From: Eneas U de Queiroz Date: Tue, 19 Apr 2022 15:02:09 +0000 (-0300) Subject: wolfssl: enable CPU crypto instructions X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=0a2edc2714dcda10be902c32525723ce2cbcb138;p=openwrt%2Fstaging%2Fnbd.git wolfssl: enable CPU crypto instructions This enables AES & SHA CPU instructions for compatible armv8, and x86_64 architectures. Add this to the hardware acceleration choice, since they can't be enabled at the same time. The package was marked non-shared, since the arm CPUs may or may not have crypto extensions enabled based on licensing; bcm27xx does not enable them. There is no run-time detection of this for arm. NOTE: Should this be backported to a release branch, it must be done shortly before a new minor release, because the change to nonshared will remove libwolfssl from the shared packages, but the nonshared are only built in a subsequent release! Signed-off-by: Eneas U de Queiroz --- diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index b32d5ab6cb..f495a90ff6 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -62,13 +62,25 @@ config WOLFSSL_ALT_NAMES config WOLFSSL_HAS_DEVCRYPTO bool +config WOLFSSL_ASM_CAPABLE + bool + default x86_64 || (aarch64 && !TARGET_bcm27xx) + choice prompt "Hardware Acceleration" + default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE default WOLFSSL_HAS_NO_HW config WOLFSSL_HAS_NO_HW bool "None" + config WOLFSSL_HAS_CPU_CRYPTO + bool "Use CPU crypto instructions" + depends on WOLFSSL_ASM_CAPABLE + help + This will use Intel AESNI insturctions or armv8 Crypto Extensions. + Either of them should easily outperform hardware crypto in WolfSSL. + config WOLFSSL_HAS_AFALG bool "AF_ALG" diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 9283737542..3edd526364 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -43,6 +43,7 @@ PKG_ABI_VERSION:=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(c PKG_CONFIG_DEPENDS+=\ CONFIG_WOLFSSL_HAS_AFALG \ + CONFIG_WOLFSSL_HAS_CPU_CRYPTO \ CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \ CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \ CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL @@ -59,6 +60,7 @@ endef define Package/libwolfssl $(call Package/libwolfssl/Default) TITLE:=wolfSSL library + PKGFLAGS:=nonshared MENU:=1 PROVIDES:=libcyassl DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user @@ -133,6 +135,15 @@ CONFIGURE_ARGS += \ --enable-wpas --enable-fortress --enable-fastmath endif +ifdef CONFIG_WOLFSSL_HAS_CPU_CRYPTO + ifdef CONFIG_aarch64 + CONFIGURE_ARGS += --enable-armasm + TARGET_CFLAGS:=$(TARGET_CFLAGS:-mcpu%=-mcpu%+crypto) + else ifdef CONFIG_TARGET_x86_64 + CONFIGURE_ARGS += --enable-intelasm + endif +endif + define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/