[OpenWrt-Devel] wolfssl: allow building with hw-crytpo and AES-CCM
diff mbox series

Message ID 20190912200000.12440-1-cotequeiroz@gmail.com
State Accepted
Delegated to: Hauke Mehrtens
Headers show
Series
  • [OpenWrt-Devel] wolfssl: allow building with hw-crytpo and AES-CCM
Related show

Commit Message

Eneas U de Queiroz Sept. 12, 2019, 8 p.m. UTC
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
---
This is the result of this upstream issue:
https://github.com/wolfSSL/wolfssl/issues/2392

It was tested on WRT3200ACM (mvebu) running openwrt master, using
uhttpd, curl, and uclient-fetch (with ustream-ssl fixes applied).

This should be cherry-picked to 19.07 as well.

Patch
diff mbox series

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index a729f73a1d..4ac69f821a 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -50,28 +50,27 @@  config WOLFSSL_HAS_ECC25519
 config WOLFSSL_HAS_DEVCRYPTO
 	bool
 
-if WOLFSSL_HAS_AES_CCM
-	comment "! Hardware Acceleration does not build with AES-CCM enabled"
-endif
-if !WOLFSSL_HAS_AES_CCM
-	choice
-		prompt "Hardware Acceleration"
-		default WOLFSSL_HAS_NO_HW
+choice
+	prompt "Hardware Acceleration"
+	default WOLFSSL_HAS_NO_HW
 
-		config WOLFSSL_HAS_NO_HW
-			bool "None"
+	config WOLFSSL_HAS_NO_HW
+		bool "None"
 
-		config WOLFSSL_HAS_AFALG
-			bool "AF_ALG"
+	config WOLFSSL_HAS_AFALG
+		bool "AF_ALG"
 
-		config WOLFSSL_HAS_DEVCRYPTO_AES
-			bool "/dev/crypto - AES-only"
-			select WOLFSSL_HAS_DEVCRYPTO
+	config WOLFSSL_HAS_DEVCRYPTO_CBC
+		bool "/dev/crytpo - AES-CBC-only"
+		select WOLFSSL_HAS_DEVCRYPTO
 
-		config WOLFSSL_HAS_DEVCRYPTO_FULL
-			bool "/dev/crypto - full"
-			select WOLFSSL_HAS_DEVCRYPTO
-	endchoice
-endif
+	config WOLFSSL_HAS_DEVCRYPTO_AES
+		bool "/dev/crypto - AES-only (all supported modes)"
+		select WOLFSSL_HAS_DEVCRYPTO
+
+	config WOLFSSL_HAS_DEVCRYPTO_FULL
+		bool "/dev/crypto - full"
+		select WOLFSSL_HAS_DEVCRYPTO
+endchoice
 
 endif
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 2ad03a5aca..778754ffdc 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -9,7 +9,7 @@  include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
 PKG_VERSION:=4.1.0-stable
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
@@ -77,7 +77,9 @@  CONFIGURE_ARGS += \
 	--$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
 	--$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
 	--$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
-	--enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no))
+	--enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
+			  ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
+			  ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
 
 ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
 CONFIGURE_ARGS += \
diff --git a/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch b/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch
new file mode 100644
index 0000000000..a9b8aee918
--- /dev/null
+++ b/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch
@@ -0,0 +1,74 @@ 
+From e8e1d35744c68b165e172a687e870a549438bdf0 Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Tue, 13 Aug 2019 14:12:45 -0600
+Subject: [PATCH] build with devcrypto and aesccm
+
+
+diff --git a/configure.ac b/configure.ac
+index f943cc6ef..cf03e7f52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1096,6 +1096,10 @@ then
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
+     ENABLED_DEVCRYPTO=yes
+@@ -1106,6 +1110,10 @@ then
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     ENABLED_DEVCRYPTO=yes
+ fi
+ if test "$ENABLED_DEVCRYPTO" = "cbc"
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index beeae72a6..b583d03e9 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -760,6 +760,14 @@
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+     /* if all AES is enabled with devcrypto then tables are not needed */
+ 
++    #if defined(HAVE_AESCCM)
++    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
++    {
++        wc_AesEncryptDirect(aes, outBlock, inBlock);
++        return 0;
++    }
++    #endif
++
+ #else
+ 
+     /* using wolfCrypt software implementation */
+@@ -1314,7 +1322,8 @@ static const word32 Td[4][256] = {
+ };
+ 
+ 
+-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \
++			|| defined(WOLFSSL_AES_DIRECT)
+ static const byte Td4[256] =
+ {
+     0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+index 5c63421e2..d5061f364 100644
+--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
++++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+@@ -168,7 +168,7 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
+ #endif
+ 
+ 
+-#if defined(WOLFSSL_AES_DIRECT)
++#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
+ void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+ {
+     wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);
diff --git a/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch b/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch
new file mode 100644
index 0000000000..bb4c6fd04b
--- /dev/null
+++ b/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch
@@ -0,0 +1,64 @@ 
+From 9fd38dc340c38dee6e5935da174f90270a63bfbf Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Fri, 30 Aug 2019 16:15:48 -0600
+Subject: [PATCH] build fix for aesccm + devcrypto=cbc + wpas and afalg
+
+
+diff --git a/configure.ac b/configure.ac
+index 61fad39dd..30731eb52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1045,6 +1045,10 @@ AC_ARG_ENABLE([afalg],
+ 
+ if test "$ENABLED_AFALG" = "yes"
+ then
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
+ fi
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index fef2f9c74..d294f6236 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -759,7 +759,9 @@
+         }
+     #endif /* HAVE_AES_DECRYPT */
+ 
+-#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)
++#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)) || \
++      ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
++        defined(HAVE_AESCCM))
+         static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+         {
+             wc_AesEncryptDirect(aes, outBlock, inBlock);
+@@ -768,16 +770,6 @@
+ 
+ #elif defined(WOLFSSL_AFALG)
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+-    /* if all AES is enabled with devcrypto then tables are not needed */
+-
+-    #if defined(HAVE_AESCCM)
+-    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+-    {
+-        wc_AesEncryptDirect(aes, outBlock, inBlock);
+-        return 0;
+-    }
+-    #endif
+-
+ #else
+ 
+     /* using wolfCrypt software implementation */
+@@ -1593,8 +1585,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
+ 
+ #if defined(HAVE_AES_DECRYPT)
+-#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
+-    !defined(WOLFSSL_DEVCRYPTO_CBC)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
++     defined(WOLFSSL_AES_DIRECT)
+ 
+ /* load 4 Td Tables into cache by cache line stride */
+ static WC_INLINE word32 PreFetchTd(void)