@@ -77,6 +77,10 @@ config HAVE_LIBCRYPTO
bool
option env="HAVE_LIBCRYPTO"
+config HAVE_WOLFSSL
+ bool
+ option env="HAVE_WOLFSSL"
+
config HAVE_MBEDTLS
bool
option env="HAVE_MBEDTLS"
@@ -347,6 +351,10 @@ choice
bool "OpenSSL"
depends on HAVE_LIBSSL
+ config SSL_IMPL_WOLFSSL
+ bool "wolfSSL (with OpenSSL compatibility layer)"
+ depends on HAVE_WOLFSSL
+
config SSL_IMPL_MBEDTLS
bool "mbedTLS"
depends on HAVE_MBEDTLS
@@ -369,7 +377,7 @@ config DOWNLOAD_SSL
bool "Enable SSL support for image downloading"
default n
depends on DOWNLOAD
- depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
select CHANNEL_CURL_SSL
help
Enable SSL and checksum verification support in channels
@@ -383,18 +391,18 @@ config CHANNEL_CURL
config CHANNEL_CURL_SSL
bool
depends on CHANNEL_CURL
- depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
select CURL_SSL
config HASH_VERIFY
bool "Allow to add sha256 hash to each image"
- depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
help
Allow to add a sha256 hash to an artifact.
This is automatically set in case of Signed Image
comment "Hash checking needs an SSL implementation"
- depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+ depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
config DISABLE_CPIO_CRC
bool "Disable cpio CRC verify if SHA 256 is enabled"
@@ -410,10 +418,10 @@ config DISABLE_CPIO_CRC
config SIGNED_IMAGES
bool "Enable verification of signed images"
- depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
select HASH_VERIFY
comment "Image signature verification needs an SSL implementation"
- depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+ depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
choice
prompt "Signature verification algorithm"
@@ -450,9 +458,9 @@ endmenu
config ENCRYPTED_IMAGES
bool "Images can be encrypted with a symmetric key"
- depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
comment "Image encryption needs an SSL implementation"
- depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+ depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
source suricatta/Config.in
@@ -62,6 +62,10 @@ ifeq ($(HAVE_LIBCRYPTO),)
export HAVE_LIBCRYPTO = y
endif
+ifeq ($(HAVE_WOLFSSL),)
+export HAVE_WOLFSSL = y
+endif
+
ifeq ($(HAVE_MBEDTLS),)
export HAVE_MBEDTLS = y
endif
@@ -149,6 +149,11 @@ ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
LDLIBS += crypto ssl
endif
+ifeq ($(CONFIG_SSL_IMPL_WOLFSSL),y)
+KBUILD_CPPFLAGS += -I/usr/include/wolfssl
+LDLIBS += wolfssl
+endif
+
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
LDLIBS += mbedcrypto mbedtls mbedx509
endif
@@ -5,11 +5,14 @@
lib-$(CONFIG_DOWNLOAD) += downloader.o
lib-$(CONFIG_MTD) += mtd-interface.o
lib-$(CONFIG_LUA) += lua_interface.o lua_compat.o
-ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
+ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
lib-$(CONFIG_HASH_VERIFY) += verify_signature.o
lib-$(CONFIG_ENCRYPTED_IMAGES) += swupdate_decrypt.o
lib-$(CONFIG_SIGALG_RAWRSA) += swupdate_rsa_verify.o
lib-$(CONFIG_SIGALG_RSAPSS) += swupdate_rsa_verify.o
+endif
+ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
+# wolfSSL does not support CMS in the compatibility layer yet
lib-$(CONFIG_SIGALG_CMS) += swupdate_cms_verify.o
endif
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
@@ -18,7 +18,7 @@
*/
#if defined(CONFIG_HASH_VERIFY) || defined(CONFIG_ENCRYPTED_IMAGES) || \
defined(CONFIG_CHANNEL_CURL_SSL)
-#if defined(CONFIG_SSL_IMPL_OPENSSL)
+#if defined(CONFIG_SSL_IMPL_OPENSSL) || defined(CONFIG_SSL_IMPL_WOLFSSL)
#include <openssl/bio.h>
#include <openssl/objects.h>
#include <openssl/err.h>
@@ -28,11 +28,11 @@ config MONGOOSEIPV6
config MONGOOSESSL
bool "SSL support"
depends on MONGOOSE
- depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
help
It enables SSL support into mongoose
comment "SSL support needs an SSL implementation"
- depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+ depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
endif
@@ -7,7 +7,7 @@ KBUILD_CFLAGS += -DMG_ENABLE_IPV6=1
endif
ifneq ($(CONFIG_MONGOOSESSL),)
KBUILD_CFLAGS += -DMG_ENABLE_SSL=1
-ifeq ($(CONFIG_SSL_IMPL_OPENSSL),y)
+ifeq ($(CONFIG_SSL_IMPL_OPENSSL)$(CONFIG_SSL_IMPL_WOLFSSL),y)
KBUILD_CFLAGS += -DMG_SSL_IF=MG_SSL_IF_OPENSSL
endif
ifeq ($(CONFIG_SSL_IMPL_MBEDTLS),y)
@@ -21,13 +21,13 @@ menu "Features"
config SURICATTA_SSL
bool "SSL support"
default n
- depends on SSL_IMPL_OPENSSL || SSL_IMPL_MBEDTLS
+ depends on SSL_IMPL_OPENSSL || SSL_IMPL_WOLFSSL || SSL_IMPL_MBEDTLS
select CHANNEL_CURL_SSL
help
Enable SSL and checksum verification support in suricatta.
comment "SSL support needs an SSL implementation"
- depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_MBEDTLS
+ depends on !SSL_IMPL_OPENSSL && !SSL_IMPL_WOLFSSL && !SSL_IMPL_MBEDTLS
endmenu