| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | # |
| 2 | # Copyright (C) 2006-2017 OpenWrt.org |
| 3 | # |
| 4 | # This is free software, licensed under the GNU General Public License v2. |
| 5 | # See /LICENSE for more information. |
| 6 | # |
| 7 | |
| 8 | include $(TOPDIR)/rules.mk |
| 9 | |
| 10 | PKG_NAME:=wolfssl |
| 11 | PKG_VERSION:=5.7.6 |
| 12 | PKG_REAL_VERSION:=$(PKG_VERSION)-stable |
| 13 | PKG_RELEASE:=1 |
| 14 | |
| 15 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_REAL_VERSION).tar.gz |
| 16 | PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_REAL_VERSION) |
| 17 | PKG_HASH:=52b1e439e30d1ed8162a16308a8525a862183b67aa30373b11166ecbab000d63 |
| 18 | |
| 19 | PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_REAL_VERSION) |
| 20 | |
| 21 | PKG_FIXUP:=libtool libtool-abiver |
| 22 | PKG_INSTALL:=1 |
| 23 | PKG_BUILD_FLAGS:=no-mips16 lto |
| 24 | PKG_BUILD_PARALLEL:=1 |
| 25 | PKG_LICENSE:=GPL-2.0-or-later |
| 26 | PKG_LICENSE_FILES:=LICENSING COPYING |
| 27 | PKG_MAINTAINER:=Eneas U de Queiroz <cotequeiroz@gmail.com> |
| 28 | PKG_CPE_ID:=cpe:/a:wolfssl:wolfssl |
| 29 | |
| 30 | PKG_CONFIG_DEPENDS:=\ |
| 31 | CONFIG_WOLFSSL_HAS_AES_CCM \ |
| 32 | CONFIG_WOLFSSL_HAS_ARC4 \ |
| 33 | CONFIG_WOLFSSL_HAS_CERTGEN \ |
| 34 | CONFIG_WOLFSSL_HAS_CHACHA_POLY \ |
| 35 | CONFIG_WOLFSSL_HAS_DH \ |
| 36 | CONFIG_WOLFSSL_HAS_DTLS \ |
| 37 | CONFIG_WOLFSSL_HAS_ECC25519 \ |
| 38 | CONFIG_WOLFSSL_HAS_ECC448 \ |
| 39 | CONFIG_WOLFSSL_HAS_OCSP \ |
| 40 | CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES \ |
| 41 | CONFIG_WOLFSSL_HAS_SESSION_TICKET \ |
| 42 | CONFIG_WOLFSSL_HAS_TLSV10 \ |
| 43 | CONFIG_WOLFSSL_HAS_TLSV13 \ |
| 44 | CONFIG_WOLFSSL_HAS_WPAS |
| 45 | |
| 46 | PKG_ABI_VERSION:=$(PKG_VERSION) |
| 47 | |
| 48 | PKG_CONFIG_DEPENDS+=\ |
| 49 | CONFIG_PACKAGE_libwolfssl-benchmark \ |
| 50 | CONFIG_WOLFSSL_HAS_AFALG \ |
| 51 | CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \ |
| 52 | CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \ |
| 53 | CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL |
| 54 | |
| 55 | include $(INCLUDE_DIR)/package.mk |
| 56 | |
| 57 | DISABLE_NLS:= |
| 58 | |
| 59 | define Package/libwolfssl/Default |
| 60 | SECTION:=libs |
| 61 | SUBMENU:=SSL |
| 62 | CATEGORY:=Libraries |
| 63 | URL:=http://www.wolfssl.com/ |
| 64 | endef |
| 65 | |
| 66 | define Package/libwolfssl |
| 67 | $(call Package/libwolfssl/Default) |
| 68 | TITLE:=wolfSSL library |
| 69 | MENU:=1 |
| 70 | PROVIDES:=libcyassl |
| 71 | DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user |
| 72 | ABI_VERSION:=$(PKG_ABI_VERSION) |
| 73 | VARIANT:=regular |
| 74 | DEFAULT_VARIANT:=1 |
| 75 | CONFLICTS:=libwolfsslcpu-crypto |
| 76 | endef |
| 77 | |
| 78 | define Package/libwolfssl/description |
| 79 | wolfSSL (formerly CyaSSL) is an SSL library optimized for small |
| 80 | footprint, both on disk and for memory use. |
| 81 | endef |
| 82 | |
| 83 | define Package/libwolfssl/config |
| 84 | source "$(SOURCE)/Config.in" |
| 85 | endef |
| 86 | |
| 87 | define Package/libwolfsslcpu-crypto |
| 88 | $(call Package/libwolfssl/Default) |
| 89 | TITLE:=wolfSSL library with AES CPU instructions |
| 90 | PROVIDES:=libwolfssl libcyassl |
| 91 | DEPENDS:=@((aarch64||x86_64)&&(m||!TARGET_bcm27xx)) |
| 92 | ABI_VERSION:=$(PKG_ABI_VERSION) |
| 93 | VARIANT:=cpu-crypto |
| 94 | endef |
| 95 | |
| 96 | define Package/libwolfssl-benchmark |
| 97 | $(call Package/libwolfssl/Default) |
| 98 | TITLE:=wolfSSL Benchmark Utility |
| 99 | DEPENDS:=libwolfssl |
| 100 | endef |
| 101 | |
| 102 | define Package/libwolfsslcpu-crypto/description |
| 103 | $(call Package/libwolfssl/description) |
| 104 | This variant uses AES CPU instructions (Intel AESNI or ARMv8 Crypto Extension) |
| 105 | endef |
| 106 | |
| 107 | define Package/libwolfsslcpu-crypto/config |
| 108 | if TARGET_armsr && PACKAGE_libwolfsslcpu-crypto = y |
| 109 | comment "You are about to build libwolfsslcpu-crypto into an armsr_64 image." |
| 110 | comment "Ensure all of your installation targets support the Crypto Extension. " |
| 111 | comment "Look for the 'aes' feature in /proc/cpuinfo. This library does not do " |
| 112 | comment "run-time detection and will crash if the CPU does not support it. " |
| 113 | endif |
| 114 | if TARGET_bcm27xx && PACKAGE_libwolfsslcpu-crypto |
| 115 | comment "Beware that libwolfsslcpu-crypto will not run in a bcm27xx target. " |
| 116 | endif |
| 117 | endef |
| 118 | |
| 119 | define Package/libwolfssl-benchmark/description |
| 120 | This is the wolfssl benchmark utility. |
| 121 | endef |
| 122 | |
| 123 | TARGET_CFLAGS += \ |
| 124 | $(FPIC) \ |
| 125 | -fomit-frame-pointer \ |
| 126 | -DFP_MAX_BITS=8192 \ |
| 127 | $(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES) |
| 128 | |
| 129 | # --enable-stunnel needed for OpenSSL API compatibility bits |
| 130 | CONFIGURE_ARGS += \ |
| 131 | --enable-reproducible-build \ |
| 132 | --enable-lighty \ |
| 133 | --enable-opensslall \ |
| 134 | --enable-opensslextra \ |
| 135 | --enable-sni \ |
| 136 | --enable-stunnel \ |
| 137 | --enable-altcertchains \ |
| 138 | --$(if $(CONFIG_PACKAGE_libwolfssl-benchmark),enable,disable)-crypttests \ |
| 139 | --enable-sp \ |
| 140 | --disable-examples \ |
| 141 | --disable-jobserver \ |
| 142 | --$(if $(CONFIG_IPV6),enable,disable)-ipv6 \ |
| 143 | --$(if $(CONFIG_WOLFSSL_HAS_AES_CCM),enable,disable)-aesccm \ |
| 144 | --$(if $(CONFIG_WOLFSSL_HAS_CERTGEN),enable,disable)-certgen \ |
| 145 | --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-chacha \ |
| 146 | --$(if $(CONFIG_WOLFSSL_HAS_CHACHA_POLY),enable,disable)-poly1305 \ |
| 147 | --$(if $(CONFIG_WOLFSSL_HAS_DH),enable,disable)-dh \ |
| 148 | --$(if $(CONFIG_WOLFSSL_HAS_ARC4),enable,disable)-arc4 \ |
| 149 | --$(if $(CONFIG_WOLFSSL_HAS_TLSV10),enable,disable)-tlsv10 \ |
| 150 | --$(if $(CONFIG_WOLFSSL_HAS_TLSV13),enable,disable)-tls13 \ |
| 151 | --$(if $(CONFIG_WOLFSSL_HAS_SESSION_TICKET),enable,disable)-session-ticket \ |
| 152 | --$(if $(CONFIG_WOLFSSL_HAS_DTLS),enable,disable)-dtls \ |
| 153 | --$(if $(CONFIG_WOLFSSL_HAS_ECC25519),enable,disable)-curve25519 \ |
| 154 | --$(if $(CONFIG_WOLFSSL_HAS_ECC448),enable,disable)-curve448 \ |
| 155 | --$(if $(CONFIG_WOLFSSL_HAS_OPENVPN),enable,disable)-openvpn |
| 156 | |
| 157 | define Package/libwolfsslcpu-crypto/preinst-aarch64 |
| 158 | #!/bin/sh |
| 159 | exec >&2 |
| 160 | printf "[libwolfsslcpu-crypto] Checking for Arm v8-A Cryptographic Extension support: " |
| 161 | if [ -n "$${IPKG_INSTROOT}" ]; then |
| 162 | printf "...[offline]... " |
| 163 | eval "$$(grep '^DISTRIB_TARGET=' "$${IPKG_INSTROOT}/etc/openwrt_release")" |
| 164 | echo "$${DISTRIB_TARGET}" | grep '^bcm27xx/.*' > /dev/null && { |
| 165 | echo "not supported" |
| 166 | echo "Error: Target $${DISTRIB_TARGET} does not support Arm Cryptographic Extension." |
| 167 | echo "Install the regular libwolfssl package instead of libwolfsslcpu-crypto." |
| 168 | exit 1 |
| 169 | } |
| 170 | else |
| 171 | grep -q '^Features.*\baes\b' /proc/cpuinfo || { |
| 172 | echo "not supported" |
| 173 | echo "Error: Arm v8-A Cryptographic Extension not supported." |
| 174 | echo "Install the regular libwolfssl package instead of libwolfsslcpu-crypto." |
| 175 | echo "Contents of /proc/cpuinfo:" |
| 176 | cat /proc/cpuinfo |
| 177 | exit 1 |
| 178 | } |
| 179 | fi |
| 180 | echo OK |
| 181 | exit 0 |
| 182 | endef |
| 183 | |
| 184 | ifeq ($(BUILD_VARIANT),regular) |
| 185 | CONFIGURE_ARGS += \ |
| 186 | --$(if $(CONFIG_WOLFSSL_HAS_AFALG),enable,disable)-afalg \ |
| 187 | --enable-devcrypto=$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC),cbc\ |
| 188 | ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES),aes\ |
| 189 | ,$(if $(CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL),yes,no))) |
| 190 | else ifdef CONFIG_aarch64 |
| 191 | CONFIGURE_ARGS += --enable-armasm |
| 192 | TARGET_CFLAGS:=$(TARGET_CFLAGS:-mcpu%=-mcpu%+crypto) |
| 193 | Package/libwolfsslcpu-crypto/preinst=$(Package/libwolfsslcpu-crypto/preinst-aarch64) |
| 194 | else ifdef CONFIG_TARGET_x86_64 |
| 195 | CONFIGURE_ARGS += --enable-intelasm |
| 196 | endif |
| 197 | |
| 198 | ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y) |
| 199 | CONFIGURE_ARGS += \ |
| 200 | --enable-ocsp --enable-ocspstapling --enable-ocspstapling2 |
| 201 | endif |
| 202 | |
| 203 | ifeq ($(CONFIG_WOLFSSL_HAS_WPAS),y) |
| 204 | CONFIGURE_ARGS += \ |
| 205 | --enable-wpas --enable-fortress --enable-fastmath |
| 206 | endif |
| 207 | |
| 208 | CONFIGURE_ARGS := $(filter-out --enable-year2038,$(CONFIGURE_ARGS)) |
| 209 | |
| 210 | define Build/InstallDev |
| 211 | $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig |
| 212 | $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ |
| 213 | |
| 214 | $(INSTALL_DIR) $(1)/usr/lib |
| 215 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.{so*,la} $(1)/usr/lib/ |
| 216 | ln -s libwolfssl.so $(1)/usr/lib/libcyassl.so |
| 217 | ln -s libwolfssl.la $(1)/usr/lib/libcyassl.la |
| 218 | |
| 219 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig |
| 220 | endef |
| 221 | |
| 222 | define Package/libwolfssl/install |
| 223 | $(INSTALL_DIR) $(1)/usr/lib |
| 224 | $(CP) $(PKG_INSTALL_DIR)/usr/lib/libwolfssl.so.* $(1)/usr/lib/ |
| 225 | endef |
| 226 | |
| 227 | Package/libwolfsslcpu-crypto/install=$(Package/libwolfssl/install) |
| 228 | |
| 229 | define Package/libwolfssl-benchmark/install |
| 230 | $(INSTALL_DIR) $(1)/usr/bin |
| 231 | $(CP) $(PKG_BUILD_DIR)/wolfcrypt/benchmark/.libs/benchmark $(1)/usr/bin/wolfssl-benchmark |
| 232 | endef |
| 233 | |
| 234 | $(eval $(call BuildPackage,libwolfssl)) |
| 235 | $(eval $(call BuildPackage,libwolfsslcpu-crypto)) |
| 236 | $(eval $(call BuildPackage,libwolfssl-benchmark)) |