include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
-PKG_VERSION:=3.12.0
+PKG_VERSION:=5.7.0-stable
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=https://www.wolfssl.com/
-PKG_HASH:=5bb196056ac0086efbf07ecea7d3e73b1c31722eb52a88b85879f920428a9a0f
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
+PKG_HASH:=2de93e8af588ee856fe67a6d7fce23fc1b226b74d710b0e3946bc8061f6aa18f
-PKG_FIXUP:=libtool
+PKG_FIXUP:=libtool libtool-abiver
PKG_INSTALL:=1
-PKG_USE_MIPS16:=0
+PKG_BUILD_FLAGS:=no-mips16 lto
PKG_BUILD_PARALLEL:=1
-PKG_LICENSE:=GPL-2.0+
-PKG_CPE_ID:=cpe:/a:yassl:cyassl
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSING COPYING
+PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
+PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
+
+PKG_CONFIG_DEPENDS:=\
+ CONFIG_WOLFSSL_HAS_AES_CCM \
+ CONFIG_WOLFSSL_HAS_ARC4 \
+ CONFIG_WOLFSSL_HAS_CERTGEN \
+ CONFIG_WOLFSSL_HAS_CHACHA_POLY \
+ CONFIG_WOLFSSL_HAS_DH \
+ CONFIG_WOLFSSL_HAS_DTLS \
+ CONFIG_WOLFSSL_HAS_ECC25519 \
+ CONFIG_WOLFSSL_HAS_ECC448 \
+ CONFIG_WOLFSSL_HAS_OCSP \
+ CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \
+ CONFIG_WOLFSSL_HAS_SESSION_TICKET \
+ CONFIG_WOLFSSL_HAS_TLSV10 \
+ CONFIG_WOLFSSL_HAS_TLSV13 \
+ CONFIG_WOLFSSL_HAS_WPAS
+
+PKG_ABI_VERSION:=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
+
+PKG_CONFIG_DEPENDS+=\
+ CONFIG_PACKAGE_libwolfssl-benchmark \
+ CONFIG_WOLFSSL_HAS_AFALG \
+ CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
+ CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \
+ CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL
include $(INCLUDE_DIR)/package.mk
-define Package/libwolfssl
+define Package/libwolfssl/Default
SECTION:=libs
SUBMENU:=SSL
CATEGORY:=Libraries
- TITLE:=wolfSSL library
URL:=http://www.wolfssl.com/
- MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
+endef
+
+define Package/libwolfssl
+$(call Package/libwolfssl/Default)
+ TITLE:=wolfSSL library
MENU:=1
PROVIDES:=libcyassl
+ DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user
+ ABI_VERSION:=$(PKG_ABI_VERSION)
+ VARIANT:=regular
+ DEFAULT_VARIANT:=1
+ CONFLICTS:=libwolfsslcpu-crypto
endef
define Package/libwolfssl/description
source "$(SOURCE)/Config.in"
endef
-TARGET_CFLAGS += $(FPIC)
-
-# --enable-stunnel needed for OpenSSL API compatibility bits
-CONFIGURE_ARGS += \
- --enable-opensslextra \
- --enable-sni \
- --enable-stunnel \
- --disable-examples
-
-ifeq ($(CONFIG_IPV6),y)
-CONFIGURE_ARGS += \
- --enable-ipv6
-endif
-
-ifeq ($(CONFIG_WOLFSSL_HAS_AES_CCM),y)
-CONFIGURE_ARGS += \
- --enable-aesccm
-endif
-
-ifneq ($(CONFIG_WOLFSSL_HAS_AES_GCM),y)
-CONFIGURE_ARGS += \
- --disable-aesgcm
-endif
+define Package/libwolfsslcpu-crypto
+$(call Package/libwolfssl/Default)
+ TITLE:=wolfSSL library with AES CPU instructions
+ PROVIDES:=libwolfssl libcyassl
+ DEPENDS:=@((aarch64||x86_64)&&(m||!TARGET_bcm27xx))
+ ABI_VERSION:=$(PKG_ABI_VERSION)
+ VARIANT:=cpu-crypto
+endef
-ifneq ($(CONFIG_WOLFSSL_HAS_CHACHA),y)
-CONFIGURE_ARGS += \
- --disable-chacha
-endif
+define Package/libwolfssl-benchmark
+$(call Package/libwolfssl/Default)
+ TITLE:=wolfSSL Benchmark Utility
+ DEPENDS:=libwolfssl
+endef
-ifeq ($(CONFIG_WOLFSSL_HAS_ECC),y)
-CONFIGURE_ARGS += \
- --enable-ecc \
- --enable-supportedcurves
-endif
+define Package/libwolfsslcpu-crypto/description
+$(call Package/libwolfssl/description)
+This variant uses AES CPU instructions (Intel AESNI or ARMv8 Crypto Extension)
+endef
-ifneq ($(CONFIG_WOLFSSL_HAS_DH),y)
-CONFIGURE_ARGS += \
- --enable-dh
-endif
+define Package/libwolfsslcpu-crypto/config
+ if TARGET_armsr && PACKAGE_libwolfsslcpu-crypto = y
+ comment "You are about to build libwolfsslcpu-crypto into an armsr_64 image."
+ comment "Ensure all of your installation targets support the Crypto Extension. "
+ comment "Look for the 'aes' feature in /proc/cpuinfo. This library does not do "
+ comment "run-time detection and will crash if the CPU does not support it. "
+ endif
+ if TARGET_bcm27xx && PACKAGE_libwolfsslcpu-crypto
+ comment "Beware that libwolfsslcpu-crypto will not run in a bcm27xx target. "
+ endif
+endef
-ifeq ($(CONFIG_WOLFSSL_HAS_ARC4),n)
-CONFIGURE_ARGS += \
- --disable-arc4
-endif
+define Package/libwolfssl-benchmark/description
+This is the wolfssl benchmark utility.
+endef
-ifeq ($(CONFIG_WOLFSSL_HAS_DES3),y)
-CONFIGURE_ARGS += \
- --disable-des3
-endif
+TARGET_CFLAGS += \
+ $(FPIC) \
+ -fomit-frame-pointer \
+ -DFP_MAX_BITS=8192 \
+ $(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)
-ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y)
+# --enable-stunnel needed for OpenSSL API compatibility bits
CONFIGURE_ARGS += \
- --enable-psk
-endif
+ --enable-reproducible-build \
+ --enable-lighty \
+ --enable-opensslall \
+ --enable-opensslextra \
+ --enable-sni \
+ --enable-stunnel \
+ --enable-altcertchains \
+ --$(if $(CONFIG_PACKAGE_libwolfssl-benchmark),enable,disable)-crypttests \
+ --disable-examples \
+ --disable-jobserver \
+ --$(if $(CONFIG_IPV6),enable,disable)-ipv6 \
+ --$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \
+ --$(if $(CONFIG_WOLFSSL_HAS_CERTGEN),enable,disable)-certgen \
+ --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \
+ --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \
+ --$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \
+ --$(if $(CONFIG_WOLFSSL_HAS_ARC4),enable,disable)-arc4 \
+ --$(if $(CONFIG_WOLFSSL_HAS_TLSV10),enable,disable)-tlsv10 \
+ --$(if $(CONFIG_WOLFSSL_HAS_TLSV13),enable,disable)-tls13 \
+ --$(if $(CONFIG_WOLFSSL_HAS_SESSION_TICKET),enable,disable)-session-ticket \
+ --$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
+ --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
+ --$(if $(CONFIG_WOLFSSL_HAS_ECC448),enable,disable)-curve448 \
+ --$(if $(CONFIG_WOLFSSL_HAS_OPENVPN),enable,disable)-openvpn
+
+define Package/libwolfsslcpu-crypto/preinst-aarch64
+#!/bin/sh
+exec >&2
+printf "[libwolfsslcpu-crypto] Checking for Arm v8-A Cryptographic Extension support: "
+if [ -n "$${IPKG_INSTROOT}" ]; then
+ printf "...[offline]... "
+ eval "$$(grep '^DISTRIB_TARGET=' "$${IPKG_INSTROOT}/etc/openwrt_release")"
+ echo "$${DISTRIB_TARGET}" | grep '^bcm27xx/.*' > /dev/null && {
+ echo "not supported"
+ echo "Error: Target $${DISTRIB_TARGET} does not support Arm Cryptographic Extension."
+ echo "Install the regular libwolfssl package instead of libwolfsslcpu-crypto."
+ exit 1
+ }
+else
+ grep -q '^Features.*\baes\b' /proc/cpuinfo || {
+ echo "not supported"
+ echo "Error: Arm v8-A Cryptographic Extension not supported."
+ echo "Install the regular libwolfssl package instead of libwolfsslcpu-crypto."
+ echo "Contents of /proc/cpuinfo:"
+ cat /proc/cpuinfo
+ exit 1
+ }
+fi
+echo OK
+exit 0
+endef
-ifeq ($(CONFIG_WOLFSSL_HAS_DTLS),y)
+ifeq ($(BUILD_VARIANT),regular)
CONFIGURE_ARGS += \
- --enable-dtls
+ --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
+ --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
+ ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
+ ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
+else ifdef CONFIG_aarch64
+ CONFIGURE_ARGS += --enable-armasm
+ TARGET_CFLAGS:=$(TARGET_CFLAGS:-mcpu%=-mcpu%+crypto)
+ Package/libwolfsslcpu-crypto/preinst=$(Package/libwolfsslcpu-crypto/preinst-aarch64)
+else ifdef CONFIG_TARGET_x86_64
+ CONFIGURE_ARGS += --enable-intelasm
endif
-ifeq ($(CONFIG_WOLFSSL_HAS_ECC25519),y)
+ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
CONFIGURE_ARGS += \
- --enable-curve25519
+ --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
endif
-ifneq ($(CONFIG_WOLFSSL_HAS_POLY1305),y)
+ifeq ($(CONFIG_WOLFSSL_HAS_WPAS),y)
CONFIGURE_ARGS += \
- --enable-poly1305
+ --enable-wpas --enable-fortress --enable-fastmath
endif
-#ifneq ($(CONFIG_TARGET_x86),)
-# CONFIGURE_ARGS += --enable-intelasm
-#endif
-#ifneq ($(CONFIG_TARGET_x86_64),)
-# CONFIGURE_ARGS += --enable-intelasm
-#endif
-
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
define Package/libwolfssl/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so* $(1)/usr/lib/
- ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so.* $(1)/usr/lib/
+endef
+
+Package/libwolfsslcpu-crypto/install=$(Package/libwolfssl/install)
+
+define Package/libwolfssl-benchmark/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(CP) $(PKG_BUILD_DIR)/wolfcrypt/benchmark/.libs/benchmark $(1)/usr/bin/wolfssl-benchmark
endef
$(eval $(call BuildPackage,libwolfssl))
+$(eval $(call BuildPackage,libwolfsslcpu-crypto))
+$(eval $(call BuildPackage,libwolfssl-benchmark))