Move from CyaSSL to wolfSSL

This patch lets libwebsockets use the lastest version of wolfSSL (the new name for CyaSSL).
The reason for the patch is that allthough wolfSSL provides compatibility headers for (old) projects using CyaSSL,
these are incomplete and do not work for libwebsockets.

The patch also fixes a typo in CMakeLists.txt where CYASSL_LIBRARIES was added to include_directories() instead of CYASSL_INCLUDE_DIRS.

Signed-off-by: ABruines <alexander.bruines@gmail.com>

CMakeLists.txt

@@ -44,8 +44,8 @@ endif()
 
 option(LWS_WITH_STATIC "Build the static version of the library" ON)
 option(LWS_WITH_SHARED "Build the shared version of the library" ON)
-option(LWS_WITH_SSL "Include SSL support (default OpenSSL, CyaSSL if LWS_USE_CYASSL is set)" ON)
-option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When settings this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF)
+option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON)
+option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When settings this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF)
 option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON)
 option(LWS_WITH_LIBEV "Compile with support for libev" OFF)
 option(LWS_USE_BUNDLED_ZLIB "Use bundled zlib version (Windows only)" ${LWS_USE_BUNDLED_ZLIB_DEFAULT})
@@ -90,12 +90,12 @@ set(LWS_ZLIB_LIBRARIES CACHE PATH "Path to the zlib library")
 set(LWS_ZLIB_INCLUDE_DIRS CACHE PATH "Path to the zlib include directory")
 set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library")
 set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory")
-set(LWS_CYASSL_LIBRARIES CACHE PATH "Path to the CyaSSL library")
-set(LWS_CYASSL_INCLUDE_DIRS CACHE PATH "Path to the CyaSSL include directory")
+set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library")
+set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory")
 set(LWS_LIBEV_LIBRARIES CACHE PATH "Path to the libev library")
 set(LWS_LIBEV_INCLUDE_DIRS CACHE PATH "Path to the libev include directory")
 
-if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL)
+if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
 	if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "")
 	else()
 		set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES})
@@ -104,17 +104,17 @@ if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL)
 	endif()
 endif()
 
-if (LWS_WITH_SSL AND LWS_USE_CYASSL)
-	if ("${LWS_CYASSL_LIBRARIES}" STREQUAL "" OR "${LWS_CYASSL_INCLUDE_DIRS}" STREQUAL "")
-		if (NOT CYASSL_FOUND)
-			message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_USE_CYASSL is turned on.")
+if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
+	if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "")
+		if (NOT WOLFSSL_FOUND)
+			message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.")
 		endif()
 	else()
-		set(CYASSL_LIBRARIES ${LWS_CYASSL_LIBRARIES})
-		set(CYASSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS})
-		set(CYASSL_FOUND 1)
+		set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES})
+		set(WOLFSSL_INCLUDE_DIRS ${LWS_WOLFSSL_INCLUDE_DIRS})
+		set(WOLFSSL_FOUND 1)
 	endif()
-	set(USE_CYASSL 1)
+	set(USE_WOLFSSL 1)
 endif()
 
 if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
@@ -516,20 +516,20 @@ endif()
 if (LWS_WITH_SSL)
 	message("Compiling with SSL support")
 
-	if (LWS_USE_CYASSL)
-		# Use CyaSSL as OpenSSL replacement.
+	if (LWS_USE_WOLFSSL)
+		# Use wolfSSL as OpenSSL replacement.
 		# TODO: Add a find_package command for this also.
-		message("CyaSSL include dir: ${CYASSL_INCLUDE_DIRS}")
-		message("CyaSSL libraries: ${CYASSL_LIBRARIES}")
+		message("wolfSSL include dir: ${WOLFSSL_INCLUDE_DIRS}")
+		message("wolfSSL libraries: ${WOLFSSL_LIBRARIES}")
 
 		# Additional to the root directory we need to include
-		# the cyassl/ subdirectory which contains the OpenSSL
+		# the wolfssl/ subdirectory which contains the OpenSSL
 		# compatability layer headers.
-		foreach(inc ${CYASSL_LIBRARIES})
-			include_directories("${inc}" "${inc}/cyassl")
+		foreach(inc ${WOLFSSL_INCLUDE_DIRS})
+			include_directories("${inc}" "${inc}/wolfssl")
 		endforeach()
 
-		list(APPEND LIB_LIST "${CYASSL_LIBRARIES}")
+		list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}")
 	else()
 		if (NOT OPENSSL_FOUND)
 			# TODO: Add support for STATIC also.
@@ -636,7 +636,7 @@ if (NOT LWS_WITHOUT_TESTAPPS)
 		list(APPEND TEST_APP_LIST ${TEST_NAME})
 	endmacro()
 
-	if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL)
+	if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
 		message("Searching for OpenSSL executable and dlls")
 		find_package(OpenSSLbins)
 		message("OpenSSL executable: ${OPENSSL_EXECUTABLE}")
@@ -781,7 +781,7 @@ if (NOT LWS_WITHOUT_TESTAPPS)
 	# Copy OpenSSL dlls to the output directory on Windows.
 	# (Otherwise we'll get an error when trying to run)
 	#
-	if (WIN32 AND LWS_WITH_SSL AND NOT LWS_USE_CYASSL)
+	if (WIN32 AND LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
 		if(OPENSSL_BIN_FOUND)
 			message("OpenSSL dlls found:")
 			message("  Libeay: ${LIBEAY_BIN}")
@@ -933,10 +933,10 @@ message("  Settings:  (For more help do cmake -LH <srcpath>)")
 message("---------------------------------------------------------------------")
 message(" LWS_WITH_SSL = ${LWS_WITH_SSL}  (SSL Support)")
 message(" LWS_SSL_CLIENT_USE_OS_CA_CERTS = ${LWS_SSL_CLIENT_USE_OS_CA_CERTS}")
-message(" LWS_USE_CYASSL = ${LWS_USE_CYASSL} (CyaSSL replacement for OpenSSL)")
-if (LWS_USE_CYASSL)
-	message("   LWS_CYASSL_LIBRARIES = ${LWS_CYASSL_LIBRARIES}")
-	message("   LWS_CYASSL_INCLUDE_DIRS = ${LWS_CYASSL_INCLUDE_DIRS}")
+message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL replacement for OpenSSL)")
+if (LWS_USE_WOLFSSL)
+	message("   LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}")
+	message("   LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}")
 endif()
 message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}")
 message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}")

README.build.md

@@ -10,7 +10,7 @@ create elaborate clean scripts to get a clean source tree, instead you
 simply remove your build directory.
 
 Libwebsockets has been tested to build successfully on the following platforms
-with SSL support (both OpenSSL/CyaSSL):
+with SSL support (both OpenSSL/wolfSSL):
 
 - Windows
 - Linux (x86 and ARM)
@@ -151,27 +151,27 @@ Windows GUI
 On windows CMake comes with a gui application:
 	Start -> Programs -> CMake -> CMake (cmake-gui)
 
-CyaSSL replacement for OpenSSL
+wolfSSL replacement for OpenSSL
 ------------------------------
-CyaSSL is a lightweight SSL library targeted at embedded system:
-http://www.yassl.com/yaSSL/Products-cyassl.html
+wolfSSL is a lightweight SSL library targeted at embedded system:
+http://www.yassl.com/yaSSL/Products-wolfssl.html
 
 It contains a OpenSSL compatability layer which makes it possible to pretty
 much link to it instead of OpenSSL, giving a much smaller footprint.
 
-**NOTE**: cyassl needs to be compiled using the `--enable-opensslextra` flag for
+**NOTE**: wolfssl needs to be compiled using the `--enable-opensslextra` flag for
 this to work.
 
-Compiling libwebsockets with CyaSSL
+Compiling libwebsockets with wolfSSL
 -----------------------------------
 
 ```bash
-cmake .. -DLWS_USE_CYASSL=1 \
-	 -DLWS_CYASSL_INCLUDE_DIRS=/path/to/cyassl \
-	 -DLWS_CYASSL_LIB=/path/to/cyassl/cyassl.a ..
+cmake .. -DLWS_USE_WOLFSSL=1 \
+	 -DLWS_WOLFSSL_INCLUDE_DIRS=/path/to/wolfssl \
+	 -DLWS_WOLFSSL_LIB=/path/to/wolfssl/wolfssl.a ..
 ```
 
-**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIB` instead.
+**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIB` instead.
 
 
 Reproducing HTTP2.0 tests

cross-openwrt-makefile

@@ -23,11 +23,11 @@ CMAKE_OPTIONS += -DLWS_OPENSSL_SUPPORT=ON
 CMAKE_OPTIONS += -DLWS_WITH_SSL=ON
 CMAKE_OPTIONS += -DLWS_WITHOUT_TESTAPPS=$(if $(CONFIG_PACKAGE_libwebsockets-examples),"OFF","ON")
 
-# for cyassl, define these in addition to LWS_OPENSSL_SUPPORT and
-# edit package/libs/cyassl/Makefile to include --enable-opensslextra
-# CMAKE_OPTIONS += -DLWS_USE_CYASSL=ON
-# CMAKE_OPTIONS += -DLWS_CYASSL_LIB=$(STAGING_DIR)/usr/lib/libcyassl.so
-# CMAKE_OPTIONS += -DLWS_CYASSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
+# for wolfssl, define these in addition to LWS_OPENSSL_SUPPORT and
+# edit package/libs/wolfssl/Makefile to include --enable-opensslextra
+# CMAKE_OPTIONS += -DLWS_USE_WOLFSSL=ON
+# CMAKE_OPTIONS += -DLWS_WOLFSSL_LIB=$(STAGING_DIR)/usr/lib/libwolfssl.so
+# CMAKE_OPTIONS += -DLWS_WOLFSSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
 
 # other options worth noting
 # CMAKE_OPTIONS += -DLWS_WITHOUT_EXTENSIONS=ON

lib/client.c

@@ -132,13 +132,13 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 		/* we can retry this... just cook the SSL BIO the first time */
 
 		if (wsi->use_ssl && !wsi->ssl) {
-#if defined(CYASSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
+#if defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
 			const char *hostname = lws_hdr_simple_ptr(wsi,
 						_WSI_TOKEN_CLIENT_PEER_ADDRESS);
 #endif
 
 			wsi->ssl = SSL_new(context->ssl_client_ctx);
-#ifndef USE_CYASSL
+#ifndef USE_WOLFSSL
 			SSL_set_mode(wsi->ssl,
 					SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 #endif
@@ -146,9 +146,9 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 			 * use server name indication (SNI), if supported,
 			 * when establishing connection
 			 */
-#ifdef USE_CYASSL
-#ifdef CYASSL_SNI_HOST_NAME
-			CyaSSL_UseSNI(wsi->ssl, CYASSL_SNI_HOST_NAME,
+#ifdef USE_WOLFSSL
+#ifdef WOLFSSL_SNI_HOST_NAME
+			wolfSSL_UseSNI(wsi->ssl, WOLFSSL_SNI_HOST_NAME,
 				hostname, strlen(hostname));
 #endif
 #else
@@ -157,9 +157,9 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 #endif
 #endif
 
-#ifdef USE_CYASSL
+#ifdef USE_WOLFSSL
 			/*
-			 * CyaSSL does certificate verification differently
+			 * wolfSSL does certificate verification differently
 			 * from OpenSSL.
 			 * If we should ignore the certificate, we need to set
 			 * this before SSL_new and SSL_connect is called.
@@ -167,16 +167,16 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 			 * code -155
 			 */
 			if (wsi->use_ssl == 2)
-				CyaSSL_set_verify(wsi->ssl,
+				wolfSSL_set_verify(wsi->ssl,
 							SSL_VERIFY_NONE, NULL);
-#endif /* USE_CYASSL */
+#endif /* USE_WOLFSSL */
 
 			wsi->client_bio =
 				BIO_new_socket(wsi->sock, BIO_NOCLOSE);
 			SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);
 
-#ifdef USE_CYASSL
-			CyaSSL_set_using_nonblock(wsi->ssl, 1);
+#ifdef USE_WOLFSSL
+			wolfSSL_set_using_nonblock(wsi->ssl, 1);
 #else
 			BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
 #endif
@@ -300,9 +300,9 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 				}
 			}
 			
-			#ifndef USE_CYASSL
+			#ifndef USE_WOLFSSL
 			/*
-			 * See comment above about CyaSSL certificate
+			 * See comment above about wolfSSL certificate
 			 * verification
 			 */
 			lws_latency_pre(context, wsi);
@@ -323,7 +323,7 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 					return 0;
 				}
 			}
-#endif /* USE_CYASSL */
+#endif /* USE_WOLFSSL */
 		} else
 			wsi->ssl = NULL;
 #endif

lib/libwebsockets.h

@@ -91,11 +91,11 @@ extern "C" {
 #endif
 
 #ifdef LWS_OPENSSL_SUPPORT
-#ifdef USE_CYASSL
-#include <cyassl/openssl/ssl.h>
+#ifdef USE_WOLFSSL
+#include <wolfssl/openssl/ssl.h>
 #else
 #include <openssl/ssl.h>
-#endif /* not USE_CYASSL */
+#endif /* not USE_WOLFSSL */
 #endif
 
 #define CONTEXT_PORT_NO_LISTEN -1

lib/private-libwebsockets.h

@@ -149,16 +149,16 @@
 #endif
 
 #ifdef LWS_OPENSSL_SUPPORT
-#ifdef USE_CYASSL
-#include <cyassl/openssl/ssl.h>
-#include <cyassl/error-ssl.h>
+#ifdef USE_WOLFSSL
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/error-ssl.h>
 #else
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
-#endif /* not USE_CYASSL */
+#endif /* not USE_WOLFSSL */
 #endif
 
 #include "libwebsockets.h"

lib/ssl.c

@@ -20,7 +20,9 @@
  */
 
 #include "private-libwebsockets.h"
+#ifndef USE_WOLFSSL
  #include <openssl/err.h>
+#endif
 
 int openssl_websocket_private_data_index;
 
@@ -86,8 +88,8 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 
 		context->use_ssl = info->ssl_cert_filepath != NULL;
 
-#ifdef USE_CYASSL
-		lwsl_notice(" Compiled with CYASSL support\n");
+#ifdef USE_WOLFSSL
+		lwsl_notice(" Compiled with WOLFSSL support\n");
 #else
 		lwsl_notice(" Compiled with OpenSSL support\n");
 #endif
@@ -240,7 +242,7 @@ lws_ssl_destroy(struct libwebsocket_context *context)
 	if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx)
 		SSL_CTX_free(context->ssl_client_ctx);
 
-#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_CYASSL)
+#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
 	ERR_remove_state(0);
 #else
 	ERR_remove_thread_state(NULL);
@@ -511,7 +513,7 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context,
 {
 	int n, m;
 	struct libwebsocket *wsi = *pwsi;
-#ifndef USE_CYASSL
+#ifndef USE_WOLFSSL
 	BIO *bio;
 #endif
 
@@ -542,8 +544,8 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context,
 
 		SSL_set_fd(new_wsi->ssl, accept_fd);
 
-#ifdef USE_CYASSL
-		CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
+#ifdef USE_WOLFSSL
+		wolfSSL_set_using_nonblock(new_wsi->ssl, 1);
 #else
 		SSL_set_mode(new_wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 		bio = SSL_get_rbio(new_wsi->ssl);
@@ -674,7 +676,7 @@ lws_ssl_context_destroy(struct libwebsocket_context *context)
 	if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx)
 		SSL_CTX_free(context->ssl_client_ctx);
 
-#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_CYASSL)
+#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
 	ERR_remove_state(0);
 #else
 	ERR_remove_thread_state(NULL);

lws_config.h.in

@@ -6,9 +6,9 @@
 	#endif
 #endif
 
-/* Define to 1 to use CyaSSL as a replacement for OpenSSL. 
+/* Define to 1 to use wolfSSL as a replacement for OpenSSL.
  * LWS_OPENSSL_SUPPORT needs to be set also for this to work. */
-#cmakedefine USE_CYASSL
+#cmakedefine USE_WOLFSSL
 
 /* The Libwebsocket version */
 #cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"