From 0f34fb01fbad219548e5d8b67fb426b3a3ee7522 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 5 Jun 2024 14:15:55 +0200 Subject: [PATCH 01/14] Fix build and tests for wolfSSL Signed-off-by: Juliusz Sosinowicz --- .github/workflows/ssl.yml | 1 + CMakeLists.txt | 3 +- include/jwt-cpp/jwt.h | 1 + tests/HelperTest.cpp | 2 +- tests/OpenSSLErrorTest.cpp | 154 ++++++++++++++++++++++++------------- 5 files changed, 107 insertions(+), 54 deletions(-) diff --git a/.github/workflows/ssl.yml b/.github/workflows/ssl.yml index a60c6f7a6..80d6a83b7 100644 --- a/.github/workflows/ssl.yml +++ b/.github/workflows/ssl.yml @@ -88,6 +88,7 @@ jobs: - { ref: "v5.1.1-stable", name: "5.1.1"} - { ref: "v5.2.0-stable", name: "5.2.0" } - { ref: "v5.3.0-stable", name: "5.3.0"} + - { ref: "v5.7.0-stable", name: "5.7.0"} name: wolfSSL ${{ matrix.wolfssl.name }} steps: - uses: actions/checkout@v4 diff --git a/CMakeLists.txt b/CMakeLists.txt index ad9632a35..82613dc6f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -125,7 +125,8 @@ if(${JWT_SSL_LIBRARY} MATCHES "wolfSSL") target_link_libraries(jwt-cpp INTERFACE PkgConfig::wolfssl) # This is required to access OpenSSL compatibility API target_include_directories(jwt-cpp INTERFACE ${wolfssl_INCLUDE_DIRS}) - target_compile_definitions(jwt-cpp INTERFACE OPENSSL_EXTRA OPENSSL_ALL) + # EXTERNAL_OPTS_OPENVPN is necessary so that wolfssl/options.h is included automatically + target_compile_definitions(jwt-cpp INTERFACE OPENSSL_EXTRA OPENSSL_ALL EXTERNAL_OPTS_OPENVPN) endif() if(NOT JWT_DISABLE_PICOJSON AND JWT_EXTERNAL_PICOJSON) diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h index 6194d45ba..2cd12362e 100644 --- a/include/jwt-cpp/jwt.h +++ b/include/jwt-cpp/jwt.h @@ -20,6 +20,7 @@ #include #include #include +#include #include #include diff --git a/tests/HelperTest.cpp b/tests/HelperTest.cpp index 17ea7e391..a3a78b96f 100644 --- a/tests/HelperTest.cpp +++ b/tests/HelperTest.cpp @@ -113,7 +113,7 @@ namespace { std::string google_cert = // This is to handle the different subject alternate name ordering // see https://github.com/wolfSSL/wolfssl/issues/4397 -#ifdef LIBWOLFSSL_VERSION_HEX +#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007000 R"(-----BEGIN CERTIFICATE----- MIIFfTCCBOagAwIBAgIKYFOB9QABAACIvTANBgkqhkiG9w0BAQUFADBGMQswCQYD VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp index b137a0d3c..48aa3dba5 100644 --- a/tests/OpenSSLErrorTest.cpp +++ b/tests/OpenSSLErrorTest.cpp @@ -63,9 +63,15 @@ static uint64_t fail_PEM_write_bio_RSA_PUBKEY = 0; static uint64_t fail_RSA_set0_key = 0; #endif +#ifdef LIBWOLFSSL_VERSION_STRING +#define SYMBOL_NAME(s) ("wolfSSL_" s) +#else +#define SYMBOL_NAME(s) (s) +#endif + BIO* BIO_new(const BIO_METHOD* type) { static BIO* (*origMethod)(const BIO_METHOD*) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "BIO_new"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("BIO_new")); bool fail = fail_BIO_new & 1; fail_BIO_new = fail_BIO_new >> 1; if (fail) @@ -76,7 +82,7 @@ BIO* BIO_new(const BIO_METHOD* type) { X509* PEM_read_bio_X509(BIO* bp, X509** x, pem_password_cb* cb, void* u) { static X509* (*origMethod)(BIO * bp, X509 * *x, pem_password_cb * cb, void* u) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_X509"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_X509")); bool fail = fail_PEM_read_bio_X509 & 1; fail_PEM_read_bio_X509 = fail_PEM_read_bio_X509 >> 1; if (fail) @@ -87,7 +93,7 @@ X509* PEM_read_bio_X509(BIO* bp, X509** x, pem_password_cb* cb, void* u) { EVP_PKEY* X509_get_pubkey(X509* x) { static EVP_PKEY* (*origMethod)(X509*) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "X509_get_pubkey"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("X509_get_pubkey")); bool fail = fail_X509_get_pubkey & 1; fail_X509_get_pubkey = fail_X509_get_pubkey >> 1; if (fail) @@ -104,7 +110,7 @@ EVP_PKEY* X509_get_pubkey(X509* x) { int PEM_write_bio_PUBKEY(BIO* bp, OPENSSL_CONST EVP_PKEY* x) { static int (*origMethod)(BIO * bp, OPENSSL_CONST EVP_PKEY * x) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_write_bio_PUBKEY"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_write_bio_PUBKEY")); bool fail = fail_PEM_write_bio_PUBKEY & 1; fail_PEM_write_bio_PUBKEY = fail_PEM_write_bio_PUBKEY >> 1; if (fail) @@ -115,7 +121,7 @@ int PEM_write_bio_PUBKEY(BIO* bp, OPENSSL_CONST EVP_PKEY* x) { int PEM_write_bio_X509(BIO* bp, OPENSSL_CONST X509* x) { static int (*origMethod)(BIO * bp, OPENSSL_CONST X509 * x) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_write_bio_X509"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_write_bio_X509")); bool fail = fail_PEM_write_bio_cert & 1; fail_PEM_write_bio_cert = fail_PEM_write_bio_cert >> 1; if (fail) @@ -126,7 +132,7 @@ int PEM_write_bio_X509(BIO* bp, OPENSSL_CONST X509* x) { long BIO_ctrl(BIO* bp, int cmd, long larg, void* parg) { static long (*origMethod)(BIO * bp, int cmd, long larg, void* parg) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "BIO_ctrl"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("BIO_ctrl")); bool fail = fail_BIO_ctrl & 1; fail_BIO_ctrl = fail_BIO_ctrl >> 1; if (fail) @@ -137,7 +143,7 @@ long BIO_ctrl(BIO* bp, int cmd, long larg, void* parg) { int BIO_write(BIO* b, const void* data, int dlen) { static int (*origMethod)(BIO * b, const void* data, int dlen) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "BIO_write"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("BIO_write")); bool fail = fail_BIO_write & 1; fail_BIO_write = fail_BIO_write >> 1; if (fail) @@ -148,7 +154,7 @@ int BIO_write(BIO* b, const void* data, int dlen) { EVP_PKEY* PEM_read_bio_PUBKEY(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* u) { static EVP_PKEY* (*origMethod)(BIO * bp, EVP_PKEY * *x, pem_password_cb * cb, void* u) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_PUBKEY"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_PUBKEY")); bool fail = fail_PEM_read_bio_PUBKEY & 1; fail_PEM_read_bio_PUBKEY = fail_PEM_read_bio_PUBKEY >> 1; if (fail) @@ -159,7 +165,7 @@ EVP_PKEY* PEM_read_bio_PUBKEY(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* EVP_PKEY* PEM_read_bio_PrivateKey(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* u) { static EVP_PKEY* (*origMethod)(BIO * bp, EVP_PKEY * *x, pem_password_cb * cb, void* u) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_PrivateKey"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_PrivateKey")); bool fail = fail_PEM_read_bio_PrivateKey & 1; fail_PEM_read_bio_PrivateKey = fail_PEM_read_bio_PrivateKey >> 1; if (fail) @@ -168,11 +174,13 @@ EVP_PKEY* PEM_read_bio_PrivateKey(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, vo return origMethod(bp, x, cb, u); } +#if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX > 0x05007000 +/* wolfSSL definition collides. Fixed after 5.7.0 */ unsigned char* HMAC(const EVP_MD* evp_md, const void* key, int key_len, const unsigned char* d, size_t n, unsigned char* md, unsigned int* md_len) { static unsigned char* (*origMethod)(const EVP_MD* evp_md, const void* key, int key_len, const unsigned char* d, size_t n, unsigned char* md, unsigned int* md_len) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "HMAC"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("HMAC")); bool fail = fail_HMAC & 1; fail_HMAC = fail_HMAC >> 1; if (fail) @@ -180,10 +188,11 @@ unsigned char* HMAC(const EVP_MD* evp_md, const void* key, int key_len, const un else return origMethod(evp_md, key, key_len, d, n, md, md_len); } +#endif EVP_MD_CTX* EVP_MD_CTX_new(void) { static EVP_MD_CTX* (*origMethod)(void) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_MD_CTX_new"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_MD_CTX_new")); bool fail = fail_EVP_MD_CTX_new & 1; fail_EVP_MD_CTX_new = fail_EVP_MD_CTX_new >> 1; if (fail) @@ -194,7 +203,7 @@ EVP_MD_CTX* EVP_MD_CTX_new(void) { int EVP_DigestSignFinal(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen) { static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* sigret, size_t* siglen) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestSignFinal"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestSignFinal")); bool fail = fail_EVP_DigestSignFinal & 1; fail_EVP_DigestSignFinal = fail_EVP_DigestSignFinal >> 1; if (fail) @@ -205,7 +214,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen) int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type) { static int (*origMethod)(EVP_MD_CTX * ctx, const EVP_MD* type) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestInit"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestInit")); bool fail = fail_EVP_DigestInit & 1; fail_EVP_DigestInit = fail_EVP_DigestInit >> 1; if (fail) @@ -216,7 +225,7 @@ int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type) { int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* d, size_t cnt) { static int (*origMethod)(EVP_MD_CTX * ctx, const void* d, size_t cnt) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestUpdate"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestUpdate")); bool fail = fail_EVP_DigestUpdate & 1; fail_EVP_DigestUpdate = fail_EVP_DigestUpdate >> 1; if (fail) @@ -227,7 +236,7 @@ int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* d, size_t cnt) { int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* md, unsigned int* s) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestFinal"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestFinal")); bool fail = fail_EVP_DigestFinal & 1; fail_EVP_DigestFinal = fail_EVP_DigestFinal >> 1; if (fail) @@ -238,7 +247,7 @@ int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { int EVP_SignFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s, EVP_PKEY* pkey) { static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* md, unsigned int* s, EVP_PKEY* pkey) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_SignFinal"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_SignFinal")); bool fail = fail_EVP_SignFinal & 1; fail_EVP_SignFinal = fail_EVP_SignFinal >> 1; if (fail) @@ -250,7 +259,7 @@ int EVP_SignFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s, EVP_PKEY* int EVP_VerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigbuf, unsigned int siglen, EVP_PKEY* pkey) { static int (*origMethod)(EVP_MD_CTX * ctx, const unsigned char* sigbuf, unsigned int siglen, EVP_PKEY* pkey) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_VerifyFinal"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_VerifyFinal")); bool fail = fail_EVP_VerifyFinal & 1; fail_EVP_VerifyFinal = fail_EVP_VerifyFinal >> 1; if (fail) @@ -262,7 +271,7 @@ int EVP_VerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigbuf, unsigned int s #ifdef JWT_OPENSSL_3_0 int EVP_PKEY_public_check(EVP_PKEY_CTX* ctx) { static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_public_check"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_public_check")); bool fail = fail_EVP_PKEY_public_check & 1; fail_EVP_PKEY_public_check = fail_EVP_PKEY_public_check >> 1; if (fail) @@ -273,7 +282,7 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX* ctx) { int EVP_PKEY_private_check(EVP_PKEY_CTX* ctx) { static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_private_check"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_private_check")); bool fail = fail_EVP_PKEY_private_check & 1; fail_EVP_PKEY_private_check = fail_EVP_PKEY_private_check >> 1; if (fail) @@ -284,7 +293,7 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX* ctx) { EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX* libctx, EVP_PKEY* pkey, const char* propquery) { static EVP_PKEY_CTX* (*origMethod)(OSSL_LIB_CTX * libctx, EVP_PKEY * pkey, const char* propquery) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_CTX_new_from_pkey"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_CTX_new_from_pkey")); bool fail = fail_EVP_PKEY_CTX_new_from_pkey & 1; fail_EVP_PKEY_CTX_new_from_pkey = fail_EVP_PKEY_CTX_new_from_pkey >> 1; if (fail) @@ -296,7 +305,7 @@ EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX* libctx, EVP_PKEY* pkey, c #else int EC_KEY_check_key(const EC_KEY* key) { static int (*origMethod)(const EC_KEY* key) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EC_KEY_check_key"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EC_KEY_check_key")); bool fail = fail_EC_KEY_check_key & 1; fail_EC_KEY_check_key = fail_EC_KEY_check_key >> 1; if (fail) @@ -307,7 +316,7 @@ int EC_KEY_check_key(const EC_KEY* key) { EC_KEY* EVP_PKEY_get1_EC_KEY(EVP_PKEY* pkey) { static EC_KEY* (*origMethod)(EVP_PKEY * pkey) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_get1_EC_KEY"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_get1_EC_KEY")); bool fail = fail_EVP_PKEY_get1_EC_KEY & 1; fail_EVP_PKEY_get1_EC_KEY = fail_EVP_PKEY_get1_EC_KEY >> 1; if (fail) @@ -319,7 +328,7 @@ EC_KEY* EVP_PKEY_get1_EC_KEY(EVP_PKEY* pkey) { ECDSA_SIG* ECDSA_SIG_new(void) { static ECDSA_SIG* (*origMethod)() = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "ECDSA_SIG_new"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("ECDSA_SIG_new")); bool fail = fail_ECDSA_SIG_new & 1; fail_ECDSA_SIG_new = fail_ECDSA_SIG_new >> 1; if (fail) @@ -328,9 +337,9 @@ ECDSA_SIG* ECDSA_SIG_new(void) { return origMethod(); } -struct rsa_st* EVP_PKEY_get1_RSA(EVP_PKEY* pkey) { - static struct rsa_st* (*origMethod)(EVP_PKEY * pkey) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_get1_RSA"); +RSA* EVP_PKEY_get1_RSA(EVP_PKEY* pkey) { + static RSA* (*origMethod)(EVP_PKEY * pkey) = nullptr; + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_get1_RSA")); bool fail = fail_EVP_PKEY_get1_RSA & 1; fail_EVP_PKEY_get1_RSA = fail_EVP_PKEY_get1_RSA >> 1; if (fail) @@ -342,7 +351,7 @@ struct rsa_st* EVP_PKEY_get1_RSA(EVP_PKEY* pkey) { int EVP_DigestSignInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) { static int (*origMethod)(EVP_MD_CTX * ctx, EVP_PKEY_CTX * *pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestSignInit"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestSignInit")); bool fail = fail_EVP_DigestSignInit & 1; fail_EVP_DigestSignInit = fail_EVP_DigestSignInit >> 1; if (fail) @@ -354,7 +363,7 @@ int EVP_DigestSignInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* type, int EVP_DigestSign(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, size_t tbslen) { static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, size_t tbslen) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestSign"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestSign")); bool fail = fail_EVP_DigestSign & 1; fail_EVP_DigestSign = fail_EVP_DigestSign >> 1; if (fail) @@ -366,7 +375,7 @@ int EVP_DigestSign(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, const int EVP_DigestVerifyInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) { static int (*origMethod)(EVP_MD_CTX * ctx, EVP_PKEY_CTX * *pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestVerifyInit"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerifyInit")); bool fail = fail_EVP_DigestVerifyInit & 1; fail_EVP_DigestVerifyInit = fail_EVP_DigestVerifyInit >> 1; if (fail) @@ -378,7 +387,7 @@ int EVP_DigestVerifyInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* typ int EVP_DigestVerify(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, size_t tbslen) { static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, size_t tbslen) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestVerify"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerify")); bool fail = fail_EVP_DigestVerify & 1; fail_EVP_DigestVerify = fail_EVP_DigestVerify >> 1; if (fail) @@ -389,7 +398,7 @@ int EVP_DigestVerify(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, con int EVP_DigestVerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigret, size_t siglen) { static int (*origMethod)(EVP_MD_CTX * ctx, const unsigned char* sigret, size_t siglen) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestVerifyFinal"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerifyFinal")); bool fail = fail_EVP_DigestVerifyFinal & 1; fail_EVP_DigestVerifyFinal = fail_EVP_DigestVerifyFinal >> 1; if (fail) @@ -400,7 +409,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigret, size_t s int i2d_ECDSA_SIG(const ECDSA_SIG* sig, unsigned char** ppout) { static int (*origMethod)(const ECDSA_SIG* sig, unsigned char** ppout) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "i2d_ECDSA_SIG"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("i2d_ECDSA_SIG")); bool fail = fail_i2d_ECDSA_SIG & 1; fail_i2d_ECDSA_SIG = fail_i2d_ECDSA_SIG >> 1; if (fail) @@ -411,7 +420,7 @@ int i2d_ECDSA_SIG(const ECDSA_SIG* sig, unsigned char** ppout) { ECDSA_SIG* d2i_ECDSA_SIG(ECDSA_SIG** psig, const unsigned char** ppin, long len) { static ECDSA_SIG* (*origMethod)(ECDSA_SIG * *psig, const unsigned char** ppin, long len) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "d2i_ECDSA_SIG"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("d2i_ECDSA_SIG")); bool fail = fail_d2i_ECDSA_SIG & 1; fail_d2i_ECDSA_SIG = fail_d2i_ECDSA_SIG >> 1; if (fail) @@ -423,7 +432,7 @@ ECDSA_SIG* d2i_ECDSA_SIG(ECDSA_SIG** psig, const unsigned char** ppin, long len) #ifdef JWT_OPENSSL_3_0 OSSL_PARAM_BLD* OSSL_PARAM_BLD_new() { static OSSL_PARAM_BLD* (*origMethod)() = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "OSSL_PARAM_BLD_new"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("OSSL_PARAM_BLD_new")); bool fail = fail_OSSL_PARAM_BLD_new & 1; fail_OSSL_PARAM_BLD_new = fail_OSSL_PARAM_BLD_new >> 1; if (fail) @@ -434,7 +443,7 @@ OSSL_PARAM_BLD* OSSL_PARAM_BLD_new() { int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD* bld, const char* key, const BIGNUM* bn) { static int (*origMethod)(OSSL_PARAM_BLD * bld, const char* key, const BIGNUM* bn) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "OSSL_PARAM_BLD_push_BN"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("OSSL_PARAM_BLD_push_BN")); bool fail = fail_OSSL_PARAM_BLD_push_BN & 1; fail_OSSL_PARAM_BLD_push_BN = fail_OSSL_PARAM_BLD_push_BN >> 1; if (fail) @@ -445,7 +454,7 @@ int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD* bld, const char* key, const BIGNUM* b OSSL_PARAM* OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD* bld) { static OSSL_PARAM* (*origMethod)(OSSL_PARAM_BLD * bld) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "OSSL_PARAM_BLD_to_param"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("OSSL_PARAM_BLD_to_param")); bool fail = fail_OSSL_PARAM_BLD_to_param & 1; fail_OSSL_PARAM_BLD_to_param = fail_OSSL_PARAM_BLD_to_param >> 1; if (fail) @@ -456,7 +465,7 @@ OSSL_PARAM* OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD* bld) { EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX* libctx, const char* name, const char* propquery) { static EVP_PKEY_CTX* (*origMethod)(OSSL_LIB_CTX * libctx, const char* name, const char* propquery) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_CTX_new_from_name"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_CTX_new_from_name")); bool fail = fail_EVP_PKEY_CTX_new_from_name & 1; fail_EVP_PKEY_CTX_new_from_name = fail_EVP_PKEY_CTX_new_from_name >> 1; if (fail) @@ -467,7 +476,7 @@ EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX* libctx, const char* name, int EVP_PKEY_fromdata_init(EVP_PKEY_CTX* ctx) { static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_fromdata_init"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_fromdata_init")); bool fail = fail_EVP_PKEY_fromdata_init & 1; fail_EVP_PKEY_fromdata_init = fail_EVP_PKEY_fromdata_init >> 1; if (fail) @@ -478,7 +487,7 @@ int EVP_PKEY_fromdata_init(EVP_PKEY_CTX* ctx) { int EVP_PKEY_fromdata(EVP_PKEY_CTX* ctx, EVP_PKEY** ppkey, int selection, OSSL_PARAM params[]) { static int (*origMethod)(EVP_PKEY_CTX * ctx, EVP_PKEY * *ppkey, int selection, OSSL_PARAM params[]) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_fromdata"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_fromdata")); bool fail = fail_EVP_PKEY_fromdata & 1; fail_EVP_PKEY_fromdata = fail_EVP_PKEY_fromdata >> 1; if (fail) @@ -489,7 +498,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX* ctx, EVP_PKEY** ppkey, int selection, OSSL_P #else int PEM_write_bio_RSA_PUBKEY(BIO* bp, RSA* x) { static int (*origMethod)(BIO * bp, RSA * x) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_write_bio_RSA_PUBKEY"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_write_bio_RSA_PUBKEY")); bool fail = fail_PEM_write_bio_RSA_PUBKEY & 1; fail_PEM_write_bio_RSA_PUBKEY = fail_PEM_write_bio_RSA_PUBKEY >> 1; if (fail) @@ -500,7 +509,7 @@ int PEM_write_bio_RSA_PUBKEY(BIO* bp, RSA* x) { int RSA_set0_key(RSA* r, BIGNUM* n, BIGNUM* e, BIGNUM* d) { static int (*origMethod)(RSA * r, BIGNUM * n, BIGNUM * e, BIGNUM * d) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "RSA_set0_key"); + if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("RSA_set0_key")); bool fail = fail_RSA_set0_key & 1; fail_RSA_set0_key = fail_RSA_set0_key >> 1; if (fail) @@ -560,6 +569,7 @@ TEST(OpenSSLErrorTest, ConvertCertBase64DerToPemReference) { ASSERT_EQ(ec.value(), 0); } +#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL: limited ed support in compatibility layer */ TEST(OpenSSLErrorTest, ConvertEcdsaCertBase64DerToPemReference) { std::error_code ec; auto res = jwt::helper::convert_base64_der_to_pem(ed25519_certificate_base64_der, ec); @@ -567,6 +577,7 @@ TEST(OpenSSLErrorTest, ConvertEcdsaCertBase64DerToPemReference) { ASSERT_FALSE(!(!ec)); ASSERT_EQ(ec.value(), 0); } +#endif struct multitest_entry { uint64_t* fail_mask_ptr; @@ -595,7 +606,10 @@ TEST(OpenSSLErrorTest, ExtractPubkeyFromCert) { {&fail_PEM_read_bio_X509, 1, jwt::error::rsa_error::cert_load_failed}, {&fail_X509_get_pubkey, 1, jwt::error::rsa_error::get_key_failed}, {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::write_key_failed}, - {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; +#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ + {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} +#endif + }; run_multitest(mapping, [](std::error_code& ec) { try { @@ -610,7 +624,10 @@ TEST(OpenSSLErrorTest, ExtractPubkeyFromCertErrorCode) { {&fail_PEM_read_bio_X509, 1, jwt::error::rsa_error::cert_load_failed}, {&fail_X509_get_pubkey, 1, jwt::error::rsa_error::get_key_failed}, {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::write_key_failed}, - {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; +#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ + {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} +#endif + }; run_multitest(mapping, [](std::error_code& ec) { auto res = jwt::helper::extract_pubkey_from_cert(sample_cert, "", ec); @@ -621,7 +638,9 @@ TEST(OpenSSLErrorTest, ExtractPubkeyFromCertErrorCode) { TEST(OpenSSLErrorTest, CreateRsaPublicKeyFromComponents) { std::vector mapping{ {&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, +#ifndef LIBWOLFSSL_VERSION_HEX {&fail_BIO_get_mem_data, 1, jwt::error::rsa_error::convert_to_pem_failed}, +#endif #ifdef JWT_OPENSSL_3_0 {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::load_key_bio_write}, {&fail_OSSL_PARAM_BLD_new, 1, jwt::error::rsa_error::create_context_failed}, @@ -653,7 +672,9 @@ TEST(OpenSSLErrorTest, CreateRsaPublicKeyFromComponents) { TEST(OpenSSLErrorTest, CreateRsaPublicKeyFromComponentsErrorCode) { std::vector mapping{ {&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, +#ifndef LIBWOLFSSL_VERSION_HEX {&fail_BIO_get_mem_data, 1, jwt::error::rsa_error::convert_to_pem_failed}, +#endif #ifdef JWT_OPENSSL_3_0 {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::load_key_bio_write}, {&fail_OSSL_PARAM_BLD_new, 1, jwt::error::rsa_error::create_context_failed}, @@ -682,7 +703,10 @@ TEST(OpenSSLErrorTest, CreateRsaPublicKeyFromComponentsErrorCode) { TEST(OpenSSLErrorTest, ConvertCertBase64DerToPem) { std::vector mapping{{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, {&fail_PEM_write_bio_cert, 1, jwt::error::rsa_error::write_cert_failed}, - {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; +#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ + {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} +#endif + }; run_multitest(mapping, [](std::error_code& ec) { try { @@ -694,8 +718,14 @@ TEST(OpenSSLErrorTest, ConvertCertBase64DerToPem) { TEST(OpenSSLErrorTest, ConvertEcdsaCertBase64DerToPem) { std::vector mapping{{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, +#ifndef LIBWOLFSSL_VERSION_HEX {&fail_PEM_write_bio_cert, 1, jwt::error::rsa_error::write_cert_failed}, - {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; + {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} +#else + {&fail_PEM_write_bio_cert, 1, jwt::error::rsa_error::create_mem_bio_failed}, + {&fail_BIO_ctrl, 1, jwt::error::rsa_error::create_mem_bio_failed} +#endif + }; run_multitest(mapping, [](std::error_code& ec) { try { @@ -708,7 +738,10 @@ TEST(OpenSSLErrorTest, ConvertEcdsaCertBase64DerToPem) { TEST(OpenSSLErrorTest, ConvertCertBase64DerToPemErrorCode) { std::vector mapping{{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, {&fail_PEM_write_bio_cert, 1, jwt::error::rsa_error::write_cert_failed}, - {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; +#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ + {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} +#endif + }; run_multitest(mapping, [](std::error_code& ec) { auto res = jwt::helper::convert_base64_der_to_pem(sample_cert_base64_der, ec); @@ -776,8 +809,12 @@ TEST(OpenSSLErrorTest, LoadPublicKeyCertFromStringReference) { TEST(OpenSSLErrorTest, LoadPublicKeyCertFromString) { std::vector mapping { {&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, +#ifndef LIBWOLFSSL_VERSION_HEX {&fail_BIO_get_mem_data, 1, jwt::error::rsa_error::convert_to_pem_failed}, -#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3050300fL +#endif +#if defined(LIBWOLFSSL_VERSION_HEX) + {&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed}, +#elif !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3050300fL {&fail_BIO_write, 1, jwt::error::rsa_error::load_key_bio_write}, #else {&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed}, @@ -798,8 +835,12 @@ TEST(OpenSSLErrorTest, LoadPublicKeyCertFromString) { TEST(OpenSSLErrorTest, LoadPublicKeyCertFromStringErrorCode) { std::vector mapping { {&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, +#ifndef LIBWOLFSSL_VERSION_HEX {&fail_BIO_get_mem_data, 1, jwt::error::rsa_error::convert_to_pem_failed}, // extract_pubkey_from_cert -#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3050300fL +#endif +#if defined(LIBWOLFSSL_VERSION_HEX) + {&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed}, +#elif !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3050300fL {&fail_BIO_write, 1, jwt::error::rsa_error::load_key_bio_write}, #else {&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed}, @@ -844,6 +885,7 @@ TEST(OpenSSLErrorTest, LoadPrivateKeyFromStringErrorCode) { }); } +#if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX > 0x05007000 TEST(OpenSSLErrorTest, HMACSign) { std::string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE"; @@ -855,6 +897,7 @@ TEST(OpenSSLErrorTest, HMACSign) { run_multitest(mapping, [&](std::error_code& ec) { verify.verify(decoded_token, ec); }); } +#endif TEST(OpenSSLErrorTest, RS256Reference) { jwt::algorithm::rs256 alg{rsa_pub_key, rsa_priv_key}; @@ -948,7 +991,9 @@ TEST(OpenSSLErrorTest, LoadECDSAPublicKeyFromString) { TEST(OpenSSLErrorTest, ECDSACertificate) { std::vector mapping { {&fail_BIO_new, 1, jwt::error::ecdsa_error::create_mem_bio_failed}, -#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3050300fL +#if defined(LIBWOLFSSL_VERSION_HEX) + {&fail_BIO_write, 1, jwt::error::ecdsa_error::write_key_failed}, +#elif !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x3050300fL {&fail_BIO_write, 1, jwt::error::ecdsa_error::load_key_bio_write}, #else {&fail_BIO_write, 1, jwt::error::ecdsa_error::write_key_failed}, @@ -958,9 +1003,10 @@ TEST(OpenSSLErrorTest, ECDSACertificate) { {&fail_BIO_new, 2, jwt::error::ecdsa_error::create_mem_bio_failed}, {&fail_PEM_read_bio_X509, 1, jwt::error::ecdsa_error::cert_load_failed}, {&fail_X509_get_pubkey, 1, jwt::error::ecdsa_error::get_key_failed}, - {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::ecdsa_error::write_key_failed}, { - &fail_BIO_ctrl, 1, jwt::error::ecdsa_error::convert_to_pem_failed - } + {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::ecdsa_error::write_key_failed}, +#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ + {&fail_BIO_ctrl, 1, jwt::error::ecdsa_error::convert_to_pem_failed} +#endif }; run_multitest(mapping, [](std::error_code& ec) { @@ -989,7 +1035,11 @@ TEST(OpenSSLErrorTest, ES256SignErrorCode) { {&fail_EVP_DigestUpdate, 1, jwt::error::signature_generation_error::digestupdate_failed}, {&fail_EVP_DigestSignFinal, 1, jwt::error::signature_generation_error::signfinal_failed}, {&fail_EVP_DigestSignFinal, 2, jwt::error::signature_generation_error::signfinal_failed}, +#ifndef LIBWOLFSSL_VERSION_HEX {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signature_decoding_failed}, +#else + {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signfinal_failed}, +#endif }; run_multitest(mapping, [&alg](std::error_code& ec) { From 1ef34b301d91d4bc2419569c3b8c2f0f086baf53 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 5 Jun 2024 17:14:16 +0200 Subject: [PATCH 02/14] Remove unnecessary symbols --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 82613dc6f..191b18dec 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -126,7 +126,7 @@ if(${JWT_SSL_LIBRARY} MATCHES "wolfSSL") # This is required to access OpenSSL compatibility API target_include_directories(jwt-cpp INTERFACE ${wolfssl_INCLUDE_DIRS}) # EXTERNAL_OPTS_OPENVPN is necessary so that wolfssl/options.h is included automatically - target_compile_definitions(jwt-cpp INTERFACE OPENSSL_EXTRA OPENSSL_ALL EXTERNAL_OPTS_OPENVPN) + target_compile_definitions(jwt-cpp INTERFACE EXTERNAL_OPTS_OPENVPN) endif() if(NOT JWT_DISABLE_PICOJSON AND JWT_EXTERNAL_PICOJSON) From 23f9a43c631f264187fa7123497c3a34ecdbce33 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 6 Jun 2024 10:04:11 +0200 Subject: [PATCH 03/14] Don't fail fast on wolfSSL actions --- .github/workflows/ssl.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ssl.yml b/.github/workflows/ssl.yml index 80d6a83b7..8dfc5e4ae 100644 --- a/.github/workflows/ssl.yml +++ b/.github/workflows/ssl.yml @@ -83,6 +83,7 @@ jobs: wolfssl: runs-on: ubuntu-latest strategy: + fail-fast: false matrix: wolfssl: - { ref: "v5.1.1-stable", name: "5.1.1"} From d64fe8ab8709a2769ea21e1e66751bee52dc7fd6 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 7 Jun 2024 11:10:52 +0200 Subject: [PATCH 04/14] Include wolfssl/options.h explicitly --- CMakeLists.txt | 5 +++-- docs/install.md | 4 ++++ include/jwt-cpp/jwt.h | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 191b18dec..2695345d7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -115,18 +115,19 @@ target_include_directories(jwt-cpp INTERFACE $ +#endif #include #include #include From f9d4940da13c3888bff703a4385c204e2f3026b3 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 11 Jun 2024 13:33:40 +0200 Subject: [PATCH 05/14] Fix old wolfSSL failures --- include/jwt-cpp/jwt.h | 1 + tests/OpenSSLErrorTest.cpp | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h index 321426ea8..0bf154ec7 100644 --- a/include/jwt-cpp/jwt.h +++ b/include/jwt-cpp/jwt.h @@ -14,6 +14,7 @@ #ifdef JWT_WOLFSSL #include +#include #endif #include #include diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp index 48aa3dba5..ac254e584 100644 --- a/tests/OpenSSLErrorTest.cpp +++ b/tests/OpenSSLErrorTest.cpp @@ -561,6 +561,8 @@ TEST(OpenSSLErrorTest, ExtractPubkeyFromCertReference) { ASSERT_EQ(ec.value(), 0); } +#if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX >= 0x05007000 +/* Older versions of wolfSSL output different PEM encoding */ TEST(OpenSSLErrorTest, ConvertCertBase64DerToPemReference) { std::error_code ec; auto res = jwt::helper::convert_base64_der_to_pem(sample_cert_base64_der, ec); @@ -568,6 +570,7 @@ TEST(OpenSSLErrorTest, ConvertCertBase64DerToPemReference) { ASSERT_FALSE(!(!ec)); ASSERT_EQ(ec.value(), 0); } +#endif #ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL: limited ed support in compatibility layer */ TEST(OpenSSLErrorTest, ConvertEcdsaCertBase64DerToPemReference) { @@ -1035,7 +1038,7 @@ TEST(OpenSSLErrorTest, ES256SignErrorCode) { {&fail_EVP_DigestUpdate, 1, jwt::error::signature_generation_error::digestupdate_failed}, {&fail_EVP_DigestSignFinal, 1, jwt::error::signature_generation_error::signfinal_failed}, {&fail_EVP_DigestSignFinal, 2, jwt::error::signature_generation_error::signfinal_failed}, -#ifndef LIBWOLFSSL_VERSION_HEX +#if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX < 0x05007000 {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signature_decoding_failed}, #else {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signfinal_failed}, From b4352e8e6783e043251b7f2d28ecdbcee9da1575 Mon Sep 17 00:00:00 2001 From: Chris Mc Date: Sat, 15 Jun 2024 07:50:33 -0700 Subject: [PATCH 06/14] remove unused EVP_PKEY_get1_RSA this is deprecated with 3.0 --- tests/OpenSSLErrorTest.cpp | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp index ac254e584..bcc91e81e 100644 --- a/tests/OpenSSLErrorTest.cpp +++ b/tests/OpenSSLErrorTest.cpp @@ -42,7 +42,6 @@ static uint64_t fail_EC_KEY_check_key = 0; static uint64_t fail_EVP_PKEY_get1_EC_KEY = 0; #endif static uint64_t fail_ECDSA_SIG_new = 0; -static uint64_t fail_EVP_PKEY_get1_RSA = 0; static uint64_t fail_EVP_DigestSignInit = 0; static uint64_t fail_EVP_DigestSign = 0; static uint64_t fail_EVP_DigestVerifyInit = 0; @@ -337,17 +336,6 @@ ECDSA_SIG* ECDSA_SIG_new(void) { return origMethod(); } -RSA* EVP_PKEY_get1_RSA(EVP_PKEY* pkey) { - static RSA* (*origMethod)(EVP_PKEY * pkey) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_get1_RSA")); - bool fail = fail_EVP_PKEY_get1_RSA & 1; - fail_EVP_PKEY_get1_RSA = fail_EVP_PKEY_get1_RSA >> 1; - if (fail) - return nullptr; - else - return origMethod(pkey); -} - int EVP_DigestSignInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) { static int (*origMethod)(EVP_MD_CTX * ctx, EVP_PKEY_CTX * *pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) = nullptr; From 421809d3f84c25aad6b8810554e9b92bcda2db66 Mon Sep 17 00:00:00 2001 From: Christopher McArthur Date: Sun, 28 Jul 2024 22:00:13 -0700 Subject: [PATCH 07/14] code review comments --- CMakeLists.txt | 1 - include/jwt-cpp/jwt.h | 7 ++----- tests/OpenSSLErrorTest.cpp | 2 +- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8606d3c5c..7d4b237a9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -127,7 +127,6 @@ if(${JWT_SSL_LIBRARY} MATCHES "wolfSSL") target_link_libraries(jwt-cpp INTERFACE PkgConfig::wolfssl) # This is required to access OpenSSL compatibility API target_include_directories(jwt-cpp INTERFACE ${wolfssl_INCLUDE_DIRS}) - target_compile_definitions(jwt-cpp INTERFACE JWT_WOLFSSL) endif() if(NOT JWT_DISABLE_PICOJSON AND JWT_EXTERNAL_PICOJSON) diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h index 0bf154ec7..7369f3764 100644 --- a/include/jwt-cpp/jwt.h +++ b/include/jwt-cpp/jwt.h @@ -12,10 +12,6 @@ #include "base.h" #endif -#ifdef JWT_WOLFSSL -#include -#include -#endif #include #include #include @@ -24,7 +20,6 @@ #include #include #include -#include #include #include @@ -71,6 +66,8 @@ #if defined(LIBWOLFSSL_VERSION_HEX) #define JWT_OPENSSL_1_1_1 +#include +#include #endif #ifndef JWT_CLAIM_EXPLICIT diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp index bcc91e81e..8bdaf11e0 100644 --- a/tests/OpenSSLErrorTest.cpp +++ b/tests/OpenSSLErrorTest.cpp @@ -62,7 +62,7 @@ static uint64_t fail_PEM_write_bio_RSA_PUBKEY = 0; static uint64_t fail_RSA_set0_key = 0; #endif -#ifdef LIBWOLFSSL_VERSION_STRING +#ifdef LIBWOLFSSL_VERSION_HEX #define SYMBOL_NAME(s) ("wolfSSL_" s) #else #define SYMBOL_NAME(s) (s) From 9899b9a723e4680046b6e6d6518ff2bd57628dee Mon Sep 17 00:00:00 2001 From: Chris Mc Date: Sun, 28 Jul 2024 22:17:39 -0700 Subject: [PATCH 08/14] Apply suggestions from code review --- CMakeLists.txt | 6 ++++-- docs/install.md | 4 ---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 7d4b237a9..b2b749c56 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -115,18 +115,20 @@ target_include_directories(jwt-cpp INTERFACE $ Date: Sun, 28 Jul 2024 22:21:42 -0700 Subject: [PATCH 09/14] rm extra headers? --- include/jwt-cpp/jwt.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h index 7369f3764..6194d45ba 100644 --- a/include/jwt-cpp/jwt.h +++ b/include/jwt-cpp/jwt.h @@ -66,8 +66,6 @@ #if defined(LIBWOLFSSL_VERSION_HEX) #define JWT_OPENSSL_1_1_1 -#include -#include #endif #ifndef JWT_CLAIM_EXPLICIT From 04ad18ca55d815dfc0d48e5e4fa303c69afdd9a9 Mon Sep 17 00:00:00 2001 From: Christopher McArthur Date: Sun, 28 Jul 2024 22:24:42 -0700 Subject: [PATCH 10/14] fix cmake test use the new macro that was required --- CMakeLists.txt | 2 +- tests/cmake/wolfssl-is-used.cpp | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b2b749c56..ad6aad05b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -127,7 +127,7 @@ if(${JWT_SSL_LIBRARY} MATCHES "wolfSSL") target_include_directories(jwt-cpp INTERFACE ${wolfssl_INCLUDE_DIRS}) # This flag is required to have the manditory header included automatically # https://github.com/Thalhammer/jwt-cpp/pull/352#discussion_r1627971786 - # https://github.com/wolfSSL/wolfssl/blob/3b74a6402998a8b8839e25e31ba8ac74749aa9b0/wolfssl/wolfcrypt/settings.h#L58 + # https://github.com/wolfSSL/wolfssl/blob/3b74a6402998a8b8839e25e31ba8ac74749aa9b0/wolfssl/wolfcrypt/settings.h#L58 target_compile_definitions(jwt-cpp INTERFACE EXTERNAL_OPTS_OPENVPN) endif() diff --git a/tests/cmake/wolfssl-is-used.cpp b/tests/cmake/wolfssl-is-used.cpp index ca05316a9..ba58df3d4 100644 --- a/tests/cmake/wolfssl-is-used.cpp +++ b/tests/cmake/wolfssl-is-used.cpp @@ -2,14 +2,11 @@ #error "missing wolfSSL's SSL header!" #endif -#ifndef OPENSSL_EXTRA +// See https://github.com/Thalhammer/jwt-cpp/pull/352 +#ifndef EXTERNAL_OPTS_OPENVPN #error "missing wolfSSL's OPENSSL_EXTRA macro!" #endif -#ifndef OPENSSL_ALL -#error "missing wolfSSL's OPENSSL_ALL macro!" -#endif - #include "jwt-cpp/jwt.h" #include From bd29c567d53b8712408b6c564213fb86d99012d9 Mon Sep 17 00:00:00 2001 From: Christopher McArthur Date: Sun, 28 Jul 2024 22:28:37 -0700 Subject: [PATCH 11/14] linter --- tests/OpenSSLErrorTest.cpp | 48 ++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp index 8bdaf11e0..0e8274c0c 100644 --- a/tests/OpenSSLErrorTest.cpp +++ b/tests/OpenSSLErrorTest.cpp @@ -164,7 +164,8 @@ EVP_PKEY* PEM_read_bio_PUBKEY(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* EVP_PKEY* PEM_read_bio_PrivateKey(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* u) { static EVP_PKEY* (*origMethod)(BIO * bp, EVP_PKEY * *x, pem_password_cb * cb, void* u) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_PrivateKey")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_PrivateKey")); bool fail = fail_PEM_read_bio_PrivateKey & 1; fail_PEM_read_bio_PrivateKey = fail_PEM_read_bio_PrivateKey >> 1; if (fail) @@ -270,7 +271,8 @@ int EVP_VerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigbuf, unsigned int s #ifdef JWT_OPENSSL_3_0 int EVP_PKEY_public_check(EVP_PKEY_CTX* ctx) { static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_public_check")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_public_check")); bool fail = fail_EVP_PKEY_public_check & 1; fail_EVP_PKEY_public_check = fail_EVP_PKEY_public_check >> 1; if (fail) @@ -281,7 +283,8 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX* ctx) { int EVP_PKEY_private_check(EVP_PKEY_CTX* ctx) { static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_private_check")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_private_check")); bool fail = fail_EVP_PKEY_private_check & 1; fail_EVP_PKEY_private_check = fail_EVP_PKEY_private_check >> 1; if (fail) @@ -292,7 +295,8 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX* ctx) { EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX* libctx, EVP_PKEY* pkey, const char* propquery) { static EVP_PKEY_CTX* (*origMethod)(OSSL_LIB_CTX * libctx, EVP_PKEY * pkey, const char* propquery) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_CTX_new_from_pkey")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_CTX_new_from_pkey")); bool fail = fail_EVP_PKEY_CTX_new_from_pkey & 1; fail_EVP_PKEY_CTX_new_from_pkey = fail_EVP_PKEY_CTX_new_from_pkey >> 1; if (fail) @@ -386,7 +390,8 @@ int EVP_DigestVerify(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, con int EVP_DigestVerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigret, size_t siglen) { static int (*origMethod)(EVP_MD_CTX * ctx, const unsigned char* sigret, size_t siglen) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerifyFinal")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerifyFinal")); bool fail = fail_EVP_DigestVerifyFinal & 1; fail_EVP_DigestVerifyFinal = fail_EVP_DigestVerifyFinal >> 1; if (fail) @@ -431,7 +436,8 @@ OSSL_PARAM_BLD* OSSL_PARAM_BLD_new() { int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD* bld, const char* key, const BIGNUM* bn) { static int (*origMethod)(OSSL_PARAM_BLD * bld, const char* key, const BIGNUM* bn) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("OSSL_PARAM_BLD_push_BN")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("OSSL_PARAM_BLD_push_BN")); bool fail = fail_OSSL_PARAM_BLD_push_BN & 1; fail_OSSL_PARAM_BLD_push_BN = fail_OSSL_PARAM_BLD_push_BN >> 1; if (fail) @@ -442,7 +448,8 @@ int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD* bld, const char* key, const BIGNUM* b OSSL_PARAM* OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD* bld) { static OSSL_PARAM* (*origMethod)(OSSL_PARAM_BLD * bld) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("OSSL_PARAM_BLD_to_param")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("OSSL_PARAM_BLD_to_param")); bool fail = fail_OSSL_PARAM_BLD_to_param & 1; fail_OSSL_PARAM_BLD_to_param = fail_OSSL_PARAM_BLD_to_param >> 1; if (fail) @@ -453,7 +460,8 @@ OSSL_PARAM* OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD* bld) { EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX* libctx, const char* name, const char* propquery) { static EVP_PKEY_CTX* (*origMethod)(OSSL_LIB_CTX * libctx, const char* name, const char* propquery) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_CTX_new_from_name")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_CTX_new_from_name")); bool fail = fail_EVP_PKEY_CTX_new_from_name & 1; fail_EVP_PKEY_CTX_new_from_name = fail_EVP_PKEY_CTX_new_from_name >> 1; if (fail) @@ -464,7 +472,8 @@ EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX* libctx, const char* name, int EVP_PKEY_fromdata_init(EVP_PKEY_CTX* ctx) { static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_fromdata_init")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_fromdata_init")); bool fail = fail_EVP_PKEY_fromdata_init & 1; fail_EVP_PKEY_fromdata_init = fail_EVP_PKEY_fromdata_init >> 1; if (fail) @@ -486,7 +495,8 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX* ctx, EVP_PKEY** ppkey, int selection, OSSL_P #else int PEM_write_bio_RSA_PUBKEY(BIO* bp, RSA* x) { static int (*origMethod)(BIO * bp, RSA * x) = nullptr; - if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_write_bio_RSA_PUBKEY")); + if (origMethod == nullptr) + origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_write_bio_RSA_PUBKEY")); bool fail = fail_PEM_write_bio_RSA_PUBKEY & 1; fail_PEM_write_bio_RSA_PUBKEY = fail_PEM_write_bio_RSA_PUBKEY >> 1; if (fail) @@ -996,7 +1006,9 @@ TEST(OpenSSLErrorTest, ECDSACertificate) { {&fail_X509_get_pubkey, 1, jwt::error::ecdsa_error::get_key_failed}, {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::ecdsa_error::write_key_failed}, #ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ - {&fail_BIO_ctrl, 1, jwt::error::ecdsa_error::convert_to_pem_failed} + { + &fail_BIO_ctrl, 1, jwt::error::ecdsa_error::convert_to_pem_failed + } #endif }; @@ -1020,16 +1032,16 @@ TEST(OpenSSLErrorTest, ES256Reference) { TEST(OpenSSLErrorTest, ES256SignErrorCode) { jwt::algorithm::es256 alg{ecdsa256_pub_key, ecdsa256_priv_key}; - std::vector mapping{ + std::vector mapping { {&fail_EVP_MD_CTX_new, 1, jwt::error::signature_generation_error::create_context_failed}, - {&fail_EVP_DigestSignInit, 1, jwt::error::signature_generation_error::signinit_failed}, - {&fail_EVP_DigestUpdate, 1, jwt::error::signature_generation_error::digestupdate_failed}, - {&fail_EVP_DigestSignFinal, 1, jwt::error::signature_generation_error::signfinal_failed}, - {&fail_EVP_DigestSignFinal, 2, jwt::error::signature_generation_error::signfinal_failed}, + {&fail_EVP_DigestSignInit, 1, jwt::error::signature_generation_error::signinit_failed}, + {&fail_EVP_DigestUpdate, 1, jwt::error::signature_generation_error::digestupdate_failed}, + {&fail_EVP_DigestSignFinal, 1, jwt::error::signature_generation_error::signfinal_failed}, + {&fail_EVP_DigestSignFinal, 2, jwt::error::signature_generation_error::signfinal_failed}, #if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX < 0x05007000 - {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signature_decoding_failed}, + {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signature_decoding_failed}, #else - {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signfinal_failed}, + {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signfinal_failed}, #endif }; From a7ea901d6e7b038ae6746c8deef423cc2d0fe5b2 Mon Sep 17 00:00:00 2001 From: Christopher McArthur Date: Sun, 28 Jul 2024 22:29:27 -0700 Subject: [PATCH 12/14] fix unused warning fail_HMAC --- tests/OpenSSLErrorTest.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp index 0e8274c0c..741097d88 100644 --- a/tests/OpenSSLErrorTest.cpp +++ b/tests/OpenSSLErrorTest.cpp @@ -26,7 +26,9 @@ static uint64_t fail_BIO_ctrl = 0; static uint64_t fail_BIO_write = 0; static uint64_t fail_PEM_read_bio_PUBKEY = 0; static uint64_t fail_PEM_read_bio_PrivateKey = 0; +#if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX > 0x05007000 static uint64_t fail_HMAC = 0; +#endif static uint64_t fail_EVP_MD_CTX_new = 0; static uint64_t fail_EVP_DigestInit = 0; static uint64_t fail_EVP_DigestUpdate = 0; From 85e404ddb6ec56262f0234f442f4bed2a5d1ce6f Mon Sep 17 00:00:00 2001 From: Chris Mc Date: Sun, 28 Jul 2024 22:33:07 -0700 Subject: [PATCH 13/14] reenable fail fast --- .github/workflows/ssl.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ssl.yml b/.github/workflows/ssl.yml index f89a4290a..2ec9fe3d4 100644 --- a/.github/workflows/ssl.yml +++ b/.github/workflows/ssl.yml @@ -85,7 +85,6 @@ jobs: wolfssl: runs-on: ubuntu-latest strategy: - fail-fast: false matrix: wolfssl: - { ref: "v5.1.1-stable", name: "5.1.1"} From 000200d0daf61cf8b99a0c49e0e44e18c59e4391 Mon Sep 17 00:00:00 2001 From: Chris Mc Date: Sun, 28 Jul 2024 22:34:25 -0700 Subject: [PATCH 14/14] fix spelling --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index ad6aad05b..7a263aef5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -125,7 +125,7 @@ if(${JWT_SSL_LIBRARY} MATCHES "wolfSSL") target_link_libraries(jwt-cpp INTERFACE PkgConfig::wolfssl) # This is required to access OpenSSL compatibility API target_include_directories(jwt-cpp INTERFACE ${wolfssl_INCLUDE_DIRS}) - # This flag is required to have the manditory header included automatically + # This flag is required to have the mandatory header included automatically # https://github.com/Thalhammer/jwt-cpp/pull/352#discussion_r1627971786 # https://github.com/wolfSSL/wolfssl/blob/3b74a6402998a8b8839e25e31ba8ac74749aa9b0/wolfssl/wolfcrypt/settings.h#L58 target_compile_definitions(jwt-cpp INTERFACE EXTERNAL_OPTS_OPENVPN)