From 79d91aa6e7f2fe544a4953fbae1c8bdcdba78099 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Wed, 18 Sep 2019 23:18:01 -0300 Subject: Remove CyaSSL, WolfSSL < 3.10.4 support This updates the CyaSSL names to wolfSSL, and removes obsolete code to support old versions of the library < v3.10.4. Some #include statements were moved around, so that wolfssl/options.h is loaded before any other wolfssl/openssl header. Signed-off-by: Eneas U de Queiroz --- CMakeLists.txt | 15 ++------ ustream-internal.h | 3 -- ustream-io-cyassl.c | 106 --------------------------------------------------- ustream-io-wolfssl.c | 74 +++++++++++++++++++++++++++++++++++ ustream-openssl.c | 6 +-- ustream-openssl.h | 4 ++ 6 files changed, 85 insertions(+), 123 deletions(-) delete mode 100644 ustream-io-cyassl.c create mode 100644 ustream-io-wolfssl.c diff --git a/CMakeLists.txt b/CMakeLists.txt index c4a3c44..3b557c3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,5 @@ cmake_minimum_required(VERSION 2.6) -INCLUDE(CheckIncludeFiles) - PROJECT(ustream-ssl C) ADD_DEFINITIONS(-Os -Wall -Werror --std=gnu99 -g3 -Wmissing-declarations) @@ -11,15 +9,10 @@ IF(MBEDTLS) ADD_DEFINITIONS(-DHAVE_MBEDTLS) SET(SSL_SRC ustream-mbedtls.c) SET(SSL_LIB mbedtls mbedcrypto mbedx509 m) -ELSEIF(CYASSL) - CHECK_INCLUDE_FILES (cyassl/version.h HAVE_CYASSL_VERSION_H) - SET(CMAKE_EXTRA_INCLUDE_FILES cyassl/ssl.h) - IF (HAVE_CYASSL_VERSION_H) - ADD_DEFINITIONS(-DHAVE_CYASSL_VERSION_H) - ENDIF() - ADD_DEFINITIONS(-DHAVE_CYASSL) - SET(SSL_SRC ustream-io-cyassl.c ustream-openssl.c) - SET(SSL_LIB cyassl m) +ELSEIF(WOLFSSL) + ADD_DEFINITIONS(-DHAVE_WOLFSSL) + SET(SSL_SRC ustream-io-wolfssl.c ustream-openssl.c) + SET(SSL_LIB wolfssl m) ELSE() SET(SSL_SRC ustream-io-openssl.c ustream-openssl.c) SET(SSL_LIB crypto ssl) diff --git a/ustream-internal.h b/ustream-internal.h index a8c534f..8d5d0db 100644 --- a/ustream-internal.h +++ b/ustream-internal.h @@ -24,9 +24,6 @@ #if defined(HAVE_MBEDTLS) #include "ustream-mbedtls.h" #else -#if defined(HAVE_CYASSL) -#include -#endif #include "ustream-openssl.h" #endif diff --git a/ustream-io-cyassl.c b/ustream-io-cyassl.c deleted file mode 100644 index d97d55e..0000000 --- a/ustream-io-cyassl.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * ustream-ssl - library for SSL over ustream - * - * Copyright (C) 2012 Felix Fietkau - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include - -#include - -#include "ustream-ssl.h" -#include "ustream-internal.h" - -#ifdef HAVE_CYASSL_VERSION_H -#include -#else -#define LIBCYASSL_VERSION_HEX 0 -#endif - -static int s_ustream_read(char *buf, int len, void *ctx) -{ - struct ustream *s = ctx; - char *sbuf; - int slen; - - if (s->eof) - return -3; - - sbuf = ustream_get_read_buf(s, &slen); - if (slen > len) - slen = len; - - if (!slen) - return -2; - - memcpy(buf, sbuf, slen); - ustream_consume(s, slen); - - return slen; -} - -static int s_ustream_write(char *buf, int len, void *ctx) -{ - struct ustream *s = ctx; - - if (s->write_error) - return len; - - return ustream_write(s, buf, len, false); -} - -#if (LIBCYASSL_VERSION_HEX > 0) -static int io_recv_cb(SSL* ssl, char *buf, int sz, void *ctx) -{ - return s_ustream_read(buf, sz, ctx); -} - -static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx) -{ - return s_ustream_write(buf, sz, ctx); -} -#else -/* not defined in the header file */ -typedef int (*CallbackIORecv)(char *buf, int sz, void *ctx); -typedef int (*CallbackIOSend)(char *buf, int sz, void *ctx); - -void SetCallbackIORecv_Ctx(SSL_CTX*, CallbackIORecv); -void SetCallbackIOSend_Ctx(SSL_CTX*, CallbackIOSend); -void SetCallbackIO_ReadCtx(SSL* ssl, void *rctx); -void SetCallbackIO_WriteCtx(SSL* ssl, void *wctx); - -#define CyaSSL_SetIOReadCtx SetCallbackIO_ReadCtx -#define CyaSSL_SetIOWriteCtx SetCallbackIO_WriteCtx -#define CyaSSL_SetIORecv SetCallbackIORecv_Ctx -#define CyaSSL_SetIOSend SetCallbackIOSend_Ctx - -static int io_recv_cb(char *buf, int sz, void *ctx) -{ - return s_ustream_read(buf, sz, ctx); -} - -static int io_send_cb(char *buf, int sz, void *ctx) -{ - return s_ustream_write(buf, sz, ctx); -} -#endif - -__hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn) -{ - CyaSSL_SetIOReadCtx(ssl, conn); - CyaSSL_SetIOWriteCtx(ssl, conn); - CyaSSL_SetIORecv((void *) ctx, io_recv_cb); - CyaSSL_SetIOSend((void *) ctx, io_send_cb); -} diff --git a/ustream-io-wolfssl.c b/ustream-io-wolfssl.c new file mode 100644 index 0000000..052518a --- /dev/null +++ b/ustream-io-wolfssl.c @@ -0,0 +1,74 @@ +/* + * ustream-ssl - library for SSL over ustream + * + * Copyright (C) 2012 Felix Fietkau + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include "ustream-ssl.h" +#include "ustream-internal.h" + +static int s_ustream_read(char *buf, int len, void *ctx) +{ + struct ustream *s = ctx; + char *sbuf; + int slen; + + if (s->eof) + return -3; + + sbuf = ustream_get_read_buf(s, &slen); + if (slen > len) + slen = len; + + if (!slen) + return -2; + + memcpy(buf, sbuf, slen); + ustream_consume(s, slen); + + return slen; +} + +static int s_ustream_write(char *buf, int len, void *ctx) +{ + struct ustream *s = ctx; + + if (s->write_error) + return len; + + return ustream_write(s, buf, len, false); +} + +static int io_recv_cb(SSL* ssl, char *buf, int sz, void *ctx) +{ + return s_ustream_read(buf, sz, ctx); +} + +static int io_send_cb(SSL* ssl, char *buf, int sz, void *ctx) +{ + return s_ustream_write(buf, sz, ctx); +} + +__hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn) +{ + wolfSSL_SetIOReadCtx(ssl, conn); + wolfSSL_SetIOWriteCtx(ssl, conn); + wolfSSL_SetIORecv((void *) ctx, io_recv_cb); + wolfSSL_SetIOSend((void *) ctx, io_send_cb); +} diff --git a/ustream-openssl.c b/ustream-openssl.c index b2df362..21abf61 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -18,9 +18,9 @@ #include #include -#include #include "ustream-ssl.h" #include "ustream-internal.h" +#include /* Ciphersuite preference: * - for server, no weak ciphers are used if you use an ECDSA key. @@ -203,7 +203,7 @@ static void ustream_ssl_error(struct ustream_ssl *us, int ret) uloop_timeout_set(&us->error_timer, 0); } -#ifndef CYASSL_OPENSSL_H_ +#ifndef WOLFSSL_OPENSSL_H_ static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert) { @@ -252,7 +252,7 @@ __hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us) r = SSL_connect(ssl); if (r == 1) { -#ifndef CYASSL_OPENSSL_H_ +#ifndef WOLFSSL_OPENSSL_H_ ustream_ssl_verify_cert(us); #endif return U_SSL_OK; diff --git a/ustream-openssl.h b/ustream-openssl.h index afff22b..0a6ca91 100644 --- a/ustream-openssl.h +++ b/ustream-openssl.h @@ -19,6 +19,10 @@ #ifndef __USTREAM_OPENSSL_H #define __USTREAM_OPENSSL_H +#if defined(HAVE_WOLFSSL) +#include +#endif + #include #include #include -- cgit v1.2.1