wolfssl: allow building with hw-crytpo and AES-CCM

Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit ab19627ecc3923687fd339f4f23dc45572d00ce0)

2 files changed, 138 insertions, 0 deletions

diff --git a/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch b/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch
new file mode 100644
index 0000000000..a9b8aee918
--- /dev/null
+++ b/package/libs/wolfssl/patches/010-build-with-devcrypto-and-aesccm.patch
@@ -0,0 +1,74 @@
+From e8e1d35744c68b165e172a687e870a549438bdf0 Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Tue, 13 Aug 2019 14:12:45 -0600
+Subject: [PATCH] build with devcrypto and aesccm
+
+
+diff --git a/configure.ac b/configure.ac
+index f943cc6ef..cf03e7f52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1096,6 +1096,10 @@ then
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
+     ENABLED_DEVCRYPTO=yes
+@@ -1106,6 +1110,10 @@ then
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     ENABLED_DEVCRYPTO=yes
+ fi
+ if test "$ENABLED_DEVCRYPTO" = "cbc"
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index beeae72a6..b583d03e9 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -760,6 +760,14 @@
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+     /* if all AES is enabled with devcrypto then tables are not needed */
+ 
++    #if defined(HAVE_AESCCM)
++    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
++    {
++        wc_AesEncryptDirect(aes, outBlock, inBlock);
++        return 0;
++    }
++    #endif
++
+ #else
+ 
+     /* using wolfCrypt software implementation */
+@@ -1314,7 +1322,8 @@ static const word32 Td[4][256] = {
+ };
+ 
+ 
+-#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) \
++			|| defined(WOLFSSL_AES_DIRECT)
+ static const byte Td4[256] =
+ {
+     0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+index 5c63421e2..d5061f364 100644
+--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
++++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+@@ -168,7 +168,7 @@ static int wc_DevCrypto_AesDirect(Aes* aes, byte* out, const byte* in,
+ #endif
+ 
+ 
+-#if defined(WOLFSSL_AES_DIRECT)
++#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM)
+ void wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+ {
+     wc_DevCrypto_AesDirect(aes, out, in, AES_BLOCK_SIZE, COP_ENCRYPT);
diff --git a/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch b/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch
new file mode 100644
index 0000000000..bb4c6fd04b
--- /dev/null
+++ b/package/libs/wolfssl/patches/020-build-fix-for-aesccm-devcrypto-cbc-wpas-and-afalg.patch
@@ -0,0 +1,64 @@
+From 9fd38dc340c38dee6e5935da174f90270a63bfbf Mon Sep 17 00:00:00 2001
+From: Jacob Barthelmeh <jacob@wolfssl.com>
+Date: Fri, 30 Aug 2019 16:15:48 -0600
+Subject: [PATCH] build fix for aesccm + devcrypto=cbc + wpas and afalg
+
+
+diff --git a/configure.ac b/configure.ac
+index 61fad39dd..30731eb52 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1045,6 +1045,10 @@ AC_ARG_ENABLE([afalg],
+ 
+ if test "$ENABLED_AFALG" = "yes"
+ then
++    if test "$ENABLED_AESCCM" = "yes"
++    then
++        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
++    fi
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
+     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
+ fi
+diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
+index fef2f9c74..d294f6236 100644
+--- a/wolfcrypt/src/aes.c
++++ b/wolfcrypt/src/aes.c
+@@ -759,7 +759,9 @@
+         }
+     #endif /* HAVE_AES_DECRYPT */
+ 
+-#elif defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)
++#elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES)) || \
++      ((defined(WOLFSSL_AFALG) || defined(WOLFSSL_DEVCRYPTO_AES)) && \
++        defined(HAVE_AESCCM))
+         static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+         {
+             wc_AesEncryptDirect(aes, outBlock, inBlock);
+@@ -768,16 +770,6 @@
+ 
+ #elif defined(WOLFSSL_AFALG)
+ #elif defined(WOLFSSL_DEVCRYPTO_AES)
+-    /* if all AES is enabled with devcrypto then tables are not needed */
+-
+-    #if defined(HAVE_AESCCM)
+-    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+-    {
+-        wc_AesEncryptDirect(aes, outBlock, inBlock);
+-        return 0;
+-    }
+-    #endif
+-
+ #else
+ 
+     /* using wolfCrypt software implementation */
+@@ -1593,8 +1585,8 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
+ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT || HAVE_AESGCM */
+ 
+ #if defined(HAVE_AES_DECRYPT)
+-#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
+-    !defined(WOLFSSL_DEVCRYPTO_CBC)
++#if (defined(HAVE_AES_CBC) && !defined(WOLFSSL_DEVCRYPTO_CBC)) || \
++     defined(WOLFSSL_AES_DIRECT)
+ 
+ /* load 4 Td Tables into cache by cache line stride */
+ static WC_INLINE word32 PreFetchTd(void)