From 1a3f17700e483ea5354bda3f35d513fa30734d47 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Mon, 28 Mar 2016 19:58:02 +0800 Subject: [PATCH] mbedtls and polarssl first part polarssl is the old name for mbedtls. Unfortunately the two are confused in eg, Fedora. For our purposes, polarssl or mbedtls < 2.0 has includes in /usr/include/polarssl and polarssl_ apis and we call that "polarssl". polarssl or mbedtls >=2.0 has includes in /usr/include/mbedtls and mbedtls_ apis, we call that "mbedtls". This has to be spelled out clearly because eg Fedora has a package "mbedtls" which is 1.3.x and has the polarssl_ apis and include path. We will deal with that as "polarssl" despite the package name then. This patch lets you use LWS_USE_POLARSSL or LWS_USE_MBEDTLS and set the include and library path like this cmake .. -DLWS_USE_POLARSSL=1 -DLWS_POLARSSL_INCLUDE_DIRS=/usr/include -DLWS_POLARSSL_LIBRARIES=/usr/lib64/libmbedtls.so.9 This patch adds the cmake support and adapts [private-]libwebsockets.h but doesn't modify the apis in ssl[-*].c yet. Signed-off-by: Andy Green --- CMakeLists.txt | 72 +++++++++++++++++++++++++++++++++---- lib/libwebsockets.h | 14 ++++++++ lib/private-libwebsockets.h | 22 ++++++++++++ lib/ssl-client.c | 7 ---- lib/ssl-server.c | 7 ---- lib/ssl.c | 7 ---- lws_config.h.in | 3 ++ 7 files changed, 105 insertions(+), 27 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c8cf3004..e93d14de 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -63,6 +63,8 @@ option(LWS_WITH_SHARED "Build the shared version of the library" ON) option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON) option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When setting this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF) option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When setting this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF) +option(LWS_USE_POLARSSL "Use Polarssl (or mbedtls < 2.0) replacement for OpenSSL. When setting this, you also need to specify LWS_POLARSSL_LIBRARIES and LWS_POLARSSL_INCLUDE_DIRS" OFF) +option(LWS_USE_MBEDTLS "Use mbedTLS (>=2.0) replacement for OpenSSL. When setting this, you also need to specify LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS" OFF) option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON) option(LWS_WITH_LIBEV "Compile with support for libev" OFF) option(LWS_WITH_LIBUV "Compile with support for libuv" OFF) @@ -156,16 +158,18 @@ set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library") set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory") set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library") set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory") -set(LWS_LIBEV_LIBRARIES CACHE PATH "Path to the libev library") +set(LWS_POLARSSL_LIBRARIES CACHE PATH "Path to the PolarSSL library") +set(LWS_POLARSSL_INCLUDE_DIRS CACHE PATH "Path to the PolarSSL include directory") +set( CACHE PATH "Path to the libev library") set(LWS_LIBEV_INCLUDE_DIRS CACHE PATH "Path to the libev include directory") set(LWS_LIBUV_LIBRARIES CACHE PATH "Path to the libuv library") -set(LWS_LIBUV_INCLUDE_DIRS CACHE PATH "Path to the libuv include directory") +set(LWS_LIBUVLWS_LIBEV_LIBRARIES_INCLUDE_DIRS CACHE PATH "Path to the libuv include directory") if (NOT LWS_WITH_SSL) set(LWS_WITHOUT_BUILTIN_SHA1 OFF) endif() -if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) +if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL AND NOT LWS_USE_POLARSSL AND NOT LWS_USE_MBEDTLS) if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "") else() set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES}) @@ -194,6 +198,32 @@ if (LWS_WITH_SSL AND LWS_USE_WOLFSSL) endif() endif() +if (LWS_WITH_SSL AND LWS_USE_POLARSSL) + if ("${LWS_POLARSSL_LIBRARIES}" STREQUAL "" OR "${LWS_POLARSSL_INCLUDE_DIRS}" STREQUAL "") + if (NOT POLARSSL_FOUND) + message(FATAL_ERROR "You must set LWS_POLARSSL_LIBRARIES and LWS_POLARSSL_INCLUDE_DIRS when LWS_USE_POLARSSL is turned on.") + endif() + else() + set(POLARSSL_LIBRARIES ${LWS_POLARSSL_LIBRARIES}) + set(POLARSSL_INCLUDE_DIRS ${LWS_POLARSSL_INCLUDE_DIRS}) + set(POLARSSL_FOUND 1) + endif() + set(USE_POLARSSL 1) +endif() + +if (LWS_WITH_SSL AND LWS_USE_MBEDTLS) + if ("${LWS_MBEDTLS_LIBRARIES}" STREQUAL "" OR "${LWS_MBEDTLS_INCLUDE_DIRS}" STREQUAL "") + if (NOT MBEDTLS_FOUND) + message(FATAL_ERROR "You must set LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS when LWS_USE_MBEDTLS is turned on.") + endif() + else() + set(MBEDTLS_LIBRARIES ${LWS_MBEDTLS_LIBRARIES}) + set(MBEDTLS_INCLUDE_DIRS ${LWS_MBEDTLS_INCLUDE_DIRS}) + set(MBEDTLS_FOUND 1) + endif() + set(USE_MBEDTLS 1) +endif() + if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB) if ("${LWS_ZLIB_LIBRARIES}" STREQUAL "" OR "${LWS_ZLIB_INCLUDE_DIRS}" STREQUAL "") else() @@ -688,7 +718,7 @@ endif() # if (LWS_WITH_SSL) message("Compiling with SSL support") - + set(chose_ssl 0) if (LWS_USE_WOLFSSL) # Use wolfSSL as OpenSSL replacement. # TODO: Add a find_package command for this also. @@ -710,7 +740,34 @@ if (LWS_WITH_SSL) endif() list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}") - else() + set(chose_ssl 1) + endif() + + if (LWS_USE_POLARSSL) + message("POLARSSL include dir: ${POLARSSL_INCLUDE_DIRS}") + message("POLARSSL libraries: ${POLARSSL_LIBRARIES}") + + foreach(inc ${POLARSSL_INCLUDE_DIRS}) + include_directories("${inc}" "${inc}/polarssl") + endforeach() + + list(APPEND LIB_LIST "${POLARSSL_LIBRARIES}") + set(chose_ssl 1) + endif() + + if (LWS_USE_MBEDTLS) + message("MBEDTLS include dir: ${MBEDTLS_INCLUDE_DIRS}") + message("MBEDTLS libraries: ${MBEDTLS_LIBRARIES}") + + foreach(inc ${MBEDTLS_INCLUDE_DIRS}) + include_directories("${inc}" "${inc}/mbedtls") + endforeach() + + list(APPEND LIB_LIST "${MBEDTLS_LIBRARIES}") + set(chose_ssl 1) + endif() + + if (NOT chose_ssl) if (NOT OPENSSL_FOUND) # TODO: Add support for STATIC also. find_package(OpenSSL REQUIRED) @@ -863,12 +920,13 @@ if (NOT LWS_WITHOUT_TESTAPPS) list(APPEND TEST_APP_LIST ${TEST_NAME}) endmacro() - if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) + if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL AND NOT LWS_USE_POLARSSL AND NOT LWS_USE_MBEDTLS) message("Searching for OpenSSL executable and dlls") find_package(OpenSSLbins) message("OpenSSL executable: ${OPENSSL_EXECUTABLE}") endif() + if (NOT LWS_WITHOUT_SERVER) # # test-server @@ -1293,6 +1351,8 @@ if (LWS_USE_WOLFSSL) message(" LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}") message(" LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}") endif() +message(" LWS_USE_POLARSSL = ${LWS_USE_POLARSSL} (PolarSSL replacement for OpenSSL)") +message(" LWS_USE_MBEDTLS = ${LWS_USE_MBEDTLS} (mbedtls (nee Polarssl) replacement for OpenSSL)") message(" LWS_WITHOUT_BUILTIN_SHA1 = ${LWS_WITHOUT_BUILTIN_SHA1}") message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}") message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}") diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 939843e2..9479fce6 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -201,17 +201,31 @@ struct sockaddr_in; #endif #ifdef LWS_OPENSSL_SUPPORT + #ifdef USE_WOLFSSL #ifdef USE_OLD_CYASSL #include +#include #else #include +#include #endif /* not USE_OLD_CYASSL */ #else +#if defined(LWS_USE_POLARSSL) +#include +#define SSL_CTX ssl_context +#define SSL ssl_session +#else +#if defined(LWS_USE_MBEDTLS) +#include +#else #include +#endif /* not USE_MBEDTLS */ +#endif /* not USE_POLARSSL */ #endif /* not USE_WOLFSSL */ #endif + #define CONTEXT_PORT_NO_LISTEN -1 enum lws_log_levels { diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index 54994b0f..498aec51 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -184,6 +184,7 @@ static inline int compatible_close(int fd) { return close(fd); } #endif #ifdef LWS_OPENSSL_SUPPORT + #ifdef USE_WOLFSSL #ifdef USE_OLD_CYASSL #include @@ -193,11 +194,30 @@ static inline int compatible_close(int fd) { return close(fd); } #include #endif /* not USE_OLD_CYASSL */ #else +#if defined(LWS_USE_POLARSSL) +#include +#include +#include +#include +#include +#else +#if defined(LWS_USE_MBEDTLS) +#include +#include +#include +#include +#include +#else #include #include #include #include #include +#ifdef LWS_HAVE_OPENSSL_ECDH_H +#include +#endif +#endif /* not USE_MBEDTLS */ +#endif /* not USE_POLARSSL */ #endif /* not USE_WOLFSSL */ #endif @@ -1160,7 +1180,9 @@ struct lws { #endif #ifdef LWS_OPENSSL_SUPPORT SSL *ssl; +#if !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS) BIO *client_bio; +#endif struct lws *pending_read_list_prev, *pending_read_list_next; #endif #ifdef LWS_WITH_HTTP_PROXY diff --git a/lib/ssl-client.c b/lib/ssl-client.c index 762398c8..4ae10a6c 100644 --- a/lib/ssl-client.c +++ b/lib/ssl-client.c @@ -20,13 +20,6 @@ */ #include "private-libwebsockets.h" -#ifndef USE_WOLFSSL - #include -#endif - -#ifdef LWS_HAVE_OPENSSL_ECDH_H -#include -#endif extern int openssl_websocket_private_data_index, openssl_SSL_CTX_private_data_index; diff --git a/lib/ssl-server.c b/lib/ssl-server.c index 3104d83d..7227f2b3 100644 --- a/lib/ssl-server.c +++ b/lib/ssl-server.c @@ -20,13 +20,6 @@ */ #include "private-libwebsockets.h" -#ifndef USE_WOLFSSL - #include -#endif - -#ifdef LWS_HAVE_OPENSSL_ECDH_H -#include -#endif extern int openssl_websocket_private_data_index, openssl_SSL_CTX_private_data_index; diff --git a/lib/ssl.c b/lib/ssl.c index b3031ddf..1bb8e0c2 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -20,13 +20,6 @@ */ #include "private-libwebsockets.h" -#ifndef USE_WOLFSSL - #include -#endif - -#ifdef LWS_HAVE_OPENSSL_ECDH_H -#include -#endif int openssl_websocket_private_data_index, openssl_SSL_CTX_private_data_index; diff --git a/lws_config.h.in b/lws_config.h.in index 341515f0..f90abeb9 100644 --- a/lws_config.h.in +++ b/lws_config.h.in @@ -14,6 +14,9 @@ (older) CyaSSL library */ #cmakedefine USE_OLD_CYASSL +#cmakedefine LWS_USE_MBEDTLS +#cmakedefine LWS_USE_POLARSSL + /* The Libwebsocket version */ #cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"