Merge pull request SIPp#505 from uhle/wolfssl-support

Add support for WolfSSL as a GPLv2 compliant alternative to OpenSSL
orgads · Jan 17, 2021 · db0cb33 · db0cb33
2 parents 890be3b + 018e60a
commit db0cb33
Show file tree

Hide file tree

Showing 16 changed files with 286 additions and 208 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -81,8 +81,39 @@ if(NOT USE_PCAP)
     "${PROJECT_SOURCE_DIR}/src/send_packets.c")
 endif(NOT USE_PCAP)
 
+find_package(PkgConfig QUIET)  # import pkg_check_modules() and friends
 if(USE_SSL)
-  add_definitions("-DUSE_TLS -DUSE_OPENSSL")
+  if(PKG_CONFIG_FOUND)
+    pkg_search_module(SSL openssl>=0.9.8 wolfssl>=3.15.0)
+  endif()
+  if(SSL_FOUND)
+    if("${SSL_LIBRARIES}" MATCHES "wolfssl")
+      set(WOLFSSL_FOUND True)
+    else()
+      set(OPENSSL_FOUND True)
+    endif()
+  else()
+    find_library(OPENSSL_SSL_LIBRARY NAMES ssl)
+    find_library(OPENSSL_CRYPTO_LIBRARY NAMES crypto)
+    if(OPENSSL_SSL_LIBRARY AND OPENSSL_CRYPTO_LIBRARY)
+      set(SSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY})
+      set(OPENSSL_FOUND True)
+    else()
+      find_library(WOLFSSL_LIBRARY NAMES wolfssl)
+      if(WOLFSSL_LIBRARY)
+        set(SSL_LIBRARIES ${WOLFSSL_LIBRARY})
+        set(WOLFSSL_FOUND True)
+      endif()
+    endif()
+    if(NOT OPENSSL_FOUND AND NOT WOLFSSL_FOUND)
+      message(FATAL_ERROR "Neither OpenSSL nor WolfSSL was found; please install a devel package")
+    endif()
+  endif()
+  if(OPENSSL_FOUND)
+    add_definitions("-DUSE_TLS" "-DUSE_OPENSSL")
+  elseif(WOLFSSL_FOUND)
+    add_definitions("-DUSE_TLS" "-DUSE_WOLFSSL" "-DOPENSSL_ALL")
+  endif()
 endif()
 
 if(USE_PCAP)
@@ -134,7 +165,6 @@ if(BUILD_STATIC)
   set(CMAKE_EXE_LINKER_FLAGS "-static-libgcc -static-libstdc++ -static")
 endif(BUILD_STATIC)
 
-find_package(PkgConfig QUIET)  # import pkg_check_modules() and friends
 if(PKG_CONFIG_FOUND)
   pkg_search_module(CURSES_LIBRARY ncursesw cursesw ncurses curses)
   if(CURSES_LIBRARY_FOUND)
@@ -187,10 +217,14 @@ if(USE_GSL AND GSL_LIBRARY)
   target_link_libraries(sipp_unittest gsl gslcblas)
 endif(USE_GSL AND GSL_LIBRARY)
 
-if(USE_SSL)
-  target_link_libraries(sipp crypto ssl)
-  target_link_libraries(sipp_unittest crypto ssl)
-endif(USE_SSL)
+if(USE_SSL AND SSL_LIBRARIES)
+  target_link_libraries(sipp ${SSL_LIBRARIES})
+  target_link_libraries(sipp_unittest ${SSL_LIBRARIES})
+  if(SSL_INCLUDE_DIRS)
+    target_include_directories(sipp SYSTEM PUBLIC ${SSL_INCLUDE_DIRS})
+    target_include_directories(sipp_unittest SYSTEM PUBLIC ${SSL_INCLUDE_DIRS})
+  endif(SSL_INCLUDE_DIRS)
+endif(USE_SSL AND SSL_LIBRARIES)
 
 if(USE_PCAP)
   target_link_libraries(sipp pcap)

diff --git a/docs/installation.rst b/docs/installation.rst
@@ -63,7 +63,7 @@ Installing SIPp
 
     + C++ Compiler
     + curses or ncurses library
-    + For TLS support: OpenSSL >= 0.9.8
+    + For TLS support: OpenSSL >= 0.9.8 or WolfSSL >= 3.15.0
     + For pcap play support: libpcap and libnet
     + For SCTP support: lksctp-tools
     + For distributed pauses: `Gnu Scientific Libraries`_
@@ -80,9 +80,9 @@ Installing SIPp
         make
 
     + With TLS support, you must have installed `OpenSSL library`_
-      (>=0.9.8) (which may come with your system). Building SIPp
-      consists only of adding the ``--with-openssl`` option to the
-      configure command::
+      (>=0.9.8) or `WolfSSL library`_ (>=3.15.0) (which may come with your
+      system). Building SIPp consists only of adding the ``--with-openssl``
+      option to the configure command::
 
         tar -xvzf sipp-xxx.tar.gz
         cd sipp
@@ -130,3 +130,4 @@ Installing SIPp
 .. _hewlett-packard: https://www.hp.com/
 .. _SIPp's master tree: https://github.com/SIPp/sipp/tree/master
 .. _OpenSSL library: https://www.openssl.org/
+.. _WolfSSL library: https://www.wolfssl.com/
diff --git a/include/call.hpp b/include/call.hpp
@@ -199,10 +199,10 @@ class call : virtual public task, virtual public listener, public virtual socket
     JLSRTP _rxUACVideo;
     JLSRTP _txUASVideo;
     JLSRTP _rxUASVideo;
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
     char _pref_audio_cs_out[24];
     char _pref_video_cs_out[24];
-#endif // USE_OPENSSL
+#endif // USE_TLS
 #endif // RTP_STREAM
 
     /* holds the auth header and if the challenge was 401 or 407 */
@@ -340,11 +340,11 @@ class call : virtual public task, virtual public listener, public virtual socket
 
 #ifdef RTP_STREAM
     std::string extract_rtp_remote_addr(const char * message, int &ip_ver, int &audio_port, int &video_port);
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
     int check_audio_ciphersuite_match(SrtpAudioInfoParams &pA);
     int check_video_ciphersuite_match(SrtpVideoInfoParams &pV);
     int extract_srtp_remote_info(const char * msg, SrtpAudioInfoParams &pA, SrtpVideoInfoParams &pV);
-#endif // USE_OPENSSL
+#endif // USE_TLS
 #endif // RTP_STREAM
 
     bool lost(int index);
@@ -363,10 +363,10 @@ class call : virtual public task, virtual public listener, public virtual socket
     char *debugBuffer;
     int debugLength;
 
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
     FILE* _srtpctxdebugfile;
     int logSrtpInfo(const char *fmt, ...);
-#endif // USE_OPENSSL
+#endif // USE_TLS
 
     SessionState _sessionStateCurrent;
     SessionState _sessionStateOld;

diff --git a/include/jlsrtp.hpp b/include/jlsrtp.hpp
@@ -19,12 +19,20 @@
 #ifndef __JLSRTP__
 #define __JLSRTP__
 
-#ifdef USE_OPENSSL
-
+#if defined(USE_OPENSSL)
 #include <openssl/aes.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/hmac.h>
+#elif defined(USE_WOLFSSL)
+#include <wolfssl/openssl/aes.h>
+#include <wolfssl/openssl/evp.h>
+#include <wolfssl/openssl/rand.h>
+#include <wolfssl/openssl/hmac.h>
+#endif
+
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
+
 #include <string>
 #include <vector>
 
@@ -1166,7 +1174,7 @@ class JLSRTP
 
 };
 
-#else // !USE_OPENSSL
+#else // !USE_OPENSSL && !USE_WOLFSSL
 
 class JLSRTP
 {
@@ -1187,7 +1195,7 @@ class JLSRTP
         ~JLSRTP();
 };
 
-#endif // USE_OPENSSL
+#endif // USE_OPENSSL || USE_WOLFSSL
 
 #endif // __JLSRTP__
 
diff --git a/include/message.hpp b/include/message.hpp
@@ -91,7 +91,7 @@ typedef enum {
     ,
     E_Message_RTPStream_Audio_Port,
     E_Message_RTPStream_Video_Port,
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
     E_Message_CryptoTag1Audio,
     E_Message_CryptoTag2Audio,
     E_Message_CryptoSuiteAesCm128Sha1801Audio,
@@ -124,7 +124,7 @@ typedef enum {
     E_Message_UEAesCm128Sha1802Video,
     E_Message_UEAesCm128Sha1321Video,
     E_Message_UEAesCm128Sha1322Video,
-#endif // USE_OPENSSL
+#endif // USE_TLS
 #endif // RTP_STREAM
 } MessageCompType;
 

diff --git a/include/rtpstream.hpp b/include/rtpstream.hpp
@@ -28,7 +28,7 @@
 #define RTPECHO_MAX_FILENAMELEN 256
 #define RTPECHO_MAX_PAYLOADNAME 256
 
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
 typedef struct _SrtpAudioInfoParams
 {
     bool audio_found;
@@ -54,7 +54,7 @@ typedef struct _SrtpVideoInfoParams
     bool primary_unencrypted_video_srtp;
     bool secondary_unencrypted_video_srtp;
 } SrtpVideoInfoParams;
-#endif // USE_OPENSSL
+#endif // USE_TLS
 
 struct threaddata_t;
 struct taskentry_t;
@@ -123,11 +123,11 @@ struct taskentry_t
     int                  video_rtp_socket;
     int                  video_rtcp_socket;
 
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
     /* audio/video SRTP echo activity indicators */
     int                  audio_srtp_echo_active;
     int                  video_srtp_echo_active;
-#endif // USE_OPENSSL
+#endif // USE_TLS
 
     /* rtp peer address structures */
     struct sockaddr_storage    remote_audio_rtp_addr;
@@ -147,12 +147,12 @@ struct taskentry_t
     int                  audio_active;
     int                  video_active;
 
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
     SrtpAudioInfoParams  local_srtp_audio_params;
     SrtpAudioInfoParams  remote_srtp_audio_params;
     SrtpVideoInfoParams  local_srtp_video_params;
     SrtpVideoInfoParams  remote_srtp_video_params;
-#endif // USE_OPENSSL
+#endif // USE_TLS
 };
 
 struct rtpstream_callinfo_t
@@ -209,12 +209,12 @@ int rtpstream_get_local_videoport(rtpstream_callinfo_t *callinfo);
 void rtpstream_set_remote(rtpstream_callinfo_t* callinfo, int ip_ver, const char* ip_addr,
                           int audio_port, int video_port);
 
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
 int rtpstream_set_srtp_audio_local(rtpstream_callinfo_t *callinfo, SrtpAudioInfoParams &p);
 int rtpstream_set_srtp_audio_remote(rtpstream_callinfo_t *callinfo, SrtpAudioInfoParams &p);
 int rtpstream_set_srtp_video_local(rtpstream_callinfo_t *callinfo, SrtpVideoInfoParams &p);
 int rtpstream_set_srtp_video_remote(rtpstream_callinfo_t *callinfo, SrtpVideoInfoParams &p);
-#endif // USE_OPENSSL
+#endif // USE_TLS
 
 int rtpstream_cache_file(char *filename,
                          int mode /* 0: FILE - 1: PATTERN */,

diff --git a/include/sipp.hpp b/include/sipp.hpp
@@ -22,6 +22,7 @@
 
 /* Std C includes */
 #include "config.h"
+#include "defines.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -141,10 +142,10 @@
 #define MAX_PEER_SIZE              4096  /* 3pcc extended mode: max size of peer names */
 #define MAX_LOCAL_TWIN_SOCKETS     10    /*3pcc extended mode:max number of peers from which
 cmd messages are received */
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
 #define DEFAULT_PREFERRED_AUDIO_CRYPTOSUITE ((char*)"AES_CM_128_HMAC_SHA1_80")
 #define DEFAULT_PREFERRED_VIDEO_CRYPTOSUITE ((char*)"AES_CM_128_HMAC_SHA1_80")
-#endif // USE_OPENSSL
+#endif // USE_TLS
 
 /******************** Default parameters ***********************/
 
@@ -263,9 +264,9 @@ MAYBE_EXTERN int                rtp_default_payload     DEFVAL(DEFAULT_RTP_PAYLO
 MAYBE_EXTERN int                rtp_tasks_per_thread    DEFVAL(DEFAULT_RTP_THREADTASKS);
 MAYBE_EXTERN int                rtp_buffsize            DEFVAL(65535);
 MAYBE_EXTERN bool               rtpcheck_debug          DEFVAL(0);
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
 MAYBE_EXTERN bool               srtpcheck_debug         DEFVAL(0);
-#endif // USE_OPENSSL
+#endif // USE_TLS
 MAYBE_EXTERN double             audiotolerance          DEFVAL(1.0);
 MAYBE_EXTERN double             videotolerance          DEFVAL(1.0);
 #endif // RTP_STREAM

diff --git a/include/socket.hpp b/include/socket.hpp
@@ -20,7 +20,7 @@
 #ifndef __SIPP_SOCKET_H__
 #define __SIPP_SOCKET_H__
 
-#ifdef USE_OPENSSL
+#ifdef USE_TLS
 #include "sslsocket.hpp"
 #endif
 
@@ -129,7 +129,7 @@ class SIPpSocket {
 
     bool ss_call_socket; /* Is this a call socket? */
 
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
     SSL *ss_ssl; /* The underlying SSL descriptor for this socket. */
     BIO *ss_bio; /* The underlying BIO descriptor for this socket. */
 #endif
@@ -155,7 +155,7 @@ bool reconnect_allowed();
 /********************** Network Interfaces ********************/
 
 int send_message(int s, void ** comp_state, char * msg);
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
 int send_message_tls(SSL *s, void ** comp_state, char * msg);
 #endif
 

diff --git a/include/sslsocket.hpp b/include/sslsocket.hpp
@@ -19,13 +19,19 @@
 #ifndef __SSLSOCKET__
 #define __SSLSOCKET__
 
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL)
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 #include <pthread.h>
+#elif defined(USE_WOLFSSL)
+#include <wolfssl/openssl/bio.h>
+#include <wolfssl/openssl/err.h>
+#include <wolfssl/openssl/rand.h>
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/openssl/x509v3.h>
 #endif
 
 /* Initialises an SSL context and makes the lib thread safe */
@@ -41,7 +47,7 @@ enum tls_init_status TLS_init_context(void);
 
 /* Helpers for OpenSSL */
 
-#ifdef USE_OPENSSL
+#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
 SSL* SSL_new_client();
 SSL* SSL_new_server();
 const char *SSL_error_string(int ssl_error, int orig_ret);