
int capwap_sanity_check_dtls_clienthello(void* buffer, int buffersize) { int capwap_crypt_has_dtls_clienthello(void* buffer, int buffersize) {
unsigned char* dtlsdata = (unsigned char*)buffer; unsigned char* dtlsdata = (unsigned char*)buffer;
/* Read DTLS packet in RAW mode */ /* Read DTLS packet in RAW mode */

View File

@ -23,12 +23,14 @@
#define CAPWAP_DTLS_CONTROL_SESSION 0 #define CAPWAP_DTLS_CONTROL_SESSION 0
#define CAPWAP_DTLS_DATA_SESSION 1 #define CAPWAP_DTLS_DATA_SESSION 1
#define CAPWAP_COOKIE_SECRET_LENGTH 16
#define CAPWAP_ERROR_AGAIN 0 #define CAPWAP_ERROR_AGAIN 0
#define CAPWAP_ERROR_SHUTDOWN -1 #define CAPWAP_ERROR_SHUTDOWN -1
#define CAPWAP_ERROR_CLOSE -2 #define CAPWAP_ERROR_CLOSE -2
/* */
struct capwap_dtls;
typedef int(*capwap_bio_send)(struct capwap_dtls* dtls, char* buffer, int length, void* param);
/* */ /* */
struct capwap_dtls_context { struct capwap_dtls_context {
int type; int type;
@ -36,19 +38,12 @@ struct capwap_dtls_context {
void* sslcontext; void* sslcontext;
/* Cookie */
unsigned char cookie[CAPWAP_COOKIE_SECRET_LENGTH];
union { union {
struct { struct {
char* identity; char* identity;
unsigned char* pskkey; unsigned char* pskkey;
unsigned int pskkeylength; unsigned int pskkeylength;
} presharedkey; } presharedkey;
struct {
char* pwdprivatekey; /* Password for private key */
} cert;
}; };
}; };
@ -59,6 +54,12 @@ struct capwap_dtls {
int session; int session;
void* sslsession; void* sslsession;
struct capwap_dtls_context* dtlscontext;
/* Send callback */
struct sockaddr_storage peeraddr;
capwap_bio_send send;
void* sendparam;
/* Buffer read */ /* Buffer read */
void* buffer; void* buffer;
@ -82,21 +83,11 @@ struct capwap_dtls_param {
char* filecert; char* filecert;
char* filekey; char* filekey;
char* fileca; char* fileca;
/* Password for private key */
char* pwdprivatekey;
} cert; } cert;
}; };
}; };
/* */ /* */
struct capwap_app_data {
unsigned char* cookie;
};
/* */
typedef int(*capwap_bio_send)(struct capwap_dtls* dtls, char* buffer, int length, void* param);
int capwap_crypt_init(); int capwap_crypt_init();
void capwap_crypt_free(); void capwap_crypt_free();
@ -113,6 +104,6 @@ int capwap_crypt_sendto(struct capwap_dtls* dtls, int sock, void* buffer, int si
int capwap_crypt_sendto_fragmentpacket(struct capwap_dtls* dtls, int sock, struct capwap_list* fragmentlist, struct sockaddr_storage* sendfromaddr, struct sockaddr_storage* sendtoaddr); int capwap_crypt_sendto_fragmentpacket(struct capwap_dtls* dtls, int sock, struct capwap_list* fragmentlist, struct sockaddr_storage* sendfromaddr, struct sockaddr_storage* sendtoaddr);
int capwap_decrypt_packet(struct capwap_dtls* dtls, void* encrybuffer, int size, void* plainbuffer, int maxsize); int capwap_decrypt_packet(struct capwap_dtls* dtls, void* encrybuffer, int size, void* plainbuffer, int maxsize);
int capwap_sanity_check_dtls_clienthello(void* buffer, int buffersize); int capwap_crypt_has_dtls_clienthello(void* buffer, int buffersize);
#endif /* __CAPWAP_DTLS_HEADER__ */ #endif /* __CAPWAP_DTLS_HEADER__ */

View File

@ -1,14 +1,8 @@
#include "capwap.h" #include "capwap.h"
#include "capwap_socket.h" #include "capwap_socket.h"
#include <openssl/ssl.h> #include <cyassl/options.h>
#include <openssl/bio.h> #include <cyassl/ssl.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/conf.h>
/* */
#define OPENSSL_EXDATA_PRIVATE_KEY_PASSWORD 1
/* */ /* */
static int capwap_socket_nonblocking(int sock, int nonblocking) { static int capwap_socket_nonblocking(int sock, int nonblocking) {
@ -60,7 +54,7 @@ int capwap_socket_connect(int sock, struct sockaddr_storage* address, int timeou
fds.events = POLLOUT; fds.events = POLLOUT;
result = poll(&fds, 1, timeout); result = poll(&fds, 1, timeout);
if ((result < 0) && (errno != EINTR)) { if (!result || ((result < 0) && (errno != EINTR))) {
return 0; return 0;
} else if (result > 0) { } else if (result > 0) {
/* Check connection status */ /* Check connection status */
@ -87,98 +81,57 @@ int capwap_socket_connect(int sock, struct sockaddr_storage* address, int timeou
} }
/* */ /* */
static int capwap_socket_crypto_checkpasswd(char* buffer, int size, int rwflag, void* userdata) { static int capwap_socket_crypto_verifycertificate(int preverify, CYASSL_X509_STORE_CTX* store) {
if (!userdata) { return preverify;
return 0;
}
/* */
strncpy(buffer, (char*)userdata, size);
buffer[size - 1] = 0;
return strlen(buffer);
} }
/* */ /* */
static int capwap_socket_crypto_verifycertificate(int preverify_ok, X509_STORE_CTX* ctx) { void* capwap_socket_crypto_createcontext(char* calist, char* cert, char* privatekey) {
int err; CYASSL_CTX* context = NULL;
X509* err_cert;
char buf[256];
err_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
X509_verify_cert_error_string(err);
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
}
return preverify_ok;
}
/* */
void* capwap_socket_crypto_createcontext(char* calist, char* cert, char* privatekey, char* privatekeypasswd) {
SSL_CTX* context = NULL;
ASSERT(calist != NULL); ASSERT(calist != NULL);
ASSERT(cert != NULL); ASSERT(cert != NULL);
ASSERT(privatekey != NULL); ASSERT(privatekey != NULL);
/* Create SSL context */ /* Create SSL context */
context = (void*)SSL_CTX_new(SSLv23_client_method()); context = CyaSSL_CTX_new(CyaTLSv1_2_client_method());
if (context) { if (context) {
char* privkey = NULL;
/* Public certificate */ /* Public certificate */
if (!SSL_CTX_use_certificate_file(context, cert, SSL_FILETYPE_PEM)) { if (!CyaSSL_CTX_use_certificate_file(context, cert, SSL_FILETYPE_PEM)) {
capwap_logging_debug("Error to load certificate file"); capwap_logging_debug("Error to load certificate file");
capwap_socket_crypto_freecontext(context); capwap_socket_crypto_freecontext(context);
return NULL; return NULL;
} }
/* Save private key */
if (privatekeypasswd && *privatekeypasswd) {
privkey = capwap_duplicate_string(privatekeypasswd);
SSL_CTX_set_ex_data(context, OPENSSL_EXDATA_PRIVATE_KEY_PASSWORD, (void*)privkey);
}
/* */
SSL_CTX_set_default_passwd_cb(context, capwap_socket_crypto_checkpasswd);
SSL_CTX_set_default_passwd_cb_userdata(context, privkey);
/* Private key */ /* Private key */
if (!SSL_CTX_use_PrivateKey_file(context, privatekey, SSL_FILETYPE_PEM)) { if (!CyaSSL_CTX_use_PrivateKey_file(context, privatekey, SSL_FILETYPE_PEM)) {
capwap_logging_debug("Error to load private key file"); capwap_logging_debug("Error to load private key file");
capwap_socket_crypto_freecontext(context); capwap_socket_crypto_freecontext(context);
return NULL; return NULL;
} }
if (!SSL_CTX_check_private_key(context)) { if (!CyaSSL_CTX_check_private_key(context)) {
capwap_logging_debug("Error to check private key"); capwap_logging_debug("Error to check private key");
capwap_socket_crypto_freecontext(context); capwap_socket_crypto_freecontext(context);
return NULL; return NULL;
} }
/* Certificate Authority */ /* Certificate Authority */
if (!SSL_CTX_load_verify_locations(context, calist, NULL)) { if (!CyaSSL_CTX_load_verify_locations(context, calist, NULL)) {
capwap_logging_debug("Error to load ca file"); capwap_logging_debug("Error to load ca file");
capwap_socket_crypto_freecontext(context); capwap_socket_crypto_freecontext(context);
return NULL; return NULL;
} }
/* Verify certificate callback */ /* Verify certificate callback */
SSL_CTX_set_verify(context, SSL_VERIFY_PEER, capwap_socket_crypto_verifycertificate); CyaSSL_CTX_set_verify(context, SSL_VERIFY_PEER, capwap_socket_crypto_verifycertificate);
/* Set only high security cipher list */ /* Set only high security cipher list */
if (!SSL_CTX_set_cipher_list(context, "HIGH:!DSS:!aNULL@STRENGTH")) { if (!CyaSSL_CTX_set_cipher_list(context, "AES256-SHA")) {
capwap_logging_debug("Error to select cipher list"); capwap_logging_debug("Error to select cipher list");
capwap_socket_crypto_freecontext(context); capwap_socket_crypto_freecontext(context);
return NULL; return NULL;
} }
/* */
SSL_CTX_set_mode(context, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
} }
return (void*)context; return (void*)context;
@ -186,16 +139,10 @@ void* capwap_socket_crypto_createcontext(char* calist, char* cert, char* private
/* */ /* */
void capwap_socket_crypto_freecontext(void* context) { void capwap_socket_crypto_freecontext(void* context) {
char* privkey; CYASSL_CTX* sslcontext = (CYASSL_CTX*)context;
SSL_CTX* sslcontext = (SSL_CTX*)context;
if (sslcontext) { if (sslcontext) {
privkey = (char*)SSL_CTX_get_ex_data(sslcontext, OPENSSL_EXDATA_PRIVATE_KEY_PASSWORD); CyaSSL_CTX_free(sslcontext);
if (privkey) {
capwap_free(privkey);
}
SSL_CTX_free(sslcontext);
} }
} }
@ -212,27 +159,29 @@ struct capwap_socket_ssl* capwap_socket_ssl_connect(int sock, void* sslcontext,
sslsock = capwap_alloc(sizeof(struct capwap_socket_ssl)); sslsock = capwap_alloc(sizeof(struct capwap_socket_ssl));
sslsock->sock = sock; sslsock->sock = sock;
sslsock->sslcontext = sslcontext; sslsock->sslcontext = sslcontext;
sslsock->sslsession = (void*)SSL_new((SSL_CTX*)sslcontext); sslsock->sslsession = (void*)CyaSSL_new((CYASSL_CTX*)sslcontext);
if (!sslsock->sslsession) { if (!sslsock->sslsession) {
capwap_free(sslsock); capwap_free(sslsock);
return NULL; return NULL;
} }
/* Set socket to SSL session */ /* Set socket to SSL session */
if (!SSL_set_fd((SSL*)sslsock->sslsession, sock)) { if (!CyaSSL_set_fd((CYASSL*)sslsock->sslsession, sock)) {
SSL_free((SSL*)sslsock->sslsession); CyaSSL_free((CYASSL*)sslsock->sslsession);
capwap_free(sslsock); capwap_free(sslsock);
return NULL; return NULL;
} }
/* */
CyaSSL_set_using_nonblock((CYASSL*)sslsock->sslsession, 1);
/* Establish SSL connection */ /* Establish SSL connection */
for (;;) { for (;;) {
ERR_clear_error(); result = CyaSSL_connect((CYASSL*)sslsock->sslsession);
result = SSL_connect((SSL*)sslsock->sslsession); if (result == SSL_SUCCESS) {
if (result == 1) {
break; /* Connection complete */ break; /* Connection complete */
} else { } else {
int error = SSL_get_error((SSL*)sslsock->sslsession, result); int error = CyaSSL_get_error((CYASSL*)sslsock->sslsession, 0);
if ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE)) { if ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE)) {
memset(&fds, 0, sizeof(struct pollfd)); memset(&fds, 0, sizeof(struct pollfd));
fds.fd = sock; fds.fd = sock;
@ -240,12 +189,12 @@ struct capwap_socket_ssl* capwap_socket_ssl_connect(int sock, void* sslcontext,
result = poll(&fds, 1, timeout); result = poll(&fds, 1, timeout);
if (((result < 0) && (errno != EINTR)) || ((result > 0) && (fds.events != fds.revents))) { if (((result < 0) && (errno != EINTR)) || ((result > 0) && (fds.events != fds.revents))) {
SSL_free((SSL*)sslsock->sslsession); CyaSSL_free((CYASSL*)sslsock->sslsession);
capwap_free(sslsock); capwap_free(sslsock);
return NULL; return NULL;
} }
} else { } else {
SSL_free((SSL*)sslsock->sslsession); CyaSSL_free((CYASSL*)sslsock->sslsession);
capwap_free(sslsock); capwap_free(sslsock);
return NULL; return NULL;
} }
@ -258,8 +207,6 @@ struct capwap_socket_ssl* capwap_socket_ssl_connect(int sock, void* sslcontext,
/* */ /* */
int capwap_socket_crypto_send(struct capwap_socket_ssl* sslsock, void* buffer, size_t length, int timeout) { int capwap_socket_crypto_send(struct capwap_socket_ssl* sslsock, void* buffer, size_t length, int timeout) {
int result; int result;
struct pollfd fds;
size_t sendlength;
ASSERT(sslsock != NULL); ASSERT(sslsock != NULL);
ASSERT(sslsock->sslsession != NULL); ASSERT(sslsock->sslsession != NULL);
@ -267,32 +214,12 @@ int capwap_socket_crypto_send(struct capwap_socket_ssl* sslsock, void* buffer, s
ASSERT(buffer != NULL); ASSERT(buffer != NULL);
ASSERT(length > 0); ASSERT(length > 0);
sendlength = 0; result = CyaSSL_write((CYASSL*)sslsock->sslsession, buffer, length);
while (sendlength < length) { if (result != length) {
size_t leftlength = length - sendlength; return -1;
ERR_clear_error();
result = SSL_write((SSL*)sslsock->sslsession, &((char*)buffer)[sendlength], leftlength);
if (result > 0) {
sendlength += result;
} else {
int error = SSL_get_error((SSL*)sslsock->sslsession, result);
if ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE)) {
memset(&fds, 0, sizeof(struct pollfd));
fds.fd = sslsock->sock;
fds.events = ((error == SSL_ERROR_WANT_READ) ? POLLIN : POLLOUT);
result = poll(&fds, 1, timeout);
if (((result < 0) && (errno != EINTR)) || ((result > 0) && (fds.events != fds.revents))) {
return -1;
}
} else {
return -1;
}
}
} }
return sendlength; return length;
} }
/* */ /* */
@ -307,12 +234,11 @@ int capwap_socket_crypto_recv(struct capwap_socket_ssl* sslsock, void* buffer, s
ASSERT(length > 0); ASSERT(length > 0);
for (;;) { for (;;) {
ERR_clear_error(); result = CyaSSL_read((CYASSL*)sslsock->sslsession, buffer, length);
result = SSL_read((SSL*)sslsock->sslsession, buffer, length);
if (result >= 0) { if (result >= 0) {
return result; return result;
} else { } else {
int error = SSL_get_error((SSL*)sslsock->sslsession, result); int error = CyaSSL_get_error((CYASSL*)sslsock->sslsession, 0);
if ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE)) { if ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE)) {
memset(&fds, 0, sizeof(struct pollfd)); memset(&fds, 0, sizeof(struct pollfd));
fds.fd = sslsock->sock; fds.fd = sslsock->sock;
@ -342,12 +268,11 @@ void capwap_socket_ssl_shutdown(struct capwap_socket_ssl* sslsock, int timeout)
/* */ /* */
for (;;) { for (;;) {
ERR_clear_error(); result = CyaSSL_shutdown((CYASSL*)sslsock->sslsession);
result = SSL_shutdown((SSL*)sslsock->sslsession);
if (result >= 0) { if (result >= 0) {
break; /* Shutdown complete */ break; /* Shutdown complete */
} else { } else {
int error = SSL_get_error((SSL*)sslsock->sslsession, result); int error = CyaSSL_get_error((CYASSL*)sslsock->sslsession, 0);
if ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE)) { if ((error == SSL_ERROR_WANT_READ) || (error == SSL_ERROR_WANT_WRITE)) {
memset(&fds, 0, sizeof(struct pollfd)); memset(&fds, 0, sizeof(struct pollfd));
fds.fd = sslsock->sock; fds.fd = sslsock->sock;
@ -369,7 +294,7 @@ void capwap_socket_ssl_close(struct capwap_socket_ssl* sslsock) {
ASSERT(sslsock != NULL); ASSERT(sslsock != NULL);
ASSERT(sslsock->sslsession != NULL); ASSERT(sslsock->sslsession != NULL);
SSL_free((SSL*)sslsock->sslsession); CyaSSL_free((CYASSL*)sslsock->sslsession);
sslsock->sslsession = NULL; sslsock->sslsession = NULL;
} }
@ -387,10 +312,6 @@ void capwap_socket_close(int sock) {
capwap_socket_shutdown(sock); capwap_socket_shutdown(sock);
capwap_socket_nonblocking(sock, 0); capwap_socket_nonblocking(sock, 0);
close(sock); close(sock);
/* */
ERR_clear_error();
ERR_remove_state(0);
} }
/* */ /* */

View File

@ -17,7 +17,7 @@ struct capwap_socket_ssl {
void* sslsession; void* sslsession;
}; };
void* capwap_socket_crypto_createcontext(char* calist, char* cert, char* privatekey, char* privatekeypasswd); void* capwap_socket_crypto_createcontext(char* calist, char* cert, char* privatekey);
void capwap_socket_crypto_freecontext(void* context); void capwap_socket_crypto_freecontext(void* context);
int capwap_socket_crypto_send(struct capwap_socket_ssl* sslsock, void* buffer, size_t length, int timeout); int capwap_socket_crypto_send(struct capwap_socket_ssl* sslsock, void* buffer, size_t length, int timeout);

View File

@ -1018,12 +1018,6 @@ static int wtp_parsing_configuration_1_0(config_t* config) {
} }
} }
if (config_lookup_string(config, "application.dtls.x509.privatekeypassword", &configString) == CONFIG_TRUE) {
if (strlen(configString) > 0) {
dtlsparam.cert.pwdprivatekey = capwap_duplicate_string(configString);
}
}
/* */ /* */
if (dtlsparam.cert.fileca && dtlsparam.cert.filecert && dtlsparam.cert.filekey) { if (dtlsparam.cert.fileca && dtlsparam.cert.filecert && dtlsparam.cert.filekey) {
if (capwap_crypt_createcontext(&g_wtp.dtlscontext, &dtlsparam)) { if (capwap_crypt_createcontext(&g_wtp.dtlscontext, &dtlsparam)) {
@ -1043,10 +1037,6 @@ static int wtp_parsing_configuration_1_0(config_t* config) {
if (dtlsparam.cert.filekey) { if (dtlsparam.cert.filekey) {
capwap_free(dtlsparam.cert.filekey); capwap_free(dtlsparam.cert.filekey);
} }
if (dtlsparam.cert.pwdprivatekey) {
capwap_free(dtlsparam.cert.pwdprivatekey);
}
} else if (dtlsparam.mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) { } else if (dtlsparam.mode == CAPWAP_DTLS_MODE_PRESHAREDKEY) {
if (config_lookup_string(config, "application.dtls.presharedkey.identity", &configString) == CONFIG_TRUE) { if (config_lookup_string(config, "application.dtls.presharedkey.identity", &configString) == CONFIG_TRUE) {
if (strlen(configString) > 0) { if (strlen(configString) > 0) {
@ -1373,7 +1363,7 @@ int main(int argc, char** argv) {
capwap_init_rand(); capwap_init_rand();
/* Init crypt */ /* Init crypt */
if (!capwap_crypt_init()) { if (capwap_crypt_init()) {
result = CAPWAP_CRYPT_ERROR; result = CAPWAP_CRYPT_ERROR;
capwap_logging_fatal("Error to init crypt engine"); capwap_logging_fatal("Error to init crypt engine");
} else { } else {