From 29c8b0d53eceb7a3ce861529e374bab28ca08e09 Mon Sep 17 00:00:00 2001 From: Hugo Hakim Damer Date: Mon, 3 Mar 2025 18:52:52 +0100 Subject: [PATCH 1/5] feat(sys): support linking against wolfssl-sys DTLS library --- libcoap-sys/Cargo.toml | 9 +++-- libcoap-sys/build/build_system/vendored.rs | 40 ++++++++++++++++++++-- libcoap-sys/build/main.rs | 2 +- libcoap-sys/src/lib.rs | 2 ++ 4 files changed, 48 insertions(+), 5 deletions(-) diff --git a/libcoap-sys/Cargo.toml b/libcoap-sys/Cargo.toml index e7b16e7..9092321 100644 --- a/libcoap-sys/Cargo.toml +++ b/libcoap-sys/Cargo.toml @@ -60,9 +60,13 @@ dtls-openssl-sys-vendored = ["dtls-openssl-sys", "openssl-sys/vendored"] dtls-mbedtls-sys = ["dep:mbedtls-sys-auto"] # Allows using the version of TinyDTLS provided by tinydtls-sys instead of a system-provided one. # Note that this does not enforce the use of TinyDTLS in libcoap, see the crate-level documentation for more info. -dtls-tinydtls-sys = ["dep:tinydtls-sys", "tinydtls-sys/ecc", "tinydtls-sys/psk"] +dtls-tinydtls-sys = ["dep:tinydtls-sys"] # Tell the tinydtls-sys version that is possibly used by libcoap-sys to use the vendored version of its library. dtls-tinydtls-sys-vendored = ["dtls-tinydtls-sys", "tinydtls-sys/vendored"] +# Allows using the version of WolfSSL provided by wolfssl-sys instead of a system-provided one. +# Note that this does not enforce the use of WolfSSL in libcoap, see the crate-level documentation for more info. +dtls-wolfssl-sys = ["dep:wolfssl-sys"] + # Enabling this feature will allow libcoap-sys to be built with and statically linked to a vendored version of libcoap, # This way, it is no longer required to have libcoap installed to use this crate. @@ -143,7 +147,8 @@ dtls-rpk = ["dtls"] [dependencies] openssl-sys = { version = "^0.9.74", optional = true } mbedtls-sys-auto = { version = "^2.26", optional = true } -tinydtls-sys = { version = "^0.2.0", default-features = false, optional = true } +wolfssl-sys = { version = "2.0.0", git = "https://github.com/namib-project/wolfssl-rs.git", branch = "add_sys_cargo_metadata", optional = true, features = ["aesccm", "hmac", "psk", "opensslall", "ex_data", "alpn", "dh"] } +tinydtls-sys = { version = "^0.2.0", default-features = false, optional = true, features = ["ecc", "psk"] } [target.'cfg(target_os="espidf")'.dependencies] esp-idf-sys = { version = "0.36.1" } diff --git a/libcoap-sys/build/build_system/vendored.rs b/libcoap-sys/build/build_system/vendored.rs index 8ad2d12..1f07ffc 100644 --- a/libcoap-sys/build/build_system/vendored.rs +++ b/libcoap-sys/build/build_system/vendored.rs @@ -152,6 +152,17 @@ impl VendoredBuildSystem { dtls_libraries_linked_by_other_crates |= DtlsBackend::MbedTls } } + #[cfg(feature = "dtls-wolfssl-sys")] + { + let (pkg_config_path, linked) = Self::configure_wolfssl_sys(build_config)?; + if let Some(pkg_config_path) = pkg_config_path { + additional_pkg_config_paths.push(pkg_config_path) + } + if linked { + dtls_libraries_linked_by_other_crates |= DtlsBackend::WolfSsl + } + } + // Add libcoap's own build directory to the PKG_CONFIG_PATH (might be used later on to // find the generated .pc file to link against libcoap). @@ -194,6 +205,8 @@ impl VendoredBuildSystem { // If we do have a library already linked via a rust dependency, prefer those, but // maintain the order also used in libcoap itself. Some(DtlsBackend::OpenSsl) + } else if cfg!(feature = "dtls-wolfssl-sys") { + Some(DtlsBackend::WolfSsl) } else if cfg!(feature = "dtls-mbedtls-sys") { Some(DtlsBackend::MbedTls) } else if cfg!(feature = "dtls-tinydtls-sys") { @@ -237,6 +250,7 @@ impl VendoredBuildSystem { } else { // SAFETY: We are still single-threaded here. unsafe { env::set_var("PKG_CONFIG_PATH", pkg_config_path_bak.unwrap_or_default()) } + println!("cargo:rustc-link-lib=static=coap-3"); println!( "cargo:rustc-link-search={}", libcoap_build_prefix @@ -244,7 +258,6 @@ impl VendoredBuildSystem { .to_str() .context("unable to convert OUT_DIR to a valid UTF-8 string.")? ); - println!("cargo:rustc-link-lib=static=coap-3"); Ok(Self { out_dir, define_info: None, @@ -297,6 +310,29 @@ impl VendoredBuildSystem { } } + #[cfg(feature = "dtls-wolfssl-sys")] + fn configure_wolfssl_sys(build_config: &mut autotools::Config) -> Result<(Option, bool)> { + if env::var_os("wolfSSL_CFLAGS").is_some() || env::var_os("wolfSSL_LIBS").is_some() { + // Do not use wolfssl-sys if the user manually set either the corresponding LIBS or + // CFLAGS variable. + // However, do warn the user that this might cause issues. + println!("cargo:warning=You have enabled the wolfssl-sys dependency, but have overridden either the wolfSSL_CFLAGS or wolfSSL_LIBS environment variable used by libcoap to find wolfSSL."); + println!("cargo:warning=Note that attempting to link more than one version of the same library at once may cause unexpected issues and/or cryptic compilation errors, especially if both versions are statically linked."); + Ok((None, false)) + } else { + let wolfssl_root = env::var_os("DEP_WOLFSSL_ROOT") + .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_ROOT has not been set"); + let wolfssl_include = env::var_os("DEP_WOLFSSL_INCLUDE") + .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_INCLUDE has not been set"); + let wolfssl_libs = Path::new(wolfssl_root.as_os_str()) + .join("lib"); + + // Set pkg-config path for version and library/include path determination. + Ok((Some(wolfssl_libs.join("pkgconfig")), true)) + } + } + + #[cfg(feature = "dtls-openssl-sys")] fn configure_openssl_sys(_build_config: &mut autotools::Config) -> Result<(Option, bool)> { if env::var_os("OpenSSL_CFLAGS").is_some() || env::var_os("OpenSSL_LIBS").is_some() { @@ -314,7 +350,7 @@ impl VendoredBuildSystem { .context("DEP_OPENSSL_INCLUDE has no parent directory")? .join("lib"); - // Just add the OpenSSL directory to the PKG_CONFIG_PATH, that way libcoap will find it. + // Set pkg-config path for version and library/include path determination. Ok((Some(openssl_libs.join("pkgconfig")), true)) } } diff --git a/libcoap-sys/build/main.rs b/libcoap-sys/build/main.rs index 8131a1d..70dd347 100644 --- a/libcoap-sys/build/main.rs +++ b/libcoap-sys/build/main.rs @@ -34,7 +34,7 @@ fn main() -> Result<()> { println!("cargo::rustc-check-cfg=cfg(esp_idf_comp_espressif__coap_enabled)"); // Indicates the DTLS library crate that was linked against, if a library version vendored by // another crate was used. - println!("cargo:rustc-check-cfg=cfg(used_dtls_crate, values(\"mbedtls\", \"tinydtls\", \"openssl\"))"); + println!("cargo:rustc-check-cfg=cfg(used_dtls_crate, values(\"mbedtls\", \"tinydtls\", \"openssl\", \"wolfssl\"))"); // Indicates the DTLS backend used, if any. println!("cargo:rustc-check-cfg=cfg(dtls_backend, values(\"mbedtls\", \"tinydtls\", \"openssl\", \"gnutls\", \"wolfssl\"))"); // The detected libcoap version, if any. diff --git a/libcoap-sys/src/lib.rs b/libcoap-sys/src/lib.rs index d666f49..83610cc 100644 --- a/libcoap-sys/src/lib.rs +++ b/libcoap-sys/src/lib.rs @@ -335,6 +335,8 @@ use openssl_sys as _; #[allow(unused_imports)] #[cfg(used_dtls_crate = "tinydtls")] use tinydtls_sys as _; +#[cfg(used_dtls_crate = "wolfssl")] +use wolfssl_sys as _; // Add check whether the libcoap component is enabled when building for the ESP-IDF. #[cfg(all(target_os = "espidf", not(esp_idf_comp_espressif__coap_enabled)))] From 6945d2ac344415fdabaabd3f860c3a5da916b716 Mon Sep 17 00:00:00 2001 From: Hugo Hakim Damer Date: Tue, 4 Mar 2025 15:40:59 +0100 Subject: [PATCH 2/5] feat(ci): run CI pipeline with wolfssl as backend as well --- .github/workflows/test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2cb3694..e8ed345 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: fail-fast: false matrix: crate: [ libcoap-sys, libcoap-rs ] - dtls_backend: [ openssl, gnutls, tinydtls, mbedtls ] + dtls_backend: [ openssl, gnutls, tinydtls, mbedtls, wolfssl ] rust_version: [ msrv, stable, nightly ] env: LLVM_PROFILE_FILE: "${{ github.workspace }}/coverage-data/coverage/libcoap-rs-%p-%m.profraw" @@ -40,10 +40,12 @@ jobs: || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'mbedtls' && 'tcp,dtls-psk,dtls-pki,dtls-mbedtls-sys') || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'openssl' && 'tcp,dtls-psk,dtls-pki,dtls-openssl-sys-vendored') || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'gnutls' && 'tcp,dtls-psk,dtls-pki,dtls-rpk') + || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'wolfssl' && 'tcp,dtls-psk,dtls-pki,dtls-rpk,dtls-wolfssl-sys') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'tinydtls' && 'dtls,dtls-tinydtls-sys-vendored') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'mbedtls' && 'dtls,dtls-mbedtls-sys') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'openssl' && 'dtls,dtls-openssl-sys-vendored') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'gnutls' && 'dtls') + || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'wolfssl' && 'dtls,dtls-wolfssl-sys') || 'vendored' }} steps: From 2220c43f66c65403de0f11097a679b6955040c5b Mon Sep 17 00:00:00 2001 From: Hugo Hakim Damer Date: Tue, 4 Mar 2025 15:42:39 +0100 Subject: [PATCH 3/5] fixup! feat(sys): support linking against wolfssl-sys DTLS library --- libcoap/Cargo.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/libcoap/Cargo.toml b/libcoap/Cargo.toml index 915fd6c..e0fcb5a 100644 --- a/libcoap/Cargo.toml +++ b/libcoap/Cargo.toml @@ -39,6 +39,7 @@ vendored = ["libcoap-sys/vendored"] dtls-openssl-sys = ["libcoap-sys/dtls-openssl-sys"] dtls-mbedtls-sys = ["libcoap-sys/dtls-mbedtls-sys"] dtls-tinydtls-sys = ["libcoap-sys/dtls-tinydtls-sys"] +dtls-wolfssl-sys = ["libcoap-sys/dtls-wolfssl-sys"] dtls-openssl-sys-vendored = ["libcoap-sys/dtls-openssl-sys-vendored"] dtls-tinydtls-sys-vendored = ["libcoap-sys/dtls-tinydtls-sys-vendored"] From 9af42378c49c448d6e0e78765278124a832b841b Mon Sep 17 00:00:00 2001 From: Hugo Hakim Damer Date: Tue, 4 Mar 2025 15:53:21 +0100 Subject: [PATCH 4/5] fixup! fixup! feat(sys): support linking against wolfssl-sys DTLS library --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e8ed345..9278ebd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -40,7 +40,7 @@ jobs: || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'mbedtls' && 'tcp,dtls-psk,dtls-pki,dtls-mbedtls-sys') || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'openssl' && 'tcp,dtls-psk,dtls-pki,dtls-openssl-sys-vendored') || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'gnutls' && 'tcp,dtls-psk,dtls-pki,dtls-rpk') - || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'wolfssl' && 'tcp,dtls-psk,dtls-pki,dtls-rpk,dtls-wolfssl-sys') + || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'wolfssl' && 'tcp,dtls-psk,dtls-pki,dtls-wolfssl-sys') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'tinydtls' && 'dtls,dtls-tinydtls-sys-vendored') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'mbedtls' && 'dtls,dtls-mbedtls-sys') || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'openssl' && 'dtls,dtls-openssl-sys-vendored') From 18a32147ae9b4b610480610ffdb4df812d202285 Mon Sep 17 00:00:00 2001 From: Hugo Hakim Damer Date: Sat, 12 Jul 2025 12:00:57 +0200 Subject: [PATCH 5/5] fix: resolve some wolfssl linking issues --- libcoap-sys/Cargo.toml | 3 ++- libcoap-sys/build/build_system/vendored.rs | 7 ++----- libcoap/tests/dtls_pki_client_server_test.rs | 4 ++-- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/libcoap-sys/Cargo.toml b/libcoap-sys/Cargo.toml index 9092321..200c5a2 100644 --- a/libcoap-sys/Cargo.toml +++ b/libcoap-sys/Cargo.toml @@ -147,7 +147,8 @@ dtls-rpk = ["dtls"] [dependencies] openssl-sys = { version = "^0.9.74", optional = true } mbedtls-sys-auto = { version = "^2.26", optional = true } -wolfssl-sys = { version = "2.0.0", git = "https://github.com/namib-project/wolfssl-rs.git", branch = "add_sys_cargo_metadata", optional = true, features = ["aesccm", "hmac", "psk", "opensslall", "ex_data", "alpn", "dh"] } +#wolfssl-sys = { version = "2.0.0", git = "https://github.com/namib-project/wolfssl-rs.git", branch = "add_sys_cargo_metadata", optional = true, features = ["aesccm", "psk", "opensslall", "ex_data", "alpn", "dh"] } +wolfssl-sys = { version = "2.0.0", path = "../../wolfssl-rs/wolfssl-sys", optional = true, features = ["aesccm", "psk", "opensslall", "ex_data", "alpn", "dh"] } tinydtls-sys = { version = "^0.2.0", default-features = false, optional = true, features = ["ecc", "psk"] } [target.'cfg(target_os="espidf")'.dependencies] diff --git a/libcoap-sys/build/build_system/vendored.rs b/libcoap-sys/build/build_system/vendored.rs index 1f07ffc..523be43 100644 --- a/libcoap-sys/build/build_system/vendored.rs +++ b/libcoap-sys/build/build_system/vendored.rs @@ -162,7 +162,6 @@ impl VendoredBuildSystem { dtls_libraries_linked_by_other_crates |= DtlsBackend::WolfSsl } } - // Add libcoap's own build directory to the PKG_CONFIG_PATH (might be used later on to // find the generated .pc file to link against libcoap). @@ -324,14 +323,12 @@ impl VendoredBuildSystem { .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_ROOT has not been set"); let wolfssl_include = env::var_os("DEP_WOLFSSL_INCLUDE") .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_INCLUDE has not been set"); - let wolfssl_libs = Path::new(wolfssl_root.as_os_str()) - .join("lib"); - + let wolfssl_libs = Path::new(wolfssl_root.as_os_str()).join("lib"); + // Set pkg-config path for version and library/include path determination. Ok((Some(wolfssl_libs.join("pkgconfig")), true)) } } - #[cfg(feature = "dtls-openssl-sys")] fn configure_openssl_sys(_build_config: &mut autotools::Config) -> Result<(Option, bool)> { diff --git a/libcoap/tests/dtls_pki_client_server_test.rs b/libcoap/tests/dtls_pki_client_server_test.rs index cbb11b5..d82bbb8 100644 --- a/libcoap/tests/dtls_pki_client_server_test.rs +++ b/libcoap/tests/dtls_pki_client_server_test.rs @@ -79,9 +79,9 @@ pub fn dtls_pki_asn1_file_client_server_request() { // For some inexplicable reason, setting the CA cert fails _only_ with ASN1 files using the // OpenSSL library. // I'm pretty sure this is a libcoap issue, so we'll not set the CA cert there for now. - #[cfg(not(dtls_backend = "openssl"))] + #[cfg(not(any(dtls_backend = "openssl", dtls_backend = "wolfssl")))] Some(key_storage.join("./ca/ca.crt.der")), - #[cfg(dtls_backend = "openssl")] + #[cfg(any(dtls_backend = "openssl", dtls_backend = "wolfssl"))] None::, key_storage.join("./server/server.crt.der"), key_storage.join("./server/server.key.der"),