partial conversion to OpenSSL 1.1.1

This commit is contained in:
7u83 2022-07-11 08:26:56 +02:00
parent ddde491ba8
commit f8a83ca463
9 changed files with 75 additions and 50 deletions

View File

@ -241,20 +241,20 @@ RADIOSRC=\
cw_read_radio_generic.c\
#DTLSSRC += dtls_openssl.c \
# dtls_openssl_accept.c \
# dtls_openssl_connect.c \
# dtls_openssl_get_cipher.c \
# dtls_openssl_bio.c
#LIBS+=-lssl
DTLSSRC += dtls_openssl.c \
dtls_openssl_accept.c \
dtls_openssl_connect.c \
dtls_openssl_get_cipher.c \
dtls_openssl_bio.c
LIBS+=-lssl
DTLSSRC+= dtls_gnutls.c \
dtls_gnutls_accept.c \
dtls_gnutls_connect.c \
dtls_gnutls_bio.c \
dtls_gnutls_get_cipher.c \
dtls_gnutls_get_peers_cert.c
LIBS+=-lgnutls
#DTLSSRC+= dtls_gnutls.c \
# dtls_gnutls_accept.c \
# dtls_gnutls_connect.c \
# dtls_gnutls_bio.c \
# dtls_gnutls_get_cipher.c \
# dtls_gnutls_get_peers_cert.c
#LIBS+=-lgnutls
#SRC=$(wildcard *.c)
@ -270,7 +270,7 @@ OBJDIR := ../../obj/cw/$(KERNEL)/$(ARCH)
SNAME := $(LIBARCHDIR)/libcw.a
DNAME := $(LIBARCHDIR)/libcw.so
CFLAGS+=-fPIC
CFLAGS+=-fPIC -DUSE_OPENSSL
all: $(SNAME) $(DNAME)
static: $(SNAME)

View File

@ -36,7 +36,7 @@
#include "sock.h"
#ifdef WITH_CW_LOG_DEBUG
static const char * ssl_version2str(int version)
{
switch(version){
@ -67,7 +67,6 @@ static void dtls_debug_cb(int write_p,int version,int type, const void * buf,siz
s+=sprintf(s,"type = %d (0x%02X), %s (%08x), len = %d",type,type,ssl_version2str(version),version,(int)len);
/* cw_dbg(DBG_DTLS_DETAIL,buffer); */
}
#endif
static void dtls_info_cb (const SSL *ssl, int where, int ret)
@ -357,11 +356,11 @@ struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SS
/* setup debugging */
#ifdef WITH_CW_LOG_DEBUG
/*#ifdef WITH_CW_LOG_DEBUG*/
SSL_CTX_set_msg_callback(d->ctx,dtls_debug_cb);
SSL_CTX_set_info_callback (d->ctx, dtls_info_cb);
#endif
/*#endif*/
@ -558,7 +557,7 @@ int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *
}
int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int len)
int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int len)
{
char sock_buf[SOCK_ADDR_BUFSIZE];
char sock_buf2[SOCK_ADDR_BUFSIZE];

View File

@ -51,7 +51,7 @@ extern int dtls_openssl_init();
struct dtls_openssl_data * dtls_openssl_data_create(struct conn * conn, const SSL_METHOD * method, BIO_METHOD * bio);
extern int dtls_openssl_psk_key2bn(const char *psk_key, unsigned char *psk, unsigned int max_psk_len);
extern int dtls_openssl_generate_cookie(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
extern int dtls_openssl_verify_cookie(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
extern int dtls_openssl_verify_cookie(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len);
extern int dtls_openssl_read(struct conn * conn, uint8_t *buffer, int len);
extern int dtls_openssl_write(struct conn * conn, const uint8_t *buffer, int len);

View File

@ -37,8 +37,25 @@
BIO_METHOD *dtls_openssl_bio_method()
{
int index = BIO_get_new_index() ;
index = BIO_TYPE_DGRAM;
cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO Methods");
BIO_METHOD * bio_methods;
bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet");
bio_methods = BIO_meth_new(index,"CW Packet");
if (!bio_methods){
return NULL;
}
BIO_meth_set_write(bio_methods,dtls_openssl_bio_write);
BIO_meth_set_read(bio_methods,dtls_openssl_bio_read);
BIO_meth_set_puts(bio_methods,dtls_openssl_bio_puts);
BIO_meth_set_ctrl(bio_methods,dtls_openssl_bio_ctrl);
BIO_meth_set_create(bio_methods,dtls_openssl_bio_new);
BIO_meth_set_destroy(bio_methods,dtls_openssl_bio_free);
/* bio_methods = BIO_mth_new(BIO_TYPE_DGRAM,"CW Packet");*/
/* bio_methods.type = BIO_TYPE_DGRAM;
@ -53,19 +70,21 @@ BIO_METHOD *dtls_openssl_bio_method()
bio_methods.callback_ctrl = 0;
*/
return &bio_methods;
return bio_methods;
}
int dtls_openssl_bio_write(BIO * b, const char *data, int len)
{
struct conn *conn = b->ptr;
/* struct conn *conn = b->ptr;*/
struct conn *conn = BIO_get_data(b);
return dtls_bio_write(conn, data, len);
}
int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
{
struct conn *conn = b->ptr;
/*struct conn *conn = b->ptr;*/
struct conn *conn = BIO_get_data(b);
return dtls_bio_read(conn, out, maxlen);
}
@ -73,11 +92,14 @@ int dtls_openssl_bio_read(BIO * b, char *out, int maxlen)
int dtls_openssl_bio_new(BIO * bi)
{
/*
bi->init = 1;
bi->num = 0;
bi->flags = 0;
bi->ptr = NULL;
*/
BIO_set_init(bi,1);
cw_dbg(DBG_DTLS_BIO, "Creating new OpenSSL BIO");
return 1;
}
@ -101,7 +123,8 @@ int dtls_openssl_bio_free(BIO * bio)
long dtls_openssl_bio_ctrl(BIO * b, int cmd, long num, void *ptr)
{
struct conn *conn = b->ptr;
/*struct conn *conn = b->ptr;*/
struct conn *conn = BIO_get_data(b);
long ret = 1;
switch (cmd) {

View File

@ -7,21 +7,6 @@
#include "cw_util.h"
#include "timer.h"
/*
static BIO_METHOD bio_methods = {
BIO_TYPE_DGRAM,
"cw packet",
dtls_openssl_bio_write,
dtls_openssl_bio_read,
dtls_openssl_bio_puts,
NULL, // dgram_gets
dtls_openssl_bio_ctrl,
dtls_openssl_bio_new,
dtls_openssl_bio_free,
NULL,
};
*/
unsigned int psk_client_cb(SSL * ssl,
const char *hint,
char *identity,
@ -49,10 +34,22 @@ dtls_openssl_connect(struct conn *conn)
int rc;
time_t timer;
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call");
BIO_METHOD * biomethod = dtls_openssl_bio_method();
if (!biomethod){
cw_dbg(DBG_DTLS_BIO, "ERROR: Creating new OpenSSL BIO");
return 0;
}
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 1");
if (!conn->dtls_data)
conn->dtls_data =
dtls_openssl_data_create(conn, DTLSv1_client_method(),
dtls_openssl_bio_method());
biomethod);
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 2");
d = (struct dtls_openssl_data *) conn->dtls_data;
if (!d)
@ -63,6 +60,7 @@ dtls_openssl_connect(struct conn *conn)
SSL_set_psk_client_callback(d->ssl, psk_client_cb);
*/
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 3");
errno =0;
timer = cw_timer_start(10);
@ -70,6 +68,7 @@ dtls_openssl_connect(struct conn *conn)
rc = SSL_connect(d->ssl);
}while(rc!=1 && errno==EAGAIN && !cw_timer_timeout(timer));
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 4");
if (rc == 1) {
cw_dbg(DBG_DTLS,"SSL connect successfull!");
@ -77,6 +76,7 @@ dtls_openssl_connect(struct conn *conn)
conn->write = dtls_openssl_write;
return 1;
}
cw_dbg(DBG_DTLS_BIO, "DTLS Connect call 5");
rc = dtls_openssl_log_error(d->ssl, rc, "DTLS connect");
return 0;

View File

@ -3,11 +3,11 @@ include ../Defs.mak
PROG=wtp
OBJDIR=./o
LIBDIR := ../../lib
LIBARCHDIR := $(LIBDIR)/$(ARCH)
LIBARCHDIR := $(LIBDIR)/$(KERNEL)/$(ARCH)
CFLAGS+=-I../
CFLAGS+=-I../ -DUSE_OPENSSL
LDFLAGS=-L$(LIBARCHDIR)
LIBS+=-lcw -lnettle -lgnutls -ldl
LIBS+=-lcw -lnettle -lssl -ldl
SOURCES=\
wtp_main.c\

View File

@ -64,6 +64,9 @@ then
createcert $SUBJ
fi
CISCOTIME='2013-12-24 08:15:42'
if [ "$TYPE" = "cisco-ac" ]
then
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Virtual Wireless LAN Controller/CN=DEVICE-AC-TUBE/emailAddress=7u83@mail.ru"
@ -86,11 +89,9 @@ then
-x509 \
-subj "$SUBJ"
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem -days=128
# createcert "$SUBJ"
fi

View File

@ -4,3 +4,5 @@
./mkcert.sh ac-cisco cisco-ac
./mkcert.sh wtp
./mkcert.sh wtpc cisco-ap