wolfssl: sync upstream (#9496)

* wolfssl: don't change ABI because of hw crypto Enabling different hardware crypto acceleration should not change the library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash has been computed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> * wolfssl: add benchmark utility This packages the wolfssl benchmark utility. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> * wolfssl: enable CPU crypto instructions This enables AES & SHA CPU instructions for compatible armv8, and x86_64 architectures. Add this to the hardware acceleration choice, since they can't be enabled at the same time. The package was marked non-shared, since the arm CPUs may or may not have crypto extensions enabled based on licensing; bcm27xx does not enable them. There is no run-time detection of this for arm. NOTE: Should this be backported to a release branch, it must be done shortly before a new minor release, because the change to nonshared will remove libwolfssl from the shared packages, but the nonshared are only built in a subsequent release! Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> * wolfssl: set nonshared flag global libwolfssl-benchmark should NOT be compiled as nonshared but currently there is a bug where, on buildbot stage2, the package is recompiled to build libwolfssl-benchmark and the dependency change to the new libwolfssl version. Each dependant package will now depend on the new wolfssl package instead of the one previously on stage1 that has a different package HASH. Set the nonshared PKGFLAGS global while this gets investigated and eventually fixed. Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions") Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> * Revert "wolfssl: set nonshared flag global" This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503. A better and correct solution was found. Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com> * wolfssl: make WOLFSSL_HAS_OPENVPN default to y Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build the now non-shared package, openvpn will not be selected, and WolfSSL will be built without it. Then phase2 bots have CONFIG_ALL=y, which will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This changes the version hash, causing dependency failures, as shared packages expect the phase2 hash. Fixes: #9738 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Co-authored-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2025-04-16 04:13:31 +00:00 · 2022-06-19 02:08:50 +08:00 · 2022-06-19 02:08:50 +08:00 · e77c602db5
commit e77c602db5
parent 0938576424
2 changed files with 38 additions and 16 deletions
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@ -53,7 +53,7 @@ config WOLFSSL_HAS_ECC25519
 config WOLFSSL_HAS_OPENVPN
 	bool "Include OpenVPN support"
-	default n
+	default y
 config WOLFSSL_ALT_NAMES
 	bool "Include SAN (Subject Alternative Name) support"
@ -62,13 +62,25 @@ config WOLFSSL_ALT_NAMES
 config WOLFSSL_HAS_DEVCRYPTO
 	bool
 config WOLFSSL_ASM_CAPABLE
 	bool
 	default x86_64 || (aarch64 && !TARGET_bcm27xx)
 choice
 	prompt "Hardware Acceleration"
 	default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE
 	default WOLFSSL_HAS_NO_HW
 	config WOLFSSL_HAS_NO_HW
 		bool "None"
 	config WOLFSSL_HAS_CPU_CRYPTO
 		bool "Use CPU crypto instructions"
 		depends on WOLFSSL_ASM_CAPABLE
 		help
 		This will use Intel AESNI insturctions or armv8 Crypto Extensions.
 		Either of them should easily outperform hardware crypto in WolfSSL.
 	config WOLFSSL_HAS_AFALG
 		bool "AF_ALG"
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@ -25,16 +25,28 @@ PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com>
 PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl
 PKG_CONFIG_DEPENDS:=\
-	CONFIG_WOLFSSL_HAS_AES_CCM CONFIG_WOLFSSL_HAS_AFALG \
+	CONFIG_WOLFSSL_HAS_AES_CCM \
-	CONFIG_WOLFSSL_HAS_ARC4 CONFIG_WOLFSSL_HAS_CHACHA_POLY \
+	CONFIG_WOLFSSL_HAS_ARC4 \
-	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL \
+	CONFIG_WOLFSSL_HAS_CERTGEN \
-	CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
+	CONFIG_WOLFSSL_HAS_CHACHA_POLY \
-	CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
+	CONFIG_WOLFSSL_HAS_DH \
-	CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
+	CONFIG_WOLFSSL_HAS_DTLS \
-	CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
+	CONFIG_WOLFSSL_HAS_ECC25519 \
-	CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES
+	CONFIG_WOLFSSL_HAS_OCSP \
 	CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \
 	CONFIG_WOLFSSL_HAS_SESSION_TICKET \
 	CONFIG_WOLFSSL_HAS_TLSV10 \
 	CONFIG_WOLFSSL_HAS_TLSV13 \
 	CONFIG_WOLFSSL_HAS_WPAS
-PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
+PKG_ABI_VERSION:=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
 PKG_CONFIG_DEPENDS+=\
 	CONFIG_WOLFSSL_HAS_AFALG \
 	CONFIG_WOLFSSL_HAS_CPU_CRYPTO \
 	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
 	CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \
 	CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL
 include $(INCLUDE_DIR)/package.mk
@ -123,15 +135,13 @@ CONFIGURE_ARGS += \
 	--enable-wpas --enable-fortress --enable-fastmath
 endif
-WOLFSSL_AARCH64_NO_CRYPTO = \
+ifdef CONFIG_WOLFSSL_HAS_CPU_CRYPTO
-	$(CONFIG_TARGET_bcm27xx)
+    ifdef CONFIG_aarch64
 ifneq ($(CONFIG_aarch64),$(strip $(WOLFSSL_AARCH64_NO_CRYPTO)))
 	CONFIGURE_ARGS += --enable-armasm
 	TARGET_CFLAGS:=$(TARGET_CFLAGS:-mcpu%=-mcpu%+crypto)
-	STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_armasm
+    else ifdef CONFIG_TARGET_x86_64
 else ifeq ($(CONFIG_TARGET_x86_64),y)
 	CONFIGURE_ARGS += --enable-intelasm
    endif
 endif
 define Build/InstallDev