Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please consider adding fallback to WolfSSL support for TLS #35

Open
Unit193 opened this issue Nov 14, 2019 · 0 comments
Open

Please consider adding fallback to WolfSSL support for TLS #35

Unit193 opened this issue Nov 14, 2019 · 0 comments
Labels
feature request

Comments

@Unit193
Copy link

Unit193 commented Nov 14, 2019

Howdy,

Since some consider OpenSSL incompatible with the GPL, it would be handy to utilize WolfSSL's compatibility layer in hopm.

A (poor, I'm not good with autoconf/m4/make) example follows:

diff --git a/m4/ax_arg_openssl.m4 b/m4/ax_arg_openssl.m4
index 972dfd0..115bdd0 100644
--- a/m4/ax_arg_openssl.m4
+++ b/m4/ax_arg_openssl.m4
@@ -15,7 +15,8 @@ if test "$cf_enable_openssl" != "no"; then
     dnl Do the auto-probe here.  Check some common directory paths.
     for dirs in /usr/local/ssl /usr/pkg /usr/local /usr/lib /usr/lib/ssl\
                 /opt /opt/openssl /usr/local/openssl; do
-      if test -f "${dirs}/include/openssl/opensslv.h"; then
+      if test -f "${dirs}/include/openssl/opensslv.h" ||
+         test -f "${dirs}/include/wolfssl/openssl/opensslv.h"; then
         cf_openssl_basedir="${dirs}"
         break
       fi
@@ -28,6 +29,9 @@ if test "$cf_enable_openssl" != "no"; then
     if test -f "${cf_openssl_basedir}/include/openssl/opensslv.h"; then
       CPPFLAGS="-I${cf_openssl_basedir}/include $CPPFLAGS"
       LDFLAGS="-L${cf_openssl_basedir}/lib $LDFLAGS"
+    elif test -f "${cf_openssl_basedir}/include/wolfssl/openssl/opensslv.h"; then
+      CPPFLAGS="-I${cf_openssl_basedir}/include -I${cf_openssl_basedir}/include/wolfssl $CPPFLAGS"
+      LDFLAGS="-L${cf_openssl_basedir}/lib $LDFLAGS"
     else
       dnl OpenSSL wasn't found in the directory specified.  Naughty
       dnl administrator...
@@ -40,7 +44,8 @@ if test "$cf_enable_openssl" != "no"; then
     dnl We can't do this check above, because some people want two versions
     dnl of OpenSSL installed (stock FreeBSD 4.x/5.x and /usr/local/ssl)
     dnl and they want /usr/local/ssl to have preference.
-    if test -f "/usr/include/openssl/opensslv.h"; then
+    if test -f "/usr/include/openssl/opensslv.h" ||
+       test -f "/usr/include/wolfssl/openssl/opensslv.h"; then
       cf_openssl_basedir="/usr"
     fi
   fi
@@ -78,5 +83,12 @@ AS_IF([test "$cf_enable_openssl" != "no"],
     AS_IF([test "$ac_cv_lib_crypto_RSA_free" = "yes"],
       [AC_CHECK_LIB(ssl, SSL_connect)])
     ],[AC_MSG_RESULT(no - LibreSSL/OpenSSL support disabled)
+    cf_enable_openssl="no"])
+  AC_CHECK_HEADERS([wolfssl/openssl/ssl.h],
+    [AC_SEARCH_LIBS([wolfSSL_CTX_new], [wolfssl])
+    AC_DEFINE([HAVE_LIBWOLFSSL], 1, [Define to 1 if you have libwolfssl.])
+    AC_MSG_NOTICE(Using fallback WolfSSL support)
+    cf_enable_openssl="yes"
+    ],[AC_MSG_RESULT(no - LibreSSL/OpenSSL support disabled)
     cf_enable_openssl="no"])])
 ])
diff --git a/src/libopm/src/libopm.c b/src/libopm/src/libopm.c
index 89b376f..48be381 100644
--- a/src/libopm/src/libopm.c
+++ b/src/libopm/src/libopm.c
@@ -32,6 +32,10 @@
 #include <poll.h>
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/ssl.h>
+#elif HAVE_LIBWOLFSSL
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/openssl/ssl.h>
 #endif
 
 #include "config.h"
@@ -546,7 +550,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
   OPM_SCAN_T *ret;
   OPM_CONNECTION_T *conn;
   OPM_NODE_T *node, *p;
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   static int tls_init = 0;
   static SSL_CTX *ctx_client;
 
@@ -572,7 +576,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
     conn->protocol = ((OPM_PROTOCOL_CONFIG_T *)p->data)->type;
     conn->port     = ((OPM_PROTOCOL_CONFIG_T *)p->data)->port;
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
     if (conn->protocol->use_tls)
       /* SSL_new does only fail if OOM in which case HOPM exits anyway */
       conn->tls_handle = SSL_new(ctx_client);
@@ -592,7 +596,7 @@ libopm_scan_create(OPM_T *scanner, OPM_REMOTE_T *remote)
     conn->protocol = ((OPM_PROTOCOL_CONFIG_T *)p->data)->type;
     conn->port     = ((OPM_PROTOCOL_CONFIG_T *)p->data)->port;
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
     if (conn->protocol->use_tls)
       /* SSL_new does only fail if OOM in which case HOPM exits anyway */
       conn->tls_handle = SSL_new(ctx_client);
@@ -820,7 +824,7 @@ libopm_check_closed(OPM_T *scanner)
 
       if (conn->state == OPM_STATE_CLOSED)
       {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
         if (conn->protocol->use_tls)
         {
           SSL_set_shutdown(conn->tls_handle, SSL_RECEIVED_SHUTDOWN);
@@ -842,7 +846,7 @@ libopm_check_closed(OPM_T *scanner)
 
       if (((present - conn->creation) >= timeout) && conn->state != OPM_STATE_UNESTABLISHED)
       {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
         if (conn->protocol->use_tls)
         {
           SSL_set_shutdown(conn->tls_handle, SSL_RECEIVED_SHUTDOWN);
@@ -932,7 +936,7 @@ libopm_do_connect(OPM_T * scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 
   connect(conn->fd, (struct sockaddr *)addr, sizeof(*addr));
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   if (conn->protocol->use_tls)
     SSL_set_fd(conn->tls_handle, conn->fd);
 #endif
@@ -1049,7 +1053,7 @@ libopm_check_poll(OPM_T *scanner)
 static int
 libopm_do_readready_tls(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   int max_read, length;
   char readbuf[LIBOPM_TLS_RECORD_SIZE];
 
@@ -1256,7 +1260,7 @@ libopm_do_writeready(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
   OPM_PROTOCOL_T *protocol;
 
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   if (conn->protocol->use_tls)
   {
     if (!SSL_is_init_finished(conn->tls_handle))
diff --git a/src/libopm/src/proxy.c b/src/libopm/src/proxy.c
index 84baadf..d198d89 100644
--- a/src/libopm/src/proxy.c
+++ b/src/libopm/src/proxy.c
@@ -27,6 +27,10 @@
 #include <string.h>
 #ifdef HAVE_LIBCRYPTO
 #include <openssl/ssl.h>
+#elif HAVE_LIBWOLFSSL
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#include <wolfssl/openssl/ssl.h>
 #endif
 
 #include "config.h"
@@ -276,7 +280,7 @@ libopm_proxy_dreambox_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *
 int
 libopm_proxy_https_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   size_t len = snprintf(SENDBUF, SENDBUFLEN, "CONNECT %s:%d HTTP/1.0\r\n\r\n",
                         (char *)libopm_config(scanner->config, OPM_CONFIG_SCAN_IP),
                         *(int *)libopm_config(scanner->config, OPM_CONFIG_SCAN_PORT));
@@ -296,7 +300,7 @@ libopm_proxy_https_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *con
 int
 libopm_proxy_httpspost_write(OPM_T *scanner, OPM_SCAN_T *scan, OPM_CONNECTION_T *conn)
 {
-#ifdef HAVE_LIBCRYPTO
+#if defined(HAVE_LIBCRYPTO) || defined(HAVE_LIBWOLFSSL)
   size_t len;
   int scan_port;
   char *scan_ip;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Milestone
No milestone
Development

No branches or pull requests
2 participants
@miwob @Unit193