openwrt/package/libs/wolfssl/Config.in

if PACKAGE_libwolfssl

config WOLFSSL_HAS_AES_CCM
	bool "Include AES-CCM support"
	default y

config WOLFSSL_HAS_CHACHA_POLY
	bool "Include ChaCha20-Poly1305 cipher suite support"
	default y

config WOLFSSL_HAS_DH
	bool "Include DH (Diffie-Hellman) support"
	default y

config WOLFSSL_HAS_ARC4
	bool "Include ARC4 support"
	default y

config WOLFSSL_HAS_CERTGEN
	bool "Include certificate generation support"
	default y

config WOLFSSL_HAS_TLSV10
	bool "Include TLS 1.0 support"
	default y

config WOLFSSL_HAS_TLSV13
	bool "Include TLS 1.3 support"
	default y

config WOLFSSL_HAS_SESSION_TICKET
	bool "Include session ticket support"
	default y

config WOLFSSL_HAS_DTLS
	bool "Include DTLS support"
	default n

config WOLFSSL_HAS_OCSP
	bool "Include OSCP stapling support"
	default y

config WOLFSSL_HAS_WPAS
	bool "Include wpa_supplicant support"
	select WOLFSSL_HAS_ARC4
	select WOLFSSL_HAS_OCSP
	select WOLFSSL_HAS_SESSION_TICKET
	default y

config WOLFSSL_HAS_ECC25519
	bool "Include ECC Curve 25519 support"
	default y

config WOLFSSL_HAS_ECC448
	bool "Include ECC Curve 448 support"

config WOLFSSL_HAS_OPENVPN
	bool "Include OpenVPN support"
	default y

config WOLFSSL_ALT_NAMES
	bool "Include SAN (Subject Alternative Name) support"
	default y

config WOLFSSL_HAS_DEVCRYPTO
	bool

config WOLFSSL_ASM_CAPABLE
	bool
	default x86_64 || (aarch64 && !TARGET_bcm27xx)

choice
	prompt "Hardware Acceleration"
	default WOLFSSL_HAS_CPU_CRYPTO if WOLFSSL_ASM_CAPABLE && !x86_64
	default WOLFSSL_HAS_NO_HW

	config WOLFSSL_HAS_NO_HW
		bool "None"

	config WOLFSSL_HAS_CPU_CRYPTO
		bool "Use CPU crypto instructions"
		depends on WOLFSSL_ASM_CAPABLE
		help
		This will use Intel AESNI insturctions or armv8 Crypto Extensions.
		Either of them should easily outperform hardware crypto in WolfSSL.
		Beware that for Intel, the CPU has to support SSE4 instructions.

	config WOLFSSL_HAS_AFALG
		bool "AF_ALG"

	config WOLFSSL_HAS_DEVCRYPTO_CBC
		bool "/dev/crytpo - AES-CBC-only"
		select WOLFSSL_HAS_DEVCRYPTO

	config WOLFSSL_HAS_DEVCRYPTO_AES
		bool "/dev/crypto - AES-only (all supported modes)"
		select WOLFSSL_HAS_DEVCRYPTO

	config WOLFSSL_HAS_DEVCRYPTO_FULL
		bool "/dev/crypto - full"
		select WOLFSSL_HAS_DEVCRYPTO
endchoice
if x86_64 && WOLFSSL_HAS_CPU_CRYPTO
	comment "WARNING: make sure your CPU supports SSE4 instructions"
	comment "WolfSSL may crash with an invalid opcode exception"
endif

endif