Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add wolfSSL support #619

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add wolfSSL support #619

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 7 additions & 5 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on: [push, pull_request]
jobs:
build:
strategy:
fail-fast: false
matrix:
os:
- ubuntu-latest
Expand All @@ -14,6 +15,7 @@ jobs:
- "-DWITH_OPENSSL=ON -DWITH_GNUTLS=OFF -DWITH_GCRYPT=OFF" # build with OpenSSL
- "-DWITH_OPENSSL=OFF -DWITH_GNUTLS=ON -DWITH_GCRYPT=ON" # build with GnuTLS and Libgrypt
- "-DWITH_OPENSSL=OFF -DWITH_GNUTLS=OFF -DWITH_GCRYPT=OFF" # build without external encryption libraries
- "-DWITH_OPENSSL=OFF -DWITH_GNUTLS=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON" # build with wolfSSL
- "-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-mingw32-linux.cmake" # crosscompile with MinGW toolchain
include:
- os: macos-latest
Expand All @@ -31,29 +33,29 @@ jobs:
cmake_options: "-DWITH_OPENSSL=OFF -DWITH_GNUTLS=ON -DWITH_GCRYPT=ON" # don't have GnuTLS and libgcrypt on Windows (yet)
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install Ubuntu Build Dependencies
if: ${{ matrix.os == 'ubuntu-latest' }}
run: |
sudo apt update
sudo apt install libsdl2-dev liblzo2-dev libssl-dev gnutls-dev libgcrypt-dev mingw-w64-x86-64-dev binutils-mingw-w64-x86-64 gcc-mingw-w64-x86-64 wine
sudo apt install libsdl2-dev liblzo2-dev libssl-dev gnutls-dev libgcrypt-dev libwolfssl-dev mingw-w64-x86-64-dev binutils-mingw-w64-x86-64 gcc-mingw-w64-x86-64 wine
- name: Install MacOS Build Dependencies
if: ${{ matrix.os == 'macos-latest' }}
run: |
unset HOMEBREW_NO_INSTALL_FROM_API
brew untap homebrew/core homebrew/cask
brew update
brew install sdl2 lzo
brew install sdl2 lzo wolfssl
- name: Install Windows Build Dependencies
if: ${{ matrix.os == 'windows-latest' }}
run: |
vcpkg install zlib libjpeg-turbo libpng --triplet=x64-windows # could install more but should use run-vcpkg with caching for this
vcpkg install zlib libjpeg-turbo libpng pkgconf wolfssl --triplet=x64-windows # could install more but should use run-vcpkg with caching for this
- name: Build
run: |
mkdir build
cd build
cmake ${{ matrix.cmake_options }} ${{ matrix.macos_cmake_options }} ${{ matrix.windows_cmake_options }} ..
cmake --build .
cmake --build . --verbose
- name: Prepare Test
if: ${{ matrix.os == 'ubuntu-latest' }} # only ubuntu does crosscompile with MinGW toolchain
run: |
Expand Down
36 changes: 36 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ option(WITH_THREADS "Search for a threading library to build with multithreading
option(PREFER_WIN32THREADS "When searching for a threading library, prefer win32 threads if they are found" OFF)
option(WITH_GNUTLS "Search for the GnuTLS secure communications library to support TLS" ON)
option(WITH_OPENSSL "Search for the OpenSSL cryptography library to support TLS and use as crypto backend" ON)
option(WITH_WOLFSSL "Search for the wolfSSL cryptography library to support TLS and use as crypto backend" OFF)
option(WITH_SYSTEMD "Search for libsystemd to build with systemd socket activation support" ON)
option(WITH_GCRYPT "Search for Libgcrypt to use as crypto backend" ON)
option(WITH_FFMPEG "Search for FFMPEG to build an example VNC to MPEG encoder" ON)
Expand Down Expand Up @@ -182,6 +183,14 @@ if(WITH_OPENSSL)
find_package(OpenSSL)
endif(WITH_OPENSSL)

if(WITH_WOLFSSL)
find_package(PkgConfig)
pkg_check_modules(WOLFSSL "wolfssl")
if(WOLFSSL_FOUND)
link_directories(${WOLFSSL_LIBRARY_DIRS})
endif(WOLFSSL_FOUND)
endif(WITH_WOLFSSL)


if(WITH_SYSTEMD AND NOT ANDROID AND NOT WIN32)
find_package(PkgConfig)
Expand Down Expand Up @@ -275,6 +284,9 @@ endif(PNG_FOUND)
if(NOT OPENSSL_FOUND)
unset(OPENSSL_LIBRARIES) # would otherwise contain -NOTFOUND, confusing target_link_libraries()
endif()
if(NOT WOLFSSL_FOUND)
unset(WOLFSSL_LIBRARIES) # would otherwise contain -NOTFOUND, confusing target_link_libraries()
endif()
if(SYSTEMD_FOUND)
add_definitions(-DLIBVNCSERVER_WITH_SYSTEMD)
include_directories(${SYSTEMD_INCLUDE_DIRS})
Expand All @@ -290,6 +302,10 @@ elseif(OPENSSL_FOUND)
message(STATUS "Building crypto with OpenSSL")
set(CRYPTO_LIBRARIES ${OPENSSL_LIBRARIES})
set(CRYPTO_SOURCES ${COMMON_DIR}/crypto_openssl.c)
elseif(WOLFSSL_FOUND)
message(STATUS "Building crypto with wolfSSL")
set(CRYPTO_LIBRARIES ${WOLFSSL_LIBRARIES})
set(CRYPTO_SOURCES ${COMMON_DIR}/crypto_openssl.c)
else()
message(STATUS "Building crypto with builtin functions, only including SHA1 and D3DES")
set(CRYPTO_SOURCES ${COMMON_DIR}/crypto_included.c ${COMMON_DIR}/sha1.c ${COMMON_DIR}/d3des.c)
Expand All @@ -312,6 +328,13 @@ if(OPENSSL_FOUND)
set(LIBVNCSERVER_HAVE_LIBSSL 1)
endif(OPENSSL_FOUND)

if(WOLFSSL_FOUND)
include_directories("${WOLFSSL_INCLUDE_DIRS}" "${WOLFSSL_INCLUDEDIR}/wolfssl")
set(LIBVNCSERVER_HAVE_LIBWOLFSSL 1)
set(LIBVNCSERVER_HAVE_LIBSSL 1)
add_definitions(-DEXTERNAL_OPTS_OPENVPN -DOPENSSL_VERSION_NUMBER=0x10001040L)
endif(WOLFSSL_FOUND)

if(WITH_IPv6)
if(WIN32 AND LIBVNCSERVER_HAVE_WS2TCPIP_H AND LIBVNCSERVER_HAVE_VPRINTF)
set(LIBVNCSERVER_IPv6 1)
Expand Down Expand Up @@ -448,6 +471,17 @@ elseif(OPENSSL_FOUND)
${LIBVNCSERVER_DIR}/rfbssl_openssl.c
)
include_directories(${OPENSSL_INCLUDE_DIR})
elseif(WOLFSSL_FOUND)
message(STATUS "Building TLS with wolfSSL")
set(LIBVNCCLIENT_SOURCES
${LIBVNCCLIENT_SOURCES}
${LIBVNCCLIENT_DIR}/tls_openssl.c
)
set(LIBVNCSERVER_SOURCES
${LIBVNCSERVER_SOURCES}
${LIBVNCSERVER_DIR}/rfbssl_openssl.c
)
include_directories("${WOLFSSL_INCLUDE_DIRS}" "${WOLFSSL_INCLUDEDIR}/wolfssl")
else()
message(STATUS "Building without TLS")
set(LIBVNCCLIENT_SOURCES
Expand Down Expand Up @@ -548,6 +582,7 @@ target_link_libraries(vncclient
${CRYPTO_LIBRARIES}
${GNUTLS_LIBRARIES}
${OPENSSL_LIBRARIES}
${WOLFSSL_LIBRARIES}
)
target_link_libraries(vncserver
${ADDITIONAL_LIBS}
Expand All @@ -558,6 +593,7 @@ target_link_libraries(vncserver
${CRYPTO_LIBRARIES}
${GNUTLS_LIBRARIES}
${OPENSSL_LIBRARIES}
${WOLFSSL_LIBRARIES}
)

SET_TARGET_PROPERTIES(vncclient vncserver
Expand Down
3 changes: 3 additions & 0 deletions include/rfb/rfbconfig.h.cmakein
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,9 @@
/* Define to 1 if OpenSSL is present */
#cmakedefine LIBVNCSERVER_HAVE_LIBSSL 1

/* Define to 1 if wolfSSL is present */
#cmakedefine LIBVNCSERVER_HAVE_LIBWOLFSSL 1

/* Define to 1 if Cyrus SASL is present */
#cmakedefine LIBVNCSERVER_HAVE_SASL 1

Expand Down
20 changes: 20 additions & 0 deletions src/common/crypto_openssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,10 @@ static unsigned char reverseByte(unsigned char b) {

int hash_md5(void *out, const void *in, const size_t in_len)
{
#if defined(LIBVNCSERVER_HAVE_LIBWOLFSSL) && defined(NO_MD5)
/* wolfSSL in MacOS brew doesn't have md5 enabled */
return 0;
#else
MD5_CTX md5;
if(!MD5_Init(&md5))
return 0;
Expand All @@ -50,6 +54,7 @@ int hash_md5(void *out, const void *in, const size_t in_len)
if(!MD5_Final(out, &md5))
return 0;
return 1;
#endif
}

int hash_sha1(void *out, const void *in, const size_t in_len)
Expand All @@ -71,6 +76,10 @@ void random_bytes(void *out, size_t len)

int encrypt_rfbdes(void *out, int *out_len, const unsigned char key[8], const void *in, const size_t in_len)
{
#if defined(LIBVNCSERVER_HAVE_LIBWOLFSSL) && (defined(NO_DES3) || !defined(WOLFSSL_DES_ECB))
/* wolfSSL in MacOS brew doesn't have des enabled */
return 0;
#else
int result = 0;
EVP_CIPHER_CTX *des = NULL;
unsigned char mungedkey[8];
Expand Down Expand Up @@ -110,10 +119,15 @@ int encrypt_rfbdes(void *out, int *out_len, const unsigned char key[8], const vo
OSSL_PROVIDER_unload(providerDefault);
#endif
return result;
#endif
}

int decrypt_rfbdes(void *out, int *out_len, const unsigned char key[8], const void *in, const size_t in_len)
{
#if defined(LIBVNCSERVER_HAVE_LIBWOLFSSL) && (defined(NO_DES3) || !defined(WOLFSSL_DES_ECB))
/* wolfSSL in MacOS brew doesn't have des enabled */
return 0;
#else
int result = 0;
EVP_CIPHER_CTX *des = NULL;
unsigned char mungedkey[8];
Expand Down Expand Up @@ -155,10 +169,15 @@ int decrypt_rfbdes(void *out, int *out_len, const unsigned char key[8], const vo
OSSL_PROVIDER_unload(providerDefault);
#endif
return result;
#endif
}

int encrypt_aes128ecb(void *out, int *out_len, const unsigned char key[16], const void *in, const size_t in_len)
{
#if defined(LIBVNCSERVER_HAVE_LIBWOLFSSL) && (!defined(HAVE_AES_ECB) || !defined(WOLFSSL_AES_128))
/* wolfSSL in MacOS brew doesn't have aes-ecb enabled */
return 0;
#else
int result = 0;
EVP_CIPHER_CTX *aes;

Expand All @@ -175,6 +194,7 @@ int encrypt_aes128ecb(void *out, int *out_len, const unsigned char key[16], cons
out:
EVP_CIPHER_CTX_free(aes);
return result;
#endif
}

static void pad_leading_zeros(uint8_t *out, const size_t current_len, const size_t expected_len) {
Expand Down
8 changes: 8 additions & 0 deletions src/libvncclient/tls_openssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,10 @@ static int wait_for_data(SSL *ssl, int ret, int timeout)
static rfbBool
load_crls_from_file(char *file, SSL_CTX *ssl_ctx)
{
#if defined(LIBVNCSERVER_HAVE_LIBWOLFSSL) && (!defined(OPENSSL_ALL) || defined(NO_BIO))
/* wolfSSL in Windows vcpkg is missing API */
return 0;
#else
X509_STORE *st;
int i;
int count = 0;
Expand Down Expand Up @@ -245,6 +249,7 @@ load_crls_from_file(char *file, SSL_CTX *ssl_ctx)
return TRUE;
else
return FALSE;
#endif
}

static SSL *
Expand Down Expand Up @@ -350,7 +355,10 @@ open_ssl_connection (rfbClient *client, int sockfd, rfbBool anonTLS, rfbCredenti
}

SSL_set_fd (ssl, sockfd);
#if !defined(LIBVNCSERVER_HAVE_LIBWOLFSSL) || defined(OPENSSL_ALL)
/* wolfSSL in Windows vcpkg is missing API */
SSL_CTX_set_app_data (ssl_ctx, client);
#endif

do
{
Expand Down
Loading