Topic: WolfSSL compatibility layer and Realm database
Good evening,
I was asked to complete a proof of concept where we want to replace the use of OpenSSL with Realm (realm-core) with WolfSSL. Realm is used on an Android application
I was able to download WolfSSL (5.3.0-stable) and build it using VS 2019 and IDE\VS-ARM\wolfssl.vcxproj, on a Windows 10 machine. I manually modified the vcxproj to add OPENSSL_EXTRA to PreprocessorDefinitions. The build procedure completes successfully and the library libwolfssl.a is produced.
Now I am trying to compile realm-core (release 10.10.1) and replace OpenSSL libraries with the WolfSSL one. To simplify the build procedure (avoiding CMake and gradle), I used a script available from realm-core (tools\cross_compile.sh), selecting android as the target OS to build the module with OpenSSL, and logged the process steps. I then created a .bat file from the log, listing all the realm-core source files needed for the realm-core module and used the compatibility mode to select WolfSSL headers during compilation.
The toolchain used is Android\Sdk\ndk\23.1.7779620\toolchains\llvm\prebuilt\windows-x86_64; with clang++.exe (version 12.0.8) as compiler
In most cases, the following command and argument list is used when invoking the compiler:
%clangCompiler%\bin\clang++.exe --target=aarch64-none-linux-android21 -D_LARGEFILE64_SOURCE -D_LARGEFILE_SOURCE -I%realmIncludePath% -I%realmCompileSrc% -I%wolfSSLHeaders% -isystem realm-core\wolfssl\wolfssl-5.3.0-stable\wolfssl -DANDROID -fdata-sections -ffunction-sections -funwind-tables -fstack-protector-strong -no-canonical-prefixes -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fexceptions -frtti -stdlib=libc++ -O3 -DWOLFSSL_SHA224 -DNDEBUG -fPIC -fvisibility=hidden -Wall -Wextra -Wempty-body -Wparentheses -Wunknown-pragmas -Wunreachable-code -Wunused-parameter -Wno-missing-field-initializers -Wno-uninitialized -Wpartial-availability -Wno-redundant-move -fdiagnostics-color -fdata-sections -ffunction-sections -fomit-frame-pointer -fsigned-char -fstrict-aliasing -funwind-tables -no-canonical-prefixes -Oz -std=c++17 -MD
where
realmIncludePath = PathToFolder\realm-core\src
realmCompileSrc= PathToFolder\realm-core\build-android-arm64-v8a-Release\src
wolfSSLHeaders= PathToFolder\realm-core\wolfssl\wolfssl-5.3.0-stable
For good measure, I added the #define statements for OPENSSL_EXTRA and OPENSSL_ALL in the header file PathToFolder\realm-core\wolfssl\wolfssl-5.3.0-stable\wolfssl\wolfcrypt\settings.h
This is working for all but a few .cpp files. The following errors are reported:
PathToFolder\realm-core\wolfssl\wolfssl-5.3.0-stable\wolfssl/wolfcrypt/settings.h:2375:14: warning: "For timing resistance / side-channel attack prevention consider using harden options" [-W#warnings]
#warning "For timing resistance / side-channel attack prevention consider using harden options"
PathToFolder\realm-core/src/realm/util/encrypted_file_mapping.cpp:416:5: error: use of undeclared identifier 'SHA224_Init'
SHA224_Init(&ctx);
PathToFolder\realm-core/src/realm/util/encrypted_file_mapping.cpp:423:30: error: use of undeclared identifier 'SHA224_DIGEST_LENGTH'
SHA256_Update(&ctx, dst, SHA224_DIGEST_LENGTH);
To address the errors above, I added the argument -DWOLFSSL_SHA224 to the compiler command. Compiling the code resulted in the following:
PathToFolder\realm-core/src/realm/util/encrypted_file_mapping.cpp:416:5: error: no matching function for call to
'wolfSSL_SHA224_Init'
SHA224_Init(&ctx);
^~~~~~~~~~~
PathToFolder\realm-core\wolfssl\wolfssl-5.3.0-stable\wolfssl/openssl/sha.h:106:17: note: candidate function not viable: no
known conversion from 'SHA256_CTX *' (aka 'WOLFSSL_SHA256_CTX *') to 'WOLFSSL_SHA224_CTX *' for 1st argument
WOLFSSL_API int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha);
^
PathToFolder\realm-core/src/realm/util/encrypted_file_mapping.cpp:421:5: error: no matching function for call to
'wolfSSL_SHA224_Init'
SHA224_Init(&ctx);
PathToFolder\realm-core\wolfssl\wolfssl-5.3.0-stable\wolfssl/openssl/sha.h:117:23: note: expanded from macro 'SHA224_Init'
#define SHA224_Init wolfSSL_SHA224_Init
A second file fails to compile with the following error:
PathToFolder\realm-core/src/realm/util/network_ssl.cpp:419:13: error: use of undeclared identifier 'BIO_TYPE_SOCKET'
BIO_TYPE_SOCKET, // int type
A quick search reveal the BIO_TYPE_SOCKET is declared in OpenSSL\bio.h but absent in wolfssl\openssl\bio.h
What am I missing to successfully complete building this module? Am I right to assume that the definition of BIO_TYPE_SOCKET is missing from the WolfSSL compatibility layer?
What about the errors related to SHA224_Init definition?
Any suggestions on how I could approach these issues?
Best Regards