[openwrt/openwrt] wolfssl: enable CPU crypto instructions

LEDE Commits lede-commits at lists.infradead.org
Tue Jun 7 06:02:30 PDT 2022


ansuel pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/0a2edc2714dcda10be902c32525723ce2cbcb138

commit 0a2edc2714dcda10be902c32525723ce2cbcb138
Author: Eneas U de Queiroz <cotequeiroz at gmail.com>
AuthorDate: Tue Apr 19 12:02:09 2022 -0300

    wolfssl: enable CPU crypto instructions
    
    This enables AES & SHA CPU instructions for compatible armv8, and x86_64
    architectures.  Add this to the hardware acceleration choice, since they
    can't be enabled at the same time.
    
    The package was marked non-shared, since the arm CPUs may or may not
    have crypto extensions enabled based on licensing; bcm27xx does not
    enable them.  There is no run-time detection of this for arm.
    
    NOTE:
    Should this be backported to a release branch, it must be done shortly
    before a new minor release, because the change to nonshared will remove
    libwolfssl from the shared packages, but the nonshared are only built in
    a subsequent release!
    
    Signed-off-by: Eneas U de Queiroz <cotequeiroz at gmail.com>
---
 package/libs/wolfssl/Config.in | 12 ++++++++++++
 package/libs/wolfssl/Makefile  | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index b32d5ab6cb..f495a90ff6 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -62,13 +62,25 @@ config WOLFSSL_ALT_NAMES
 config WOLFSSL_HAS_DEVCRYPTO
 	bool
 
+config WOLFSSL_ASM_CAPABLE
+	bool
+	default x86_64 || (aarch64 && !TARGET_bcm27xx)
+
 choice
 	prompt "Hardware Acceleration"
+	default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE
 	default WOLFSSL_HAS_NO_HW
 
 	config WOLFSSL_HAS_NO_HW
 		bool "None"
 
+	config WOLFSSL_HAS_CPU_CRYPTO
+		bool "Use CPU crypto instructions"
+		depends on WOLFSSL_ASM_CAPABLE
+		help
+		This will use Intel AESNI insturctions or armv8 Crypto Extensions.
+		Either of them should easily outperform hardware crypto in WolfSSL.
+
 	config WOLFSSL_HAS_AFALG
 		bool "AF_ALG"
 
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 9283737542..3edd526364 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -43,6 +43,7 @@ PKG_ABI_VERSION:=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(c
 
 PKG_CONFIG_DEPENDS+=\
 	CONFIG_WOLFSSL_HAS_AFALG \
+	CONFIG_WOLFSSL_HAS_CPU_CRYPTO \
 	CONFIG_WOLFSSL_HAS_DEVCRYPTO_AES \
 	CONFIG_WOLFSSL_HAS_DEVCRYPTO_CBC \
 	CONFIG_WOLFSSL_HAS_DEVCRYPTO_FULL
@@ -59,6 +60,7 @@ endef
 define Package/libwolfssl
 $(call Package/libwolfssl/Default)
   TITLE:=wolfSSL library
+  PKGFLAGS:=nonshared
   MENU:=1
   PROVIDES:=libcyassl
   DEPENDS:=+WOLFSSL_HAS_DEVCRYPTO:kmod-cryptodev +WOLFSSL_HAS_AFALG:kmod-crypto-user
@@ -133,6 +135,15 @@ CONFIGURE_ARGS += \
 	--enable-wpas --enable-fortress --enable-fastmath
 endif
 
+ifdef CONFIG_WOLFSSL_HAS_CPU_CRYPTO
+    ifdef CONFIG_aarch64
+	CONFIGURE_ARGS += --enable-armasm
+	TARGET_CFLAGS:=$(TARGET_CFLAGS:-mcpu%=-mcpu%+crypto)
+    else ifdef CONFIG_TARGET_x86_64
+	CONFIGURE_ARGS += --enable-intelasm
+    endif
+endif
+
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib/pkgconfig
 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/




More information about the lede-commits mailing list