lede/package/libs/wolfssl/Config.in

menu "wolfSSL Library Configuration"

config WOLFSSL_HAS_AES_CCM
	bool "Include AES-CCM support"
	default y

config WOLFSSL_HAS_CHACHA_POLY
	bool "Include ChaCha20-Poly1305 cipher suite support"
	default y

config WOLFSSL_HAS_DH
	bool "Include DH (Diffie-Hellman) support"
	default y

config WOLFSSL_HAS_ARC4
	bool "Include ARC4 support"
	default y

config WOLFSSL_HAS_CERTGEN
	bool "Include certificate generation support"
	default y

config WOLFSSL_HAS_TLSV10
	bool "Include TLS 1.0 support"
	default y

config WOLFSSL_HAS_TLSV13
	bool "Include TLS 1.3 support"
	default y

config WOLFSSL_HAS_SESSION_TICKET
	bool "Include session ticket support"
	default y

config WOLFSSL_HAS_DTLS
	bool "Include DTLS support"
	default n

config WOLFSSL_HAS_OCSP
	bool "Include OSCP stapling support"
	default y

config WOLFSSL_HAS_WPAS
	bool "Include wpa_supplicant support"
	select WOLFSSL_HAS_ARC4
	select WOLFSSL_HAS_DH
	select WOLFSSL_HAS_OCSP
	select WOLFSSL_HAS_SESSION_TICKET
	default y

config WOLFSSL_HAS_ECC25519
	bool "Include ECC Curve 25519 support"
	default y

config WOLFSSL_HAS_ECC448
	bool "Include ECC Curve 448 support"

config WOLFSSL_HAS_OPENVPN
	bool "Include OpenVPN support"
	default y

config WOLFSSL_ALT_NAMES
	bool "Include SAN (Subject Alternative Name) support"
	default y

config WOLFSSL_HAS_DEVCRYPTO
	bool

if PACKAGE_libwolfssl
	if PACKAGE_libwolfsslcpu-crypto
		comment "Hardware Acceleration does not apply to libwolfsslcpu-crypto"
	endif
	choice
		prompt "Hardware Acceleration"
		default WOLFSSL_HAS_NO_HW

		config WOLFSSL_HAS_NO_HW
			bool "None"

		config WOLFSSL_HAS_AFALG
			bool "AF_ALG"

		config WOLFSSL_HAS_DEVCRYPTO_CBC
			bool "/dev/crypto - AES-CBC-only"
			select WOLFSSL_HAS_DEVCRYPTO

		config WOLFSSL_HAS_DEVCRYPTO_AES
			bool "/dev/crypto - AES-only (all supported modes)"
			select WOLFSSL_HAS_DEVCRYPTO

		config WOLFSSL_HAS_DEVCRYPTO_FULL
			bool "/dev/crypto - full"
			select WOLFSSL_HAS_DEVCRYPTO
	endchoice
endif
endmenu
wolfssl: add libwolfssl-cpu-crypto package libwolfssl-cpu-crypto is a variant of libwolfssl with support for cryptographic CPU instructions on x86_64 and aarch64. On aarch64, wolfSSL does not perform run-time detection, so the library will crash when the AES functions are called. A preinst script attempts to check for support by querying /proc/cpuinfo, if installed in a running system. When building an image, the script will check the DISTRIB_TARGET value in /etc/openwrt_release, and will abort installation if target is bcm27xx. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2022-08-07 21:56:50 -03:00			`menu "wolfSSL Library Configuration"`
update source 2017-09-06 19:19:45 +08:00
update to R7.5.4 2018-01-15 18:26:41 +08:00			`config WOLFSSL_HAS_AES_CCM`
update source 2017-09-06 19:19:45 +08:00			`bool "Include AES-CCM support"`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
update source 2017-09-06 19:19:45 +08:00
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`config WOLFSSL_HAS_CHACHA_POLY`
			`bool "Include ChaCha20-Poly1305 cipher suite support"`
update source 2017-09-06 19:19:45 +08:00			`default y`

update to R7.5.4 2018-01-15 18:26:41 +08:00			`config WOLFSSL_HAS_DH`
update source 2017-09-06 19:19:45 +08:00			`bool "Include DH (Diffie-Hellman) support"`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
update source 2017-09-06 19:19:45 +08:00
update to R7.5.4 2018-01-15 18:26:41 +08:00			`config WOLFSSL_HAS_ARC4`
update source 2017-09-06 19:19:45 +08:00			`bool "Include ARC4 support"`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
update source 2017-09-06 19:19:45 +08:00
add kernel 5.10 support and sync with upstream 2021-06-14 18:30:08 +08:00			`config WOLFSSL_HAS_CERTGEN`
			`bool "Include certificate generation support"`
			`default y`

Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`config WOLFSSL_HAS_TLSV10`
			`bool "Include TLS 1.0 support"`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
update source 2017-09-06 19:19:45 +08:00
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`config WOLFSSL_HAS_TLSV13`
			`bool "Include TLS 1.3 support"`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
update source 2017-09-06 19:19:45 +08:00
sync with OpenWrt v18.06.1 stable new R8.1 version 2018-08-23 17:40:23 +08:00			`config WOLFSSL_HAS_SESSION_TICKET`
			`bool "Include session ticket support"`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
sync with OpenWrt v18.06.1 stable new R8.1 version 2018-08-23 17:40:23 +08:00
update to R7.5.4 2018-01-15 18:26:41 +08:00			`config WOLFSSL_HAS_DTLS`
update source 2017-09-06 19:19:45 +08:00			`bool "Include DTLS support"`
			`default n`

sync with OpenWrt v18.06.1 stable new R8.1 version 2018-08-23 17:40:23 +08:00			`config WOLFSSL_HAS_OCSP`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`bool "Include OSCP stapling support"`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
sync with OpenWrt v18.06.1 stable new R8.1 version 2018-08-23 17:40:23 +08:00
			`config WOLFSSL_HAS_WPAS`
			`bool "Include wpa_supplicant support"`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`select WOLFSSL_HAS_ARC4`
wolfssl: WOLFSSL_HAS_WPAS requires WOLFSSL_HAS_DH (#9735) Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is enabled, resulting in an "Anonymous suite requires DH" error when trying to compile wolfssl. Signed-off-by: Pascal Ernster <git@hardfalcon.net> Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Co-authored-by: Pascal Ernster <git@hardfalcon.net> 2022-07-11 00:56:13 +08:00			`select WOLFSSL_HAS_DH`
Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`select WOLFSSL_HAS_OCSP`
			`select WOLFSSL_HAS_SESSION_TICKET`
sync with OpenWrt trunk 2018-09-07 13:43:55 +08:00			`default y`
sync with OpenWrt v18.06.1 stable new R8.1 version 2018-08-23 17:40:23 +08:00
update to R7.5.4 2018-01-15 18:26:41 +08:00			`config WOLFSSL_HAS_ECC25519`
add kernel 5.10 support and sync with upstream 2021-06-14 18:30:08 +08:00			`bool "Include ECC Curve 25519 support"`
wolfssl: enable ECC Curve 25519 by default Signed-off-by: Stan Grishin <stangri@melmac.net> 2021-10-07 20:15:25 +00:00			`default y`
add kernel 5.10 support and sync with upstream 2021-06-14 18:30:08 +08:00
wolfssl: add config flag for Curve448 (#9698) This enables building WolfSSL with Curve448, which can be used by Strongswan. This has been tested on a Linksys E8450, running OpenWrt 22.03-rc4. This allows parity with OpenSSL, which already supports Curve448 in OpenWrt 21.02. Fixes openwrt/packages#18812. Signed-off-by: Joel Low <joel@joelsplace.sg> Co-authored-by: Joel Low <joel@joelsplace.sg> 2022-07-06 02:36:59 +08:00			`config WOLFSSL_HAS_ECC448`
			`bool "Include ECC Curve 448 support"`

add kernel 5.10 support and sync with upstream 2021-06-14 18:30:08 +08:00			`config WOLFSSL_HAS_OPENVPN`
			`bool "Include OpenVPN support"`
wolfssl: sync upstream (#9496) * wolfssl: don't change ABI because of hw crypto Enabling different hardware crypto acceleration should not change the library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash has been computed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> * wolfssl: add benchmark utility This packages the wolfssl benchmark utility. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> * wolfssl: enable CPU crypto instructions This enables AES & SHA CPU instructions for compatible armv8, and x86_64 architectures. Add this to the hardware acceleration choice, since they can't be enabled at the same time. The package was marked non-shared, since the arm CPUs may or may not have crypto extensions enabled based on licensing; bcm27xx does not enable them. There is no run-time detection of this for arm. NOTE: Should this be backported to a release branch, it must be done shortly before a new minor release, because the change to nonshared will remove libwolfssl from the shared packages, but the nonshared are only built in a subsequent release! Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> * wolfssl: set nonshared flag global libwolfssl-benchmark should NOT be compiled as nonshared but currently there is a bug where, on buildbot stage2, the package is recompiled to build libwolfssl-benchmark and the dependency change to the new libwolfssl version. Each dependant package will now depend on the new wolfssl package instead of the one previously on stage1 that has a different package HASH. Set the nonshared PKGFLAGS global while this gets investigated and eventually fixed. Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions") Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> * Revert "wolfssl: set nonshared flag global" This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503. A better and correct solution was found. Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> * wolfssl: make WOLFSSL_HAS_OPENVPN default to y Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build the now non-shared package, openvpn will not be selected, and WolfSSL will be built without it. Then phase2 bots have CONFIG_ALL=y, which will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This changes the version hash, causing dependency failures, as shared packages expect the phase2 hash. Fixes: #9738 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Co-authored-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> 2022-06-19 02:08:50 +08:00			`default y`
update source 2017-09-06 19:19:45 +08:00
wolfssl: update to 5.1.1-stable (#8817) * libs/wolfssl: add SAN (Subject Alternative Name) support x509v3 SAN extension is required to generate a certificate compatible with chromium-based web browsers (version >58) It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> * wolfssl: update to 5.1.1-stable Bump from 4.8.1-stable to 5.1.1-stable Detailed release notes: https://github.com/wolfSSL/wolfssl/releases Upstreamed patches: 001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch - https://github.com/wolfSSL/wolfssl/commit/fa8f23284d4689c2a737204b337b58d966dcbd8c 002-Update-macro-guard-on-SHA256-transform-call.patch - https://github.com/wolfSSL/wolfssl/commit/f447e4c1fa4c932c0286fa0331966756e243db81 Refreshed patches: 100-disable-hardening-check.patch 200-ecc-rng.patch CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains configure option The size of the ipk changed on aarch64 like this: 491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk 520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk Tested-by: Alozxy <alozxy@users.noreply.github.com> Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> Co-authored-by: Sergey V. Lobanov <sergey@lobanov.in> 2022-02-04 10:52:39 +08:00			`config WOLFSSL_ALT_NAMES`
			`bool "Include SAN (Subject Alternative Name) support"`
			`default y`

Sync to snapshot kernel 5.4 version 2020-07-02 23:30:56 +08:00			`config WOLFSSL_HAS_DEVCRYPTO`
			`bool`

wolfssl: add libwolfssl-cpu-crypto package libwolfssl-cpu-crypto is a variant of libwolfssl with support for cryptographic CPU instructions on x86_64 and aarch64. On aarch64, wolfSSL does not perform run-time detection, so the library will crash when the AES functions are called. A preinst script attempts to check for support by querying /proc/cpuinfo, if installed in a running system. When building an image, the script will check the DISTRIB_TARGET value in /etc/openwrt_release, and will abort installation if target is bcm27xx. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2022-08-07 21:56:50 -03:00			`if PACKAGE_libwolfssl`
wolfssl: prefer regular libwolfssl over cpu-crypto Rename libwolfssl-cpu-crypto to libwolfsslcpu-crypto so that the regular libwolfssl version comes first when running: opkg install libwolfssl Normally, if the package name matches the opkg parameter, that package is preferred. However, for libraries, the ABI version string is appended to the package official name, and the short name won't match. Failing a name match, the candidate packages are sorted in alphabetical order, and a dash will come before any number. So in order to prefer the original library, the dash should be removed from the alternative library. Fixes: c3e7d86d2b (wolfssl: add libwolfssl-cpu-crypto package) Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2022-09-23 08:43:59 -03:00			`if PACKAGE_libwolfsslcpu-crypto`
			`comment "Hardware Acceleration does not apply to libwolfsslcpu-crypto"`
wolfssl: add libwolfssl-cpu-crypto package libwolfssl-cpu-crypto is a variant of libwolfssl with support for cryptographic CPU instructions on x86_64 and aarch64. On aarch64, wolfSSL does not perform run-time detection, so the library will crash when the AES functions are called. A preinst script attempts to check for support by querying /proc/cpuinfo, if installed in a running system. When building an image, the script will check the DISTRIB_TARGET value in /etc/openwrt_release, and will abort installation if target is bcm27xx. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2022-08-07 21:56:50 -03:00			`endif`
			`choice`
			`prompt "Hardware Acceleration"`
			`default WOLFSSL_HAS_NO_HW`

			`config WOLFSSL_HAS_NO_HW`
			`bool "None"`

			`config WOLFSSL_HAS_AFALG`
			`bool "AF_ALG"`

			`config WOLFSSL_HAS_DEVCRYPTO_CBC`
package: Update realtek ethernet driver (#10516) * wolfssl: fix Config.in typo Fix simple typo `/crytpo/crypto/` in a description string Signed-off-by: Tony Butler <spudz76@gmail.com> * r8101: Update to 1.038.02 Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> * r8152: Update to 2.16.3.20220914 Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> * r8168: Update to 8.051.02 Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Signed-off-by: Tony Butler <spudz76@gmail.com> Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Co-authored-by: Tony Butler <spudz76@gmail.com> Co-authored-by: Tianling Shen <cnsztl@immortalwrt.org> 2022-11-28 16:24:07 +08:00			`bool "/dev/crypto - AES-CBC-only"`
wolfssl: add libwolfssl-cpu-crypto package libwolfssl-cpu-crypto is a variant of libwolfssl with support for cryptographic CPU instructions on x86_64 and aarch64. On aarch64, wolfSSL does not perform run-time detection, so the library will crash when the AES functions are called. A preinst script attempts to check for support by querying /proc/cpuinfo, if installed in a running system. When building an image, the script will check the DISTRIB_TARGET value in /etc/openwrt_release, and will abort installation if target is bcm27xx. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2022-08-07 21:56:50 -03:00			`select WOLFSSL_HAS_DEVCRYPTO`

			`config WOLFSSL_HAS_DEVCRYPTO_AES`
			`bool "/dev/crypto - AES-only (all supported modes)"`
			`select WOLFSSL_HAS_DEVCRYPTO`

			`config WOLFSSL_HAS_DEVCRYPTO_FULL`
			`bool "/dev/crypto - full"`
			`select WOLFSSL_HAS_DEVCRYPTO`
			`endchoice`
update source 2017-09-06 19:19:45 +08:00			`endif`
wolfssl: add libwolfssl-cpu-crypto package libwolfssl-cpu-crypto is a variant of libwolfssl with support for cryptographic CPU instructions on x86_64 and aarch64. On aarch64, wolfSSL does not perform run-time detection, so the library will crash when the AES functions are called. A preinst script attempts to check for support by querying /proc/cpuinfo, if installed in a running system. When building an image, the script will check the DISTRIB_TARGET value in /etc/openwrt_release, and will abort installation if target is bcm27xx. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> 2022-08-07 21:56:50 -03:00			`endmenu`