Skip to content

Commit

Permalink
LibTLS+Everywhere: Switch to using WolfSSL
Browse files Browse the repository at this point in the history
This commit replaces all TLS connection code with wolfssl.
The certificate parsing code has to remain for now, as wolfssl does not
seem to have any exposed API for that.
  • Loading branch information
alimpfard committed Jul 6, 2024
1 parent 82915e1 commit 8bb610b
Show file tree
Hide file tree
Showing 28 changed files with 164 additions and 3,944 deletions.
3 changes: 1 addition & 2 deletions Ladybird/Android/src/main/cpp/RequestServerService.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,7 @@ ErrorOr<ByteString> find_certificates(StringView serenity_resource_root)
ErrorOr<int> service_main(int ipc_socket)
{
// Ensure the certificates are read out here.
DefaultRootCACertificates::set_default_certificate_paths(Vector { TRY(find_certificates(s_serenity_resource_root)) });
[[maybe_unused]] auto& certs = DefaultRootCACertificates::the();
TLS::WolfTLS::install_certificate_store_paths({ TRY(find_certificates(s_serenity_resource_root)) });

Core::EventLoop event_loop;

Expand Down
4 changes: 2 additions & 2 deletions Ladybird/RequestServer/main.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
// Ensure the certificates are read out here.
if (certificates.is_empty())
certificates.append(TRY(find_certificates(serenity_resource_root)));
DefaultRootCACertificates::set_default_certificate_paths(certificates.span());
[[maybe_unused]] auto& certs = DefaultRootCACertificates::the();

TLS::WolfTLS::install_certificate_store_paths(move(certificates));

Core::EventLoop event_loop;

Expand Down
1 change: 0 additions & 1 deletion Meta/Lagom/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -530,7 +530,6 @@ if (BUILD_TESTING)
endforeach()

# LibTLS needs a special working directory to find cacert.pem
lagom_test(../../Tests/LibTLS/TestTLSHandshake.cpp LibTLS LIBS LibTLS LibCrypto)
lagom_test(../../Tests/LibTLS/TestTLSCertificateParser.cpp LibTLS LIBS LibTLS LibCrypto)

# The FLAC tests need a special working directory to find the test files
Expand Down
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ At the moment, many core library support components are inherited from SerenityO
- LibWeb: Web rendering engine
- LibJS: JavaScript engine
- LibWasm: WebAssembly implementation
- LibCrypto/LibTLS: Cryptography primitives and Transport Layer Security
- LibCrypto: Cryptography primitives
- LibTLS: Some certificate parsing primitives
- LibHTTP: HTTP/1.1 client
- LibGfx: 2D Graphics Library, Image Decoding and Rendering
- LibArchive: Archive file format support
Expand Down
1 change: 0 additions & 1 deletion Tests/LibTLS/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
set(TEST_SOURCES
TestTLSCertificateParser.cpp
TestTLSHandshake.cpp
)

foreach(source IN LISTS TEST_SOURCES)
Expand Down
84 changes: 0 additions & 84 deletions Tests/LibTLS/TestTLSHandshake.cpp

This file was deleted.

2 changes: 2 additions & 0 deletions Userland/Libraries/LibCore/Socket.h
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,8 @@ class TCPSocket final : public Socket {

virtual ~TCPSocket() override { close(); }

int fd() { return m_helper.fd(); }

private:
explicit TCPSocket(PreventSIGPIPE prevent_sigpipe = PreventSIGPIPE::Yes)
: Socket(prevent_sigpipe)
Expand Down
4 changes: 2 additions & 2 deletions Userland/Libraries/LibCrypto/Authentication/HMAC.h
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@
#include <AK/Types.h>
#include <AK/Vector.h>

namespace Crypto::Authentication {

constexpr static auto IPAD = 0x36;
constexpr static auto OPAD = 0x5c;

namespace Crypto::Authentication {

template<typename HashT>
class HMAC {
public:
Expand Down
3 changes: 2 additions & 1 deletion Userland/Libraries/LibHTTP/HttpsJob.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ namespace HTTP {

void HttpsJob::set_certificate(ByteString certificate, ByteString key)
{
m_received_client_certificates = TLS::TLSv12::parse_pem_certificate(certificate.bytes(), key.bytes());
(void)certificate;
(void)key;
}

}
10 changes: 3 additions & 7 deletions Userland/Libraries/LibTLS/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,12 @@ add_compile_options(-Wvla)

set(SOURCES
Certificate.cpp
Handshake.cpp
HandshakeCertificate.cpp
HandshakeClient.cpp
HandshakeServer.cpp
Record.cpp
Socket.cpp
TLSv12.cpp
)

find_package(WolfSSL REQUIRED)

serenity_lib(LibTLS tls)
target_link_libraries(LibTLS PRIVATE LibCore LibCrypto LibFileSystem)
target_link_libraries(LibTLS PRIVATE LibCore LibCrypto wolfssl::wolfssl)

include(ca_certificates_data)
19 changes: 0 additions & 19 deletions Userland/Libraries/LibTLS/Certificate.h
Original file line number Diff line number Diff line change
Expand Up @@ -293,25 +293,6 @@ class Certificate {
private:
Optional<bool> m_is_self_signed;
};

class DefaultRootCACertificates {
public:
DefaultRootCACertificates();

Vector<Certificate> const& certificates() const { return m_ca_certificates; }

static ErrorOr<Vector<Certificate>> parse_pem_root_certificate_authorities(ByteBuffer&);
static ErrorOr<Vector<Certificate>> load_certificates(Span<ByteString> custom_cert_paths = {});

static DefaultRootCACertificates& the();

static void set_default_certificate_paths(Span<ByteString> paths);

private:
Vector<Certificate> m_ca_certificates;
};

}

using TLS::Certificate;
using TLS::DefaultRootCACertificates;
90 changes: 0 additions & 90 deletions Userland/Libraries/LibTLS/CipherSuite.h

This file was deleted.

Loading

0 comments on commit 8bb610b

Please sign in to comment.