Add mosquitto OSP

README.md

@@ -9,7 +9,7 @@ wolfSSL can provide several advantages over using the default SSL/TLS implementa
 * Portability across platforms and OS/RTOS environments
 * Low/optimized memory use (runtime and footprint)
 * [Best-tested](https://www.wolfssl.com/overview-of-testing-in-wolfssl/) SSL/TLS/crypto implementation available, reducing vulnerabilities
-* Current protocol support, up to [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2
+* Current protocol support, up to [TLS 1.3](https://www.wolfssl.com/tls13) and [DTLS 1.3](https://www.wolfssl.com/whats-new-dtls-1-3/)
 * Progressive algorithm support (ChaCha20, Poly1305, Curve/Ed25519, etc)
 * [Commercial support](https://www.wolfssl.com/products/support-and-maintenance/) available direct from wolfSSL engineers
 * [Commercial licenses](https://www.wolfssl.com/license/) available (in addition to standard GPLv2)
@@ -35,6 +35,7 @@ Each project port included in this repository is contained in its own subdirecto
 | libssh2 | client-side C library for SSH2 | [Link](https://www.libssh2.org/) | [Link](https://www.wolfssl.com/open-source-project-ports-libssh2/) | [README](./libssh2/1.9.0/README.md) |
 | lighttpd | lighttpd web server | [Link](https://www.lighttpd.net/) | [Link](https://www.wolfssl.com/lighttpd-support-wolfssl/) | [README](./lighttpd/README) |
 | mariadb | MariaDB relational database | [Link](https://mariadb.org/) | | [README](./mariadb/10.5.11/README.md) |
+| mosquitto | Eclipse Mosquitto - An open source MQTT broker | [Link](https://mosquitto.org/) | | [README](./mosquitto/README.md) |
 | net-snmp | Simple Network Management Protocol | [Link](http://www.net-snmp.org/) | | [README](./net-snmp/README.md) |
 | ntp | Network Time Protocol | [Link](http://www.ntp.org/) | [Link](https://www.wolfssl.com/open-source-project-ports-ntp/) | [README](./ntp/4.2.8p15/README.md) |
 | NXP SE05X Middleware | wolfSSL HostCrypto support patch | [Link](https://www.nxp.com/products/security-and-authentication/authentication/edgelock-se050-plug-trust-secure-element-family-enhanced-iot-security-with-high-flexibility:SE050) | | [README](./nxp-se05x-middleware/README.md) |

mosquitto/2.0.15.patch

@@ -0,0 +1,155 @@
+From ac6e407630b9352b166d2012e9732a12448c23e1 Mon Sep 17 00:00:00 2001
+From: Eric Blankenhorn <eric@wolfssl.com>
+Date: Thu, 1 Jun 2023 08:42:14 -0500
+Subject: [PATCH] Use wolfSSL for TLS
+
+Changes:
+- `config.mk`: add the `WITH_TLS=wolfssl` option
+- The`wolfssl/options.h` header is included by defining the `EXTERNAL_OPTS_OPENVPN` macro
+- `net_mosq.c`: UI_METHOD not implemented in wolfSSL
+- `net_mosq.h`: UI_METHOD not implemented in wolfSSL
+- `net_mosq_ocsp.c`: safestack.h not implemented in wolfSSL
+
+wolfSSL
+
+```
+git clone https://github.com/wolfSSL/wolfssl.git
+cd wolfssl
+./autogen.sh
+./configure --enable-opensslextra --enable-opensslall --enable-ocsp --enable-ocspstapling --enable-context-extra-user-data --enable-psk --enable-sessioncerts --enable-crl CFLAGS="-DOPENSSL_VERSION_NUMBER=0x10100000"
+make
+make install
+```
+
+Eclipse Mosquitto
+
+```
+git clone https://github.com/eclipse/mosquitto.git
+cd mosquitto
+git checkout v2.0.15
+patch -p1 < <path/to/patch/file>
+make WITH_TLS=wolfssl
+make WITH_TLS=wolfssl test
+```
+
+---
+ config.mk           | 19 +++++++++++++++++++
+ lib/net_mosq.c      | 12 +++++++++---
+ lib/net_mosq.h      |  2 ++
+ lib/net_mosq_ocsp.c |  2 ++
+ 4 files changed, 32 insertions(+), 3 deletions(-)
+
+diff --git a/config.mk b/config.mk
+index 73daefdf..f25fb0f3 100644
+--- a/config.mk
++++ b/config.mk
+@@ -253,6 +253,25 @@ ifeq ($(WITH_TLS),yes)
+ 	endif
+ endif
+
++ifeq ($(WITH_TLS),wolfssl)
++   WOLFSSLDIR=/usr/local/include/wolfssl
++
++   APP_CPPFLAGS:=$(APP_CPPFLAGS) -DWITH_TLS -DOPENSSL_NO_ENGINE -I$(WOLFSSLDIR) -DEXTERNAL_OPTS_OPENVPN -DUSE_WOLFSSL
++   BROKER_CPPFLAGS:=$(BROKER_CPPFLAGS) -DWITH_TLS -DOPENSSL_NO_ENGINE -I$(WOLFSSLDIR) -DEXTERNAL_OPTS_OPENVPN -DUSE_WOLFSSL
++   BROKER_LDADD:=$(BROKER_LDADD) -lwolfssl
++   CLIENT_CPPFLAGS:=$(CLIENT_CPPFLAGS) -DWITH_TLS -DOPENSSL_NO_ENGINE -I$(WOLFSSLDIR) -DEXTERNAL_OPTS_OPENVPN -DUSE_WOLFSSL
++   LIB_CPPFLAGS:=$(LIB_CPPFLAGS) -DWITH_TLS -DOPENSSL_NO_ENGINE -I$(WOLFSSLDIR) -DEXTERNAL_OPTS_OPENVPN -DUSE_WOLFSSL
++   LIB_LIBADD:=$(LIB_LIBADD) -lwolfssl
++   PASSWD_LDADD:=$(PASSWD_LDADD) -lwolfssl
++   STATIC_LIB_DEPS:=$(STATIC_LIB_DEPS) -lwolfssl
++
++   ifeq ($(WITH_TLS_PSK),yes)
++       BROKER_CPPFLAGS:=$(BROKER_CPPFLAGS) -DWITH_TLS_PSK -DOPENSSL_NO_ENGINE -I$(WOLFSSLDIR) -DEXTERNAL_OPTS_OPENVPN -DUSE_WOLFSSL
++       LIB_CPPFLAGS:=$(LIB_CPPFLAGS) -DWITH_TLS_PSK -DOPENSSL_NO_ENGINE -I$(WOLFSSLDIR) -DEXTERNAL_OPTS_OPENVPN -DUSE_WOLFSSL
++       CLIENT_CPPFLAGS:=$(CLIENT_CPPFLAGS) -DWITH_TLS_PSK -DOPENSSL_NO_ENGINE -I$(WOLFSSLDIR) -DEXTERNAL_OPTS_OPENVPN -DUSE_WOLFSSL
++   endif
++endif
++
+ ifeq ($(WITH_THREADING),yes)
+ 	LIB_LDFLAGS:=$(LIB_LDFLAGS) -pthread
+ 	LIB_CPPFLAGS:=$(LIB_CPPFLAGS) -DWITH_THREADING
+diff --git a/lib/net_mosq.c b/lib/net_mosq.c
+index 80d9195b..c3a1122d 100644
+--- a/lib/net_mosq.c
++++ b/lib/net_mosq.c
+@@ -78,10 +78,12 @@ Contributors:
+ #include "util_mosq.h"
+
+ #ifdef WITH_TLS
++static bool is_tls_initialized = false;
+ int tls_ex_index_mosq = -1;
++
++#ifndef USE_WOLFSSL
+ UI_METHOD *_ui_method = NULL;
+
+-static bool is_tls_initialized = false;
+
+ /* Functions taken from OpenSSL s_server/s_client */
+ static int ui_open(UI *ui)
+@@ -125,7 +127,7 @@ UI_METHOD *net__get_ui_method(void)
+ {
+ 	return _ui_method;
+ }
+-
++#endif /* !USE_WOLFSSL */
+ #endif
+
+ int net__init(void)
+@@ -156,12 +158,14 @@ void net__cleanup(void)
+ #    if !defined(OPENSSL_NO_ENGINE)
+ 	ENGINE_cleanup();
+ #    endif
+-	is_tls_initialized = false;
+ #  endif
++    is_tls_initialized = false;
+
+ 	CONF_modules_unload(1);
++#ifndef USE_WOLFSSL
+ 	cleanup_ui_method();
+ #endif
++#endif
+
+ #ifdef WITH_SRV
+ 	ares_library_cleanup();
+@@ -189,7 +193,9 @@ void net__init_tls(void)
+ #if !defined(OPENSSL_NO_ENGINE)
+ 	ENGINE_load_builtin_engines();
+ #endif
++#ifndef USE_WOLFSSL
+ 	setup_ui_method();
++#endif
+ 	if(tls_ex_index_mosq == -1){
+ 		tls_ex_index_mosq = SSL_get_ex_new_index(0, "client context", NULL, NULL, NULL);
+ 	}
+diff --git a/lib/net_mosq.h b/lib/net_mosq.h
+index ded98760..90ccf08e 100644
+--- a/lib/net_mosq.h
++++ b/lib/net_mosq.h
+@@ -84,7 +84,9 @@ void net__print_ssl_error(struct mosquitto *mosq);
+ int net__socket_apply_tls(struct mosquitto *mosq);
+ int net__socket_connect_tls(struct mosquitto *mosq);
+ int mosquitto__verify_ocsp_status_cb(SSL * ssl, void *arg);
++#ifndef USE_WOLFSSL
+ UI_METHOD *net__get_ui_method(void);
++#endif
+ #define ENGINE_FINISH(e) if(e) ENGINE_finish(e)
+ #define ENGINE_SECRET_MODE "SECRET_MODE"
+ #define ENGINE_SECRET_MODE_SHA 0x1000
+diff --git a/lib/net_mosq_ocsp.c b/lib/net_mosq_ocsp.c
+index 8c762373..96732c21 100644
+--- a/lib/net_mosq_ocsp.c
++++ b/lib/net_mosq_ocsp.c
+@@ -49,7 +49,9 @@ in this Software without prior written authorization of the copyright holder.
+ #include <mosquitto_internal.h>
+ #include <net_mosq.h>
+
++#ifndef USE_WOLFSSL
+ #include <openssl/safestack.h>
++#endif
+ #include <openssl/tls1.h>
+ #include <openssl/ssl.h>
+ #include <openssl/ocsp.h>
+-- 
+2.34.1
+

mosquitto/README.md

@@ -0,0 +1 @@
+This folder contains patches for mosquitto to work with wolfSSL. Patches make it easier to add support for newer versions of a target library. The format of the patch names is: `<mosquitto version>.patch` Instructions for applying each patch are included in the patch commit message.