diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2cb3694..9278ebd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: fail-fast: false matrix: crate: [ libcoap-sys, libcoap-rs ] - dtls_backend: [ openssl, gnutls, tinydtls, mbedtls ] + dtls_backend: [ openssl, gnutls, tinydtls, mbedtls, wolfssl ] rust_version: [ msrv, stable, nightly ] env: LLVM_PROFILE_FILE: "${{ github.workspace }}/coverage-data/coverage/libcoap-rs-%p-%m.profraw" @@ -40,10 +40,12 @@ jobs: || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'mbedtls' && 'tcp,dtls-psk,dtls-pki,dtls-mbedtls-sys') || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'openssl' && 'tcp,dtls-psk,dtls-pki,dtls-openssl-sys-vendored') || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'gnutls' && 'tcp,dtls-psk,dtls-pki,dtls-rpk') + || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'wolfssl' && 'tcp,dtls-psk,dtls-pki,dtls-wolfssl-sys') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'tinydtls' && 'dtls,dtls-tinydtls-sys-vendored') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'mbedtls' && 'dtls,dtls-mbedtls-sys') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'openssl' && 'dtls,dtls-openssl-sys-vendored') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'gnutls' && 'dtls') + || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'wolfssl' && 'dtls,dtls-wolfssl-sys') || 'vendored' }} steps: diff --git a/libcoap-sys/Cargo.toml b/libcoap-sys/Cargo.toml index e7b16e7..200c5a2 100644 --- a/libcoap-sys/Cargo.toml +++ b/libcoap-sys/Cargo.toml @@ -60,9 +60,13 @@ dtls-openssl-sys-vendored = ["dtls-openssl-sys", "openssl-sys/vendored"] dtls-mbedtls-sys = ["dep:mbedtls-sys-auto"] # Allows using the version of TinyDTLS provided by tinydtls-sys instead of a system-provided one. # Note that this does not enforce the use of TinyDTLS in libcoap, see the crate-level documentation for more info. -dtls-tinydtls-sys = ["dep:tinydtls-sys", "tinydtls-sys/ecc", "tinydtls-sys/psk"] +dtls-tinydtls-sys = ["dep:tinydtls-sys"] # Tell the tinydtls-sys version that is possibly used by libcoap-sys to use the vendored version of its library. dtls-tinydtls-sys-vendored = ["dtls-tinydtls-sys", "tinydtls-sys/vendored"] +# Allows using the version of WolfSSL provided by wolfssl-sys instead of a system-provided one. +# Note that this does not enforce the use of WolfSSL in libcoap, see the crate-level documentation for more info. +dtls-wolfssl-sys = ["dep:wolfssl-sys"] + # Enabling this feature will allow libcoap-sys to be built with and statically linked to a vendored version of libcoap, # This way, it is no longer required to have libcoap installed to use this crate. @@ -143,7 +147,9 @@ dtls-rpk = ["dtls"] [dependencies] openssl-sys = { version = "^0.9.74", optional = true } mbedtls-sys-auto = { version = "^2.26", optional = true } -tinydtls-sys = { version = "^0.2.0", default-features = false, optional = true } +#wolfssl-sys = { version = "2.0.0", git = "https://github.com/namib-project/wolfssl-rs.git", branch = "add_sys_cargo_metadata", optional = true, features = ["aesccm", "psk", "opensslall", "ex_data", "alpn", "dh"] } +wolfssl-sys = { version = "2.0.0", path = "../../wolfssl-rs/wolfssl-sys", optional = true, features = ["aesccm", "psk", "opensslall", "ex_data", "alpn", "dh"] } +tinydtls-sys = { version = "^0.2.0", default-features = false, optional = true, features = ["ecc", "psk"] } [target.'cfg(target_os="espidf")'.dependencies] esp-idf-sys = { version = "0.36.1" } diff --git a/libcoap-sys/build/build_system/vendored.rs b/libcoap-sys/build/build_system/vendored.rs index 8ad2d12..523be43 100644 --- a/libcoap-sys/build/build_system/vendored.rs +++ b/libcoap-sys/build/build_system/vendored.rs @@ -152,6 +152,16 @@ impl VendoredBuildSystem { dtls_libraries_linked_by_other_crates |= DtlsBackend::MbedTls } } + #[cfg(feature = "dtls-wolfssl-sys")] + { + let (pkg_config_path, linked) = Self::configure_wolfssl_sys(build_config)?; + if let Some(pkg_config_path) = pkg_config_path { + additional_pkg_config_paths.push(pkg_config_path) + } + if linked { + dtls_libraries_linked_by_other_crates |= DtlsBackend::WolfSsl + } + } // Add libcoap's own build directory to the PKG_CONFIG_PATH (might be used later on to // find the generated .pc file to link against libcoap). @@ -194,6 +204,8 @@ impl VendoredBuildSystem { // If we do have a library already linked via a rust dependency, prefer those, but // maintain the order also used in libcoap itself. Some(DtlsBackend::OpenSsl) + } else if cfg!(feature = "dtls-wolfssl-sys") { + Some(DtlsBackend::WolfSsl) } else if cfg!(feature = "dtls-mbedtls-sys") { Some(DtlsBackend::MbedTls) } else if cfg!(feature = "dtls-tinydtls-sys") { @@ -237,6 +249,7 @@ impl VendoredBuildSystem { } else { // SAFETY: We are still single-threaded here. unsafe { env::set_var("PKG_CONFIG_PATH", pkg_config_path_bak.unwrap_or_default()) } + println!("cargo:rustc-link-lib=static=coap-3"); println!( "cargo:rustc-link-search={}", libcoap_build_prefix @@ -244,7 +257,6 @@ impl VendoredBuildSystem { .to_str() .context("unable to convert OUT_DIR to a valid UTF-8 string.")? ); - println!("cargo:rustc-link-lib=static=coap-3"); Ok(Self { out_dir, define_info: None, @@ -297,6 +309,27 @@ impl VendoredBuildSystem { } } + #[cfg(feature = "dtls-wolfssl-sys")] + fn configure_wolfssl_sys(build_config: &mut autotools::Config) -> Result<(Option, bool)> { + if env::var_os("wolfSSL_CFLAGS").is_some() || env::var_os("wolfSSL_LIBS").is_some() { + // Do not use wolfssl-sys if the user manually set either the corresponding LIBS or + // CFLAGS variable. + // However, do warn the user that this might cause issues. + println!("cargo:warning=You have enabled the wolfssl-sys dependency, but have overridden either the wolfSSL_CFLAGS or wolfSSL_LIBS environment variable used by libcoap to find wolfSSL."); + println!("cargo:warning=Note that attempting to link more than one version of the same library at once may cause unexpected issues and/or cryptic compilation errors, especially if both versions are statically linked."); + Ok((None, false)) + } else { + let wolfssl_root = env::var_os("DEP_WOLFSSL_ROOT") + .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_ROOT has not been set"); + let wolfssl_include = env::var_os("DEP_WOLFSSL_INCLUDE") + .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_INCLUDE has not been set"); + let wolfssl_libs = Path::new(wolfssl_root.as_os_str()).join("lib"); + + // Set pkg-config path for version and library/include path determination. + Ok((Some(wolfssl_libs.join("pkgconfig")), true)) + } + } + #[cfg(feature = "dtls-openssl-sys")] fn configure_openssl_sys(_build_config: &mut autotools::Config) -> Result<(Option, bool)> { if env::var_os("OpenSSL_CFLAGS").is_some() || env::var_os("OpenSSL_LIBS").is_some() { @@ -314,7 +347,7 @@ impl VendoredBuildSystem { .context("DEP_OPENSSL_INCLUDE has no parent directory")? .join("lib"); - // Just add the OpenSSL directory to the PKG_CONFIG_PATH, that way libcoap will find it. + // Set pkg-config path for version and library/include path determination. Ok((Some(openssl_libs.join("pkgconfig")), true)) } } diff --git a/libcoap-sys/build/main.rs b/libcoap-sys/build/main.rs index 8131a1d..70dd347 100644 --- a/libcoap-sys/build/main.rs +++ b/libcoap-sys/build/main.rs @@ -34,7 +34,7 @@ fn main() -> Result<()> { println!("cargo::rustc-check-cfg=cfg(esp_idf_comp_espressif__coap_enabled)"); // Indicates the DTLS library crate that was linked against, if a library version vendored by // another crate was used. - println!("cargo:rustc-check-cfg=cfg(used_dtls_crate, values(\"mbedtls\", \"tinydtls\", \"openssl\"))"); + println!("cargo:rustc-check-cfg=cfg(used_dtls_crate, values(\"mbedtls\", \"tinydtls\", \"openssl\", \"wolfssl\"))"); // Indicates the DTLS backend used, if any. println!("cargo:rustc-check-cfg=cfg(dtls_backend, values(\"mbedtls\", \"tinydtls\", \"openssl\", \"gnutls\", \"wolfssl\"))"); // The detected libcoap version, if any. diff --git a/libcoap-sys/src/lib.rs b/libcoap-sys/src/lib.rs index d666f49..83610cc 100644 --- a/libcoap-sys/src/lib.rs +++ b/libcoap-sys/src/lib.rs @@ -335,6 +335,8 @@ use openssl_sys as _; #[allow(unused_imports)] #[cfg(used_dtls_crate = "tinydtls")] use tinydtls_sys as _; +#[cfg(used_dtls_crate = "wolfssl")] +use wolfssl_sys as _; // Add check whether the libcoap component is enabled when building for the ESP-IDF. #[cfg(all(target_os = "espidf", not(esp_idf_comp_espressif__coap_enabled)))] diff --git a/libcoap/Cargo.toml b/libcoap/Cargo.toml index 915fd6c..e0fcb5a 100644 --- a/libcoap/Cargo.toml +++ b/libcoap/Cargo.toml @@ -39,6 +39,7 @@ vendored = ["libcoap-sys/vendored"] dtls-openssl-sys = ["libcoap-sys/dtls-openssl-sys"] dtls-mbedtls-sys = ["libcoap-sys/dtls-mbedtls-sys"] dtls-tinydtls-sys = ["libcoap-sys/dtls-tinydtls-sys"] +dtls-wolfssl-sys = ["libcoap-sys/dtls-wolfssl-sys"] dtls-openssl-sys-vendored = ["libcoap-sys/dtls-openssl-sys-vendored"] dtls-tinydtls-sys-vendored = ["libcoap-sys/dtls-tinydtls-sys-vendored"] diff --git a/libcoap/tests/dtls_pki_client_server_test.rs b/libcoap/tests/dtls_pki_client_server_test.rs index cbb11b5..d82bbb8 100644 --- a/libcoap/tests/dtls_pki_client_server_test.rs +++ b/libcoap/tests/dtls_pki_client_server_test.rs @@ -79,9 +79,9 @@ pub fn dtls_pki_asn1_file_client_server_request() { // For some inexplicable reason, setting the CA cert fails _only_ with ASN1 files using the // OpenSSL library. // I'm pretty sure this is a libcoap issue, so we'll not set the CA cert there for now. - #[cfg(not(dtls_backend = "openssl"))] + #[cfg(not(any(dtls_backend = "openssl", dtls_backend = "wolfssl")))] Some(key_storage.join("./ca/ca.crt.der")), - #[cfg(dtls_backend = "openssl")] + #[cfg(any(dtls_backend = "openssl", dtls_backend = "wolfssl"))] None::, key_storage.join("./server/server.crt.der"), key_storage.join("./server/server.key.der"),