openwrt/package/libs/wolfssl/Config.in
Hauke Mehrtens d1b5d17d03 wolfssl: Do not activate HW acceleration on armvirt by default
The armvirt target is also used to run OpenWrt in lxc on other targets
like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the
wolfssl binray is only working when the CPU supports the hardware crypto
extension.

Some targets like the Raspberry Pi do not support the ARM CPU crypto
extension, compile wolfssl without it by default. It is still possible
to activate it in custom builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-07-20 17:02:45 +02:00

105 lines
2.1 KiB
Plaintext

if PACKAGE_libwolfssl
config WOLFSSL_HAS_AES_CCM
bool "Include AES-CCM support"
default y
config WOLFSSL_HAS_CHACHA_POLY
bool "Include ChaCha20-Poly1305 cipher suite support"
default y
config WOLFSSL_HAS_DH
bool "Include DH (Diffie-Hellman) support"
default y
config WOLFSSL_HAS_ARC4
bool "Include ARC4 support"
default y
config WOLFSSL_HAS_CERTGEN
bool "Include certificate generation support"
default y
config WOLFSSL_HAS_TLSV10
bool "Include TLS 1.0 support"
default y
config WOLFSSL_HAS_TLSV13
bool "Include TLS 1.3 support"
default y
config WOLFSSL_HAS_SESSION_TICKET
bool "Include session ticket support"
default y
config WOLFSSL_HAS_DTLS
bool "Include DTLS support"
default n
config WOLFSSL_HAS_OCSP
bool "Include OSCP stapling support"
default y
config WOLFSSL_HAS_WPAS
bool "Include wpa_supplicant support"
select WOLFSSL_HAS_ARC4
select WOLFSSL_HAS_DH
select WOLFSSL_HAS_OCSP
select WOLFSSL_HAS_SESSION_TICKET
default y
config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 25519 support"
default y
config WOLFSSL_HAS_ECC448
bool "Include ECC Curve 448 support"
config WOLFSSL_HAS_OPENVPN
bool "Include OpenVPN support"
default y
config WOLFSSL_ALT_NAMES
bool "Include SAN (Subject Alternative Name) support"
default y
config WOLFSSL_HAS_DEVCRYPTO
bool
config WOLFSSL_ASM_CAPABLE
bool
default x86_64 || (aarch64 && !TARGET_bcm27xx)
choice
prompt "Hardware Acceleration"
default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !TARGET_armvirt
default WOLFSSL_HAS_NO_HW
config WOLFSSL_HAS_NO_HW
bool "None"
config WOLFSSL_HAS_CPU_CRYPTO
bool "Use CPU crypto instructions"
depends on WOLFSSL_ASM_CAPABLE
help
This will use Intel AESNI insturctions or armv8 Crypto Extensions.
Either of them should easily outperform hardware crypto in WolfSSL.
config WOLFSSL_HAS_AFALG
bool "AF_ALG"
config WOLFSSL_HAS_DEVCRYPTO_CBC
bool "/dev/crytpo - AES-CBC-only"
select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_AES
bool "/dev/crypto - AES-only (all supported modes)"
select WOLFSSL_HAS_DEVCRYPTO
config WOLFSSL_HAS_DEVCRYPTO_FULL
bool "/dev/crypto - full"
select WOLFSSL_HAS_DEVCRYPTO
endchoice
endif