fix WolfSSL

.github/workflows/nightly.yml

@@ -14,7 +14,7 @@ jobs:
       matrix:
         cc: [gcc, clang, g++, clang++]
         target: [test, mip_test]
-        ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
+        ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
         select: ["-DMG_ENABLE_POLL=0 -DMG_ENABLE_EPOLL=0", "-DMG_ENABLE_POLL=1 -DMG_ENABLE_EPOLL=0", "-DMG_ENABLE_POLL=0 -DMG_ENABLE_EPOLL=1"]
         exclude:
         - ssl: MBEDTLS
@@ -43,7 +43,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ssl: [""]
+        ssl: ["", BUILTIN]
     name: S390 SSL=${{ matrix.ssl }}
     steps:
     - uses: actions/checkout@v4
@@ -65,7 +65,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
+        ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
     name: unamalgamated-mg_prefix SSL=${{ matrix.ssl }}
     steps:
     - uses: actions/checkout@v4
@@ -77,7 +77,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
+        ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
     name: Valgrind SSL=${{ matrix.ssl }}
     steps:
     - uses: actions/checkout@v4
@@ -89,7 +89,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ssl: ["", BUILTIN, MBEDTLS, OPENSSL] #, WOLFSSL]
+        ssl: ["", BUILTIN, MBEDTLS, OPENSSL, WOLFSSL]
         select: [-DMG_ENABLE_POLL=0, -DMG_ENABLE_POLL=1]
         exclude:
         - ssl: MBEDTLS
@@ -158,7 +158,7 @@ jobs:
     name: examples ${{ matrix.ssl }}
     steps:
     - uses: actions/checkout@v4
-    - run: sudo apt -y install libmbedtls-dev libwolfssl-dev libpcap-dev
+    - run: sudo apt -y install libpcap-dev
     - run: make -C test examples CFLAGS_EXTRA="${{ matrix.ssl }}"
     - run: make -C test clean_examples
   examples_win:
@@ -243,7 +243,7 @@ jobs:
     name: tutorials ${{ matrix.ssl }}
     steps:
     - uses: actions/checkout@v4
-    - run: sudo apt -y install libmbedtls-dev libwolfssl-dev libpcap-dev
+    - run: sudo apt -y install libpcap-dev
     - run: make -C test tutorials CFLAGS_EXTRA="${{ matrix.ssl }}"
     - run: make -C test clean_tutorials
   tutorials_win:

mongoose.c

@@ -4659,7 +4659,7 @@ static bool mg_atone(struct mg_str str, struct mg_addr *addr) {
 
 static bool mg_aton4(struct mg_str str, struct mg_addr *addr) {
   uint8_t data[4] = {0, 0, 0, 0};
-  size_t i, num_dots = 0; // TODO(): refactor to mg_span() + mg_str_num()
+  size_t i, num_dots = 0;
   for (i = 0; i < str.len; i++) {
     if (str.buf[i] >= '0' && str.buf[i] <= '9') {
       int octet = data[num_dots] * 10 + (str.buf[i] - '0');
@@ -4705,7 +4705,7 @@ static bool mg_aton6(struct mg_str str, struct mg_addr *addr) {
     if ((str.buf[i] >= '0' && str.buf[i] <= '9') ||
         (str.buf[i] >= 'a' && str.buf[i] <= 'f') ||
         (str.buf[i] >= 'A' && str.buf[i] <= 'F')) {
-      unsigned long val;  // TODO(): This loops, refactor
+      unsigned long val;  // TODO(): This loops on chars, refactor
       if (i > j + 3) return false;
       // MG_DEBUG(("%lu %lu [%.*s]", i, j, (int) (i - j + 1), &str.buf[j]));
       mg_str_to_num(mg_str_n(&str.buf[j], i - j + 1), 16, &val, sizeof(val));
@@ -10904,8 +10904,9 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
   if (c->is_listening) goto fail;
   MG_DEBUG(("%lu Setting TLS", c->id));
   MG_PROF_ADD(c, "mbedtls_init_start");
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-  psa_crypto_init();
+#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000 && \
+    defined(MBEDTLS_PSA_CRYPTO_C)
+  psa_crypto_init();  // https://github.com/Mbed-TLS/mbedtls/issues/9072#issuecomment-2084845711
 #endif
   mbedtls_ssl_init(&tls->ssl);
   mbedtls_ssl_config_init(&tls->conf);
@@ -11034,7 +11035,8 @@ void mg_tls_ctx_free(struct mg_mgr *mgr) {
 
 
 
-#if MG_TLS == MG_TLS_OPENSSL
+#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
+
 static int tls_err_cb(const char *s, size_t len, void *c) {
   int n = (int) len - 1;
   MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
@@ -11100,7 +11102,7 @@ static long mg_bio_ctrl(BIO *b, int cmd, long larg, void *pargs) {
   if (cmd == BIO_CTRL_PUSH) ret = 1;
   if (cmd == BIO_CTRL_POP) ret = 1;
   if (cmd == BIO_CTRL_FLUSH) ret = 1;
-#ifndef OPENSSL_IS_WOLFSSL
+#if MG_TLS == MG_TLS_OPENSSL
   if (cmd == BIO_C_SET_NBIO) ret = 1;
 #endif
   // MG_DEBUG(("%d -> %ld", cmd, ret));
@@ -11194,7 +11196,7 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
   }
 
   SSL_set_mode(tls->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-#if OPENSSL_VERSION_NUMBER > 0x10002000L && !defined(OPENSSL_IS_WOLFSSL)
+#if (MG_TLS == MG_TLS_OPENSSL) && OPENSSL_VERSION_NUMBER > 0x10002000L
   (void) SSL_set_ecdh_auto(tls->ssl, 1);
 #endif
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -11205,10 +11207,10 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
     free(s);
   }
 #endif
-#ifndef OPENSSL_IS_WOLFSSL
-  tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
-#else
+#if MG_TLS == MG_TLS_WOLFSSL
   tls->bm = BIO_meth_new(0, "bio_mg");
+#else
+  tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
 #endif
   BIO_meth_set_write(tls->bm, mg_bio_write);
   BIO_meth_set_read(tls->bm, mg_bio_read);

mongoose.h

@@ -2147,6 +2147,7 @@ void mg_http_serve_ssi(struct mg_connection *c, const char *root,
 #define MG_TLS_NONE 0     // No TLS support
 #define MG_TLS_MBED 1     // mbedTLS
 #define MG_TLS_OPENSSL 2  // OpenSSL
+#define MG_TLS_WOLFSSL 5  // WolfSSL (based on OpenSSL)
 #define MG_TLS_BUILTIN 3  // Built-in
 #define MG_TLS_CUSTOM 4   // Custom implementation
 
@@ -2214,7 +2215,7 @@ struct mg_tls {
 #endif
 
 
-#if MG_TLS == MG_TLS_OPENSSL
+#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
 
 #include <openssl/err.h>
 #include <openssl/ssl.h>
@@ -2917,22 +2918,17 @@ struct mg_tcpip_driver_tm4c_data {
 #endif
 
 
-#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC) && MG_ENABLE_DRIVER_XMC
+#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_W5500) && MG_ENABLE_DRIVER_W5500
 
-struct mg_tcpip_driver_xmc_data {
-  // 13.2.8.1 Station Management Functions
-  // MDC clock divider (). MDC clock is derived from ETH MAC clock
-  // It must not exceed 2.5MHz
-  // ETH Clock range  DIVIDER       mdc_cr VALUE
-  // --------------------------------------------
-  //                                     -1  <-- tell driver to guess the value
-  // 60-100 MHz       ETH Clock/42        0
-  // 100-150 MHz      ETH Clock/62        1
-  // 20-35 MHz        ETH Clock/16        2
-  // 35-60 MHz        ETH Clock/26        3
-  // 150-250 MHz      ETH Clock/102       4
-  // 250-300 MHz      ETH Clock/124       5
-  // 110, 111 Reserved
+#undef MG_ENABLE_TCPIP_DRIVER_INIT
+#define MG_ENABLE_TCPIP_DRIVER_INIT 0
+
+#endif
+
+
+#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC7) && MG_ENABLE_DRIVER_XMC7
+
+struct mg_tcpip_driver_xmc7_data {
   int mdc_cr;  // Valid values: -1, 0, 1, 2, 3, 4, 5
   uint8_t phy_addr;
 };
@@ -2942,31 +2938,45 @@ struct mg_tcpip_driver_xmc_data {
 #endif
 
 #ifndef MG_DRIVER_MDC_CR
-#define MG_DRIVER_MDC_CR 4
+#define MG_DRIVER_MDC_CR 3
 #endif
 
 #define MG_TCPIP_DRIVER_INIT(mgr)                                 \
   do {                                                            \
-    static struct mg_tcpip_driver_xmc_data driver_data_;       \
+    static struct mg_tcpip_driver_xmc7_data driver_data_;       \
     static struct mg_tcpip_if mif_;                               \
     driver_data_.mdc_cr = MG_DRIVER_MDC_CR;                       \
     driver_data_.phy_addr = MG_TCPIP_PHY_ADDR;                    \
     mif_.ip = MG_TCPIP_IP;                                        \
     mif_.mask = MG_TCPIP_MASK;                                    \
     mif_.gw = MG_TCPIP_GW;                                        \
-    mif_.driver = &mg_tcpip_driver_xmc;                        \
+    mif_.driver = &mg_tcpip_driver_xmc7;                        \
     mif_.driver_data = &driver_data_;                             \
     MG_SET_MAC_ADDRESS(mif_.mac);                                 \
     mg_tcpip_init(mgr, &mif_);                                    \
-    MG_INFO(("Driver: xmc, MAC: %M", mg_print_mac, mif_.mac)); \
+    MG_INFO(("Driver: xmc7, MAC: %M", mg_print_mac, mif_.mac)); \
   } while (0)
 
 #endif
 
 
-#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC7) && MG_ENABLE_DRIVER_XMC7
 
-struct mg_tcpip_driver_xmc7_data {
+#if MG_ENABLE_TCPIP && defined(MG_ENABLE_DRIVER_XMC) && MG_ENABLE_DRIVER_XMC
+
+struct mg_tcpip_driver_xmc_data {
+  // 13.2.8.1 Station Management Functions
+  // MDC clock divider (). MDC clock is derived from ETH MAC clock
+  // It must not exceed 2.5MHz
+  // ETH Clock range  DIVIDER       mdc_cr VALUE
+  // --------------------------------------------
+  //                                     -1  <-- tell driver to guess the value
+  // 60-100 MHz       ETH Clock/42        0
+  // 100-150 MHz      ETH Clock/62        1
+  // 20-35 MHz        ETH Clock/16        2
+  // 35-60 MHz        ETH Clock/26        3
+  // 150-250 MHz      ETH Clock/102       4
+  // 250-300 MHz      ETH Clock/124       5
+  // 110, 111 Reserved
   int mdc_cr;  // Valid values: -1, 0, 1, 2, 3, 4, 5
   uint8_t phy_addr;
 };
@@ -2976,28 +2986,27 @@ struct mg_tcpip_driver_xmc7_data {
 #endif
 
 #ifndef MG_DRIVER_MDC_CR
-#define MG_DRIVER_MDC_CR 3
+#define MG_DRIVER_MDC_CR 4
 #endif
 
 #define MG_TCPIP_DRIVER_INIT(mgr)                                 \
   do {                                                            \
-    static struct mg_tcpip_driver_xmc7_data driver_data_;       \
+    static struct mg_tcpip_driver_xmc_data driver_data_;       \
     static struct mg_tcpip_if mif_;                               \
     driver_data_.mdc_cr = MG_DRIVER_MDC_CR;                       \
     driver_data_.phy_addr = MG_TCPIP_PHY_ADDR;                    \
     mif_.ip = MG_TCPIP_IP;                                        \
     mif_.mask = MG_TCPIP_MASK;                                    \
     mif_.gw = MG_TCPIP_GW;                                        \
-    mif_.driver = &mg_tcpip_driver_xmc7;                        \
+    mif_.driver = &mg_tcpip_driver_xmc;                        \
     mif_.driver_data = &driver_data_;                             \
     MG_SET_MAC_ADDRESS(mif_.mac);                                 \
     mg_tcpip_init(mgr, &mif_);                                    \
-    MG_INFO(("Driver: xmc7, MAC: %M", mg_print_mac, mif_.mac)); \
+    MG_INFO(("Driver: xmc, MAC: %M", mg_print_mac, mif_.mac)); \
   } while (0)
 
 #endif
 
-
 #ifdef __cplusplus
 }
 #endif

src/tls.h

@@ -3,6 +3,7 @@
 #define MG_TLS_NONE 0     // No TLS support
 #define MG_TLS_MBED 1     // mbedTLS
 #define MG_TLS_OPENSSL 2  // OpenSSL
+#define MG_TLS_WOLFSSL 5  // WolfSSL (based on OpenSSL)
 #define MG_TLS_BUILTIN 3  // Built-in
 #define MG_TLS_CUSTOM 4   // Custom implementation
 

src/tls_openssl.c

@@ -1,7 +1,8 @@
 #include "printf.h"
 #include "tls.h"
 
-#if MG_TLS == MG_TLS_OPENSSL
+#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
+
 static int tls_err_cb(const char *s, size_t len, void *c) {
   int n = (int) len - 1;
   MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
@@ -67,7 +68,7 @@ static long mg_bio_ctrl(BIO *b, int cmd, long larg, void *pargs) {
   if (cmd == BIO_CTRL_PUSH) ret = 1;
   if (cmd == BIO_CTRL_POP) ret = 1;
   if (cmd == BIO_CTRL_FLUSH) ret = 1;
-#ifndef OPENSSL_IS_WOLFSSL
+#if MG_TLS == MG_TLS_OPENSSL
   if (cmd == BIO_C_SET_NBIO) ret = 1;
 #endif
   // MG_DEBUG(("%d -> %ld", cmd, ret));
@@ -161,7 +162,7 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
   }
 
   SSL_set_mode(tls->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-#if OPENSSL_VERSION_NUMBER > 0x10002000L && !defined(OPENSSL_IS_WOLFSSL)
+#if (MG_TLS == MG_TLS_OPENSSL) && OPENSSL_VERSION_NUMBER > 0x10002000L
   (void) SSL_set_ecdh_auto(tls->ssl, 1);
 #endif
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
@@ -172,10 +173,10 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
     free(s);
   }
 #endif
-#ifndef OPENSSL_IS_WOLFSSL
-  tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
-#else
+#if MG_TLS == MG_TLS_WOLFSSL
   tls->bm = BIO_meth_new(0, "bio_mg");
+#else
+  tls->bm = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "bio_mg");
 #endif
   BIO_meth_set_write(tls->bm, mg_bio_write);
   BIO_meth_set_read(tls->bm, mg_bio_read);

src/tls_openssl.h

@@ -1,6 +1,6 @@
 #pragma once
 
-#if MG_TLS == MG_TLS_OPENSSL
+#if MG_TLS == MG_TLS_OPENSSL || MG_TLS == MG_TLS_WOLFSSL
 
 #include <openssl/err.h>
 #include <openssl/ssl.h>

test/Makefile

@@ -41,22 +41,39 @@ else
 C_WARN ?= -Wno-deprecated
 endif
 
+ifeq "$(SSL)" "OPENSSL"
+ifeq "$(OPENSSL)" ""
+CFLAGS  += -DMG_TLS=MG_TLS_OPENSSL $(shell pkg-config openssl --cflags)
+LDFLAGS += $(shell pkg-config openssl --libs)
+else
+CFLAGS  += -DMG_TLS=MG_TLS_OPENSSL -I$(OPENSSL)/include
+LDFLAGS += -L$(OPENSSL)/lib -lssl -lcrypto
+endif
+endif
+
 ifeq "$(SSL)" "MBEDTLS"
-MBEDTLS ?= /usr/local
+ifeq "$(MBEDTLS)" ""
+# MbedTLS does not yet provide a pc file (May 2024)
+#CFLAGS  += -DMG_TLS=MG_TLS_MBED $(shell pkg-config mbedtls --cflags) $(shell pkg-config mbedcrypto --cflags) $(shell pkg-config mbedx509 --cflags)
+#LDFLAGS += $(shell pkg-config mbedtls --libs) $(shell pkg-config mbedcrypto --libs) $(shell pkg-config mbedx509 --libs)
+CFLAGS  += -DMG_TLS=MG_TLS_MBED -I/usr/include
+LDFLAGS += -lmbedtls -lmbedcrypto -lmbedx509
+else
 CFLAGS  += -DMG_TLS=MG_TLS_MBED -I$(MBEDTLS)/include -I/usr/include
 LDFLAGS += -L$(MBEDTLS)/lib -lmbedtls -lmbedcrypto -lmbedx509
 endif
-
-ifeq "$(SSL)" "OPENSSL"
-OPENSSL ?= /usr/local
-CFLAGS  += -DMG_TLS=MG_TLS_OPENSSL -I$(OPENSSL)/include
-LDFLAGS += -L$(OPENSSL)/lib -lssl -lcrypto
 endif
 
 ifeq "$(SSL)" "WOLFSSL"
-WOLFSSL ?= /usr/local
-CFLAGS  += -DMG_TLS=MG_TLS_OPENSSL -I$(WOLFSSL)/include -I$(WOLFSSL)/include/wolfssl -DEXTERNAL_OPTS_OPENVPN
+# WolfSSL provides a pc file, but when using it in OpenSSL compatibility mode (we do), it requires overriding the include path
+#CFLAGS  += -DMG_TLS=MG_TLS_WOLFSSL -DEXTERNAL_OPTS_OPENVPN $(shell pkg-config openssl --cflags)
+#LDFLAGS += $(shell pkg-config wolfssl --libs)
+#ifeq "$(WOLFSSL)" ""
+#else
+WOLFSSL ?= $(shell pkg-config wolfssl --variable=prefix)
+CFLAGS  += -DMG_TLS=MG_TLS_WOLFSSL -DEXTERNAL_OPTS_OPENVPN -I$(WOLFSSL)/include -I$(WOLFSSL)/include/wolfssl
 LDFLAGS += -L$(WOLFSSL)/lib -lwolfssl
+#endif
 endif
 
 ifeq "$(SSL)" "BUILTIN"