projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)
[openwrt/openwrt.git] / package / libs / wolfssl / Makefile
1 #
2 # Copyright (C) 2006-2017 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9
10 PKG_NAME:=wolfssl
11 PKG_VERSION:=5.5.1-stable
12 PKG_RELEASE:=$(AUTORELEASE)
13
14 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
15 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
16 PKG_HASH:=97339e6956c90e7c881ba5c748dd04f7c30e5dbe0c06da765418c51375a6dee3
17
18 PKG_FIXUP:=libtool libtool-abiver
19 PKG_INSTALL:=1
20 PKG_USE_MIPS16:=0
21 PKG_BUILD_PARALLEL:=1
22 PKG_LICENSE:=GPL-2.0-or-later
23 PKG_LICENSE_FILES:=LICENSING COPYING
24 PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
25 PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
26
27 PKG_CONFIG_DEPENDS:=\
28 CONFIG_WOLFSSL_HAS_AES_CCM \
29 CONFIG_WOLFSSL_HAS_ARC4 \
30 CONFIG_WOLFSSL_HAS_CERTGEN \
31 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
32 CONFIG_WOLFSSL_HAS_DH \
33 CONFIG_WOLFSSL_HAS_DTLS \
34 CONFIG_WOLFSSL_HAS_ECC25519 \
35 CONFIG_WOLFSSL_HAS_ECC448 \
36 CONFIG_WOLFSSL_HAS_OCSP \
37 CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \
38 CONFIG_WOLFSSL_HAS_SESSION_TICKET \
39 CONFIG_WOLFSSL_HAS_TLSV10 \
40 CONFIG_WOLFSSL_HAS_TLSV13 \
41 CONFIG_WOLFSSL_HAS_WPAS
42
43 PKG_ABI_VERSION:=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
44
45 PKG_CONFIG_DEPENDS+=\
46 CONFIG_PACKAGE_libwolfssl-benchmark \
47 CONFIG_WOLFSSL_HAS_AFALG \
48 CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
49 CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \
50 CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL
51
52 include $(INCLUDE_DIR)/package.mk
53
54 define Package/libwolfssl/Default
55 SECTION:=libs
56 SUBMENU:=SSL
57 CATEGORY:=Libraries
58 URL:=http://www.wolfssl.com/
59 endef
60
61 define Package/libwolfssl
62 $(call Package/libwolfssl/Default)
63 TITLE:=wolfSSL library
64 MENU:=1
65 PROVIDES:=libcyassl
66 DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user
67 ABI_VERSION:=$(PKG_ABI_VERSION)
68 VARIANT:=regular
69 DEFAULT_VARIANT:=1
70 CONFLICTS:=libwolfsslcpu-crypto
71 endef
72
73 define Package/libwolfssl/description
74 wolfSSL (formerly CyaSSL) is an SSL library optimized for small
75 footprint, both on disk and for memory use.
76 endef
77
78 define Package/libwolfssl/config
79 source "$(SOURCE)/Config.in"
80 endef
81
82 define Package/libwolfsslcpu-crypto
83 $(call Package/libwolfssl/Default)
84 TITLE:=wolfSSL library with AES CPU instructions
85 PROVIDES:=libwolfssl libcyassl
86 DEPENDS:=@((aarch64||x86_64)&&(m||!TARGET_bcm27xx))
87 ABI_VERSION:=$(PKG_ABI_VERSION)
88 VARIANT:=cpu-crypto
89 endef
90
91 define Package/libwolfssl-benchmark
92 $(call Package/libwolfssl/Default)
93 TITLE:=wolfSSL Benchmark Utility
94 DEPENDS:=libwolfssl
95 endef
96
97 define Package/libwolfsslcpu-crypto/description
98 $(call Package/libwolfssl/description)
99 This variant uses AES CPU instructions (Intel AESNI or ARMv8 Crypto Extension)
100 endef
101
102 define Package/libwolfsslcpu-crypto/config
103 if TARGET_armvirt && PACKAGE_libwolfsslcpu-crypto = y
104 comment "You are about to build libwolfsslcpu-crypto into an armvirt_64 image."
105 comment "Ensure all of your installation targets support the Crypto Extension. "
106 comment "Look for the 'aes' feature in /proc/cpuinfo. This library does not do "
107 comment "run-time detection and will crash if the CPU does not support it. "
108 endif
109 if TARGET_bcm27xx && PACKAGE_libwolfsslcpu-crypto
110 comment "Beware that libwolfsslcpu-crypto will not run in a bcm27xx target. "
111 endif
112 endef
113
114 define Package/libwolfssl-benchmark/description
115 This is the wolfssl benchmark utility.
116 endef
117
118 TARGET_CFLAGS += \
119 $(FPIC) \
120 -fomit-frame-pointer \
121 -flto \
122 -DFP_MAX_BITS=8192 \
123 $(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)
124
125 TARGET_LDFLAGS += -flto
126
127 # --enable-stunnel needed for OpenSSL API compatibility bits
128 CONFIGURE_ARGS += \
129 --enable-reproducible-build \
130 --enable-lighty \
131 --enable-opensslall \
132 --enable-opensslextra \
133 --enable-sni \
134 --enable-stunnel \
135 --enable-altcertchains \
136 --$(if $(CONFIG_PACKAGE_libwolfssl-benchmark),enable,disable)-crypttests \
137 --disable-examples \
138 --disable-jobserver \
139 --$(if $(CONFIG_IPV6),enable,disable)-ipv6 \
140 --$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \
141 --$(if $(CONFIG_WOLFSSL_HAS_CERTGEN),enable,disable)-certgen \
142 --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \
143 --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \
144 --$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \
145 --$(if $(CONFIG_WOLFSSL_HAS_ARC4),enable,disable)-arc4 \
146 --$(if $(CONFIG_WOLFSSL_HAS_TLSV10),enable,disable)-tlsv10 \
147 --$(if $(CONFIG_WOLFSSL_HAS_TLSV13),enable,disable)-tls13 \
148 --$(if $(CONFIG_WOLFSSL_HAS_SESSION_TICKET),enable,disable)-session-ticket \
149 --$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
150 --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
151 --$(if $(CONFIG_WOLFSSL_HAS_ECC448),enable,disable)-curve448 \
152 --$(if $(CONFIG_WOLFSSL_HAS_OPENVPN),enable,disable)-openvpn
153
154 ifeq ($(BUILD_VARIANT),regular)
155 CONFIGURE_ARGS += \
156 --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
157 --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
158 ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
159 ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
160 else ifdef CONFIG_aarch64
161 CONFIGURE_ARGS += --enable-armasm
162 TARGET_CFLAGS:=$(TARGET_CFLAGS:-mcpu%=-mcpu%+crypto)
163 WOLFSSL_NOASM_REGEX:=^bcm27xx/.*
164 Package/libwolfsslcpu-crypto/preinst=\
165 $(subst @@WOLFSSL_NOASM_REGEX@@,$(WOLFSSL_NOASM_REGEX),$(file <preinst.arm-ce))
166 else ifdef CONFIG_TARGET_x86_64
167 CONFIGURE_ARGS += --enable-intelasm
168 endif
169
170 ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
171 CONFIGURE_ARGS += \
172 --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
173 endif
174
175 ifeq ($(CONFIG_WOLFSSL_HAS_WPAS),y)
176 CONFIGURE_ARGS += \
177 --enable-wpas --enable-fortress --enable-fastmath
178 endif
179
180 define Build/InstallDev
181 $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
182 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
183
184 $(INSTALL_DIR) $(1)/usr/lib
185 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.{so*,la} $(1)/usr/lib/
186 ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
187 ln -s libwolfssl.la $(1)/usr/lib/libcyassl.la
188
189 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig
190 endef
191
192 define Package/libwolfssl/install
193 $(INSTALL_DIR) $(1)/usr/lib
194 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so.* $(1)/usr/lib/
195 endef
196
197 Package/libwolfsslcpu-crypto/install=$(Package/libwolfssl/install)
198
199 define Package/libwolfssl-benchmark/install
200 $(INSTALL_DIR) $(1)/usr/bin
201 $(CP) $(PKG_BUILD_DIR)/wolfcrypt/benchmark/.libs/benchmark $(1)/usr/bin/wolfssl-benchmark
202 endef
203
204 $(eval $(call BuildPackage,libwolfssl))
205 $(eval $(call BuildPackage,libwolfsslcpu-crypto))
206 $(eval $(call BuildPackage,libwolfssl-benchmark))
OpenWrt Source Repository