Enables the use of wolfSSL for crypto primitives

To configure: ./configure --enable-wolfssl --with-wolfssl-dir=<wolfssl dir> Add implementations of SRTP KDF, HMAC, AES-GCM and AES-CTR using wolfSSL.
cisco · Mar 20, 2024 · 18e852f · 18e852f
1 parent e53e106
commit 18e852f
Show file tree

Hide file tree

Showing 11 changed files with 1,441 additions and 4 deletions.
diff --git a/config_in.h b/config_in.h
@@ -171,6 +171,12 @@
 /* Define to 1 if you have the ANSI C header files. */
 #undef STDC_HEADERS
 
+/* Define this to use wolfSSL crypto. */
+#undef WOLFSSL
+
+/* Define this to use wolfSSL KDF for SRTP. */
+#undef WOLFSSL_KDF
+
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
    significant byte first (like Motorola and SPARC, unlike Intel). */
 #if defined AC_APPLE_UNIVERSAL_BUILD

diff --git a/configure b/configure
@@ -710,9 +710,11 @@ ac_user_opts='
 enable_option_checking
 enable_debug_logging
 enable_openssl
+enable_wolfssl
 enable_nss
 with_openssl_dir
 enable_openssl_kdf
+with_wolfssl_dir
 with_nss_dir
 enable_pcap
 enable_log_stdout
@@ -1364,6 +1366,7 @@ Optional Features:
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
   --enable-debug-logging  Enable debug logging in all modules
   --enable-openssl        compile in OpenSSL crypto engine
+  --enable-wolfssl        compile in wolfSSL crypto engine
   --enable-nss            compile in NSS crypto engine
   --enable-openssl-kdf    Use OpenSSL KDF algorithm
   --disable-pcap          Build without `pcap' library (-lpcap)
@@ -1373,6 +1376,7 @@ Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
   --with-openssl-dir      Location of OpenSSL installation
+  --with-wolfssl-dir      Location of wolfSSL installation
   --with-nss-dir          Location of NSS installation
   --with-log-file         Use file for logging
 
@@ -5461,6 +5465,18 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl" >&5
 $as_echo "$enable_openssl" >&6; }
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage wolfSSL crypto" >&5
+$as_echo_n "checking whether to leverage wolfSSL crypto... " >&6; }
+# Check whether --enable-wolfssl was given.
+if test "${enable_wolfssl+set}" = set; then :
+  enableval=$enable_wolfssl;
+else
+  enable_wolfssl=no
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_wolfssl" >&5
+$as_echo "$enable_wolfssl" >&6; }
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage NSS crypto" >&5
 $as_echo_n "checking whether to leverage NSS crypto... " >&6; }
 # Check whether --enable-nss was given.
@@ -6035,6 +6051,161 @@ fi
 $as_echo "#define OPENSSL_KDF 1" >>confdefs.h
 
    fi
+elif test "$enable_wolfssl" = "yes"; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user specified wolfSSL directory" >&5
+$as_echo_n "checking for user specified wolfSSL directory... " >&6; }
+
+# Check whether --with-wolfssl-dir was given.
+if test "${with_wolfssl_dir+set}" = set; then :
+  withval=$with_wolfssl_dir; if test -d $with_wolfssl_dir/lib; then
+         CFLAGS="$CFLAGS -I$with_wolfssl_dir/include -I$with_wolfssl_dir/include/wolfssl"
+         if test "x$LDFLAGS" = "x"; then
+           LDFLAGS="-L$with_wolfssl_dir/lib"
+         else
+           LDFLAGS="$LDFLAGS -L$with_wolfssl_dir/lib"
+         fi
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_wolfssl_dir" >&5
+$as_echo "$with_wolfssl_dir" >&6; }
+       else
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid" >&5
+$as_echo "invalid" >&6; }
+         { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Invalid wolfSSL location: $with_wolfssl_dir
+See \`config.log' for more details" "$LINENO" 5; }
+       fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+  LIBS="-ldl $LIBS"
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: can't find libdl" >&5
+$as_echo "$as_me: WARNING: can't find libdl" >&2;}
+fi
+
+
+
+$as_echo "#define GCM 1" >>confdefs.h
+
+
+$as_echo "#define WOLFSSL 1" >>confdefs.h
+
+   AES_ICM_OBJS="crypto/cipher/aes_icm_wssl.o crypto/cipher/aes_gcm_wssl.o"
+   HMAC_OBJS=crypto/hash/hmac_wssl.o
+   USE_EXTERNAL_CRYPTO=1
+
+
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to leverage wolfSSL KDF algorithm" >&5
+$as_echo_n "checking whether to leverage wolfSSL KDF algorithm... " >&6; }
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing wc_SRTCP_KDF" >&5
+$as_echo_n "checking for library containing wc_SRTCP_KDF... " >&6; }
+if ${ac_cv_search_wc_SRTCP_KDF+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char wc_SRTCP_KDF ();
+int
+main ()
+{
+return wc_SRTCP_KDF ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' wolfssl; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_wc_SRTCP_KDF=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_wc_SRTCP_KDF+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_wc_SRTCP_KDF+:} false; then :
+
+else
+  ac_cv_search_wc_SRTCP_KDF=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_wc_SRTCP_KDF" >&5
+$as_echo "$ac_cv_search_wc_SRTCP_KDF" >&6; }
+ac_res=$ac_cv_search_wc_SRTCP_KDF
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "can't find wolfssl KDF lib
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+
+$as_echo "#define WOLFSSL_KDF 1" >>confdefs.h
+
 elif test "$enable_nss" = "yes"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user specified NSS directory" >&5
 $as_echo_n "checking for user specified NSS directory... " >&6; }

diff --git a/configure.ac b/configure.ac
@@ -210,6 +210,12 @@ AC_ARG_ENABLE([openssl],
   [], [enable_openssl=no])
 AC_MSG_RESULT([$enable_openssl])
 
+AC_MSG_CHECKING([whether to leverage wolfSSL crypto])
+AC_ARG_ENABLE([wolfssl],
+  [AS_HELP_STRING([--enable-wolfssl], [compile in wolfSSL crypto engine])],
+  [], [enable_wolfssl=no])
+AC_MSG_RESULT([$enable_wolfssl])
+
 AC_MSG_CHECKING([whether to leverage NSS crypto])
 AC_ARG_ENABLE([nss],
   [AS_HELP_STRING([--enable-nss], [compile in NSS crypto engine])],
@@ -275,6 +281,36 @@ if test "$enable_openssl" = "yes"; then
        [], [AC_MSG_FAILURE([can't find openssl KDF lib])])
      AC_DEFINE([OPENSSL_KDF], [1], [Define this to use OpenSSL KDF for SRTP.])
    fi
+elif test "$enable_wolfssl" = "yes"; then
+   AC_MSG_CHECKING([for user specified wolfSSL directory])
+   AC_ARG_WITH([wolfssl-dir],
+      [AS_HELP_STRING([--with-wolfssl-dir], [Location of wolfSSL installation])],
+       [if test -d $with_wolfssl_dir/lib; then
+         CFLAGS="$CFLAGS -I$with_wolfssl_dir/include -I$with_wolfssl_dir/include/wolfssl"
+         if test "x$LDFLAGS" = "x"; then
+           LDFLAGS="-L$with_wolfssl_dir/lib"
+         else
+           LDFLAGS="$LDFLAGS -L$with_wolfssl_dir/lib"
+         fi
+         AC_MSG_RESULT([$with_wolfssl_dir])
+       else
+         AC_MSG_RESULT([invalid])
+         AC_MSG_FAILURE([Invalid wolfSSL location: $with_wolfssl_dir])
+       fi],
+      [AC_MSG_RESULT([no])])
+
+   AC_CHECK_LIB([dl], [dlopen], [], [AC_MSG_WARN([can't find libdl])])
+
+   AC_DEFINE([GCM], [1], [Define this to use AES-GCM.])
+   AC_DEFINE([WOLFSSL], [1], [Define this to use wolfSSL crypto.])
+   AES_ICM_OBJS="crypto/cipher/aes_icm_wssl.o crypto/cipher/aes_gcm_wssl.o"
+   HMAC_OBJS=crypto/hash/hmac_wssl.o
+   AC_SUBST([USE_EXTERNAL_CRYPTO], [1])
+
+   AC_MSG_CHECKING([whether to leverage wolfSSL KDF algorithm])
+   AC_SEARCH_LIBS([wc_SRTCP_KDF], [wolfssl],
+     [], [AC_MSG_FAILURE([can't find wolfssl KDF lib])])
+   AC_DEFINE([WOLFSSL_KDF], [1], [Define this to use wolfSSL KDF for SRTP.])
 elif test "$enable_nss" = "yes"; then
    AC_MSG_CHECKING([for user specified NSS directory])
    AC_ARG_WITH([nss-dir],