Skip to content

Commit 80ea35b

Browse files
theg4shtheg4sh
committed
feat crypto: support wolfssl library
closes userver-framework#498 This PR provides minimal changes which replaces internal usage of openssl. It does not checked for other libraries used in userver. Some openssl features does not implemented by wolfssl itself. (has found some typos during investigation, see wolfSSL/wolfssl#7423). BTW, wolfssl v5.7.0-stable requires few small patches which also included into the PR. Finally, "short path" to support wolfssl is not available, because of the lib does not implements some of used functions. It also does not provide `ENGINE_*`, but have not been tried with wolfengine lib yet. PR is building with commands: ``` mkdir -p build_debug cd build_debug cmake \ -Wdev \ -DCMAKE_CXX_COMPILER=clang++-17 \ -DUSERVER_FEATURE_WOLFSSL=ON \ -DUSERVER_DOWNLOAD_PACKAGE_WOLFSSL=ON \ -DUSERVER_FEATURE_GRPC=OFF \ -DUSERVER_FEATURE_POSTGRESQL=OFF \ -DUSERVER_FEATURE_MYSQL=OFF \ -DUSERVER_FEATURE_STACKTRACE=OFF \ -DUSERVER_FEATURE_CLICKHOUSE=OFF \ -DUSERVER_USE_LD=lld \ .. ``` Patch might be re-applied with command: ```(test -d build_debug/_deps/wolfssl-src && cd build_debug/_deps/wolfssl-src && git checkout -- .)``` Final error will be attached in comments to this PR. Help needed.
1 parent 818a8c1 commit 80ea35b

17 files changed

+437
-8
lines changed

.gitignore

-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
/cmake-build-*/
1414
/cmake/cmake_generated/
1515
/docs/
16-
/third_party/
1716
CMakeLists.txt.user
1817
compile_commands.json
1918
tags

CMakeLists.txt

+8
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@ else()
9999
set(JEMALLOC_DEFAULT ON)
100100
endif()
101101
option(USERVER_FEATURE_JEMALLOC "Enable linkage with jemalloc memory allocator" ${JEMALLOC_DEFAULT})
102+
option(USERVER_FEATURE_WOLFSSL "Enable usage of WolfSSL library instead of OpenSSL" OFF)
102103

103104
option(USERVER_DISABLE_PHDR_CACHE "Disable caching of dl_phdr_info items, which interferes with dlopen" OFF)
104105

@@ -172,6 +173,13 @@ option(USERVER_FEATURE_MYSQL "Provide asynchronous driver for MariaDB/MySQL" "${
172173

173174
option(USERVER_FEATURE_UBOOST_CORO "Use vendored boost context instead of a system one" ON)
174175

176+
if (USERVER_FEATURE_WOLFSSL)
177+
include(cmake/SetupWolfSSL.cmake)
178+
add_compile_definitions("OPENSSL_EXTRA=1")
179+
add_compile_definitions("OPENSSL_ALL=1")
180+
add_compile_definitions("USERVER_FEATURE_WOLFSSL=1")
181+
endif()
182+
175183
if (USERVER_FEATURE_GRPC)
176184
include(cmake/SetupProtobuf.cmake)
177185
endif()

cmake/SetupWolfSSL.cmake

+45
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
if (TARGET wolfssl)
2+
return()
3+
endif()
4+
5+
option(
6+
USERVER_DOWNLOAD_PACKAGE_WOLFSSL
7+
"Download and setup WolfSSL if no WolfSSL of matching version was found"
8+
${USERVER_DOWNLOAD_PACKAGES}
9+
)
10+
11+
if (NOT USERVER_FORCE_DOWNLOAD_PACKAGES)
12+
if (USERVER_DOWNLOAD_PACKAGE_WOLFSSL)
13+
find_package(wolfssl QUIET)
14+
else()
15+
find_package(wolfssl REQUIRED)
16+
endif()
17+
18+
if (wolfssl_FOUND)
19+
return()
20+
endif()
21+
endif()
22+
23+
include(DownloadUsingCPM)
24+
25+
find_package(Patch REQUIRED)
26+
message(STATUS "${wolfssl_parent_directory}")
27+
message(STATUS "${CMAKE_CURRENT_LIST_DIR}")
28+
CPMAddPackage(
29+
NAME WolfSSL
30+
VERSION 5.7.0
31+
GITHUB_REPOSITORY wolfSSL/wolfssl
32+
GIT_TAG v5.7.0-stable
33+
PATCH_COMMAND
34+
"${Patch_EXECUTABLE}" --merge -p1 < "${CMAKE_CURRENT_LIST_DIR}/patches/wolfssl-0001-build-fixes.patch"
35+
OPTIONS
36+
"BUILD_SHARED_LIBS OFF"
37+
"WOLFSSL_BUILD_TESTING OFF"
38+
"CMAKE_C_FLAGS -Wall -Wextra -O2 -DOPENSSL_ALL -DOPENSSL_EXTRA"
39+
)
40+
41+
#add_library(WolfSSL INTERFACE)
42+
#target_link_libraries(WolfSSL INTERFACE wolfssl)
43+
#get_filename_component(wolfssl_parent_directory "${WolfSSL_SOURCE_DIR}" DIRECTORY)
44+
#target_include_directories(WolfSSL INTERFACE "${wolfssl_parent_directory}/wolfssl")
45+
#target_compile_options(WolfSSL PRIVATE "-O2")

cmake/install/userver-universal-config.cmake

+5-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,11 @@ find_package(Boost REQUIRED COMPONENTS
1414
stacktrace_backtrace
1515
)
1616
find_package(Iconv REQUIRED)
17-
find_package(OpenSSL REQUIRED)
17+
if(USERVER_FEATURE_WOLFSSL)
18+
find_package(WolfSSL REQUIRED)
19+
else()
20+
find_package(OpenSSL REQUIRED)
21+
endif()
1822
find_package(fmt "8.1.1" REQUIRED)
1923

2024
list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/..")

cmake/patches/wolfssl-0001-build-fixes.patch

+189
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,189 @@
1+
diff --git a/src/bio.c b/src/bio.c
2+
index 2dab43e..d26a03b 100644
3+
--- a/src/bio.c
4+
+++ b/src/bio.c
5+
@@ -2336,7 +2336,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
6+
7+
if (b->ptr != NULL) {
8+
int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr);
9+
- if (rc == SSL_SHUTDOWN_NOT_DONE) {
10+
+ if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) {
11+
/* In this case, call again to give us a chance to read the
12+
* close notify alert from the other end. */
13+
wolfSSL_shutdown((WOLFSSL*)b->ptr);
14+
diff --git a/src/pk.c b/src/pk.c
15+
index d7d32dd..c91aaa8 100644
16+
--- a/src/pk.c
17+
+++ b/src/pk.c
18+
@@ -25,7 +25,7 @@
19+
20+
#include <wolfssl/wolfcrypt/settings.h>
21+
22+
- #include <wolfssl/internal.h>
23+
+#include <wolfssl/internal.h>
24+
#ifndef WC_NO_RNG
25+
#include <wolfssl/wolfcrypt/random.h>
26+
#endif
27+
@@ -45,10 +45,12 @@
28+
#endif
29+
#else
30+
31+
-#ifndef NO_RSA
32+
+#ifdef OPENSSL_EXTRA
33+
#include <wolfssl/wolfcrypt/rsa.h>
34+
#endif
35+
36+
+#ifndef NO_RSA
37+
+
38+
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \
39+
(defined(HAVE_ECC) || (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
40+
/* Forward declaration for wolfSSL_PEM_write_bio_DSA_PUBKEY.
41+
@@ -57,6 +59,8 @@
42+
static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key);
43+
#endif
44+
45+
+#endif
46+
+
47+
/*******************************************************************************
48+
* COMMON FUNCTIONS
49+
******************************************************************************/
50+
@@ -137,7 +141,9 @@ static int pem_mem_to_der(const char* pem, int pemSz, wc_pem_password_cb* cb,
51+
52+
return ret;
53+
}
54+
-#endif
55+
+#endif /*
56+
+ (!NO_FILESYSTEM && (OPENSSL_EXTRA || OPENSSL_ALL)) || (!NO_BIO && OPENSSL_EXTRA)
57+
+*/
58+
59+
#if !defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)
60+
#ifndef NO_BIO
61+
@@ -217,7 +223,7 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
62+
return ret;
63+
}
64+
#endif /* !NO_FILESYSTEM */
65+
-#endif
66+
+#endif /* !NO_RSA || !WOLFCRYPT_ONLY */
67+
68+
#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) \
69+
|| !defined(WOLFCRYPT_ONLY))
70+
@@ -294,7 +300,7 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
71+
XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
72+
return ret;
73+
}
74+
-#endif
75+
+#endif /* !NO_BIO */
76+
#endif
77+
78+
#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
79+
diff --git a/src/ssl.c b/src/ssl.c
80+
index ea66e42..8bede43 100644
81+
--- a/src/ssl.c
82+
+++ b/src/ssl.c
83+
@@ -27200,7 +27200,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
84+
/* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
85+
return wolfSSL_CTX_use_PrivateKey_buffer(ctx,
86+
(const unsigned char*)pkey->pkey.ptr,
87+
- pkey->pkey_sz, SSL_FILETYPE_ASN1);
88+
+ pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1);
89+
}
90+
91+
WOLFSSL_MSG("wolfSSL private key not set");
92+
@@ -27861,7 +27861,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
93+
return WOLFSSL_FAILURE;
94+
}
95+
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf,
96+
- derSize, SSL_FILETYPE_ASN1);
97+
+ derSize, WOLFSSL_FILETYPE_ASN1);
98+
if (ret != WOLFSSL_SUCCESS) {
99+
WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure");
100+
XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
101+
diff --git a/src/x509.c b/src/x509.c
102+
index eefa69c..4d5244c 100644
103+
--- a/src/x509.c
104+
+++ b/src/x509.c
105+
@@ -37,6 +37,7 @@
106+
#ifndef NO_CERTS
107+
108+
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
109+
+ #include <wolfssl/openssl/rsa.h>
110+
#include <wolfssl/openssl/x509v3.h>
111+
#endif
112+
113+
@@ -11549,7 +11550,7 @@ err:
114+
#ifndef NO_FILESYSTEM
115+
WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
116+
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
117+
- pem_password_cb* cb, void* u)
118+
+ wc_pem_password_cb* cb, void* u)
119+
{
120+
WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
121+
WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL;
122+
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
123+
index a365ff6..44dc74c 100644
124+
--- a/wolfcrypt/src/evp.c
125+
+++ b/wolfcrypt/src/evp.c
126+
@@ -44,6 +44,7 @@
127+
128+
#include <wolfssl/openssl/ecdsa.h>
129+
#include <wolfssl/openssl/evp.h>
130+
+#include <wolfssl/openssl/rsa.h>
131+
#include <wolfssl/openssl/kdf.h>
132+
#include <wolfssl/wolfcrypt/wolfmath.h>
133+
134+
@@ -8791,11 +8792,11 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
135+
136+
if (key->type == EVP_PKEY_DSA) {
137+
if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
138+
- key->pkey_sz) != SSL_SUCCESS) {
139+
+ key->pkey_sz) != WOLFSSL_SUCCESS) {
140+
/* now try public key */
141+
if (wolfSSL_DSA_LoadDer_ex(local,
142+
(const unsigned char*)key->pkey.ptr, key->pkey_sz,
143+
- WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) {
144+
+ WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
145+
wolfSSL_DSA_free(local);
146+
local = NULL;
147+
}
148+
@@ -8986,7 +8987,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
149+
return NULL;
150+
}
151+
if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr,
152+
- key->pkey_sz) != SSL_SUCCESS) {
153+
+ key->pkey_sz) != WOLFSSL_SUCCESS) {
154+
wolfSSL_DH_free(local);
155+
WOLFSSL_MSG("Error wolfSSL_DH_LoadDer");
156+
local = NULL;
157+
diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h
158+
index 5355c61..9e4585b 100644
159+
--- a/wolfssl/openssl/cms.h
160+
+++ b/wolfssl/openssl/cms.h
161+
@@ -22,5 +22,4 @@
162+
#ifndef WOLFSSL_CMS_H_
163+
#define WOLFSSL_CMS_H_
164+
165+
-
166+
#endif /* WOLFSSL_CMS_H_ */
167+
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
168+
index 804ec44..0e28177 100644
169+
--- a/wolfssl/ssl.h
170+
+++ b/wolfssl/ssl.h
171+
@@ -40,6 +40,9 @@
172+
173+
/* For the types */
174+
#include <wolfssl/openssl/compat_types.h>
175+
+#ifdef OPENSSL_EXTRA
176+
+#include <wolfssl/openssl/bn.h>
177+
+#endif
178+
179+
#ifdef HAVE_WOLF_EVENT
180+
#include <wolfssl/wolfcrypt/wolfevent.h>
181+
@@ -4481,7 +4484,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
182+
#ifndef NO_FILESYSTEM
183+
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
184+
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
185+
- pem_password_cb* cb, void* u);
186+
+ wc_pem_password_cb* cb, void* u);
187+
#endif
188+
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
189+
WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,

core/CMakeLists.txt

+18-3
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,11 @@ find_package(Boost REQUIRED COMPONENTS
5858
find_package_required(ZLIB "zlib1g-dev")
5959

6060
find_package(Iconv REQUIRED)
61-
find_package_required(OpenSSL "libssl-dev")
61+
if (USERVER_FEATURE_WOLFSSL)
62+
find_package_required(WolfSSL "wolfssl-dev")
63+
else()
64+
find_package_required(OpenSSL "libssl-dev")
65+
endif()
6266

6367
if (USERVER_CONAN)
6468
find_package(c-ares REQUIRED)
@@ -108,11 +112,22 @@ target_link_libraries(${PROJECT_NAME}
108112
Boost::iostreams
109113
Boost::regex
110114
Iconv::Iconv
111-
OpenSSL::Crypto
112-
OpenSSL::SSL
113115
ZLIB::ZLIB
114116
)
115117

118+
if (USERVER_FEATURE_WOLFSSL)
119+
target_link_libraries(${PROJECT_NAME}
120+
PRIVATE
121+
wolfssl
122+
)
123+
else()
124+
target_link_libraries(${PROJECT_NAME}
125+
PRIVATE
126+
OpenSSL::Crypto
127+
OpenSSL::SSL
128+
)
129+
endif()
130+
116131
add_subdirectory(${USERVER_THIRD_PARTY_DIRS}/llhttp llhttp)
117132

118133
add_subdirectory(${USERVER_THIRD_PARTY_DIRS}/http-parser http-parser)

external-deps/WolfSSL.yaml

+39
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
common-name: WolfSSL
2+
partials:
3+
- name: Crypto
4+
package-name: WolfSSL
5+
6+
debian-names:
7+
- wolfssl-dev
8+
formula-name: wolfssl
9+
rpm-names:
10+
- wolfssl-devel
11+
pacman-names:
12+
- wolfssl
13+
pkg-config-names:
14+
- wolfssl
15+
16+
libraries:
17+
enabled: false
18+
19+
includes:
20+
enabled: false
21+
- name: SSL
22+
package-name: WolfSSL
23+
24+
debian-names:
25+
- wolfssl-dev
26+
formula-name: wolfssl
27+
rpm-names:
28+
- wolfssl-devel
29+
pacman-names:
30+
- wolfssl
31+
pkg-config-names:
32+
- wolfssl
33+
34+
libraries:
35+
enabled: false
36+
37+
includes:
38+
enabled: false
39+

universal/CMakeLists.txt

+18-3
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,11 @@ if (CMAKE_CXX_COMPILER_ID MATCHES "Clang")
5353
endif()
5454

5555
find_package(Iconv REQUIRED)
56-
find_package_required(OpenSSL "libssl-dev")
56+
if (USERVER_FEATURE_WOLFSSL)
57+
find_package_required(WolfSSL "wolfssl")
58+
else()
59+
find_package_required(OpenSSL "libssl-dev")
60+
endif()
5761

5862
if (USERVER_CONAN)
5963
find_package(cryptopp REQUIRED)
@@ -232,10 +236,21 @@ target_link_libraries(${PROJECT_NAME}
232236
Boost::filesystem
233237
Boost::program_options
234238
Boost::regex
235-
OpenSSL::Crypto
236-
OpenSSL::SSL
237239
)
238240

241+
if (USERVER_FEATURE_WOLFSSL)
242+
target_link_libraries(${PROJECT_NAME}
243+
PRIVATE
244+
wolfssl
245+
)
246+
else()
247+
target_link_libraries(${PROJECT_NAME}
248+
PRIVATE
249+
OpenSSL::Crypto
250+
OpenSSL::SSL
251+
)
252+
endif()
253+
239254
if (USERVER_CONAN)
240255
target_link_libraries(${PROJECT_NAME}
241256
PUBLIC

0 commit comments

Comments
 (0)