Add support for linking against wolfSSL provided by wolfssl-sys

.github/workflows/test.yml

@@ -22,7 +22,7 @@ jobs:
       fail-fast: false
       matrix:
         crate: [ libcoap-sys, libcoap-rs ]
-        dtls_backend: [ openssl, gnutls, tinydtls, mbedtls ]
+        dtls_backend: [ openssl, gnutls, tinydtls, mbedtls, wolfssl ]
         rust_version: [ msrv, stable, nightly ]
     env:
       LLVM_PROFILE_FILE: "${{ github.workspace }}/coverage-data/coverage/libcoap-rs-%p-%m.profraw"
@@ -40,10 +40,12 @@ jobs:
             || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'mbedtls' && 'tcp,dtls-psk,dtls-pki,dtls-mbedtls-sys')
             || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'openssl' && 'tcp,dtls-psk,dtls-pki,dtls-openssl-sys-vendored')
             || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'gnutls' && 'tcp,dtls-psk,dtls-pki,dtls-rpk')
+            || (matrix.crate == 'libcoap-rs' && matrix.dtls_backend == 'wolfssl' && 'tcp,dtls-psk,dtls-pki,dtls-wolfssl-sys')
             || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'tinydtls' && 'dtls,dtls-tinydtls-sys-vendored')
             || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'mbedtls' && 'dtls,dtls-mbedtls-sys')
             || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'openssl' && 'dtls,dtls-openssl-sys-vendored')
             || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'gnutls' && 'dtls')
+            || (matrix.crate == 'libcoap-sys' && matrix.dtls_backend == 'wolfssl' && 'dtls,dtls-wolfssl-sys')
             || 'vendored'
         }}
     steps:

libcoap-sys/Cargo.toml

@@ -60,9 +60,13 @@ dtls-openssl-sys-vendored = ["dtls-openssl-sys", "openssl-sys/vendored"]
 dtls-mbedtls-sys = ["dep:mbedtls-sys-auto"]
 # Allows using the version of TinyDTLS provided by tinydtls-sys instead of a system-provided one.
 # Note that this does not enforce the use of TinyDTLS in libcoap, see the crate-level documentation for more info.
-dtls-tinydtls-sys = ["dep:tinydtls-sys", "tinydtls-sys/ecc", "tinydtls-sys/psk"]
+dtls-tinydtls-sys = ["dep:tinydtls-sys"]
 # Tell the tinydtls-sys version that is possibly used by libcoap-sys to use the vendored version of its library.
 dtls-tinydtls-sys-vendored = ["dtls-tinydtls-sys", "tinydtls-sys/vendored"]
+# Allows using the version of WolfSSL provided by wolfssl-sys instead of a system-provided one.
+# Note that this does not enforce the use of WolfSSL in libcoap, see the crate-level documentation for more info.
+dtls-wolfssl-sys = ["dep:wolfssl-sys"]
+
 
 # Enabling this feature will allow libcoap-sys to be built with and statically linked to a vendored version of libcoap,
 # This way, it is no longer required to have libcoap installed to use this crate.
@@ -143,7 +147,9 @@ dtls-rpk = ["dtls"]
 [dependencies]
 openssl-sys = { version = "^0.9.74", optional = true }
 mbedtls-sys-auto = { version = "^2.26", optional = true }
-tinydtls-sys = { version = "^0.2.0", default-features = false, optional = true }
+#wolfssl-sys = { version = "2.0.0", git = "https://github.com/namib-project/wolfssl-rs.git", branch = "add_sys_cargo_metadata", optional = true, features = ["aesccm", "psk", "opensslall", "ex_data", "alpn", "dh"] }
+wolfssl-sys = { version = "2.0.0", path = "../../wolfssl-rs/wolfssl-sys", optional = true, features = ["aesccm", "psk", "opensslall", "ex_data", "alpn", "dh"] }
+tinydtls-sys = { version = "^0.2.0", default-features = false, optional = true, features = ["ecc", "psk"] }
 
 [target.'cfg(target_os="espidf")'.dependencies]
 esp-idf-sys = { version = "0.36.1" }

libcoap-sys/build/build_system/vendored.rs

@@ -152,6 +152,16 @@ impl VendoredBuildSystem {
                     dtls_libraries_linked_by_other_crates |= DtlsBackend::MbedTls
                 }
             }
+            #[cfg(feature = "dtls-wolfssl-sys")]
+            {
+                let (pkg_config_path, linked) = Self::configure_wolfssl_sys(build_config)?;
+                if let Some(pkg_config_path) = pkg_config_path {
+                    additional_pkg_config_paths.push(pkg_config_path)
+                }
+                if linked {
+                    dtls_libraries_linked_by_other_crates |= DtlsBackend::WolfSsl
+                }
+            }
 
             // Add libcoap's own build directory to the PKG_CONFIG_PATH (might be used later on to
             // find the generated .pc file to link against libcoap).
@@ -194,6 +204,8 @@ impl VendoredBuildSystem {
                 // If we do have a library already linked via a rust dependency, prefer those, but
                 // maintain the order also used in libcoap itself.
                 Some(DtlsBackend::OpenSsl)
+            } else if cfg!(feature = "dtls-wolfssl-sys") {
+                Some(DtlsBackend::WolfSsl)
             } else if cfg!(feature = "dtls-mbedtls-sys") {
                 Some(DtlsBackend::MbedTls)
             } else if cfg!(feature = "dtls-tinydtls-sys") {
@@ -237,14 +249,14 @@ impl VendoredBuildSystem {
         } else {
             // SAFETY: We are still single-threaded here.
             unsafe { env::set_var("PKG_CONFIG_PATH", pkg_config_path_bak.unwrap_or_default()) }
+            println!("cargo:rustc-link-lib=static=coap-3");
             println!(
                 "cargo:rustc-link-search={}",
                 libcoap_build_prefix
                     .join("lib")
                     .to_str()
                     .context("unable to convert OUT_DIR to a valid UTF-8 string.")?
             );
-            println!("cargo:rustc-link-lib=static=coap-3");
             Ok(Self {
                 out_dir,
                 define_info: None,
@@ -297,6 +309,27 @@ impl VendoredBuildSystem {
         }
     }
 
+    #[cfg(feature = "dtls-wolfssl-sys")]
+    fn configure_wolfssl_sys(build_config: &mut autotools::Config) -> Result<(Option<PathBuf>, bool)> {
+        if env::var_os("wolfSSL_CFLAGS").is_some() || env::var_os("wolfSSL_LIBS").is_some() {
+            // Do not use wolfssl-sys if the user manually set either the corresponding LIBS or
+            // CFLAGS variable.
+            // However, do warn the user that this might cause issues.
+            println!("cargo:warning=You have enabled the wolfssl-sys dependency, but have overridden either the wolfSSL_CFLAGS or wolfSSL_LIBS environment variable used by libcoap to find wolfSSL.");
+            println!("cargo:warning=Note that attempting to link more than one version of the same library at once may cause unexpected issues and/or cryptic compilation errors, especially if both versions are statically linked.");
+            Ok((None, false))
+        } else {
+            let wolfssl_root = env::var_os("DEP_WOLFSSL_ROOT")
+                .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_ROOT has not been set");
+            let wolfssl_include = env::var_os("DEP_WOLFSSL_INCLUDE")
+                .expect("wolfssl-sys dependency has been added, but DEP_WOLFSSL_INCLUDE has not been set");
+            let wolfssl_libs = Path::new(wolfssl_root.as_os_str()).join("lib");
+
+            // Set pkg-config path for version and library/include path determination.
+            Ok((Some(wolfssl_libs.join("pkgconfig")), true))
+        }
+    }
+
     #[cfg(feature = "dtls-openssl-sys")]
     fn configure_openssl_sys(_build_config: &mut autotools::Config) -> Result<(Option<PathBuf>, bool)> {
         if env::var_os("OpenSSL_CFLAGS").is_some() || env::var_os("OpenSSL_LIBS").is_some() {
@@ -314,7 +347,7 @@ impl VendoredBuildSystem {
                 .context("DEP_OPENSSL_INCLUDE has no parent directory")?
                 .join("lib");
 
-            // Just add the OpenSSL directory to the PKG_CONFIG_PATH, that way libcoap will find it.
+            // Set pkg-config path for version and library/include path determination.
             Ok((Some(openssl_libs.join("pkgconfig")), true))
         }
     }

libcoap-sys/build/main.rs

@@ -34,7 +34,7 @@ fn main() -> Result<()> {
     println!("cargo::rustc-check-cfg=cfg(esp_idf_comp_espressif__coap_enabled)");
     // Indicates the DTLS library crate that was linked against, if a library version vendored by
     // another crate was used.
-    println!("cargo:rustc-check-cfg=cfg(used_dtls_crate, values(\"mbedtls\", \"tinydtls\", \"openssl\"))");
+    println!("cargo:rustc-check-cfg=cfg(used_dtls_crate, values(\"mbedtls\", \"tinydtls\", \"openssl\", \"wolfssl\"))");
     // Indicates the DTLS backend used, if any.
     println!("cargo:rustc-check-cfg=cfg(dtls_backend, values(\"mbedtls\", \"tinydtls\", \"openssl\", \"gnutls\", \"wolfssl\"))");
     // The detected libcoap version, if any.

libcoap-sys/src/lib.rs

@@ -335,6 +335,8 @@ use openssl_sys as _;
 #[allow(unused_imports)]
 #[cfg(used_dtls_crate = "tinydtls")]
 use tinydtls_sys as _;
+#[cfg(used_dtls_crate = "wolfssl")]
+use wolfssl_sys as _;
 
 // Add check whether the libcoap component is enabled when building for the ESP-IDF.
 #[cfg(all(target_os = "espidf", not(esp_idf_comp_espressif__coap_enabled)))]

libcoap/Cargo.toml

@@ -39,6 +39,7 @@ vendored = ["libcoap-sys/vendored"]
 dtls-openssl-sys = ["libcoap-sys/dtls-openssl-sys"]
 dtls-mbedtls-sys = ["libcoap-sys/dtls-mbedtls-sys"]
 dtls-tinydtls-sys = ["libcoap-sys/dtls-tinydtls-sys"]
+dtls-wolfssl-sys = ["libcoap-sys/dtls-wolfssl-sys"]
 dtls-openssl-sys-vendored = ["libcoap-sys/dtls-openssl-sys-vendored"]
 dtls-tinydtls-sys-vendored = ["libcoap-sys/dtls-tinydtls-sys-vendored"]
 

libcoap/tests/dtls_pki_client_server_test.rs

@@ -79,9 +79,9 @@ pub fn dtls_pki_asn1_file_client_server_request() {
         // For some inexplicable reason, setting the CA cert fails _only_ with ASN1 files using the
         // OpenSSL library.
         // I'm pretty sure this is a libcoap issue, so we'll not set the CA cert there for now.
-        #[cfg(not(dtls_backend = "openssl"))]
+        #[cfg(not(any(dtls_backend = "openssl", dtls_backend = "wolfssl")))]
         Some(key_storage.join("./ca/ca.crt.der")),
-        #[cfg(dtls_backend = "openssl")]
+        #[cfg(any(dtls_backend = "openssl", dtls_backend = "wolfssl"))]
         None::<DerFileKeyComponent>,
         key_storage.join("./server/server.crt.der"),
         key_storage.join("./server/server.key.der"),