ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-19 11:16:32 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

wolfssl: allow building with hw-crytpo and AES-CCM

Browse Source 
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz 2019-09-12 17:00:00 -03:00 committed by Hauke Mehrtens
parent 49d96ffc5c
commit ab19627ecc
4 changed files with 160 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
package/libs/wolfssl/Config.in
View File

@ -50,28 +50,27 @@ config WOLFSSL_HAS_ECC25519
config WOLFSSL_HAS_DEVCRYPTO config WOLFSSL_HAS_DEVCRYPTO
bool bool
if WOLFSSL_HAS_AES_CCM choice
comment "! Hardware Acceleration does not build with AES-CCM enabled" prompt "Hardware Acceleration"
endif default WOLFSSL_HAS_NO_HW
if !WOLFSSL_HAS_AES_CCM
choice
prompt "Hardware Acceleration"
default WOLFSSL_HAS_NO_HW
config WOLFSSL_HAS_NO_HW config WOLFSSL_HAS_NO_HW
bool "None" bool "None"
config WOLFSSL_HAS_AFALG config WOLFSSL_HAS_AFALG
bool "AF_ALG" bool "AF_ALG"
config WOLFSSL_HAS_DEVCRYPTO_AES config WOLFSSL_HAS_DEVCRYPTO_CBC
bool "/dev/crypto - AES-only" bool "/dev/crytpo - AES-CBC-only"
select WOLFSSL_HAS_DEVCRYPTO select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_FULL config WOLFSSL_HAS_DEVCRYPTO_AES
bool "/dev/crypto - full" bool "/dev/crypto - AES-only (all supported modes)"
select WOLFSSL_HAS_DEVCRYPTO select WOLFSSL_HAS_DEVCRYPTO
endchoice
endif config WOLFSSL_HAS_DEVCRYPTO_FULL
bool "/dev/crypto - full"
select WOLFSSL_HAS_DEVCRYPTO
endchoice
endif endif

6
package/libs/wolfssl/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl PKG_NAME:=wolfssl
PKG_VERSION:=4.1.0-stable PKG_VERSION:=4.1.0-stable
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
@ -77,7 +77,9 @@ CONFIGURE_ARGS += \
--$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \ --$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
--$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \ --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
--$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \ --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
--enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)) --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y) ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \

74
package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch Normal file
View File

@ -0,0 +1,74 @@
From e8e1d35744c68b165e172a687e870a549438bdf0 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Tue, 13 Aug 2019 14:12:45 -0600
Subject: [PATCH] build with devcrypto and aesccm
diff --git a/configure.ac b/configure.ac
index f943cc6ef..cf03e7f52 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1096,6 +1096,10 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
+ if test "$ENABLED_AESCCM" = "yes"
+ then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
+ fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
ENABLED_DEVCRYPTO=yes
@@ -1106,6 +1110,10 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
+ if test "$ENABLED_AESCCM" = "yes"
+ then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
+ fi
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "cbc"
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index beeae72a6..b583d03e9 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -760,6 +760,14 @@
#elif defined(WOLFSSL_DEVCRYPTO_AES)
/* if all AES is enabled with devcrypto then tables are not needed */
+ #if defined(HAVE_AESCCM)
+ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+ {
+ wc_AesEncryptDirect(aes, outBlock, inBlock);
+ return 0;
+ }
+ #endif
+
#else
/* using wolfCrypt software implementation */
@@ -1314,7 +1322,8 @@ static const word32 Td[4][256] = {
};
-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
+#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \
+ || defined(WOLFSSL_AES_DIRECT)
static const byte Td4[256] =
{
0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
index 5c63421e2..d5061f364 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
@@ -168,7 +168,7 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
#endif
-#if defined(WOLFSSL_AES_DIRECT)
+#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
{
wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);

64
package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch Normal file
View File

@ -0,0 +1,64 @@
From 9fd38dc340c38dee6e5935da174f90270a63bfbf Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Fri, 30 Aug 2019 16:15:48 -0600
Subject: [PATCH] build fix for aesccm + devcrypto=cbc + wpas and afalg
diff --git a/configure.ac b/configure.ac
index 61fad39dd..30731eb52 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1045,6 +1045,10 @@ AC_ARG_ENABLE([afalg],
if test "$ENABLED_AFALG" = "yes"
then
+ if test "$ENABLED_AESCCM" = "yes"
+ then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
+ fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
fi
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index fef2f9c74..d294f6236 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -759,7 +759,9 @@
}
#endif /* HAVE_AES_DECRYPT */
-#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)
+#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)) || \
+ ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
+ defined(HAVE_AESCCM))
static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
{
wc_AesEncryptDirect(aes, outBlock, inBlock);
@@ -768,16 +770,6 @@
#elif defined(WOLFSSL_AFALG)
#elif defined(WOLFSSL_DEVCRYPTO_AES)
- /* if all AES is enabled with devcrypto then tables are not needed */
-
- #if defined(HAVE_AESCCM)
- static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
- {
- wc_AesEncryptDirect(aes, outBlock, inBlock);
- return 0;
- }
- #endif
-
#else
/* using wolfCrypt software implementation */
@@ -1593,8 +1585,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
#if defined(HAVE_AES_DECRYPT)
-#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
- !defined(WOLFSSL_DEVCRYPTO_CBC)
+#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
+ defined(WOLFSSL_AES_DIRECT)
/* load 4 Td Tables into cache by cache line stride */
static WC_INLINE word32 PreFetchTd(void)