2018-01-15 18:26:41 +08:00
|
|
|
if PACKAGE_libwolfssl
|
2017-09-06 19:19:45 +08:00
|
|
|
|
2018-01-15 18:26:41 +08:00
|
|
|
config WOLFSSL_HAS_AES_CCM
|
2017-09-06 19:19:45 +08:00
|
|
|
bool "Include AES-CCM support"
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2017-09-06 19:19:45 +08:00
|
|
|
|
2020-07-02 23:30:56 +08:00
|
|
|
config WOLFSSL_HAS_CHACHA_POLY
|
|
|
|
|
bool "Include ChaCha20-Poly1305 cipher suite support"
|
2017-09-06 19:19:45 +08:00
|
|
|
default y
|
|
|
|
|
|
2018-01-15 18:26:41 +08:00
|
|
|
config WOLFSSL_HAS_DH
|
2017-09-06 19:19:45 +08:00
|
|
|
bool "Include DH (Diffie-Hellman) support"
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2017-09-06 19:19:45 +08:00
|
|
|
|
2018-01-15 18:26:41 +08:00
|
|
|
config WOLFSSL_HAS_ARC4
|
2017-09-06 19:19:45 +08:00
|
|
|
bool "Include ARC4 support"
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2017-09-06 19:19:45 +08:00
|
|
|
|
2021-06-14 18:30:08 +08:00
|
|
|
config WOLFSSL_HAS_CERTGEN
|
|
|
|
|
bool "Include certificate generation support"
|
|
|
|
|
default y
|
|
|
|
|
|
2020-07-02 23:30:56 +08:00
|
|
|
config WOLFSSL_HAS_TLSV10
|
|
|
|
|
bool "Include TLS 1.0 support"
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2017-09-06 19:19:45 +08:00
|
|
|
|
2020-07-02 23:30:56 +08:00
|
|
|
config WOLFSSL_HAS_TLSV13
|
|
|
|
|
bool "Include TLS 1.3 support"
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2017-09-06 19:19:45 +08:00
|
|
|
|
2018-08-23 17:40:23 +08:00
|
|
|
config WOLFSSL_HAS_SESSION_TICKET
|
|
|
|
|
bool "Include session ticket support"
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2018-08-23 17:40:23 +08:00
|
|
|
|
2018-01-15 18:26:41 +08:00
|
|
|
config WOLFSSL_HAS_DTLS
|
2017-09-06 19:19:45 +08:00
|
|
|
bool "Include DTLS support"
|
|
|
|
|
default n
|
|
|
|
|
|
2018-08-23 17:40:23 +08:00
|
|
|
config WOLFSSL_HAS_OCSP
|
2020-07-02 23:30:56 +08:00
|
|
|
bool "Include OSCP stapling support"
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2018-08-23 17:40:23 +08:00
|
|
|
|
|
|
|
|
config WOLFSSL_HAS_WPAS
|
|
|
|
|
bool "Include wpa_supplicant support"
|
2020-07-02 23:30:56 +08:00
|
|
|
select WOLFSSL_HAS_ARC4
|
|
|
|
|
select WOLFSSL_HAS_OCSP
|
|
|
|
|
select WOLFSSL_HAS_SESSION_TICKET
|
2018-09-07 13:43:55 +08:00
|
|
|
default y
|
2018-08-23 17:40:23 +08:00
|
|
|
|
2018-01-15 18:26:41 +08:00
|
|
|
config WOLFSSL_HAS_ECC25519
|
2021-06-14 18:30:08 +08:00
|
|
|
bool "Include ECC Curve 25519 support"
|
2021-10-07 20:15:25 +00:00
|
|
|
default y
|
2021-06-14 18:30:08 +08:00
|
|
|
|
|
|
|
|
config WOLFSSL_HAS_OPENVPN
|
|
|
|
|
bool "Include OpenVPN support"
|
wolfssl: sync upstream (#9496)
* wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: set nonshared flag global
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* Revert "wolfssl: set nonshared flag global"
This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503.
A better and correct solution was found.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2022-06-19 02:08:50 +08:00
|
|
|
default y
|
2017-09-06 19:19:45 +08:00
|
|
|
|
2022-02-04 10:52:39 +08:00
|
|
|
config WOLFSSL_ALT_NAMES
|
|
|
|
|
bool "Include SAN (Subject Alternative Name) support"
|
|
|
|
|
default y
|
|
|
|
|
|
2020-07-02 23:30:56 +08:00
|
|
|
config WOLFSSL_HAS_DEVCRYPTO
|
|
|
|
|
bool
|
|
|
|
|
|
wolfssl: sync upstream (#9496)
* wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: set nonshared flag global
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* Revert "wolfssl: set nonshared flag global"
This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503.
A better and correct solution was found.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2022-06-19 02:08:50 +08:00
|
|
|
config WOLFSSL_ASM_CAPABLE
|
|
|
|
|
bool
|
|
|
|
|
default x86_64 || (aarch64 && !TARGET_bcm27xx)
|
|
|
|
|
|
2020-07-02 23:30:56 +08:00
|
|
|
choice
|
|
|
|
|
prompt "Hardware Acceleration"
|
2022-06-29 18:20:39 +08:00
|
|
|
default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !x86_64
|
2020-07-02 23:30:56 +08:00
|
|
|
default WOLFSSL_HAS_NO_HW
|
|
|
|
|
|
|
|
|
|
config WOLFSSL_HAS_NO_HW
|
|
|
|
|
bool "None"
|
|
|
|
|
|
wolfssl: sync upstream (#9496)
* wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: set nonshared flag global
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* Revert "wolfssl: set nonshared flag global"
This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503.
A better and correct solution was found.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2022-06-19 02:08:50 +08:00
|
|
|
config WOLFSSL_HAS_CPU_CRYPTO
|
|
|
|
|
bool "Use CPU crypto instructions"
|
|
|
|
|
depends on WOLFSSL_ASM_CAPABLE
|
|
|
|
|
help
|
|
|
|
|
This will use Intel AESNI insturctions or armv8 Crypto Extensions.
|
|
|
|
|
Either of them should easily outperform hardware crypto in WolfSSL.
|
2022-06-29 18:20:39 +08:00
|
|
|
Beware that for Intel, the CPU has to support SSE4 instructions.
|
wolfssl: sync upstream (#9496)
* wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: set nonshared flag global
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* Revert "wolfssl: set nonshared flag global"
This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503.
A better and correct solution was found.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
2022-06-19 02:08:50 +08:00
|
|
|
|
2020-07-02 23:30:56 +08:00
|
|
|
config WOLFSSL_HAS_AFALG
|
|
|
|
|
bool "AF_ALG"
|
|
|
|
|
|
|
|
|
|
config WOLFSSL_HAS_DEVCRYPTO_CBC
|
|
|
|
|
bool "/dev/crytpo - AES-CBC-only"
|
|
|
|
|
select WOLFSSL_HAS_DEVCRYPTO
|
|
|
|
|
|
|
|
|
|
config WOLFSSL_HAS_DEVCRYPTO_AES
|
|
|
|
|
bool "/dev/crypto - AES-only (all supported modes)"
|
|
|
|
|
select WOLFSSL_HAS_DEVCRYPTO
|
|
|
|
|
|
|
|
|
|
config WOLFSSL_HAS_DEVCRYPTO_FULL
|
|
|
|
|
bool "/dev/crypto - full"
|
|
|
|
|
select WOLFSSL_HAS_DEVCRYPTO
|
|
|
|
|
endchoice
|
2022-06-29 18:20:39 +08:00
|
|
|
if x86_64 && WOLFSSL_HAS_CPU_CRYPTO
|
|
|
|
|
comment "WARNING: make sure your CPU supports SSE4 instructions"
|
|
|
|
|
comment "WolfSSL may crash with an invalid opcode exception"
|
|
|
|
|
endif
|
2017-09-06 19:19:45 +08:00
|
|
|
|
|
|
|
|
endif
|