kumquat-buildroot/package/wolfssl/wolfssl.mk

################################################################################
#
# wolfssl
#
################################################################################

WOLFSSL_VERSION = 4.5.0-stable
WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION))
WOLFSSL_INSTALL_STAGING = YES

WOLFSSL_LICENSE = GPL-2.0+
WOLFSSL_LICENSE_FILES = COPYING LICENSING

WOLFSSL_DEPENDENCIES = host-pkgconf

# wolfssl's source code is released without a configure
# script, so we need autoreconf
WOLFSSL_AUTORECONF = YES

WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests

ifeq ($(BR2_PACKAGE_WOLFSSL_ALL),y)
WOLFSSL_CONF_OPTS += --enable-all
else
WOLFSSL_CONF_OPTS += --disable-all
endif

ifeq ($(BR2_PACKAGE_WOLFSSL_SSLV3),y)
WOLFSSL_CONF_OPTS += --enable-sslv3
else
WOLFSSL_CONF_OPTS += --disable-sslv3
endif

# enable ARMv8 hardware acceleration
ifeq ($(BR2_ARM_CPU_ARMV8A),y)
WOLFSSL_CONF_OPTS += --enable-armasm
# the flag -mstrict-align is needed to prevent build errors caused by
# some inline assembly in parts of the AES structure using the "m"
# constraint
ifeq ($(BR2_aarch64),y)
WOLFSSL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -mstrict-align"
endif
else
WOLFSSL_CONF_OPTS += --disable-armasm
endif

$(eval $(autotools-package))
wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00			`################################################################################`
			`#`
			`# wolfssl`
			`#`
			`################################################################################`

package/wolfssl: security bump to version 4.5.0 wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3, 2 side channel attack mitigations, 1 fix for a potential private key leak in a specific use case, 1 fix for DTLS including those 3 CVEs: - Fix CVE-2020-12457: An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. - Fix CVE-2020-15309: An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). - Fix CVE-2020-24585: An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. Also update hash of LICENSING as well as WOLF_LICENSE due to later verbage update with https://github.com/wolfSSL/wolfssl/commit/970391319beb023680eccd0e447e76834dbb4808 https://www.wolfssl.com/docs/security-vulnerabilities/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2020-08-29 09:56:21 +02:00			`WOLFSSL_VERSION = 4.5.0-stable`
package/wolfssl: cleanup version/download logic Use the github macro rather than manually downloading from github and include -stable in the version number to match release-monitoring.org. And update the .hash line to match. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2019-10-31 23:47:02 +01:00			`WOLFSSL_SITE = $(call github,wolfSSL,wolfssl,v$(WOLFSSL_VERSION))`
wolfssl: install into staging wolfssl is a library, so it should be installed into staging so other packages can find the header files / library. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-10-30 11:23:00 +01:00			`WOLFSSL_INSTALL_STAGING = YES`
wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00
package/wolfssl: security bump to version 4.5.0 wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3, 2 side channel attack mitigations, 1 fix for a potential private key leak in a specific use case, 1 fix for DTLS including those 3 CVEs: - Fix CVE-2020-12457: An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service. - Fix CVE-2020-15309: An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). - Fix CVE-2020-24585: An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. Also update hash of LICENSING as well as WOLF_LICENSE due to later verbage update with https://github.com/wolfSSL/wolfssl/commit/970391319beb023680eccd0e447e76834dbb4808 https://www.wolfssl.com/docs/security-vulnerabilities/ Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> 2020-08-29 09:56:21 +02:00			`WOLFSSL_LICENSE = GPL-2.0+`
wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00			`WOLFSSL_LICENSE_FILES = COPYING LICENSING`

			`WOLFSSL_DEPENDENCIES = host-pkgconf`

			`# wolfssl's source code is released without a configure`
			`# script, so we need autoreconf`
			`WOLFSSL_AUTORECONF = YES`

package/wolfssl: disable examples and tests Examples and tests are not needed especially because of them fails on some architectures because it wrongly tries to use wc_Sha256FinalRaw: CCLD tests/unit.test /tmp/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/aarch64-none-linux-gnu/9.2.1/../../../../aarch64-none-linux-gnu/bin/ld: tests/tests_unit_test-api.o: in function `test_wc_Sha256FinalRaw': /tmp/instance-0/output-1/build/wolfssl-4.5.0-stable/tests/api.c:6504: undefined reference to `wc_Sha256FinalRaw' Fixes: - http://autobuild.buildroot.org/results/d5b6f97f7510874fe28c675e599be08cb8a78c7b Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2020-09-02 22:43:10 +02:00			`WOLFSSL_CONF_OPTS = --disable-examples --disable-crypttests`

wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00			`ifeq ($(BR2_PACKAGE_WOLFSSL_ALL),y)`
			`WOLFSSL_CONF_OPTS += --enable-all`
			`else`
			`WOLFSSL_CONF_OPTS += --disable-all`
			`endif`

			`ifeq ($(BR2_PACKAGE_WOLFSSL_SSLV3),y)`
			`WOLFSSL_CONF_OPTS += --enable-sslv3`
			`else`
			`WOLFSSL_CONF_OPTS += --disable-sslv3`
			`endif`

package/wolfssl: enable ARMv8 hardware acceleration Enable hardware acceleration for ARMv8 targets. When ARMv8 hardware acceleration is enabled on AArch64 without any additional flags, the build fails with the following messages: /tmp/cciv7Oei.s: Assembler messages: /tmp/cciv7Oei.s:580: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:616: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:629: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:669: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:1211: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]' /tmp/cciv7Oei.s:1368: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]' /tmp/cciv7Oei.s:1554: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]' /tmp/cciv7Oei.s:1719: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]' /tmp/cciv7Oei.s:1870: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]' /tmp/cciv7Oei.s:2043: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]' make[3]: *** [Makefile:3801: wolfcrypt/src/port/arm/src_libwolfssl_la-armv8-aes.lo] Error 1 This is because of some inline assembly in parts of the AES structure using the "m" constraint. So lets use the flag -mstrict-align to prevent this error. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> [Thomas: restrict the -mstrict-align workaround to AArch64, as ARMv8-A can also be used in an AArch32 build, and in this case, gcc doesn't support the -mstrict-align flag] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-11-25 10:20:27 +01:00			`# enable ARMv8 hardware acceleration`
			`ifeq ($(BR2_ARM_CPU_ARMV8A),y)`
			`WOLFSSL_CONF_OPTS += --enable-armasm`
			`# the flag -mstrict-align is needed to prevent build errors caused by`
			`# some inline assembly in parts of the AES structure using the "m"`
			`# constraint`
			`ifeq ($(BR2_aarch64),y)`
			`WOLFSSL_CONF_ENV += CPPFLAGS="$(TARGET_CPPFLAGS) -mstrict-align"`
			`endif`
			`else`
wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00			`WOLFSSL_CONF_OPTS += --disable-armasm`
package/wolfssl: enable ARMv8 hardware acceleration Enable hardware acceleration for ARMv8 targets. When ARMv8 hardware acceleration is enabled on AArch64 without any additional flags, the build fails with the following messages: /tmp/cciv7Oei.s: Assembler messages: /tmp/cciv7Oei.s:580: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:616: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:629: Error: invalid addressing mode at operand 2 -- `ld1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:669: Error: invalid addressing mode at operand 2 -- `st1 {v0.2d},[x0,256]' /tmp/cciv7Oei.s:1211: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]' /tmp/cciv7Oei.s:1368: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]' /tmp/cciv7Oei.s:1554: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]' /tmp/cciv7Oei.s:1719: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]' /tmp/cciv7Oei.s:1870: Error: invalid addressing mode at operand 2 -- `ld1 {v16.2d},[x0,304]' /tmp/cciv7Oei.s:2043: Error: invalid addressing mode at operand 2 -- `ld1 {v17.16b},[x19,304]' make[3]: *** [Makefile:3801: wolfcrypt/src/port/arm/src_libwolfssl_la-armv8-aes.lo] Error 1 This is because of some inline assembly in parts of the AES structure using the "m" constraint. So lets use the flag -mstrict-align to prevent this error. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> [Thomas: restrict the -mstrict-align workaround to AArch64, as ARMv8-A can also be used in an AArch32 build, and in this case, gcc doesn't support the -mstrict-align flag] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-11-25 10:20:27 +01:00			`endif`
wolfssl: new package The wolfSSL embedded SSL library is a lightweight and portable SSL/TLS library. Tested on Beaglebone Black using a tool called testsuite that comes with wolfssl source code inside the testsuite/ directory. To build it, we have to pass --enable-examples in the configure, and then manually copy the binary to the rootfs. Also, to use this tool, you will we need to copy the certs/* directory to the rootfs. Build-tested with test-pkg script. Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-12-23 17:32:15 +01:00
			`$(eval $(autotools-package))`