openwrt/package/libs/wolfssl/Config.in
Eneas U de Queiroz 0a2edc2714 wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures.  Add this to the hardware acceleration choice, since they
can't be enabled at the same time.

The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them.  There is no run-time detection of this for arm.

NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-06-07 10:56:49 +02:00

101 lines
2.0 KiB
Plaintext

if PACKAGE_libwolfssl
config WOLFSSL_HAS_AES_CCM
bool "Include AES-CCM support"
default y
config WOLFSSL_HAS_CHACHA_POLY
bool "Include ChaCha20-Poly1305 cipher suite support"
default y
config WOLFSSL_HAS_DH
bool "Include DH (Diffie-Hellman) support"
default y
config WOLFSSL_HAS_ARC4
bool "Include ARC4 support"
default y
config WOLFSSL_HAS_CERTGEN
bool "Include certificate generation support"
default y
config WOLFSSL_HAS_TLSV10
bool "Include TLS 1.0 support"
default y
config WOLFSSL_HAS_TLSV13
bool "Include TLS 1.3 support"
default y
config WOLFSSL_HAS_SESSION_TICKET
bool "Include session ticket support"
default y
config WOLFSSL_HAS_DTLS
bool "Include DTLS support"
default n
config WOLFSSL_HAS_OCSP
bool "Include OSCP stapling support"
default y
config WOLFSSL_HAS_WPAS
bool "Include wpa_supplicant support"
select WOLFSSL_HAS_ARC4
select WOLFSSL_HAS_OCSP
select WOLFSSL_HAS_SESSION_TICKET
default y
config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 25519 support"
default y
config WOLFSSL_HAS_OPENVPN
bool "Include OpenVPN support"
default n
config WOLFSSL_ALT_NAMES
bool "Include SAN (Subject Alternative Name) support"
default y
config WOLFSSL_HAS_DEVCRYPTO
bool
config WOLFSSL_ASM_CAPABLE
bool
default x86_64 || (aarch64 && !TARGET_bcm27xx)
choice
prompt "Hardware Acceleration"
default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE
default WOLFSSL_HAS_NO_HW
config WOLFSSL_HAS_NO_HW
bool "None"
config WOLFSSL_HAS_CPU_CRYPTO
bool "Use CPU crypto instructions"
depends on WOLFSSL_ASM_CAPABLE
help
This will use Intel AESNI insturctions or armv8 Crypto Extensions.
Either of them should easily outperform hardware crypto in WolfSSL.
config WOLFSSL_HAS_AFALG
bool "AF_ALG"
config WOLFSSL_HAS_DEVCRYPTO_CBC
bool "/dev/crytpo - AES-CBC-only"
select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_AES
bool "/dev/crypto - AES-only (all supported modes)"
select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_FULL
bool "/dev/crypto - full"
select WOLFSSL_HAS_DEVCRYPTO
endchoice
endif