add WolfSSL support (#6682)

remove extraneous include

FDBLibTLS/CMakeLists.txt

@@ -10,3 +10,4 @@ set(SRCS
 
 add_library(FDBLibTLS STATIC ${SRCS})
 target_link_libraries(FDBLibTLS PUBLIC OpenSSL::SSL boost_target PRIVATE flow)
+target_include_directories(FDBLibTLS INTERFACE OpenSSL::SSL boost_target PRIVATE flow)

FDBLibTLS/FDBLibTLSPolicy.cpp

@@ -22,6 +22,9 @@
 #include "FDBLibTLS/FDBLibTLSSession.h"
 #include "flow/Trace.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>

FDBLibTLS/FDBLibTLSSession.cpp

@@ -23,6 +23,9 @@
 #include "flow/flow.h"
 #include "flow/Trace.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>

FDBLibTLS/FDBLibTLSVerify.cpp

@@ -20,6 +20,9 @@
 
 #include "FDBLibTLS/FDBLibTLSVerify.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/objects.h>
 
 #include <algorithm>

FDBLibTLS/verify-test.cpp

@@ -25,6 +25,9 @@
 #include <string.h>
 #include <boost/lexical_cast.hpp>
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/objects.h>
 
 #include "fdbrpc/ITLSPlugin.h"

cmake/FDBComponents.cmake

@@ -21,22 +21,39 @@ endif()
 include(CheckSymbolExists)
 
 set(DISABLE_TLS OFF CACHE BOOL "Don't try to find OpenSSL and always build without TLS support")
+set(USE_WOLFSSL OFF CACHE BOOL "Build against WolfSSL instead of OpenSSL")
+set(USE_OPENSSL ON CACHE BOOL "Build against OpenSSL")
 if(DISABLE_TLS)
   set(WITH_TLS OFF)
 else()
-  set(OPENSSL_USE_STATIC_LIBS TRUE)
-  if(WIN32)
-    set(OPENSSL_MSVC_STATIC_RT ON)
-  endif()
-  find_package(OpenSSL)
-  if(OPENSSL_FOUND)
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(WITH_TLS ON)
-    add_compile_options(-DHAVE_OPENSSL)
-  else()
-    message(STATUS "OpenSSL was not found - Will compile without TLS Support")
-    message(STATUS "You can set OPENSSL_ROOT_DIR to help cmake find it")
-    set(WITH_TLS OFF)
+  if(USE_WOLFSSL)
+    set(WOLFSSL_USE_STATIC_LIBS TRUE)
+    find_package(WolfSSL)
+    if(WOLFSSL_FOUND)
+      set(CMAKE_REQUIRED_INCLUDES ${WOLFSSL_INCLUDE_DIR})
+      set(WITH_TLS ON)
+      add_compile_options(-DHAVE_OPENSSL)
+      add_compile_options(-DHAVE_WOLFSSL)
+    else()
+      message(STATUS "WolfSSL was not found - Will compile without TLS Support")
+      message(STATUS "You can set WOLFSSL_ROOT_DIR to help cmake find it")
+      set(WITH_TLS OFF)
+    endif()
+  elseif(USE_OPENSSL)
+    set(OPENSSL_USE_STATIC_LIBS TRUE)
+    if(WIN32)
+      set(OPENSSL_MSVC_STATIC_RT ON)
+    endif()
+    find_package(OpenSSL)
+    if(OPENSSL_FOUND)
+      set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+      set(WITH_TLS ON)
+      add_compile_options(-DHAVE_OPENSSL)
+    else()
+      message(STATUS "OpenSSL was not found - Will compile without TLS Support")
+      message(STATUS "You can set OPENSSL_ROOT_DIR to help cmake find it")
+      set(WITH_TLS OFF)
+    endif()
   endif()
 endif()
 

cmake/FindWolfSSL.cmake

@@ -0,0 +1,63 @@
+# FindWolfSSL
+
+# Support preference of static libs by adjusting CMAKE_FIND_LIBRARY_SUFFIXES
+if(WOLFSSL_USE_STATIC_LIBS)
+  if(WIN32)
+    set(CMAKE_FIND_LIBRARY_SUFFIXES .lib .a ${CMAKE_FIND_LIBRARY_SUFFIXES})
+  else()
+    set(CMAKE_FIND_LIBRARY_SUFFIXES .a)
+  endif()
+endif()
+
+find_path(WOLFSSL_ROOT_DIR
+  NAMES
+    include/wolfssl/options.h
+)
+
+find_path(WOLFSSL_INCLUDE_DIR
+  NAMES
+    wolfssl/ssl.h
+  PATHS
+   ${WOLFSSL_ROOT_DIR}/include
+)
+
+find_library(WOLFSSL_LIBRARY
+  NAMES 
+    wolfssl
+  PATHS
+   ${WOLFSSL_ROOT_DIR}/lib
+)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(WolfSSL
+  REQUIRED_VARS
+    WOLFSSL_LIBRARY
+    WOLFSSL_INCLUDE_DIR
+  FAIL_MESSAGE
+    "Could NOT find WolfSSL"
+)
+
+mark_as_advanced(
+  WOLFSSL_ROOT_DIR
+  WOLFSSL_LIBRARY
+  WOLFSSL_INCLUDE_DIR
+)
+
+if(WOLFSSL_FOUND)
+  message(STATUS "Found wolfssl library: ${WOLFSSL_LIBRARY}")
+  message(STATUS "Found wolfssl includes: ${WOLFSSL_INCLUDE_DIR}")
+
+  set(WOLFSSL_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIR})
+  set(WOLFSSL_LIBRARIES ${WOLFSSL_LIBRARY})
+
+  add_library(WolfSSL UNKNOWN IMPORTED GLOBAL)
+  add_library(OpenSSL::SSL ALIAS WolfSSL)
+  add_library(OpenSSL::CRYPTO ALIAS WolfSSL)
+
+  target_include_directories(WolfSSL INTERFACE "${WOLFSSL_INCLUDE_DIR}")
+  target_link_libraries(WolfSSL INTERFACE "${WOLFSSL_TLS_LIBRARY}" "${WOLFSSL_SSL_LIBRARY}" "${WOLFSSL_CRYPTO_LIBRARY}")
+  set_target_properties(WolfSSL PROPERTIES
+    INTERFACE_INCLUDE_DIRECTORIES "${WOLFSSL_INCLUDE_DIR}"
+    IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+    IMPORTED_LOCATION "${WOLFSSL_LIBRARY}")
+endif()

fdbclient/S3BlobStore.actor.cpp

@@ -25,9 +25,15 @@
 #include "fdbclient/sha1/SHA1.h"
 #include <time.h>
 #include <iomanip>
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/sha.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#if defined(HAVE_WOLFSSL)
+#undef SHA1 // wolfSSL will will shadow FDB SHA1.h
+#endif
 #include <boost/algorithm/string/split.hpp>
 #include <boost/algorithm/string/classification.hpp>
 #include <boost/algorithm/string.hpp>

fdbclient/md5/md5.h

@@ -24,6 +24,9 @@
  */
 
 #if defined(HAVE_OPENSSL) && !defined(TLS_DISABLED)
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/md5.h>
 #elif !defined(_MD5_H)
 #define _MD5_H

flow/BlobCipher.h

@@ -39,6 +39,9 @@
 #include "flow/flow.h"
 #include "flow/genericactors.actor.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/aes.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>

flow/CMakeLists.txt

@@ -176,6 +176,10 @@ if(NOT WITH_TLS)
 else()
   target_link_libraries(flow PUBLIC OpenSSL::SSL)
   target_link_libraries(flow_sampling PUBLIC OpenSSL::SSL)
+  if(USE_WOLFSSL)
+    target_include_directories(flow SYSTEM BEFORE PUBLIC ${WOLFSSL_INCLUDE_DIR}/wolfssl)
+    target_include_directories(flow_sampling SYSTEM BEFORE PUBLIC ${WOLFSSL_INCLUDE_DIR}/wolfssl)
+  endif()
 endif()
 target_link_libraries(flow PUBLIC Threads::Threads ${CMAKE_DL_LIBS})
 target_link_libraries(flow_sampling PUBLIC Threads::Threads ${CMAKE_DL_LIBS})

flow/Net2.actor.cpp

@@ -29,6 +29,12 @@
 #define BOOST_DATE_TIME_NO_LIB
 #define BOOST_REGEX_NO_LIB
 #include <boost/asio.hpp>
+#ifndef TLS_DISABLED
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
+#include "boost/asio/ssl.hpp"
+#endif
 #include <boost/date_time/posix_time/posix_time_types.hpp>
 #include <boost/range.hpp>
 #include <boost/algorithm/string/join.hpp>

flow/StreamCipher.h

@@ -32,6 +32,9 @@
 #include "flow/FastRef.h"
 #include "flow/flow.h"
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/aes.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>

flow/TLSConfig.actor.cpp

@@ -38,6 +38,9 @@ void LoadedTLSConfig::print(FILE* fp) {
 #include <exception>
 #include <map>
 #include <set>
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/objects.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>

flow/TLSConfig.actor.h

@@ -39,6 +39,9 @@
 
 #ifndef TLS_DISABLED
 
+#if defined(HAVE_WOLFSSL)
+#include <wolfssl/options.h>
+#endif
 #include <openssl/x509.h>
 typedef int NID;
 
@@ -280,4 +283,4 @@ public:
 	"                 and format of CONSTRAINTS are plugin-specific.\n"
 
 #include "flow/unactorcompiler.h"
-#endif
+#endif

flow/network.h

@@ -30,9 +30,6 @@
 #include <variant>
 #include <atomic>
 #include "boost/asio.hpp"
-#ifndef TLS_DISABLED
-#include "boost/asio/ssl.hpp"
-#endif
 #include "flow/Arena.h"
 #include "flow/BooleanParam.h"
 #include "flow/IRandom.h"