Enables the use of wolfSSL for crypto primitives

To configure:
    ./configure --enable-wolfssl --with-wolfssl-dir=<wolfssl dir>

Add implementations of SRTP KDF, HMAC, AES-GCM and AES-CTR using
wolfSSL.

.github/workflows/autotools.yml

@@ -12,12 +12,14 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest]
-        crypto: [internal, openssl, nss]
+        crypto: [internal, openssl, wolfssl, nss]
         include:
           - crypto: internal
             configure-crypto-enable: ""
           - crypto: openssl
             configure-crypto-enable: "--enable-openssl"
+          - crypto: wolfssl
+            configure-crypto-enable: "--enable-wolfssl"
           - crypto: nss
             configure-crypto-enable: "--enable-nss"
 
@@ -30,6 +32,18 @@ jobs:
         sudo apt-get update
         sudo apt-get install valgrind
 
+    - name: Setup Ubuntu wolfSSL
+      if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        sudo ldconfig
+        cd ..
+
     - name: Setup Ubuntu NSS
       if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'nss'
       run: sudo apt-get install libnss3-dev
@@ -38,6 +52,18 @@ jobs:
       if: matrix.os == 'macos-latest' && matrix.crypto == 'openssl'
       run: echo "configure-env=PKG_CONFIG_PATH=$(brew --prefix [email protected])/lib/pkgconfig" >> $GITHUB_ENV
 
+    - name: Setup macOS wolfSSL
+      if: matrix.os == 'macos-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        brew install autoconf automake libtool
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        cd ..
+
     - name: Setup macOS NSS
       if:  matrix.os == 'macos-latest' && matrix.crypto == 'nss'
       run: brew install nss

.github/workflows/cmake.yml

@@ -14,10 +14,12 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        crypto: [internal, openssl, openssl3, nss, mbedtls]
+        crypto: [internal, openssl, openssl3, wolfssl, nss, mbedtls]
         exclude:
           - os: windows-latest
             crypto: openssl
+          - os: windows-latest
+            crypto: wolfssl
           - os: windows-latest
             crypto: openssl3
           - os: windows-latest
@@ -33,6 +35,8 @@ jobs:
             cmake-crypto-enable: "-DENABLE_OPENSSL=ON"
           - crypto: openssl3
             cmake-crypto-enable: "-DENABLE_OPENSSL=ON"
+          - crypto: wolfssl
+            cmake-crypto-enable: "-DENABLE_WOLFSSL=ON"
           - crypto: nss
             cmake-crypto-enable: "-DENABLE_NSS=ON"
           - crypto: mbedtls
@@ -44,6 +48,17 @@ jobs:
       CTEST_OUTPUT_ON_FAILURE: 1
 
     steps:
+    - name: Setup Ubuntu wolfSSL
+      if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        cd ..
+
     - name: Setup Ubuntu NSS
       if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'nss'
       run: |
@@ -64,6 +79,18 @@ jobs:
         brew install openssl@3
         echo "cmake-crypto-dir=-DOPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV
 
+    - name: Setup macOS wolfSSL
+      if: matrix.os == 'macos-latest' && matrix.crypto == 'wolfssl'
+      run: |
+        brew install autoconf automake libtool
+        git clone https://github.com/wolfSSL/wolfssl
+        cd wolfssl
+        ./autogen.sh
+        ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream'
+        make
+        sudo make install
+        cd ..
+
     - name: Setup macOS NSS
       if:  matrix.os == 'macos-latest' && matrix.crypto == 'nss'
       run: brew install nss

CMakeLists.txt

@@ -82,36 +82,47 @@ set(ENABLE_DEBUG_LOGGING OFF CACHE BOOL "Enable debug logging in all modules")
 set(ERR_REPORTING_STDOUT OFF CACHE BOOL "Enable logging to stdout")
 set(ERR_REPORTING_FILE "" CACHE FILEPATH "Use file for logging")
 set(ENABLE_OPENSSL OFF CACHE BOOL "Enable OpenSSL crypto engine")
+set(ENABLE_WOLFSSL OFF CACHE BOOL "Enable wolfSSL crypto engine")
 set(ENABLE_MBEDTLS OFF CACHE BOOL "Enable MbedTLS crypto engine")
 set(ENABLE_NSS OFF CACHE BOOL "Enable NSS crypto engine")
 
-if(ENABLE_OPENSSL OR ENABLE_MBEDTLS OR ENABLE_NSS)
+if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_MBEDTLS OR ENABLE_NSS)
   set(USE_EXTERNAL_CRYPTO TRUE)
 else()
   set(USE_EXTERNAL_CRYPTO FALSE)
 endif()
 
 if(ENABLE_OPENSSL)
-  if(ENABLE_NSS OR ENABLE_MBEDTLS)
-    message(FATAL_ERROR "ssl conflict. can not enable openssl and mbedtls or nss simultaneously.")
+  if(ENABLE_WOLFSSL OR ENABLE_NSS OR ENABLE_MBEDTLS)
+    message(FATAL_ERROR "ssl conflict. can not enable openssl and wolfssl, mbedtls or nss simultaneously.")
   endif()
   find_package(OpenSSL 1.1.0 REQUIRED)
   set(OPENSSL ${ENABLE_OPENSSL} CACHE BOOL INTERNAL)
   set(GCM ${ENABLE_OPENSSL} CACHE BOOL INTERNAL)
 endif()
 
+if(ENABLE_WOLFSSL)
+  if(ENABLE_OPENSSL OR ENABLE_NSS OR ENABLE_MBEDTLS)
+    message(FATAL_ERROR "ssl conflict. can not enable wolfssl and openssl, mbedtls or nss simultaneously.")
+  endif()
+  find_package(wolfSSL REQUIRED)
+  set(WOLFSSL ${ENABLE_WOLFSSL} CACHE BOOL INTERNAL)
+  set(WOLFSSL_KDF ${ENABLE_WOLFSSL} CACHE BOOL INTERNAL)
+  set(GCM ${ENABLE_WOLFSSL} CACHE BOOL INTERNAL)
+endif()
+
 if(ENABLE_MBEDTLS)
-  if(ENABLE_OPENSSL OR ENABLE_NSS)
-    message(FATAL_ERROR "ssl conflict. can not enable mbedtls and openssl or nss simultaneously.")
+  if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_NSS)
+    message(FATAL_ERROR "ssl conflict. can not enable mbedtls and openssl, wolfssl or nss simultaneously.")
   endif()
   find_package(MbedTLS REQUIRED)
   set(MBEDTLS ${ENABLE_MBEDTLS} CACHE BOOL INTERNAL)
   set(GCM ${ENABLE_MBEDTLS} CACHE BOOL INTERNAL)
 endif()
 
 if(ENABLE_NSS)
-  if(ENABLE_OPENSSL OR ENABLE_MBEDTLS)
-    message(FATAL_ERROR "ssl conflict. can not enable nss and openssl or mbedtls simultaneously.")
+  if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_MBEDTLS)
+    message(FATAL_ERROR "ssl conflict. can not enable nss and openssl, wolfssl or mbedtls simultaneously.")
   endif()
   find_package(NSS REQUIRED)
   set(NSS ${ENABLE_NSS} CACHE BOOL INTERNAL)
@@ -149,6 +160,11 @@ if(ENABLE_OPENSSL)
     crypto/cipher/aes_icm_ossl.c
     crypto/cipher/aes_gcm_ossl.c
   )
+elseif(ENABLE_WOLFSSL)
+  list(APPEND CIPHERS_SOURCES_C
+    crypto/cipher/aes_icm_wssl.c
+    crypto/cipher/aes_gcm_wssl.c
+  )
 elseif(ENABLE_MBEDTLS)
   list(APPEND CIPHERS_SOURCES_C
     crypto/cipher/aes_icm_mbedtls.c
@@ -177,6 +193,10 @@ if(ENABLE_OPENSSL)
   list(APPEND HASHES_SOURCES_C
     crypto/hash/hmac_ossl.c
   )
+elseif(ENABLE_WOLFSSL)
+  list(APPEND HASHES_SOURCES_C
+    crypto/hash/hmac_wssl.c
+  )
 elseif(ENABLE_MBEDTLS)
   list(APPEND HASHES_SOURCES_C
     crypto/hash/hmac_mbedtls.c
@@ -285,6 +305,9 @@ target_include_directories(srtp2 PUBLIC
 if(ENABLE_OPENSSL)
   target_include_directories(srtp2 PRIVATE ${OPENSSL_INCLUDE_DIR})
   target_link_libraries(srtp2 OpenSSL::Crypto)
+elseif(ENABLE_WOLFSSL)
+  target_include_directories(srtp2 PRIVATE ${WOLFSSL_INCLUDE_DIR})
+  target_link_libraries(srtp2 ${WOLFSSL_LIBRARY})
 elseif(ENABLE_MBEDTLS)
   target_include_directories(srtp2 PRIVATE ${MBEDTLS_INCLUDE_DIRS})
   target_link_libraries(srtp2 ${MBEDTLS_LIBRARIES})
@@ -443,6 +466,8 @@ if(LIBSRTP_TEST_APPS)
             ${ENABLE_WARNINGS_AS_ERRORS})
     if(ENABLE_OPENSSL)
       target_include_directories(test_srtp PRIVATE ${OPENSSL_INCLUDE_DIR})
+    elseif(ENABLE_WOLFSSL)
+      target_include_directories(test_srtp PRIVATE ${WOLFSSL_INCLUDE_DIR})
     elseif(ENABLE_MBEDTLS)
       target_include_directories(test_srtp PRIVATE ${MBEDTLS_INCLUDE_DIRS})
     elseif(ENABLE_NSS)

cmake/FindwolfSSL.cmake

@@ -0,0 +1,18 @@
+find_path(WOLFSSL_INCLUDE_DIR wolfssl/ssl.h)
+
+find_library(WOLFSSL_LIBRARY wolfssl)
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(wolfSSL DEFAULT_MSG
+    WOLFSSL_LIBRARY WOLFSSL_INCLUDE_DIR)
+
+mark_as_advanced(WOLFSSL_INCLUDE_DIR WOLFSSL_LIBRARY)
+
+if(NOT TARGET wolfSSL)
+    add_library(wolfSSL UNKNOWN IMPORTED)
+    set_target_properties(wolfSSL PROPERTIES
+                          INTERFACE_INCLUDE_DIRECTORIES "${WOLFSSL_INCLUDE_DIR}"
+                          IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+                          IMPORTED_LOCATION "${WOLFSSL_LIBRARY}")
+endif()
+

config_in.h

@@ -171,6 +171,12 @@
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 
+/* Define this to use wolfSSL crypto. */
+#undef WOLFSSL
+
+/* Define this to use wolfSSL KDF for SRTP. */
+#undef WOLFSSL_KDF
+
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
    significant byte first (like Motorola and SPARC, unlike Intel). */
 #if defined AC_APPLE_UNIVERSAL_BUILD

config_in_cmake.h

@@ -18,6 +18,12 @@
 /* Define this to use OpenSSL crypto. */
 #cmakedefine OPENSSL 1
 
+/* Define this to use wolfSSL crypto. */
+#cmakedefine WOLFSSL 1
+
+/* Define this to use wolfSSL SRTP-KDF. */
+#cmakedefine WOLFSSL_KDF 1
+
 /* Define this to use MBEDTLS. */
 #cmakedefine MBEDTLS 1