Merge pull request #7445 from julek-wolfssl/grpc

Add grpc support

Author: dgarske

.github/workflows/grpc.yml

@@ -0,0 +1,103 @@
+name: grpc Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir
+          retention-days: 5
+
+  grpc_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - ref: v1.60.0
+            tests: >-
+              bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
+              crl_ssl_transport_security_test server_ssl_test
+              ssl_transport_security_test ssl_transport_security_utils_test
+              test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
+              h2_ssl_cert_test h2_ssl_session_reuse_test
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 60
+    needs: build_wolfssl
+    steps:
+      - name: Confirm IPv4 and IPv6 support
+        run: |
+          ip addr list lo | grep 'inet '
+          ip addr list lo | grep 'inet6 '
+
+      - name: Install prereqs
+        run:
+          sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
+
+      - name: Download lib
+        uses: actions/download-artifact@v4
+        with:
+          name: wolf-install-grpc
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v4
+        with:
+          # TODO point to wolf repo once merged
+          repository: julek-wolfssl/osp
+          path: osp
+          ref: grpc-update
+
+      - name: Checkout grpc
+        uses: actions/checkout@v4
+        with:
+          repository: grpc/grpc
+          path: grpc
+          ref: ${{ matrix.ref }}
+
+      - name: Build grpc
+        working-directory: ./grpc
+        run: |
+          patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
+          git submodule update --init
+          mkdir cmake/build
+          cd cmake/build
+          cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
+            -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
+          make -j $(nproc) ${{ matrix.tests }}
+
+      - name: Run grpc tests
+        working-directory: ./grpc
+        run: |
+          export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
+          ./tools/run_tests/start_port_server.py
+          for t in ${{ matrix.tests }} ; do
+            ./cmake/build/$t
+          done

src/bio.c

@@ -77,6 +77,8 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
     if (buf == NULL || len == 0)
         return 0;
 
+    /* default no retry */
+    bio->flags &= ~(WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY);
     sz1 = wolfSSL_BIO_nread(bio, &pt, len);
     if (sz1 > 0) {
         XMEMCPY(buf, pt, sz1);
@@ -91,8 +93,10 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
             }
         }
     }
-    if (sz1 == 0)
+    if (sz1 == 0) {
+        bio->flags |= WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY;
         sz1 = -1;
+    }
 
     return sz1;
 }
@@ -502,8 +506,11 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
     if (bio == NULL || data == NULL || len == 0)
         return 0;
 
+    /* default no retry */
+    bio->flags &= ~(WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY);
     sz1 = wolfSSL_BIO_nwrite(bio, &buf, len);
     if (sz1 == 0) {
+        bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY;
         WOLFSSL_MSG("No room left to write");
         return WOLFSSL_BIO_ERROR;
     }
@@ -521,6 +528,8 @@ static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
         if (sz2 > 0) {
             XMEMCPY(buf, data, sz2);
             sz1 += sz2;
+            if (len > sz2)
+                bio->flags |= WOLFSSL_BIO_FLAG_WRITE|WOLFSSL_BIO_FLAG_RETRY;
         }
     }
 

src/crl.c

@@ -504,7 +504,7 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
     /* and try again checking Cert in the CRL list.                         */
     /* When not set the folder or not use hash_dir, do nothing.             */
     if ((foundEntry == 0) && (ret != OCSP_WANT_READ)) {
-        if (crl->cm->x509_store_p != NULL) {
+        if (crl->cm != NULL && crl->cm->x509_store_p != NULL) {
             ret = LoadCertByIssuer(crl->cm->x509_store_p,
                           (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL);
             if (ret == WOLFSSL_SUCCESS) {
@@ -521,7 +521,7 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
             ret = CRL_MISSING;
         }
 
-        if (crl->cm->cbMissingCRL) {
+        if (crl->cm != NULL && crl->cm->cbMissingCRL) {
             char url[256];
 
             WOLFSSL_MSG("Issuing missing CRL callback");
@@ -685,8 +685,8 @@ static WOLFSSL_X509_CRL* wolfSSL_X509_crl_new(WOLFSSL_CERT_MANAGER* cm)
 {
     WOLFSSL_X509_CRL* ret;
 
-    ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), cm->heap,
-                DYNAMIC_TYPE_CRL);
+    ret = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL),
+            cm != NULL ? cm->heap : NULL, DYNAMIC_TYPE_CRL);
     if (ret != NULL) {
         if (InitCRL(ret, cm) < 0) {
             WOLFSSL_MSG("Unable to initialize new CRL structure");
@@ -885,6 +885,20 @@ static int DupX509_CRL(WOLFSSL_X509_CRL *dupl, const WOLFSSL_X509_CRL* crl)
     return 0;
 }
 
+WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl)
+{
+    WOLFSSL_X509_CRL* ret;
+
+    WOLFSSL_ENTER("wolfSSL_X509_CRL_dup");
+
+    ret = wolfSSL_X509_crl_new(crl->cm);
+    if (ret != NULL && DupX509_CRL(ret, crl) != 0) {
+        FreeCRL(ret, 1);
+        ret = NULL;
+    }
+    return ret;
+}
+
 /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */
 int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
 {