Skip to content

Commit 1e3dc15

Browse files
vaintroubvaintroub
committed
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL
documentation Apparently, WolfSSL wants to have *exactly* the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc)
1 parent 4ec302e commit 1e3dc15

File tree

4 files changed

+53
-31
lines changed

4 files changed

+53
-31
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ extra/perror
5858
extra/replace
5959
extra/resolve_stack_dump
6060
extra/resolveip
61+
extra/wolfssl/user_settings.h
6162
import_executables.cmake
6263
include/*.h.tmp
6364
include/config.h

cmake/ssl.cmake

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,12 +49,13 @@ ENDMACRO()
4949

5050
MACRO (MYSQL_USE_BUNDLED_SSL)
5151
SET(INC_DIRS
52+
${CMAKE_BINARY_DIR}/extra/wolfssl
5253
${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl
5354
${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl/wolfssl
5455
)
5556
SET(SSL_LIBRARIES wolfssl wolfcrypt)
5657
SET(SSL_INCLUDE_DIRS ${INC_DIRS})
57-
SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DOPENSSL_ALL -DWOLFSSL_MYSQL_COMPATIBLE -DWC_NO_HARDEN")
58+
SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DWOLFSSL_USER_SETTINGS")
5859
SET(HAVE_ERR_remove_thread_state ON CACHE INTERNAL "wolfssl doesn't have ERR_remove_thread_state")
5960
SET(HAVE_EncryptAes128Ctr OFF CACHE INTERNAL "wolfssl does support AES-CTR, but differently from openssl")
6061
SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "wolfssl does not support AES-GCM")

extra/wolfssl/CMakeLists.txt

Lines changed: 17 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -25,25 +25,6 @@ ENDIF()
2525

2626
SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src)
2727
ADD_DEFINITIONS(${SSL_DEFINES})
28-
ADD_DEFINITIONS(
29-
-DHAVE_CRL
30-
-DWOLFSSL_MYSQL_COMPATIBLE
31-
-DHAVE_ECC
32-
-DECC_TIMING_RESISTANT
33-
-DBUILDING_WOLFSSL
34-
-DHAVE_HASHDRBG
35-
-DWOLFSSL_AES_DIRECT
36-
-DWOLFSSL_SHA384
37-
-DWOLFSSL_SHA512
38-
-DWOLFSSL_SHA224
39-
-DSESSION_CERT
40-
-DKEEP_OUR_CERT
41-
-DWOLFSSL_STATIC_RSA
42-
-DWC_RSA_BLINDING
43-
-DHAVE_TLS_EXTENSIONS
44-
-DHAVE_AES_ECB
45-
-DWOLFSSL_AES_COUNTER
46-
-DNO_WOLFSSL_STUB)
4728

4829
SET(WOLFSSL_SOURCES
4930
${WOLFSSL_SRCDIR}/crl.c
@@ -53,7 +34,8 @@ SET(WOLFSSL_SOURCES
5334
${WOLFSSL_SRCDIR}/wolfio.c
5435
${WOLFSSL_SRCDIR}/ocsp.c
5536
${WOLFSSL_SRCDIR}/ssl.c)
56-
ADD_DEFINITIONS(-DWOLFSSL_LIB)
37+
ADD_DEFINITIONS(-DWOLFSSL_LIB -DBUILDING_WOLFSSL)
38+
5739
INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
5840
IF(MSVC)
5941
# size_t to long truncation warning
@@ -116,28 +98,31 @@ IF(NOT (MSVC AND CMAKE_C_COMPILER_ID MATCHES Clang)
11698
ENDIF()
11799

118100
IF(WOLFSSL_FASTMATH)
119-
ADD_DEFINITIONS(-DUSE_FAST_MATH)
120-
# FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
121-
# WolfSSL will use more stack space with it
122-
ADD_DEFINITIONS(-DFP_MAX_BITS=16384)
123-
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c)
101+
SET(USE_FAST_MATH 1)
102+
SET(TFM_TIMING_RESISTANT 1)
103+
# FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
104+
# WolfSSL will use more stack space with it
105+
SET(FP_MAX_BITS 16384)
106+
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c)
124107
ELSE()
125-
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c)
108+
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c)
126109
ENDIF()
127110

128111
IF(WOLFSSL_INTELASM)
129-
ADD_DEFINITIONS(-DWOLFSSL_AESNI)
130-
SET(SSL_DEFINES "${SSL_DEFINES} -DWOLFSSL_AESNI" PARENT_SCOPE)
112+
SET(WOLFSSL_AESNI 1)
113+
131114
LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/cpuid.c)
132115
IF(MSVC)
133116
LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.asm)
134117
IF(CMAKE_C_COMPILER_ID MATCHES Clang)
135118
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -maes")
136119
ELSE()
137-
ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DWOLFSSL_X86_64_BUILD)
120+
SET(HAVE_INTEL_RDSEED 1)
121+
SET(WOLFSSL_X86_64_BUILD 1)
138122
ENDIF()
139123
ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
140-
ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP)
124+
SET(HAVE_INTEL_RDSEED 1)
125+
SET(USE_INTEL_SPEEDUP 1)
141126
LIST(APPEND WOLFCRYPT_SOURCES
142127
${WOLFCRYPT_SRCDIR}/aes_asm.S
143128
${WOLFCRYPT_SRCDIR}/sha512_asm.S
@@ -146,5 +131,7 @@ IF(WOLFSSL_INTELASM)
146131
ENDIF()
147132
ENDIF()
148133

134+
CONFIGURE_FILE(user_settings.h.in user_settings.h)
135+
INCLUDE_DIRECTORIES(${SSL_INCLUDE_DIRS})
149136
ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
150137

extra/wolfssl/user_settings.h.in

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
#ifndef WOLFSSL_USER_SETTINGS_H
2+
#define WOLFSSL_USER_SETTINGS_H
3+
4+
#define HAVE_CRL
5+
#define WOLFSSL_MYSQL_COMPATIBLE
6+
#define HAVE_ECC
7+
#define ECC_TIMING_RESISTANT
8+
#define HAVE_HASHDRBG
9+
#define WOLFSSL_AES_DIRECT
10+
#define WOLFSSL_SHA384
11+
#define WOLFSSL_SHA512
12+
#define WOLFSSL_SHA224
13+
#define SESSION_CERT
14+
#define KEEP_OUR_CERT
15+
#define WOLFSSL_STATIC_RSA
16+
#define WC_RSA_BLINDING
17+
#define HAVE_TLS_EXTENSIONS
18+
#define HAVE_AES_ECB
19+
#define WOLFSSL_AES_COUNTER
20+
#define NO_WOLFSSL_STUB
21+
#define OPENSSL_ALL
22+
23+
24+
#cmakedefine WOLFSSL_AESNI
25+
#cmakedefine USE_FAST_MATH
26+
#cmakedefine TFM_TIMING_RESISTANT
27+
#cmakedefine HAVE_INTEL_RDSEED
28+
#cmakedefine USE_INTEL_SPEEDUP
29+
#cmakedefine FP_MAX_BITS @FP_MAX_BITS@
30+
#cmakedefine USE_FAST_MATH
31+
#cmakedefine WOLFSSL_X86_64_BUILD
32+
33+
#endif /* WOLFSSL_USER_SETTINGS_H */

0 commit comments

Comments
 (0)