[OpenWrt-Devel] [PATCH] wolfssl: fix options and add support for wpa_supplicant features

Alexandru Ardelean ardeleanalex at gmail.com
Wed May 2 15:53:59 EDT 2018


On Sat, Apr 28, 2018 at 9:55 PM, Daniel Golle <daniel at makrotopia.org> wrote:
> Some options' default values have been changed upstream, others were
> accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
> needed to build hostapd/wpa_supplicant against wolfssl.

Sorry for the late reply.
I wanted to take a look at the patch and check it a bit.
I noticed that your patch is applied now to master.

Overall this is good.
I've been wanting for a while to rework this.
Your approach is better right now before the release [than my rework].

Something like this:
https://github.com/commodo/openwrt/commit/d41ea4f342de7dbb02c9cfb0b19373c39ec24f81
I'll test it a bit more.

One more comment inline below.

>
> Signed-off-by: Daniel Golle <daniel at makrotopia.org>
> ---
>  package/libs/wolfssl/Config.in | 12 ++++++++++++
>  package/libs/wolfssl/Makefile  | 33 ++++++++++++++++++++++++++++-----
>  2 files changed, 40 insertions(+), 5 deletions(-)
>
> diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
> index 7e8a4b6cee..9b88914516 100644
> --- a/package/libs/wolfssl/Config.in
> +++ b/package/libs/wolfssl/Config.in
> @@ -32,10 +32,22 @@ config WOLFSSL_HAS_PSK
>         bool "Include PKS (Pre Share Key) support"
>         default n
>
> +config WOLFSSL_HAS_SESSION_TICKET
> +       bool "Include session ticket support"
> +       default n
> +
>  config WOLFSSL_HAS_DTLS
>         bool "Include DTLS support"
>         default n
>
> +config WOLFSSL_HAS_OCSP
> +       bool "Include OSCP support"
> +       default n
> +
> +config WOLFSSL_HAS_WPAS
> +       bool "Include wpa_supplicant support"
> +       default n
> +
>  config WOLFSSL_HAS_ECC25519
>         bool "Include ECC Curve 22519 support"
>         depends on WOLFSSL_HAS_ECC
> diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
> index 1d4b7f5579..d0bd3b5a35 100644
> --- a/package/libs/wolfssl/Makefile
> +++ b/package/libs/wolfssl/Makefile
> @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
>
>  PKG_NAME:=wolfssl
>  PKG_VERSION:=3.12.2
> -PKG_RELEASE:=1
> +PKG_RELEASE:=2
>
>  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
>  PKG_SOURCE_URL:=https://www.wolfssl.com/
> @@ -51,7 +51,9 @@ CONFIGURE_ARGS += \
>         --enable-opensslextra \
>         --enable-sni \
>         --enable-stunnel \
> -       --disable-examples
> +       --disable-examples \
> +       --disable-leanpsk \
> +       --disable-leantls \

Nitpick: these are disabled by default.
No need to disable them here.

>
>  ifeq ($(CONFIG_IPV6),y)
>  CONFIGURE_ARGS += \
> @@ -79,19 +81,25 @@ CONFIGURE_ARGS += \
>         --enable-supportedcurves
>  endif
>
> -ifneq ($(CONFIG_WOLFSSL_HAS_DH),y)
> +ifeq ($(CONFIG_WOLFSSL_HAS_DH),y)
>  CONFIGURE_ARGS += \
>         --enable-dh
>  endif
>
> -ifeq ($(CONFIG_WOLFSSL_HAS_ARC4),n)
> +ifneq ($(CONFIG_WOLFSSL_HAS_ARC4),y)
>  CONFIGURE_ARGS += \
>         --disable-arc4
> +else
> +CONFIGURE_ARGS += \
> +       --enable-arc4
>  endif
>
> -ifeq ($(CONFIG_WOLFSSL_HAS_DES3),y)
> +ifneq ($(CONFIG_WOLFSSL_HAS_DES3),y)
>  CONFIGURE_ARGS += \
>         --disable-des3
> +else
> +CONFIGURE_ARGS += \
> +       --enable-des3
>  endif
>
>  ifeq ($(CONFIG_WOLFSSL_HAS_PSK),y)
> @@ -99,11 +107,26 @@ CONFIGURE_ARGS += \
>         --enable-psk
>  endif
>
> +ifeq ($(CONFIG_WOLFSSL_HAS_SESSION_TICKET),y)
> +CONFIGURE_ARGS += \
> +       --enable-session-ticket
> +endif
> +
>  ifeq ($(CONFIG_WOLFSSL_HAS_DTLS),y)
>  CONFIGURE_ARGS += \
>         --enable-dtls
>  endif
>
> +ifeq ($(CONFIG_WOLFSSL_HAS_OCSP),y)
> +CONFIGURE_ARGS += \
> +       --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
> +endif
> +
> +ifeq ($(CONFIG_WOLFSSL_HAS_WPAS),y)
> +CONFIGURE_ARGS += \
> +       --enable-wpas --enable-sha512 --enable-fortress --enable-fastmath
> +endif
> +
>  ifeq ($(CONFIG_WOLFSSL_HAS_ECC25519),y)
>  CONFIGURE_ARGS += \
>         --enable-curve25519

Thanks for this patch :)
Alex

> --
> 2.17.0
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list