planix.org
/
actube
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

partial conversion to OpenSSL 1.1.1

This commit is contained in:
7u83 2022-07-11 08:26:56 +02:00
parent ddde491ba8
commit f8a83ca463
9 changed files with 75 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/cw/Makefile
View File

@ -241,20 +241,20 @@ RADIOSRC=\
cw_read_radio_generic.c\ cw_read_radio_generic.c\
#DTLSSRC += dtls_openssl.c \ DTLSSRC += dtls_openssl.c \
# dtls_openssl_accept.c \ dtls_openssl_accept.c \
# dtls_openssl_connect.c \ dtls_openssl_connect.c \
# dtls_openssl_get_cipher.c \ dtls_openssl_get_cipher.c \
# dtls_openssl_bio.c dtls_openssl_bio.c
#LIBS+=-lssl LIBS+=-lssl
DTLSSRC+= dtls_gnutls.c \ #DTLSSRC+= dtls_gnutls.c \
dtls_gnutls_accept.c \ # dtls_gnutls_accept.c \
dtls_gnutls_connect.c \ # dtls_gnutls_connect.c \
dtls_gnutls_bio.c \ # dtls_gnutls_bio.c \
dtls_gnutls_get_cipher.c \ # dtls_gnutls_get_cipher.c \
dtls_gnutls_get_peers_cert.c # dtls_gnutls_get_peers_cert.c
LIBS+=-lgnutls #LIBS+=-lgnutls
#SRC=$(wildcard *.c) #SRC=$(wildcard *.c)
@ -270,7 +270,7 @@ OBJDIR := ../../obj/cw/$(KERNEL)/$(ARCH)
SNAME := $(LIBARCHDIR)/libcw.a SNAME := $(LIBARCHDIR)/libcw.a
DNAME := $(LIBARCHDIR)/libcw.so DNAME := $(LIBARCHDIR)/libcw.so
CFLAGS+=-fPIC CFLAGS+=-fPIC -DUSE_OPENSSL
all: $(SNAME) $(DNAME) all: $(SNAME) $(DNAME)
static: $(SNAME) static: $(SNAME)

9
src/cw/dtls_openssl.c
View File

@ -36,7 +36,7 @@
#include "sock.h" #include "sock.h"
#ifdef WITH_CW_LOG_DEBUG
static const char * ssl_version2str(int version) static const char * ssl_version2str(int version)
{ {
switch(version){ switch(version){
@ -67,7 +67,6 @@ static void dtls_debug_cb(int write_p,int version,int type, const void * buf,siz
s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len); s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len);
/* cw_dbg(DBG_DTLS_DETAIL,buffer); */ /* cw_dbg(DBG_DTLS_DETAIL,buffer); */
} }
#endif
static void dtls_info_cb (const SSL *ssl, int where, int ret) static void dtls_info_cb (const SSL *ssl, int where, int ret)
@ -357,11 +356,11 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
/* setup debugging */ /* setup debugging */
#ifdef WITH_CW_LOG_DEBUG /*#ifdef WITH_CW_LOG_DEBUG*/
SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb); SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb);
SSL_CTX_set_info_callback (d->ctx, dtls_info_cb); SSL_CTX_set_info_callback (d->ctx, dtls_info_cb);
#endif /*#endif*/
@ -558,7 +557,7 @@ int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *
} }
int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int len) int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int len)
{ {
char sock_buf[SOCK_ADDR_BUFSIZE]; char sock_buf[SOCK_ADDR_BUFSIZE];
char sock_buf2[SOCK_ADDR_BUFSIZE]; char sock_buf2[SOCK_ADDR_BUFSIZE];

2
src/cw/dtls_openssl.h
View File

@ -51,7 +51,7 @@ extern int dtls_openssl_init();
struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio); struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio);
extern int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len); extern int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len);
extern int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); extern int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
extern int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); extern int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len);
extern int dtls_openssl_read(struct conn * conn, uint8_t *buffer, int len); extern int dtls_openssl_read(struct conn * conn, uint8_t *buffer, int len);
extern int dtls_openssl_write(struct conn * conn, const uint8_t *buffer, int len); extern int dtls_openssl_write(struct conn * conn, const uint8_t *buffer, int len);

35
src/cw/dtls_openssl_bio.c
View File

@ -37,8 +37,25 @@
BIO_METHOD *dtls_openssl_bio_method() BIO_METHOD *dtls_openssl_bio_method()
{ {
int index = BIO_get_new_index() ;
index = BIO_TYPE_DGRAM;
cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO Methods");
BIO_METHOD * bio_methods; BIO_METHOD * bio_methods;
bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet"); bio_methods = BIO_meth_new(index,"CW Packet");
if (!bio_methods){
return NULL;
}
BIO_meth_set_write(bio_methods,dtls_openssl_bio_write);
BIO_meth_set_read(bio_methods,dtls_openssl_bio_read);
BIO_meth_set_puts(bio_methods,dtls_openssl_bio_puts);
BIO_meth_set_ctrl(bio_methods,dtls_openssl_bio_ctrl);
BIO_meth_set_create(bio_methods,dtls_openssl_bio_new);
BIO_meth_set_destroy(bio_methods,dtls_openssl_bio_free);
/* bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet");*/
/* bio_methods.type = BIO_TYPE_DGRAM; /* bio_methods.type = BIO_TYPE_DGRAM;
@ -53,19 +70,21 @@ BIO_METHOD *dtls_openssl_bio_method()
bio_methods.callback_ctrl = 0; bio_methods.callback_ctrl = 0;
*/ */
return &bio_methods; return bio_methods;
} }
int dtls_openssl_bio_write(BIO * b, const char *data, int len) int dtls_openssl_bio_write(BIO * b, const char *data, int len)
{ {
struct conn *conn = b->ptr; /* struct conn *conn = b->ptr;*/
struct conn *conn = BIO_get_data(b);
return dtls_bio_write(conn, data, len); return dtls_bio_write(conn, data, len);
} }
int dtls_openssl_bio_read(BIO * b, char *out, int maxlen) int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
{ {
struct conn *conn = b->ptr; /*struct conn *conn = b->ptr;*/
struct conn *conn = BIO_get_data(b);
return dtls_bio_read(conn, out, maxlen); return dtls_bio_read(conn, out, maxlen);
} }
@ -73,11 +92,14 @@ int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
int dtls_openssl_bio_new(BIO * bi) int dtls_openssl_bio_new(BIO * bi)
{ {
/*
bi->init = 1; bi->init = 1;
bi->num = 0; bi->num = 0;
bi->flags = 0; bi->flags = 0;
bi->ptr = NULL; bi->ptr = NULL;
*/
BIO_set_init(bi,1);
cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO"); cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO");
return 1; return 1;
} }
@ -101,7 +123,8 @@ int dtls_openssl_bio_free(BIO * bio)
long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr) long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
{ {
struct conn *conn = b->ptr; /*struct conn *conn = b->ptr;*/
struct conn *conn = BIO_get_data(b);
long ret = 1; long ret = 1;
switch (cmd) { switch (cmd) {

32
src/cw/dtls_openssl_connect.c
View File

@ -7,21 +7,6 @@
#include "cw_util.h" #include "cw_util.h"
#include "timer.h" #include "timer.h"
/*
static BIO_METHOD bio_methods = {
BIO_TYPE_DGRAM,
"cw packet",
dtls_openssl_bio_write,
dtls_openssl_bio_read,
dtls_openssl_bio_puts,
NULL, // dgram_gets
dtls_openssl_bio_ctrl,
dtls_openssl_bio_new,
dtls_openssl_bio_free,
NULL,
};
*/
unsigned int psk_client_cb(SSL * ssl, unsigned int psk_client_cb(SSL * ssl,
const char *hint, const char *hint,
char *identity, char *identity,
@ -48,11 +33,23 @@ dtls_openssl_connect(struct conn *conn)
struct dtls_openssl_data *d; struct dtls_openssl_data *d;
int rc; int rc;
time_t timer; time_t timer;
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call");
BIO_METHOD * biomethod = dtls_openssl_bio_method();
if (!biomethod){
cw_dbg(DBG_DTLS_BIO, "ERROR: Creating new OpenSSL BIO");
return 0;
}
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 1");
if (!conn->dtls_data) if (!conn->dtls_data)
conn->dtls_data = conn->dtls_data =
dtls_openssl_data_create(conn, DTLSv1_client_method(), dtls_openssl_data_create(conn, DTLSv1_client_method(),
dtls_openssl_bio_method()); biomethod);
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 2");
d = (struct dtls_openssl_data *) conn->dtls_data; d = (struct dtls_openssl_data *) conn->dtls_data;
if (!d) if (!d)
@ -63,6 +60,7 @@ dtls_openssl_connect(struct conn *conn)
SSL_set_psk_client_callback(d->ssl, psk_client_cb); SSL_set_psk_client_callback(d->ssl, psk_client_cb);
*/ */
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 3");
errno =0; errno =0;
timer = cw_timer_start(10); timer = cw_timer_start(10);
@ -70,6 +68,7 @@ dtls_openssl_connect(struct conn *conn)
rc = SSL_connect(d->ssl); rc = SSL_connect(d->ssl);
}while(rc!=1 && errno==EAGAIN && !cw_timer_timeout(timer)); }while(rc!=1 && errno==EAGAIN && !cw_timer_timeout(timer));
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 4");
if (rc == 1) { if (rc == 1) {
cw_dbg(DBG_DTLS,"SSL connect successfull!"); cw_dbg(DBG_DTLS,"SSL connect successfull!");
@ -77,6 +76,7 @@ dtls_openssl_connect(struct conn *conn)
conn->write = dtls_openssl_write; conn->write = dtls_openssl_write;
return 1; return 1;
} }
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 5");
rc = dtls_openssl_log_error(d->ssl, rc, "DTLS connect"); rc = dtls_openssl_log_error(d->ssl, rc, "DTLS connect");
return 0; return 0;

6
src/wtp/Makefile
View File

@ -3,11 +3,11 @@ include ../Defs.mak
PROG=wtp PROG=wtp
OBJDIR=./o OBJDIR=./o
LIBDIR := ../../lib LIBDIR := ../../lib
LIBARCHDIR := $(LIBDIR)/$(ARCH) LIBARCHDIR := $(LIBDIR)/$(KERNEL)/$(ARCH)
CFLAGS+=-I../ CFLAGS+=-I../ -DUSE_OPENSSL
LDFLAGS=-L$(LIBARCHDIR) LDFLAGS=-L$(LIBARCHDIR)
LIBS+=-lcw -lnettle -lgnutls -ldl LIBS+=-lcw -lnettle -lssl -ldl
SOURCES=\ SOURCES=\
wtp_main.c\ wtp_main.c\

2
src/wtp/cisco.ktv
View File

@ -100,7 +100,7 @@ cisco/rouge-detection/rest :Bstr16: .x000aff800000
cisco/rouge-detection/rouge-detection :Bool: false cisco/rouge-detection/rouge-detection :Bool: false
cisco/sig-toogle :Bool: true cisco/sig-toogle :Bool: true
cisco/ssl-certfile :Str: ../../ssl/certs/wtpc.crt cisco/ssl-certfile :Str: ../../ssl/certs/wtpc.crt
cisco/ssl-cipher :Str: ALL cisco/ssl-cipher :Str: ALL
cisco/ssl-keyfile :Str: ../../ssl/certs/wtpc.key cisco/ssl-keyfile :Str: ../../ssl/certs/wtpc.key
cisco/vlan/id :Word: 0 cisco/vlan/id :Word: 0
cisco/vlan/tagging :Bool: false cisco/vlan/tagging :Bool: false

9
ssl/mkcert.sh
View File

@ -64,6 +64,9 @@ then
createcert $SUBJ createcert $SUBJ
fi fi
CISCOTIME='2013-12-24 08:15:42'
if [ "$TYPE" = "cisco-ac" ] if [ "$TYPE" = "cisco-ac" ]
then then
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru" SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
@ -84,13 +87,11 @@ then
-keyout certs/${NAME}.key -out certs/${NAME}.crt \ -keyout certs/${NAME}.key -out certs/${NAME}.crt \
-config openssl.cnf \ -config openssl.cnf \
-x509 \ -x509 \
-subj "$SUBJ" -subj "$SUBJ"
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem $OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=128
# createcert "$SUBJ"
fi fi

2
ssl/mkcerts.sh
View File

@ -4,3 +4,5 @@
./mkcert.sh ac-cisco cisco-ac ./mkcert.sh ac-cisco cisco-ac
./mkcert.sh wtp ./mkcert.sh wtp
./mkcert.sh wtpc cisco-ap