LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26873 Commits
1 Branch
46 MiB
Tree: 6a46eda931
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6a46eda931'
${ noResults }
openwrt-packages-dist/net/openvpn/patches/002-add-wolfssl-support.patch

190 lines
8.8 KiB
Raw Normal View History

openvpn: enable using wolfSSL cryptographic API engine Support for wolfSSL has been upstreamed to the master OpenVPN branch in f6dca235ae560597a0763f0c98fcc9130b80ccf4 so we can use wolfSSL directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN in systems based on wolfSSL library Compiled && tested on ramips/mt7620, ramips/mt7621 Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
3 years ago
 
  1. From: Gert Doering <gert@greenie.muc.de>
  2. 

  3. Support for wolfSSL in OpenVPN
  4. 

  5. This patch adds support for wolfSSL in OpenVPN. Support is added by using
  6. wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged
  7. and instead the OpenSSL includes point to wolfSSL headers and OpenVPN is
  8. linked against the wolfSSL library. The wolfSSL installation directory is
  9. detected using pkg-config.
  10. 

  11. As requested by OpenVPN maintainers, this patch does not include
  12. wolfssl/options.h on its own. By defining the macro EXTERNAL_OPTS_OPENVPN
  13. in the configure script wolfSSL will include wolfssl/options.h on its own
  14. (change added in wolfSSL/wolfssl#2825). The patch
  15. adds an option '--disable-wolfssl-options-h' in case the user would like
  16. to supply their own settings file for wolfSSL.
  17. 

  18. wolfSSL:
  19. Support added in: wolfSSL/wolfssl#2503
  20. 

  21. git clone https://github.com/wolfSSL/wolfssl.git
  22. cd wolfssl
  23. ./autogen.sh
  24. ./configure --enable-openvpn
  25. make
  26. sudo make install
  27. 

  28. OpenVPN:
  29. 

  30. autoreconf -i -v -f
  31. ./configure --with-crypto-library=wolfssl
  32. make
  33. make check
  34. sudo make install
  35. 

  36. Signed-off-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
  37. Acked-by: Arne Schwabe <arne@rfc2549.org>
  38. Message-Id: <20210317181153.83716-1-juliusz@wolfssl.com>
  39. URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21686.html
  40. Signed-off-by: Gert Doering <gert@greenie.muc.de>
  41. ---

  42.  configure.ac | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
  43.  src/openvpn/syshead.h | 3 ++-
  44.  2 files changed, 110 insertions(+), 3 deletions(-)
  45. --- a/configure.ac

  46. +++ b/configure.ac

  47. @@ -271,16 +271,23 @@ AC_ARG_WITH(

  48.  
  49.  AC_ARG_WITH(
  50.  	[crypto-library],
  51. -	[AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls @<:@default=openssl@:>@])],

  52. +	[AS_HELP_STRING([--with-crypto-library=library], [build with the given crypto library, TYPE=openssl|mbedtls|wolfssl @<:@default=openssl@:>@])],

  53.  	[
  54.  		case "${withval}" in
  55. -			openssl|mbedtls) ;;

  56. +			openssl|mbedtls|wolfssl) ;;

  57.  			*) AC_MSG_ERROR([bad value ${withval} for --with-crypto-library]) ;;
  58.  		esac
  59.  	],
  60.  	[with_crypto_library="openssl"]
  61.  )
  62.  
  63. +AC_ARG_ENABLE(

  64. +	[wolfssl-options-h],

  65. +	[AS_HELP_STRING([--disable-wolfssl-options-h], [Disable including options.h in wolfSSL @<:@default=yes@:>@])],

  66. +	,

  67. +	[enable_wolfssl_options_h="yes"]

  68. +)

  69. +

  70.  AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
  71.  if test -n "${PLUGINDIR}"; then
  72.  	plugindir="${PLUGINDIR}"
  73. @@ -1026,6 +1033,105 @@ elif test "${with_crypto_library}" = "mb

  74.  	AC_DEFINE([ENABLE_CRYPTO_MBEDTLS], [1], [Use mbed TLS library])
  75.  	CRYPTO_CFLAGS="${MBEDTLS_CFLAGS}"
  76.  	CRYPTO_LIBS="${MBEDTLS_LIBS}"
  77. +

  78. +elif test "${with_crypto_library}" = "wolfssl"; then

  79. +	AC_ARG_VAR([WOLFSSL_CFLAGS], [C compiler flags for wolfssl. The include directory should

  80. +								  contain the regular wolfSSL header files but also the

  81. +								  wolfSSL OpenSSL header files. Ex: -I/usr/local/include

  82. +								  -I/usr/local/include/wolfssl])

  83. +	AC_ARG_VAR([WOLFSSL_LIBS], [linker flags for wolfssl])

  84. +

  85. +	saved_CFLAGS="${CFLAGS}"

  86. +	saved_LIBS="${LIBS}"

  87. +

  88. +	if test -z "${WOLFSSL_CFLAGS}" -a -z "${WOLFSSL_LIBS}"; then

  89. +		# if the user did not explicitly specify flags, try to autodetect

  90. +		PKG_CHECK_MODULES(

  91. +			[WOLFSSL],

  92. +			[wolfssl],

  93. +			[],

  94. +			[AC_MSG_ERROR([Could not find wolfSSL.])]

  95. +		)

  96. +		PKG_CHECK_VAR(

  97. +			[WOLFSSL_INCLUDEDIR],

  98. +			[wolfssl],

  99. +			[includedir],

  100. +			[],

  101. +			[AC_MSG_ERROR([Could not find wolfSSL includedir variable.])]

  102. +		)

  103. +		WOLFSSL_CFLAGS="${WOLFSSL_CFLAGS} -I${WOLFSSL_INCLUDEDIR}/wolfssl"

  104. +	fi

  105. +	saved_CFLAGS="${CFLAGS}"

  106. +	saved_LIBS="${LIBS}"

  107. +	CFLAGS="${CFLAGS} ${WOLFSSL_CFLAGS}"

  108. +	LIBS="${LIBS} ${WOLFSSL_LIBS}"

  109. +

  110. +	AC_CHECK_LIB(

  111. +		[wolfssl],

  112. +		[wolfSSL_Init],

  113. +		[],

  114. +		[AC_MSG_ERROR([Could not link wolfSSL library.])]

  115. +	)

  116. +	AC_CHECK_HEADER([wolfssl/options.h],,[AC_MSG_ERROR([wolfSSL header wolfssl/options.h not found!])])

  117. +

  118. +	# wolfSSL signal EKM support

  119. +	have_export_keying_material="yes"

  120. +

  121. +	AC_DEFINE([HAVE_HMAC_CTX_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  122. +	AC_DEFINE([HAVE_HMAC_CTX_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  123. +	AC_DEFINE([HAVE_HMAC_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  124. +	AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  125. +	AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  126. +	AC_DEFINE([HAVE_EVP_MD_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  127. +	AC_DEFINE([HAVE_EVP_CIPHER_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  128. +	AC_DEFINE([HAVE_OPENSSL_VERSION], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  129. +	AC_DEFINE([HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  130. +	AC_DEFINE([HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  131. +	AC_DEFINE([HAVE_SSL_CTX_SET_SECURITY_LEVEL], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  132. +	AC_DEFINE([HAVE_X509_GET0_NOTBEFORE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  133. +	AC_DEFINE([HAVE_X509_GET0_NOTAFTER], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  134. +	AC_DEFINE([HAVE_X509_GET0_PUBKEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  135. +	AC_DEFINE([HAVE_X509_STORE_GET0_OBJECTS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  136. +	AC_DEFINE([HAVE_X509_OBJECT_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  137. +	AC_DEFINE([HAVE_X509_OBJECT_GET_TYPE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  138. +	AC_DEFINE([HAVE_EVP_PKEY_ID], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  139. +	AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  140. +	AC_DEFINE([HAVE_EVP_PKEY_GET0_DSA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  141. +	AC_DEFINE([HAVE_EVP_PKEY_GET0_EC_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  142. +	AC_DEFINE([HAVE_RSA_SET_FLAGS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  143. +	AC_DEFINE([HAVE_RSA_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  144. +	AC_DEFINE([HAVE_RSA_GET0_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  145. +	AC_DEFINE([HAVE_RSA_SET0_KEY], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  146. +	AC_DEFINE([HAVE_DSA_GET0_PQG], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  147. +	AC_DEFINE([HAVE_DSA_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  148. +	AC_DEFINE([HAVE_RSA_METH_NEW], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  149. +	AC_DEFINE([HAVE_RSA_METH_FREE], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  150. +	AC_DEFINE([HAVE_RSA_METH_SET_PUB_ENC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  151. +	AC_DEFINE([HAVE_RSA_METH_SET_PUB_DEC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  152. +	AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  153. +	AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  154. +	AC_DEFINE([HAVE_RSA_METH_SET_INIT], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  155. +	AC_DEFINE([HAVE_RSA_METH_SET_SIGN], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  156. +	AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  157. +	AC_DEFINE([HAVE_RSA_METH_SET0_APP_DATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  158. +	AC_DEFINE([HAVE_RSA_METH_GET0_APP_DATA], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  159. +	AC_DEFINE([HAVE_EC_GROUP_ORDER_BITS], [1], [Emulate AC_CHECK_FUNCS since these are defined as macros])

  160. +

  161. +	if test "${enable_wolfssl_options_h}" = "yes"; then

  162. +		AC_DEFINE([EXTERNAL_OPTS_OPENVPN], [1], [Include options.h from wolfSSL library])

  163. +	else

  164. +		AC_DEFINE([WOLFSSL_USER_SETTINGS], [1], [Use custom user_settings.h file for wolfSSL library])

  165. +	fi

  166. +

  167. +	have_export_keying_material="yes"

  168. +

  169. +	CFLAGS="${saved_CFLAGS}"

  170. +	LIBS="${saved_LIBS}"

  171. +

  172. +	AC_DEFINE([ENABLE_CRYPTO_WOLFSSL], [1], [Use wolfSSL crypto library])

  173. +	AC_DEFINE([ENABLE_CRYPTO_OPENSSL], [1], [Use wolfSSL openssl compatibility layer])

  174. +	CRYPTO_CFLAGS="${WOLFSSL_CFLAGS}"

  175. +	CRYPTO_LIBS="${WOLFSSL_LIBS}"

  176.  else
  177.  	AC_MSG_ERROR([Invalid crypto library: ${with_crypto_library}])
  178.  fi
  179. --- a/src/openvpn/syshead.h

  180. +++ b/src/openvpn/syshead.h

  181. @@ -582,7 +582,8 @@ socket_defined(const socket_descriptor_t

  182.  /*
  183.   * Do we have CryptoAPI capability?
  184.   */
  185. -#if defined(_WIN32) && defined(ENABLE_CRYPTO_OPENSSL)

  186. +#if defined(_WIN32) && defined(ENABLE_CRYPTO_OPENSSL) && \

  187. +	!defined(ENABLE_CRYPTO_WOLFSSL)

  188.  #define ENABLE_CRYPTOAPI
  189.  #endif
  190.