From 9b400b32eb3673ab525f12f41a2ff3e4e3bfcccb Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cotequeiroz@gmail.com>
Date: Fri, 28 Jun 2019 11:05:20 -0300
Subject: [PATCH] Add locking support to wolfSSL

This takes advantage of wolfSSL openssl compatibility layer, so all
that that's needed are library detection, and inclusion of specific
headers.
WolfSSL must be built with --enable-opensslextra to enable the required
API, and that's being checked at build time, with a warning if disabled.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

diff --git a/setup.py b/setup.py
index 3be0fcb..d4303b0 100644
--- a/setup.py
+++ b/setup.py
@@ -143,6 +143,7 @@ class ExtensionConfiguration(object):
         return {
             '--with-openssl': self.using_openssl,
             '--with-ssl': self.using_openssl,
+            '--with-wolfssl': self.using_wolfssl,
             '--with-gnutls': self.using_gnutls,
             '--with-nss': self.using_nss,
             '--with-mbedtls': self.using_mbedtls,
@@ -163,7 +164,7 @@ class ExtensionConfiguration(object):
 
         if 'PYCURL_SSL_LIBRARY' in os.environ:
             ssl_lib = os.environ['PYCURL_SSL_LIBRARY']
-            if ssl_lib in ['openssl', 'gnutls', 'nss', 'mbedtls']:
+            if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls']:
                 ssl_lib_detected = ssl_lib
                 getattr(self, 'using_%s' % ssl_lib)()
             else:
@@ -188,6 +189,10 @@ class ExtensionConfiguration(object):
                         self.using_openssl()
                         ssl_lib_detected = 'openssl'
                         break
+                    if arg[2:] == 'wolfssl':
+                        self.using_wolfssl()
+                        ssl_lib_detected = 'wolfssl'
+                        break
                     if arg[2:] == 'gnutls':
                         self.using_gnutls()
                         ssl_lib_detected = 'gnutls'
@@ -506,6 +511,11 @@ manually. For other SSL backends please ignore this message.''')
             self.libraries.append('ssl')
         self.define_macros.append(('HAVE_CURL_SSL', 1))
 
+    def using_wolfssl(self):
+        self.define_macros.append(('HAVE_CURL_WOLFSSL', 1))
+        self.libraries.append('wolfssl')
+        self.define_macros.append(('HAVE_CURL_SSL', 1))
+
     def using_gnutls(self):
         self.define_macros.append(('HAVE_CURL_GNUTLS', 1))
         self.libraries.append('gnutls')
@@ -572,6 +582,7 @@ def strip_pycurl_options(argv):
 PRETTY_SSL_LIBS = {
     # setup.py may be detecting BoringSSL properly, need to test
     'openssl': 'OpenSSL/LibreSSL/BoringSSL',
+    'wolfssl': 'wolfSSL',
     'gnutls': 'GnuTLS',
     'nss': 'NSS',
     'mbedtls': 'mbedTLS',
@@ -902,6 +913,7 @@ PycURL Unix options:
  --with-gnutls                       libcurl is linked against GnuTLS
  --with-nss                          libcurl is linked against NSS
  --with-mbedtls                      libcurl is linked against mbedTLS
+ --with-wolfssl                      libcurl is linked against wolfSSL
 '''
 
 windows_help = '''\
diff --git a/src/module.c b/src/module.c
index 909cdfe..23387ec 100644
--- a/src/module.c
+++ b/src/module.c
@@ -351,6 +351,8 @@ initpycurl(void)
     } else if (!strncmp(vi->ssl_version, "OpenSSL/", 8) || !strncmp(vi->ssl_version, "LibreSSL/", 9) ||
                !strncmp(vi->ssl_version, "BoringSSL", 9)) {
         runtime_ssl_lib = "openssl";
+    } else if (!strncmp(vi->ssl_version, "wolfSSL/", 8)) {
+        runtime_ssl_lib = "wolfssl";
     } else if (!strncmp(vi->ssl_version, "GnuTLS/", 7)) {
         runtime_ssl_lib = "gnutls";
     } else if (!strncmp(vi->ssl_version, "NSS/", 4)) {
diff --git a/src/pycurl.h b/src/pycurl.h
index 2294cb8..092387f 100644
--- a/src/pycurl.h
+++ b/src/pycurl.h
@@ -164,6 +164,28 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
 #   include <openssl/ssl.h>
 #   include <openssl/err.h>
 #   define COMPILE_SSL_LIB "openssl"
+# elif defined(HAVE_CURL_WOLFSSL)
+#   include <wolfssl/options.h>
+#   if defined(OPENSSL_EXTRA)
+#     define HAVE_CURL_OPENSSL
+#     define PYCURL_NEED_SSL_TSL
+#     define PYCURL_NEED_OPENSSL_TSL
+#     include <wolfssl/openssl/ssl.h>
+#     include <wolfssl/openssl/err.h>
+#   else
+#    ifdef _MSC_VER
+#     pragma message(\
+       "libcurl was compiled with wolfSSL, but the library was built without " \
+       "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \
+       "which may cause random crashes on SSL requests")
+#    else
+#     warning \
+       "libcurl was compiled with wolfSSL, but the library was built without " \
+       "--enable-opensslextra; thus no SSL crypto locking callbacks will be set, " \
+       "which may cause random crashes on SSL requests"
+#    endif
+#   endif
+#   define COMPILE_SSL_LIB "wolfssl"
 # elif defined(HAVE_CURL_GNUTLS)
 #   include <gnutls/gnutls.h>
 #   if GNUTLS_VERSION_NUMBER <= 0x020b00
@@ -195,7 +217,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
    /* since we have no crypto callbacks for other ssl backends,
     * no reason to require users match those */
 #  define COMPILE_SSL_LIB "none/other"
-# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
+# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
 #else
 # define COMPILE_SSL_LIB "none/other"
 #endif /* HAVE_CURL_SSL */