From 6e7dc3845dea7061940acc5e88b0796989a061c1 Mon Sep 17 00:00:00 2001
From: RISCi_ATOM <bob@bobcall.me>
Date: Fri, 31 Dec 2021 12:53:50 -0500
Subject: [PATCH] wolfssl: Bump to 4.8.1

---
 package/libs/wolfssl/Config.in                |   2 +-
 package/libs/wolfssl/Makefile                 |   4 +-
 ...change-asm-snippets-to-get-compiling.patch | 116 ++++++++++++++++++
 ...macro-guard-on-SHA256-transform-call.patch |  22 ++++
 .../patches/100-disable-hardening-check.patch |   2 +-
 .../patches/110-build-with-libtool-2.4.patch  |  13 ++
 .../libs/wolfssl/patches/200-ecc-rng.patch    |  50 ++++++++
 .../900-remove-broken-autoconf-macros.patch   |  21 ----
 8 files changed, 205 insertions(+), 25 deletions(-)
 create mode 100644 package/libs/wolfssl/patches/001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch
 create mode 100644 package/libs/wolfssl/patches/002-Update-macro-guard-on-SHA256-transform-call.patch
 create mode 100644 package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch
 create mode 100644 package/libs/wolfssl/patches/200-ecc-rng.patch
 delete mode 100644 package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index c2f66589e6..5d1f119ac4 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -48,7 +48,7 @@ config WOLFSSL_HAS_WPAS
 	default y
 
 config WOLFSSL_HAS_ECC25519
-	bool "Include ECC Curve 22519 support"
+	bool "Include ECC Curve 25519 support"
 	default n
 
 config WOLFSSL_HAS_DEVCRYPTO
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 45ec25ecae..f11ee39d5c 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=4.7.0-stable
+PKG_VERSION:=4.8.1-stable
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=b0e740b31d4d877d540ad50cc539a8873fc41af02bd3091c4357b403f7106e31
+PKG_HASH:=50db45f348f47e00c93dd244c24108220120cb3cc9d01434789229c32937c444
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
diff --git a/package/libs/wolfssl/patches/001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch b/package/libs/wolfssl/patches/001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch
new file mode 100644
index 0000000000..763f9e8d06
--- /dev/null
+++ b/package/libs/wolfssl/patches/001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch
@@ -0,0 +1,116 @@
+From fa8f23284d4689c2a737204b337b58d966dcbd8c Mon Sep 17 00:00:00 2001
+From: Sean Parkinson <sean@wolfssl.com>
+Date: Fri, 20 Aug 2021 10:23:38 +1000
+Subject: [PATCH] Maths x86 asm: change asm snippets to get compiling
+
+TFM:
+  Use register or memory for c0, c1, c2 in SQRADD and SQRADD2.
+SP:
+  Use register or memory for vl, vh, vo in SP_ASM_MUL_ADD,
+SP_ASM_MUL_ADD2 and SP_ASM_SQR_ADD.
+---
+ wolfcrypt/src/asm.c    | 29 ++++++++++++++++++++---------
+ wolfcrypt/src/sp_int.c |  6 +++---
+ 2 files changed, 23 insertions(+), 12 deletions(-)
+
+--- a/wolfcrypt/src/asm.c
++++ b/wolfcrypt/src/asm.c
+@@ -698,33 +698,39 @@ __asm__(                             \
+ 
+ #define SQRADD(i, j)                                      \
+ __asm__(                                                  \
+-     "movl  %6,%%eax     \n\t"                            \
++     "movl  %3,%%eax     \n\t"                            \
+      "mull  %%eax        \n\t"                            \
+      "addl  %%eax,%0     \n\t"                            \
+      "adcl  %%edx,%1     \n\t"                            \
+      "adcl  $0,%2        \n\t"                            \
+-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i) :"%eax","%edx","cc");
++     :"+rm"(c0), "+rm"(c1), "+rm"(c2)                     \
++     : "m"(i)                                             \
++     :"%eax","%edx","cc");
+ 
+ #define SQRADD2(i, j)                                     \
+ __asm__(                                                  \
+-     "movl  %6,%%eax     \n\t"                            \
+-     "mull  %7           \n\t"                            \
++     "movl  %3,%%eax     \n\t"                            \
++     "mull  %4           \n\t"                            \
+      "addl  %%eax,%0     \n\t"                            \
+      "adcl  %%edx,%1     \n\t"                            \
+      "adcl  $0,%2        \n\t"                            \
+      "addl  %%eax,%0     \n\t"                            \
+      "adcl  %%edx,%1     \n\t"                            \
+      "adcl  $0,%2        \n\t"                            \
+-     :"=r"(c0), "=r"(c1), "=r"(c2): "0"(c0), "1"(c1), "2"(c2), "m"(i), "m"(j)  :"%eax","%edx", "cc");
++     :"+rm"(c0), "+rm"(c1), "+rm"(c2)                     \
++     : "m"(i), "m"(j)                                     \
++     :"%eax","%edx", "cc");
+ 
+ #define SQRADDSC(i, j)                                    \
+-__asm__(                                                     \
++__asm__(                                                  \
+      "movl  %3,%%eax     \n\t"                            \
+      "mull  %4           \n\t"                            \
+      "movl  %%eax,%0     \n\t"                            \
+      "movl  %%edx,%1     \n\t"                            \
+      "xorl  %2,%2        \n\t"                            \
+-     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "g"(i), "g"(j) :"%eax","%edx","cc");
++     :"=r"(sc0), "=r"(sc1), "=r"(sc2)                     \
++     : "g"(i), "g"(j)                                     \
++     :"%eax","%edx","cc");
+ 
+ #define SQRADDAC(i, j)                                    \
+ __asm__(                                                  \
+@@ -733,7 +739,9 @@ __asm__(
+      "addl  %%eax,%0     \n\t"                            \
+      "adcl  %%edx,%1     \n\t"                            \
+      "adcl  $0,%2        \n\t"                            \
+-     :"=r"(sc0), "=r"(sc1), "=r"(sc2): "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) :"%eax","%edx","cc");
++     :"=r"(sc0), "=r"(sc1), "=r"(sc2)                     \
++     : "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j)       \
++     :"%eax","%edx","cc");
+ 
+ #define SQRADDDB                                          \
+ __asm__(                                                  \
+@@ -743,7 +751,10 @@ __asm__(
+      "addl %6,%0         \n\t"                            \
+      "adcl %7,%1         \n\t"                            \
+      "adcl %8,%2         \n\t"                            \
+-     :"=r"(c0), "=r"(c1), "=r"(c2) : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) : "cc");
++     :"=r"(c0), "=r"(c1), "=r"(c2)                        \
++     : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1),     \
++       "r"(sc2)                                           \
++     : "cc");
+ 
+ #elif defined(TFM_X86_64)
+ /* x86-64 optimized */
+--- a/wolfcrypt/src/sp_int.c
++++ b/wolfcrypt/src/sp_int.c
+@@ -476,7 +476,7 @@ static WC_INLINE sp_int_digit sp_div_wor
+         "addl	%%eax, %[l]	\n\t"                    \
+         "adcl	%%edx, %[h]	\n\t"                    \
+         "adcl	$0   , %[o]	\n\t"                    \
+-        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
++        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
+         : [a] "r" (va), [b] "r" (vb)                     \
+         : "eax", "edx", "cc"                             \
+     )
+@@ -502,7 +502,7 @@ static WC_INLINE sp_int_digit sp_div_wor
+         "addl	%%eax, %[l]	\n\t"                    \
+         "adcl	%%edx, %[h]	\n\t"                    \
+         "adcl	$0   , %[o]	\n\t"                    \
+-        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
++        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
+         : [a] "r" (va), [b] "r" (vb)                     \
+         : "eax", "edx", "cc"                             \
+     )
+@@ -541,7 +541,7 @@ static WC_INLINE sp_int_digit sp_div_wor
+         "addl	%%eax, %[l]	\n\t"                    \
+         "adcl	%%edx, %[h]	\n\t"                    \
+         "adcl	$0   , %[o]	\n\t"                    \
+-        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \
++        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
+         : [a] "m" (va)                                   \
+         : "eax", "edx", "cc"                             \
+     )
diff --git a/package/libs/wolfssl/patches/002-Update-macro-guard-on-SHA256-transform-call.patch b/package/libs/wolfssl/patches/002-Update-macro-guard-on-SHA256-transform-call.patch
new file mode 100644
index 0000000000..f986b72798
--- /dev/null
+++ b/package/libs/wolfssl/patches/002-Update-macro-guard-on-SHA256-transform-call.patch
@@ -0,0 +1,22 @@
+From f447e4c1fa4c932c0286fa0331966756e243db81 Mon Sep 17 00:00:00 2001
+From: JacobBarthelmeh <jacob@wolfssl.com>
+Date: Fri, 17 Sep 2021 15:06:13 -0700
+Subject: [PATCH] update macro guard on SHA256 transform call
+
+---
+ src/ssl.c   | 3 ++-
+ tests/api.c | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -17639,7 +17639,8 @@ size_t wolfSSL_get_client_random(const W
+     
+     #if defined(OPENSSL_EXTRA)
+     #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
++        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
++        !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH)
+     /* Apply SHA256 transformation to the data */
+     int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, 
+                                                 const unsigned char* data)
diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
index c89ff1be9d..4141e28750 100644
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2255,7 +2255,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2274,7 +2274,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */
diff --git a/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch b/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch
new file mode 100644
index 0000000000..206c6dac6a
--- /dev/null
+++ b/package/libs/wolfssl/patches/110-build-with-libtool-2.4.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index 144c857e4..de7f6b45a 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -32,7 +32,7 @@ AC_ARG_PROGRAM
+ 
+ AC_CONFIG_HEADERS([config.h:config.in])
+ 
+-LT_PREREQ([2.4.2])
++LT_PREREQ([2.4])
+ LT_INIT([disable-static win32-dll])
+ 
+ #shared library versioning
diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch
new file mode 100644
index 0000000000..d8581be7eb
--- /dev/null
+++ b/package/libs/wolfssl/patches/200-ecc-rng.patch
@@ -0,0 +1,50 @@
+Since commit 6467de5a8840 ("Randomize z ordinates in scalar
+mult when timing resistant") wolfssl requires a RNG for an EC
+key when the hardened built option is selected.
+
+wc_ecc_set_rng is only available when built hardened, so there
+is no safe way to install the RNG to the key regardless whether
+or not wolfssl is compiled hardened.
+
+Always export wc_ecc_set_rng so tools such as hostapd can install
+RNG regardless of the built settings for wolfssl.
+
+--- a/wolfcrypt/src/ecc.c
++++ b/wolfcrypt/src/ecc.c
+@@ -10938,21 +10938,21 @@ void wc_ecc_fp_free(void)
+ 
+ #endif /* FP_ECC */
+ 
+-#ifdef ECC_TIMING_RESISTANT
+ int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
+ {
+     int err = 0;
+ 
++#ifdef ECC_TIMING_RESISTANT
+     if (key == NULL) {
+         err = BAD_FUNC_ARG;
+     }
+     else {
+         key->rng = rng;
+     }
++#endif
+ 
+     return err;
+ }
+-#endif
+ 
+ #ifdef HAVE_ECC_ENCRYPT
+ 
+--- a/wolfssl/wolfcrypt/ecc.h
++++ b/wolfssl/wolfcrypt/ecc.h
+@@ -616,10 +616,8 @@ WOLFSSL_API
+ void wc_ecc_fp_free(void);
+ WOLFSSL_LOCAL
+ void wc_ecc_fp_init(void);
+-#ifdef ECC_TIMING_RESISTANT
+ WOLFSSL_API
+ int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
+-#endif
+ 
+ WOLFSSL_API
+ int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
diff --git a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch b/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
deleted file mode 100644
index f7756b11c6..0000000000
--- a/package/libs/wolfssl/patches/900-remove-broken-autoconf-macros.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -4140,7 +4140,6 @@ AC_CONFIG_FILES([support/wolfssl.pc])
- AC_CONFIG_FILES([rpm/spec])
- 
- AX_CREATE_GENERIC_CONFIG
--AX_AM_JOBSERVER([yes])
- 
- AC_OUTPUT
- 
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -20,8 +20,6 @@ dist_noinst_SCRIPTS =
- noinst_SCRIPTS =
- check_SCRIPTS =
- 
--#includes additional rules from aminclude.am
--@INC_AMINCLUDE@
- DISTCLEANFILES+= aminclude.am
- 
- CLEANFILES+= cert.der \
-- 
2.25.1