domenico/openwrt-kernel5.4-nss-qsdk10.0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
domenico
2025-06-24 13:14:22 +02:00
commit 4002f145fc
9002 changed files with 1731834 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
package/libs/wolfssl/Config.in Normal file
View File

@@ -0,0 +1,84 @@
if PACKAGE_libwolfssl
config WOLFSSL_HAS_AES_CCM
bool "Include AES-CCM support"
default y
config WOLFSSL_HAS_CHACHA_POLY
bool "Include ChaCha20-Poly1305 cipher suite support"
default y
config WOLFSSL_HAS_DH
bool "Include DH (Diffie-Hellman) support"
default y
config WOLFSSL_HAS_ARC4
bool "Include ARC4 support"
default y
config WOLFSSL_HAS_CERTGEN
bool "Include certificate generation support"
default y
config WOLFSSL_HAS_TLSV10
bool "Include TLS 1.0 support"
default y
config WOLFSSL_HAS_TLSV13
bool "Include TLS 1.3 support"
default y
config WOLFSSL_HAS_SESSION_TICKET
bool "Include session ticket support"
default y
config WOLFSSL_HAS_DTLS
bool "Include DTLS support"
default n
config WOLFSSL_HAS_OCSP
bool "Include OSCP stapling support"
default y
config WOLFSSL_HAS_WPAS
bool "Include wpa_supplicant support"
select WOLFSSL_HAS_ARC4
select WOLFSSL_HAS_OCSP
select WOLFSSL_HAS_SESSION_TICKET
default y
config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 25519 support"
default n
config WOLFSSL_HAS_OPENVPN
bool "Include OpenVPN support"
default n
config WOLFSSL_HAS_DEVCRYPTO
bool
choice
prompt "Hardware Acceleration"
default WOLFSSL_HAS_NO_HW
config WOLFSSL_HAS_NO_HW
bool "None"
config WOLFSSL_HAS_AFALG
bool "AF_ALG"
config WOLFSSL_HAS_DEVCRYPTO_CBC
bool "/dev/crytpo - AES-CBC-only"
select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_AES
bool "/dev/crypto - AES-only (all supported modes)"
select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_FULL
bool "/dev/crypto - full"
select WOLFSSL_HAS_DEVCRYPTO
endchoice
endif

127
package/libs/wolfssl/Makefile Normal file
View File

@@ -0,0 +1,127 @@
#
# Copyright (C) 2006-2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
PKG_VERSION:=4.8.1-stable
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
PKG_HASH:=50db45f348f47e00c93dd244c24108220120cb3cc9d01434789229c32937c444
PKG_FIXUP:=libtool libtool-abiver
PKG_INSTALL:=1
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=LICENSING COPYING
PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
PKG_CONFIG_DEPENDS:=\
CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \
CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \
CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
CONFIG_WOLFSSL_HAS_OPENVPN
PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
include $(INCLUDE_DIR)/package.mk
define Package/libwolfssl
SECTION:=libs
SUBMENU:=SSL
CATEGORY:=Libraries
TITLE:=wolfSSL library
URL:=http://www.wolfssl.com/
MENU:=1
PROVIDES:=libcyassl
DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user
ABI_VERSION:=$(PKG_ABI_VERSION)
endef
define Package/libwolfssl/description
wolfSSL (formerly CyaSSL) is an SSL library optimized for small
footprint, both on disk and for memory use.
endef
define Package/libwolfssl/config
source "$(SOURCE)/Config.in"
endef
TARGET_CFLAGS += \
$(FPIC) \
-fomit-frame-pointer \
-flto \
-DFP_MAX_BITS=8192 \
-DWOLFSSL_ALT_CERT_CHAINS
TARGET_LDFLAGS += -flto
# --enable-stunnel needed for OpenSSL API compatibility bits
CONFIGURE_ARGS += \
--enable-reproducible-build \
--enable-lighty \
--enable-opensslall \
--enable-opensslextra \
--enable-sni \
--enable-stunnel \
--disable-crypttests \
--disable-examples \
--disable-jobserver \
--$(if $(CONFIG_IPV6),enable,disable)-ipv6 \
--$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \
--$(if $(CONFIG_WOLFSSL_HAS_CERTGEN),enable,disable)-certgen \
--$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \
--$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \
--$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \
--$(if $(CONFIG_WOLFSSL_HAS_ARC4),enable,disable)-arc4 \
--$(if $(CONFIG_WOLFSSL_HAS_TLSV10),enable,disable)-tlsv10 \
--$(if $(CONFIG_WOLFSSL_HAS_TLSV13),enable,disable)-tls13 \
--$(if $(CONFIG_WOLFSSL_HAS_SESSION_TICKET),enable,disable)-session-ticket \
--$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
--$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
--$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
--$(if $(CONFIG_WOLFSSL_HAS_OPENVPN),enable,disable)-openvpn \
--enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
CONFIGURE_ARGS += \
--enable-ocsp --enable-ocspstapling --enable-ocspstapling2
endif
ifeq ($(CONFIG_WOLFSSL_HAS_WPAS),y)
CONFIGURE_ARGS += \
--enable-wpas --enable-fortress --enable-fastmath
endif
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.{so*,la} $(1)/usr/lib/
ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so
ln -s libwolfssl.la $(1)/usr/lib/libcyassl.la
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig
endef
define Package/libwolfssl/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so.* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libwolfssl))

116
package/libs/wolfssl/patches/001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch Normal file
View File

@@ -0,0 +1,116 @@
From fa8f23284d4689c2a737204b337b58d966dcbd8c Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 20 Aug 2021 10:23:38 +1000
Subject: [PATCH] Maths x86 asm: change asm snippets to get compiling
TFM:
Use register or memory for c0, c1, c2 in SQRADD and SQRADD2.
SP:
Use register or memory for vl, vh, vo in SP_ASM_MUL_ADD,
SP_ASM_MUL_ADD2 and SP_ASM_SQR_ADD.
---
wolfcrypt/src/asm.c | 29 ++++++++++++++++++++---------
wolfcrypt/src/sp_int.c | 6 +++---
2 files changed, 23 insertions(+), 12 deletions(-)
--- a/wolfcrypt/src/asm.c
+++ b/wolfcrypt/src/asm.c
@@ -698,33 +698,39 @@ __asm__( \
#define SQRADD(i, j) \
__asm__( \
- "movl %6,%%eax \n\t" \
+ "movl %3,%%eax \n\t" \
"mull %%eax \n\t" \
"addl %%eax,%0 \n\t" \
"adcl %%edx,%1 \n\t" \
"adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","cc");
+ :"+rm"(c0), "+rm"(c1), "+rm"(c2) \
+ : "m"(i) \
+ :"%eax","%edx","cc");
#define SQRADD2(i, j) \
__asm__( \
- "movl %6,%%eax \n\t" \
- "mull %7 \n\t" \
+ "movl %3,%%eax \n\t" \
+ "mull %4 \n\t" \
"addl %%eax,%0 \n\t" \
"adcl %%edx,%1 \n\t" \
"adcl $0,%2 \n\t" \
"addl %%eax,%0 \n\t" \
"adcl %%edx,%1 \n\t" \
"adcl $0,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j) :"%eax","%edx", "cc");
+ :"+rm"(c0), "+rm"(c1), "+rm"(c2) \
+ : "m"(i), "m"(j) \
+ :"%eax","%edx", "cc");
#define SQRADDSC(i, j) \
-__asm__( \
+__asm__( \
"movl %3,%%eax \n\t" \
"mull %4 \n\t" \
"movl %%eax,%0 \n\t" \
"movl %%edx,%1 \n\t" \
"xorl %2,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%eax","%edx","cc");
+ :"=r"(sc0), "=r"(sc1), "=r"(sc2) \
+ : "g"(i), "g"(j) \
+ :"%eax","%edx","cc");
#define SQRADDAC(i, j) \
__asm__( \
@@ -733,7 +739,9 @@ __asm__(
"addl %%eax,%0 \n\t" \
"adcl %%edx,%1 \n\t" \
"adcl $0,%2 \n\t" \
- :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","cc");
+ :"=r"(sc0), "=r"(sc1), "=r"(sc2) \
+ : "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) \
+ :"%eax","%edx","cc");
#define SQRADDDB \
__asm__( \
@@ -743,7 +751,10 @@ __asm__(
"addl %6,%0 \n\t" \
"adcl %7,%1 \n\t" \
"adcl %8,%2 \n\t" \
- :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");
+ :"=r"(c0), "=r"(c1), "=r"(c2) \
+ : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), \
+ "r"(sc2) \
+ : "cc");
#elif defined(TFM_X86_64)
/* x86-64 optimized */
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -476,7 +476,7 @@ static WC_INLINE sp_int_digit sp_div_wor
"addl %%eax, %[l] \n\t" \
"adcl %%edx, %[h] \n\t" \
"adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
+ : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
: [a] "r" (va), [b] "r" (vb) \
: "eax", "edx", "cc" \
)
@@ -502,7 +502,7 @@ static WC_INLINE sp_int_digit sp_div_wor
"addl %%eax, %[l] \n\t" \
"adcl %%edx, %[h] \n\t" \
"adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
+ : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
: [a] "r" (va), [b] "r" (vb) \
: "eax", "edx", "cc" \
)
@@ -541,7 +541,7 @@ static WC_INLINE sp_int_digit sp_div_wor
"addl %%eax, %[l] \n\t" \
"adcl %%edx, %[h] \n\t" \
"adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
+ : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
: [a] "m" (va) \
: "eax", "edx", "cc" \
)

11
package/libs/wolfssl/patches/100-disable-hardening-check.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2274,7 +2274,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */
-#ifndef WC_NO_HARDEN
+#if 0
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \

50
package/libs/wolfssl/patches/200-ecc-rng.patch Normal file
View File

@@ -0,0 +1,50 @@
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
mult when timing resistant") wolfssl requires a RNG for an EC
key when the hardened built option is selected.
wc_ecc_set_rng is only available when built hardened, so there
is no safe way to install the RNG to the key regardless whether
or not wolfssl is compiled hardened.
Always export wc_ecc_set_rng so tools such as hostapd can install
RNG regardless of the built settings for wolfssl.
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -10938,21 +10938,21 @@ void wc_ecc_fp_free(void)
#endif /* FP_ECC */
-#ifdef ECC_TIMING_RESISTANT
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
{
int err = 0;
+#ifdef ECC_TIMING_RESISTANT
if (key == NULL) {
err = BAD_FUNC_ARG;
}
else {
key->rng = rng;
}
+#endif
return err;
}
-#endif
#ifdef HAVE_ECC_ENCRYPT
--- a/wolfssl/wolfcrypt/ecc.h
+++ b/wolfssl/wolfcrypt/ecc.h
@@ -616,10 +616,8 @@ WOLFSSL_API
void wc_ecc_fp_free(void);
WOLFSSL_LOCAL
void wc_ecc_fp_init(void);
-#ifdef ECC_TIMING_RESISTANT
WOLFSSL_API
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
-#endif
WOLFSSL_API
int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);