Hardware acceleration was disabled when AES-CCM was selected as a workaround for a build failure. This applies a couple of upstream patches fixing this.
Signed-off-by: Eneas U de Queiroz <cotequei...@gmail.com> --- This is the result of this upstream issue: https://github.com/wolfSSL/wolfssl/issues/2392 It was tested on WRT3200ACM (mvebu) running openwrt master, using uhttpd, curl, and uclient-fetch (with ustream-ssl fixes applied). This should be cherry-picked to 19.07 as well. diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index a729f73a1d..4ac69f821a 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -50,28 +50,27 @@ config WOLFSSL_HAS_ECC25519 config WOLFSSL_HAS_DEVCRYPTO bool -if WOLFSSL_HAS_AES_CCM - comment "! Hardware Acceleration does not build with AES-CCM enabled" -endif -if !WOLFSSL_HAS_AES_CCM - choice - prompt "Hardware Acceleration" - default WOLFSSL_HAS_NO_HW +choice + prompt "Hardware Acceleration" + default WOLFSSL_HAS_NO_HW - config WOLFSSL_HAS_NO_HW - bool "None" + config WOLFSSL_HAS_NO_HW + bool "None" - config WOLFSSL_HAS_AFALG - bool "AF_ALG" + config WOLFSSL_HAS_AFALG + bool "AF_ALG" - config WOLFSSL_HAS_DEVCRYPTO_AES - bool "/dev/crypto - AES-only" - select WOLFSSL_HAS_DEVCRYPTO + config WOLFSSL_HAS_DEVCRYPTO_CBC + bool "/dev/crytpo - AES-CBC-only" + select WOLFSSL_HAS_DEVCRYPTO - config WOLFSSL_HAS_DEVCRYPTO_FULL - bool "/dev/crypto - full" - select WOLFSSL_HAS_DEVCRYPTO - endchoice -endif + config WOLFSSL_HAS_DEVCRYPTO_AES + bool "/dev/crypto - AES-only (all supported modes)" + select WOLFSSL_HAS_DEVCRYPTO + + config WOLFSSL_HAS_DEVCRYPTO_FULL + bool "/dev/crypto - full" + select WOLFSSL_HAS_DEVCRYPTO +endchoice endif diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 2ad03a5aca..778754ffdc 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl PKG_VERSION:=4.1.0-stable -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) @@ -77,7 +77,9 @@ CONFIGURE_ARGS += \ --$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \ --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \ --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \ - --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)) + --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\ + ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\ + ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no))) ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y) CONFIGURE_ARGS += \ diff --git a/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch b/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch new file mode 100644 index 0000000000..a9b8aee918 --- /dev/null +++ b/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch @@ -0,0 +1,74 @@ +From e8e1d35744c68b165e172a687e870a549438bdf0 Mon Sep 17 00:00:00 2001 +From: Jacob Barthelmeh <ja...@wolfssl.com> +Date: Tue, 13 Aug 2019 14:12:45 -0600 +Subject: [PATCH] build with devcrypto and aesccm + + +diff --git a/configure.ac b/configure.ac +index f943cc6ef..cf03e7f52 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1096,6 +1096,10 @@ then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES" ++ if test "$ENABLED_AESCCM" = "yes" ++ then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" ++ fi + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW" + ENABLED_DEVCRYPTO=yes +@@ -1106,6 +1110,10 @@ then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC" ++ if test "$ENABLED_AESCCM" = "yes" ++ then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" ++ fi + ENABLED_DEVCRYPTO=yes + fi + if test "$ENABLED_DEVCRYPTO" = "cbc" +diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c +index beeae72a6..b583d03e9 100644 +--- a/wolfcrypt/src/aes.c ++++ b/wolfcrypt/src/aes.c +@@ -760,6 +760,14 @@ + #elif defined(WOLFSSL_DEVCRYPTO_AES) + /* if all AES is enabled with devcrypto then tables are not needed */ + ++ #if defined(HAVE_AESCCM) ++ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) ++ { ++ wc_AesEncryptDirect(aes, outBlock, inBlock); ++ return 0; ++ } ++ #endif ++ + #else + + /* using wolfCrypt software implementation */ +@@ -1314,7 +1322,8 @@ static const word32 Td[4][256] = { + }; + + +-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) ++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \ ++ || defined(WOLFSSL_AES_DIRECT) + static const byte Td4[256] = + { + 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, +diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c +index 5c63421e2..d5061f364 100644 +--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c ++++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c +@@ -168,7 +168,7 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in, + #endif + + +-#if defined(WOLFSSL_AES_DIRECT) ++#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) + void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) + { + wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT); diff --git a/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch b/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch new file mode 100644 index 0000000000..bb4c6fd04b --- /dev/null +++ b/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch @@ -0,0 +1,64 @@ +From 9fd38dc340c38dee6e5935da174f90270a63bfbf Mon Sep 17 00:00:00 2001 +From: Jacob Barthelmeh <ja...@wolfssl.com> +Date: Fri, 30 Aug 2019 16:15:48 -0600 +Subject: [PATCH] build fix for aesccm + devcrypto=cbc + wpas and afalg + + +diff --git a/configure.ac b/configure.ac +index 61fad39dd..30731eb52 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1045,6 +1045,10 @@ AC_ARG_ENABLE([afalg], + + if test "$ENABLED_AFALG" = "yes" + then ++ if test "$ENABLED_AESCCM" = "yes" ++ then ++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" ++ fi + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH" + fi +diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c +index fef2f9c74..d294f6236 100644 +--- a/wolfcrypt/src/aes.c ++++ b/wolfcrypt/src/aes.c +@@ -759,7 +759,9 @@ + } + #endif /* HAVE_AES_DECRYPT */ + +-#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) ++#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)) || \ ++ ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \ ++ defined(HAVE_AESCCM)) + static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) + { + wc_AesEncryptDirect(aes, outBlock, inBlock); +@@ -768,16 +770,6 @@ + + #elif defined(WOLFSSL_AFALG) + #elif defined(WOLFSSL_DEVCRYPTO_AES) +- /* if all AES is enabled with devcrypto then tables are not needed */ +- +- #if defined(HAVE_AESCCM) +- static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) +- { +- wc_AesEncryptDirect(aes, outBlock, inBlock); +- return 0; +- } +- #endif +- + #else + + /* using wolfCrypt software implementation */ +@@ -1593,8 +1585,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */ + + #if defined(HAVE_AES_DECRYPT) +-#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ +- !defined(WOLFSSL_DEVCRYPTO_CBC) ++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \ ++ defined(WOLFSSL_AES_DIRECT) + + /* load 4 Td Tables into cache by cache line stride */ + static WC_INLINE word32 PreFetchTd(void) _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
