From 8b798dbb39856463878efb07ddef87ce2e522ceb Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Mon, 4 Jul 2022 14:11:26 -0300 Subject: [PATCH 01/12] realtek: rename u-boot-env2 to board-name Some realtek boards have two u-boot-env partitions. However, in the DGS-1210 series, the mtdblock2 partition is not a valid u-boot env and simply contains the board/device name, followed by nulls. 00000000 44 47 53 2d 31 32 31 30 2d 32 38 2d 46 31 00 00 |DGS-1210-28-F1..| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00040000 00000000 44 47 53 2d 31 32 31 30 2d 35 32 2d 46 31 00 00 |DGS-1210-52-F1..| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00040000 The misleading u-boot-env2 name also confuses uboot-envtools. Signed-off-by: Luiz Angelo Daros de Luca --- target/linux/realtek/dts-5.10/rtl8382_d-link_dgs-1210.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/linux/realtek/dts-5.10/rtl8382_d-link_dgs-1210.dtsi b/target/linux/realtek/dts-5.10/rtl8382_d-link_dgs-1210.dtsi index 312a36c1a8..aaaa872162 100644 --- a/target/linux/realtek/dts-5.10/rtl8382_d-link_dgs-1210.dtsi +++ b/target/linux/realtek/dts-5.10/rtl8382_d-link_dgs-1210.dtsi @@ -55,7 +55,7 @@ read-only; }; partition@c0000 { - label = "u-boot-env2"; + label = "board-name"; reg = <0x000c0000 0x40000>; }; partition@280000 { From fd2f3136ca5134364af7bfaf574379c1dbda8344 Mon Sep 17 00:00:00 2001 From: Paul Spooren Date: Thu, 23 Sep 2021 15:30:32 -1000 Subject: [PATCH 02/12] build: do not require git/rsync for ImageBuilder The ImageBuilder does not need git or rsync since it only glues files together, packages are downloaded via wget and not rsync. Signed-off-by: Paul Spooren [ solve conflict with additional git prereq test ] Signed-off-by: Christian Marangi --- include/prereq-build.mk | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/prereq-build.mk b/include/prereq-build.mk index 80d549af39..7428c21e16 100644 --- a/include/prereq-build.mk +++ b/include/prereq-build.mk @@ -53,6 +53,13 @@ $(eval $(call TestHostCommand,ncurses, \ Please install ncurses. (Missing libncurses.so or ncurses.h), \ echo 'int main(int argc, char **argv) { initscr(); return 0; }' | \ gcc -include ncurses.h -x c -o $(TMP_DIR)/a.out - -lncurses)) + +$(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \ + git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule, \ + git submodule --help | grep -- --recursive)) + +$(eval $(call SetupHostCommand,rsync,Please install 'rsync', \ + rsync --version = 1.7.12.2, \ - git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule, \ - git submodule --help | grep -- --recursive)) - $(eval $(call SetupHostCommand,file,Please install the 'file' package, \ file --version 2>&1 | grep file)) -$(eval $(call SetupHostCommand,rsync,Please install 'rsync', \ - rsync --version Date: Wed, 20 Jan 2021 02:01:37 +0100 Subject: [PATCH 03/12] wolfssl: WOLFSSL_HAS_WPAS requires WOLFSSL_HAS_DH Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is enabled, resulting in an "Anonymous suite requires DH" error when trying to compile wolfssl. Signed-off-by: Pascal Ernster Reviewed-by: Eneas U de Queiroz --- package/libs/wolfssl/Config.in | 1 + 1 file changed, 1 insertion(+) diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index 901f2b2965..c364da033a 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -43,6 +43,7 @@ config WOLFSSL_HAS_OCSP config WOLFSSL_HAS_WPAS bool "Include wpa_supplicant support" select WOLFSSL_HAS_ARC4 + select WOLFSSL_HAS_DH select WOLFSSL_HAS_OCSP select WOLFSSL_HAS_SESSION_TICKET default y From dcc0fe24ea216d32300c0f01c8879e586d89cc1e Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 6 Jul 2022 20:32:11 +0200 Subject: [PATCH 04/12] kernel: Add missing mediatek configuration options When building the mediatek/mt7629 target in OpenWrt 22.03 the kernel does not have a configuration option for CONFIG_CRYPTO_DEV_MEDIATEK. Add this option to the generic kernel configuration and also add two other configuration options which are removed when we refresh the mt7629 kernel configuration. Signed-off-by: Hauke Mehrtens --- target/linux/generic/config-5.10 | 3 +++ target/linux/generic/config-5.15 | 3 +++ target/linux/mediatek/mt7629/config-5.15 | 2 -- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10 index 2758479519..c14851dbdb 100644 --- a/target/linux/generic/config-5.10 +++ b/target/linux/generic/config-5.10 @@ -1099,6 +1099,7 @@ CONFIG_CRYPTO_CTR=y # CONFIG_CRYPTO_DEV_HISI_ZIP is not set # CONFIG_CRYPTO_DEV_IMGTEC_HASH is not set # CONFIG_CRYPTO_DEV_MARVELL_CESA is not set +# CONFIG_CRYPTO_DEV_MEDIATEK is not set # CONFIG_CRYPTO_DEV_MV_CESA is not set # CONFIG_CRYPTO_DEV_MXC_SCC is not set # CONFIG_CRYPTO_DEV_MXS_DCP is not set @@ -3202,6 +3203,7 @@ CONFIG_MAY_USE_DEVLINK=y # CONFIG_MDIO_XPCS is not set # CONFIG_MD_FAULTY is not set # CONFIG_MEDIATEK_GE_PHY is not set +# CONFIG_MEDIATEK_MT6577_AUXADC is not set # CONFIG_MEDIA_ANALOG_TV_SUPPORT is not set # CONFIG_MEDIA_ATTACH is not set # CONFIG_MEDIA_CAMERA_SUPPORT is not set @@ -3701,6 +3703,7 @@ CONFIG_MTD_SPLIT_SUPPORT=y # CONFIG_MTD_VIRT_CONCAT is not set # CONFIG_MTK_MMC is not set # CONFIG_MTK_MMSYS is not set +# CONFIG_MTK_THERMAL is not set # CONFIG_MULTIPLEXER is not set CONFIG_MULTIUSER=y # CONFIG_MUTEX_SPIN_ON_OWNER is not set diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15 index bd21e99356..cb71d9642b 100644 --- a/target/linux/generic/config-5.15 +++ b/target/linux/generic/config-5.15 @@ -1129,6 +1129,7 @@ CONFIG_CRYPTO_CTR=y # CONFIG_CRYPTO_DEV_HISI_ZIP is not set # CONFIG_CRYPTO_DEV_IMGTEC_HASH is not set # CONFIG_CRYPTO_DEV_MARVELL_CESA is not set +# CONFIG_CRYPTO_DEV_MEDIATEK is not set # CONFIG_CRYPTO_DEV_MV_CESA is not set # CONFIG_CRYPTO_DEV_MXC_SCC is not set # CONFIG_CRYPTO_DEV_MXS_DCP is not set @@ -3307,6 +3308,7 @@ CONFIG_MAY_USE_DEVLINK=y # CONFIG_MDM_GCC_9607 is not set # CONFIG_MD_FAULTY is not set # CONFIG_MEDIATEK_GE_PHY is not set +# CONFIG_MEDIATEK_MT6577_AUXADC is not set # CONFIG_MEDIA_ANALOG_TV_SUPPORT is not set # CONFIG_MEDIA_ATTACH is not set # CONFIG_MEDIA_CAMERA_SUPPORT is not set @@ -3845,6 +3847,7 @@ CONFIG_MTD_SPLIT_SUPPORT=y # CONFIG_MTK_DEVAPC is not set # CONFIG_MTK_MMC is not set # CONFIG_MTK_MMSYS is not set +# CONFIG_MTK_THERMAL is not set # CONFIG_MULTIPLEXER is not set CONFIG_MULTIUSER=y # CONFIG_MUTEX_SPIN_ON_OWNER is not set diff --git a/target/linux/mediatek/mt7629/config-5.15 b/target/linux/mediatek/mt7629/config-5.15 index 41c7032f58..24b7d3a154 100644 --- a/target/linux/mediatek/mt7629/config-5.15 +++ b/target/linux/mediatek/mt7629/config-5.15 @@ -165,7 +165,6 @@ CONFIG_MACH_MT7629=y CONFIG_MDIO_BUS=y CONFIG_MDIO_DEVICE=y CONFIG_MDIO_DEVRES=y -# CONFIG_MEDIATEK_MT6577_AUXADC is not set CONFIG_MEDIATEK_WATCHDOG=y CONFIG_MEMFD_CREATE=y CONFIG_MFD_SYSCON=y @@ -192,7 +191,6 @@ CONFIG_MTK_INFRACFG=y # CONFIG_MTK_PMIC_WRAP is not set CONFIG_MTK_SCPSYS=y CONFIG_MTK_SCPSYS_PM_DOMAINS=y -# CONFIG_MTK_THERMAL is not set CONFIG_MTK_TIMER=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_NEED_DMA_MAP_STATE=y From 8288a4bbb368fc050f46c7e97a1c1b7b0e0c66c2 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Tue, 5 Jul 2022 09:21:04 +0200 Subject: [PATCH 05/12] xdp-tools: mark as nonshared The SDK does not have the LLVM toolchain yet. Hopefully fixes errors in the form: xsk_def_xdp_prog.c:4:10: fatal error: 'bpf/bpf_helpers.h' file not found #include Fixes: 6ad1bea2a603 ("xdp-tools: add package") Signed-off-by: Nick Hainke --- package/network/utils/xdp-tools/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/package/network/utils/xdp-tools/Makefile b/package/network/utils/xdp-tools/Makefile index 3b93a13163..f0af555919 100644 --- a/package/network/utils/xdp-tools/Makefile +++ b/package/network/utils/xdp-tools/Makefile @@ -12,6 +12,7 @@ PKG_ABI_VERSION:=$(call abi_version_str,$(PKG_VERSION)) PKG_MAINTAINER:=Daniel Golle PKG_BUILD_DEPENDS:=bpf-headers +PKG_FLAGS:=nonshared include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/bpf.mk From d29722e6ff764d78428c54a5618b7a0e191245f1 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Wed, 6 Jul 2022 22:20:25 +0100 Subject: [PATCH 06/12] xdp-tools: fix build with NLS enabled Make sure the 'configure' shell script finds the libintl when linking the test programs for discovering libpcap and libbpf. Reported-by: @trippleflux Fixes: 6ad1bea2a603 ("xdp-tools: add package") Signed-off-by: Daniel Golle --- package/network/utils/xdp-tools/Makefile | 3 ++ .../010-configure-respect-LDFLAGS.patch | 29 +++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 package/network/utils/xdp-tools/patches/010-configure-respect-LDFLAGS.patch diff --git a/package/network/utils/xdp-tools/Makefile b/package/network/utils/xdp-tools/Makefile index f0af555919..7d831d0fec 100644 --- a/package/network/utils/xdp-tools/Makefile +++ b/package/network/utils/xdp-tools/Makefile @@ -16,6 +16,7 @@ PKG_FLAGS:=nonshared include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/bpf.mk +include $(INCLUDE_DIR)/nls.mk PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -76,6 +77,8 @@ define Package/xdpdump/description xdpdump - a simple tcpdump like tool for capturing packets at the XDP layer endef +TARGET_LDFLAGS += $(INTL_LDFLAGS) + CONFIGURE_VARS += \ FORCE_SYSTEM_LIBBPF=1 \ CC="$(TARGET_CC)" \ diff --git a/package/network/utils/xdp-tools/patches/010-configure-respect-LDFLAGS.patch b/package/network/utils/xdp-tools/patches/010-configure-respect-LDFLAGS.patch new file mode 100644 index 0000000000..b3454548f8 --- /dev/null +++ b/package/network/utils/xdp-tools/patches/010-configure-respect-LDFLAGS.patch @@ -0,0 +1,29 @@ +--- a/configure ++++ b/configure +@@ -138,7 +138,7 @@ int main(int argc, char **argv) { + return 0; + } + EOF +- libpcap_err=$($CC -o $TMPDIR/libpcaptest $TMPDIR/libpcaptest.c $LIBPCAP_CFLAGS $LIBPCAP_LDLIBS 2>&1) ++ libpcap_err=$($CC -o $TMPDIR/libpcaptest $TMPDIR/libpcaptest.c $LIBPCAP_CFLAGS $LIBPCAP_LDLIBS $LDFLAGS 2>&1) + if [ "$?" -eq "0" ]; then + echo "HAVE_PCAP:=y" >>$CONFIG + [ -n "$LIBPCAP_CFLAGS" ] && echo 'CFLAGS += ' $LIBPCAP_CFLAGS >> $CONFIG +@@ -186,7 +186,7 @@ int main(int argc, char **argv) { + return 0; + } + EOF +- libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS 2>&1) ++ libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS $LDFLAGS 2>&1) + if [ "$?" -eq "0" ]; then + echo "HAVE_FEATURES+=${config_var}" >>"$CONFIG" + echo "yes" +@@ -253,7 +253,7 @@ int main(int argc, char **argv) { + } + EOF + +- libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS 2>&1) ++ libbpf_err=$($CC -o $TMPDIR/libbpftest $TMPDIR/libbpftest.c -Werror $LIBBPF_CFLAGS $LIBBPF_LDLIBS $LDFLAGS 2>&1) + if [ "$?" -eq "0" ]; then + echo "SYSTEM_LIBBPF:=y" >>$CONFIG + echo "LIBBPF_VERSION=$LIBBPF_VERSION" >>$CONFIG From 3872b422fff26c52447a050b54f7d6e3ed15e7a6 Mon Sep 17 00:00:00 2001 From: Andrew Sim Date: Sun, 3 Jul 2022 10:55:29 +0200 Subject: [PATCH 07/12] mediatek: mt7622: add missing vbus regulator node to totolink-a8000ru dts On boot, kernel log complains no vbus supply is found: `xhci-mtk 1a0c0000.usb: supply vbus not found, using dummy regulator` so add the dts node entries to solve the issue Signed-off-by: Andrew Sim --- target/linux/mediatek/dts/mt7622-totolink-a8000ru.dts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/target/linux/mediatek/dts/mt7622-totolink-a8000ru.dts b/target/linux/mediatek/dts/mt7622-totolink-a8000ru.dts index d67fb4efbf..b634e28783 100644 --- a/target/linux/mediatek/dts/mt7622-totolink-a8000ru.dts +++ b/target/linux/mediatek/dts/mt7622-totolink-a8000ru.dts @@ -80,6 +80,15 @@ regulator-always-on; }; + reg_5v: regulator-5v { + compatible = "regulator-fixed"; + regulator-name = "fixed-5V"; + regulator-min-microvolt = <5000000>; + regulator-max-microvolt = <5000000>; + regulator-boot-on; + regulator-always-on; + }; + rtkgsw: rtkgsw@0 { compatible = "mediatek,rtk-gsw"; mediatek,ethsys = <ðsys>; @@ -312,6 +321,7 @@ &ssusb { vusb33-supply = <®_3p3v>; + vbus-supply = <®_5v>; status = "okay"; }; From 9b00e9795660f53caf1f4f5fd932bbbebd2eeeb1 Mon Sep 17 00:00:00 2001 From: Ronny Kotzschmar Date: Wed, 6 Jul 2022 15:14:21 +0200 Subject: [PATCH 08/12] rockchip: reliably distribute net interrupts On the NanoPI R4S it takes an average of 3..5 seconds for the network devices to appear in '/proc/interrupts'. Wait up to 10 seconds to ensure that the distribution of the interrupts really happens. Signed-off-by: Ronny Kotzschmar --- .../base-files/etc/hotplug.d/net/40-net-smp-affinity | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity b/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity index 9e4a4cf4fc..c76e62a23a 100644 --- a/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity +++ b/target/linux/rockchip/armv8/base-files/etc/hotplug.d/net/40-net-smp-affinity @@ -4,8 +4,15 @@ get_device_irq() { local device="$1" + local line + local seconds="0" - local line=$(grep -m 1 "${device}\$" /proc/interrupts) + # wait up to 10 seconds for the irq/device to appear + while [ "${seconds}" -le 10 ]; do + line=$(grep -m 1 "${device}\$" /proc/interrupts) && break + seconds="$(( seconds + 2 ))" + sleep 2 + done echo ${line} | sed 's/:.*//' } From 3c06a344e9c7c03c49c9153342e68a5390651323 Mon Sep 17 00:00:00 2001 From: Ivan Maslov Date: Sat, 29 Jan 2022 23:11:30 +0300 Subject: [PATCH 09/12] toolchaini/gcc: fix libstdc++ dual abi model libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI. Enable the config flag to also permit support of .NET 6 development on OpenWrt. Signed-off-by: Ivan Maslov [ reword commit description and title ] Signed-off-by: Christian Marangi --- toolchain/gcc/common.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolchain/gcc/common.mk b/toolchain/gcc/common.mk index 8fa9459f50..926418f4a7 100644 --- a/toolchain/gcc/common.mk +++ b/toolchain/gcc/common.mk @@ -119,7 +119,7 @@ GCC_CONFIGURE:= \ --disable-decimal-float \ --with-diagnostics-color=auto-if-env \ --enable-__cxa_atexit \ - --disable-libstdcxx-dual-abi \ + --enable-libstdcxx-dual-abi \ --with-default-libstdcxx-abi=new ifneq ($(CONFIG_mips)$(CONFIG_mipsel),) GCC_CONFIGURE += --with-mips-plt From 3899f68b54b31de4b4fef4f575f7ea56dc93d965 Mon Sep 17 00:00:00 2001 From: Dustin Lundquist Date: Wed, 6 Jul 2022 09:08:52 -0700 Subject: [PATCH 10/12] openssl: bump to 1.1.1q MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097) [Alex Chernyakhovsky, David Benjamin, Alejandro SedeƱo] Signed-off-by: Dustin Lundquist --- package/libs/openssl/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index ed618568a4..bf2d6ae64d 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=p +PKG_BUGFIX:=q PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=$(AUTORELEASE) PKG_USE_MIPS16:=0 @@ -25,7 +25,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/ -PKG_HASH:=bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f +PKG_HASH:=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE From e7ec2d73996b336eb5d7e6fc0f4607589b07a09e Mon Sep 17 00:00:00 2001 From: Florian Fainelli Date: Thu, 7 Jul 2022 15:06:21 -0700 Subject: [PATCH 11/12] kernel: add KERNEL_DEBUG_VIRTUAL This option allows turning on CONFIG_DEBUG_VIRTUAL which is useful to debug incorrect uses of the virtual to physical and physical to virtual translations functions. Signed-off-by: Florian Fainelli --- config/Config-kernel.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/config/Config-kernel.in b/config/Config-kernel.in index 7cd7906dc9..f1ee919ee3 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -414,6 +414,14 @@ config KERNEL_DEBUG_LL help ARM low level debugging. +config KERNEL_DEBUG_VIRTUAL + bool "Compile the kernel with VM translations debugging" + select KERNEL_DEBUG_KERNEL + default n + help + Enable checks sanity checks to catch invalid uses of + virt_to_phys()/phys_to_virt() against the non-linear address space. + config KERNEL_DYNAMIC_DEBUG bool "Compile the kernel with dynamic printk" select KERNEL_DEBUG_FS From 639419ec4fd1501a9b9857cea96474271ef737b1 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Wed, 6 Jul 2022 17:55:58 -0300 Subject: [PATCH 12/12] wolfssl: re-enable AES-NI by default for x86_64 Apply an upstream patch that removes unnecessary CFLAGs, avoiding generation of incompatible code. Commit 0bd536723303ccd178e289690d073740c928bb34 is reverted so the accelerated version builds by default on x86_64. Signed-off-by: Eneas U de Queiroz --- package/libs/wolfssl/Config.in | 7 +-- ...figure-to-use-minimal-compiler-flags.patch | 44 +++++++++++++++++++ 2 files changed, 45 insertions(+), 6 deletions(-) create mode 100644 package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index c364da033a..0af5b4a778 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -72,7 +72,7 @@ config WOLFSSL_ASM_CAPABLE choice prompt "Hardware Acceleration" - default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !x86_64 + default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE default WOLFSSL_HAS_NO_HW config WOLFSSL_HAS_NO_HW @@ -84,7 +84,6 @@ choice help This will use Intel AESNI insturctions or armv8 Crypto Extensions. Either of them should easily outperform hardware crypto in WolfSSL. - Beware that for Intel, the CPU has to support SSE4 instructions. config WOLFSSL_HAS_AFALG bool "AF_ALG" @@ -101,9 +100,5 @@ choice bool "/dev/crypto - full" select WOLFSSL_HAS_DEVCRYPTO endchoice -if x86_64 && WOLFSSL_HAS_CPU_CRYPTO - comment "WARNING: make sure your CPU supports SSE4 instructions" - comment "WolfSSL may crash with an invalid opcode exception" -endif endif diff --git a/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch b/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch new file mode 100644 index 0000000000..d65a117d1e --- /dev/null +++ b/package/libs/wolfssl/patches/300-AESNI-fix-configure-to-use-minimal-compiler-flags.patch @@ -0,0 +1,44 @@ +From 9ba77300f9f5dea9f53aed00bf6c33d10b7b2fce Mon Sep 17 00:00:00 2001 +From: Sean Parkinson +Date: Thu, 7 Jul 2022 09:30:48 +1000 +Subject: [PATCH] AESNI: fix configure to use minimal compiler flags + + +diff --git a/configure.ac b/configure.ac +index df97ac75c..6abb0c744 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2142,21 +2142,19 @@ then + if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI" +- if test "$GCC" = "yes" ++ if test "$CC" != "icc" + then +- # clang needs these flags +- if test "$CC" = "clang" +- then +- AM_CFLAGS="$AM_CFLAGS -maes -mpclmul" +- else +- # GCC needs these flags, icc doesn't +- # opt levels greater than 2 may cause problems on systems w/o +- # aesni +- if test "$CC" != "icc" +- then +- AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul" +- fi +- fi ++ case $host_os in ++ mingw*) ++ # Windows uses intrinsics for GCM which uses SSE4 instructions. ++ # MSVC has own build files. ++ AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul" ++ ;; ++ *) ++ # Intrinsics used in AES_set_decrypt_key (TODO: rework) ++ AM_CFLAGS="$AM_CFLAGS -maes" ++ ;; ++ esac + fi + AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"]) + fi