wolfSSL support in cmake

cisco · Apr 17, 2024 · 8a69550 · 8a69550
1 parent 4653eec
commit 8a69550
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 10 deletions.
diff --git a/.github/workflows/autotools.yml b/.github/workflows/autotools.yml
@@ -12,12 +12,14 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest]
-        crypto: [internal, openssl, nss]
+        crypto: [internal, openssl, wolfssl, nss]
         include:
           - crypto: internal
             configure-crypto-enable: ""
           - crypto: openssl
             configure-crypto-enable: "--enable-openssl"
+          - crypto: wolfssl
+            configure-crypto-enable: "--enable-wolfssl"
           - crypto: nss
             configure-crypto-enable: "--enable-nss"
 
@@ -30,6 +32,18 @@ jobs:
         sudo apt-get update
         sudo apt-get install valgrind
 
+    - name: Setup Ubuntu wolfSSL
+      if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        sudo ldconfig
+        cd ..
+
     - name: Setup Ubuntu NSS
       if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'nss'
       run: sudo apt-get install libnss3-dev
@@ -38,6 +52,18 @@ jobs:
       if: matrix.os == 'macos-latest' && matrix.crypto == 'openssl'
       run: echo "configure-env=PKG_CONFIG_PATH=$(brew --prefix [email protected])/lib/pkgconfig" >> $GITHUB_ENV
 
+    - name: Setup macOS wolfSSL
+      if: matrix.os == 'macos-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        brew install autoconf automake libtool
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        cd ..
+
     - name: Setup macOS NSS
       if:  matrix.os == 'macos-latest' && matrix.crypto == 'nss'
       run: brew install nss

diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
@@ -14,10 +14,12 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        crypto: [internal, openssl, openssl3, nss, mbedtls]
+        crypto: [internal, openssl, openssl3, wolfssl, nss, mbedtls]
         exclude:
           - os: windows-latest
             crypto: openssl
+          - os: windows-latest
+            crypto: wolfssl
           - os: windows-latest
             crypto: openssl3
           - os: windows-latest
@@ -33,6 +35,8 @@ jobs:
             cmake-crypto-enable: "-DENABLE_OPENSSL=ON"
           - crypto: openssl3
             cmake-crypto-enable: "-DENABLE_OPENSSL=ON"
+          - crypto: wolfssl
+            cmake-crypto-enable: "-DENABLE_WOLFSSL=ON"
           - crypto: nss
             cmake-crypto-enable: "-DENABLE_NSS=ON"
           - crypto: mbedtls
@@ -44,6 +48,17 @@ jobs:
       CTEST_OUTPUT_ON_FAILURE: 1
 
     steps:
+    - name: Setup Ubuntu wolfSSL
+      if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        cd ..
+
     - name: Setup Ubuntu NSS
       if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'nss'
       run: |
@@ -64,6 +79,19 @@ jobs:
         brew install openssl@3
         echo "cmake-crypto-dir=-DOPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV
 
+    - name: Setup macOS wolfSSL
+      if: matrix.os == 'macos-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        brew install autoconf automake libtool
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        export C_INCLUDE_PATH="$C_INCLUDE_PATH:/usr/local/include"
+        cd ..
+
     - name: Setup macOS NSS
       if:  matrix.os == 'macos-latest' && matrix.crypto == 'nss'
       run: brew install nss

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -82,36 +82,46 @@ set(ENABLE_DEBUG_LOGGING OFF CACHE BOOL "Enable debug logging in all modules")
 set(ERR_REPORTING_STDOUT OFF CACHE BOOL "Enable logging to stdout")
 set(ERR_REPORTING_FILE "" CACHE FILEPATH "Use file for logging")
 set(ENABLE_OPENSSL OFF CACHE BOOL "Enable OpenSSL crypto engine")
+set(ENABLE_WOLFSSL OFF CACHE BOOL "Enable wolfSSL crypto engine")
 set(ENABLE_MBEDTLS OFF CACHE BOOL "Enable MbedTLS crypto engine")
 set(ENABLE_NSS OFF CACHE BOOL "Enable NSS crypto engine")
 
-if(ENABLE_OPENSSL OR ENABLE_MBEDTLS OR ENABLE_NSS)
+if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_MBEDTLS OR ENABLE_NSS)
   set(USE_EXTERNAL_CRYPTO TRUE)
 else()
   set(USE_EXTERNAL_CRYPTO FALSE)
 endif()
 
 if(ENABLE_OPENSSL)
-  if(ENABLE_NSS OR ENABLE_MBEDTLS)
-    message(FATAL_ERROR "ssl conflict. can not enable openssl and mbedtls or nss simultaneously.")
+  if(ENABLE_WOLFSSL OR ENABLE_NSS OR ENABLE_MBEDTLS)
+    message(FATAL_ERROR "ssl conflict. can not enable openssl and wolfssl, mbedtls or nss simultaneously.")
   endif()
   find_package(OpenSSL 1.1.0 REQUIRED)
   set(OPENSSL ${ENABLE_OPENSSL} CACHE BOOL INTERNAL)
   set(GCM ${ENABLE_OPENSSL} CACHE BOOL INTERNAL)
 endif()
 
+if(ENABLE_WOLFSSL)
+  if(ENABLE_OPENSSL OR ENABLE_NSS OR ENABLE_MBEDTLS)
+    message(FATAL_ERROR "ssl conflict. can not enable wolfssl and openssl, mbedtls or nss simultaneously.")
+  endif()
+  find_package(wolfSSL REQUIRED)
+  set(WOLFSSL ${ENABLE_WOLFSSL} CACHE BOOL INTERNAL)
+  set(GCM ${ENABLE_WOLFSSL} CACHE BOOL INTERNAL)
+endif()
+
 if(ENABLE_MBEDTLS)
-  if(ENABLE_OPENSSL OR ENABLE_NSS)
-    message(FATAL_ERROR "ssl conflict. can not enable mbedtls and openssl or nss simultaneously.")
+  if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_NSS)
+    message(FATAL_ERROR "ssl conflict. can not enable mbedtls and openssl, wolfssl or nss simultaneously.")
   endif()
   find_package(MbedTLS REQUIRED)
   set(MBEDTLS ${ENABLE_MBEDTLS} CACHE BOOL INTERNAL)
   set(GCM ${ENABLE_MBEDTLS} CACHE BOOL INTERNAL)
 endif()
 
 if(ENABLE_NSS)
-  if(ENABLE_OPENSSL OR ENABLE_MBEDTLS)
-    message(FATAL_ERROR "ssl conflict. can not enable nss and openssl or mbedtls simultaneously.")
+  if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_MBEDTLS)
+    message(FATAL_ERROR "ssl conflict. can not enable nss and openssl, wolfssl or mbedtls simultaneously.")
   endif()
   find_package(NSS REQUIRED)
   set(NSS ${ENABLE_NSS} CACHE BOOL INTERNAL)
@@ -149,6 +159,11 @@ if(ENABLE_OPENSSL)
     crypto/cipher/aes_icm_ossl.c
     crypto/cipher/aes_gcm_ossl.c
   )
+elseif(ENABLE_WOLFSSL)
+  list(APPEND CIPHERS_SOURCES_C
+    crypto/cipher/aes_icm_wssl.c
+    crypto/cipher/aes_gcm_wssl.c
+  )
 elseif(ENABLE_MBEDTLS)
   list(APPEND CIPHERS_SOURCES_C
     crypto/cipher/aes_icm_mbedtls.c
@@ -177,6 +192,10 @@ if(ENABLE_OPENSSL)
   list(APPEND HASHES_SOURCES_C
     crypto/hash/hmac_ossl.c
   )
+elseif(ENABLE_WOLFSSL)
+  list(APPEND HASHES_SOURCES_C
+    crypto/hash/hmac_wssl.c
+  )
 elseif(ENABLE_MBEDTLS)
   list(APPEND HASHES_SOURCES_C
     crypto/hash/hmac_mbedtls.c
@@ -285,6 +304,9 @@ target_include_directories(srtp2 PUBLIC
 if(ENABLE_OPENSSL)
   target_include_directories(srtp2 PRIVATE ${OPENSSL_INCLUDE_DIR})
   target_link_libraries(srtp2 OpenSSL::Crypto)
+elseif(ENABLE_WOLFSSL)
+  target_include_directories(srtp2 PRIVATE ${WOLFSSL_INCLUDE_DIR})
+  target_link_libraries(srtp2 ${WOLFSSL_LIBRARY})
 elseif(ENABLE_MBEDTLS)
   target_include_directories(srtp2 PRIVATE ${MBEDTLS_INCLUDE_DIRS})
   target_link_libraries(srtp2 ${MBEDTLS_LIBRARIES})
@@ -443,6 +465,8 @@ if(LIBSRTP_TEST_APPS)
             ${ENABLE_WARNINGS_AS_ERRORS})
     if(ENABLE_OPENSSL)
       target_include_directories(test_srtp PRIVATE ${OPENSSL_INCLUDE_DIR})
+    elseif(ENABLE_OPENSSL)
+      target_include_directories(test_srtp PRIVATE ${WOLFSSL_INCLUDE_DIR})
     elseif(ENABLE_MBEDTLS)
       target_include_directories(test_srtp PRIVATE ${MBEDTLS_INCLUDE_DIRS})
     elseif(ENABLE_NSS)

diff --git a/cmake/FindwolfSSL.cmake b/cmake/FindwolfSSL.cmake
@@ -0,0 +1,18 @@
+find_path(WOLFSSL_INCLUDE_DIRS wolfssl/ssl.h)
+
+find_library(WOLFSSL_LIBRARY wolfssl)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(wolfSSL DEFAULT_MSG
+    WOLFSSL_LIBRARY WOLFSSL_INCLUDE_DIRS)
+
+mark_as_advanced(WOLFSSL_INCLUDE_DIRS WOLFSSL_LIBRARY)
+
+if(NOT TARGET wolfSSL)
+    add_library(wolfSSL UNKNOWN IMPORTED)
+    set_target_properties(wolfSSL PROPERTIES
+                          INTERFACE_INCLUDE_DIRECTORIES "${WOLFSSL_INCLUDE_DIRS}"
+                          IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                          IMPORTED_LOCATION "${WOLFSSL_LIBRARY}")
+endif()
+
diff --git a/config_in_cmake.h b/config_in_cmake.h
@@ -18,6 +18,9 @@
 /* Define this to use OpenSSL crypto. */
 #cmakedefine OPENSSL 1
 
+/* Define this to use wolfSSL crypto. */
+#cmakedefine WOLFSSL 1
+
 /* Define this to use MBEDTLS. */
 #cmakedefine MBEDTLS 1
 

diff --git a/crypto/hash/hmac_wssl.c b/crypto/hash/hmac_wssl.c
@@ -121,6 +121,7 @@ static srtp_err_status_t srtp_hmac_wolfssl_dealloc(srtp_auth_t *a)
 
 static srtp_err_status_t srtp_hmac_wolfssl_start(void *statev)
 {
+    (void)statev;
     return srtp_err_status_ok;
 }
 
@@ -192,7 +193,7 @@ static srtp_err_status_t srtp_hmac_wolfssl_compute(void *statev,
     }
 
     /* copy hash_value to *result */
-    for (i = 0; i < tag_len; i++) {
+    for (i = 0; i < (int)tag_len; i++) {
         result[i] = hash_value[i];
     }