Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat crypto: support wolfssl library, help wanted #523

Draft
wants to merge 2 commits into
base: develop
Choose a base branch
from
Draft

feat crypto: support wolfssl library, help wanted #523

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
80ea35b
feat crypto: support wolfssl library
theg4sh Apr 14, 2024
579bf87
using BIO_read instead of BIO_read_ex for openssl too
theg4sh May 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
/cmake-build-*/
/cmake/cmake_generated/
/docs/
/third_party/
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line was added eariler by mistake.

CMakeLists.txt.user
compile_commands.json
tags
Expand Down
8 changes: 8 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ else()
set(JEMALLOC_DEFAULT ON)
endif()
option(USERVER_FEATURE_JEMALLOC "Enable linkage with jemalloc memory allocator" ${JEMALLOC_DEFAULT})
option(USERVER_FEATURE_WOLFSSL "Enable usage of WolfSSL library instead of OpenSSL" OFF)

option(USERVER_DISABLE_PHDR_CACHE "Disable caching of dl_phdr_info items, which interferes with dlopen" OFF)

Expand Down Expand Up @@ -172,6 +173,13 @@ option(USERVER_FEATURE_MYSQL "Provide asynchronous driver for MariaDB/MySQL" "${

option(USERVER_FEATURE_UBOOST_CORO "Use vendored boost context instead of a system one" ON)

if (USERVER_FEATURE_WOLFSSL)
include(cmake/SetupWolfSSL.cmake)
add_compile_definitions("OPENSSL_EXTRA=1")
Copy link
Contributor Author

@theg4sh theg4sh Apr 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this compile definitions added directly because it is required by wolfssl headers.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

target_compile_definitions

add_compile_definitions("OPENSSL_ALL=1")
add_compile_definitions("USERVER_FEATURE_WOLFSSL=1")
endif()

if (USERVER_FEATURE_GRPC)
include(cmake/SetupProtobuf.cmake)
endif()
Expand Down
45 changes: 45 additions & 0 deletions cmake/SetupWolfSSL.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
if (TARGET wolfssl)
return()
endif()

option(
USERVER_DOWNLOAD_PACKAGE_WOLFSSL
"Download and setup WolfSSL if no WolfSSL of matching version was found"
${USERVER_DOWNLOAD_PACKAGES}
)

if (NOT USERVER_FORCE_DOWNLOAD_PACKAGES)
if (USERVER_DOWNLOAD_PACKAGE_WOLFSSL)
find_package(wolfssl QUIET)
else()
find_package(wolfssl REQUIRED)
endif()

if (wolfssl_FOUND)
return()
endif()
endif()

include(DownloadUsingCPM)

find_package(Patch REQUIRED)
message(STATUS "${wolfssl_parent_directory}")
message(STATUS "${CMAKE_CURRENT_LIST_DIR}")
CPMAddPackage(
NAME WolfSSL
VERSION 5.7.0
GITHUB_REPOSITORY wolfSSL/wolfssl
GIT_TAG v5.7.0-stable
PATCH_COMMAND
"${Patch_EXECUTABLE}" --merge -p1 < "${CMAKE_CURRENT_LIST_DIR}/patches/wolfssl-0001-build-fixes.patch"
OPTIONS
"BUILD_SHARED_LIBS OFF"
"WOLFSSL_BUILD_TESTING OFF"
"CMAKE_C_FLAGS -Wall -Wextra -O2 -DOPENSSL_ALL -DOPENSSL_EXTRA"
)

#add_library(WolfSSL INTERFACE)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

garbage? or conditional code?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had experimented with, mostly a garbage.
The PR still in draft state and I'll clear this when (and if) all job will be done.

#target_link_libraries(WolfSSL INTERFACE wolfssl)
#get_filename_component(wolfssl_parent_directory "${WolfSSL_SOURCE_DIR}" DIRECTORY)
#target_include_directories(WolfSSL INTERFACE "${wolfssl_parent_directory}/wolfssl")
#target_compile_options(WolfSSL PRIVATE "-O2")
6 changes: 5 additions & 1 deletion cmake/install/userver-universal-config.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,11 @@ find_package(Boost REQUIRED COMPONENTS
stacktrace_backtrace
)
find_package(Iconv REQUIRED)
find_package(OpenSSL REQUIRED)
if(USERVER_FEATURE_WOLFSSL)
find_package(WolfSSL REQUIRED)
else()
find_package(OpenSSL REQUIRED)
endif()
find_package(fmt "8.1.1" REQUIRED)

list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/..")
Expand Down
189 changes: 189 additions & 0 deletions cmake/patches/wolfssl-0001-build-fixes.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
diff --git a/src/bio.c b/src/bio.c
index 2dab43e..d26a03b 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -2336,7 +2336,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)

if (b->ptr != NULL) {
int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr);
- if (rc == SSL_SHUTDOWN_NOT_DONE) {
+ if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) {
/* In this case, call again to give us a chance to read the
* close notify alert from the other end. */
wolfSSL_shutdown((WOLFSSL*)b->ptr);
diff --git a/src/pk.c b/src/pk.c
index d7d32dd..c91aaa8 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -25,7 +25,7 @@

#include <wolfssl/wolfcrypt/settings.h>

- #include <wolfssl/internal.h>
+#include <wolfssl/internal.h>
#ifndef WC_NO_RNG
#include <wolfssl/wolfcrypt/random.h>
#endif
@@ -45,10 +45,12 @@
#endif
#else

-#ifndef NO_RSA
+#ifdef OPENSSL_EXTRA
#include <wolfssl/wolfcrypt/rsa.h>
#endif

+#ifndef NO_RSA
+
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \
(defined(HAVE_ECC) || (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
/* Forward declaration for wolfSSL_PEM_write_bio_DSA_PUBKEY.
@@ -57,6 +59,8 @@
static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key);
#endif

+#endif
+
/*******************************************************************************
* COMMON FUNCTIONS
******************************************************************************/
@@ -137,7 +141,9 @@ static int pem_mem_to_der(const char* pem, int pemSz, wc_pem_password_cb* cb,

return ret;
}
-#endif
+#endif /*
+ (!NO_FILESYSTEM && (OPENSSL_EXTRA || OPENSSL_ALL)) || (!NO_BIO && OPENSSL_EXTRA)
+*/

#if !defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)
#ifndef NO_BIO
@@ -217,7 +223,7 @@ static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
return ret;
}
#endif /* !NO_FILESYSTEM */
-#endif
+#endif /* !NO_RSA || !WOLFCRYPT_ONLY */

#if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) \
|| !defined(WOLFCRYPT_ONLY))
@@ -294,7 +300,7 @@ static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
-#endif
+#endif /* !NO_BIO */
#endif

#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
diff --git a/src/ssl.c b/src/ssl.c
index ea66e42..8bede43 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -27200,7 +27200,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
/* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
return wolfSSL_CTX_use_PrivateKey_buffer(ctx,
(const unsigned char*)pkey->pkey.ptr,
- pkey->pkey_sz, SSL_FILETYPE_ASN1);
+ pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1);
}

WOLFSSL_MSG("wolfSSL private key not set");
@@ -27861,7 +27861,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
return WOLFSSL_FAILURE;
}
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf,
- derSize, SSL_FILETYPE_ASN1);
+ derSize, WOLFSSL_FILETYPE_ASN1);
if (ret != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure");
XFREE(maxDerBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/src/x509.c b/src/x509.c
index eefa69c..4d5244c 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -37,6 +37,7 @@
#ifndef NO_CERTS

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+ #include <wolfssl/openssl/rsa.h>
#include <wolfssl/openssl/x509v3.h>
#endif

@@ -11549,7 +11550,7 @@ err:
#ifndef NO_FILESYSTEM
WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
- pem_password_cb* cb, void* u)
+ wc_pem_password_cb* cb, void* u)
{
WOLFSSL_BIO* fileBio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
WOLF_STACK_OF(WOLFSSL_X509_INFO)* ret = NULL;
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index a365ff6..44dc74c 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -44,6 +44,7 @@

#include <wolfssl/openssl/ecdsa.h>
#include <wolfssl/openssl/evp.h>
+#include <wolfssl/openssl/rsa.h>
#include <wolfssl/openssl/kdf.h>
#include <wolfssl/wolfcrypt/wolfmath.h>

@@ -8791,11 +8792,11 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)

if (key->type == EVP_PKEY_DSA) {
if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
- key->pkey_sz) != SSL_SUCCESS) {
+ key->pkey_sz) != WOLFSSL_SUCCESS) {
/* now try public key */
if (wolfSSL_DSA_LoadDer_ex(local,
(const unsigned char*)key->pkey.ptr, key->pkey_sz,
- WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) {
+ WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
wolfSSL_DSA_free(local);
local = NULL;
}
@@ -8986,7 +8987,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
return NULL;
}
if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr,
- key->pkey_sz) != SSL_SUCCESS) {
+ key->pkey_sz) != WOLFSSL_SUCCESS) {
wolfSSL_DH_free(local);
WOLFSSL_MSG("Error wolfSSL_DH_LoadDer");
local = NULL;
diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h
index 5355c61..9e4585b 100644
--- a/wolfssl/openssl/cms.h
+++ b/wolfssl/openssl/cms.h
@@ -22,5 +22,4 @@
#ifndef WOLFSSL_CMS_H_
#define WOLFSSL_CMS_H_

-
#endif /* WOLFSSL_CMS_H_ */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 804ec44..0e28177 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -40,6 +40,9 @@

/* For the types */
#include <wolfssl/openssl/compat_types.h>
+#ifdef OPENSSL_EXTRA
+#include <wolfssl/openssl/bn.h>
+#endif

#ifdef HAVE_WOLF_EVENT
#include <wolfssl/wolfcrypt/wolfevent.h>
@@ -4481,7 +4484,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX
#ifndef NO_FILESYSTEM
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read(
XFILE fp, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
- pem_password_cb* cb, void* u);
+ wc_pem_password_cb* cb, void* u);
#endif
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
21 changes: 18 additions & 3 deletions core/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,11 @@ find_package(Boost REQUIRED COMPONENTS
find_package_required(ZLIB "zlib1g-dev")

find_package(Iconv REQUIRED)
find_package_required(OpenSSL "libssl-dev")
if (USERVER_FEATURE_WOLFSSL)
find_package_required(WolfSSL "wolfssl-dev")
else()
find_package_required(OpenSSL "libssl-dev")
endif()

if (USERVER_CONAN)
find_package(c-ares REQUIRED)
Expand Down Expand Up @@ -108,11 +112,22 @@ target_link_libraries(${PROJECT_NAME}
Boost::iostreams
Boost::regex
Iconv::Iconv
OpenSSL::Crypto
OpenSSL::SSL
ZLIB::ZLIB
)

if (USERVER_FEATURE_WOLFSSL)
target_link_libraries(${PROJECT_NAME}
PRIVATE
wolfssl
)
else()
target_link_libraries(${PROJECT_NAME}
PRIVATE
OpenSSL::Crypto
OpenSSL::SSL
)
endif()

add_subdirectory(${USERVER_THIRD_PARTY_DIRS}/llhttp llhttp)

add_subdirectory(${USERVER_THIRD_PARTY_DIRS}/http-parser http-parser)
Expand Down
39 changes: 39 additions & 0 deletions external-deps/WolfSSL.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
common-name: WolfSSL
partials:
- name: Crypto
package-name: WolfSSL

debian-names:
- wolfssl-dev
formula-name: wolfssl
rpm-names:
- wolfssl-devel
pacman-names:
- wolfssl
pkg-config-names:
- wolfssl

libraries:
enabled: false

includes:
enabled: false
- name: SSL
package-name: WolfSSL

debian-names:
- wolfssl-dev
formula-name: wolfssl
rpm-names:
- wolfssl-devel
pacman-names:
- wolfssl
pkg-config-names:
- wolfssl

libraries:
enabled: false

includes:
enabled: false

21 changes: 18 additions & 3 deletions universal/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,11 @@ if (CMAKE_CXX_COMPILER_ID MATCHES "Clang")
endif()

find_package(Iconv REQUIRED)
find_package_required(OpenSSL "libssl-dev")
if (USERVER_FEATURE_WOLFSSL)
find_package_required(WolfSSL "wolfssl")
else()
find_package_required(OpenSSL "libssl-dev")
endif()

if (USERVER_CONAN)
find_package(cryptopp REQUIRED)
Expand Down Expand Up @@ -232,10 +236,21 @@ target_link_libraries(${PROJECT_NAME}
Boost::filesystem
Boost::program_options
Boost::regex
OpenSSL::Crypto
OpenSSL::SSL
)

if (USERVER_FEATURE_WOLFSSL)
target_link_libraries(${PROJECT_NAME}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the same code snippet is copied multiple times
it's better to declare INTERFACE target, link openssl/wolfssl targets, and define all required macros in this interface library

PRIVATE
wolfssl
)
else()
target_link_libraries(${PROJECT_NAME}
PRIVATE
OpenSSL::Crypto
OpenSSL::SSL
)
endif()

if (USERVER_CONAN)
target_link_libraries(${PROJECT_NAME}
PUBLIC
Expand Down
Loading
Loading