Skip to content

Commit c6416d1

Browse files
kp-thomas-yaukp-thomas-yau
authored
Merge pull request #189 from expressvpn/CVPN-1521-update-wolfssl-to-5.7.4
CVPN-1521 Update to upstream wolfssl to 5.7.4
2 parents 7a797e5 + fc1f7b9 commit c6416d1

File tree

9 files changed

+136
-112
lines changed

9 files changed

+136
-112
lines changed

wolfssl-sys/examples/connect_pq.rs

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
use wolfssl_sys as ffi;
1313

1414
use std::net::TcpStream;
15+
use std::os::raw::c_int;
1516
use std::os::unix::io::AsRawFd;
1617

1718
use std::ffi::CStr;
@@ -52,7 +53,7 @@ fn main() {
5253
context,
5354
pq_osa_ca,
5455
pq_osa_ca_size,
55-
ffi::WOLFSSL_FILETYPE_PEM,
56+
ffi::WOLFSSL_FILETYPE_PEM as c_int,
5657
);
5758

5859
// Enable SNI
@@ -65,7 +66,7 @@ fn main() {
6566
let res = ffi::wolfSSL_UseKeyShare(ssl, ffi::WOLFSSL_P521_KYBER_LEVEL5 as u16);
6667

6768
// Check that Kyber was enabled
68-
assert_eq!(res, ffi::WOLFSSL_SUCCESS);
69+
assert_eq!(res, ffi::WOLFSSL_SUCCESS as c_int);
6970

7071
// Try to open a TCP stream to OQS test site - 6007
7172
let stream = TcpStream::connect(format!("{}:{}", site, port))
@@ -78,7 +79,7 @@ fn main() {
7879
let res = ffi::wolfSSL_connect(ssl);
7980

8081
// Exit out here if we didn't complete the handshake
81-
if res != ffi::WOLFSSL_SUCCESS {
82+
if res != ffi::WOLFSSL_SUCCESS as c_int {
8283
println!(
8384
"Connection failed with error: {}",
8485
ffi::wolfSSL_get_error(ssl, res)

wolfssl-sys/src/bindings.rs

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,17 @@
77
#![allow(clippy::unnecessary_operation)]
88
#![allow(clippy::identity_op)]
99
include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
10+
11+
use std::os::raw::c_int;
12+
13+
pub const WOLFSSL_SUCCESS_c_int: c_int = WOLFSSL_SUCCESS as c_int;
14+
pub const WOLFSSL_FAILURE_c_int: c_int = WOLFSSL_FAILURE as c_int;
15+
pub const WOLFSSL_ERROR_WANT_READ_c_int: c_int = WOLFSSL_ERROR_WANT_READ as c_int;
16+
pub const WOLFSSL_ERROR_WANT_WRITE_c_int: c_int = WOLFSSL_ERROR_WANT_WRITE as c_int;
17+
pub const WOLFSSL_SHUTDOWN_NOT_DONE_c_int: c_int = WOLFSSL_SHUTDOWN_NOT_DONE as c_int;
18+
pub const WOLFSSL_ERROR_NONE_c_int: c_int = WOLFSSL_ERROR_NONE as c_int;
19+
pub const WOLFSSL_VERIFY_NONE_c_int: c_int = WOLFSSL_VERIFY_NONE as c_int;
20+
pub const WOLFSSL_VERIFY_PEER_c_int: c_int = WOLFSSL_VERIFY_PEER as c_int;
21+
pub const WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT_c_int: c_int =
22+
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT as c_int;
23+
pub const WOLFSSL_VERIFY_FAIL_EXCEPT_PSK_c_int: c_int = WOLFSSL_VERIFY_FAIL_EXCEPT_PSK as c_int;

wolfssl-sys/src/lib.rs

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,14 @@ pub use bindings::*;
66
*/
77
#[cfg(test)]
88
mod tests {
9+
use std::os::raw::c_int;
910

1011
use super::*;
1112
#[test]
1213
fn init_wolfssl() {
1314
unsafe {
1415
let res = wolfSSL_Init();
15-
assert_eq!(res, WOLFSSL_SUCCESS);
16+
assert_eq!(res, WOLFSSL_SUCCESS as c_int);
1617
}
1718
}
1819

@@ -22,7 +23,7 @@ mod tests {
2223
unsafe {
2324
// Init WolfSSL
2425
let res = wolfSSL_Init();
25-
assert_eq!(res, WOLFSSL_SUCCESS);
26+
assert_eq!(res, WOLFSSL_SUCCESS as c_int);
2627

2728
// Set up client method
2829
let method = wolfTLSv1_3_client_method();
@@ -37,7 +38,7 @@ mod tests {
3738
let res = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5.try_into().unwrap());
3839

3940
// Check that Kyber was enabled
40-
assert_eq!(res, WOLFSSL_SUCCESS);
41+
assert_eq!(res, WOLFSSL_SUCCESS as c_int);
4142
}
4243
}
4344
}

wolfssl-sys/wolfssl-src

Submodule wolfssl-src updated 1266 files

wolfssl-sys/wrapper.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,4 @@
55
#include <wolfssl/wolfcrypt/settings.h>
66
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
77
#include <wolfssl/wolfcrypt/random.h>
8+
#include <wolfssl/wolfcrypt/error-crypt.h>

wolfssl/src/context.rs

Lines changed: 40 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ use crate::{
44
ssl::{Session, SessionConfig},
55
CurveGroup, Method, NewSessionError, RootCertificate, Secret, SslVerifyMode,
66
};
7+
use std::os::raw::c_int;
78
use std::ptr::NonNull;
89
use thiserror::Error;
910

@@ -97,7 +98,7 @@ impl ContextBuilder {
9798
self.ctx.as_ptr(),
9899
buf.as_ptr(),
99100
buf.len() as std::os::raw::c_long,
100-
WOLFSSL_FILETYPE_ASN1,
101+
WOLFSSL_FILETYPE_ASN1 as c_int,
101102
)
102103
},
103104
// SAFETY: [`wolfSSL_CTX_load_verify_buffer`][0] ([also][1]) requires a valid `ctx` pointer from `wolfSSL_CTX_new()`.
@@ -111,16 +112,16 @@ impl ContextBuilder {
111112
self.ctx.as_ptr(),
112113
buf.as_ptr(),
113114
buf.len() as std::os::raw::c_long,
114-
WOLFSSL_FILETYPE_PEM,
115+
WOLFSSL_FILETYPE_PEM as c_int,
115116
)
116117
},
117118
RootCertificate::PemFileOrDirectory(path) => {
118119
let is_dir = path.is_dir();
119-
let path = path
120-
.to_str()
121-
.ok_or_else(|| Error::fatal(wolfssl_sys::WOLFSSL_BAD_PATH))?;
120+
let path = path.to_str().ok_or_else(|| {
121+
Error::fatal(wolfssl_sys::wolfSSL_ErrorCodes_WOLFSSL_BAD_PATH)
122+
})?;
122123
let path = std::ffi::CString::new(path)
123-
.map_err(|_| Error::fatal(wolfssl_sys::WOLFSSL_BAD_PATH))?;
124+
.map_err(|_| Error::fatal(wolfssl_sys::wolfSSL_ErrorCodes_WOLFSSL_BAD_PATH))?;
124125
if is_dir {
125126
// SAFETY: [`wolfSSL_CTX_load_verify_locations`][0] ([also][1]) requires a valid `ctx` pointer from `wolfSSL_CTX_new()`.
126127
// If not NULL, then the pointer passed as the path argument must be a valid NULL-terminated C-style string,
@@ -153,7 +154,7 @@ impl ContextBuilder {
153154
}
154155
};
155156

156-
if result == wolfssl_sys::WOLFSSL_SUCCESS {
157+
if result == wolfssl_sys::WOLFSSL_SUCCESS as c_int {
157158
Ok(self)
158159
} else {
159160
Err(Error::fatal(result))
@@ -165,7 +166,7 @@ impl ContextBuilder {
165166
/// [0]: https://www.wolfssl.com/documentation/manuals/wolfssl/ssl_8h.html#function-wolfssl_ctx_set_cipher_list
166167
pub fn with_cipher_list(self, cipher_list: &str) -> Result<Self> {
167168
let cipher_list = std::ffi::CString::new(cipher_list)
168-
.map_err(|_| Error::fatal(wolfssl_sys::WOLFSSL_FAILURE))?;
169+
.map_err(|_| Error::fatal(wolfssl_sys::WOLFSSL_FAILURE as c_int))?;
169170

170171
// SAFETY: [`wolfSSL_CTX_set_cipher_list`][0] ([also][1]) requires a valid `ctx` pointer from `wolfSSL_CTX_new()` and
171172
// `list` parameter which should be a null terminated C string pointer which is guaranteed by
@@ -180,7 +181,7 @@ impl ContextBuilder {
180181
)
181182
};
182183

183-
if result == wolfssl_sys::WOLFSSL_SUCCESS {
184+
if result == wolfssl_sys::WOLFSSL_SUCCESS as c_int {
184185
Ok(self)
185186
} else {
186187
Err(Error::fatal(result))
@@ -209,7 +210,7 @@ impl ContextBuilder {
209210
)
210211
};
211212

212-
if result == wolfssl_sys::WOLFSSL_SUCCESS {
213+
if result == wolfssl_sys::WOLFSSL_SUCCESS as c_int {
213214
Ok(self)
214215
} else {
215216
Err(Error::fatal(result))
@@ -238,15 +239,15 @@ impl ContextBuilder {
238239
self.ctx.as_ptr(),
239240
buf.as_ptr(),
240241
buf.len() as std::os::raw::c_long,
241-
WOLFSSL_FILETYPE_ASN1,
242+
WOLFSSL_FILETYPE_ASN1 as c_int,
242243
)
243244
},
244245
Secret::Asn1File(path) => {
245-
let path = path
246-
.to_str()
247-
.ok_or_else(|| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
246+
let path = path.to_str().ok_or_else(|| {
247+
Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR)
248+
})?;
248249
let file = std::ffi::CString::new(path)
249-
.map_err(|_| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
250+
.map_err(|_| Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR))?;
250251
// SAFETY: [`wolfSSL_CTX_use_certificate_file`][0] ([also][1]) requires a valid `ctx` pointer from `wolfSSL_CTX_new()`.
251252
// The pointer passed as the path argument must be a valid NULL-terminated C-style string,
252253
// which is guaranteed by the use of `std::ffi::CString::as_c_str()` here.
@@ -257,7 +258,7 @@ impl ContextBuilder {
257258
wolfSSL_CTX_use_certificate_file(
258259
self.ctx.as_ptr(),
259260
file.as_c_str().as_ptr(),
260-
WOLFSSL_FILETYPE_ASN1,
261+
WOLFSSL_FILETYPE_ASN1 as c_int,
261262
)
262263
}
263264
}
@@ -272,15 +273,15 @@ impl ContextBuilder {
272273
self.ctx.as_ptr(),
273274
buf.as_ptr(),
274275
buf.len() as std::os::raw::c_long,
275-
WOLFSSL_FILETYPE_PEM,
276+
WOLFSSL_FILETYPE_PEM as c_int,
276277
)
277278
},
278279
Secret::PemFile(path) => {
279-
let path = path
280-
.to_str()
281-
.ok_or_else(|| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
280+
let path = path.to_str().ok_or_else(|| {
281+
Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR)
282+
})?;
282283
let file = std::ffi::CString::new(path)
283-
.map_err(|_| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
284+
.map_err(|_| Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR))?;
284285
// SAFETY: [`wolfSSL_CTX_use_certificate_file`][0] ([also][1]) requires a valid `ctx` pointer from `wolfSSL_CTX_new()`.
285286
// The pointer passed as the path argument must be a valid NULL-terminated C-style string,
286287
// which is guaranteed by the use of `std::ffi::CString::as_c_str()` here.
@@ -291,13 +292,13 @@ impl ContextBuilder {
291292
wolfSSL_CTX_use_certificate_file(
292293
self.ctx.as_ptr(),
293294
file.as_c_str().as_ptr(),
294-
WOLFSSL_FILETYPE_PEM,
295+
WOLFSSL_FILETYPE_PEM as c_int,
295296
)
296297
}
297298
}
298299
};
299300

300-
if result == wolfssl_sys::WOLFSSL_SUCCESS {
301+
if result == wolfssl_sys::WOLFSSL_SUCCESS as c_int {
301302
Ok(self)
302303
} else {
303304
Err(Error::fatal(result))
@@ -326,15 +327,15 @@ impl ContextBuilder {
326327
self.ctx.as_ptr(),
327328
buf.as_ptr(),
328329
buf.len() as std::os::raw::c_long,
329-
WOLFSSL_FILETYPE_ASN1,
330+
WOLFSSL_FILETYPE_ASN1 as c_int,
330331
)
331332
},
332333
Secret::Asn1File(path) => {
333-
let path = path
334-
.to_str()
335-
.ok_or_else(|| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
334+
let path = path.to_str().ok_or_else(|| {
335+
Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR)
336+
})?;
336337
let file = std::ffi::CString::new(path)
337-
.map_err(|_| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
338+
.map_err(|_| Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR))?;
338339
// SAFETY: [`wolfSSL_CTX_use_PrivateKey_file`][0] ([also][1]) requires a valid `ctx` pointer from `wolfSSL_CTX_new()`.
339340
// The pointer passed as the path argument must be a valid NULL-terminated C-style string,
340341
// which is guaranteed by the use of `std::ffi::CString::as_c_str()` here.
@@ -345,7 +346,7 @@ impl ContextBuilder {
345346
wolfSSL_CTX_use_PrivateKey_file(
346347
self.ctx.as_ptr(),
347348
file.as_c_str().as_ptr(),
348-
WOLFSSL_FILETYPE_ASN1,
349+
WOLFSSL_FILETYPE_ASN1 as c_int,
349350
)
350351
}
351352
}
@@ -360,15 +361,15 @@ impl ContextBuilder {
360361
self.ctx.as_ptr(),
361362
buf.as_ptr(),
362363
buf.len() as std::os::raw::c_long,
363-
WOLFSSL_FILETYPE_PEM,
364+
WOLFSSL_FILETYPE_PEM as c_int,
364365
)
365366
},
366367
Secret::PemFile(path) => {
367-
let path = path
368-
.to_str()
369-
.ok_or_else(|| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
368+
let path = path.to_str().ok_or_else(|| {
369+
Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR)
370+
})?;
370371
let file = std::ffi::CString::new(path)
371-
.map_err(|_| Error::fatal(wolfssl_sys::BAD_PATH_ERROR))?;
372+
.map_err(|_| Error::fatal(wolfssl_sys::wolfCrypt_ErrorCodes_BAD_PATH_ERROR))?;
372373
// SAFETY: [`wolfSSL_CTX_use_PrivateKey_file`][0] ([also][1]) requires a valid `ctx` pointer from `wolfSSL_CTX_new()`.
373374
// The pointer passed as the path argument must be a valid NULL-terminated C-style string,
374375
// which is guaranteed by the use of `std::ffi::CString::as_c_str()` here.
@@ -379,13 +380,13 @@ impl ContextBuilder {
379380
wolfSSL_CTX_use_PrivateKey_file(
380381
self.ctx.as_ptr(),
381382
file.as_c_str().as_ptr(),
382-
WOLFSSL_FILETYPE_PEM,
383+
WOLFSSL_FILETYPE_PEM as c_int,
383384
)
384385
}
385386
}
386387
};
387388

388-
if result == wolfssl_sys::WOLFSSL_SUCCESS {
389+
if result == wolfssl_sys::WOLFSSL_SUCCESS as c_int {
389390
Ok(self)
390391
} else {
391392
Err(Error::fatal(result))
@@ -399,7 +400,7 @@ impl ContextBuilder {
399400
// SAFETY: [`wolfSSL_CTX_UseSecureRenegotiation`][1] does not have proper documentation.
400401
// Based on the implementation, the only requirement is the context which is passed to this api has to be a valid `WOLFSSL_CTX`
401402
let result = unsafe { wolfssl_sys::wolfSSL_CTX_UseSecureRenegotiation(self.ctx.as_ptr()) };
402-
if result == wolfssl_sys::WOLFSSL_SUCCESS {
403+
if result == wolfssl_sys::WOLFSSL_SUCCESS as c_int {
403404
Ok(self)
404405
} else {
405406
Err(Error::fatal(result))
@@ -580,7 +581,7 @@ mod tests {
580581
if ok {
581582
Ok(b)
582583
} else {
583-
Err(Error::fatal(wolfssl_sys::WOLFSSL_FAILURE))
584+
Err(Error::fatal(wolfssl_sys::WOLFSSL_FAILURE as c_int))
584585
}
585586
})
586587
.unwrap();
@@ -599,7 +600,7 @@ mod tests {
599600
if ok {
600601
Ok(b)
601602
} else {
602-
Err(Error::fatal(wolfssl_sys::WOLFSSL_FAILURE))
603+
Err(Error::fatal(wolfssl_sys::WOLFSSL_FAILURE as c_int))
603604
}
604605
})
605606
.unwrap();

wolfssl/src/error.rs

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -89,9 +89,9 @@ impl std::convert::From<c_int> for ErrorKind {
8989
!matches!(
9090
this,
9191
Self::Other {
92-
code: wolfssl_sys::WOLFSSL_ERROR_WANT_READ
93-
| wolfssl_sys::WOLFSSL_ERROR_WANT_WRITE
94-
| wolfssl_sys::WOLFSSL_SUCCESS,
92+
code: wolfssl_sys::WOLFSSL_ERROR_WANT_READ_c_int
93+
| wolfssl_sys::WOLFSSL_ERROR_WANT_WRITE_c_int
94+
| wolfssl_sys::WOLFSSL_SUCCESS_c_int,
9595
..
9696
}
9797
),

wolfssl/src/lib.rs

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,10 @@ pub use error::{Error, ErrorKind, Poll, Result};
2020
#[cfg(feature = "debug")]
2121
pub use debug::*;
2222
use wolfssl_sys::{
23-
WOLFSSL_VERIFY_FAIL_EXCEPT_PSK, WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, WOLFSSL_VERIFY_NONE,
24-
WOLFSSL_VERIFY_PEER,
23+
WOLFSSL_VERIFY_FAIL_EXCEPT_PSK_c_int as WOLFSSL_VERIFY_FAIL_EXCEPT_PSK,
24+
WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT_c_int as WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT,
25+
WOLFSSL_VERIFY_NONE_c_int as WOLFSSL_VERIFY_NONE,
26+
WOLFSSL_VERIFY_PEER_c_int as WOLFSSL_VERIFY_PEER,
2527
};
2628

2729
use std::{os::raw::c_int, ptr::NonNull};
@@ -55,7 +57,7 @@ fn wolf_init() -> Result<()> {
5557
// [0]: https://www.wolfssl.com/documentation/manuals/wolfssl/group__TLS.html#function-wolfssl_init
5658
// [1]: https://www.wolfssl.com/doxygen/group__TLS.html#ga789ef74e34df659a62f06da2ea709737
5759
match unsafe { wolfssl_sys::wolfSSL_Init() } {
58-
wolfssl_sys::WOLFSSL_SUCCESS => Ok(()),
60+
wolfssl_sys::WOLFSSL_SUCCESS_c_int => Ok(()),
5961
e => Err(Error::fatal(e)),
6062
}
6163
})
@@ -79,7 +81,7 @@ pub fn enable_debugging(on: bool) {
7981
match unsafe { wolfssl_sys::wolfSSL_Debugging_ON() } {
8082
0 => {}
8183
// This wrapper function is only enabled if we built wolfssl-sys with debugging on.
82-
wolfssl_sys::NOT_COMPILED_IN => {
84+
wolfssl_sys::wolfCrypt_ErrorCodes_NOT_COMPILED_IN => {
8385
panic!("Inconsistent build, debug not enabled in wolfssl_sys")
8486
}
8587
e => unreachable!("{e:?}"),

0 commit comments

Comments
 (0)