partial conversion to OpenSSL 1.1.1
This commit is contained in:
@ -241,20 +241,20 @@ RADIOSRC=\
|
|||||||
cw_read_radio_generic.c\
|
cw_read_radio_generic.c\
|
||||||
|
|
||||||
|
|
||||||
#DTLSSRC += dtls_openssl.c \
|
DTLSSRC += dtls_openssl.c \
|
||||||
# dtls_openssl_accept.c \
|
dtls_openssl_accept.c \
|
||||||
# dtls_openssl_connect.c \
|
dtls_openssl_connect.c \
|
||||||
# dtls_openssl_get_cipher.c \
|
dtls_openssl_get_cipher.c \
|
||||||
# dtls_openssl_bio.c
|
dtls_openssl_bio.c
|
||||||
#LIBS+=-lssl
|
LIBS+=-lssl
|
||||||
|
|
||||||
DTLSSRC+= dtls_gnutls.c \
|
#DTLSSRC+= dtls_gnutls.c \
|
||||||
dtls_gnutls_accept.c \
|
# dtls_gnutls_accept.c \
|
||||||
dtls_gnutls_connect.c \
|
# dtls_gnutls_connect.c \
|
||||||
dtls_gnutls_bio.c \
|
# dtls_gnutls_bio.c \
|
||||||
dtls_gnutls_get_cipher.c \
|
# dtls_gnutls_get_cipher.c \
|
||||||
dtls_gnutls_get_peers_cert.c
|
# dtls_gnutls_get_peers_cert.c
|
||||||
LIBS+=-lgnutls
|
#LIBS+=-lgnutls
|
||||||
|
|
||||||
|
|
||||||
#SRC=$(wildcard *.c)
|
#SRC=$(wildcard *.c)
|
||||||
@ -270,7 +270,7 @@ OBJDIR := ../../obj/cw/$(KERNEL)/$(ARCH)
|
|||||||
SNAME := $(LIBARCHDIR)/libcw.a
|
SNAME := $(LIBARCHDIR)/libcw.a
|
||||||
DNAME := $(LIBARCHDIR)/libcw.so
|
DNAME := $(LIBARCHDIR)/libcw.so
|
||||||
|
|
||||||
CFLAGS+=-fPIC
|
CFLAGS+=-fPIC -DUSE_OPENSSL
|
||||||
|
|
||||||
all: $(SNAME) $(DNAME)
|
all: $(SNAME) $(DNAME)
|
||||||
static: $(SNAME)
|
static: $(SNAME)
|
||||||
|
|||||||
@ -36,7 +36,7 @@
|
|||||||
#include "sock.h"
|
#include "sock.h"
|
||||||
|
|
||||||
|
|
||||||
#ifdef WITH_CW_LOG_DEBUG
|
|
||||||
static const char * ssl_version2str(int version)
|
static const char * ssl_version2str(int version)
|
||||||
{
|
{
|
||||||
switch(version){
|
switch(version){
|
||||||
@ -67,7 +67,6 @@ static void dtls_debug_cb(int write_p,int version,int type, const void * buf,siz
|
|||||||
s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len);
|
s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len);
|
||||||
/* cw_dbg(DBG_DTLS_DETAIL,buffer); */
|
/* cw_dbg(DBG_DTLS_DETAIL,buffer); */
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
static void dtls_info_cb (const SSL *ssl, int where, int ret)
|
static void dtls_info_cb (const SSL *ssl, int where, int ret)
|
||||||
@ -357,11 +356,11 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
|
|||||||
|
|
||||||
|
|
||||||
/* setup debugging */
|
/* setup debugging */
|
||||||
#ifdef WITH_CW_LOG_DEBUG
|
/*#ifdef WITH_CW_LOG_DEBUG*/
|
||||||
SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb);
|
SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb);
|
||||||
SSL_CTX_set_info_callback (d->ctx, dtls_info_cb);
|
SSL_CTX_set_info_callback (d->ctx, dtls_info_cb);
|
||||||
|
|
||||||
#endif
|
/*#endif*/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -558,7 +557,7 @@ int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int len)
|
int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int len)
|
||||||
{
|
{
|
||||||
char sock_buf[SOCK_ADDR_BUFSIZE];
|
char sock_buf[SOCK_ADDR_BUFSIZE];
|
||||||
char sock_buf2[SOCK_ADDR_BUFSIZE];
|
char sock_buf2[SOCK_ADDR_BUFSIZE];
|
||||||
|
|||||||
@ -51,7 +51,7 @@ extern int dtls_openssl_init();
|
|||||||
struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio);
|
struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio);
|
||||||
extern int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len);
|
extern int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len);
|
||||||
extern int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
|
extern int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
|
||||||
extern int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
|
extern int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len);
|
||||||
|
|
||||||
extern int dtls_openssl_read(struct conn * conn, uint8_t *buffer, int len);
|
extern int dtls_openssl_read(struct conn * conn, uint8_t *buffer, int len);
|
||||||
extern int dtls_openssl_write(struct conn * conn, const uint8_t *buffer, int len);
|
extern int dtls_openssl_write(struct conn * conn, const uint8_t *buffer, int len);
|
||||||
|
|||||||
@ -37,8 +37,25 @@
|
|||||||
|
|
||||||
BIO_METHOD *dtls_openssl_bio_method()
|
BIO_METHOD *dtls_openssl_bio_method()
|
||||||
{
|
{
|
||||||
|
int index = BIO_get_new_index() ;
|
||||||
|
index = BIO_TYPE_DGRAM;
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO Methods");
|
||||||
|
|
||||||
BIO_METHOD * bio_methods;
|
BIO_METHOD * bio_methods;
|
||||||
bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet");
|
bio_methods = BIO_meth_new(index,"CW Packet");
|
||||||
|
if (!bio_methods){
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
BIO_meth_set_write(bio_methods,dtls_openssl_bio_write);
|
||||||
|
BIO_meth_set_read(bio_methods,dtls_openssl_bio_read);
|
||||||
|
BIO_meth_set_puts(bio_methods,dtls_openssl_bio_puts);
|
||||||
|
BIO_meth_set_ctrl(bio_methods,dtls_openssl_bio_ctrl);
|
||||||
|
BIO_meth_set_create(bio_methods,dtls_openssl_bio_new);
|
||||||
|
BIO_meth_set_destroy(bio_methods,dtls_openssl_bio_free);
|
||||||
|
|
||||||
|
|
||||||
|
/* bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet");*/
|
||||||
|
|
||||||
|
|
||||||
/* bio_methods.type = BIO_TYPE_DGRAM;
|
/* bio_methods.type = BIO_TYPE_DGRAM;
|
||||||
@ -53,19 +70,21 @@ BIO_METHOD *dtls_openssl_bio_method()
|
|||||||
bio_methods.callback_ctrl = 0;
|
bio_methods.callback_ctrl = 0;
|
||||||
*/
|
*/
|
||||||
|
|
||||||
return &bio_methods;
|
return bio_methods;
|
||||||
}
|
}
|
||||||
|
|
||||||
int dtls_openssl_bio_write(BIO * b, const char *data, int len)
|
int dtls_openssl_bio_write(BIO * b, const char *data, int len)
|
||||||
{
|
{
|
||||||
struct conn *conn = b->ptr;
|
/* struct conn *conn = b->ptr;*/
|
||||||
|
struct conn *conn = BIO_get_data(b);
|
||||||
return dtls_bio_write(conn, data, len);
|
return dtls_bio_write(conn, data, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
|
int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
|
||||||
{
|
{
|
||||||
struct conn *conn = b->ptr;
|
/*struct conn *conn = b->ptr;*/
|
||||||
|
struct conn *conn = BIO_get_data(b);
|
||||||
return dtls_bio_read(conn, out, maxlen);
|
return dtls_bio_read(conn, out, maxlen);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,11 +92,14 @@ int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
|
|||||||
|
|
||||||
int dtls_openssl_bio_new(BIO * bi)
|
int dtls_openssl_bio_new(BIO * bi)
|
||||||
{
|
{
|
||||||
|
/*
|
||||||
bi->init = 1;
|
bi->init = 1;
|
||||||
bi->num = 0;
|
bi->num = 0;
|
||||||
bi->flags = 0;
|
bi->flags = 0;
|
||||||
bi->ptr = NULL;
|
bi->ptr = NULL;
|
||||||
|
*/
|
||||||
|
BIO_set_init(bi,1);
|
||||||
|
|
||||||
cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO");
|
cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -101,7 +123,8 @@ int dtls_openssl_bio_free(BIO * bio)
|
|||||||
|
|
||||||
long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
|
long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
|
||||||
{
|
{
|
||||||
struct conn *conn = b->ptr;
|
/*struct conn *conn = b->ptr;*/
|
||||||
|
struct conn *conn = BIO_get_data(b);
|
||||||
|
|
||||||
long ret = 1;
|
long ret = 1;
|
||||||
switch (cmd) {
|
switch (cmd) {
|
||||||
|
|||||||
@ -7,21 +7,6 @@
|
|||||||
#include "cw_util.h"
|
#include "cw_util.h"
|
||||||
#include "timer.h"
|
#include "timer.h"
|
||||||
|
|
||||||
/*
|
|
||||||
static BIO_METHOD bio_methods = {
|
|
||||||
BIO_TYPE_DGRAM,
|
|
||||||
"cw packet",
|
|
||||||
dtls_openssl_bio_write,
|
|
||||||
dtls_openssl_bio_read,
|
|
||||||
dtls_openssl_bio_puts,
|
|
||||||
NULL, // dgram_gets
|
|
||||||
dtls_openssl_bio_ctrl,
|
|
||||||
dtls_openssl_bio_new,
|
|
||||||
dtls_openssl_bio_free,
|
|
||||||
NULL,
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
|
|
||||||
unsigned int psk_client_cb(SSL * ssl,
|
unsigned int psk_client_cb(SSL * ssl,
|
||||||
const char *hint,
|
const char *hint,
|
||||||
char *identity,
|
char *identity,
|
||||||
@ -48,11 +33,23 @@ dtls_openssl_connect(struct conn *conn)
|
|||||||
struct dtls_openssl_data *d;
|
struct dtls_openssl_data *d;
|
||||||
int rc;
|
int rc;
|
||||||
time_t timer;
|
time_t timer;
|
||||||
|
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call");
|
||||||
|
|
||||||
|
BIO_METHOD * biomethod = dtls_openssl_bio_method();
|
||||||
|
if (!biomethod){
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "ERROR: Creating new OpenSSL BIO");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 1");
|
||||||
|
|
||||||
if (!conn->dtls_data)
|
if (!conn->dtls_data)
|
||||||
conn->dtls_data =
|
conn->dtls_data =
|
||||||
dtls_openssl_data_create(conn, DTLSv1_client_method(),
|
dtls_openssl_data_create(conn, DTLSv1_client_method(),
|
||||||
dtls_openssl_bio_method());
|
biomethod);
|
||||||
|
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 2");
|
||||||
|
|
||||||
d = (struct dtls_openssl_data *) conn->dtls_data;
|
d = (struct dtls_openssl_data *) conn->dtls_data;
|
||||||
if (!d)
|
if (!d)
|
||||||
@ -63,6 +60,7 @@ dtls_openssl_connect(struct conn *conn)
|
|||||||
SSL_set_psk_client_callback(d->ssl, psk_client_cb);
|
SSL_set_psk_client_callback(d->ssl, psk_client_cb);
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 3");
|
||||||
|
|
||||||
errno =0;
|
errno =0;
|
||||||
timer = cw_timer_start(10);
|
timer = cw_timer_start(10);
|
||||||
@ -70,6 +68,7 @@ dtls_openssl_connect(struct conn *conn)
|
|||||||
rc = SSL_connect(d->ssl);
|
rc = SSL_connect(d->ssl);
|
||||||
}while(rc!=1 && errno==EAGAIN && !cw_timer_timeout(timer));
|
}while(rc!=1 && errno==EAGAIN && !cw_timer_timeout(timer));
|
||||||
|
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 4");
|
||||||
|
|
||||||
if (rc == 1) {
|
if (rc == 1) {
|
||||||
cw_dbg(DBG_DTLS,"SSL connect successfull!");
|
cw_dbg(DBG_DTLS,"SSL connect successfull!");
|
||||||
@ -77,6 +76,7 @@ dtls_openssl_connect(struct conn *conn)
|
|||||||
conn->write = dtls_openssl_write;
|
conn->write = dtls_openssl_write;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 5");
|
||||||
|
|
||||||
rc = dtls_openssl_log_error(d->ssl, rc, "DTLS connect");
|
rc = dtls_openssl_log_error(d->ssl, rc, "DTLS connect");
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@ -3,11 +3,11 @@ include ../Defs.mak
|
|||||||
PROG=wtp
|
PROG=wtp
|
||||||
OBJDIR=./o
|
OBJDIR=./o
|
||||||
LIBDIR := ../../lib
|
LIBDIR := ../../lib
|
||||||
LIBARCHDIR := $(LIBDIR)/$(ARCH)
|
LIBARCHDIR := $(LIBDIR)/$(KERNEL)/$(ARCH)
|
||||||
|
|
||||||
CFLAGS+=-I../
|
CFLAGS+=-I../ -DUSE_OPENSSL
|
||||||
LDFLAGS=-L$(LIBARCHDIR)
|
LDFLAGS=-L$(LIBARCHDIR)
|
||||||
LIBS+=-lcw -lnettle -lgnutls -ldl
|
LIBS+=-lcw -lnettle -lssl -ldl
|
||||||
|
|
||||||
SOURCES=\
|
SOURCES=\
|
||||||
wtp_main.c\
|
wtp_main.c\
|
||||||
|
|||||||
@ -100,7 +100,7 @@ cisco/rouge-detection/rest :Bstr16: .x000aff800000
|
|||||||
cisco/rouge-detection/rouge-detection :Bool: false
|
cisco/rouge-detection/rouge-detection :Bool: false
|
||||||
cisco/sig-toogle :Bool: true
|
cisco/sig-toogle :Bool: true
|
||||||
cisco/ssl-certfile :Str: ../../ssl/certs/wtpc.crt
|
cisco/ssl-certfile :Str: ../../ssl/certs/wtpc.crt
|
||||||
cisco/ssl-cipher :Str: ALL
|
cisco/ssl-cipher :Str: ALL
|
||||||
cisco/ssl-keyfile :Str: ../../ssl/certs/wtpc.key
|
cisco/ssl-keyfile :Str: ../../ssl/certs/wtpc.key
|
||||||
cisco/vlan/id :Word: 0
|
cisco/vlan/id :Word: 0
|
||||||
cisco/vlan/tagging :Bool: false
|
cisco/vlan/tagging :Bool: false
|
||||||
|
|||||||
@ -64,6 +64,9 @@ then
|
|||||||
createcert $SUBJ
|
createcert $SUBJ
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
CISCOTIME='2013-12-24 08:15:42'
|
||||||
|
|
||||||
if [ "$TYPE" = "cisco-ac" ]
|
if [ "$TYPE" = "cisco-ac" ]
|
||||||
then
|
then
|
||||||
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
|
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
|
||||||
@ -84,13 +87,11 @@ then
|
|||||||
-keyout certs/${NAME}.key -out certs/${NAME}.crt \
|
-keyout certs/${NAME}.key -out certs/${NAME}.crt \
|
||||||
-config openssl.cnf \
|
-config openssl.cnf \
|
||||||
-x509 \
|
-x509 \
|
||||||
-subj "$SUBJ"
|
-subj "$SUBJ"
|
||||||
|
|
||||||
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
|
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=128
|
||||||
|
|
||||||
|
|
||||||
# createcert "$SUBJ"
|
|
||||||
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -4,3 +4,5 @@
|
|||||||
./mkcert.sh ac-cisco cisco-ac
|
./mkcert.sh ac-cisco cisco-ac
|
||||||
|
|
||||||
./mkcert.sh wtp
|
./mkcert.sh wtp
|
||||||
|
./mkcert.sh wtpc cisco-ap
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user