mbedtls and polarssl first part

polarssl is the old name for mbedtls.  Unfortunately the two are confused in eg,
Fedora.  For our purposes, polarssl or mbedtls < 2.0 has includes in
/usr/include/polarssl and polarssl_ apis and we call that "polarssl".

polarssl or mbedtls >=2.0 has includes in /usr/include/mbedtls and mbedtls_ apis,
we call that "mbedtls".

This has to be spelled out clearly because eg Fedora has a package "mbedtls" which
is 1.3.x and has the polarssl_ apis and include path.  We will deal with that as
"polarssl" despite the package name then.

This patch lets you use LWS_USE_POLARSSL or LWS_USE_MBEDTLS and set the include and
library path like this

cmake .. -DLWS_USE_POLARSSL=1 -DLWS_POLARSSL_INCLUDE_DIRS=/usr/include -DLWS_POLARSSL_LIBRARIES=/usr/lib64/libmbedtls.so.9

This patch adds the cmake support and adapts [private-]libwebsockets.h but doesn't
modify the apis in ssl[-*].c yet.

Signed-off-by: Andy Green <andy@warmcat.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index c8cf300..e93d14d 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -63,6 +63,8 @@ option(LWS_WITH_SHARED "Build the shared version of the library" ON)
 option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON)
 option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When setting this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF)
 option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When setting this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF)
+option(LWS_USE_POLARSSL "Use Polarssl (or mbedtls < 2.0) replacement for OpenSSL. When setting this, you also need to specify LWS_POLARSSL_LIBRARIES and LWS_POLARSSL_INCLUDE_DIRS" OFF)
+option(LWS_USE_MBEDTLS "Use mbedTLS (>=2.0) replacement for OpenSSL. When setting this, you also need to specify LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS" OFF)
 option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON)
 option(LWS_WITH_LIBEV "Compile with support for libev" OFF)
 option(LWS_WITH_LIBUV "Compile with support for libuv" OFF)
@@ -156,16 +158,18 @@ set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library")
 set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory")
 set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library")
 set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory")
-set(LWS_LIBEV_LIBRARIES CACHE PATH "Path to the libev library")
+set(LWS_POLARSSL_LIBRARIES CACHE PATH "Path to the PolarSSL library")
+set(LWS_POLARSSL_INCLUDE_DIRS CACHE PATH "Path to the PolarSSL include directory")
+set( CACHE PATH "Path to the libev library")
 set(LWS_LIBEV_INCLUDE_DIRS CACHE PATH "Path to the libev include directory")
 set(LWS_LIBUV_LIBRARIES CACHE PATH "Path to the libuv library")
-set(LWS_LIBUV_INCLUDE_DIRS CACHE PATH "Path to the libuv include directory")
+set(LWS_LIBUVLWS_LIBEV_LIBRARIES_INCLUDE_DIRS CACHE PATH "Path to the libuv include directory")
 
 if (NOT LWS_WITH_SSL)
        set(LWS_WITHOUT_BUILTIN_SHA1 OFF)
 endif()
 
-if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
+if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL AND NOT LWS_USE_POLARSSL AND NOT LWS_USE_MBEDTLS)
        if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "")
        else()
                set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES})
@@ -194,6 +198,32 @@ if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
        endif()
 endif()
 
+if (LWS_WITH_SSL AND LWS_USE_POLARSSL)
+       if ("${LWS_POLARSSL_LIBRARIES}" STREQUAL "" OR "${LWS_POLARSSL_INCLUDE_DIRS}" STREQUAL "")
+               if (NOT POLARSSL_FOUND)
+                       message(FATAL_ERROR "You must set LWS_POLARSSL_LIBRARIES and LWS_POLARSSL_INCLUDE_DIRS when LWS_USE_POLARSSL is turned on.")
+               endif()
+       else()
+               set(POLARSSL_LIBRARIES ${LWS_POLARSSL_LIBRARIES})
+               set(POLARSSL_INCLUDE_DIRS ${LWS_POLARSSL_INCLUDE_DIRS})
+               set(POLARSSL_FOUND 1)
+       endif()
+       set(USE_POLARSSL 1)
+endif()
+
+if (LWS_WITH_SSL AND LWS_USE_MBEDTLS)
+       if ("${LWS_MBEDTLS_LIBRARIES}" STREQUAL "" OR "${LWS_MBEDTLS_INCLUDE_DIRS}" STREQUAL "")
+               if (NOT MBEDTLS_FOUND)
+                       message(FATAL_ERROR "You must set LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS when LWS_USE_MBEDTLS is turned on.")
+               endif()
+       else()
+               set(MBEDTLS_LIBRARIES ${LWS_MBEDTLS_LIBRARIES})
+               set(MBEDTLS_INCLUDE_DIRS ${LWS_MBEDTLS_INCLUDE_DIRS})
+               set(MBEDTLS_FOUND 1)
+       endif()
+       set(USE_MBEDTLS 1)
+endif()
+
 if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
        if ("${LWS_ZLIB_LIBRARIES}" STREQUAL "" OR "${LWS_ZLIB_INCLUDE_DIRS}" STREQUAL "")
        else()
@@ -688,7 +718,7 @@ endif()
 #
 if (LWS_WITH_SSL)
        message("Compiling with SSL support")
-
+       set(chose_ssl 0)
        if (LWS_USE_WOLFSSL)
                # Use wolfSSL as OpenSSL replacement.
                # TODO: Add a find_package command for this also.
@@ -710,7 +740,34 @@ if (LWS_WITH_SSL)
                endif()
 
                list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}")
-       else()
+               set(chose_ssl 1)
+       endif()
+
+       if (LWS_USE_POLARSSL)
+               message("POLARSSL include dir: ${POLARSSL_INCLUDE_DIRS}")
+               message("POLARSSL libraries: ${POLARSSL_LIBRARIES}")
+
+               foreach(inc ${POLARSSL_INCLUDE_DIRS})
+                       include_directories("${inc}" "${inc}/polarssl")
+               endforeach()
+
+               list(APPEND LIB_LIST "${POLARSSL_LIBRARIES}")
+               set(chose_ssl 1)
+       endif()
+       
+       if (LWS_USE_MBEDTLS)
+               message("MBEDTLS include dir: ${MBEDTLS_INCLUDE_DIRS}")
+               message("MBEDTLS libraries: ${MBEDTLS_LIBRARIES}")
+
+               foreach(inc ${MBEDTLS_INCLUDE_DIRS})
+                       include_directories("${inc}" "${inc}/mbedtls")
+               endforeach()
+
+               list(APPEND LIB_LIST "${MBEDTLS_LIBRARIES}")
+               set(chose_ssl 1)
+       endif()
+
+       if (NOT chose_ssl)
                if (NOT OPENSSL_FOUND)
                        # TODO: Add support for STATIC also.
                        find_package(OpenSSL REQUIRED)
@@ -863,12 +920,13 @@ if (NOT LWS_WITHOUT_TESTAPPS)
                list(APPEND TEST_APP_LIST ${TEST_NAME})
        endmacro()
 
-       if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
+       if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL AND NOT LWS_USE_POLARSSL AND NOT LWS_USE_MBEDTLS)
                message("Searching for OpenSSL executable and dlls")
                find_package(OpenSSLbins)
                message("OpenSSL executable: ${OPENSSL_EXECUTABLE}")
        endif()
 
+
        if (NOT LWS_WITHOUT_SERVER)
                #
                # test-server
@@ -1293,6 +1351,8 @@ if (LWS_USE_WOLFSSL)
        message("   LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}")
        message("   LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}")
 endif()
+message(" LWS_USE_POLARSSL = ${LWS_USE_POLARSSL} (PolarSSL replacement for OpenSSL)")
+message(" LWS_USE_MBEDTLS = ${LWS_USE_MBEDTLS} (mbedtls (nee Polarssl) replacement for OpenSSL)")
 message(" LWS_WITHOUT_BUILTIN_SHA1 = ${LWS_WITHOUT_BUILTIN_SHA1}")
 message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}")
 message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}")

diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 939843e..9479fce 100644 (file)
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -201,17 +201,31 @@ struct sockaddr_in;
 #endif
 
 #ifdef LWS_OPENSSL_SUPPORT
+
 #ifdef USE_WOLFSSL
 #ifdef USE_OLD_CYASSL
 #include <cyassl/openssl/ssl.h>
+#include <cyassl/error-ssl.h>
 #else
 #include <wolfssl/openssl/ssl.h>
+#include <wolfssl/error-ssl.h>
 #endif /* not USE_OLD_CYASSL */
 #else
+#if defined(LWS_USE_POLARSSL)
+#include <polarssl/ssl.h>
+#define SSL_CTX ssl_context
+#define SSL ssl_session
+#else
+#if defined(LWS_USE_MBEDTLS)
+#include <mbedtls/ssl.h>
+#else
 #include <openssl/ssl.h>
+#endif /* not USE_MBEDTLS */
+#endif /* not USE_POLARSSL */
 #endif /* not USE_WOLFSSL */
 #endif
 
+
 #define CONTEXT_PORT_NO_LISTEN -1
 
 enum lws_log_levels {

diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 54994b0..498aec5 100644 (file)
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -184,6 +184,7 @@ static inline int compatible_close(int fd) { return close(fd); }
 #endif
 
 #ifdef LWS_OPENSSL_SUPPORT
+
 #ifdef USE_WOLFSSL
 #ifdef USE_OLD_CYASSL
 #include <cyassl/openssl/ssl.h>
@@ -193,11 +194,30 @@ static inline int compatible_close(int fd) { return close(fd); }
 #include <wolfssl/error-ssl.h>
 #endif /* not USE_OLD_CYASSL */
 #else
+#if defined(LWS_USE_POLARSSL)
+#include <polarssl/ssl.h>
+#include <polarssl/error.h>
+#include <polarssl/md5.h>
+#include <polarssl/sha1.h>
+#include <polarssl/ecdh.h>
+#else
+#if defined(LWS_USE_MBEDTLS)
+#include <mbedtls/ssl.h>
+#include <mbedtls/error.h>
+#include <mbedtls/md5.h>
+#include <mbedtls/sha1.h>
+#include <mbedtls/ecdh.h>
+#else
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
+#ifdef LWS_HAVE_OPENSSL_ECDH_H
+#include <openssl/ecdh.h>
+#endif
+#endif /* not USE_MBEDTLS */
+#endif /* not USE_POLARSSL */
 #endif /* not USE_WOLFSSL */
 #endif
 
@@ -1160,7 +1180,9 @@ struct lws {
 #endif
 #ifdef LWS_OPENSSL_SUPPORT
        SSL *ssl;
+#if !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS)
        BIO *client_bio;
+#endif
        struct lws *pending_read_list_prev, *pending_read_list_next;
 #endif
 #ifdef LWS_WITH_HTTP_PROXY

diff --git a/lib/ssl-client.c b/lib/ssl-client.c
index 762398c..4ae10a6 100644 (file)
--- a/lib/ssl-client.c
+++ b/lib/ssl-client.c
@@ -20,13 +20,6 @@
  */
 
 #include "private-libwebsockets.h"
-#ifndef USE_WOLFSSL
- #include <openssl/err.h>
-#endif
-
-#ifdef LWS_HAVE_OPENSSL_ECDH_H
-#include <openssl/ecdh.h>
-#endif
 
 extern int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;

diff --git a/lib/ssl-server.c b/lib/ssl-server.c
index 3104d83..7227f2b 100644 (file)
--- a/lib/ssl-server.c
+++ b/lib/ssl-server.c
@@ -20,13 +20,6 @@
  */
 
 #include "private-libwebsockets.h"
-#ifndef USE_WOLFSSL
- #include <openssl/err.h>
-#endif
-
-#ifdef LWS_HAVE_OPENSSL_ECDH_H
-#include <openssl/ecdh.h>
-#endif
 
 extern int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;

diff --git a/lib/ssl.c b/lib/ssl.c
index b3031dd..1bb8e0c 100644 (file)
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -20,13 +20,6 @@
  */
 
 #include "private-libwebsockets.h"
-#ifndef USE_WOLFSSL
- #include <openssl/err.h>
-#endif
-
-#ifdef LWS_HAVE_OPENSSL_ECDH_H
-#include <openssl/ecdh.h>
-#endif
 
 int openssl_websocket_private_data_index,
     openssl_SSL_CTX_private_data_index;

diff --git a/lws_config.h.in b/lws_config.h.in
index 341515f..f90abeb 100644 (file)
--- a/lws_config.h.in
+++ b/lws_config.h.in
@@ -14,6 +14,9 @@
   (older) CyaSSL library */
 #cmakedefine USE_OLD_CYASSL
 
+#cmakedefine LWS_USE_MBEDTLS
+#cmakedefine LWS_USE_POLARSSL
+
 /* The Libwebsocket version */
 #cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"