partial conversion to OpenSSL 1.1.1

2022-07-11 08:26:56 +02:00 · 2022-07-11 08:26:56 +02:00 · f8a83ca463
commit f8a83ca463
parent ddde491ba8
9 changed files with 75 additions and 50 deletions
--- a/src/cw/Makefile
+++ b/src/cw/Makefile
@ -241,20 +241,20 @@ RADIOSRC=\
 	cw_read_radio_generic.c\


-#DTLSSRC += dtls_openssl.c \
-#	dtls_openssl_accept.c \
-#	dtls_openssl_connect.c \
-#	dtls_openssl_get_cipher.c \
-#	dtls_openssl_bio.c 
-#LIBS+=-lssl
+DTLSSRC += dtls_openssl.c \
+	dtls_openssl_accept.c \
+	dtls_openssl_connect.c \
+	dtls_openssl_get_cipher.c \
+	dtls_openssl_bio.c 
+LIBS+=-lssl

-DTLSSRC+= dtls_gnutls.c \
-	dtls_gnutls_accept.c \
-	dtls_gnutls_connect.c \
-	dtls_gnutls_bio.c \
-	dtls_gnutls_get_cipher.c \
-	dtls_gnutls_get_peers_cert.c
-LIBS+=-lgnutls
+#DTLSSRC+= dtls_gnutls.c \
+#	dtls_gnutls_accept.c \
+#	dtls_gnutls_connect.c \
+#	dtls_gnutls_bio.c \
+#	dtls_gnutls_get_cipher.c \
+#	dtls_gnutls_get_peers_cert.c
+#LIBS+=-lgnutls


 #SRC=$(wildcard *.c)
@ -270,7 +270,7 @@ OBJDIR          := ../../obj/cw/$(KERNEL)/$(ARCH)
 SNAME           := $(LIBARCHDIR)/libcw.a
 DNAME           := $(LIBARCHDIR)/libcw.so

-CFLAGS+=-fPIC
+CFLAGS+=-fPIC -DUSE_OPENSSL

 all: $(SNAME) $(DNAME) 
 static: $(SNAME)
--- a/src/cw/dtls_openssl.c
+++ b/src/cw/dtls_openssl.c
@ -36,7 +36,7 @@
 #include "sock.h"


-#ifdef WITH_CW_LOG_DEBUG
+
 static const char * ssl_version2str(int version)
 {
 	switch(version){
@ -67,7 +67,6 @@ static void dtls_debug_cb(int write_p,int version,int type, const void * buf,siz
 	s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len);
 /*	cw_dbg(DBG_DTLS_DETAIL,buffer); */
 }
-#endif


 static void dtls_info_cb (const SSL *ssl, int where, int ret)
@ -357,11 +356,11 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS


 	/* setup debugging */
-#ifdef WITH_CW_LOG_DEBUG
+/*#ifdef WITH_CW_LOG_DEBUG*/
 	SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb);
 	SSL_CTX_set_info_callback (d->ctx, dtls_info_cb);
 	
-#endif
+/*#endif*/



@ -558,7 +557,7 @@ int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *

 }

-int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int len)
+int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int len)
 {
 	char sock_buf[SOCK_ADDR_BUFSIZE];
 	char sock_buf2[SOCK_ADDR_BUFSIZE];	
--- a/src/cw/dtls_openssl.h
+++ b/src/cw/dtls_openssl.h
@ -51,7 +51,7 @@ extern int dtls_openssl_init();
 struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio);
 extern int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len);
 extern int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
-extern int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
+extern int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len);

 extern int dtls_openssl_read(struct conn * conn, uint8_t *buffer, int len);
 extern int dtls_openssl_write(struct conn * conn, const uint8_t *buffer, int len);
--- a/src/cw/dtls_openssl_bio.c
+++ b/src/cw/dtls_openssl_bio.c
@ -37,8 +37,25 @@

 BIO_METHOD *dtls_openssl_bio_method()
 {
+	int index = BIO_get_new_index() ;
+	index = BIO_TYPE_DGRAM;
+	cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO Methods");
+
 	BIO_METHOD * bio_methods;
-	bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet");
+	bio_methods = BIO_meth_new(index,"CW Packet");
+	if (!bio_methods){
+		return NULL;
+	}
+
+	BIO_meth_set_write(bio_methods,dtls_openssl_bio_write);
+	BIO_meth_set_read(bio_methods,dtls_openssl_bio_read);
+	BIO_meth_set_puts(bio_methods,dtls_openssl_bio_puts);
+	BIO_meth_set_ctrl(bio_methods,dtls_openssl_bio_ctrl);
+	BIO_meth_set_create(bio_methods,dtls_openssl_bio_new);
+	BIO_meth_set_destroy(bio_methods,dtls_openssl_bio_free);
+
+
+/*	bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet");*/


 /*	bio_methods.type = BIO_TYPE_DGRAM;
@ -53,19 +70,21 @@ BIO_METHOD *dtls_openssl_bio_method()
 	bio_methods.callback_ctrl = 0;
 */

-	return &bio_methods;
+	return bio_methods;
 }

 int dtls_openssl_bio_write(BIO * b, const char *data, int len)
 {
-	struct conn *conn = b->ptr;
+/*	struct conn *conn = b->ptr;*/
+	struct conn *conn = BIO_get_data(b);
 	return dtls_bio_write(conn, data, len);
 }


 int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
 {
-	struct conn *conn = b->ptr;
+	/*struct conn *conn = b->ptr;*/
+	struct conn *conn = BIO_get_data(b);
 	return dtls_bio_read(conn, out, maxlen);
 }

@ -73,11 +92,14 @@ int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)

 int dtls_openssl_bio_new(BIO * bi)
 {
-
+	/*
 	bi->init = 1;
 	bi->num = 0;
 	bi->flags = 0;
 	bi->ptr = NULL;
+*/
+	BIO_set_init(bi,1);
+
 	cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO");
 	return 1;
 }
@ -101,7 +123,8 @@ int dtls_openssl_bio_free(BIO * bio)

 long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
 {
-	struct conn *conn = b->ptr;
+	/*struct conn *conn = b->ptr;*/
+	struct conn *conn = BIO_get_data(b);

 	long ret = 1;
 	switch (cmd) {
--- a/src/cw/dtls_openssl_connect.c
+++ b/src/cw/dtls_openssl_connect.c
@ -7,21 +7,6 @@
 #include "cw_util.h"
 #include "timer.h"

-/*
-static BIO_METHOD bio_methods = {
-	BIO_TYPE_DGRAM,
-	"cw packet",
-	dtls_openssl_bio_write,
-	dtls_openssl_bio_read,
-	dtls_openssl_bio_puts,
-	NULL, 			// dgram_gets
-	dtls_openssl_bio_ctrl,
-	dtls_openssl_bio_new,
-	dtls_openssl_bio_free,
-	NULL,
-};
-*/
-
 unsigned int psk_client_cb(SSL * ssl,
 				  const char *hint,
 				  char *identity,
@ -49,10 +34,22 @@ dtls_openssl_connect(struct conn *conn)
 	int rc;
 	time_t timer;

+	cw_dbg(DBG_DTLS_BIO, "DTLS Connect call");
+
+	BIO_METHOD * biomethod = dtls_openssl_bio_method();
+	if (!biomethod){
+		cw_dbg(DBG_DTLS_BIO, "ERROR: Creating new OpenSSL BIO");
+		return 0;
+	}
+
+	cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 1");
+	
 	if (!conn->dtls_data)
 		conn->dtls_data =
 		    dtls_openssl_data_create(conn, DTLSv1_client_method(),
-					     dtls_openssl_bio_method());
+					     biomethod);
+
+	cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 2");

 	d = (struct dtls_openssl_data *) conn->dtls_data;
 	if (!d)
@ -63,6 +60,7 @@ dtls_openssl_connect(struct conn *conn)
 		SSL_set_psk_client_callback(d->ssl, psk_client_cb);
 */

+	cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 3");

 	errno =0;
 	timer = cw_timer_start(10);
@ -70,6 +68,7 @@ dtls_openssl_connect(struct conn *conn)
 		rc = SSL_connect(d->ssl);
 	}while(rc!=1 && errno==EAGAIN && !cw_timer_timeout(timer));

+	cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 4");

 	if (rc == 1) {
 		cw_dbg(DBG_DTLS,"SSL connect successfull!");
@ -77,6 +76,7 @@ dtls_openssl_connect(struct conn *conn)
 		conn->write = dtls_openssl_write;
 		return 1;
 	}
+	cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 5");

 	rc = dtls_openssl_log_error(d->ssl, rc, "DTLS connect");
 	return 0;
--- a/src/wtp/Makefile
+++ b/src/wtp/Makefile
@ -3,11 +3,11 @@ include ../Defs.mak
 PROG=wtp
 OBJDIR=./o
 LIBDIR		:= ../../lib
-LIBARCHDIR	:= $(LIBDIR)/$(ARCH)
+LIBARCHDIR	:= $(LIBDIR)/$(KERNEL)/$(ARCH)

-CFLAGS+=-I../ 
+CFLAGS+=-I../ -DUSE_OPENSSL
 LDFLAGS=-L$(LIBARCHDIR) 
-LIBS+=-lcw -lnettle -lgnutls -ldl 
+LIBS+=-lcw -lnettle -lssl -ldl 

 SOURCES=\
     	wtp_main.c\
--- a/ssl/mkcert.sh
+++ b/ssl/mkcert.sh
@ -64,6 +64,9 @@ then
 	createcert $SUBJ
 fi

+
+CISCOTIME='2013-12-24 08:15:42'
+
 if [ "$TYPE" = "cisco-ac" ] 
 then
 	SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
@ -86,11 +89,9 @@ then
                -x509 \
                -subj "$SUBJ" 

-	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
+	$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=128


-#	createcert "$SUBJ"
-

 fi

--- a/ssl/mkcerts.sh
+++ b/ssl/mkcerts.sh
@ -4,3 +4,5 @@
 ./mkcert.sh ac-cisco cisco-ac

 ./mkcert.sh wtp
+./mkcert.sh wtpc cisco-ap
+