[OpenWrt-Devel] wolfssl: reorganized build options

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Removed options that can't be turned off because we're building
with --enable-stunnel, some of which affected hostpad's Config.in.
Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
Fixed poly1035 build.  
Mark options turned on when wpad support is selected.
Add building with TLS v1.0 support as an option.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

PS: Is there any reason to split up chacha and poly1305 options?  
I would merge them in to a single option, but haven't done this here.
---
 package/libs/wolfssl/Config.in             | 17 ++++++---------
 package/libs/wolfssl/Makefile              | 33 ++++++++----------------------
 package/network/services/hostapd/Config.in |  3 ---
 3 files changed, 15 insertions(+), 38 deletions(-)

On Mon, Jun 18, 2018 at 5:07 AM, Eneas U de Queiroz via openwrt-devel
<openwrt-devel@lists.openwrt.org> wrote:
> The sender domain has a DMARC Reject/Quarantine policy which disallows
> sending mailing list messages using the original "From" header.
>
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
>

Let's have the discussion on Github on your PR
https://github.com/openwrt/openwrt/pull/1069

Thanks
Alex

> ---------- Forwarded message ----------
> From: Eneas U de Queiroz <cote2004-github@yahoo.com>
> To: openwrt-devel@lists.openwrt.org
> Cc: Eneas U de Queiroz <cote2004-github@yahoo.com>
> Bcc:
> Date: Sun, 17 Jun 2018 23:05:58 -0300
> Subject: [PATCH] wolfssl: reorganized build options
> Removed options that can't be turned off because we're building
> with --enable-stunnel, some of which affected hostpad's Config.in.
> Adjusted the title of OCSP option, as OCSP itself can't be turned off,
> only the stapling part is selectable.
> Fixed poly1035 build.
> Mark options turned on when wpad support is selected.
> Add building with TLS v1.0 support as an option.
>
> Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
>
> PS: Is there any reason to split up chacha and poly1305 options?
> I would merge them in to a single option, but haven't done this here.
> ---
>  package/libs/wolfssl/Config.in             | 17 ++++++---------
>  package/libs/wolfssl/Makefile              | 33 ++++++++----------------------
>  package/network/services/hostapd/Config.in |  3 ---
>  3 files changed, 15 insertions(+), 38 deletions(-)
>
> diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
> index 50b0bb9cdf..45750a5892 100644
> --- a/package/libs/wolfssl/Config.in
> +++ b/package/libs/wolfssl/Config.in
> @@ -12,10 +12,6 @@ config WOLFSSL_HAS_CHACHA
>         bool "Include ChaCha cipher suite support"
>         default n
>
> -config WOLFSSL_HAS_ECC
> -       bool "Include ECC (Elliptic Curve Cryptography) support"
> -       default y
> -
>  config WOLFSSL_HAS_DH
>         bool "Include DH (Diffie-Hellman) support"
>         default y
> @@ -24,12 +20,8 @@ config WOLFSSL_HAS_ARC4
>         bool "Include ARC4 support"
>         default y
>
> -config WOLFSSL_HAS_DES3
> -       bool "Include DES3 (Tripple-DES) support"
> -       default y
> -
> -config WOLFSSL_HAS_PSK
> -       bool "Include PKS (Pre Share Key) support"
> +config WOLFSSL_HAS_TLSV10
> +       bool "Include TLS 1.0 support"
>         default y
>
>  config WOLFSSL_HAS_SESSION_TICKET
> @@ -41,11 +33,14 @@ config WOLFSSL_HAS_DTLS
>         default n
>
>  config WOLFSSL_HAS_OCSP
> -       bool "Include OSCP support"
> +       bool "Include OSCP stapling support"
>         default y
>
>  config WOLFSSL_HAS_WPAS
>         bool "Include wpa_supplicant support"
> +       select WOLFSSL_HAS_ARC4
> +       select WOLFSSL_HAS_OCSP
> +       select WOLFSSL_HAS_SESSION_TICKET
>         default y
>
>  config WOLFSSL_HAS_ECC25519
> diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
> index e08b6f3929..6e121330f4 100644
> --- a/package/libs/wolfssl/Makefile
> +++ b/package/libs/wolfssl/Makefile
> @@ -26,11 +26,10 @@ PKG_CPE_ID:=cpe:/a:yassl:cyassl
>  PKG_CONFIG_DEPENDS:=\
>         CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \
>         CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \
> -       CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
> -       CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \
> +       CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
> +       CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_TLSV10 \
>         CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY_1305 \
> -       CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \
> -       CONFIG_WOLFSSL_HAS_WPAS
> +       CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_WPAS
>
>  include $(INCLUDE_DIR)/package.mk
>
> @@ -85,15 +84,9 @@ CONFIGURE_ARGS += \
>         --disable-chacha
>  endif
>
> -ifeq ($(CONFIG_WOLFSSL_HAS_ECC),y)
> +ifneq ($(CONFIG_WOLFSSL_HAS_DH),y)
>  CONFIGURE_ARGS += \
> -       --enable-ecc \
> -       --enable-supportedcurves
> -endif
> -
> -ifeq ($(CONFIG_WOLFSSL_HAS_DH),y)
> -CONFIGURE_ARGS += \
> -       --enable-dh
> +       --disable-dh
>  endif
>
>  ifneq ($(CONFIG_WOLFSSL_HAS_ARC4),y)
> @@ -104,17 +97,9 @@ CONFIGURE_ARGS += \
>         --enable-arc4
>  endif
>
> -ifneq ($(CONFIG_WOLFSSL_HAS_DES3),y)
> -CONFIGURE_ARGS += \
> -       --disable-des3
> -else
> -CONFIGURE_ARGS += \
> -       --enable-des3
> -endif
> -
> -ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y)
> +ifeq ($(CONFIG_WOLFSSL_HAS_TLSV10),y)
>  CONFIGURE_ARGS += \
> -       --enable-psk
> +       --enable-tlsv10
>  endif
>
>  ifeq ($(CONFIG_WOLFSSL_HAS_SESSION_TICKET),y)
> @@ -142,9 +127,9 @@ CONFIGURE_ARGS += \
>         --enable-curve25519
>  endif
>
> -ifneq ($(CONFIG_WOLFSSL_HAS_POLY1305),y)
> +ifneq ($(CONFIG_WOLFSSL_HAS_POLY_1305),y)
>  CONFIGURE_ARGS += \
> -       --enable-poly1305
> +       --disable-poly1305
>  endif
>
>  #ifneq ($(CONFIG_TARGET_x86),)
> diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in
> index 222cfb7f13..23b0c9c037 100644
> --- a/package/network/services/hostapd/Config.in
> +++ b/package/network/services/hostapd/Config.in
> @@ -71,11 +71,8 @@ config WPA_WOLFSSL
>         select WOLFSSL_HAS_AES_CCM
>         select WOLFSSL_HAS_AES_GCM
>         select WOLFSSL_HAS_ARC4
> -       select WOLFSSL_HAS_DES3
>         select WOLFSSL_HAS_DH
> -       select WOLFSSL_HAS_ECC
>         select WOLFSSL_HAS_OCSP
> -       select WOLFSSL_HAS_PSK
>         select WOLFSSL_HAS_SESSION_TICKET
>         select WOLFSSL_HAS_WPAS
>
> --
> 2.16.4
>
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/listinfo/openwrt-devel
>

On 18/06/18 09:06, Alexandru Ardelean wrote:
> On Mon, Jun 18, 2018 at 5:07 AM, Eneas U de Queiroz via openwrt-devel
> <openwrt-devel@lists.openwrt.org> wrote:
>> The sender domain has a DMARC Reject/Quarantine policy which disallows
>> sending mailing list messages using the original "From" header.
>>
>> To mitigate this problem, the original message has been wrapped
>> automatically by the mailing list software.
>>
> Let's have the discussion on Github on your PR
> https://github.com/openwrt/openwrt/pull/1069
>
> Thanks
> Alex

And please do not double post. Either use github or ML. I will close all 
your pending work inside patchwork as duplicate for now. please post 
anything missing on github.

     John

>> ---------- Forwarded message ----------
>> From: Eneas U de Queiroz <cote2004-github@yahoo.com>
>> To: openwrt-devel@lists.openwrt.org
>> Cc: Eneas U de Queiroz <cote2004-github@yahoo.com>
>> Bcc:
>> Date: Sun, 17 Jun 2018 23:05:58 -0300
>> Subject: [PATCH] wolfssl: reorganized build options
>> Removed options that can't be turned off because we're building
>> with --enable-stunnel, some of which affected hostpad's Config.in.
>> Adjusted the title of OCSP option, as OCSP itself can't be turned off,
>> only the stapling part is selectable.
>> Fixed poly1035 build.
>> Mark options turned on when wpad support is selected.
>> Add building with TLS v1.0 support as an option.
>>
>> Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
>>
>> PS: Is there any reason to split up chacha and poly1305 options?
>> I would merge them in to a single option, but haven't done this here.
>> ---
>>   package/libs/wolfssl/Config.in             | 17 ++++++---------
>>   package/libs/wolfssl/Makefile              | 33 ++++++++----------------------
>>   package/network/services/hostapd/Config.in |  3 ---
>>   3 files changed, 15 insertions(+), 38 deletions(-)
>>
>> diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
>> index 50b0bb9cdf..45750a5892 100644
>> --- a/package/libs/wolfssl/Config.in
>> +++ b/package/libs/wolfssl/Config.in
>> @@ -12,10 +12,6 @@ config WOLFSSL_HAS_CHACHA
>>          bool "Include ChaCha cipher suite support"
>>          default n
>>
>> -config WOLFSSL_HAS_ECC
>> -       bool "Include ECC (Elliptic Curve Cryptography) support"
>> -       default y
>> -
>>   config WOLFSSL_HAS_DH
>>          bool "Include DH (Diffie-Hellman) support"
>>          default y
>> @@ -24,12 +20,8 @@ config WOLFSSL_HAS_ARC4
>>          bool "Include ARC4 support"
>>          default y
>>
>> -config WOLFSSL_HAS_DES3
>> -       bool "Include DES3 (Tripple-DES) support"
>> -       default y
>> -
>> -config WOLFSSL_HAS_PSK
>> -       bool "Include PKS (Pre Share Key) support"
>> +config WOLFSSL_HAS_TLSV10
>> +       bool "Include TLS 1.0 support"
>>          default y
>>
>>   config WOLFSSL_HAS_SESSION_TICKET
>> @@ -41,11 +33,14 @@ config WOLFSSL_HAS_DTLS
>>          default n
>>
>>   config WOLFSSL_HAS_OCSP
>> -       bool "Include OSCP support"
>> +       bool "Include OSCP stapling support"
>>          default y
>>
>>   config WOLFSSL_HAS_WPAS
>>          bool "Include wpa_supplicant support"
>> +       select WOLFSSL_HAS_ARC4
>> +       select WOLFSSL_HAS_OCSP
>> +       select WOLFSSL_HAS_SESSION_TICKET
>>          default y
>>
>>   config WOLFSSL_HAS_ECC25519
>> diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
>> index e08b6f3929..6e121330f4 100644
>> --- a/package/libs/wolfssl/Makefile
>> +++ b/package/libs/wolfssl/Makefile
>> @@ -26,11 +26,10 @@ PKG_CPE_ID:=cpe:/a:yassl:cyassl
>>   PKG_CONFIG_DEPENDS:=\
>>          CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AES_GCM \
>>          CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA \
>> -       CONFIG_WOLFSSL_HAS_DES3 CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
>> -       CONFIG_WOLFSSL_HAS_ECC CONFIG_WOLFSSL_HAS_ECC25519 \
>> +       CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
>> +       CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_TLSV10 \
>>          CONFIG_WOLFSSL_HAS_OCSP CONFIG_WOLFSSL_HAS_POLY_1305 \
>> -       CONFIG_WOLFSSL_HAS_PSK CONFIG_WOLFSSL_HAS_SESSION_TICKET \
>> -       CONFIG_WOLFSSL_HAS_WPAS
>> +       CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_WPAS
>>
>>   include $(INCLUDE_DIR)/package.mk
>>
>> @@ -85,15 +84,9 @@ CONFIGURE_ARGS += \
>>          --disable-chacha
>>   endif
>>
>> -ifeq ($(CONFIG_WOLFSSL_HAS_ECC),y)
>> +ifneq ($(CONFIG_WOLFSSL_HAS_DH),y)
>>   CONFIGURE_ARGS += \
>> -       --enable-ecc \
>> -       --enable-supportedcurves
>> -endif
>> -
>> -ifeq ($(CONFIG_WOLFSSL_HAS_DH),y)
>> -CONFIGURE_ARGS += \
>> -       --enable-dh
>> +       --disable-dh
>>   endif
>>
>>   ifneq ($(CONFIG_WOLFSSL_HAS_ARC4),y)
>> @@ -104,17 +97,9 @@ CONFIGURE_ARGS += \
>>          --enable-arc4
>>   endif
>>
>> -ifneq ($(CONFIG_WOLFSSL_HAS_DES3),y)
>> -CONFIGURE_ARGS += \
>> -       --disable-des3
>> -else
>> -CONFIGURE_ARGS += \
>> -       --enable-des3
>> -endif
>> -
>> -ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y)
>> +ifeq ($(CONFIG_WOLFSSL_HAS_TLSV10),y)
>>   CONFIGURE_ARGS += \
>> -       --enable-psk
>> +       --enable-tlsv10
>>   endif
>>
>>   ifeq ($(CONFIG_WOLFSSL_HAS_SESSION_TICKET),y)
>> @@ -142,9 +127,9 @@ CONFIGURE_ARGS += \
>>          --enable-curve25519
>>   endif
>>
>> -ifneq ($(CONFIG_WOLFSSL_HAS_POLY1305),y)
>> +ifneq ($(CONFIG_WOLFSSL_HAS_POLY_1305),y)
>>   CONFIGURE_ARGS += \
>> -       --enable-poly1305
>> +       --disable-poly1305
>>   endif
>>
>>   #ifneq ($(CONFIG_TARGET_x86),)
>> diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in
>> index 222cfb7f13..23b0c9c037 100644
>> --- a/package/network/services/hostapd/Config.in
>> +++ b/package/network/services/hostapd/Config.in
>> @@ -71,11 +71,8 @@ config WPA_WOLFSSL
>>          select WOLFSSL_HAS_AES_CCM
>>          select WOLFSSL_HAS_AES_GCM
>>          select WOLFSSL_HAS_ARC4
>> -       select WOLFSSL_HAS_DES3
>>          select WOLFSSL_HAS_DH
>> -       select WOLFSSL_HAS_ECC
>>          select WOLFSSL_HAS_OCSP
>> -       select WOLFSSL_HAS_PSK
>>          select WOLFSSL_HAS_SESSION_TICKET
>>          select WOLFSSL_HAS_WPAS
>>
>> --
>> 2.16.4
>>
>>
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/listinfo/openwrt-devel
>>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/listinfo/openwrt-devel