From e65b27fae6bfdfeed2386a857fb16df21166ed0a Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 11 Apr 2024 12:13:20 +1000 Subject: [PATCH] wolfSSL support in cmake --- .github/workflows/autotools.yml | 26 +++++++++++++++++++++- .github/workflows/cmake.yml | 28 +++++++++++++++++++++++- CMakeLists.txt | 38 +++++++++++++++++++++++++++------ cmake/FindwolfSSL.cmake | 18 ++++++++++++++++ config_in_cmake.h | 3 +++ crypto/hash/hmac_wssl.c | 3 ++- 6 files changed, 106 insertions(+), 10 deletions(-) create mode 100644 cmake/FindwolfSSL.cmake diff --git a/.github/workflows/autotools.yml b/.github/workflows/autotools.yml index 209882496..0e60fd01f 100644 --- a/.github/workflows/autotools.yml +++ b/.github/workflows/autotools.yml @@ -12,12 +12,14 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest] - crypto: [internal, openssl, nss] + crypto: [internal, openssl, wolfssl, nss] include: - crypto: internal configure-crypto-enable: "" - crypto: openssl configure-crypto-enable: "--enable-openssl" + - crypto: wolfssl + configure-crypto-enable: "--enable-wolfssl" - crypto: nss configure-crypto-enable: "--enable-nss" @@ -30,6 +32,17 @@ jobs: sudo apt-get update sudo apt-get install valgrind + - name: Setup Ubuntu wolfSSL + if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'wolfssl' + run: | + git clone https://github.com/wolfSSL/wolfssl + cd wolfssl + ./autogen.sh + ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream' + make + sudo make install + cd .. + - name: Setup Ubuntu NSS if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'nss' run: sudo apt-get install libnss3-dev @@ -38,6 +51,17 @@ jobs: if: matrix.os == 'macos-latest' && matrix.crypto == 'openssl' run: echo "configure-env=PKG_CONFIG_PATH=$(brew --prefix openssl@1.1)/lib/pkgconfig" >> $GITHUB_ENV + - name: Setup macOS wolfSSL + if: matrix.os == 'macos-latest' && matrix.crypto == 'wolfssl' + run: | + git clone https://github.com/wolfSSL/wolfssl + cd wolfssl + ./autogen.sh + ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream' + make + sudo make install + cd .. + - name: Setup macOS NSS if: matrix.os == 'macos-latest' && matrix.crypto == 'nss' run: brew install nss diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 7c24c8ae2..143e00062 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -14,10 +14,12 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] - crypto: [internal, openssl, openssl3, nss, mbedtls] + crypto: [internal, openssl, openssl3, wolfssl, nss, mbedtls] exclude: - os: windows-latest crypto: openssl + - os: windows-latest + crypto: wolfssl - os: windows-latest crypto: openssl3 - os: windows-latest @@ -33,6 +35,8 @@ jobs: cmake-crypto-enable: "-DENABLE_OPENSSL=ON" - crypto: openssl3 cmake-crypto-enable: "-DENABLE_OPENSSL=ON" + - crypto: wolfssl + cmake-crypto-enable: "-DENABLE_WOLFSSL=ON" - crypto: nss cmake-crypto-enable: "-DENABLE_NSS=ON" - crypto: mbedtls @@ -44,6 +48,17 @@ jobs: CTEST_OUTPUT_ON_FAILURE: 1 steps: + - name: Setup Ubuntu wolfSSL + if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'wolfssl' + run: | + git clone https://github.com/wolfSSL/wolfssl + cd wolfssl + ./autogen.sh + ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream' + make + sudo make install + cd .. + - name: Setup Ubuntu NSS if: matrix.os == 'ubuntu-latest' && matrix.crypto == 'nss' run: | @@ -64,6 +79,17 @@ jobs: brew install openssl@3 echo "cmake-crypto-dir=-DOPENSSL_ROOT_DIR=$(brew --prefix openssl@3)" >> $GITHUB_ENV + - name: Setup macOS wolfSSL + if: matrix.os == 'macos-latest' && matrix.crypto == 'wolfssl' + run: | + git clone https://github.com/wolfSSL/wolfssl + cd wolfssl + ./autogen.sh + ./configure '--enable-srtp-kdf' '--enable-aesctr' '--enable-intelasm' '--enable-aesgcm-stream' + make + sudo make install + cd .. + - name: Setup macOS NSS if: matrix.os == 'macos-latest' && matrix.crypto == 'nss' run: brew install nss diff --git a/CMakeLists.txt b/CMakeLists.txt index d419d8202..468871ab6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -82,27 +82,37 @@ set(ENABLE_DEBUG_LOGGING OFF CACHE BOOL "Enable debug logging in all modules") set(ERR_REPORTING_STDOUT OFF CACHE BOOL "Enable logging to stdout") set(ERR_REPORTING_FILE "" CACHE FILEPATH "Use file for logging") set(ENABLE_OPENSSL OFF CACHE BOOL "Enable OpenSSL crypto engine") +set(ENABLE_WOLFSSL OFF CACHE BOOL "Enable wolfSSL crypto engine") set(ENABLE_MBEDTLS OFF CACHE BOOL "Enable MbedTLS crypto engine") set(ENABLE_NSS OFF CACHE BOOL "Enable NSS crypto engine") -if(ENABLE_OPENSSL OR ENABLE_MBEDTLS OR ENABLE_NSS) +if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_MBEDTLS OR ENABLE_NSS) set(USE_EXTERNAL_CRYPTO TRUE) else() set(USE_EXTERNAL_CRYPTO FALSE) endif() if(ENABLE_OPENSSL) - if(ENABLE_NSS OR ENABLE_MBEDTLS) - message(FATAL_ERROR "ssl conflict. can not enable openssl and mbedtls or nss simultaneously.") + if(ENABLE_WOLFSSL OR ENABLE_NSS OR ENABLE_MBEDTLS) + message(FATAL_ERROR "ssl conflict. can not enable openssl and wolfssl, mbedtls or nss simultaneously.") endif() find_package(OpenSSL 1.1.0 REQUIRED) set(OPENSSL ${ENABLE_OPENSSL} CACHE BOOL INTERNAL) set(GCM ${ENABLE_OPENSSL} CACHE BOOL INTERNAL) endif() +if(ENABLE_WOLFSSL) + if(ENABLE_OPENSSL OR ENABLE_NSS OR ENABLE_MBEDTLS) + message(FATAL_ERROR "ssl conflict. can not enable wolfssl and openssl, mbedtls or nss simultaneously.") + endif() + find_package(wolfSSL REQUIRED) + set(WOLFSSL ${ENABLE_WOLFSSL} CACHE BOOL INTERNAL) + set(GCM ${ENABLE_WOLFSSL} CACHE BOOL INTERNAL) +endif() + if(ENABLE_MBEDTLS) - if(ENABLE_OPENSSL OR ENABLE_NSS) - message(FATAL_ERROR "ssl conflict. can not enable mbedtls and openssl or nss simultaneously.") + if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_NSS) + message(FATAL_ERROR "ssl conflict. can not enable mbedtls and openssl, wolfssl or nss simultaneously.") endif() find_package(MbedTLS REQUIRED) set(MBEDTLS ${ENABLE_MBEDTLS} CACHE BOOL INTERNAL) @@ -110,8 +120,8 @@ if(ENABLE_MBEDTLS) endif() if(ENABLE_NSS) - if(ENABLE_OPENSSL OR ENABLE_MBEDTLS) - message(FATAL_ERROR "ssl conflict. can not enable nss and openssl or mbedtls simultaneously.") + if(ENABLE_OPENSSL OR ENABLE_WOLFSSL OR ENABLE_MBEDTLS) + message(FATAL_ERROR "ssl conflict. can not enable nss and openssl, wolfssl or mbedtls simultaneously.") endif() find_package(NSS REQUIRED) set(NSS ${ENABLE_NSS} CACHE BOOL INTERNAL) @@ -149,6 +159,11 @@ if(ENABLE_OPENSSL) crypto/cipher/aes_icm_ossl.c crypto/cipher/aes_gcm_ossl.c ) +elseif(ENABLE_WOLFSSL) + list(APPEND CIPHERS_SOURCES_C + crypto/cipher/aes_icm_wssl.c + crypto/cipher/aes_gcm_wssl.c + ) elseif(ENABLE_MBEDTLS) list(APPEND CIPHERS_SOURCES_C crypto/cipher/aes_icm_mbedtls.c @@ -177,6 +192,10 @@ if(ENABLE_OPENSSL) list(APPEND HASHES_SOURCES_C crypto/hash/hmac_ossl.c ) +elseif(ENABLE_WOLFSSL) + list(APPEND HASHES_SOURCES_C + crypto/hash/hmac_wssl.c + ) elseif(ENABLE_MBEDTLS) list(APPEND HASHES_SOURCES_C crypto/hash/hmac_mbedtls.c @@ -285,6 +304,9 @@ target_include_directories(srtp2 PUBLIC if(ENABLE_OPENSSL) target_include_directories(srtp2 PRIVATE ${OPENSSL_INCLUDE_DIR}) target_link_libraries(srtp2 OpenSSL::Crypto) +elseif(ENABLE_WOLFSSL) + target_include_directories(srtp2 PRIVATE ${WOLFSSL_INCLUDE_DIR}) + target_link_libraries(srtp2 ${WOLFSSL_LIBRARY}) elseif(ENABLE_MBEDTLS) target_include_directories(srtp2 PRIVATE ${MBEDTLS_INCLUDE_DIRS}) target_link_libraries(srtp2 ${MBEDTLS_LIBRARIES}) @@ -443,6 +465,8 @@ if(LIBSRTP_TEST_APPS) ${ENABLE_WARNINGS_AS_ERRORS}) if(ENABLE_OPENSSL) target_include_directories(test_srtp PRIVATE ${OPENSSL_INCLUDE_DIR}) + elseif(ENABLE_OPENSSL) + target_include_directories(test_srtp PRIVATE ${WOLFSSL_INCLUDE_DIR}) elseif(ENABLE_MBEDTLS) target_include_directories(test_srtp PRIVATE ${MBEDTLS_INCLUDE_DIRS}) elseif(ENABLE_NSS) diff --git a/cmake/FindwolfSSL.cmake b/cmake/FindwolfSSL.cmake new file mode 100644 index 000000000..e2fa6c0ce --- /dev/null +++ b/cmake/FindwolfSSL.cmake @@ -0,0 +1,18 @@ +find_path(WOLFSSL_INCLUDE_DIRS wolfssl/ssl.h) + +find_library(WOLFSSL_LIBRARY wolfssl) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(wolfSSL DEFAULT_MSG + WOLFSSL_LIBRARY WOLFSSL_INCLUDE_DIRS) + +mark_as_advanced(WOLFSSL_INCLUDE_DIRS WOLFSSL_LIBRARY) + +if(NOT TARGET wolfSSL) + add_library(wolfSSL UNKNOWN IMPORTED) + set_target_properties(wolfSSL PROPERTIES + INTERFACE_INCLUDE_DIRECTORIES "${WOLFSSL_INCLUDE_DIRS}" + IMPORTED_LINK_INTERFACE_LANGUAGES "C" + IMPORTED_LOCATION "${WOLFSSL_LIBRARY}") +endif() + diff --git a/config_in_cmake.h b/config_in_cmake.h index 4a198dcfd..15d4b6e6e 100644 --- a/config_in_cmake.h +++ b/config_in_cmake.h @@ -18,6 +18,9 @@ /* Define this to use OpenSSL crypto. */ #cmakedefine OPENSSL 1 +/* Define this to use wolfSSL crypto. */ +#cmakedefine WOLFSSL 1 + /* Define this to use MBEDTLS. */ #cmakedefine MBEDTLS 1 diff --git a/crypto/hash/hmac_wssl.c b/crypto/hash/hmac_wssl.c index b79135598..cec76543c 100644 --- a/crypto/hash/hmac_wssl.c +++ b/crypto/hash/hmac_wssl.c @@ -121,6 +121,7 @@ static srtp_err_status_t srtp_hmac_wolfssl_dealloc(srtp_auth_t *a) static srtp_err_status_t srtp_hmac_wolfssl_start(void *statev) { + (void)statev; return srtp_err_status_ok; } @@ -192,7 +193,7 @@ static srtp_err_status_t srtp_hmac_wolfssl_compute(void *statev, } /* copy hash_value to *result */ - for (i = 0; i < tag_len; i++) { + for (i = 0; i < (int)tag_len; i++) { result[i] = hash_value[i]; }