mbedtls and polarssl first part

polarssl is the old name for mbedtls.  Unfortunately the two are confused in eg,
Fedora.  For our purposes, polarssl or mbedtls < 2.0 has includes in
/usr/include/polarssl and polarssl_ apis and we call that "polarssl".

polarssl or mbedtls >=2.0 has includes in /usr/include/mbedtls and mbedtls_ apis,
we call that "mbedtls".

This has to be spelled out clearly because eg Fedora has a package "mbedtls" which
is 1.3.x and has the polarssl_ apis and include path.  We will deal with that as
"polarssl" despite the package name then.

This patch lets you use LWS_USE_POLARSSL or LWS_USE_MBEDTLS and set the include and
library path like this

cmake .. -DLWS_USE_POLARSSL=1 -DLWS_POLARSSL_INCLUDE_DIRS=/usr/include -DLWS_POLARSSL_LIBRARIES=/usr/lib64/libmbedtls.so.9

This patch adds the cmake support and adapts [private-]libwebsockets.h but doesn't
modify the apis in ssl[-*].c yet.

Signed-off-by: Andy Green <andy@warmcat.com>

CMakeLists.txt

@@ -63,6 +63,8 @@ option(LWS_WITH_SHARED "Build the shared version of the library" ON)
 option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON)
 option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When setting this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF)
 option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When setting this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF)
+option(LWS_USE_POLARSSL "Use Polarssl (or mbedtls < 2.0) replacement for OpenSSL. When setting this, you also need to specify LWS_POLARSSL_LIBRARIES and LWS_POLARSSL_INCLUDE_DIRS" OFF)
+option(LWS_USE_MBEDTLS "Use mbedTLS (>=2.0) replacement for OpenSSL. When setting this, you also need to specify LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS" OFF)
 option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON)
 option(LWS_WITH_LIBEV "Compile with support for libev" OFF)
 option(LWS_WITH_LIBUV "Compile with support for libuv" OFF)
@@ -156,16 +158,18 @@ set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library")
 set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory")
 set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library")
 set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory")
-set(LWS_LIBEV_LIBRARIES CACHE PATH "Path to the libev library")
+set(LWS_POLARSSL_LIBRARIES CACHE PATH "Path to the PolarSSL library")
+set(LWS_POLARSSL_INCLUDE_DIRS CACHE PATH "Path to the PolarSSL include directory")
+set( CACHE PATH "Path to the libev library")
 set(LWS_LIBEV_INCLUDE_DIRS CACHE PATH "Path to the libev include directory")
 set(LWS_LIBUV_LIBRARIES CACHE PATH "Path to the libuv library")
-set(LWS_LIBUV_INCLUDE_DIRS CACHE PATH "Path to the libuv include directory")
+set(LWS_LIBUVLWS_LIBEV_LIBRARIES_INCLUDE_DIRS CACHE PATH "Path to the libuv include directory")
 
 if (NOT LWS_WITH_SSL)
 	set(LWS_WITHOUT_BUILTIN_SHA1 OFF)
 endif()
 
-if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
+if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL AND NOT LWS_USE_POLARSSL AND NOT LWS_USE_MBEDTLS)
 	if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "")
 	else()
 		set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES})
@@ -194,6 +198,32 @@ if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
 	endif()
 endif()
 
+if (LWS_WITH_SSL AND LWS_USE_POLARSSL)
+	if ("${LWS_POLARSSL_LIBRARIES}" STREQUAL "" OR "${LWS_POLARSSL_INCLUDE_DIRS}" STREQUAL "")
+		if (NOT POLARSSL_FOUND)
+			message(FATAL_ERROR "You must set LWS_POLARSSL_LIBRARIES and LWS_POLARSSL_INCLUDE_DIRS when LWS_USE_POLARSSL is turned on.")
+		endif()
+	else()
+		set(POLARSSL_LIBRARIES ${LWS_POLARSSL_LIBRARIES})
+		set(POLARSSL_INCLUDE_DIRS ${LWS_POLARSSL_INCLUDE_DIRS})
+		set(POLARSSL_FOUND 1)
+	endif()
+	set(USE_POLARSSL 1)
+endif()
+
+if (LWS_WITH_SSL AND LWS_USE_MBEDTLS)
+	if ("${LWS_MBEDTLS_LIBRARIES}" STREQUAL "" OR "${LWS_MBEDTLS_INCLUDE_DIRS}" STREQUAL "")
+		if (NOT MBEDTLS_FOUND)
+			message(FATAL_ERROR "You must set LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS when LWS_USE_MBEDTLS is turned on.")
+		endif()
+	else()
+		set(MBEDTLS_LIBRARIES ${LWS_MBEDTLS_LIBRARIES})
+		set(MBEDTLS_INCLUDE_DIRS ${LWS_MBEDTLS_INCLUDE_DIRS})
+		set(MBEDTLS_FOUND 1)
+	endif()
+	set(USE_MBEDTLS 1)
+endif()
+
 if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
 	if ("${LWS_ZLIB_LIBRARIES}" STREQUAL "" OR "${LWS_ZLIB_INCLUDE_DIRS}" STREQUAL "")
 	else()
@@ -688,7 +718,7 @@ endif()
 #
 if (LWS_WITH_SSL)
 	message("Compiling with SSL support")
-
+	set(chose_ssl 0)
 	if (LWS_USE_WOLFSSL)
 		# Use wolfSSL as OpenSSL replacement.
 		# TODO: Add a find_package command for this also.
@@ -710,7 +740,34 @@ if (LWS_WITH_SSL)
 		endif()
 
 		list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}")
-	else()
+		set(chose_ssl 1)
+	endif()
+
+	if (LWS_USE_POLARSSL)
+		message("POLARSSL include dir: ${POLARSSL_INCLUDE_DIRS}")
+		message("POLARSSL libraries: ${POLARSSL_LIBRARIES}")
+
+		foreach(inc ${POLARSSL_INCLUDE_DIRS})
+			include_directories("${inc}" "${inc}/polarssl")
+		endforeach()
+
+		list(APPEND LIB_LIST "${POLARSSL_LIBRARIES}")
+		set(chose_ssl 1)
+	endif()
+	
+	if (LWS_USE_MBEDTLS)
+		message("MBEDTLS include dir: ${MBEDTLS_INCLUDE_DIRS}")
+		message("MBEDTLS libraries: ${MBEDTLS_LIBRARIES}")
+
+		foreach(inc ${MBEDTLS_INCLUDE_DIRS})
+			include_directories("${inc}" "${inc}/mbedtls")
+		endforeach()
+
+		list(APPEND LIB_LIST "${MBEDTLS_LIBRARIES}")
+		set(chose_ssl 1)
+	endif()
+
+	if (NOT chose_ssl)
 		if (NOT OPENSSL_FOUND)
 			# TODO: Add support for STATIC also.
 			find_package(OpenSSL REQUIRED)
@@ -863,12 +920,13 @@ if (NOT LWS_WITHOUT_TESTAPPS)
 		list(APPEND TEST_APP_LIST ${TEST_NAME})
 	endmacro()
 
-	if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
+	if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL AND NOT LWS_USE_POLARSSL AND NOT LWS_USE_MBEDTLS)
 		message("Searching for OpenSSL executable and dlls")
 		find_package(OpenSSLbins)
 		message("OpenSSL executable: ${OPENSSL_EXECUTABLE}")
 	endif()
 
+
 	if (NOT LWS_WITHOUT_SERVER)
 		#
 		# test-server
@@ -1293,6 +1351,8 @@ if (LWS_USE_WOLFSSL)
 	message("   LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}")
 	message("   LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}")
 endif()
+message(" LWS_USE_POLARSSL = ${LWS_USE_POLARSSL} (PolarSSL replacement for OpenSSL)")
+message(" LWS_USE_MBEDTLS = ${LWS_USE_MBEDTLS} (mbedtls (nee Polarssl) replacement for OpenSSL)")
 message(" LWS_WITHOUT_BUILTIN_SHA1 = ${LWS_WITHOUT_BUILTIN_SHA1}")
 message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}")
 message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}")

lib/libwebsockets.h

@@ -201,17 +201,31 @@ struct sockaddr_in;
 #endif
 
 #ifdef LWS_OPENSSL_SUPPORT
+
 #ifdef USE_WOLFSSL
 #ifdef USE_OLD_CYASSL
 #include <cyassl/openssl/ssl.h>
+#include <cyassl/error-ssl.h>
 #else
 #include <wolfssl/openssl/ssl.h>
+#include <wolfssl/error-ssl.h>
 #endif /* not USE_OLD_CYASSL */
 #else
+#if defined(LWS_USE_POLARSSL)
+#include <polarssl/ssl.h>
+#define SSL_CTX ssl_context
+#define SSL ssl_session
+#else
+#if defined(LWS_USE_MBEDTLS)
+#include <mbedtls/ssl.h>
+#else
 #include <openssl/ssl.h>
+#endif /* not USE_MBEDTLS */
+#endif /* not USE_POLARSSL */
 #endif /* not USE_WOLFSSL */
 #endif
 
+
 #define CONTEXT_PORT_NO_LISTEN -1
 
 enum lws_log_levels {

lib/private-libwebsockets.h

@@ -184,6 +184,7 @@ static inline int compatible_close(int fd) { return close(fd); }
 #endif
 
 #ifdef LWS_OPENSSL_SUPPORT
+
 #ifdef USE_WOLFSSL
 #ifdef USE_OLD_CYASSL
 #include <cyassl/openssl/ssl.h>
@@ -193,11 +194,30 @@ static inline int compatible_close(int fd) { return close(fd); }
 #include <wolfssl/error-ssl.h>
 #endif /* not USE_OLD_CYASSL */
 #else
+#if defined(LWS_USE_POLARSSL)
+#include <polarssl/ssl.h>
+#include <polarssl/error.h>
+#include <polarssl/md5.h>
+#include <polarssl/sha1.h>
+#include <polarssl/ecdh.h>
+#else
+#if defined(LWS_USE_MBEDTLS)
+#include <mbedtls/ssl.h>
+#include <mbedtls/error.h>
+#include <mbedtls/md5.h>
+#include <mbedtls/sha1.h>
+#include <mbedtls/ecdh.h>
+#else
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
+#ifdef LWS_HAVE_OPENSSL_ECDH_H
+#include <openssl/ecdh.h>
+#endif
+#endif /* not USE_MBEDTLS */
+#endif /* not USE_POLARSSL */
 #endif /* not USE_WOLFSSL */
 #endif
 
@@ -1160,7 +1180,9 @@ struct lws {
 #endif
 #ifdef LWS_OPENSSL_SUPPORT
 	SSL *ssl;
+#if !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS)
 	BIO *client_bio;
+#endif
 	struct lws *pending_read_list_prev, *pending_read_list_next;
 #endif
 #ifdef LWS_WITH_HTTP_PROXY

lib/ssl-client.c

@@ -20,13 +20,6 @@
  */
 
 #include "private-libwebsockets.h"
-#ifndef USE_WOLFSSL
- #include <openssl/err.h>
-#endif
-
-#ifdef LWS_HAVE_OPENSSL_ECDH_H
-#include <openssl/ecdh.h>
-#endif
 
 extern int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;

lib/ssl-server.c

@@ -20,13 +20,6 @@
  */
 
 #include "private-libwebsockets.h"
-#ifndef USE_WOLFSSL
- #include <openssl/err.h>
-#endif
-
-#ifdef LWS_HAVE_OPENSSL_ECDH_H
-#include <openssl/ecdh.h>
-#endif
 
 extern int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;

lib/ssl.c

@@ -20,13 +20,6 @@
  */
 
 #include "private-libwebsockets.h"
-#ifndef USE_WOLFSSL
- #include <openssl/err.h>
-#endif
-
-#ifdef LWS_HAVE_OPENSSL_ECDH_H
-#include <openssl/ecdh.h>
-#endif
 
 int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;

lws_config.h.in

@@ -14,6 +14,9 @@
   (older) CyaSSL library */
 #cmakedefine USE_OLD_CYASSL
 
+#cmakedefine LWS_USE_MBEDTLS
+#cmakedefine LWS_USE_POLARSSL
+
 /* The Libwebsocket version */
 #cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"