config WOLFSSL_HAS_DEVCRYPTO
bool
-if WOLFSSL_HAS_AES_CCM
- comment "! Hardware Acceleration does not build with AES-CCM enabled"
-endif
-if !WOLFSSL_HAS_AES_CCM
- choice
- prompt "Hardware Acceleration"
- default WOLFSSL_HAS_NO_HW
+choice
+ prompt "Hardware Acceleration"
+ default WOLFSSL_HAS_NO_HW
- config WOLFSSL_HAS_NO_HW
- bool "None"
+ config WOLFSSL_HAS_NO_HW
+ bool "None"
- config WOLFSSL_HAS_AFALG
- bool "AF_ALG"
+ config WOLFSSL_HAS_AFALG
+ bool "AF_ALG"
- config WOLFSSL_HAS_DEVCRYPTO_AES
- bool "/dev/crypto - AES-only"
- select WOLFSSL_HAS_DEVCRYPTO
+ config WOLFSSL_HAS_DEVCRYPTO_CBC
+ bool "/dev/crytpo - AES-CBC-only"
+ select WOLFSSL_HAS_DEVCRYPTO
- config WOLFSSL_HAS_DEVCRYPTO_FULL
- bool "/dev/crypto - full"
- select WOLFSSL_HAS_DEVCRYPTO
- endchoice
-endif
+ config WOLFSSL_HAS_DEVCRYPTO_AES
+ bool "/dev/crypto - AES-only (all supported modes)"
+ select WOLFSSL_HAS_DEVCRYPTO
+
+ config WOLFSSL_HAS_DEVCRYPTO_FULL
+ bool "/dev/crypto - full"
+ select WOLFSSL_HAS_DEVCRYPTO
+endchoice
endif
PKG_NAME:=wolfssl
PKG_VERSION:=4.1.0-stable
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
--$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \
--$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \
--$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \
- --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no))
+ --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\
+ ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\
+ ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no)))
ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
CONFIGURE_ARGS += \
--- /dev/null
+From e8e1d35744c68b165e172a687e870a549438bdf0 Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Tue, 13 Aug 2019 14:12:45 -0600
+Subject: [PATCH] build with devcrypto and aesccm
+
+
+diff --git a/configure.ac b/configure.ac
+index f943cc6ef..cf03e7f52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1096,6 +1096,10 @@ then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
++ if test "$ENABLED_AESCCM" = "yes"
++ then
++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++ fi
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
+ ENABLED_DEVCRYPTO=yes
+@@ -1106,6 +1110,10 @@ then
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
++ if test "$ENABLED_AESCCM" = "yes"
++ then
++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++ fi
+ ENABLED_DEVCRYPTO=yes
+ fi
+ if test "$ENABLED_DEVCRYPTO" = "cbc"
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index beeae72a6..b583d03e9 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -760,6 +760,14 @@
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+ /* if all AES is enabled with devcrypto then tables are not needed */
+
++ #if defined(HAVE_AESCCM)
++ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
++ {
++ wc_AesEncryptDirect(aes, outBlock, inBlock);
++ return 0;
++ }
++ #endif
++
+ #else
+
+ /* using wolfCrypt software implementation */
+@@ -1314,7 +1322,8 @@ static const word32 Td[4][256] = {
+ };
+
+
+-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \
++ || defined(WOLFSSL_AES_DIRECT)
+ static const byte Td4[256] =
+ {
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+index 5c63421e2..d5061f364 100644
+--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
++++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+@@ -168,7 +168,7 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
+ #endif
+
+
+-#if defined(WOLFSSL_AES_DIRECT)
++#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
+ void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+ {
+ wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);
--- /dev/null
+From 9fd38dc340c38dee6e5935da174f90270a63bfbf Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Fri, 30 Aug 2019 16:15:48 -0600
+Subject: [PATCH] build fix for aesccm + devcrypto=cbc + wpas and afalg
+
+
+diff --git a/configure.ac b/configure.ac
+index 61fad39dd..30731eb52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1045,6 +1045,10 @@ AC_ARG_ENABLE([afalg],
+
+ if test "$ENABLED_AFALG" = "yes"
+ then
++ if test "$ENABLED_AESCCM" = "yes"
++ then
++ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++ fi
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
+ fi
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index fef2f9c74..d294f6236 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -759,7 +759,9 @@
+ }
+ #endif /* HAVE_AES_DECRYPT */
+
+-#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)
++#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)) || \
++ ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
++ defined(HAVE_AESCCM))
+ static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+ {
+ wc_AesEncryptDirect(aes, outBlock, inBlock);
+@@ -768,16 +770,6 @@
+
+ #elif defined(WOLFSSL_AFALG)
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+- /* if all AES is enabled with devcrypto then tables are not needed */
+-
+- #if defined(HAVE_AESCCM)
+- static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+- {
+- wc_AesEncryptDirect(aes, outBlock, inBlock);
+- return 0;
+- }
+- #endif
+-
+ #else
+
+ /* using wolfCrypt software implementation */
+@@ -1593,8 +1585,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
+
+ #if defined(HAVE_AES_DECRYPT)
+-#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
+- !defined(WOLFSSL_DEVCRYPTO_CBC)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
++ defined(WOLFSSL_AES_DIRECT)
+
+ /* load 4 Td Tables into cache by cache line stride */
+ static WC_INLINE word32 PreFetchTd(void)