wolfssl: update to 4.0.0-stable

Removed options that can't be turned off because we're building with
--enable-stunnel, some of which affect hostapd's Config.in.
Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
Mark options turned on when wpad support is selected.
Add building options for TLS 1.0, and TLS 1.3.
Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
Reorganized option conditionals in Makefile.
Add Eneas U de Queiroz as maintainer.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This commit is contained in:
Eneas U de Queiroz 2019-07-01 13:40:00 -03:00 committed by Christian Lamparter
parent 2792daab5a
commit ff69364ad8
5 changed files with 62 additions and 126 deletions

View File

@ -8,12 +8,8 @@ config WOLFSSL_HAS_AES_GCM
bool "Include AES-GCM support" bool "Include AES-GCM support"
default y default y
config WOLFSSL_HAS_CHACHA config WOLFSSL_HAS_CHACHA_POLY
bool "Include ChaCha cipher suite support" bool "Include ChaCha20-Poly1305 cipher suite support"
default n
config WOLFSSL_HAS_ECC
bool "Include ECC (Elliptic Curve Cryptography) support"
default y default y
config WOLFSSL_HAS_DH config WOLFSSL_HAS_DH
@ -24,12 +20,17 @@ config WOLFSSL_HAS_ARC4
bool "Include ARC4 support" bool "Include ARC4 support"
default y default y
config WOLFSSL_HAS_DES3 config WOLFSSL_HAS_TLSV10
bool "Include DES3 (Tripple-DES) support" bool "Include TLS 1.0 support"
default y default y
config WOLFSSL_HAS_PSK if !(WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY)
bool "Include PKS (Pre Share Key) support" comment "! TLS 1.3 support needs one of: AES-CCM, AES-GCM, ChaCha20-Poly1305"
endif
config WOLFSSL_HAS_TLSV13
bool "Include TLS 1.3 support"
depends on WOLFSSL_HAS_AES_CCM||WOLFSSL_HAS_AES_GCM||WOLFSSL_HAS_CHACHA_POLY
default y default y
config WOLFSSL_HAS_SESSION_TICKET config WOLFSSL_HAS_SESSION_TICKET
@ -41,20 +42,40 @@ config WOLFSSL_HAS_DTLS
default n default n
config WOLFSSL_HAS_OCSP config WOLFSSL_HAS_OCSP
bool "Include OSCP support" bool "Include OSCP stapling support"
default y default y
config WOLFSSL_HAS_WPAS config WOLFSSL_HAS_WPAS
bool "Include wpa_supplicant support" bool "Include wpa_supplicant support"
select WOLFSSL_HAS_ARC4
select WOLFSSL_HAS_OCSP
select WOLFSSL_HAS_SESSION_TICKET
default y default y
config WOLFSSL_HAS_ECC25519 config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 22519 support" bool "Include ECC Curve 22519 support"
depends on WOLFSSL_HAS_ECC
default n default n
config WOLFSSL_HAS_POLY1305 if WOLFSSL_HAS_AES_CCM
bool "Include Poly-1305 support" comment "! Hardware Acceleration does not build with AES-CCM enabled"
default n endif
if !WOLFSSL_HAS_AES_CCM
choice
prompt "Hardware Acceleration"
default WOLFSSL_HAS_NO_HW
config WOLFSSL_HAS_NO_HW
bool "None"
config WOLFSSL_HAS_AFALG
bool "AF_ALG"
config WOLFSSL_HAS_DEVCRYPTO_AES
bool "/dev/crypto - AES-only"
config WOLFSSL_HAS_DEVCRYPTO_FULL
bool "/dev/crypto - full"
endchoice
endif
endif endif

View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl PKG_NAME:=wolfssl
PKG_VERSION:=3.15.7-stable PKG_VERSION:=4.0.0-stable
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
PKG_HASH:=dc97c07a7667b39a890e14f4b4a209f51524a4cabee7adb6c80822ee78c1f62a PKG_HASH:=6cf678c72b485d1904047c40c20f85104c96b5f39778822783a2c407ccb23657
PKG_FIXUP:=libtool PKG_FIXUP:=libtool
PKG_INSTALL:=1 PKG_INSTALL:=1
@ -21,15 +21,17 @@ PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=LICENSING COPYING PKG_LICENSE_FILES:=LICENSING COPYING
PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
PKG_CONFIG_DEPENDS:=\ PKG_CONFIG_DEPENDS:=\
CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \ CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \
CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \ CONFIG_WOLFSSL_HAS_AFALG CONFIG_WOLFSSL_HAS_ARC4 \
CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ CONFIG_WOLFSSL_HAS_CHACHA_POLY CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \ CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL, CONFIG_WOLFSSL_HAS_DH \
CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY1305 \ CONFIG_WOLFSSL_HAS_DTLS CONFIG_WOLFSSL_HAS_ECC25519 \
CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \ CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_SESSION_TICKET \
CONFIG_WOLFSSL_HAS_TLSV10 CONFIG_WOLFSSL_HAS_TLSV13 \
CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_WPAS
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
@ -42,6 +44,7 @@ define Package/libwolfssl
URL:=http://www.wolfssl.com/ URL:=http://www.wolfssl.com/
MENU:=1 MENU:=1
PROVIDES:=libcyassl PROVIDES:=libcyassl
DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user
ABI_VERSION:=19 ABI_VERSION:=19
endef endef
@ -64,68 +67,20 @@ CONFIGURE_ARGS += \
--disable-examples \ --disable-examples \
--disable-leanpsk \ --disable-leanpsk \
--disable-leantls \ --disable-leantls \
--$(if $(CONFIG_IPV6),enable,disable)-ipv6 \
ifeq ($(CONFIG_IPV6),y) --$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \
CONFIGURE_ARGS += \ --$(if $(CONFIG_WOLFSSL_HAS_AES_GCM),enable,disable)-aesgcm \
--enable-ipv6 --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \
endif --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \
--$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \
ifeq ($(CONFIG_WOLFSSL_HAS_AES_CCM),y) --$(if $(CONFIG_WOLFSSL_HAS_ARC4),enable,disable)-arc4 \
CONFIGURE_ARGS += \ --$(if $(CONFIG_WOLFSSL_HAS_TLSV10),enable,disable)-tlsv10 \
--enable-aesccm --$(if $(CONFIG_WOLFSSL_HAS_TLSV13),enable,disable)-tls13 \
endif --$(if $(CONFIG_WOLFSSL_HAS_SESSION_TICKET),enable,disable)-session-ticket \
--$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
ifneq ($(CONFIG_WOLFSSL_HAS_AES_GCM),y) --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
CONFIGURE_ARGS += \ --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
--disable-aesgcm --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no))
endif
ifneq ($(CONFIG_WOLFSSL_HAS_CHACHA),y)
CONFIGURE_ARGS += \
--disable-chacha
endif
ifeq ($(CONFIG_WOLFSSL_HAS_ECC),y)
CONFIGURE_ARGS += \
--enable-ecc \
--enable-supportedcurves
endif
ifeq ($(CONFIG_WOLFSSL_HAS_DH),y)
CONFIGURE_ARGS += \
--enable-dh
endif
ifneq ($(CONFIG_WOLFSSL_HAS_ARC4),y)
CONFIGURE_ARGS += \
--disable-arc4
else
CONFIGURE_ARGS += \
--enable-arc4
endif
ifneq ($(CONFIG_WOLFSSL_HAS_DES3),y)
CONFIGURE_ARGS += \
--disable-des3
else
CONFIGURE_ARGS += \
--enable-des3
endif
ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y)
CONFIGURE_ARGS += \
--enable-psk
endif
ifeq ($(CONFIG_WOLFSSL_HAS_SESSION_TICKET),y)
CONFIGURE_ARGS += \
--enable-session-ticket
endif
ifeq ($(CONFIG_WOLFSSL_HAS_DTLS),y)
CONFIGURE_ARGS += \
--enable-dtls
endif
ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y) ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
CONFIGURE_ARGS += \ CONFIGURE_ARGS += \
@ -137,23 +92,6 @@ CONFIGURE_ARGS += \
--enable-wpas --enable-sha512 --enable-fortress --enable-fastmath --enable-wpas --enable-sha512 --enable-fortress --enable-fastmath
endif endif
ifeq ($(CONFIG_WOLFSSL_HAS_ECC25519),y)
CONFIGURE_ARGS += \
--enable-curve25519
endif
ifneq ($(CONFIG_WOLFSSL_HAS_POLY1305),y)
CONFIGURE_ARGS += \
--enable-poly1305
endif
#ifneq ($(CONFIG_TARGET_x86),)
# CONFIGURE_ARGS += --enable-intelasm
#endif
#ifneq ($(CONFIG_TARGET_x86_64),)
# CONFIGURE_ARGS += --enable-intelasm
#endif
define Build/InstallDev define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/

View File

@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h --- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h
@@ -1759,7 +1759,7 @@ extern void uITRON4_free(void *p) ; @@ -1880,7 +1880,7 @@ extern void uITRON4_free(void *p) ;
#endif #endif
/* warning for not using harden build options (default with ./configure) */ /* warning for not using harden build options (default with ./configure) */

View File

@ -1,23 +0,0 @@
From 42eacece82b6375a9f4bab3903a1a39f7d1dd579 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 5 Mar 2019 09:26:30 -0800
Subject: [PATCH] AR flags configure update In at least one environment the
check for particular AR options was failing due to a bash script bug. Deleted
an extra pair of parenthesis triggering an arithmetic statement when
redundant grouping was desired.
---
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/configure.ac
+++ b/configure.ac
@@ -15,7 +15,7 @@ AC_CONFIG_AUX_DIR([build-aux])
: ${CFLAGS=""}
# Test ar for the "U" option. Should be checked before the libtool macros.
-xxx_ar_flags=$((ar --help) 2>&1)
+xxx_ar_flags=$(ar --help 2>&1)
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
AC_PROG_CC

View File

@ -1,6 +1,6 @@
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -4614,7 +4614,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta @@ -4740,7 +4740,6 @@ AC_CONFIG_FILES([stamp-h], [echo timesta
AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
AX_CREATE_GENERIC_CONFIG AX_CREATE_GENERIC_CONFIG