You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

190 lines
8.8 KiB

  1. From: Gert Doering <gert@greenie.muc.de>
  2. Support for wolfSSL in OpenVPN
  3. This patch adds support for wolfSSL in OpenVPN. Support is added by using
  4. wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged
  5. and instead the OpenSSL includes point to wolfSSL headers and OpenVPN is
  6. linked against the wolfSSL library. The wolfSSL installation directory is
  7. detected using pkg-config.
  8. As requested by OpenVPN maintainers, this patch does not include
  9. wolfssl/options.h on its own. By defining the macro EXTERNAL_OPTS_OPENVPN
  10. in the configure script wolfSSL will include wolfssl/options.h on its own
  11. (change added in wolfSSL/wolfssl#2825). The patch
  12. adds an option '--disable-wolfssl-options-h' in case the user would like
  13. to supply their own settings file for wolfSSL.
  14. wolfSSL:
  15. Support added in: wolfSSL/wolfssl#2503
  16. git clone https://github.com/wolfSSL/wolfssl.git
  17. cd wolfssl
  18. ./autogen.sh
  19. ./configure --enable-openvpn
  20. make
  21. sudo make install
  22. OpenVPN:
  23. autoreconf -i -v -f
  24. ./configure --with-crypto-library=wolfssl
  25. make
  26. make check
  27. sudo make install
  28. Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
  29. Acked-by: Arne Schwabe <arne@rfc2549.org>
  30. Message-Id: <20210317181153.83716-1-juliusz@wolfssl.com>
  31. URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21686.html
  32. Signed-off-by: Gert Doering <gert@greenie.muc.de>
  33. ---
  34. configure.ac | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
  35. src/openvpn/syshead.h | 3 ++-
  36. 2 files changed, 110 insertions(+), 3 deletions(-)
  37. --- a/configure.ac
  38. +++ b/configure.ac
  39. @@ -271,16 +271,23 @@ AC_ARG_WITH(
  40. AC_ARG_WITH(
  41. [crypto-library],
  42. - [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls @<:@default=openssl@:>@])],
  43. + [AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls|wolfssl @<:@default=openssl@:>@])],
  44. [
  45. case "${withval}" in
  46. - openssl|mbedtls) ;;
  47. + openssl|mbedtls|wolfssl) ;;
  48. *) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
  49. esac
  50. ],
  51. [with_crypto_library="openssl"]
  52. )
  53. +AC_ARG_ENABLE(
  54. + [wolfssl-options-h],
  55. + [AS_HELP_STRING([--disable-wolfssl-options-h], [Disable including options.h in wolfSSL @<:@default=yes@:>@])],
  56. + ,
  57. + [enable_wolfssl_options_h="yes"]
  58. +)
  59. +
  60. AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
  61. if test -n "${PLUGINDIR}"; then
  62. plugindir="${PLUGINDIR}"
  63. @@ -1026,6 +1033,105 @@ elif test "${with_crypto_library}" = "mb
  64. AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
  65. CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
  66. CRYPTO_LIBS="${MBEDTLS_LIBS}"
  67. +
  68. +elif test "${with_crypto_library}" = "wolfssl"; then
  69. + AC_ARG_VAR([WOLFSSL_CFLAGS], [C compiler flags for wolfssl. The include directory should
  70. + contain the regular wolfSSL header files but also the
  71. + wolfSSL OpenSSL header files. Ex: -I/usr/local/include
  72. + -I/usr/local/include/wolfssl])
  73. + AC_ARG_VAR([WOLFSSL_LIBS], [linker flags for wolfssl])
  74. +
  75. + saved_CFLAGS="${CFLAGS}"
  76. + saved_LIBS="${LIBS}"
  77. +
  78. + if test -z "${WOLFSSL_CFLAGS}" -a -z "${WOLFSSL_LIBS}"; then
  79. + # if the user did not explicitly specify flags, try to autodetect
  80. + PKG_CHECK_MODULES(
  81. + [WOLFSSL],
  82. + [wolfssl],
  83. + [],
  84. + [AC_MSG_ERROR([Could not find wolfSSL.])]
  85. + )
  86. + PKG_CHECK_VAR(
  87. + [WOLFSSL_INCLUDEDIR],
  88. + [wolfssl],
  89. + [includedir],
  90. + [],
  91. + [AC_MSG_ERROR([Could not find wolfSSL includedir variable.])]
  92. + )
  93. + WOLFSSL_CFLAGS="${WOLFSSL_CFLAGS} -I${WOLFSSL_INCLUDEDIR}/wolfssl"
  94. + fi
  95. + saved_CFLAGS="${CFLAGS}"
  96. + saved_LIBS="${LIBS}"
  97. + CFLAGS="${CFLAGS} ${WOLFSSL_CFLAGS}"
  98. + LIBS="${LIBS} ${WOLFSSL_LIBS}"
  99. +
  100. + AC_CHECK_LIB(
  101. + [wolfssl],
  102. + [wolfSSL_Init],
  103. + [],
  104. + [AC_MSG_ERROR([Could not link wolfSSL library.])]
  105. + )
  106. + AC_CHECK_HEADER([wolfssl/options.h],,[AC_MSG_ERROR([wolfSSL header wolfssl/options.h not found!])])
  107. +
  108. + # wolfSSL signal EKM support
  109. + have_export_keying_material="yes"
  110. +
  111. + AC_DEFINE([HAVE_HMAC_CTX_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  112. + AC_DEFINE([HAVE_HMAC_CTX_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  113. + AC_DEFINE([HAVE_HMAC_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  114. + AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  115. + AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  116. + AC_DEFINE([HAVE_EVP_MD_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  117. + AC_DEFINE([HAVE_EVP_CIPHER_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  118. + AC_DEFINE([HAVE_OPENSSL_VERSION], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  119. + AC_DEFINE([HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  120. + AC_DEFINE([HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  121. + AC_DEFINE([HAVE_SSL_CTX_SET_SECURITY_LEVEL], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  122. + AC_DEFINE([HAVE_X509_GET0_NOTBEFORE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  123. + AC_DEFINE([HAVE_X509_GET0_NOTAFTER], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  124. + AC_DEFINE([HAVE_X509_GET0_PUBKEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  125. + AC_DEFINE([HAVE_X509_STORE_GET0_OBJECTS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  126. + AC_DEFINE([HAVE_X509_OBJECT_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  127. + AC_DEFINE([HAVE_X509_OBJECT_GET_TYPE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  128. + AC_DEFINE([HAVE_EVP_PKEY_ID], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  129. + AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  130. + AC_DEFINE([HAVE_EVP_PKEY_GET0_DSA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  131. + AC_DEFINE([HAVE_EVP_PKEY_GET0_EC_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  132. + AC_DEFINE([HAVE_RSA_SET_FLAGS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  133. + AC_DEFINE([HAVE_RSA_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  134. + AC_DEFINE([HAVE_RSA_GET0_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  135. + AC_DEFINE([HAVE_RSA_SET0_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  136. + AC_DEFINE([HAVE_DSA_GET0_PQG], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  137. + AC_DEFINE([HAVE_DSA_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  138. + AC_DEFINE([HAVE_RSA_METH_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  139. + AC_DEFINE([HAVE_RSA_METH_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  140. + AC_DEFINE([HAVE_RSA_METH_SET_PUB_ENC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  141. + AC_DEFINE([HAVE_RSA_METH_SET_PUB_DEC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  142. + AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  143. + AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  144. + AC_DEFINE([HAVE_RSA_METH_SET_INIT], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  145. + AC_DEFINE([HAVE_RSA_METH_SET_SIGN], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  146. + AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  147. + AC_DEFINE([HAVE_RSA_METH_SET0_APP_DATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  148. + AC_DEFINE([HAVE_RSA_METH_GET0_APP_DATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  149. + AC_DEFINE([HAVE_EC_GROUP_ORDER_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])
  150. +
  151. + if test "${enable_wolfssl_options_h}" = "yes"; then
  152. + AC_DEFINE([EXTERNAL_OPTS_OPENVPN], [1], [Include options.h from wolfSSL library])
  153. + else
  154. + AC_DEFINE([WOLFSSL_USER_SETTINGS], [1], [Use custom user_settings.h file for wolfSSL library])
  155. + fi
  156. +
  157. + have_export_keying_material="yes"
  158. +
  159. + CFLAGS="${saved_CFLAGS}"
  160. + LIBS="${saved_LIBS}"
  161. +
  162. + AC_DEFINE([ENABLE_CRYPTO_WOLFSSL], [1], [Use wolfSSL crypto library])
  163. + AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use wolfSSL openssl compatibility layer])
  164. + CRYPTO_CFLAGS="${WOLFSSL_CFLAGS}"
  165. + CRYPTO_LIBS="${WOLFSSL_LIBS}"
  166. else
  167. AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
  168. fi
  169. --- a/src/openvpn/syshead.h
  170. +++ b/src/openvpn/syshead.h
  171. @@ -582,7 +582,8 @@ socket_defined(const socket_descriptor_t
  172. /*
  173. * Do we have CryptoAPI capability?
  174. */
  175. -#if defined(_WIN32) && defined(ENABLE_CRYPTO_OPENSSL)
  176. +#if defined(_WIN32) && defined(ENABLE_CRYPTO_OPENSSL) && \
  177. + !defined(ENABLE_CRYPTO_WOLFSSL)
  178. #define ENABLE_CRYPTOAPI
  179. #endif