wolfssl: allow building with hw-crytpo and AES-CCM
authorEneas U de Queiroz <cotequeiroz@gmail.com>
Thu, 12 Sep 2019 20:00:00 +0000 (17:00 -0300)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 10 Nov 2019 15:23:08 +0000 (16:23 +0100)
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit ab19627ecc3923687fd339f4f23dc45572d00ce0)

package/libs/wolfssl/Config.in
package/libs/wolfssl/Makefile
package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch [new file with mode: 0644]
package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch [new file with mode: 0644]

index a729f73..4ac69f8 100644 (file)
@@ -50,28 +50,27 @@ config WOLFSSL_HAS_ECC25519
 config WOLFSSL_HAS_DEVCRYPTO
        bool
 
-if WOLFSSL_HAS_AES_CCM
-       comment "! Hardware Acceleration does not build with AES-CCM enabled"
-endif
-if !WOLFSSL_HAS_AES_CCM
-       choice
-               prompt "Hardware Acceleration"
-               default WOLFSSL_HAS_NO_HW
+choice
+       prompt "Hardware Acceleration"
+       default WOLFSSL_HAS_NO_HW
 
-               config WOLFSSL_HAS_NO_HW
-                       bool "None"
+       config WOLFSSL_HAS_NO_HW
+               bool "None"
 
-               config WOLFSSL_HAS_AFALG
-                       bool "AF_ALG"
+       config WOLFSSL_HAS_AFALG
+               bool "AF_ALG"
 
-               config WOLFSSL_HAS_DEVCRYPTO_AES
-                       bool "/dev/crypto - AES-only"
-                       select WOLFSSL_HAS_DEVCRYPTO
+       config WOLFSSL_HAS_DEVCRYPTO_CBC
+               bool "/dev/crytpo - AES-CBC-only"
+               select WOLFSSL_HAS_DEVCRYPTO
 
-               config WOLFSSL_HAS_DEVCRYPTO_FULL
-                       bool "/dev/crypto - full"
-                       select WOLFSSL_HAS_DEVCRYPTO
-       endchoice
-endif
+       config WOLFSSL_HAS_DEVCRYPTO_AES
+               bool "/dev/crypto - AES-only (all supported modes)"
+               select WOLFSSL_HAS_DEVCRYPTO
+
+       config WOLFSSL_HAS_DEVCRYPTO_FULL
+               bool "/dev/crypto - full"
+               select WOLFSSL_HAS_DEVCRYPTO
+endchoice
 
 endif
index 2ad03a5..778754f 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
 PKG_VERSION:=4.1.0-stable
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
@@ -77,7 +77,9 @@ CONFIGURE_ARGS += \
        --$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
        --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
        --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
-       --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no))
+       --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
+                         ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
+                         ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
 
 ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
 CONFIGURE_ARGS += \
diff --git a/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch b/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch
new file mode 100644 (file)
index 0000000..a9b8aee
--- /dev/null
@@ -0,0 +1,74 @@
+From e8e1d35744c68b165e172a687e870a549438bdf0 Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Tue, 13 Aug 2019 14:12:45 -0600
+Subject: [PATCH] build with devcrypto and aesccm
+
+
+diff --git a/configure.ac b/configure.ac
+index f943cc6ef..cf03e7f52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1096,6 +1096,10 @@ then
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
+     ENABLED_DEVCRYPTO=yes
+@@ -1106,6 +1110,10 @@ then
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     ENABLED_DEVCRYPTO=yes
+ fi
+ if test "$ENABLED_DEVCRYPTO" = "cbc"
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index beeae72a6..b583d03e9 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -760,6 +760,14 @@
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+     /* if all AES is enabled with devcrypto then tables are not needed */
++    #if defined(HAVE_AESCCM)
++    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
++    {
++        wc_AesEncryptDirect(aes, outBlock, inBlock);
++        return 0;
++    }
++    #endif
++
+ #else
+     /* using wolfCrypt software implementation */
+@@ -1314,7 +1322,8 @@ static const word32 Td[4][256] = {
+ };
+-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \
++                      || defined(WOLFSSL_AES_DIRECT)
+ static const byte Td4[256] =
+ {
+     0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+index 5c63421e2..d5061f364 100644
+--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
++++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+@@ -168,7 +168,7 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
+ #endif
+-#if defined(WOLFSSL_AES_DIRECT)
++#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
+ void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+ {
+     wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);
diff --git a/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch b/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch
new file mode 100644 (file)
index 0000000..bb4c6fd
--- /dev/null
@@ -0,0 +1,64 @@
+From 9fd38dc340c38dee6e5935da174f90270a63bfbf Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Fri, 30 Aug 2019 16:15:48 -0600
+Subject: [PATCH] build fix for aesccm + devcrypto=cbc + wpas and afalg
+
+
+diff --git a/configure.ac b/configure.ac
+index 61fad39dd..30731eb52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1045,6 +1045,10 @@ AC_ARG_ENABLE([afalg],
+ if test "$ENABLED_AFALG" = "yes"
+ then
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
+ fi
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index fef2f9c74..d294f6236 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -759,7 +759,9 @@
+         }
+     #endif /* HAVE_AES_DECRYPT */
+-#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)
++#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)) || \
++      ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
++        defined(HAVE_AESCCM))
+         static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+         {
+             wc_AesEncryptDirect(aes, outBlock, inBlock);
+@@ -768,16 +770,6 @@
+ #elif defined(WOLFSSL_AFALG)
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+-    /* if all AES is enabled with devcrypto then tables are not needed */
+-
+-    #if defined(HAVE_AESCCM)
+-    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+-    {
+-        wc_AesEncryptDirect(aes, outBlock, inBlock);
+-        return 0;
+-    }
+-    #endif
+-
+ #else
+     /* using wolfCrypt software implementation */
+@@ -1593,8 +1585,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
+ #if defined(HAVE_AES_DECRYPT)
+-#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
+-    !defined(WOLFSSL_DEVCRYPTO_CBC)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
++     defined(WOLFSSL_AES_DIRECT)
+ /* load 4 Td Tables into cache by cache line stride */
+ static WC_INLINE word32 PreFetchTd(void)