Add configs to enable openssl or wolfssl instead of mbedtls

configs/ath79/generic/uap-ac-lr/extended

@@ -48,7 +48,6 @@ CONFIG_PACKAGE_luci-mod-status=y
 CONFIG_PACKAGE_luci-mod-system=y
 CONFIG_PACKAGE_luci-proto-ipv6=y
 CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-ssl=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # additional packages
@@ -132,3 +131,21 @@ CONFIG_PACKAGE_luci-app-vnstat2=y
 
 # language
 CONFIG_LUCI_LANG_pl=y
+
+##### REPLACE CRYPTOLIB #####
+# mbedtls - comment it when openssl or wolfssl enabled!
+CONFIG_PACKAGE_luci-ssl=y
+
+## replace mbedtls with openssl - remember to leave commented "is not set" !
+#CONFIG_PACKAGE_luci-ssl-openssl=y
+#CONFIG_PACKAGE_wpad-openssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
+## replace mbedtls with wolfssl - remember to leave commented "is not set" !
+# CONFIG_PACKAGE_luci-ssl-wolfssl=y
+# CONFIG_PACKAGE_wpad-wolfssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set

configs/ath79/mikrotik/extended

@@ -30,7 +30,6 @@ CONFIG_PACKAGE_luci-mod-status=y
 CONFIG_PACKAGE_luci-mod-system=y
 CONFIG_PACKAGE_luci-proto-ipv6=y
 CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-ssl=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # additional packages
@@ -113,3 +112,21 @@ CONFIG_PACKAGE_luci-app-vnstat2=y
 
 # language
 CONFIG_LUCI_LANG_pl=y
+
+##### REPLACE CRYPTOLIB #####
+# mbedtls - comment it when openssl or wolfssl enabled!
+CONFIG_PACKAGE_luci-ssl=y
+
+## replace mbedtls with openssl - remember to leave commented "is not set" !
+#CONFIG_PACKAGE_luci-ssl-openssl=y
+#CONFIG_PACKAGE_wpad-openssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
+## replace mbedtls with wolfssl - remember to leave commented "is not set" !
+# CONFIG_PACKAGE_luci-ssl-wolfssl=y
+# CONFIG_PACKAGE_wpad-wolfssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set

configs/mediatek/mt7622/dumb_ap

@@ -31,7 +31,6 @@ CONFIG_PACKAGE_luci-mod-status=y
 CONFIG_PACKAGE_luci-mod-system=y
 CONFIG_PACKAGE_luci-proto-ipv6=y
 CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-ssl=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # additional packages
@@ -86,13 +85,31 @@ CONFIG_PACKAGE_collectd-mod-dns=y
 #CONFIG_PACKAGE_dawn=y
 #CONFIG_PACKAGE_luci-app-dawn=y
 
-### usteer
-CONFIG_PACKAGE_usteer=y
-CONFIG_PACKAGE_luci-app-usteer=y
+#### usteer
+#CONFIG_PACKAGE_usteer=y
+#CONFIG_PACKAGE_luci-app-usteer=y
 
 # language
 CONFIG_LUCI_LANG_pl=y
 
+##### REPLACE CRYPTOLIB #####
+# mbedtls - comment it when openssl or wolfssl enabled!
+CONFIG_PACKAGE_luci-ssl=y
+
+## replace mbedtls with openssl - remember to leave commented "is not set" !
+#CONFIG_PACKAGE_luci-ssl-openssl=y
+#CONFIG_PACKAGE_wpad-openssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
+## replace mbedtls with wolfssl - remember to leave commented "is not set" !
+# CONFIG_PACKAGE_luci-ssl-wolfssl=y
+# CONFIG_PACKAGE_wpad-wolfssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+#
 # Disable CONFIG_ALL_KMODS
 # More: https://github.com/openwrt/openwrt/commit/dadad6bb731ff1025125c619da7ccc196ad6ea01
 CONFIG_ALL_KMODS=n

configs/mediatek/mt7622/extended

@@ -31,7 +31,6 @@ CONFIG_PACKAGE_luci-mod-status=y
 CONFIG_PACKAGE_luci-mod-system=y
 CONFIG_PACKAGE_luci-proto-ipv6=y
 CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-ssl=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # additional packages
@@ -93,10 +92,10 @@ CONFIG_PACKAGE_collectd-mod-dns=y
 # some other network stats
 CONFIG_PACKAGE_luci-app-vnstat2=y
 
-## Better roaming: dawn vs usteer => choose one
-## dawn
-CONFIG_PACKAGE_dawn=y
-CONFIG_PACKAGE_luci-app-dawn=y
+### Better roaming: dawn vs usteer => choose one
+### dawn
+#CONFIG_PACKAGE_dawn=y
+#CONFIG_PACKAGE_luci-app-dawn=y
 
 ### usteer
 #CONFIG_PACKAGE_usteer=y
@@ -115,6 +114,24 @@ CONFIG_PACKAGE_bind-host=y
 # language
 CONFIG_LUCI_LANG_pl=y
 
+##### REPLACE CRYPTOLIB #####
+# mbedtls - comment it when openssl or wolfssl enabled!
+CONFIG_PACKAGE_luci-ssl=y
+
+## replace mbedtls with openssl - remember to leave commented "is not set" !
+#CONFIG_PACKAGE_luci-ssl-openssl=y
+#CONFIG_PACKAGE_wpad-openssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
+## replace mbedtls with wolfssl - remember to leave commented "is not set" !
+# CONFIG_PACKAGE_luci-ssl-wolfssl=y
+# CONFIG_PACKAGE_wpad-wolfssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
 # Disable CONFIG_ALL_KMODS
 # More: https://github.com/openwrt/openwrt/commit/dadad6bb731ff1025125c619da7ccc196ad6ea01
 CONFIG_ALL_KMODS=n

configs/mediatek/mt7988a/extended

@@ -34,7 +34,6 @@ CONFIG_PACKAGE_luci-mod-status=y
 CONFIG_PACKAGE_luci-mod-system=y
 CONFIG_PACKAGE_luci-proto-ipv6=y
 CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-ssl=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # additional packages
@@ -101,9 +100,9 @@ CONFIG_PACKAGE_luci-app-vnstat2=y
 #CONFIG_PACKAGE_dawn=y
 #CONFIG_PACKAGE_luci-app-dawn=y
 
-### usteer
-CONFIG_PACKAGE_usteer=y
-CONFIG_PACKAGE_luci-app-usteer=y
+#### usteer
+#CONFIG_PACKAGE_usteer=y
+#CONFIG_PACKAGE_luci-app-usteer=y
 
 # sqm
 CONFIG_PACKAGE_luci-app-sqm=y
@@ -118,6 +117,24 @@ CONFIG_PACKAGE_bind-host=y
 # language
 CONFIG_LUCI_LANG_pl=y
 
+##### REPLACE CRYPTOLIB #####
+# mbedtls - comment it when openssl or wolfssl enabled!
+CONFIG_PACKAGE_luci-ssl=y
+
+## replace mbedtls with openssl - remember to leave commented "is not set" !
+#CONFIG_PACKAGE_luci-ssl-openssl=y
+#CONFIG_PACKAGE_wpad-openssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
+## replace mbedtls with wolfssl - remember to leave commented "is not set" !
+# CONFIG_PACKAGE_luci-ssl-wolfssl=y
+# CONFIG_PACKAGE_wpad-wolfssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
 # MT7921
 CONFIG_PACKAGE_kmod-mt7921-common=y
 CONFIG_PACKAGE_kmod-mt7921-firmware=y

configs/qualcommax/ax3600/extended

@@ -31,7 +31,6 @@ CONFIG_PACKAGE_luci-mod-status=y
 CONFIG_PACKAGE_luci-mod-system=y
 CONFIG_PACKAGE_luci-proto-ipv6=y
 CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-ssl=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # additional packages
@@ -114,3 +113,21 @@ CONFIG_PACKAGE_bind-host=y
 
 # language
 CONFIG_LUCI_LANG_pl=y
+
+##### REPLACE CRYPTOLIB #####
+# mbedtls - comment it when openssl or wolfssl enabled!
+CONFIG_PACKAGE_luci-ssl=y
+
+## replace mbedtls with openssl - remember to leave commented "is not set" !
+#CONFIG_PACKAGE_luci-ssl-openssl=y
+#CONFIG_PACKAGE_wpad-openssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
+## replace mbedtls with wolfssl - remember to leave commented "is not set" !
+# CONFIG_PACKAGE_luci-ssl-wolfssl=y
+# CONFIG_PACKAGE_wpad-wolfssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set

configs/ramips/mt7621/extended

@@ -33,7 +33,6 @@ CONFIG_PACKAGE_luci-mod-status=y
 CONFIG_PACKAGE_luci-mod-system=y
 CONFIG_PACKAGE_luci-proto-ipv6=y
 CONFIG_PACKAGE_luci-proto-ppp=y
-CONFIG_PACKAGE_luci-ssl=y
 CONFIG_PACKAGE_luci-theme-bootstrap=y
 
 # additional packages
@@ -117,3 +116,21 @@ CONFIG_PACKAGE_bind-host=y
 
 # language
 CONFIG_LUCI_LANG_pl=y
+
+##### REPLACE CRYPTOLIB #####
+# mbedtls - comment it when openssl or wolfssl enabled!
+CONFIG_PACKAGE_luci-ssl=y
+
+## replace mbedtls with openssl - remember to leave commented "is not set" !
+#CONFIG_PACKAGE_luci-ssl-openssl=y
+#CONFIG_PACKAGE_wpad-openssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set
+
+## replace mbedtls with wolfssl - remember to leave commented "is not set" !
+# CONFIG_PACKAGE_luci-ssl-wolfssl=y
+# CONFIG_PACKAGE_wpad-wolfssl=y
+## CONFIG_PACKAGE_wpad-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-mbedtls is not set
+## CONFIG_PACKAGE_wpad-basic-openssl is not set

openwrt-configure.sh

@@ -10,7 +10,13 @@ DEVICE="${DEVICE:-$2}"
 FULL_WPAD="${FULL_WPAD:-'yes'}"
 INSTALL_BRIDGER=${INSTALL_BRIDGER:-'true'}
 INSTALL_DAWN=${INSTALL_DAWN:-'false'}
-CRYPTO_LIB=${CRYPTO_LIB:-'openssl'}
+CRYPTO_LIB=${CRYPTO_LIB:-''} # wolfssl or openssl
+
+# To replace mbedtls with openssl via firmware-selector, just add:
+# -wpad-basic-mbedtls -libustream-mbedtls -libmbedtls libustream-openssl wpad-openssl luci-ssl-openssl
+#
+# To replace mbedtls with wolfssl via firmware-selector, just add:
+# -wpad-basic-mbedtls -libustream-mbedtls -libmbedtls libustream-wolfssl wpad-wolfssl luci-ssl-wolfssl
 
 if [ -z "$ROUTER_IP" ]; then
     echo "Please provide router ip like: 192.168.1.1"
@@ -18,9 +24,10 @@ if [ -z "$ROUTER_IP" ]; then
 fi
 
 COMMAND="opkg update"
-#if [[ "$FULL_WPAD" =~ yes|Yes ]]; then
-#  COMMAND="$COMMAND; opkg remove wpad-basic-mbedtls; opkg install wpad-$CRYPTO_LIB"
-#fi
+
+if [ -n "$CRYPTO_LIB" ]; then
+  COMMAND="$COMMAND; opkg install --force-depends wpad-$CRYPTO_LIB luci-ssl-$CRYPTO_LIB"
+fi
 
 # basic packages
 COMMAND="$COMMAND; opkg install collectd collectd-mod-sensors \