diff --git a/jwt-cpp/0.6.0.patch b/jwt-cpp/0.6.0.patch new file mode 100644 index 00000000..1364e78d --- /dev/null +++ b/jwt-cpp/0.6.0.patch @@ -0,0 +1,527 @@ +From d8639ef072fda3c13d0f44a4346c05770d467689 Mon Sep 17 00:00:00 2001 +From: Juliusz Sosinowicz +Date: Wed, 5 Jun 2024 13:37:17 +0200 +Subject: [PATCH] Patch for wolfSSL + +This patch implements wolfSSL support in jwt-cpp with CMake. + +Compile wolfSSL with: + ./configure --enable-all + make + make install + +Compile grpc with: + cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL . + make -j -C build + make install + +To link with wolfSSL in a non-standard directory compile with: + PKG_CONFIG_PATH=/path/to/dir/with/pkgconfig/file cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL . + +To run tests compile with: + cmake -E env CXXFLAGS="-g3 -O0" cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON . + make -j -C build + ./build/tests/jwt-cpp-test +--- + CMakeLists.txt | 2 +- + include/jwt-cpp/jwt.h | 1 + + tests/HelperTest.cpp | 2 +- + tests/OpenSSLErrorTest.cpp | 124 +++++++++++++++++++++++++------------ + 4 files changed, 86 insertions(+), 43 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index f9d07ee..b5f1efa 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -100,7 +100,7 @@ if(${JWT_SSL_LIBRARY} MATCHES "wolfSSL") + target_link_libraries(jwt-cpp INTERFACE PkgConfig::wolfssl) + # This is required to access OpenSSL compatability API + target_include_directories(jwt-cpp INTERFACE ${wolfssl_INCLUDE_DIRS}) +- target_compile_definitions(jwt-cpp INTERFACE OPENSSL_EXTRA OPENSSL_ALL) ++ target_compile_definitions(jwt-cpp INTERFACE OPENSSL_EXTRA OPENSSL_ALL EXTERNAL_OPTS_OPENVPN) + endif() + + if(JWT_EXTERNAL_PICOJSON) +diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h +index 211305e..096142c 100644 +--- a/include/jwt-cpp/jwt.h ++++ b/include/jwt-cpp/jwt.h +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + + #include + #include +diff --git a/tests/HelperTest.cpp b/tests/HelperTest.cpp +index c4ad6c4..1381707 100644 +--- a/tests/HelperTest.cpp ++++ b/tests/HelperTest.cpp +@@ -85,7 +85,7 @@ namespace { + std::string google_cert = + // This is to handle the different subject alternate name ordering + // see https://github.com/wolfSSL/wolfssl/issues/4397 +-#ifdef LIBWOLFSSL_VERSION_HEX ++#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007000 + R"(-----BEGIN CERTIFICATE----- + MIIFfTCCBOagAwIBAgIKYFOB9QABAACIvTANBgkqhkiG9w0BAQUFADBGMQswCQYD + VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu +diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp +index 356a153..a8836cc 100644 +--- a/tests/OpenSSLErrorTest.cpp ++++ b/tests/OpenSSLErrorTest.cpp +@@ -54,9 +54,15 @@ static uint64_t fail_EVP_DigestVerifyFinal = 0; + static uint64_t fail_d2i_ECDSA_SIG = 0; + static uint64_t fail_i2d_ECDSA_SIG = 0; + ++#ifdef LIBWOLFSSL_VERSION_STRING ++#define SYMBOL_NAME(s) ("wolfSSL_" s) ++#else ++#define SYMBOL_NAME(s) (s) ++#endif ++ + BIO* BIO_new(const BIO_METHOD* type) { + static BIO* (*origMethod)(const BIO_METHOD*) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "BIO_new"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("BIO_new")); + bool fail = fail_BIO_new & 1; + fail_BIO_new = fail_BIO_new >> 1; + if (fail) +@@ -67,7 +73,7 @@ BIO* BIO_new(const BIO_METHOD* type) { + + X509* PEM_read_bio_X509(BIO* bp, X509** x, pem_password_cb* cb, void* u) { + static X509* (*origMethod)(BIO * bp, X509 * *x, pem_password_cb * cb, void* u) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_X509"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_X509")); + bool fail = fail_PEM_read_bio_X509 & 1; + fail_PEM_read_bio_X509 = fail_PEM_read_bio_X509 >> 1; + if (fail) +@@ -78,7 +84,7 @@ X509* PEM_read_bio_X509(BIO* bp, X509** x, pem_password_cb* cb, void* u) { + + EVP_PKEY* X509_get_pubkey(X509* x) { + static EVP_PKEY* (*origMethod)(X509*) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "X509_get_pubkey"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("X509_get_pubkey")); + bool fail = fail_X509_get_pubkey & 1; + fail_X509_get_pubkey = fail_X509_get_pubkey >> 1; + if (fail) +@@ -95,7 +101,7 @@ EVP_PKEY* X509_get_pubkey(X509* x) { + + int PEM_write_bio_PUBKEY(BIO* bp, OPENSSL_CONST EVP_PKEY* x) { + static int (*origMethod)(BIO * bp, OPENSSL_CONST EVP_PKEY * x) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_write_bio_PUBKEY"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_write_bio_PUBKEY")); + bool fail = fail_PEM_write_bio_PUBKEY & 1; + fail_PEM_write_bio_PUBKEY = fail_PEM_write_bio_PUBKEY >> 1; + if (fail) +@@ -106,7 +112,7 @@ int PEM_write_bio_PUBKEY(BIO* bp, OPENSSL_CONST EVP_PKEY* x) { + + int PEM_write_bio_X509(BIO* bp, OPENSSL_CONST X509* x) { + static int (*origMethod)(BIO * bp, OPENSSL_CONST X509 * x) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_write_bio_X509"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_write_bio_X509")); + bool fail = fail_PEM_write_bio_cert & 1; + fail_PEM_write_bio_cert = fail_PEM_write_bio_cert >> 1; + if (fail) +@@ -117,7 +123,7 @@ int PEM_write_bio_X509(BIO* bp, OPENSSL_CONST X509* x) { + + long BIO_ctrl(BIO* bp, int cmd, long larg, void* parg) { + static long (*origMethod)(BIO * bp, int cmd, long larg, void* parg) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "BIO_ctrl"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("BIO_ctrl")); + bool fail = fail_BIO_ctrl & 1; + fail_BIO_ctrl = fail_BIO_ctrl >> 1; + if (fail) +@@ -128,7 +134,7 @@ long BIO_ctrl(BIO* bp, int cmd, long larg, void* parg) { + + int BIO_write(BIO* b, const void* data, int dlen) { + static int (*origMethod)(BIO * b, const void* data, int dlen) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "BIO_write"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("BIO_write")); + bool fail = fail_BIO_write & 1; + fail_BIO_write = fail_BIO_write >> 1; + if (fail) +@@ -139,7 +145,7 @@ int BIO_write(BIO* b, const void* data, int dlen) { + + EVP_PKEY* PEM_read_bio_PUBKEY(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* u) { + static EVP_PKEY* (*origMethod)(BIO * bp, EVP_PKEY * *x, pem_password_cb * cb, void* u) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_PUBKEY"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_PUBKEY")); + bool fail = fail_PEM_read_bio_PUBKEY & 1; + fail_PEM_read_bio_PUBKEY = fail_PEM_read_bio_PUBKEY >> 1; + if (fail) +@@ -150,7 +156,7 @@ EVP_PKEY* PEM_read_bio_PUBKEY(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* + + EVP_PKEY* PEM_read_bio_PrivateKey(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, void* u) { + static EVP_PKEY* (*origMethod)(BIO * bp, EVP_PKEY * *x, pem_password_cb * cb, void* u) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_PrivateKey"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_PrivateKey")); + bool fail = fail_PEM_read_bio_PrivateKey & 1; + fail_PEM_read_bio_PrivateKey = fail_PEM_read_bio_PrivateKey >> 1; + if (fail) +@@ -161,7 +167,7 @@ EVP_PKEY* PEM_read_bio_PrivateKey(BIO* bp, EVP_PKEY** x, pem_password_cb* cb, vo + + EC_KEY* PEM_read_bio_EC_PUBKEY(BIO* bp, EC_KEY** x, pem_password_cb* cb, void* u) { + static EC_KEY* (*origMethod)(BIO * bp, EC_KEY * *x, pem_password_cb * cb, void* u) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_EC_PUBKEY"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_EC_PUBKEY")); + bool fail = fail_PEM_read_bio_EC_PUBKEY & 1; + fail_PEM_read_bio_EC_PUBKEY = fail_PEM_read_bio_EC_PUBKEY >> 1; + if (fail) +@@ -172,7 +178,7 @@ EC_KEY* PEM_read_bio_EC_PUBKEY(BIO* bp, EC_KEY** x, pem_password_cb* cb, void* u + + EC_KEY* PEM_read_bio_ECPrivateKey(BIO* bp, EC_KEY** x, pem_password_cb* cb, void* u) { + static EC_KEY* (*origMethod)(BIO * bp, EC_KEY * *x, pem_password_cb * cb, void* u) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "PEM_read_bio_ECPrivateKey"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("PEM_read_bio_ECPrivateKey")); + bool fail = fail_PEM_read_bio_ECPrivateKey & 1; + fail_PEM_read_bio_ECPrivateKey = fail_PEM_read_bio_ECPrivateKey >> 1; + if (fail) +@@ -181,11 +187,13 @@ EC_KEY* PEM_read_bio_ECPrivateKey(BIO* bp, EC_KEY** x, pem_password_cb* cb, void + return origMethod(bp, x, cb, u); + } + ++#if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX > 0x05007000 ++/* wolfSSL definition collides. Fixed after 5.7.0 */ + unsigned char* HMAC(const EVP_MD* evp_md, const void* key, int key_len, const unsigned char* d, size_t n, + unsigned char* md, unsigned int* md_len) { + static unsigned char* (*origMethod)(const EVP_MD* evp_md, const void* key, int key_len, const unsigned char* d, + size_t n, unsigned char* md, unsigned int* md_len) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "HMAC"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("HMAC")); + bool fail = fail_HMAC & 1; + fail_HMAC = fail_HMAC >> 1; + if (fail) +@@ -193,10 +201,11 @@ unsigned char* HMAC(const EVP_MD* evp_md, const void* key, int key_len, const un + else + return origMethod(evp_md, key, key_len, d, n, md, md_len); + } ++#endif + + EVP_MD_CTX* EVP_MD_CTX_new(void) { + static EVP_MD_CTX* (*origMethod)(void) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_MD_CTX_new"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_MD_CTX_new")); + bool fail = fail_EVP_MD_CTX_new & 1; + fail_EVP_MD_CTX_new = fail_EVP_MD_CTX_new >> 1; + if (fail) +@@ -207,7 +216,7 @@ EVP_MD_CTX* EVP_MD_CTX_new(void) { + + int EVP_DigestSignFinal(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen) { + static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* sigret, size_t* siglen) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestSignFinal"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestSignFinal")); + bool fail = fail_EVP_DigestSignFinal & 1; + fail_EVP_DigestSignFinal = fail_EVP_DigestSignFinal >> 1; + if (fail) +@@ -218,7 +227,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen) + + int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type) { + static int (*origMethod)(EVP_MD_CTX * ctx, const EVP_MD* type) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestInit"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestInit")); + bool fail = fail_EVP_DigestInit & 1; + fail_EVP_DigestInit = fail_EVP_DigestInit >> 1; + if (fail) +@@ -229,7 +238,7 @@ int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type) { + + int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* d, size_t cnt) { + static int (*origMethod)(EVP_MD_CTX * ctx, const void* d, size_t cnt) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestUpdate"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestUpdate")); + bool fail = fail_EVP_DigestUpdate & 1; + fail_EVP_DigestUpdate = fail_EVP_DigestUpdate >> 1; + if (fail) +@@ -240,7 +249,7 @@ int EVP_DigestUpdate(EVP_MD_CTX* ctx, const void* d, size_t cnt) { + + int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { + static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* md, unsigned int* s) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestFinal"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestFinal")); + bool fail = fail_EVP_DigestFinal & 1; + fail_EVP_DigestFinal = fail_EVP_DigestFinal >> 1; + if (fail) +@@ -251,7 +260,7 @@ int EVP_DigestFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { + + int EVP_SignFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s, EVP_PKEY* pkey) { + static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* md, unsigned int* s, EVP_PKEY* pkey) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_SignFinal"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_SignFinal")); + bool fail = fail_EVP_SignFinal & 1; + fail_EVP_SignFinal = fail_EVP_SignFinal >> 1; + if (fail) +@@ -263,7 +272,7 @@ int EVP_SignFinal(EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s, EVP_PKEY* + int EVP_VerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigbuf, unsigned int siglen, EVP_PKEY* pkey) { + static int (*origMethod)(EVP_MD_CTX * ctx, const unsigned char* sigbuf, unsigned int siglen, EVP_PKEY* pkey) = + nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_VerifyFinal"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_VerifyFinal")); + bool fail = fail_EVP_VerifyFinal & 1; + fail_EVP_VerifyFinal = fail_EVP_VerifyFinal >> 1; + if (fail) +@@ -275,7 +284,7 @@ int EVP_VerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigbuf, unsigned int s + #ifdef JWT_OPENSSL_3_0 + int EVP_PKEY_public_check(EVP_PKEY_CTX* ctx) { + static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_public_check"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_public_check")); + bool fail = fail_EVP_PKEY_public_check & 1; + fail_EVP_PKEY_public_check = fail_EVP_PKEY_public_check >> 1; + if (fail) +@@ -286,7 +295,7 @@ int EVP_PKEY_public_check(EVP_PKEY_CTX* ctx) { + + int EVP_PKEY_private_check(EVP_PKEY_CTX* ctx) { + static int (*origMethod)(EVP_PKEY_CTX * ctx) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_private_check"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_private_check")); + bool fail = fail_EVP_PKEY_private_check & 1; + fail_EVP_PKEY_private_check = fail_EVP_PKEY_private_check >> 1; + if (fail) +@@ -297,7 +306,7 @@ int EVP_PKEY_private_check(EVP_PKEY_CTX* ctx) { + + EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX* libctx, EVP_PKEY* pkey, const char* propquery) { + static EVP_PKEY_CTX* (*origMethod)(OSSL_LIB_CTX * libctx, EVP_PKEY * pkey, const char* propquery) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_CTX_new_from_pkey"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_CTX_new_from_pkey")); + bool fail = fail_EVP_PKEY_CTX_new_from_pkey & 1; + fail_EVP_PKEY_CTX_new_from_pkey = fail_EVP_PKEY_CTX_new_from_pkey >> 1; + if (fail) +@@ -309,7 +318,7 @@ EVP_PKEY_CTX* EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX* libctx, EVP_PKEY* pkey, c + #else + int EC_KEY_check_key(const EC_KEY* key) { + static int (*origMethod)(const EC_KEY* key) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EC_KEY_check_key"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EC_KEY_check_key")); + bool fail = fail_EC_KEY_check_key & 1; + fail_EC_KEY_check_key = fail_EC_KEY_check_key >> 1; + if (fail) +@@ -320,7 +329,7 @@ int EC_KEY_check_key(const EC_KEY* key) { + + EC_KEY* EVP_PKEY_get1_EC_KEY(EVP_PKEY* pkey) { + static EC_KEY* (*origMethod)(EVP_PKEY * pkey) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_get1_EC_KEY"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_get1_EC_KEY")); + bool fail = fail_EVP_PKEY_get1_EC_KEY & 1; + fail_EVP_PKEY_get1_EC_KEY = fail_EVP_PKEY_get1_EC_KEY >> 1; + if (fail) +@@ -332,7 +341,7 @@ EC_KEY* EVP_PKEY_get1_EC_KEY(EVP_PKEY* pkey) { + + ECDSA_SIG* ECDSA_SIG_new(void) { + static ECDSA_SIG* (*origMethod)() = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "ECDSA_SIG_new"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("ECDSA_SIG_new")); + bool fail = fail_ECDSA_SIG_new & 1; + fail_ECDSA_SIG_new = fail_ECDSA_SIG_new >> 1; + if (fail) +@@ -343,7 +352,7 @@ ECDSA_SIG* ECDSA_SIG_new(void) { + + ECDSA_SIG* ECDSA_do_sign(const unsigned char* dgst, int dgst_len, EC_KEY* eckey) { + static ECDSA_SIG* (*origMethod)(const unsigned char* dgst, int dgst_len, EC_KEY* eckey) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "ECDSA_do_sign"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("ECDSA_do_sign")); + bool fail = fail_ECDSA_do_sign & 1; + fail_ECDSA_do_sign = fail_ECDSA_do_sign >> 1; + if (fail) +@@ -352,9 +361,9 @@ ECDSA_SIG* ECDSA_do_sign(const unsigned char* dgst, int dgst_len, EC_KEY* eckey) + return origMethod(dgst, dgst_len, eckey); + } + +-struct rsa_st* EVP_PKEY_get1_RSA(EVP_PKEY* pkey) { +- static struct rsa_st* (*origMethod)(EVP_PKEY * pkey) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_PKEY_get1_RSA"); ++RSA* EVP_PKEY_get1_RSA(EVP_PKEY* pkey) { ++ static RSA* (*origMethod)(EVP_PKEY * pkey) = nullptr; ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_PKEY_get1_RSA")); + bool fail = fail_EVP_PKEY_get1_RSA & 1; + fail_EVP_PKEY_get1_RSA = fail_EVP_PKEY_get1_RSA >> 1; + if (fail) +@@ -366,7 +375,7 @@ struct rsa_st* EVP_PKEY_get1_RSA(EVP_PKEY* pkey) { + int EVP_DigestSignInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) { + static int (*origMethod)(EVP_MD_CTX * ctx, EVP_PKEY_CTX * *pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) = + nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestSignInit"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestSignInit")); + bool fail = fail_EVP_DigestSignInit & 1; + fail_EVP_DigestSignInit = fail_EVP_DigestSignInit >> 1; + if (fail) +@@ -378,7 +387,7 @@ int EVP_DigestSignInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* type, + int EVP_DigestSign(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, size_t tbslen) { + static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, + size_t tbslen) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestSign"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestSign")); + bool fail = fail_EVP_DigestSign & 1; + fail_EVP_DigestSign = fail_EVP_DigestSign >> 1; + if (fail) +@@ -390,7 +399,7 @@ int EVP_DigestSign(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, const + int EVP_DigestVerifyInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) { + static int (*origMethod)(EVP_MD_CTX * ctx, EVP_PKEY_CTX * *pctx, const EVP_MD* type, ENGINE* e, EVP_PKEY* pkey) = + nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestVerifyInit"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerifyInit")); + bool fail = fail_EVP_DigestVerifyInit & 1; + fail_EVP_DigestVerifyInit = fail_EVP_DigestVerifyInit >> 1; + if (fail) +@@ -402,7 +411,7 @@ int EVP_DigestVerifyInit(EVP_MD_CTX* ctx, EVP_PKEY_CTX** pctx, const EVP_MD* typ + int EVP_DigestVerify(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, size_t tbslen) { + static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* sigret, size_t* siglen, const unsigned char* tbs, + size_t tbslen) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestVerify"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerify")); + bool fail = fail_EVP_DigestVerify & 1; + fail_EVP_DigestVerify = fail_EVP_DigestVerify >> 1; + if (fail) +@@ -413,7 +422,7 @@ int EVP_DigestVerify(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen, con + + int EVP_DigestVerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigret, size_t siglen) { + static int (*origMethod)(EVP_MD_CTX * ctx, const unsigned char* sigret, size_t siglen) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestVerifyFinal"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("EVP_DigestVerifyFinal")); + bool fail = fail_EVP_DigestVerifyFinal & 1; + fail_EVP_DigestVerifyFinal = fail_EVP_DigestVerifyFinal >> 1; + if (fail) +@@ -424,7 +433,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigret, size_t s + + int i2d_ECDSA_SIG(const ECDSA_SIG* sig, unsigned char** ppout) { + static int (*origMethod)(const ECDSA_SIG* sig, unsigned char** ppout) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "i2d_ECDSA_SIG"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("i2d_ECDSA_SIG")); + bool fail = fail_i2d_ECDSA_SIG & 1; + fail_i2d_ECDSA_SIG = fail_i2d_ECDSA_SIG >> 1; + if (fail) +@@ -435,7 +444,7 @@ int i2d_ECDSA_SIG(const ECDSA_SIG* sig, unsigned char** ppout) { + + ECDSA_SIG* d2i_ECDSA_SIG(ECDSA_SIG** psig, const unsigned char** ppin, long len) { + static ECDSA_SIG* (*origMethod)(ECDSA_SIG * *psig, const unsigned char** ppin, long len) = nullptr; +- if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "d2i_ECDSA_SIG"); ++ if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, SYMBOL_NAME("d2i_ECDSA_SIG")); + bool fail = fail_d2i_ECDSA_SIG & 1; + fail_d2i_ECDSA_SIG = fail_d2i_ECDSA_SIG >> 1; + if (fail) +@@ -520,7 +529,10 @@ TEST(OpenSSLErrorTest, ExtractPubkeyFromCert) { + {&fail_PEM_read_bio_X509, 1, jwt::error::rsa_error::cert_load_failed}, + {&fail_X509_get_pubkey, 1, jwt::error::rsa_error::get_key_failed}, + {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::write_key_failed}, +- {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; ++#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ ++ {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} ++#endif ++ }; + + run_multitest(mapping, [](std::error_code& ec) { + try { +@@ -535,7 +547,10 @@ TEST(OpenSSLErrorTest, ExtractPubkeyFromCertErrorCode) { + {&fail_PEM_read_bio_X509, 1, jwt::error::rsa_error::cert_load_failed}, + {&fail_X509_get_pubkey, 1, jwt::error::rsa_error::get_key_failed}, + {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::write_key_failed}, +- {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; ++#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ ++ {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} ++#endif ++ }; + + run_multitest(mapping, [](std::error_code& ec) { + auto res = jwt::helper::extract_pubkey_from_cert(sample_cert, "", ec); +@@ -546,7 +561,10 @@ TEST(OpenSSLErrorTest, ExtractPubkeyFromCertErrorCode) { + TEST(OpenSSLErrorTest, ConvertCertBase64DerToPem) { + std::vector mapping{{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, + {&fail_PEM_write_bio_cert, 1, jwt::error::rsa_error::write_cert_failed}, +- {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; ++#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ ++ {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} ++#endif ++ }; + + run_multitest(mapping, [](std::error_code& ec) { + try { +@@ -559,7 +577,10 @@ TEST(OpenSSLErrorTest, ConvertCertBase64DerToPem) { + TEST(OpenSSLErrorTest, ConvertCertBase64DerToPemErrorCode) { + std::vector mapping{{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, + {&fail_PEM_write_bio_cert, 1, jwt::error::rsa_error::write_cert_failed}, +- {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; ++#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ ++ {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} ++#endif ++ }; + + run_multitest(mapping, [](std::error_code& ec) { + auto res = jwt::helper::convert_base64_der_to_pem(sample_cert_base64_der, ec); +@@ -603,7 +624,11 @@ TEST(OpenSSLErrorTest, LoadPublicKeyCertFromStringReference) { + + TEST(OpenSSLErrorTest, LoadPublicKeyCertFromString) { + std::vector mapping{{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, ++#ifndef LIBWOLFSSL_VERSION_HEX + {&fail_BIO_write, 1, jwt::error::rsa_error::load_key_bio_write}, ++#else ++ {&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed}, ++#endif + {&fail_PEM_read_bio_PUBKEY, 1, jwt::error::rsa_error::load_key_bio_read}}; + + run_multitest(mapping, [](std::error_code& ec) { +@@ -616,7 +641,11 @@ TEST(OpenSSLErrorTest, LoadPublicKeyCertFromString) { + + TEST(OpenSSLErrorTest, LoadPublicKeyCertFromStringErrorCode) { + std::vector mapping{{&fail_BIO_new, 1, jwt::error::rsa_error::create_mem_bio_failed}, ++#ifndef LIBWOLFSSL_VERSION_HEX + {&fail_BIO_write, 1, jwt::error::rsa_error::load_key_bio_write}, ++#else ++ {&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed}, ++#endif + {&fail_PEM_read_bio_PUBKEY, 1, jwt::error::rsa_error::load_key_bio_read}}; + + run_multitest(mapping, [](std::error_code& ec) { +@@ -654,6 +683,7 @@ TEST(OpenSSLErrorTest, LoadPrivateKeyFromStringErrorCode) { + }); + } + ++#if !defined(LIBWOLFSSL_VERSION_HEX) || LIBWOLFSSL_VERSION_HEX > 0x05007000 + TEST(OpenSSLErrorTest, HMACSign) { + std::string token = + "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJhdXRoMCJ9.AbIJTDMFc7yUa5MhvcP03nJPyCPzZtQcGEp-zWfOkEE"; +@@ -665,6 +695,7 @@ TEST(OpenSSLErrorTest, HMACSign) { + + run_multitest(mapping, [&](std::error_code& ec) { verify.verify(decoded_token, ec); }); + } ++#endif + + TEST(OpenSSLErrorTest, RS256Reference) { + jwt::algorithm::rs256 alg{rsa_pub_key, rsa_priv_key}; +@@ -757,14 +788,21 @@ TEST(OpenSSLErrorTest, LoadECDSAPublicKeyFromString) { + + TEST(OpenSSLErrorTest, ECDSACertificate) { + std::vector mapping{{&fail_BIO_new, 1, jwt::error::ecdsa_error::create_mem_bio_failed}, ++#ifndef LIBWOLFSSL_VERSION_HEX + {&fail_BIO_write, 1, jwt::error::ecdsa_error::load_key_bio_write}, ++#else ++ {&fail_BIO_write, 1, jwt::error::rsa_error::write_key_failed}, ++#endif + {&fail_PEM_read_bio_PUBKEY, 1, jwt::error::ecdsa_error::load_key_bio_read}, + // extract_pubkey_from_cert + {&fail_BIO_new, 2, jwt::error::rsa_error::create_mem_bio_failed}, + {&fail_PEM_read_bio_X509, 1, jwt::error::rsa_error::cert_load_failed}, + {&fail_X509_get_pubkey, 1, jwt::error::rsa_error::get_key_failed}, + {&fail_PEM_write_bio_PUBKEY, 1, jwt::error::rsa_error::write_key_failed}, +- {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed}}; ++#ifndef LIBWOLFSSL_VERSION_HEX /* wolfSSL does not use BIO_ctrl in BIO_get_mem_data */ ++ {&fail_BIO_ctrl, 1, jwt::error::rsa_error::convert_to_pem_failed} ++#endif ++ }; + + run_multitest(mapping, [](std::error_code& ec) { + try { +@@ -792,7 +830,11 @@ TEST(OpenSSLErrorTest, ES256SignErrorCode) { + {&fail_EVP_DigestUpdate, 1, jwt::error::signature_generation_error::digestupdate_failed}, + {&fail_EVP_DigestSignFinal, 1, jwt::error::signature_generation_error::signfinal_failed}, + {&fail_EVP_DigestSignFinal, 2, jwt::error::signature_generation_error::signfinal_failed}, ++#ifndef LIBWOLFSSL_VERSION_HEX + {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signature_decoding_failed}, ++#else ++ {&fail_d2i_ECDSA_SIG, 1, jwt::error::signature_generation_error::signfinal_failed}, ++#endif + }; + + run_multitest(mapping, [&alg](std::error_code& ec) { +-- +2.34.1 + diff --git a/jwt-cpp/README b/jwt-cpp/README new file mode 100644 index 00000000..0e563096 --- /dev/null +++ b/jwt-cpp/README @@ -0,0 +1,6 @@ +This folder contains patches for jwt-cpp to work with wolfSSL. Patches make it +easier to add support for newer versions of a target library. The format of +the patch names is: + .patch +Instructions for applying each patch are included in the patch commit +message.