diff --git a/.travis.yml b/.travis.yml index b4dfdc47..f21cc0b0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ env: - secure: fiVVKcMM8Cz8WAj6PB6eD/b+Y77klXOe9jbpehf6QwjFwf6paEHoMsrZ0aFXogm2Uej47GlTdRb3UkBqonbK4ANbu0ewsWCW0RGClZz5ghaSnfwdxEhuXsrFIax7DvJCStk2V84Keb+tSVemx4opxqZAlZ/Nen28S91KSDoJeRA= matrix: - BUILD_TYPE=normal - - CYASSL="3.3.2" BUILD_TYPE=cyassl + - WOLFSSL="5.6.4" BUILD_TYPE=wolfssl cache: directories: - dependencies-src diff --git a/.travis_configure_wrapper.sh b/.travis_configure_wrapper.sh index 241dab90..b9499286 100755 --- a/.travis_configure_wrapper.sh +++ b/.travis_configure_wrapper.sh @@ -10,47 +10,47 @@ if [[ "$BUILD_TYPE" == "normal" ]]; then echo "Running Wifidog configure" ./configure $@ -elif [[ "$BUILD_TYPE" == "cyassl" ]]; then - if [[ -z "$CYASSL" ]]; then - echo "CYASSL not set." +elif [[ "$BUILD_TYPE" == "wolfssl" ]]; then + if [[ -z "$WOLFSSL" ]]; then + echo "WOLFSSL not set." exit 1 fi CUR=`pwd` mkdir -p dependencies-src || true mkdir -p dependencies-installed || true - if [[ ! -f dependencies-installed/include/cyassl/ssl.h ]]; then - echo "Cached CyaSSL install not found. Installing." + if [[ ! -f dependencies-installed/include/wolfssl/ssl.h ]]; then + echo "Cached WolfSSL install not found. Installing." cd dependencies-src # Check if travis cache is there - if [[ -f cyassl-${CYASSL}/autogen.sh ]]; then - echo "Found cached CyaSSL package" + if [[ -f wolfssl-${WOLFSSL}/autogen.sh ]]; then + echo "Found cached WolfSSL package" else - echo "No cache, downloading CyaSSL" - wget https://github.com/cyassl/cyassl/archive/v${CYASSL}.tar.gz \ - -O cyassl-${CYASSL}.tar.gz - tar -xzf cyassl-${CYASSL}.tar.gz + echo "No cache, downloading WolfSSL" + wget https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL}-stable.tar.gz \ + -O wolfssl-${WOLFSSL}.tar.gz + tar -xzf wolfssl-${WOLFSSL}.tar.gz fi - cd cyassl-${CYASSL} - echo "Content of cyassl-${CYASSL}:" + cd wolfssl-${WOLFSSL} + echo "Content of wolfssl-${WOLFSSL}:" ls - echo "Running CyaSSL autogen.sh" + echo "Running WolfSSL autogen.sh" ./autogen.sh - echo "Running CyaSSL configure" + echo "Running WolfSSL configure" ./configure --prefix="$CUR"/dependencies-installed/ --enable-ecc # make will pick up the cached object files - real savings # happen here - echo "Running CyaSSL make" + echo "Running WolfSSL make" make - echo "Running CyaSSL make install" + echo "Running WolfSSL make install" make install cd "$CUR" else - echo "Cached CyaSSL install found." + echo "Cached WolfSSL install found." fi echo "Running Wifidog configure" export CFLAGS="-I${CUR}/dependencies-installed/include/" export LDFLAGS="-L${CUR}/dependencies-installed/lib/" - ./configure --enable-cyassl $@ + ./configure --enable-wolfssl $@ else echo "Unknow BUILD_TYPE $BUILD_TYPE" exit 1 diff --git a/configure.in b/configure.in index bf5463a4..2f0bc961 100644 --- a/configure.in +++ b/configure.in @@ -85,48 +85,45 @@ AC_SUBST(enable_latex_docs) # Acutally perform the doxygen check BB_ENABLE_DOXYGEN -# Enable cyassl? -AC_DEFUN([BB_CYASSL], +# Enable wolfssl? +AC_DEFUN([BB_WOLFSSL], [ -AC_ARG_ENABLE(cyassl, [ --enable-cyassl enable TLS support for auth server communication (no)], [], [enable_cyassl=no]) -if test "x$enable_cyassl" = xyes; then - # CyaSSL has been renamed wolfSSL. Old method names are still available - # via cyassl/ssl.h, which maps old methods to new methods via macros. - # To find the proper lib to link against (cyassl or wolfssl), we do have - # the use the new naming scheme below as cyassl/ssl.h is not available for - # AC_SEARCH_LIBS - AC_CHECK_HEADERS(cyassl/ssl.h) - AC_SEARCH_LIBS([CyaTLSv1_client_method], [cyassl], [], [ - AC_SEARCH_LIBS([wolfTLSv1_client_method], [wolfssl], [], [ - AC_MSG_ERROR([unable to locate SSL lib: either wolfSSL or CyaSSL needed.]) - ]) +AC_ARG_ENABLE(wolfssl, [ --enable-wolfssl enable TLS support for auth server communication (no)], [], [enable_wolfssl=no]) +if test "x$enable_wolfssl" = xyes; then + AC_CHECK_HEADERS(wolfssl/ssl.h, [], [], + [ + #include + ]) + AC_SEARCH_LIBS([wolfTLSv1_client_method], [wolfssl], [], [ + AC_MSG_ERROR([unable to locate SSL lib: wolfSSL needed.]) ]) - AC_MSG_CHECKING([for the CyaSSL SNI enabled]) + AC_MSG_CHECKING([for the Wolfssl SNI enabled]) AC_LINK_IFELSE([AC_LANG_PROGRAM( [[ #define HAVE_SNI - #include + #include + #include ]], [[ - CYASSL_CTX *ctx; - CyaSSL_Init(); - ctx = CyaSSL_CTX_new(CyaTLSv1_client_method()); - CyaSSL_CTX_UseSNI(ctx, CYASSL_SNI_HOST_NAME, "wifidog.org", 11); + WOLFSSL_CTX *ctx; + wolfSSL_Init(); + ctx = wolfSSL_CTX_new(wolfTLSv1_client_method()); + wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "wifidog.org", 11); ]])], [enabled_sni=yes], [enabled_sni=no]) if test "x$enabled_sni" = xyes; then AC_MSG_RESULT([yes]) - AC_DEFINE([HAVE_SNI],, "Compile with CyaSSL SNI support") + AC_DEFINE([HAVE_SNI],, "Compile with wolfssl SNI support") else AC_MSG_RESULT([no]) fi - AC_DEFINE(USE_CYASSL,, "Compile with CyaSSL support") + AC_DEFINE(USE_WOLFSSL,, "Compile with wolfssl support") fi ]) -# Actually perform the cyassl check -BB_CYASSL +# Actually perform the wolfssl check +BB_WOLFSSL diff --git a/src/simple_http.c b/src/simple_http.c index f0e27eec..1b34896d 100644 --- a/src/simple_http.c +++ b/src/simple_http.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -36,17 +37,14 @@ #include "debug.h" #include "pstring.h" -#ifdef USE_CYASSL -#include +#ifdef USE_WOLFSSL +#include +#include #include "conf.h" -/* For CYASSL_MAX_ERROR_SZ */ -#include -/* For COMPRESS_E */ -#include #endif -#ifdef USE_CYASSL -static CYASSL_CTX *get_cyassl_ctx(const char *hostname); +#ifdef USE_WOLFSSL +static WOLFSSL_CTX *get_wolfssl_ctx(const char *hostname); #endif /** @@ -133,48 +131,48 @@ http_get(const int sockfd, const char *req) return NULL; } -#ifdef USE_CYASSL +#ifdef USE_WOLFSSL -static CYASSL_CTX *cyassl_ctx = NULL; -static pthread_mutex_t cyassl_ctx_mutex = PTHREAD_MUTEX_INITIALIZER; +static WOLFSSL_CTX *wolfssl_ctx = NULL; +static pthread_mutex_t wolfssl_ctx_mutex = PTHREAD_MUTEX_INITIALIZER; -#define LOCK_CYASSL_CTX() do { \ - debug(LOG_DEBUG, "Locking CyaSSL Context"); \ - pthread_mutex_lock(&cyassl_ctx_mutex); \ - debug(LOG_DEBUG, "CyaSSL Context locked"); \ +#define LOCK_WOLFSSL_CTX() do { \ + debug(LOG_DEBUG, "Locking WolfSSL Context"); \ + pthread_mutex_lock(&wolfssl_ctx_mutex); \ + debug(LOG_DEBUG, "WolfSSL Context locked"); \ } while (0) -#define UNLOCK_CYASSL_CTX() do { \ - debug(LOG_DEBUG, "Unlocking CyaSSL Context"); \ - pthread_mutex_unlock(&cyassl_ctx_mutex); \ - debug(LOG_DEBUG, "CyaSSL Context unlocked"); \ +#define UNLOCK_WOLFSSL_CTX() do { \ + debug(LOG_DEBUG, "Unlocking WolfSSL Context"); \ + pthread_mutex_unlock(&wolfssl_ctx_mutex); \ + debug(LOG_DEBUG, "WolfSSL Context unlocked"); \ } while (0) -static CYASSL_CTX * -get_cyassl_ctx(const char *hostname) +static WOLFSSL_CTX * +get_wolfssl_ctx(const char *hostname) { int err; - CYASSL_CTX *ret; + WOLFSSL_CTX *ret; s_config *config = config_get_config(); - LOCK_CYASSL_CTX(); + LOCK_WOLFSSL_CTX(); - if (NULL == cyassl_ctx) { - CyaSSL_Init(); - /* Create the CYASSL_CTX */ + if (NULL == wolfssl_ctx) { + wolfSSL_Init(); + /* Create the WOLFSSL_CTX */ /* Allow TLSv1.0 up to TLSv1.2 */ - if ((cyassl_ctx = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL) { - debug(LOG_ERR, "Could not create CYASSL context."); - UNLOCK_CYASSL_CTX(); + if ((wolfssl_ctx = wolfSSL_CTX_new(wolfTLSv1_client_method())) == NULL) { + debug(LOG_ERR, "Could not create WOLFSSL context."); + UNLOCK_WOLFSSL_CTX(); return NULL; } if (config->ssl_cipher_list) { debug(LOG_INFO, "Setting SSL cipher list to [%s]", config->ssl_cipher_list); - err = CyaSSL_CTX_set_cipher_list(cyassl_ctx, config->ssl_cipher_list); + err = wolfSSL_CTX_set_cipher_list(wolfssl_ctx, config->ssl_cipher_list); if (SSL_SUCCESS != err) { debug(LOG_ERR, "Could not load SSL cipher list (error %d)", err); - UNLOCK_CYASSL_CTX(); + UNLOCK_WOLFSSL_CTX(); return NULL; } } @@ -183,12 +181,12 @@ get_cyassl_ctx(const char *hostname) if (config->ssl_use_sni) { debug(LOG_INFO, "Setting SSL using SNI for hostname %s", hostname); - err = CyaSSL_CTX_UseSNI(cyassl_ctx, CYASSL_SNI_HOST_NAME, hostname, + err = wolfSSL_CTX_UseSNI(wolfssl_ctx, WOLFSSL_SNI_HOST_NAME, hostname, strlen(hostname)); if (SSL_SUCCESS != err) { debug(LOG_ERR, "Could not setup SSL using SNI for hostname %s", hostname); - UNLOCK_CYASSL_CTX(); + UNLOCK_WOLFSSL_CTX(); return NULL; } } @@ -196,28 +194,28 @@ get_cyassl_ctx(const char *hostname) if (config->ssl_verify) { /* Use trusted certs */ - /* Note: CyaSSL requires that the certificates are named by their hash values */ + /* Note: WolfSSL requires that the certificates are named by their hash values */ debug(LOG_INFO, "Loading SSL certificates from %s", config->ssl_certs); - err = CyaSSL_CTX_load_verify_locations(cyassl_ctx, NULL, config->ssl_certs); + err = wolfSSL_CTX_load_verify_locations(wolfssl_ctx, NULL, config->ssl_certs); if (err != SSL_SUCCESS) { debug(LOG_ERR, "Could not load SSL certificates (error %d)", err); if (err == ASN_UNKNOWN_OID_E) { - debug(LOG_ERR, "Error is ASN_UNKNOWN_OID_E - try compiling cyassl/wolfssl with --enable-ecc"); + debug(LOG_ERR, "Error is ASN_UNKNOWN_OID_E - try compiling wolfssl/wolfssl with --enable-ecc"); } else { debug(LOG_ERR, "Make sure that SSLCertPath points to the correct path in the config file"); debug(LOG_ERR, "Or disable certificate loading with 'SSLPeerVerification No'."); } - UNLOCK_CYASSL_CTX(); + UNLOCK_WOLFSSL_CTX(); return NULL; } } else { - CyaSSL_CTX_set_verify(cyassl_ctx, SSL_VERIFY_NONE, 0); + wolfSSL_CTX_set_verify(wolfssl_ctx, SSL_VERIFY_NONE, 0); debug(LOG_INFO, "Disabling SSL certificate verification!"); } } - ret = cyassl_ctx; - UNLOCK_CYASSL_CTX(); + ret = wolfssl_ctx; + UNLOCK_WOLFSSL_CTX(); return ret; } @@ -237,20 +235,20 @@ https_get(const int sockfd, const char *req, const char *hostname) fd_set readfds; struct timeval timeout; unsigned long sslerr; - char sslerrmsg[CYASSL_MAX_ERROR_SZ]; + char sslerrmsg[WOLFSSL_MAX_ERROR_SZ]; size_t reqlen = strlen(req); char readbuf[MAX_BUF]; char *retval; pstr_t *response = pstr_new(); - CYASSL *ssl = NULL; - CYASSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + WOLFSSL_CTX *ctx = NULL; s_config *config; config = config_get_config(); - ctx = get_cyassl_ctx(hostname); + ctx = get_wolfssl_ctx(hostname); if (NULL == ctx) { - debug(LOG_ERR, "Could not get CyaSSL Context!"); + debug(LOG_ERR, "Could not get WolfSSL Context!"); goto error; } @@ -260,28 +258,28 @@ https_get(const int sockfd, const char *req, const char *hostname) goto error; } - /* Create CYASSL object */ - if ((ssl = CyaSSL_new(ctx)) == NULL) { - debug(LOG_ERR, "Could not create CyaSSL context."); + /* Create WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + debug(LOG_ERR, "Could not create WolfSSL context."); goto error; } if (config->ssl_verify) { // Turn on domain name check // Loading of CA certificates and verification of remote host name // go hand in hand - one is useless without the other. - CyaSSL_check_domain_name(ssl, hostname); + wolfSSL_check_domain_name(ssl, hostname); } - CyaSSL_set_fd(ssl, sockfd); + wolfSSL_set_fd(ssl, sockfd); debug(LOG_DEBUG, "Sending HTTPS request to auth server: [%s]\n", req); - numbytes = CyaSSL_send(ssl, req, (int)reqlen, 0); + numbytes = wolfSSL_send(ssl, req, (int)reqlen, 0); if (numbytes <= 0) { - sslerr = (unsigned long)CyaSSL_get_error(ssl, numbytes); - CyaSSL_ERR_error_string(sslerr, sslerrmsg); - debug(LOG_ERR, "CyaSSL_send failed: %s", sslerrmsg); + sslerr = (unsigned long)wolfSSL_get_error(ssl, numbytes); + wolfSSL_ERR_error_string(sslerr, sslerrmsg); + debug(LOG_ERR, "WolfSSL_send failed: %s", sslerrmsg); goto error; } else if ((size_t) numbytes != reqlen) { - debug(LOG_ERR, "CyaSSL_send failed: only %d bytes out of %d bytes sent!", numbytes, reqlen); + debug(LOG_ERR, "WolfSSL_send failed: only %d bytes out of %d bytes sent!", numbytes, reqlen); goto error; } @@ -300,14 +298,14 @@ https_get(const int sockfd, const char *req, const char *hostname) /** We don't have to use FD_ISSET() because there * was only one fd. */ memset(readbuf, 0, MAX_BUF); - numbytes = CyaSSL_read(ssl, readbuf, MAX_BUF - 1); + numbytes = wolfSSL_read(ssl, readbuf, MAX_BUF - 1); if (numbytes < 0) { - sslerr = (unsigned long)CyaSSL_get_error(ssl, numbytes); - CyaSSL_ERR_error_string(sslerr, sslerrmsg); + sslerr = (unsigned long)wolfSSL_get_error(ssl, numbytes); + wolfSSL_ERR_error_string(sslerr, sslerrmsg); debug(LOG_ERR, "An error occurred while reading from server: %s", sslerrmsg); goto error; } else if (numbytes == 0) { - /* CyaSSL_read returns 0 on a clean shutdown or if the peer closed the + /* WolfSSL_read returns 0 on a clean shutdown or if the peer closed the connection. We can't distinguish between these cases right now. */ done = 1; } else { @@ -326,7 +324,7 @@ https_get(const int sockfd, const char *req, const char *hostname) close(sockfd); - CyaSSL_free(ssl); + wolfSSL_free(ssl); retval = pstr_to_string(response); debug(LOG_DEBUG, "HTTPS Response from Server: [%s]", retval); @@ -334,7 +332,7 @@ https_get(const int sockfd, const char *req, const char *hostname) error: if (ssl) { - CyaSSL_free(ssl); + wolfSSL_free(ssl); } if (sockfd >= 0) { close(sockfd); @@ -344,4 +342,4 @@ https_get(const int sockfd, const char *req, const char *hostname) return NULL; } -#endif /* USE_CYASSL */ +#endif /* USE_WOLFSSL */