2011-08-03 11:30:22 -07:00
# configure.ac
2011-07-26 13:27:22 -07:00
#
2024-04-25 22:44:28 -05:00
# Copyright (C) 2006-2024 wolfSSL Inc.
2011-07-26 13:27:22 -07:00
#
2014-12-31 13:04:03 -07:00
# This file is part of wolfSSL. (formerly known as CyaSSL)
2011-07-26 13:27:22 -07:00
#
#
2024-04-25 22:44:28 -05:00
AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.])
2021-03-12 13:49:29 -06:00
AC_PREREQ([2.69])
2024-03-20 19:32:22 +07:00
AC_INIT([wolfssl],[5.7.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
2012-10-19 00:30:21 -04:00
AC_CONFIG_AUX_DIR([build-aux])
2011-08-24 15:54:58 -07:00
2020-01-22 14:26:16 -08:00
# The following sets CFLAGS to empty if unset on command line. We do not
# want the default "-g -O2" that AC_PROG_CC sets automatically.
2015-09-17 16:36:53 -07:00
: ${CFLAGS=""}
2021-02-24 17:04:33 -06:00
# Capture user C_EXTRA_FLAGS from configure line.
# Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone
# might still be using it.
CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS"
2018-05-16 09:55:16 -04:00
2018-06-08 10:47:14 -07:00
AC_PROG_CC
AM_PROG_CC_C_O
2011-08-24 15:54:58 -07:00
AC_CANONICAL_HOST
2021-03-11 17:29:12 -06:00
AC_CANONICAL_TARGET
2018-06-08 10:47:14 -07:00
AC_CONFIG_MACRO_DIR([m4])
2011-08-24 15:54:58 -07:00
2021-03-12 13:49:29 -06:00
AM_INIT_AUTOMAKE([1.14.1 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
2018-06-08 10:47:14 -07:00
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
2011-08-24 15:54:58 -07:00
2013-09-15 00:13:30 -07:00
AC_ARG_PROGRAM
2011-08-24 15:54:58 -07:00
2018-06-08 10:47:14 -07:00
AC_CONFIG_HEADERS([config.h:config.in])
2011-08-24 15:54:58 -07:00
2021-03-12 13:49:29 -06:00
LT_PREREQ([2.4.2])
2018-06-08 10:47:14 -07:00
LT_INIT([disable-static win32-dll])
2011-02-05 11:14:47 -08:00
2023-01-25 23:45:21 -06:00
AC_ARG_VAR(EXTRA_CPPFLAGS, [Extra CPPFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
AC_ARG_VAR(EXTRA_CCASFLAGS, [Extra CCASFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
AC_ARG_VAR(EXTRA_LDFLAGS, [Extra LDFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
2021-08-27 23:03:14 -05:00
2022-10-20 11:56:08 +02:00
WOLFSSL_CONFIG_ARGS=$ac_configure_args
AC_SUBST([WOLFSSL_CONFIG_ARGS])
# shared library versioning
# The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
2024-03-21 03:33:39 +07:00
# increment if interfaces have been removed or changed
2023-12-14 15:45:19 -07:00
WOLFSSL_LIBRARY_VERSION_FIRST=42
2024-03-21 03:33:39 +07:00
# increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
2024-03-20 19:32:22 +07:00
WOLFSSL_LIBRARY_VERSION_SECOND=1
2024-03-21 03:33:39 +07:00
# increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
2023-06-30 14:40:26 -07:00
WOLFSSL_LIBRARY_VERSION_THIRD=0
2024-03-21 03:33:39 +07:00
WOLFSSL_LIBRARY_VERSION=${WOLFSSL_LIBRARY_VERSION_FIRST}:${WOLFSSL_LIBRARY_VERSION_SECOND}:${WOLFSSL_LIBRARY_VERSION_THIRD}
2022-10-20 11:56:08 +02:00
AC_SUBST([WOLFSSL_LIBRARY_VERSION_FIRST])
AC_SUBST([WOLFSSL_LIBRARY_VERSION_SECOND])
AC_SUBST([WOLFSSL_LIBRARY_VERSION_THIRD])
2014-12-29 16:30:26 -07:00
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
2011-04-29 13:08:05 -07:00
2011-08-24 15:54:58 -07:00
gl_VISIBILITY
2012-10-20 21:24:28 -04:00
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
2023-01-25 23:45:21 -06:00
AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
2012-10-20 21:24:28 -04:00
])
2011-08-24 15:54:58 -07:00
2023-08-09 00:39:55 +02:00
WOLFSSL_BUILD_DATE=$(date -R)
AC_SUBST([WOLFSSL_BUILD_DATE])
2011-08-24 15:54:58 -07:00
2016-12-06 16:15:45 -08:00
# Moved these size of and type checks before the library checks.
# The library checks add the library to subsequent test compiles
# and in some rare cases, the networking check causes these sizeof
# checks to fail.
2018-06-08 10:47:14 -07:00
AC_CHECK_SIZEOF([long long])
AC_CHECK_SIZEOF([long])
2018-11-12 16:02:33 -07:00
AC_CHECK_SIZEOF([time_t])
2018-06-08 10:47:14 -07:00
AC_CHECK_TYPES([__uint128_t])
2020-10-09 22:18:51 -05:00
2021-02-24 17:04:33 -06:00
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
enable_all=yes
2022-03-04 08:46:43 +09:00
enable_earlydata=no
2021-02-24 17:04:33 -06:00
REPRODUCIBLE_BUILD_DEFAULT=yes
else
REPRODUCIBLE_BUILD_DEFAULT=no
fi
2024-05-15 16:54:55 -04:00
# Fail when an option is passed that is not recognized
m4_divert_once([DEFAULTS], [enable_option_checking=fatal])
2024-03-15 16:15:26 -05:00
# Allow experimental settings
AC_ARG_ENABLE([experimental],
[AS_HELP_STRING([--enable-experimental],[Allow experimental settings in the configuration (default: disabled)])],
[ ENABLED_EXPERIMENTAL=$enableval ],
[ ENABLED_EXPERIMENTAL=no ]
)
if test "$ENABLED_EXPERIMENTAL" = "yes"
then
AS_IF([ test "$ENABLED_DISTRO" = "yes" && test "$ENABLED_EXPERIMENTAL" = "yes" ],[ AC_MSG_ERROR([--enable-distro and --enable-experimental are mutually exclusive.]) ])
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
fi
2021-02-24 17:04:33 -06:00
2023-06-12 13:48:24 -06:00
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])
2018-06-08 10:47:14 -07:00
AC_CHECK_LIB([network],[socket])
2011-08-24 15:54:58 -07:00
AC_C_BIGENDIAN
2022-12-12 08:39:42 -08:00
AC_C___ATOMIC
2023-06-12 13:48:24 -06:00
AC_CHECK_HEADER(stdatomic.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ATOMIC_H"],[])
2011-02-05 11:14:47 -08:00
2020-10-09 22:18:51 -05:00
# check if functions of interest are linkable, but also check if
# they're declared by the expected headers, and if not, supersede the
# unusable positive from AC_CHECK_FUNCS().
2022-03-17 14:00:55 -07:00
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit])
2022-12-12 08:39:42 -08:00
AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit], [], [
2020-10-09 22:18:51 -05:00
if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
then
2022-03-07 17:19:31 -06:00
AC_MSG_NOTICE([ note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])
eval "ac_cv_func_${as_decl_name}=no"
2020-10-09 22:18:51 -05:00
_mask_varname=HAVE_`eval "echo '${as_decl_name}'" | tr 'a-z' 'A-Z'`
2022-03-07 17:19:31 -06:00
sed --in-place "s~^#define ${_mask_varname} 1$~~" confdefs.h
2020-10-09 22:18:51 -05:00
fi
], [[
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_STRING_H
#include <string.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#ifdef HAVE_TIME_H
#include <time.h>
#endif
2022-12-15 11:23:37 -07:00
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
2020-10-09 22:18:51 -05:00
]])
2011-02-05 11:14:47 -08:00
AC_PROG_INSTALL
2011-08-24 15:54:58 -07:00
AC_TYPE_SIZE_T
AC_TYPE_UINT8_T
2021-05-03 11:23:55 -07:00
AC_TYPE_UINTPTR_T
2011-08-24 15:54:58 -07:00
AM_PROG_AS
2011-04-26 15:41:16 -07:00
2020-04-08 14:06:11 -07:00
OPTIMIZE_CFLAGS="-Os"
OPTIMIZE_FAST_CFLAGS="-O2"
2013-09-03 13:13:13 -07:00
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
2014-12-31 13:04:03 -07:00
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
2015-09-28 10:06:30 -06:00
LIB_ADD=
LIB_STATIC_ADD=
2011-02-05 11:14:47 -08:00
2021-08-27 23:03:14 -05:00
if test "$output_objdir" = ""
then
output_objdir=.
fi
2023-05-01 15:47:21 -07:00
2013-11-11 17:00:35 -08:00
# Thread local storage
2023-05-01 15:47:21 -07:00
thread_ls_on="no"
AC_ARG_ENABLE([threadlocal],
[AS_HELP_STRING([--enable-threadlocal],[Enable thread local support (default: enabled)])],
[ ENABLED_THREADLOCAL=$enableval ],
[ ENABLED_THREADLOCAL=yes ]
)
if test "$ENABLED_THREADLOCAL" = "yes"
then
AX_TLS([thread_ls_on=yes],[thread_ls_on=no])
AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
fi
2011-02-05 11:14:47 -08:00
# DEBUG
2012-10-19 00:30:21 -04:00
AX_DEBUG
2012-10-24 11:53:33 -07:00
AS_IF([test "$ax_enable_debug" = "yes"],
2021-10-29 13:59:53 -07:00
[AM_CFLAGS="$AM_CFLAGS $DEBUG_CFLAGS"],
2012-10-24 11:53:33 -07:00
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
2021-01-12 12:25:52 +10:00
AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CCASFLAGS="$DEBUG_CFLAGS $AM_CCASFLAGS"],
[AM_CCASFLAGS="$AM_CCASFLAGS -DNDEBUG"])
2011-02-05 11:14:47 -08:00
2020-10-28 11:47:31 +10:00
# Start without certificates enabled and enable if a certificate algorithm is
# enabled
ENABLED_CERTS="no"
2023-03-24 16:42:56 +01:00
# Implements requirements from RFC9325
AC_ARG_ENABLE([harden-tls],
2023-03-28 14:14:40 +02:00
[AS_HELP_STRING([--enable-harden-tls],[Enable requirements from RFC9325. Possible values are <yes>, <112>, or <128>. <yes> is equivalent to <112>. (default: disabled)])],
2023-03-24 16:42:56 +01:00
[ ENABLED_HARDEN_TLS=$enableval ],
[ ENABLED_HARDEN_TLS=no ]
)
if test "x$ENABLED_HARDEN_TLS" != "xno"
then
2023-04-21 16:05:43 -05:00
if test "x$ENABLED_HARDEN_TLS" = "xyes" || test "x$ENABLED_HARDEN_TLS" = "x112"
2023-04-03 18:24:01 +02:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HARDEN_TLS=112"
2023-04-21 16:05:43 -05:00
elif test "x$ENABLED_HARDEN_TLS" = "x128"
2023-04-03 18:24:01 +02:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HARDEN_TLS=128"
2023-03-27 15:42:19 +02:00
else
2023-04-03 18:24:01 +02:00
AC_MSG_ERROR([Invalid value for --enable-harden-tls])
fi
2023-03-27 17:53:59 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_ALERTS -DWOLFSSL_CHECK_ALERT_ON_ERR"
2023-03-24 16:42:56 +01:00
fi
2020-10-28 11:47:31 +10:00
2021-09-20 13:38:52 -05:00
# Support for forcing 32-bit mode
# To force 32-bit instructions use:
# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make
# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement.
AC_ARG_ENABLE([32bit],
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
[ ENABLED_32BIT=$enableval ],
[ ENABLED_32BIT=no ]
)
# 16-bit compiler support
AC_ARG_ENABLE([16bit],
[AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])],
[ ENABLED_16BIT=$enableval ],
[ ENABLED_16BIT=no ]
)
if test "$ENABLED_16BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU"
fi
2022-01-05 11:06:25 -08:00
AC_ARG_ENABLE([64bit],
2022-02-08 10:40:05 +10:00
[AS_HELP_STRING([--enable-64bit],[Enables 64-bit support (default: disabled)])],
2022-01-05 11:06:25 -08:00
[ ENABLED_64BIT=$enableval ],
2022-02-08 10:40:05 +10:00
[ ENABLED_64BIT=no ]
2022-01-05 11:06:25 -08:00
)
AC_ARG_ENABLE([kdf],
[AS_HELP_STRING([--enable-kdf],[Enables kdf support (default: enabled)])],
[ ENABLED_KDF=$enableval ],
[ ENABLED_KDF=yes ]
)
2021-09-20 13:38:52 -05:00
2022-01-05 11:06:25 -08:00
AC_ARG_ENABLE([hmac],
[AS_HELP_STRING([--enable-hmac],[Enables HMAC support (default: enabled)])],
[ ENABLED_HMAC=$enableval ],
[ ENABLED_HMAC=yes ]
)
2021-09-20 13:38:52 -05:00
2022-01-05 11:06:25 -08:00
AC_ARG_ENABLE([do178],
[AS_HELP_STRING([--enable-do178],[Enable DO-178, Will NOT work w/o DO178 license (default: disabled)])],
[ENABLED_DO178=$enableval],
[ENABLED_DO178="no"])
if test "$ENABLED_DO178" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DO178"
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_DO178"
fi
2021-09-20 13:38:52 -05:00
# Support for disabling all ASM
AC_ARG_ENABLE([asm],
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
[ ENABLED_ASM=$enableval ],
[ ENABLED_ASM=yes ]
)
if test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
fi
AC_SUBST([ENABLED_ASM])
2022-01-19 10:20:21 +10:00
# Default math is SP Math all and not fast math
# FIPS v1 and v2 must use fast math
DEF_SP_MATH="yes"
DEF_FAST_MATH="no"
2021-09-27 18:07:37 -05:00
# FIPS 140
2020-05-12 11:53:19 -07:00
AC_ARG_ENABLE([fips],
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
[ENABLED_FIPS=$enableval],
[ENABLED_FIPS="no"])
2022-02-04 16:05:58 -05:00
# wolfEngine Options
AC_ARG_ENABLE([engine],
[AS_HELP_STRING([--enable-engine],[Enable wolfEngine options (default: disabled)])],
[ ENABLED_WOLFENGINE=$enableval ],
[ ENABLED_WOLFENGINE=no ]
)
AS_CASE([$ENABLED_WOLFENGINE],
[no],[
ENABLED_WOLFENGINE="no"
],
[disabled],[
ENABLED_WOLFENGINE="no"
],
[yes|fips-v2|cert3389],[
ENABLED_WOLFENGINE="yes"
ENABLED_FIPS="v2"
],
2022-09-30 08:04:31 -07:00
[fips-v5],[
ENABLED_WOLFENGINE="yes"
ENABLED_FIPS="v5"
],
2024-03-08 12:54:49 -05:00
[fips-v6],[
ENABLED_WOLFENGINE="yes"
ENABLED_FIPS="v6"
],
2022-02-04 16:05:58 -05:00
[fips-ready],[
ENABLED_WOLFENGINE="yes"
ENABLED_FIPS="ready"
],
[no-fips],[
ENABLED_WOLFENGINE="yes"
ENABLED_FIPS="no"
],
[
AC_MSG_ERROR([Invalid value for --enable-engine "$ENABLED_WOLFENGINE" (options: fips-v2, fips-ready, no-fips, no, disabled)])
])
2020-10-21 11:58:38 -07:00
# The FIPS options are:
2021-12-16 00:02:26 -06:00
# no - FIPS build disabled, FIPS sources forbidden in build tree
# disabled - FIPS build disabled, FIPS sources ignored in build tree
2020-10-21 11:58:38 -07:00
# v1 - FIPS 140-2 Cert 2425
# default - same as v1
2021-12-16 00:02:26 -06:00
# v2 - FIPS 140-2 Cert 3389
# cert3389 - alias for v2
# rand - wolfRand
2022-09-19 09:39:33 -07:00
# v5-RC12 - FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
# v5 - currently, alias for v5-RC12
# ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked
# dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable
2022-09-20 14:26:15 -07:00
# v5-ready - Alias for ready.
# v5-dev - Alias for dev.
2024-03-01 19:40:27 -05:00
# v6 - The SRTP-KDF-full-submission
2022-09-19 09:39:33 -07:00
#
# These options have been retired, but are listed here for historical reference:
# v5-RC8 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC8).
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 0.
2021-12-16 00:02:26 -06:00
# v5-RC9 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC9)
2022-09-19 09:39:33 -07:00
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 1.
2021-12-22 13:30:43 -06:00
# v5-RC10 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC10
2022-09-19 09:39:33 -07:00
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
2021-12-30 15:19:26 -08:00
# v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11
2022-09-19 09:39:33 -07:00
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
2020-05-12 11:53:19 -07:00
AS_CASE([$ENABLED_FIPS],
2021-02-23 15:33:52 -08:00
[no],[
FIPS_VERSION="none"
2020-05-12 11:53:19 -07:00
],
2021-09-24 17:29:00 -05:00
[disabled],[
FIPS_VERSION="disabled"
ENABLED_FIPS="no"
],
2021-09-27 18:07:37 -05:00
[v1|yes|cert2425],[
2020-05-12 11:53:19 -07:00
FIPS_VERSION="v1"
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION_MAJOR=1
2021-09-27 18:07:37 -05:00
ENABLED_FIPS="yes"
2022-01-19 10:20:21 +10:00
DEF_SP_MATH="no"
DEF_FAST_MATH="yes"
2021-09-27 18:07:37 -05:00
],
[v2|cert3389],[
2021-10-26 22:51:59 -05:00
FIPS_VERSION="v2"
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION_MAJOR=2
2022-03-09 10:35:39 -08:00
HAVE_FIPS_VERSION_MINOR=0
2021-09-27 18:07:37 -05:00
ENABLED_FIPS="yes"
2022-01-19 10:20:21 +10:00
DEF_SP_MATH="no"
DEF_FAST_MATH="yes"
2021-09-27 18:07:37 -05:00
],
2021-12-16 00:02:26 -06:00
[rand],[
FIPS_VERSION="rand"
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION_MAJOR=2
2022-03-09 10:35:39 -08:00
HAVE_FIPS_VERSION_MINOR=1
2021-12-16 00:02:26 -06:00
ENABLED_FIPS="yes"
2022-01-19 10:20:21 +10:00
DEF_SP_MATH="no"
2022-06-24 15:55:08 -05:00
DEF_FAST_MATH="no"
2021-12-16 00:02:26 -06:00
],
2021-12-30 15:19:26 -08:00
[v5|v5-RC12],[
FIPS_VERSION="v5-RC12"
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION_MAJOR=5
2021-12-30 15:19:26 -08:00
HAVE_FIPS_VERSION_MINOR=2
ENABLED_FIPS="yes"
2022-01-19 10:20:21 +10:00
DEF_SP_MATH="no"
DEF_FAST_MATH="yes"
2021-12-22 13:30:43 -06:00
],
2024-03-01 19:40:27 -05:00
[v5-ready],[
2024-03-22 20:12:29 -04:00
FIPS_VERSION="v5-ready"
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION_MAJOR=5
2022-01-21 14:48:12 -06:00
HAVE_FIPS_VERSION_MINOR=3
2021-09-27 18:07:37 -05:00
ENABLED_FIPS="yes"
2022-01-19 10:20:21 +10:00
DEF_SP_MATH="no"
DEF_FAST_MATH="yes"
2021-02-23 15:33:52 -08:00
],
2024-03-22 18:30:23 -04:00
[v5-dev],[
2024-04-13 21:12:22 -05:00
FIPS_VERSION="v5-dev"
HAVE_FIPS_VERSION_MAJOR=5
2022-01-21 14:48:12 -06:00
HAVE_FIPS_VERSION_MINOR=3
2021-12-16 00:02:26 -06:00
ENABLED_FIPS="yes"
2022-09-19 09:39:33 -07:00
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
2021-12-16 00:02:26 -06:00
],
2024-03-01 19:40:27 -05:00
[v6],[
FIPS_VERSION="v6"
HAVE_FIPS_VERSION=6
HAVE_FIPS_VERSION_MAJOR=6
HAVE_FIPS_VERSION_MINOR=0
HAVE_FIPS_VERSION_PATCH=0
ENABLED_FIPS="yes"
DEF_SP_MATH="yes"
DEF_FAST_MATH="no"
],
# Should always remain one ahead of the latest so as not to be confused with
# the latest
2024-03-22 19:04:16 -04:00
[ready|v6-ready],[
2024-03-01 19:40:27 -05:00
FIPS_VERSION="ready"
2024-03-22 20:12:29 -04:00
HAVE_FIPS_VERSION=7
2024-03-01 19:40:27 -05:00
HAVE_FIPS_VERSION_MAJOR=7
HAVE_FIPS_VERSION_MINOR=0
HAVE_FIPS_VERSION_PATCH=0
ENABLED_FIPS="yes"
DEF_SP_MATH="yes"
DEF_FAST_MATH="no"
],
2024-04-13 21:12:22 -05:00
[dev|v6-dev],[
2024-03-22 18:30:23 -04:00
FIPS_VERSION="dev"
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION_MAJOR=7
2024-03-22 19:05:25 -04:00
HAVE_FIPS_VERSION_MINOR=0
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION_PATCH=0
2024-03-22 19:05:25 -04:00
ENABLED_FIPS="yes"
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
2024-03-22 18:30:23 -04:00
],
2021-02-23 15:33:52 -08:00
[
2024-03-22 18:30:23 -04:00
AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (main options: v1, v2, v5, v6, ready, dev, rand, no, disabled)])
2020-05-12 11:53:19 -07:00
])
2020-08-06 16:05:03 -07:00
2024-04-13 21:12:22 -05:00
if test -z "$HAVE_FIPS_VERSION_MAJOR"
then
HAVE_FIPS_VERSION_MAJOR=0
fi
2021-09-27 18:07:37 -05:00
if test -z "$HAVE_FIPS_VERSION_MINOR"
then
HAVE_FIPS_VERSION_MINOR=0
fi
2024-04-13 21:12:22 -05:00
if test -z "$HAVE_FIPS_VERSION_PATCH"
then
HAVE_FIPS_VERSION_PATCH=0
fi
2021-09-27 18:07:37 -05:00
if test -z "$HAVE_FIPS_VERSION"
then
2024-04-13 21:12:22 -05:00
HAVE_FIPS_VERSION="$HAVE_FIPS_VERSION_MAJOR"
2021-09-27 18:07:37 -05:00
fi
2021-10-07 22:33:12 -05:00
if test "$ENABLED_FIPS" != "no"
then
REPRODUCIBLE_BUILD_DEFAULT=yes
fi
2021-02-23 15:33:52 -08:00
AS_CASE([$FIPS_VERSION],
[none],
[
2023-08-01 13:40:52 -04:00
AS_IF([ test -s $srcdir/wolfcrypt/src/fips.c ],
2021-08-26 17:59:10 -05:00
[AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])])
2021-02-23 15:33:52 -08:00
],
2021-09-27 18:07:37 -05:00
[disabled],
[],
2021-02-23 15:33:52 -08:00
[
AS_IF([ ! test -s $srcdir/wolfcrypt/src/fips.c],
[AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])])
]
)
2020-05-12 11:53:19 -07:00
2021-08-27 23:03:14 -05:00
# For reproducible build, gate out from the build anything that might
# introduce semantically frivolous jitter, maximizing chance of
# identical object files.
AC_ARG_ENABLE([reproducible-build],
[AS_HELP_STRING([--enable-reproducible-build],[Enable maximally reproducible build (default: disabled)])],
[ ENABLED_REPRODUCIBLE_BUILD=$enableval ],
[ ENABLED_REPRODUCIBLE_BUILD=$REPRODUCIBLE_BUILD_DEFAULT ]
)
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
then
2021-11-05 18:18:53 -05:00
# Test ar for the "D" option. Should be checked before the libtool macros.
if test -z "$AR"; then
AR=ar
fi
xxx_ar_flags=$(${AR} --help 2>&1)
if test -z "$RANLIB"; then
RANLIB=ranlib
fi
xxx_ranlib_flags=$(${RANLIB} --help 2>&1)
2024-02-21 16:36:29 -06:00
2022-03-29 07:53:43 -05:00
AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr" lt_ar_flags="Dcr"])
2021-11-05 18:18:53 -05:00
AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="${RANLIB} -D"])
2024-02-21 16:36:29 -06:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD -g0"
# opportunistically use -ffile-prefix-map (added in GCC8 and LLVM10)
if "$CC" -ffile-prefix-map=/tmp=. -x c - -o /dev/null >/dev/null 2>&1 <<' EOF'
#include <stdlib.h>
int main(int argc, char **argv) {
(void)argc; (void)argv; return 0;
}
EOF
then
AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/="
fi
# opportunistically use linker option --build-id=none
if "$CC" -Wl,--build-id=none -x c - -o /dev/null >/dev/null 2>&1 <<' EOF'
#include <stdlib.h>
int main(int argc, char **argv) {
(void)argc; (void)argv; return 0;
}
EOF
then
AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=none"
fi
2021-08-27 23:03:14 -05:00
fi
2021-11-08 18:25:15 -06:00
AC_ARG_ENABLE([benchmark],
[AS_HELP_STRING([--enable-benchmark],[Build benchmark when building crypttests (default: enabled)])],
[ENABLED_BENCHMARK=$enableval],
[ENABLED_BENCHMARK=yes]
)
2020-09-17 22:15:58 -05:00
# Linux Kernel Module
AC_ARG_ENABLE([linuxkm],
[AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
[ENABLED_LINUXKM=$enableval],
[ENABLED_LINUXKM=no]
)
2020-09-30 14:26:17 -05:00
AC_ARG_ENABLE([linuxkm-defaults],
[AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])],
[ENABLED_LINUXKM_DEFAULTS=$enableval],
[ENABLED_LINUXKM_DEFAULTS=$ENABLED_LINUXKM]
)
2021-08-19 11:15:52 -05:00
AC_ARG_ENABLE([linuxkm-pie],
[AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])],
[ENABLED_LINUXKM_PIE=$enableval],
[ENABLED_LINUXKM_PIE=$ENABLED_FIPS]
)
if test "$ENABLED_LINUXKM_PIE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_LINUXKM_PIE_SUPPORT"
2022-04-04 10:14:22 -05:00
elif test "$ENABLED_FIPS" = yes && test "$ENABLED_LINUXKM" = yes
2021-08-19 11:15:52 -05:00
then
2022-04-04 10:14:22 -05:00
AC_MSG_ERROR([FIPS linuxkm requires linuxkm-pie.])
2021-08-19 11:15:52 -05:00
fi
AC_SUBST([ENABLED_LINUXKM_PIE])
2023-05-17 01:03:26 -05:00
AC_ARG_ENABLE([linuxkm-benchmarks],
[AS_HELP_STRING([--enable-linuxkm-benchmarks],[Enable crypto benchmarking autorun at module load time for Linux kernel module (default: disabled)])],
[ENABLED_LINUXKM_BENCHMARKS=$enableval],
[ENABLED_LINUXKM_BENCHMARKS=no]
)
if test "$ENABLED_LINUXKM_BENCHMARKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM_BENCHMARKS"
fi
AC_SUBST([ENABLED_LINUXKM_BENCHMARKS])
2021-08-19 11:15:52 -05:00
2020-10-01 18:07:48 -05:00
if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
then
2022-04-05 08:10:03 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWOLFSSL_TEST_SUBROUTINE=static"
2023-07-12 13:47:40 -05:00
if test "$ENABLED_LINUXKM_PIE" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
fi
2022-04-05 08:10:03 -05:00
if test "$ENABLED_FIPS" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OLD_PRIME_CHECK"
fi
2022-06-24 15:55:08 -05:00
DEF_SP_MATH="yes"
DEF_FAST_MATH="no"
2020-10-01 18:07:48 -05:00
fi
2020-09-17 22:15:58 -05:00
AC_ARG_WITH([linux-source],
[AS_HELP_STRING([--with-linux-source=PATH],[PATH to root of Linux kernel build tree])],
[KERNEL_ROOT=$withval],
[KERNEL_ROOT=""])
AC_ARG_WITH([linux-arch],
[AS_HELP_STRING([--with-linux-arch=arch],[built arch (SRCARCH) of Linux kernel build tree])],
[KERNEL_ARCH=$withval],
[KERNEL_ARCH=""])
if test "x$ENABLED_LINUXKM" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM"
ENABLED_NO_LIBRARY=yes
2021-11-08 18:25:15 -06:00
ENABLED_BENCHMARK=no
2021-08-27 23:03:14 -05:00
output_objdir="$(realpath "$output_objdir")/linuxkm"
2020-09-17 22:15:58 -05:00
if test "$KERNEL_ROOT" = ""; then
AC_PATH_DEFAULT_KERNEL_SOURCE
KERNEL_ROOT="$DEFAULT_KERNEL_ROOT"
fi
AC_SUBST([KERNEL_ROOT])
if test "$KERNEL_ARCH" = ""; then
AC_DEFAULT_KERNEL_ARCH
KERNEL_ARCH="$DEFAULT_KERNEL_ARCH"
fi
AC_SUBST([KERNEL_ARCH])
if test "${KERNEL_ROOT}" = ""; then
AC_MSG_ERROR([Linux kernel source root not found -- supply with --with-linux-source=PATH.])
fi
if test "${KERNEL_ARCH}" = ""; then
AC_MSG_ERROR([Linux kernel target architecture for build tree ${KERNEL_ROOT} could not be determined. Is target kernel configured?])
fi
AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO"
fi
2022-06-30 10:12:07 -07:00
# MATH LIBRARY SELECTION
2023-04-12 15:33:59 -07:00
2020-09-30 14:26:17 -05:00
# Single Precision maths implementation
AC_ARG_ENABLE([sp],
[AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
[ ENABLED_SP=$enableval ],
[ ENABLED_SP=$ENABLED_SP_DEFAULT ],
)
2020-12-01 18:26:22 -06:00
AC_ARG_ENABLE([sp-math-all],
2022-01-14 14:02:55 -08:00
[AS_HELP_STRING([--enable-sp-math-all],[Enable Single Precision math implementation for full algorithm suite (default: enabled)])],
2020-12-01 18:26:22 -06:00
[ ENABLED_SP_MATH_ALL=$enableval ],
2022-01-19 10:20:21 +10:00
[ ENABLED_SP_MATH_ALL=$DEF_SP_MATH ],
2020-12-01 18:26:22 -06:00
)
2020-09-30 14:26:17 -05:00
2022-01-14 14:02:55 -08:00
# Single Precision maths (acceleration for common key sizes and curves)
2020-12-01 18:26:22 -06:00
if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" && test "$ENABLED_SP" != "no" && test "$ENABLED_SP_MATH_ALL" = "no"
2020-09-30 14:26:17 -05:00
then
ENABLED_SP_MATH_DEFAULT=yes
else
ENABLED_SP_MATH_DEFAULT=no
fi
AC_ARG_ENABLE([sp-math],
2020-12-01 18:26:22 -06:00
[AS_HELP_STRING([--enable-sp-math],[Enable Single Precision math implementation with restricted algorithm suite (default: disabled)])],
2020-09-30 14:26:17 -05:00
[ ENABLED_SP_MATH=$enableval ],
[ ENABLED_SP_MATH=$ENABLED_SP_MATH_DEFAULT ],
)
2022-01-19 10:20:21 +10:00
if test "$enable_sp_math" != ""
then
# When the restricted SP Math is selected and not SP Math ALL, then disable
# SP Math ALL.
if test "$enable_sp_math" != "no" && test "$enable_sp_math_all" = ""
then
ENABLED_SP_MATH_ALL="no"
else
# Can't choose restricted and unrestricted SP Math
if test "$enable_sp_math" != "no" && test "$enable_sp_math_all" != "no"
then
AC_MSG_ERROR([--enable-sp-math and --enable-sp-math-all are incompatible. Use --enable-sp-math-all only when all key sizes need to be supported.])
fi
fi
fi
2020-09-30 14:26:17 -05:00
2022-01-14 14:02:55 -08:00
# enable SP math assembly support automatically for x86_64 and aarch64 (except Linux kernel module)
SP_ASM_DEFAULT=no
if test "$ENABLED_SP_MATH" = "yes" && test "$ENABLED_LINUXKM_DEFAULTS" = "no"
then
2022-05-08 12:13:18 +02:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
2022-01-14 14:02:55 -08:00
then
SP_ASM_DEFAULT=yes
fi
fi
2021-03-17 11:24:55 +10:00
AC_ARG_ENABLE([sp-asm],
2022-05-08 12:13:18 +02:00
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: enabled on x86_64/aarch64/amd64)])],
2021-03-17 11:24:55 +10:00
[ ENABLED_SP_ASM=$enableval ],
2022-01-14 14:02:55 -08:00
[ ENABLED_SP_ASM=$SP_ASM_DEFAULT ],
2021-03-17 11:24:55 +10:00
)
2020-12-01 18:26:22 -06:00
2022-12-05 10:33:03 +10:00
if test "$ENABLED_SP_ASM" != "no"
then
if test "$ENABLED_SP" = "no"
then
2023-02-07 21:45:06 -06:00
AC_MSG_ERROR([--enable-sp-asm requires SP to be enabled.])
2022-12-05 10:33:03 +10:00
fi
if test "$ENABLED_SP" = ""
then
ENABLED_SP=yes
fi
fi
2022-01-14 14:02:55 -08:00
2022-06-30 10:12:07 -07:00
# fastmath
AC_ARG_ENABLE([fastmath],
[AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: disabled)])],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=$DEF_FAST_MATH ]
)
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
[AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
fi
2022-09-30 16:19:40 +10:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
fi
if test "$host_cpu" = "x86"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_BUILD"
fi
2022-06-30 10:12:07 -07:00
# if sp-math-all is not set, then enable fast math
2022-07-07 12:16:12 +10:00
if test "x$ENABLED_FASTMATH" = "xyes" && test "$enable_sp_math_all" = "" && test "$enable_sp_math" = ""
2022-06-30 10:12:07 -07:00
then
2023-08-01 11:17:51 -05:00
# turn off fastmath if leanpsk on or asn off (w/o DH and ECC)
2022-06-30 10:12:07 -07:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
then
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
then
ENABLED_FASTMATH="no"
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_HEAPMATH="no"
fi
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_HEAPMATH="no"
ENABLED_SP_MATH_ALL="no"
fi
AS_IF([test "x$host_cpu" = "xaarch64"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AARCH64_BUILD"])
if test "$ENABLED_SAKKE" = "yes" && test "$ENABLED_SAKKE_SMALL" != "yes"
then
AM_CFLAGS="$AM_CFLAGS -funroll-loops -DTFM_SMALL_SET"
fi
fi
# heap based integer.c math (not timing resistant)
AC_ARG_ENABLE([heapmath],
[AS_HELP_STRING([--enable-heapmath],[Enable heap based integer.c math ops (default: disabled)])],
[ ENABLED_HEAPMATH=$enableval ],
[ ENABLED_HEAPMATH=no]
)
2023-04-13 14:38:35 -07:00
if test "x$ENABLED_HEAPMATH" = "xyes"
2022-06-30 10:12:07 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEGER_HEAP_MATH"
ENABLED_HEAPMATH="yes"
ENABLED_SP="no"
ENABLED_SP_MATH_ALL="no"
fi
2017-05-18 10:57:28 -07:00
# ALL FEATURES
AC_ARG_ENABLE([all],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
2017-05-18 10:57:28 -07:00
[ ENABLED_ALL=$enableval ],
[ ENABLED_ALL=no ]
)
if test "$ENABLED_ALL" = "yes"
then
2020-12-01 18:26:22 -06:00
test "$enable_dtls" = "" && enable_dtls=yes
2020-05-12 11:53:19 -07:00
if test "x$FIPS_VERSION" != "xv1"
then
2020-12-01 18:26:22 -06:00
test "$enable_tls13" = "" && enable_tls13=yes
test "$enable_rsapss" = "" && enable_rsapss=yes
fi
2021-09-13 23:41:21 -05:00
# this set is also enabled by enable-all-crypto:
2020-12-01 18:26:22 -06:00
test "$enable_atomicuser" = "" && enable_atomicuser=yes
test "$enable_aesgcm" = "" && enable_aesgcm=yes
2024-02-10 01:09:15 -06:00
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
2020-12-01 18:26:22 -06:00
test "$enable_aesccm" = "" && enable_aesccm=yes
test "$enable_aesctr" = "" && enable_aesctr=yes
2023-09-25 17:37:26 -06:00
test "$enable_aeseax" = "" && enable_aeseax=yes
2020-12-01 18:26:22 -06:00
test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes
2021-03-26 14:04:25 -05:00
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
2020-12-01 18:26:22 -06:00
test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes
test "$enable_sha224" = "" && enable_sha224=yes
2024-04-17 00:40:39 -05:00
test "$enable_sha512" = "" && enable_sha512=yes
test "$enable_sha3" = "" && enable_sha3=yes
20230223-refactor-test-c-error-codes (#6135)
* wolfcrypt/test/test.{c,h}: refactor to capture and encode error retvals using WC_TEST_RET_*() macros (based on line numbers), and print line and return code in err_sys().
* wolfcrypt/test/test.h: cast back to int in WC_TEST_RET_ENC(), to fix MSVC warning.
* configure.ac: add shake128 and shake256 to enable-all and enable-all-crypto;
* wolfcrypt/benchmark/benchmark.c: fix gating for bench_shake128() from !defined(WOLFSSL_NO_SHAKE128) to defined(WOLFSSL_SHAKE128).
* wolfcrypt/test/test.h: add WC_TEST_RET_TAG_* and WC_TEST_RET_DEC_TAG(), and refactor WC_TEST_RET_{ENC,DEC}_*() macros to implement the tag mechanism;
* add render_error_message() with tag-specific rendering of error strings;
* wolfcrypt/test/test.c: smallstack refactor of shake128_test() and shake128_absorb_test();
* wolfcrypt/test/test.c: change gating around mp_test() and related routines from defined(HAVE_VALGRIND) to defined(WOLFSSL_PUBLIC_MP);
* smallstack refactor of mp_test();
* refactor a slew of WC_TEST_RET_ENC_NC associated with XFOPEN/XFREAD to be WC_TEST_RET_ENC_ERRNO, and add error detection for XFREAD (previously silently tolerating zero retvals).
* wolfcrypt/test/test.c: build mp_test() only if WOLFSSL_SP_MATH_ALL or USE_FAST_MATH (in addition to WOLFSSL_PUBLIC_MP), because many general purpose functions such as sp_mulmod() are gated out in SP builds without WOLFSSL_SP_MATH_ALL.
* wolfcrypt/test/test.c: fix array bounds flubs in shake128_test();
* don't print_fiducials() in wolfcrypt_test() header, but rather, after render_error_message() in err_sys().
* wolfcrypt/test/test.{c,h}: wrap some overlong lines, and fix an unused-variable warning in mp_test_set_is_bit().
* wolfcrypt/test/test.c: fixes for several misplaced and several missing WC_TEST_RET_ENC_EC()s.
2023-02-28 15:02:37 -06:00
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
2020-12-01 18:26:22 -06:00
test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
test "$enable_keygen" = "" && enable_keygen=yes
test "$enable_certgen" = "" && enable_certgen=yes
test "$enable_certreq" = "" && enable_certreq=yes
test "$enable_certext" = "" && enable_certext=yes
test "$enable_sep" = "" && enable_sep=yes
test "$enable_hkdf" = "" && enable_hkdf=yes
test "$enable_curve25519" = "" && enable_curve25519=yes
test "$enable_curve448" = "" && enable_curve448=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
2020-12-01 18:26:22 -06:00
test "$enable_psk" = "" && enable_psk=yes
test "$enable_cmac" = "" && enable_cmac=yes
2022-11-18 22:13:22 -06:00
test "$enable_siphash" = "" && enable_siphash=yes
2020-12-01 18:26:22 -06:00
test "$enable_ocsp" = "" && enable_ocsp=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
2020-12-01 18:26:22 -06:00
test "$enable_crl" = "" && enable_crl=yes
test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
test "$enable_tlsx" = "" && enable_tlsx=yes
test "$enable_pwdbased" = "" && enable_pwdbased=yes
test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
test "$enable_x963kdf" = "" && enable_x963kdf=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes
2020-12-01 18:26:22 -06:00
test "$enable_indef" = "" && enable_indef=yes
test "$enable_enckeys" = "" && enable_enckeys=yes
test "$enable_hashflags" = "" && enable_hashflags=yes
test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
2021-02-23 19:36:15 -08:00
test "$enable_base64encode" = "" && enable_base64encode=yes
2021-09-13 23:41:21 -05:00
test "$enable_base16" = "" && enable_base16=yes
2020-12-01 18:26:22 -06:00
test "$enable_arc4" = "" && enable_arc4=yes
test "$enable_blake2" = "" && enable_blake2=yes
test "$enable_blake2s" = "" && enable_blake2s=yes
test "$enable_md2" = "" && enable_md2=yes
test "$enable_md4" = "" && enable_md4=yes
2021-09-13 23:41:21 -05:00
test "$enable_cryptocb" = "" && enable_cryptocb=yes
test "$enable_anon" = "" && enable_anon=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
2021-09-13 23:41:21 -05:00
test "$enable_savesession" = "" && enable_savesession=yes
test "$enable_savecert" = "" && enable_savecert=yes
2020-12-01 18:26:22 -06:00
test "$enable_postauth" = "" && enable_postauth=yes
test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
2021-09-13 23:41:21 -05:00
test "$enable_webserver" = "" && enable_webserver=yes
test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
test "$enable_sni" = "" && enable_sni=yes
test "$enable_maxfragment" = "" && enable_maxfragment=yes
test "$enable_alpn" = "" && enable_alpn=yes
test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes
test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
test "$enable_session_ticket" = "" && enable_session_ticket=yes
2022-03-11 09:46:42 -08:00
test "$enable_earlydata" = "" && enable_earlydata=yes
2023-01-18 11:30:46 -08:00
test "$enable_ech" = "" && enable_ech=yes
2024-02-09 00:46:54 -06:00
test "$enable_srtp" = "" && enable_srtp=yes
2024-03-30 13:45:32 +00:00
test "$enable_rpk" = "" && enable_rpk=yes
2022-03-03 16:36:03 +09:00
2020-09-30 19:23:12 -05:00
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
2020-12-01 18:26:22 -06:00
test "$enable_compkey" = "" && enable_compkey=yes
2023-11-19 17:22:46 -06:00
test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && enable_quic=yes
2020-09-30 19:23:12 -05:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
fi
2020-09-30 14:26:17 -05:00
2020-12-01 18:26:22 -06:00
# sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
2020-09-30 19:23:12 -05:00
if test "$ENABLED_SP_MATH" = "no"
then
2023-11-15 14:43:23 -06:00
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
2024-04-13 21:12:22 -05:00
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
test "$enable_brainpool" = "" && enable_brainpool=yes
fi
2020-12-01 18:26:22 -06:00
test "$enable_srp" = "" && enable_srp=yes
# linuxkm is incompatible with opensslextra and its dependents.
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
if test "$ENABLED_FIPS" = "no"
then
2021-09-20 13:38:52 -05:00
if test "$ENABLED_32BIT" != "yes"
then
test "$enable_openssh" = "" && enable_openssh=yes
fi
2021-02-08 17:12:24 -07:00
# S/MIME support requires PKCS7, which requires no FIPS.
test "$enable_smime" = "" && enable_smime=yes
2020-12-01 18:26:22 -06:00
fi
test "$enable_opensslextra" = "" && enable_opensslextra=yes
test "$enable_opensslall" = "" && enable_opensslall=yes
test "$enable_certservice" = "" && enable_certservice=yes
test "$enable_lighty" = "" && enable_lighty=yes
test "$enable_nginx" = "" && enable_nginx=yes
test "$enable_openvpn" = "" && enable_openvpn=yes
test "$enable_asio" = "" && enable_asio=yes
test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
2024-04-13 21:12:22 -05:00
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
test "$enable_qt" = "" && enable_qt=yes
fi
2020-12-01 18:26:22 -06:00
fi
2020-10-02 18:54:45 -05:00
fi
2020-09-30 14:26:17 -05:00
2020-12-01 18:26:22 -06:00
if test "$ENABLED_FIPS" = "no"
2020-10-02 18:54:45 -05:00
then
2021-08-27 23:03:14 -05:00
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
2020-12-01 18:26:22 -06:00
test "$enable_scep" = "" && enable_scep=yes
test "$enable_pkcs7" = "" && enable_pkcs7=yes
2023-08-01 11:17:51 -05:00
test "$enable_nullcipher" = "" && enable_nullcipher=yes
test "$enable_mcast" = "" && enable_mcast=yes
2024-04-17 00:40:39 -05:00
test "$enable_ed25519" = "" && enable_ed25519=yes
test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
2021-01-12 12:25:52 +10:00
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
2022-01-14 14:02:55 -08:00
# these use DES3:
2021-08-26 17:59:10 -05:00
test "$enable_stunnel" = "" && enable_stunnel=yes
2021-12-22 17:34:58 -05:00
test "$enable_curl" = "" && enable_curl=yes
2021-08-26 17:59:10 -05:00
test "$enable_tcpdump" = "" && enable_tcpdump=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
2021-01-12 12:25:52 +10:00
fi
2020-09-30 14:26:17 -05:00
fi
2020-11-26 00:19:35 -06:00
2024-04-13 21:12:22 -05:00
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6 || test "$FIPS_VERSION" = "v5-dev"; then
2024-02-09 00:46:54 -06:00
test "$enable_aesxts" = "" && enable_aesxts=yes
2024-05-14 19:24:27 -05:00
test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && (test "$enable_armasm" = "" || test "$enable_armasm" = "no") && enable_aesxts_stream=yes
2022-01-20 14:51:30 -06:00
test "$enable_aessiv" = "" && enable_aessiv=yes
fi
2024-04-13 21:12:22 -05:00
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
test "$enable_des3" = "" && enable_des3=yes
fi
2020-12-01 18:26:22 -06:00
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
2021-07-23 22:00:26 -05:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
2020-12-01 18:26:22 -06:00
# Enable multiple attribute additions such as DC
2021-08-31 16:28:24 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
2020-12-01 18:26:22 -06:00
2021-08-31 16:28:24 -07:00
# Enable AES Decrypt, AES ECB
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB"
2021-11-05 18:18:53 -05:00
2021-08-31 16:28:24 -07:00
# Enable Alt Names, DER Load, Keep Certs, CRL IO with Timeout
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
2020-12-01 18:26:22 -06:00
2021-08-31 16:28:24 -07:00
# Enable DH Extra
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
2021-12-08 10:49:17 -07:00
# Enable deterministic ECC signing API with variant
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
2022-05-12 14:43:19 -07:00
# Store issuer name components when parsing certificates.
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
2022-05-23 09:17:42 -07:00
# Certificate extensions and alt. names for FPKI use
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
2022-08-01 10:52:09 -07:00
# Handle as many subject/issuer name OIDs as possible
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
2022-08-02 13:47:46 -07:00
# More thorough error queue usage.
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERBOSE_ERRORS"
2020-09-30 14:26:17 -05:00
fi
# ALL CRYPTO FEATURES
AC_ARG_ENABLE([all-crypto],
[AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
[ ENABLED_ALL_CRYPT=$enableval ],
[ ENABLED_ALL_CRYPT=no ]
)
if test "$ENABLED_ALL_CRYPT" = "yes"
then
2020-12-01 18:26:22 -06:00
test "$enable_atomicuser" = "" && enable_atomicuser=yes
test "$enable_aesgcm" = "" && enable_aesgcm=yes
2024-02-10 01:09:15 -06:00
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
2020-12-01 18:26:22 -06:00
test "$enable_aesccm" = "" && enable_aesccm=yes
test "$enable_aesctr" = "" && enable_aesctr=yes
2023-09-25 17:37:26 -06:00
test "$enable_aeseax" = "" && enable_aeseax=yes
2020-12-01 18:26:22 -06:00
test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes
2021-09-13 23:41:21 -05:00
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
2020-12-01 18:26:22 -06:00
test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes
test "$enable_sha224" = "" && enable_sha224=yes
2024-04-17 00:40:39 -05:00
test "$enable_sha512" = "" && enable_sha512=yes
test "$enable_sha3" = "" && enable_sha3=yes
20230223-refactor-test-c-error-codes (#6135)
* wolfcrypt/test/test.{c,h}: refactor to capture and encode error retvals using WC_TEST_RET_*() macros (based on line numbers), and print line and return code in err_sys().
* wolfcrypt/test/test.h: cast back to int in WC_TEST_RET_ENC(), to fix MSVC warning.
* configure.ac: add shake128 and shake256 to enable-all and enable-all-crypto;
* wolfcrypt/benchmark/benchmark.c: fix gating for bench_shake128() from !defined(WOLFSSL_NO_SHAKE128) to defined(WOLFSSL_SHAKE128).
* wolfcrypt/test/test.h: add WC_TEST_RET_TAG_* and WC_TEST_RET_DEC_TAG(), and refactor WC_TEST_RET_{ENC,DEC}_*() macros to implement the tag mechanism;
* add render_error_message() with tag-specific rendering of error strings;
* wolfcrypt/test/test.c: smallstack refactor of shake128_test() and shake128_absorb_test();
* wolfcrypt/test/test.c: change gating around mp_test() and related routines from defined(HAVE_VALGRIND) to defined(WOLFSSL_PUBLIC_MP);
* smallstack refactor of mp_test();
* refactor a slew of WC_TEST_RET_ENC_NC associated with XFOPEN/XFREAD to be WC_TEST_RET_ENC_ERRNO, and add error detection for XFREAD (previously silently tolerating zero retvals).
* wolfcrypt/test/test.c: build mp_test() only if WOLFSSL_SP_MATH_ALL or USE_FAST_MATH (in addition to WOLFSSL_PUBLIC_MP), because many general purpose functions such as sp_mulmod() are gated out in SP builds without WOLFSSL_SP_MATH_ALL.
* wolfcrypt/test/test.c: fix array bounds flubs in shake128_test();
* don't print_fiducials() in wolfcrypt_test() header, but rather, after render_error_message() in err_sys().
* wolfcrypt/test/test.{c,h}: wrap some overlong lines, and fix an unused-variable warning in mp_test_set_is_bit().
* wolfcrypt/test/test.c: fixes for several misplaced and several missing WC_TEST_RET_ENC_EC()s.
2023-02-28 15:02:37 -06:00
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
2020-12-01 18:26:22 -06:00
test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
test "$enable_keygen" = "" && enable_keygen=yes
test "$enable_certgen" = "" && enable_certgen=yes
test "$enable_certreq" = "" && enable_certreq=yes
test "$enable_certext" = "" && enable_certext=yes
test "$enable_sep" = "" && enable_sep=yes
test "$enable_hkdf" = "" && enable_hkdf=yes
test "$enable_curve25519" = "" && enable_curve25519=yes
test "$enable_curve448" = "" && enable_curve448=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
2020-12-01 18:26:22 -06:00
test "$enable_psk" = "" && enable_psk=yes
test "$enable_cmac" = "" && enable_cmac=yes
2022-01-14 13:56:23 +10:00
test "$enable_siphash" = "" && enable_siphash=yes
2020-12-01 18:26:22 -06:00
test "$enable_ocsp" = "" && enable_ocsp=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
2020-12-01 18:26:22 -06:00
test "$enable_crl" = "" && enable_crl=yes
test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
test "$enable_tlsx" = "" && enable_tlsx=yes
test "$enable_pwdbased" = "" && enable_pwdbased=yes
test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
test "$enable_x963kdf" = "" && enable_x963kdf=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes
2020-12-01 18:26:22 -06:00
test "$enable_indef" = "" && enable_indef=yes
test "$enable_enckeys" = "" && enable_enckeys=yes
test "$enable_hashflags" = "" && enable_hashflags=yes
test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
2021-09-13 23:41:21 -05:00
test "$enable_base64encode" = "" && enable_base64encode=yes
test "$enable_base16" = "" && enable_base16=yes
2020-12-01 18:26:22 -06:00
test "$enable_arc4" = "" && enable_arc4=yes
test "$enable_blake2" = "" && enable_blake2=yes
test "$enable_blake2s" = "" && enable_blake2s=yes
test "$enable_md2" = "" && enable_md2=yes
test "$enable_md4" = "" && enable_md4=yes
test "$enable_cryptocb" = "" && enable_cryptocb=yes
test "$enable_anon" = "" && enable_anon=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
2024-02-09 00:46:54 -06:00
test "$enable_srtp_kdf" = "" && enable_srtp_kdf=yes
2020-09-30 14:26:17 -05:00
2020-09-30 19:23:12 -05:00
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
2020-12-01 18:26:22 -06:00
test "$enable_compkey" = "" && enable_compkey=yes
fi
if test "$ENABLED_SP_MATH" = "no"
then
2023-11-15 14:43:23 -06:00
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
2024-04-13 21:12:22 -05:00
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
test "$enable_brainpool" = "" && enable_brainpool=yes
fi
2021-09-13 23:41:21 -05:00
test "$enable_srp" = "" && enable_srp=yes
2020-12-01 18:26:22 -06:00
fi
2021-08-31 16:28:24 -07:00
if test "$ENABLED_FIPS" = "no"
2020-12-01 18:26:22 -06:00
then
2021-08-27 23:03:14 -05:00
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
2020-12-01 18:26:22 -06:00
test "$enable_pkcs7" = "" && enable_pkcs7=yes
2023-08-01 11:17:51 -05:00
test "$enable_nullcipher" = "" && enable_nullcipher=yes
2024-04-17 00:40:39 -05:00
test "$enable_ed25519" = "" && enable_ed25519=yes
test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
2021-01-12 12:25:52 +10:00
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
2021-01-12 12:25:52 +10:00
fi
2020-09-30 19:23:12 -05:00
fi
2024-04-13 21:12:22 -05:00
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6 || test "$FIPS_VERSION" = "v5-dev"; then
2024-02-09 00:46:54 -06:00
test "$enable_aesxts" = "" && enable_aesxts=yes
2024-05-14 19:24:27 -05:00
test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && (test "$enable_armasm" = "" || test "$enable_armasm" = "no") && enable_aesxts_stream=yes
2022-01-20 14:51:30 -06:00
test "$enable_aessiv" = "" && enable_aessiv=yes
fi
2024-04-13 21:12:22 -05:00
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
test "$enable_des3" = "" && enable_des3=yes
fi
2020-09-30 14:26:17 -05:00
# Enable AES Decrypt, AES ECB, Alt Names, DER Load
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD"
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
2021-07-23 22:00:26 -05:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
2020-05-15 15:23:38 -07:00
2019-05-09 10:08:11 -06:00
# Enable multiple attribute additions such as DC
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
2022-06-23 15:00:59 -05:00
# Enable DH Extra
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
# Enable deterministic ECC signing API with variant
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
# Store issuer name components when parsing certificates.
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
2016-08-22 10:00:37 -06:00
fi
2022-09-09 11:41:30 -04:00
# liboqs
ENABLED_LIBOQS="no"
tryliboqsdir=""
AC_ARG_WITH([liboqs],
2024-03-15 16:15:26 -05:00
[AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) (requires --enable-experimental)])],
2022-09-09 11:41:30 -04:00
[
2024-03-15 16:15:26 -05:00
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([LIBOQS requires --enable-experimental.]) ])
2022-09-09 11:41:30 -04:00
AC_MSG_CHECKING([for liboqs])
LIBS="$LIBS -loqs"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
if test "x$liboqs_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
tryliboqsdir=$withval
fi
if test "x$withval" = "xyes" ; then
tryliboqsdir="/usr/local"
fi
2023-01-25 23:45:21 -06:00
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
2022-09-09 11:41:30 -04:00
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
if test "x$liboqs_linked" = "xno" ; then
AC_MSG_ERROR([liboqs isn't found.
If it's already installed, specify its path using --with-liboqs=/dir/])
fi
AC_MSG_RESULT([yes])
2023-01-25 23:45:21 -06:00
AM_CPPFLAGS="$CPPFLAGS"
2022-09-09 11:41:30 -04:00
AM_LDFLAGS="$AM_LDFLAGS -L$tryliboqsdir/lib"
else
AC_MSG_RESULT([yes])
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS"
ENABLED_LIBOQS="yes"
]
)
2022-09-08 11:23:30 +10:00
# KYBER
# Used:
# - SHA3, Shake128 and Shake256, or
# - SHA256, SHA512, AES-CTR
AC_ARG_ENABLE([kyber],
2024-03-15 16:15:26 -05:00
[AS_HELP_STRING([--enable-kyber],[Enable KYBER (requires --enable-experimental) (default: disabled)])],
2022-09-08 11:23:30 +10:00
[ ENABLED_KYBER=$enableval ],
[ ENABLED_KYBER=no ]
)
ENABLED_WC_KYBER=no
for v in `echo $ENABLED_KYBER | tr "," " "`
do
case $v in
yes | all)
ENABLED_KYBER512=yes
ENABLED_KYBER768=yes
ENABLED_KYBER1024=yes
;;
no)
;;
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KYBER_SMALL"
;;
512)
ENABLED_KYBER512=yes
;;
768)
ENABLED_KYBER768=yes
;;
1024)
ENABLED_KYBER1024=yes
;;
*)
AC_MSG_ERROR([Invalid choice for KYBER []: $ENABLED_KYBER.])
break;;
esac
done
if test "$ENABLED_KYBER" != "no"
then
2024-03-15 16:15:26 -05:00
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([KYBER requires --enable-experimental.]) ])
2022-09-08 11:23:30 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_KYBER"
2024-03-12 09:43:26 +10:00
# Use liboqs if specified.
if test "$ENABLED_LIBOQS" = "no"; then
ENABLED_WC_KYBER=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_KYBER"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_KYBER"
fi
2023-06-06 14:26:06 +10:00
if test "$ENABLED_KYBER512" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
fi
if test "$ENABLED_KYBER768" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
fi
if test "$ENABLED_KYBER1024" = ""; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
fi
2022-09-09 11:41:30 -04:00
if test "$ENABLED_WC_KYBER" = "yes"
then
2022-11-30 17:17:28 -05:00
test "$enable_sha3" = "" && enable_sha3=yes
test "$enable_shake128" = "" && enable_shake128=yes
test "$enable_shake256" = "" && enable_shake256=yes
2022-09-08 11:23:30 +10:00
fi
fi
2023-10-05 09:18:50 -05:00
# XMSS
AC_ARG_ENABLE([xmss],
[AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])],
[ ENABLED_XMSS=$enableval ],
[ ENABLED_XMSS=no ]
)
for v in `echo $ENABLED_XMSS | tr "," " "`
do
case $v in
yes)
;;
no)
;;
verify-only)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XMSS_VERIFY_ONLY -DXMSS_VERIFY_ONLY"
;;
2024-01-23 15:22:46 +10:00
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS_SMALL"
;;
2023-10-05 09:18:50 -05:00
*)
AC_MSG_ERROR([Invalid choice for XMSS []: $ENABLED_XMSS.])
break;;
esac
done
# libxmss
# Get the path to xmss-reference.
ENABLED_LIBXMSS="no"
trylibxmssdir=""
AC_ARG_WITH([libxmss],
2024-03-15 16:15:26 -05:00
[AS_HELP_STRING([--with-libxmss=PATH],[PATH to xmss-reference root dir. (requires --enable-experimental)!])],
2023-10-05 09:18:50 -05:00
[
2024-03-15 16:15:26 -05:00
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([libxmss requires --enable-experimental.]) ])
2023-10-05 09:18:50 -05:00
AC_MSG_CHECKING([for libxmss])
trylibxmssdir=$withval
if test -e $trylibxmssdir; then
libxmss_linked=yes
else
AC_MSG_ERROR([libxmss isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
2023-10-09 10:13:32 -05:00
if test "$XMSS_VERIFY_ONLY" = "yes"; then
if test -e $trylibxmssdir/xmss_verify_lib.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_verify_lib.a"
enable_shared=no
enable_static=yes
libxmss_linked=yes
else
AC_MSG_ERROR([xmss_verify_lib.a isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
elif test -e $trylibxmssdir/xmss_lib.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibxmssdir/xmss_lib.a"
enable_shared=no
enable_static=yes
libxmss_linked=yes
else
AC_MSG_ERROR([libxmss isn't found.
If it's already installed, specify its path using --with-libxmss=/dir/])
fi
2023-10-05 09:18:50 -05:00
XMSS_ROOT=$trylibxmssdir
AC_MSG_RESULT([yes])
2023-10-09 10:13:32 -05:00
AM_CPPFLAGS="$CPPFLAGS"
2023-10-05 09:18:50 -05:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBXMSS -I$trylibxmssdir"
ENABLED_LIBXMSS="yes"
AC_SUBST([XMSS_ROOT])
],
[XMSS_ROOT=""]
)
2024-05-03 10:58:54 +10:00
if test "$ENABLED_XMSS" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS"
# Use hash-sigs XMSS lib if enabled.
if test "$ENABLED_LIBXMSS" = "yes"; then
ENABLED_WC_XMSS=no
else
ENABLED_WC_XMSS=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS"
fi
fi
2023-08-29 15:46:18 -05:00
# LMS
AC_ARG_ENABLE([lms],
[AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
[ ENABLED_LMS=$enableval ],
[ ENABLED_LMS=no ]
)
for v in `echo $ENABLED_LMS | tr "," " "`
do
case $v in
yes)
;;
no)
;;
verify-only)
2023-08-31 21:46:00 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY"
2023-08-29 15:46:18 -05:00
;;
2024-02-29 08:44:33 +10:00
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL"
;;
2023-08-29 15:46:18 -05:00
*)
AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.])
break;;
esac
done
2023-07-06 10:55:53 -05:00
# liblms
# Get the path to the hash-sigs LMS HSS lib.
ENABLED_LIBLMS="no"
tryliblmsdir=""
AC_ARG_WITH([liblms],
2024-03-15 16:15:26 -05:00
[AS_HELP_STRING([--with-liblms=PATH],[PATH to hash-sigs LMS/HSS install (default /usr/local) (requires --enable-experimental)!])],
2023-07-06 10:55:53 -05:00
[
2024-03-15 16:15:26 -05:00
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([liblms requires --enable-experimental.]) ])
2023-07-06 10:55:53 -05:00
AC_MSG_CHECKING([for liblms])
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <hss.h>]], [[ param_set_t lm_type; param_set_t lm_ots_type; hss_get_public_key_len(4, &lm_type, &lm_ots_type); ]])], [ liblms_linked=yes ],[ liblms_linked=no ])
if test "x$liblms_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
tryliblmsdir=$withval
fi
if test "x$withval" = "xyes" ; then
tryliblmsdir="/usr/local"
fi
2023-08-29 15:46:18 -05:00
# 1. If verify only build, use hss_verify.a
# 2. If normal build, by default use single-threaded hss_lib.a
# 3. If 2 not found, then use the multi-threaded hss_lib_thread.a
if test "$LMS_VERIFY_ONLY" = "yes"; then
if test -e $tryliblmsdir/hss_verify.a; then
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_verify.a"
enable_shared=no
enable_static=yes
liblms_linked=yes
else
AC_MSG_ERROR([hss_verify.a isn't found.
If it's already installed, specify its path using --with-liblms=/dir/])
fi
elif test -e $tryliblmsdir/hss_lib.a; then
2023-07-10 23:43:07 -05:00
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib.a"
enable_shared=no
enable_static=yes
liblms_linked=yes
elif test -e $tryliblmsdir/hss_lib_thread.a; then
2023-07-06 10:55:53 -05:00
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBLMS -I$tryliblmsdir"
LIB_STATIC_ADD="$LIB_STATIC_ADD $tryliblmsdir/hss_lib_thread.a"
enable_shared=no
enable_static=yes
liblms_linked=yes
else
AC_MSG_ERROR([liblms isn't found.
If it's already installed, specify its path using --with-liblms=/dir/])
fi
if test "x$liblms_linked" = "xno" ; then
AC_MSG_ERROR([liblms isn't found.
If it's already installed, specify its path using --with-liblms=/dir/])
fi
AC_MSG_RESULT([yes])
AM_CPPFLAGS="$CPPFLAGS"
AM_LDFLAGS="$LDFLAGS"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBLMS"
ENABLED_LIBLMS="yes"
]
)
2024-05-03 10:58:54 +10:00
if test "$ENABLED_LMS" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
# Use hash-sigs LMS lib if enabled.
if test "$ENABLED_LIBLMS" = "yes"; then
ENABLED_WC_LMS=no
else
ENABLED_WC_LMS=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS"
fi
fi
2011-02-05 11:14:47 -08:00
# SINGLE THREADED
2013-03-13 12:58:50 -07:00
AC_ARG_ENABLE([singlethreaded],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_SINGLETHREADED=$enableval ],
2012-10-19 20:09:17 -07:00
[ ENABLED_SINGLETHREADED=no ])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
AX_PTHREAD([
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
2018-05-11 10:21:47 -07:00
# If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
# versions of clang don't need the -Q flag when using pthreads.
AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
2022-09-07 11:34:27 -06:00
AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS"
2013-04-01 15:50:13 -07:00
LIBS="$LIBS $PTHREAD_LIBS"
2012-10-19 20:09:17 -07:00
],[
ENABLED_SINGLETHREADED=yes
])
2018-06-08 10:47:14 -07:00
])
2012-10-19 20:09:17 -07:00
2021-10-29 13:59:53 -07:00
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" ])
2011-02-05 11:14:47 -08:00
2023-02-14 13:55:59 +01:00
# Enable rwlock
AC_ARG_ENABLE([rwlock],
[AS_HELP_STRING([--enable-rwlock],[Enable use of rwlock (default: disabled)])],
[ENABLED_RWLOCK=$enableval],
[ENABLED_RWLOCK=no])
if test "$ENABLED_RWLOCK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_RWLOCK"
fi
2022-06-30 10:12:07 -07:00
# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])
AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
2023-01-18 11:30:46 -08:00
# ECH
AC_ARG_ENABLE([ech],
[AS_HELP_STRING([--enable-ech],[Enable ECH (default: disabled)])],
[ ENABLED_ECH=$enableval ],
[ ENABLED_ECH=no ]
)
if test "$ENABLED_ECH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECH"
test "$enable_hpke" = "" && enable_hpke=yes
test "$enable_ecc" = "" && enable_ecc=yes
test "$enable_curve25519" = "" && enable_curve25519=yes
test "$enable_sha256" = "" && enable_sha256=yes
test "$enable_tlsx" = "" && enable_tlsx=yes
test "$enable_sni" = "" && enable_sni=yes
test "$enable_tls13" = "" && enable_tls13=yes
fi
2011-02-05 11:14:47 -08:00
# DTLS
2021-10-01 09:56:58 -07:00
# DTLS is a prereq for the options mcast, sctp, and jni. Enabling any of those
# without DTLS will also enable DTLS.
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([dtls],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ]
)
if test "$ENABLED_DTLS" = "yes"
then
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
2011-02-05 11:14:47 -08:00
fi
2020-03-18 12:36:11 +10:00
# DTLS change MTU
AC_ARG_ENABLE([dtls-mtu],
[AS_HELP_STRING([--enable-dtls-mtu],[Enable setting the MTU size for wolfSSL DTLS (default: disabled)])],
[ ENABLED_DTLS_MTU=$enableval ],
[ ENABLED_DTLS_MTU=no ]
)
if test "$ENABLED_DTLS_MTU" = "yes"
then
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU"
2020-03-18 12:36:11 +10:00
fi
2023-07-20 16:10:23 -06:00
# KeyLog file export
AC_ARG_ENABLE([keylog-export],
2023-10-12 13:09:43 -05:00
[AS_HELP_STRING([--enable-keylog-export],[Enable insecure export of TLS secrets to an NSS keylog file (default: disabled)])],
2023-07-20 16:10:23 -06:00
[ ENABLED_KEYLOG_EXPORT=$enableval ],
[ ENABLED_KEYLOG_EXPORT=no ]
)
if test "$ENABLED_KEYLOG_EXPORT" = "yes"
then
2023-10-12 13:09:43 -05:00
AC_MSG_WARN([Keylog export enabled -- Sensitive key data will be stored insecurely.])
AM_CFLAGS="$AM_CFLAGS -DSHOW_SECRETS -DHAVE_SECRET_CALLBACK -DWOLFSSL_SSLKEYLOGFILE -DWOLFSSL_KEYLOG_EXPORT_WARNED"
2023-07-20 16:10:23 -06:00
fi
2020-05-12 15:37:26 -07:00
# TLS v1.3 Draft 18 (Note: only final TLS v1.3 supported, here for backwards build compatibility)
AC_ARG_ENABLE([tls13-draft18],
[AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
[ ENABLED_TLS13_DRAFT18=$enableval ],
[ ENABLED_TLS13_DRAFT18=no ]
)
2016-11-24 01:31:07 +10:00
# TLS v1.3
AC_ARG_ENABLE([tls13],
2020-06-02 14:41:19 -07:00
[AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: enabled)])],
2016-11-24 01:31:07 +10:00
[ ENABLED_TLS13=$enableval ],
2020-05-04 07:42:50 -07:00
[ ENABLED_TLS13=yes ]
2016-11-24 01:31:07 +10:00
)
2022-03-09 10:35:39 -08:00
if test "x$FIPS_VERSION" = "xv1" ||
2022-06-30 10:12:07 -07:00
( test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1 ) ||
test "$ENABLED_CRYPTONLY" = "yes"
2020-05-12 11:53:19 -07:00
then
ENABLED_TLS13="no"
fi
2016-11-24 01:31:07 +10:00
2022-08-08 13:24:00 +02:00
# QUIC support
AC_ARG_ENABLE([quic],
[AS_HELP_STRING([--enable-quic],[Enable QUIC API with wolfSSL TLS v1.3 (default: disabled)])],
[ ENABLED_QUIC=$enableval ],
[ ENABLED_QUIC=no ]
)
if test "$ENABLED_QUIC" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([TLS 1.3 is disabled - necessary for QUIC])
fi
2023-11-15 01:47:46 -06:00
if test "$enable_aesgcm" = "no"
then
AC_MSG_ERROR([AES-GCM is disabled - necessary for QUIC])
fi
2022-08-08 13:24:00 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QUIC"
# QUIC proto handlers need app_data at WOLFSSL*
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
fi
2017-06-22 12:40:41 +10:00
# Post-handshake Authentication
AC_ARG_ENABLE([postauth],
[AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])],
[ ENABLED_TLS13_POST_AUTH=$enableval ],
[ ENABLED_TLS13_POST_AUTH=no ]
)
if test "$ENABLED_TLS13_POST_AUTH" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
2021-01-06 14:19:57 +10:00
AC_MSG_NOTICE([TLS 1.3 is disabled - disabling Post-handshake Authentication])
ENABLED_TLS13_POST_AUTH="no"
else
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_POST_HANDSHAKE_AUTH"
2017-06-22 12:40:41 +10:00
fi
fi
2017-11-20 11:07:32 +10:00
# Hello Retry Request Cookie
2017-06-27 08:52:53 +10:00
AC_ARG_ENABLE([hrrcookie],
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
2022-08-26 12:25:54 +02:00
[ ENABLED_SEND_HRR_COOKIE=undefined ]
2017-06-27 08:52:53 +10:00
)
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
2021-01-06 14:19:57 +10:00
AC_MSG_NOTICE([TLS 1.3 is disabled - disabling HRR Cookie])
ENABLED_SEND_HRR_COOKIE="no"
else
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
2017-06-27 08:52:53 +10:00
fi
fi
2019-06-20 11:43:29 -07:00
# RNG
2016-11-01 10:21:29 -06:00
AC_ARG_ENABLE([rng],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
2016-11-01 10:21:29 -06:00
[ ENABLED_RNG=$enableval ],
[ ENABLED_RNG=yes ]
2016-10-31 16:51:02 -06:00
)
2016-11-01 10:21:29 -06:00
if test "$ENABLED_RNG" = "no"
2016-10-31 16:51:02 -06:00
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
fi
2016-08-01 07:51:42 -07:00
# DTLS-SCTP
AC_ARG_ENABLE([sctp],
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
[ENABLED_SCTP=$enableval],
[ENABLED_SCTP=no])
2016-08-29 15:15:59 -07:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AC_MSG_CHECKING([for SCTP])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <sys/socket.h>
#include <arpa/inet.h>
]],
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
2021-10-06 18:07:06 -05:00
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])],
: ,
: ,
: )])
2016-08-29 15:15:59 -07:00
2022-01-13 16:09:11 -08:00
# DTLS-SRTP
AC_ARG_ENABLE([srtp],
[AS_HELP_STRING([--enable-srtp],[Enable wolfSSL DTLS-SRTP support (default: disabled)])],
[ENABLED_SRTP=$enableval],
[ENABLED_SRTP=no])
2016-08-01 07:51:42 -07:00
2016-12-06 14:08:52 -08:00
# DTLS-MULTICAST
AC_ARG_ENABLE([mcast],
[AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
[ENABLED_MCAST=$enableval],
[ENABLED_MCAST=no])
2018-04-10 09:55:03 -07:00
# List of open source project defines using our openssl compatibility layer:
2021-05-21 16:56:36 +02:00
# bind dns (--enable-bind) WOLFSSL_BIND
2021-07-30 13:37:31 -07:00
# libssh2 (--enable-libssh2)
2019-11-14 18:15:04 +01:00
# openssh (--enable-openssh) WOLFSSL_OPENSSH
2020-04-27 13:35:51 +02:00
# openvpn (--enable-openvpn) WOLFSSL_OPENVPN
2021-09-13 23:41:21 -05:00
# nginx (--enable-nginx) WOLFSSL_NGINX
2021-07-26 10:05:13 -07:00
# ntp (--enable-ntp)
2021-08-12 14:25:19 +02:00
# openresty (--enable-openresty)
2018-04-10 09:55:03 -07:00
# haproxy (--enable-haproxy) WOLFSSL_HAPROXY
# wpa_supplicant (--enable-wpas) WOLFSSL_WPAS
# ssl fortress (--enable-fortress) FORTRESS
# ssl bump (--enable-bump)
# signal (--enable-signal)
# lighty (--enable-lighty) HAVE_LIGHTY
2021-08-12 09:50:06 -07:00
# rsyslog (--enable-rsyslog)
2018-04-10 09:55:03 -07:00
# stunnel (--enable-stunnel) HAVE_STUNNEL
2021-12-22 17:34:58 -05:00
# curl (--enable-curl) HAVE_CURL
2020-07-29 23:46:08 +02:00
# libest (--enable-libest) HAVE_LIBEST
2018-07-02 10:48:02 -06:00
# asio (--enable-asio) WOLFSSL_ASIO
2019-10-21 12:03:18 -06:00
# libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS
2019-12-06 14:27:01 -07:00
# qt (--enable-qt) WOLFSSL_QT
# qt test (--enable-qt-test) WOLFSSL_QT_TEST
2018-04-10 09:55:03 -07:00
# HAVE_POCO_LIB
# WOLFSSL_MYSQL_COMPATIBLE
# web server (--enable-webserver) HAVE_WEBSERVER
2021-07-09 15:14:11 +02:00
# net-snmp (--enable-net-snmp)
2021-10-01 14:08:58 +02:00
# krb (--enable-krb) WOLFSSL_KRB
2022-03-28 12:47:19 +02:00
# FFmpeg (--enable-ffmpeg) WOLFSSL_FFMPEG
2022-06-09 16:23:00 +02:00
# strongSwan (--enable-strongswan)
2022-06-25 16:14:35 +04:00
# OpenLDAP (--enable-openldap)
2023-06-22 16:43:10 -07:00
# hitch (--enable-hitch)
2023-06-02 15:06:22 -07:00
# memcached (--enable-memcached)
2018-04-10 09:55:03 -07:00
2021-05-21 16:56:36 +02:00
# Bind DNS compatibility Build
AC_ARG_ENABLE([bind],
[AS_HELP_STRING([--enable-bind],[Enable Bind DNS compatibility build (default: disabled)])],
[ENABLED_BIND=$enableval],
[ENABLED_BIND=no])
2021-07-30 13:37:31 -07:00
AC_ARG_ENABLE([libssh2],
[AS_HELP_STRING([--enable-libssh2],[Enable libssh2 compatibility build (default: disabled)])],
[ENABLED_LIBSSH2=$enableval],
[ENABLED_LIBSSH2=no])
2015-07-17 09:14:58 -07:00
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
[ENABLED_OPENSSH=$enableval],
[ENABLED_OPENSSH=no])
2020-01-28 15:29:24 +01:00
# OpenVPN compatibility Build
AC_ARG_ENABLE([openvpn],
[AS_HELP_STRING([--enable-openvpn],[Enable OpenVPN compatibility build (default: disabled)])],
[ENABLED_OPENVPN=$enableval],
[ENABLED_OPENVPN=no])
2021-08-12 14:25:19 +02:00
# openresty compatibility build
AC_ARG_ENABLE([openresty],
[AS_HELP_STRING([--enable-openresty],[Enable openresty (default: disabled)])],
[ ENABLED_OPENRESTY=$enableval ],
[ ENABLED_OPENRESTY=no ]
)
2016-12-22 12:53:29 +10:00
# nginx compatibility build
AC_ARG_ENABLE([nginx],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])],
2016-12-22 12:53:29 +10:00
[ ENABLED_NGINX=$enableval ],
[ ENABLED_NGINX=no ]
)
2015-07-17 09:14:58 -07:00
2022-01-18 22:02:50 -08:00
# chrony support. Needs the compatibility layer for SNI callback functionality,
# but otherwise uses pure wolfCrypt.
AC_ARG_ENABLE([chrony],
[AS_HELP_STRING([--enable-chrony],[Enable chrony support (default: disabled)])],
[ ENABLED_CHRONY=$enableval ],
[ ENABLED_CHRONY=no ]
)
if test "$ENABLED_CHRONY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
fi
2021-08-12 14:25:19 +02:00
if test "$ENABLED_OPENRESTY" = "yes"
then
ENABLED_NGINX="yes"
fi
2022-06-25 16:14:35 +04:00
# OpenLDAP support
AC_ARG_ENABLE([openldap],
[AS_HELP_STRING([--enable-openldap],[Enable OpenLDAP support (default: disabled)])],
[ ENABLED_OPENLDAP=$enableval ],
[ ENABLED_OPENLDAP=no ]
)
2020-07-01 23:19:13 -04:00
# lighty Support
AC_ARG_ENABLE([lighty],
[AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
[ ENABLED_LIGHTY=$enableval ],
[ ENABLED_LIGHTY=no ]
)
2021-08-12 09:50:06 -07:00
# rsyslog Support
AC_ARG_ENABLE([rsyslog],
[AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])],
[ ENABLED_RSYSLOG=$enableval ],
[ ENABLED_RSYSLOG=no ]
)
2020-07-01 23:19:13 -04:00
2017-04-11 14:18:41 +02:00
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])],
2017-04-11 14:18:41 +02:00
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
2018-02-08 15:50:17 +10:00
# wpa_supplicant support
AC_ARG_ENABLE([wpas],
[AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])],
[ ENABLED_WPAS=$enableval ],
[ ENABLED_WPAS=no ]
)
2020-04-03 13:32:49 +02:00
# wpa_supplicant support
AC_ARG_ENABLE([wpas-dpp],
[AS_HELP_STRING([--enable-wpas-dpp],[Enable wpa_supplicant support with dpp (default: disabled)])],
[ ENABLED_WPAS_DPP=$enableval ],
[ ENABLED_WPAS_DPP=no ]
)
2022-06-10 18:13:39 +02:00
if test "$ENABLED_WPAS_DPP" = "yes"
then
ENABLED_WPAS="yes"
fi
2021-07-26 10:05:13 -07:00
# ntp support
AC_ARG_ENABLE([ntp],
[AS_HELP_STRING([--enable-ntp],[Enable ntp support (default: disabled)])],
[ ENABLED_NTP=$enableval ],
[ ENABLED_NTP=no ]
)
2018-02-08 15:50:17 +10:00
# Fortress build
AC_ARG_ENABLE([fortress],
[AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])],
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
)
2019-10-21 12:03:18 -06:00
# libwebsockets Support
AC_ARG_ENABLE([libwebsockets],
[AS_HELP_STRING([--enable-libwebsockets],[Enable libwebsockets (default: disabled)])],
[ ENABLED_LIBWEBSOCKETS=$enableval ],
[ ENABLED_LIBWEBSOCKETS=no ]
)
if test "$ENABLED_LIBWEBSOCKETS" = "yes"
then
2020-08-06 16:05:03 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_NO_EC"
2019-10-21 12:03:18 -06:00
fi
2018-02-08 15:50:17 +10:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_FORTRESS="yes"
2019-12-20 17:24:06 +01:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH -DHAVE_EX_DATA -DWOLFSSL_BASE16"
2018-02-08 15:50:17 +10:00
fi
2021-07-13 20:37:32 +02:00
# net-snmp Build
AC_ARG_ENABLE([net-snmp],
[AS_HELP_STRING([--enable-net-snmp],[Enable net-snmp (default: disabled)])],
[ ENABLED_NETSNMP=$enableval ],
[ ENABLED_NETSNMP=no ]
)
2021-10-01 14:08:58 +02:00
# kerberos 5 Build
AC_ARG_ENABLE([krb],
[AS_HELP_STRING([--enable-krb],[Enable kerberos 5 support (default: disabled)])],
[ ENABLED_KRB=$enableval ],
[ ENABLED_KRB=no ]
)
2021-12-04 00:57:49 -06:00
2022-03-28 12:47:19 +02:00
# FFmpeg Build
AC_ARG_ENABLE([ffmpeg],
[AS_HELP_STRING([--enable-ffmpeg],[Enable FFmpeg support (default: disabled)])],
[ ENABLED_FFMPEG=$enableval ],
[ ENABLED_FFMPEG=no ]
)
2021-10-01 14:08:58 +02:00
2020-05-07 12:26:52 +02:00
#IP alternative name Support
AC_ARG_ENABLE([ip-alt-name],
[AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
[ ENABLE_IP_ALT_NAME=$enableval ],
[ ENABLE_IP_ALT_NAME=no ]
)
if test "$ENABLE_IP_ALT_NAME" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
fi
2019-12-06 14:27:01 -07:00
#Qt Support
AC_ARG_ENABLE([qt],
[AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])],
[ ENABLED_QT=$enableval ],
[ ENABLED_QT=no ]
)
2018-02-08 15:50:17 +10:00
# ssl bump build
AC_ARG_ENABLE([bump],
[AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])],
[ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ]
)
# SNIFFER
AC_ARG_ENABLE([sniffer],
[AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
[ ENABLED_SNIFFER=$enableval ],
[ ENABLED_SNIFFER=no ]
)
2017-11-13 18:12:18 +09:00
# signal compatibility build
AC_ARG_ENABLE([signal],
[AS_HELP_STRING([--enable-signal],[Enable signal (default: disabled)])],
[ ENABLED_SIGNAL=$enableval ],
[ ENABLED_SIGNAL=no ]
)
2017-04-11 14:18:41 +02:00
2022-06-09 16:23:00 +02:00
# strongSwan support
AC_ARG_ENABLE([strongswan],
[AS_HELP_STRING([--enable-strongswan],[Enable strongSwan support (default: disabled)])],
[ ENABLED_STRONGSWAN=$enableval ],
[ ENABLED_STRONGSWAN=no ]
)
2023-06-22 16:43:10 -07:00
# hitch support
AC_ARG_ENABLE([hitch],
[AS_HELP_STRING([--enable-hitch],[Enable hitch support (default: disabled)])],
[ ENABLED_HITCH=$enableval ],
[ ENABLED_HITCH=no ]
)
2023-06-02 15:06:22 -07:00
# memcached support
AC_ARG_ENABLE([memcached],
[AS_HELP_STRING([--enable-memcached],[Enable memcached support (default: disabled)])],
[ ENABLED_MEMCACHED=$enableval ],
[ ENABLED_MEMCACHED=no ]
)
2019-10-23 15:51:19 -07:00
# OpenSSL Coexist
2017-09-25 18:47:36 -07:00
AC_ARG_ENABLE([opensslcoexist],
[AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])],
[ ENABLED_OPENSSLCOEXIST=$enableval ],
[ ENABLED_OPENSSLCOEXIST=no ]
)
2022-01-31 11:56:11 -05:00
2022-02-04 16:05:58 -05:00
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes" || test "$ENABLED_WOLFENGINE" = "yes"
2017-09-25 18:47:36 -07:00
then
2024-04-19 16:15:38 -06:00
# make sure old names are disabled (except RNG)
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
2017-09-25 18:47:36 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST"
fi
2021-02-08 17:12:24 -07:00
# S/MIME
AC_ARG_ENABLE([smime],
[AS_HELP_STRING([--enable-smime],[Enable S/MIME (default: disabled)])],
[ ENABLED_SMIME=$enableval ],
[ ENABLED_SMIME=no ]
)
2017-09-25 18:47:36 -07:00
2021-12-21 13:24:27 +01:00
# Platform Security Architecture (PSA)
AC_ARG_ENABLE([psa],
[AS_HELP_STRING([--enable-psa],[use Platform Security Architecture (PSA) interface (default: disabled)])],
[ ENABLED_PSA=$enableval ],
[ ENABLED_PSA=no ]
)
AC_ARG_WITH([psa-include],
[AS_HELP_STRING([--with-psa-include=PATH],
[PATH to directory with PSA header files])],
[PSA_INCLUDE=$withval],
[PSA_INCLUDE=""])
AC_ARG_WITH([psa-lib],
[AS_HELP_STRING([--with-psa-lib=PATH],[PATH to directory with the PSA library])],
[PSA_LIB=$withval],
[PSA_LIB=""])
AC_ARG_WITH([psa-lib-name],
[AS_HELP_STRING([--with-psa-lib-name=NAME],[NAME of PSA library])],
[PSA_LIB_NAME=$withval],
[PSA_LIB_NAME=""])
AC_ARG_ENABLE([psa-lib-static],
[AS_HELP_STRING([--enable-psa-lib-static],[Link PSA as static library (default: disable)])],
[ ENABLED_PSA_STATIC=$enableval ],
[ ENABLED_PSA_STATIC=no ]
)
if test "x$ENABLED_PSA" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_PSA"
fi
if test "x$ENABLED_PSA" != "xyes" && \
2023-04-21 16:05:43 -05:00
(test "x$PSA_LIB" != "x" || test "x$PSA_INCLUDE" != "x" || test "x$PSA_LIB_NAME" != "x" )
2021-12-21 13:24:27 +01:00
then
AC_MSG_ERROR([to use PSA you need to enable it with --enable-psa])
fi
if test -n "$PSA_LIB"
then
AC_MSG_CHECKING([for $PSA_LIB])
if ! test -d "$PSA_LIB"
then
AC_MSG_ERROR([PSA lib dir $PSA_LIB not found.])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$PSA_LIB"
fi
if test -n "$PSA_LIB_NAME"
then
if test "x$ENABLED_PSA_STATIC" = "xyes"
then
LIB_STATIC_ADD="$LIB_STATIC_ADD $PSA_LIB/$PSA_LIB_NAME"
else
LIB_ADD="$LIB_ADD -l$PSA_LIB_NAME"
fi
fi
if test -n "$PSA_INCLUDE"
then
AC_MSG_CHECKING([for $PSA_INCLUDE])
if ! test -d "$PSA_INCLUDE"
then
AC_MSG_ERROR([psa include dir $PSA_INCLUDE not found.])
fi
AC_MSG_RESULT([yes])
AM_CFLAGS="$AM_CFLAGS -I$PSA_INCLUDE"
fi
AC_SUBST([PSA_LIB])
AC_SUBST([PSA_LIB_NAME])
AC_SUBST([PSA_INCLUDE])
2018-04-10 09:55:03 -07:00
# OPENSSL Compatibility ALL
AC_ARG_ENABLE([opensslall],
[AS_HELP_STRING([--enable-opensslall],[Enable all OpenSSL API, size++ (default: disabled)])],
[ ENABLED_OPENSSLALL=$enableval ],
[ ENABLED_OPENSSLALL=no ]
)
2021-08-12 09:50:06 -07:00
if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \
test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \
2021-08-31 16:28:24 -07:00
test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \
2021-10-01 14:08:58 +02:00
test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
2022-03-28 12:47:19 +02:00
test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
2022-06-25 16:14:35 +04:00
test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
2023-06-22 16:43:10 -07:00
test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
2019-10-21 12:03:18 -06:00
then
ENABLED_OPENSSLALL="yes"
fi
2018-04-10 09:55:03 -07:00
2011-02-05 11:14:47 -08:00
# OPENSSL Extra Compatibility
2013-03-13 12:58:50 -07:00
AC_ARG_ENABLE([opensslextra],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
2022-08-08 13:24:00 +02:00
if test "$ENABLED_QUIC" = "yes"
then
ENABLED_OPENSSLEXTRA="yes"
fi
2021-02-10 17:14:17 +01:00
# One Error Queue per Thread
AC_ARG_ENABLE([error-queue-per-thread],
[AS_HELP_STRING([--enable-error-queue-per-thread],[Enable one error queue per thread. Requires thread local storage. (default: disabled)])],
[ ENABLED_ERRORQUEUEPERTHREAD=$enableval ],
2022-12-07 18:14:45 +01:00
[ ENABLED_ERRORQUEUEPERTHREAD=check ]
2021-02-10 17:14:17 +01:00
)
2022-12-07 18:14:45 +01:00
if test "$ENABLED_ERRORQUEUEPERTHREAD" = "check"
then
2023-07-11 09:24:27 -06:00
AS_IF([test "$thread_ls_on" = "no" ||
test "$ENABLED_SINGLETHREADED" = "yes"],
2022-12-07 18:14:45 +01:00
[ENABLED_ERRORQUEUEPERTHREAD=no],
[ENABLED_ERRORQUEUEPERTHREAD=yes])
fi
2021-02-10 17:14:17 +01:00
if test "$ENABLED_ERRORQUEUEPERTHREAD" = "yes"
then
2022-12-07 18:14:45 +01:00
if test "$thread_ls_on" != "yes"
then
AC_MSG_ERROR(error-queue-per-thread needs thread-local storage.)
fi
AM_CFLAGS="$AM_CFLAGS -DERROR_QUEUE_PER_THREAD"
2021-02-10 17:14:17 +01:00
fi
2015-04-01 11:55:49 -07:00
# High Strength Build
AC_ARG_ENABLE([maxstrength],
2018-04-10 08:38:14 -07:00
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strength build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
2015-04-01 11:55:49 -07:00
[ENABLED_MAXSTRENGTH=$enableval],
[ENABLED_MAXSTRENGTH=no])
2016-07-25 13:24:36 -07:00
# Harden, enable Timing Resistance and Blinding by default
AC_ARG_ENABLE([harden],
[AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
[ENABLED_HARDEN=$enableval],
[ENABLED_HARDEN=yes])
if test "$ENABLED_HARDEN" = "yes"
then
2018-09-14 14:09:27 -07:00
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
if test "$ENABLED_RNG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
fi
2017-07-10 14:40:07 -07:00
else
2022-06-24 15:55:08 -05:00
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN -DWC_NO_CACHE_RESISTANT"
2016-07-25 13:24:36 -07:00
fi
2011-02-05 11:14:47 -08:00
# IPv6 Test Apps
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([ipv6],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ]
)
if test "$ENABLED_IPV6" = "yes"
then
2017-03-15 11:25:24 -07:00
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
2011-02-05 11:14:47 -08:00
fi
2020-09-17 08:55:52 -07:00
if test "$ENABLED_WPAS" = "small"
2020-05-08 13:38:26 -07:00
then
2020-09-16 15:41:20 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
2020-09-17 08:55:52 -07:00
fi
if test "$ENABLED_WPAS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
2021-02-12 14:11:17 -08:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
2020-09-17 08:55:52 -07:00
fi
if test "$ENABLED_WPAS" != "no"
then
2020-05-08 13:38:26 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
2020-09-16 15:41:20 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
2020-05-08 13:38:26 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
2020-09-16 15:41:20 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
2020-10-28 11:47:31 +10:00
2020-09-16 15:41:20 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
2021-08-03 17:52:30 +02:00
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT"
AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
2021-09-01 16:51:03 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL"
2022-04-22 15:54:04 +02:00
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
2022-06-13 20:29:56 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"
2022-06-14 16:43:35 +02:00
AM_CFLAGS="$AM_CFLAGS -DWC_CTC_NAME_SIZE=128"
2022-06-24 16:38:56 -05:00
if test "$ENABLED_OPENSSLEXTRA" = "no"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
2020-05-08 13:38:26 -07:00
fi
2017-02-10 08:45:10 +10:00
2011-10-26 17:10:44 -07:00
if test "$ENABLED_FORTRESS" = "yes"
then
2018-02-08 15:50:17 +10:00
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
2011-10-26 17:10:44 -07:00
fi
2011-10-04 12:29:59 -07:00
if test "$ENABLED_BUMP" = "yes"
then
2021-07-23 22:00:26 -05:00
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
2011-10-04 12:29:59 -07:00
fi
2015-08-13 10:20:47 +02:00
# lean psk build
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([leanpsk],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
2012-10-29 15:39:42 -07:00
[ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ]
)
if test "$ENABLED_LEANPSK" = "yes"
then
2022-01-19 14:29:51 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
2012-11-02 16:49:31 -07:00
ENABLED_SLOWMATH="no"
2012-11-30 15:45:43 -08:00
ENABLED_SINGLETHREADED="yes"
2017-11-09 11:05:28 -08:00
enable_lowresource=yes
2012-10-29 15:39:42 -07:00
fi
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
AC_ARG_ENABLE([leantls],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])],
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
[ ENABLED_LEANTLS=$enableval ],
[ ENABLED_LEANTLS=no ]
)
if test "$ENABLED_LEANTLS" = "yes"
then
2022-01-19 14:29:51 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY -DNO_WOLFSSL_CM_VERIFY"
2017-11-09 11:05:28 -08:00
enable_lowresource=yes
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
fi
2017-11-09 11:05:28 -08:00
# low resource options to reduce flash and memory use
AC_ARG_ENABLE([lowresource],
[AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])],
[ ENABLED_LOWRESOURCE=$enableval ],
[ ENABLED_LOWRESOURCE=no ]
)
if test "$ENABLED_LOWRESOURCE" = "yes"
then
# low memory / flash flags
2023-05-02 12:35:14 -07:00
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO"
2017-11-09 11:05:28 -08:00
# low flash flags
AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
2023-05-02 12:35:14 -07:00
# AES small
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL -DWOLFSSL_AES_NO_UNROLL -DWOLFSSL_AES_SMALL_TABLES"
2017-11-09 11:05:28 -08:00
fi
2019-07-16 11:21:08 -07:00
# TITAN cache
AC_ARG_ENABLE([titancache],
[AS_HELP_STRING([--enable-titancache],[Enable titan session cache (default: disabled)])],
[ ENABLED_TITANCACHE=$enableval ],
[ ENABLED_TITANCACHE=no ]
2011-02-05 11:14:47 -08:00
)
2019-07-16 11:21:08 -07:00
if test "$ENABLED_TITANCACHE" = "yes"
2011-02-05 11:14:47 -08:00
then
2019-07-16 11:21:08 -07:00
AM_CFLAGS="$AM_CFLAGS -DTITAN_SESSION_CACHE"
2011-02-05 11:14:47 -08:00
fi
# HUGE cache
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([hugecache],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ]
)
if test "$ENABLED_HUGECACHE" = "yes"
then
2011-08-24 15:54:58 -07:00
AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
2011-02-05 11:14:47 -08:00
fi
2019-07-16 11:21:08 -07:00
# big cache
AC_ARG_ENABLE([bigcache],
[AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
[ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ]
)
if test "$ENABLED_BIGCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
fi
2011-09-06 16:23:25 -07:00
# SMALL cache
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([smallcache],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])],
2011-09-06 16:23:25 -07:00
[ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ]
)
if test "$ENABLED_SMALLCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
fi
2015-08-13 10:20:47 +02:00
# Persistent session cache
2013-04-24 11:10:23 -07:00
AC_ARG_ENABLE([savesession],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])],
2013-04-24 11:10:23 -07:00
[ ENABLED_SAVESESSION=$enableval ],
[ ENABLED_SAVESESSION=no ]
)
if test "$ENABLED_SAVESESSION" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
2015-08-13 10:20:47 +02:00
# Persistent cert cache
2013-05-02 11:34:26 -07:00
AC_ARG_ENABLE([savecert],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])],
2013-05-02 11:34:26 -07:00
[ ENABLED_SAVECERT=$enableval ],
[ ENABLED_SAVECERT=no ]
)
if test "$ENABLED_SAVECERT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
2017-03-20 15:08:34 -07:00
# Write duplicate WOLFSSL object
AC_ARG_ENABLE([writedup],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])],
2017-03-20 15:08:34 -07:00
[ ENABLED_WRITEDUP=$enableval ],
[ ENABLED_WRITEDUP=no ]
)
if test "$ENABLED_WRITEDUP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
fi
2015-08-13 10:20:47 +02:00
# Atomic User Record Layer
2013-08-09 17:27:15 -07:00
AC_ARG_ENABLE([atomicuser],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])],
2013-08-09 17:27:15 -07:00
[ ENABLED_ATOMICUSER=$enableval ],
[ ENABLED_ATOMICUSER=no ]
)
if test "$ENABLED_ATOMICUSER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
2015-08-13 10:20:47 +02:00
# Public Key Callbacks
2013-08-22 18:19:39 -07:00
AC_ARG_ENABLE([pkcallbacks],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])],
2013-08-22 18:19:39 -07:00
[ ENABLED_PKCALLBACKS=$enableval ],
[ ENABLED_PKCALLBACKS=no ]
)
if test "$ENABLED_PKCALLBACKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
2022-09-21 03:21:33 -04:00
# Maxim Integrated MAXQ10XX
ENABLED_MAXQ10XX="no"
maxqpartnumber=""
AC_ARG_WITH([maxq10xx],
[AS_HELP_STRING([--with-maxq10xx=PART],[MAXQ10XX PART Number])],
[
AC_MSG_CHECKING([for maxq10xx])
# Read the part number
maxqpartnumber=$withval
if test "$maxqpartnumber" = "MAXQ1065"; then
LIB_STATIC_ADD="$LIB_STATIC_ADD lib/libmaxq1065_api.a"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAXQ1065"
ENABLED_MAXQ10XX="yes"
AC_CHECK_LIB([rt], [clock_gettime])
elif test "$maxqpartnumber" = "MAXQ108x"; then
LIB_STATIC_ADD="$LIB_STATIC_ADD lib/libmaxq108x_api.a"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAXQ108X"
ENABLED_MAXQ10XX="yes"
AC_CHECK_LIB([rt], [clock_gettime])
else
AC_MSG_ERROR([need a valid MAXQ part number])
fi
AC_MSG_RESULT([yes])
]
)
2018-09-26 14:16:32 -07:00
# Microchip/Atmel CryptoAuthLib
ENABLED_CRYPTOAUTHLIB="no"
trylibatcadir=""
AC_ARG_WITH([cryptoauthlib],
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
[
AC_MSG_CHECKING([for cryptoauthlib])
CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
LIBS="$LIBS -lcryptoauth"
2018-09-11 15:46:46 -07:00
2018-09-26 14:16:32 -07:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
2019-03-01 15:54:08 -08:00
if test "x$libatca_linked" = "xno" ; then
2018-09-26 14:16:32 -07:00
if test "x$withval" != "xno" ; then
trylibatcadir=$withval
fi
2019-03-01 15:54:08 -08:00
if test "x$withval" = "xyes" ; then
2018-09-26 14:16:32 -07:00
trylibatcadir="/usr"
fi
2018-09-11 15:46:46 -07:00
2018-09-26 14:16:32 -07:00
LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
2019-03-01 15:54:08 -08:00
if test "x$libatca_linked" = "xno" ; then
2018-09-26 14:16:32 -07:00
AC_MSG_ERROR([cryptoauthlib isn't found.
If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
fi
2018-09-27 15:41:58 -07:00
AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib"
AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib"
2018-09-26 14:16:32 -07:00
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
2018-09-27 15:41:58 -07:00
2018-09-26 14:16:32 -07:00
ENABLED_CRYPTOAUTHLIB="yes"
2018-09-27 15:41:58 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
2018-09-26 14:16:32 -07:00
]
)
2018-09-11 15:46:46 -07:00
2021-08-20 12:59:41 -06:00
# NXP SE050
2021-09-02 14:17:27 -07:00
# Example: "./configure --with-se050=/home/pi/simw_top"
2021-08-20 12:59:41 -06:00
ENABLED_SE050="no"
trylibse050dir=""
AC_ARG_WITH([se050],
2022-10-19 10:10:48 -06:00
[AS_HELP_STRING([--with-se050=PATH],[PATH to SE050 install (default /usr/local)])],
2021-08-20 12:59:41 -06:00
[
AC_MSG_CHECKING([for SE050])
2021-08-20 15:45:10 -07:00
LIBS="$LIBS -lSSS_APIs"
2021-08-20 12:59:41 -06:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0);]])],[ libse050_linked=yes ],[ libse050_linked=no ])
if test "x$libse050_linked" = "xno" ; then
if test "x$withval" != "xno" ; then
trylibse050dir=$withval
fi
if test "x$withval" = "xyes" ; then
2022-10-19 10:10:48 -06:00
trylibse050dir="/usr/local"
2021-08-20 12:59:41 -06:00
fi
2022-10-19 10:10:48 -06:00
LDFLAGS="$LDFLAGS -L$trylibse050dir/lib"
2021-08-20 15:45:10 -07:00
LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss"
2022-10-19 10:10:48 -06:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/include/se05x"
2021-09-02 14:17:27 -07:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/build"
2021-08-20 15:45:10 -07:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc"
2021-09-02 14:17:27 -07:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/ex/inc"
2021-08-20 15:45:10 -07:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default"
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc"
2023-01-26 17:46:33 -07:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/log"
2021-08-20 15:45:10 -07:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra"
2023-01-26 17:46:33 -07:00
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/se05x_03_xx_xx"
2021-08-20 15:45:10 -07:00
2021-10-12 12:10:23 -05:00
if test -e "$trylibse050dir/build/sss/libSSS_APIs.a"; then
SE050_STATIC=yes
else
SE050_STATIC=no
fi
2021-08-20 15:45:10 -07:00
if test "x$SE050_STATIC" = "xyes"; then
2021-09-02 14:17:27 -07:00
LIB_STATIC_ADD="$trylibse050dir/build/sss/ex/src/libex_common.a \
$trylibse050dir/build/sss/libSSS_APIs.a \
$trylibse050dir/build/hostlib/hostLib/se05x/libse05x.a \
$trylibse050dir/build/hostlib/hostLib/liba7x_utils.a \
2022-01-04 16:10:57 -08:00
$trylibse050dir/build/hostlib/hostLib/libCommon/log/libmwlog.a \
2021-09-02 14:17:27 -07:00
$trylibse050dir/build/hostlib/hostLib/libCommon/libsmCom.a $LIB_STATIC_ADD"
2021-08-20 15:45:10 -07:00
else
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ])
if test "x$libse050_linked" = "xno" ; then
AC_MSG_ERROR([SE050 isn't found.
If it's already installed, specify its path using --with-se050=/dir/])
fi
2021-08-20 12:59:41 -06:00
fi
2021-08-20 15:45:10 -07:00
# Requires AES direct
2022-10-19 10:10:48 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"
2021-08-20 12:59:41 -06:00
2021-11-01 16:18:59 -07:00
# Does not support SHA2-512 224/256
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
2021-08-20 12:59:41 -06:00
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
ENABLED_SE050="yes"
2021-09-02 14:17:27 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050 -DSSS_USE_FTR_FILE"
2021-08-20 12:59:41 -06:00
]
)
2018-09-11 15:46:46 -07:00
2015-03-12 12:07:48 -07:00
ENABLED_SNIFFTEST=no
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
[
2020-07-09 13:52:49 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DWOLFSSL_STATIC_EPHEMERAL"
2015-03-12 12:07:48 -07:00
AC_CHECK_HEADERS([pcap/pcap.h],
[ ENABLED_SNIFFTEST=yes ],
[ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
)
])
2012-10-19 22:00:17 -04:00
2017-11-09 11:05:28 -08:00
2018-07-25 11:22:48 +10:00
# AES-CBC
AC_ARG_ENABLE([aescbc],
[AS_HELP_STRING([--enable-aescbc],[Enable wolfSSL AES-CBC support (default: enabled)])],
[ ENABLED_AESCBC=$enableval ],
[ ENABLED_AESCBC=yes ]
)
if test "$ENABLED_AESCBC" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
2023-08-25 13:40:15 +10:00
AM_CCASFLAGS="$AM_CCASFLAGS -DNO_AES_CBC"
2018-07-25 11:22:48 +10:00
fi
2021-03-26 14:04:25 -05:00
# AES-CBC length checks (checks that input lengths are multiples of block size)
AC_ARG_ENABLE([aescbc_length_checks],
[AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])],
[ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ],
[ ENABLED_AESCBC_LENGTH_CHECKS=no ]
)
if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS"
fi
2018-07-25 11:22:48 +10:00
# leanpsk and leantls don't need gcm
2012-06-13 21:31:32 -07:00
# AES-GCM
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([aesgcm],
2015-03-31 16:23:28 -07:00
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
2012-06-13 21:31:32 -07:00
[ ENABLED_AESGCM=$enableval ],
2015-03-27 11:12:42 -07:00
[ ENABLED_AESGCM=yes ]
2012-06-13 21:31:32 -07:00
)
2021-03-04 16:01:45 +10:00
AC_ARG_ENABLE([aesgcm-stream],
2021-07-14 15:32:33 -05:00
[AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: disabled)])],
2021-03-04 16:01:45 +10:00
[ ENABLED_AESGCM_STREAM=$enableval ],
[ ENABLED_AESGCM_STREAM=no ]
)
2012-06-13 21:31:32 -07:00
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# leanpsk and leantls don't need gcm
2022-03-09 10:35:39 -08:00
if test "$FIPS_VERSION" = "rand" || test "$ENABLED_LEANPSK" = "yes" ||
(test "$ENABLED_LEANTLS" = "yes" && test "$ENABLED_TLS13" = "no")
2015-03-29 11:30:05 -07:00
then
ENABLED_AESGCM=no
fi
2020-10-14 14:08:06 +10:00
if test "$ENABLED_AESGCM" = "yes" && test "$ac_cv_c_bigendian" != "yes"
2012-07-19 14:44:08 -07:00
then
2020-10-14 14:08:06 +10:00
ENABLED_AESGCM="4bit"
2012-06-13 21:31:32 -07:00
fi
2013-01-10 16:46:47 -08:00
# AES-CCM
AC_ARG_ENABLE([aesccm],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])],
2013-01-10 16:46:47 -08:00
[ ENABLED_AESCCM=$enableval ],
[ ENABLED_AESCCM=no ]
)
2022-02-04 16:05:58 -05:00
if test "$ENABLED_AESCCM" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
2013-01-10 16:46:47 -08:00
then
2013-04-01 14:25:20 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
2022-10-05 16:33:52 +10:00
AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESCCM"
2013-01-10 16:46:47 -08:00
fi
2023-09-25 17:37:26 -06:00
# AES-EAX
AC_ARG_ENABLE([aeseax],
[AS_HELP_STRING([--enable-aeseax],[Enable wolfSSL AES-EAX support (default: disabled)])],
[ ENABLED_AESEAX=$enableval ],
[ ENABLED_AESEAX=no ]
)
if test "$ENABLED_AESEAX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_EAX"
fi
2022-01-14 16:52:03 -08:00
# AES-SIV (RFC 5297)
AC_ARG_ENABLE([aessiv],
[AS_HELP_STRING([--enable-aessiv],[Enable AES-SIV (RFC 5297) (default: disabled)])],
[ ENABLED_AESSIV=$enableval ],
[ ENABLED_AESSIV=no ]
)
2013-01-10 16:46:47 -08:00
2022-01-18 22:02:50 -08:00
if test "$ENABLED_CHRONY" = "yes"
then
ENABLED_AESSIV=yes
fi
2023-09-25 17:37:26 -06:00
# AES-CTR
2016-12-04 15:23:51 +01:00
AC_ARG_ENABLE([aesctr],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
2016-12-04 15:23:51 +01:00
[ ENABLED_AESCTR=$enableval ],
[ ENABLED_AESCTR=no ]
)
2023-09-25 17:37:26 -06:00
if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes"
2020-01-28 15:29:24 +01:00
then
ENABLED_AESCTR=yes
fi
2016-12-04 15:23:51 +01:00
2022-08-08 13:24:00 +02:00
if test "$ENABLED_QUIC" = "yes"
then
ENABLED_AESCTR=yes
fi
2020-01-21 15:51:12 -08:00
# AES-OFB
AC_ARG_ENABLE([aesofb],
[AS_HELP_STRING([--enable-aesofb],[Enable wolfSSL AES-OFB support (default: disabled)])],
[ ENABLED_AESOFB=$enableval ],
[ ENABLED_AESOFB=no ]
)
if test "$ENABLED_AESOFB" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB -DWOLFSSL_AES_DIRECT"
fi
2018-01-12 11:05:43 -07:00
# AES-CFB
AC_ARG_ENABLE([aescfb],
[AS_HELP_STRING([--enable-aescfb],[Enable wolfSSL AES-CFB support (default: disabled)])],
[ ENABLED_AESCFB=$enableval ],
[ ENABLED_AESCFB=no ]
)
if test "$ENABLED_AESCFB" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
fi
2023-10-10 15:34:29 +10:00
AC_ARG_ENABLE([aes-bitsliced],
[AS_HELP_STRING([--enable-aes-bitsliced],[Enable bitsliced implementation of AES (default: disabled)])],
[ ENABLED_AESBS=$enableval ],
[ ENABLED_AESBS=no ]
)
if test "$ENABLED_AESBS" = "yes"
then
2023-12-13 14:41:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWC_AES_BITSLICED -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT"
2023-10-10 15:34:29 +10:00
fi
2018-01-12 11:05:43 -07:00
2023-02-10 11:48:59 +10:00
# SM4
ENABLED_SM4="no"
AC_ARG_ENABLE([sm4-ecb],
[AS_HELP_STRING([--enable-sm4-ecb],[Enable wolfSSL SM4-ECB support (default: disabled)])],
[ ENABLED_SM4_ECB=$enableval ],
[ ENABLED_SM4_ECB=no ]
)
if test "$ENABLED_SM4_ECB" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
fi
if test "$ENABLED_SM4_ECB" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_ECB"
ENABLED_SM4="yes"
fi
AC_ARG_ENABLE([sm4-cbc],
[AS_HELP_STRING([--enable-sm4-cbc],[Enable wolfSSL SM4-CBC support (default: disabled)])],
[ ENABLED_SM4_CBC=$enableval ],
[ ENABLED_SM4_CBC=no ]
)
if test "$ENABLED_SM4_CBC" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
fi
if test "$ENABLED_SM4_CBC" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_CBC"
ENABLED_SM4="yes"
fi
AC_ARG_ENABLE([sm4-ctr],
[AS_HELP_STRING([--enable-sm4-ctr],[Enable wolfSSL SM4-CTR support (default: disabled)])],
[ ENABLED_SM4_CTR=$enableval ],
[ ENABLED_SM4_CTR=no ]
)
if test "$ENABLED_SM4_CTR" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
fi
if test "$ENABLED_SM4_CTR" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_CTR"
ENABLED_SM4="yes"
fi
AC_ARG_ENABLE([sm4-gcm],
2023-08-08 13:06:00 -04:00
[AS_HELP_STRING([--enable-sm4-gcm],[Enable wolfSSL SM4-GCM support (default: disabled)])],
2023-02-10 11:48:59 +10:00
[ ENABLED_SM4_GCM=$enableval ],
[ ENABLED_SM4_GCM=no ]
)
if test "$ENABLED_SM4_GCM" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
fi
if test "$ENABLED_SM4_GCM" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_GCM"
ENABLED_SM4="yes"
fi
AC_ARG_ENABLE([sm4-ccm],
2023-08-08 13:06:00 -04:00
[AS_HELP_STRING([--enable-sm4-ccm],[Enable wolfSSL SM4-CCM support (default: disabled)])],
2023-02-10 11:48:59 +10:00
[ ENABLED_SM4_CCM=$enableval ],
[ ENABLED_SM4_CCM=no ]
)
if test "$ENABLED_SM4_CCM" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
fi
if test "$ENABLED_SM4_CCM" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_CCM"
ENABLED_SM4="yes"
fi
if test "$ENABLED_SM4" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4"
fi
2022-02-07 09:20:49 +10:00
ENABLED_ARMASM_INLINE="no"
ENABLED_ARMASM_SHA3="no"
2023-02-10 11:48:59 +10:00
ENABLED_ARMASM_CRYPTO_SM4="no"
2021-08-30 22:56:38 +10:00
# ARM Assembly
2022-02-07 09:20:49 +10:00
# Both SHA3 and SHA512 instructions available with ARMV8.2-a
2016-07-22 15:49:15 +00:00
AC_ARG_ENABLE([armasm],
2022-02-07 09:20:49 +10:00
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled). Set to sha512-crypto or sha3-crypto to use SHA512 and SHA3 instructions with Aarch64 CPU.])],
2016-07-22 15:49:15 +00:00
[ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ]
)
2021-08-30 22:56:38 +10:00
if test "$ENABLED_ARMASM" != "no" && test "$ENABLED_ASM" = "yes"
2016-07-22 15:49:15 +00:00
then
2022-02-07 09:20:49 +10:00
2021-08-30 22:56:38 +10:00
for v in `echo $ENABLED_ARMASM | tr "," " "`
do
case $v in
yes)
;;
2022-02-07 09:20:49 +10:00
inline)
ENABLED_ARMASM_INLINE=yes
;;
sha512-crypto | sha3-crypto)
2021-08-30 22:56:38 +10:00
case $host_cpu in
*aarch64*)
;;
*)
2022-02-07 09:20:49 +10:00
AC_MSG_ERROR([SHA512/SHA3 instructions only available on Aarch64 CPU.])
2021-08-30 22:56:38 +10:00
break;;
esac
2022-02-07 09:20:49 +10:00
ENABLED_ARMASM_SHA3=yes
2023-02-10 11:48:59 +10:00
ENABLED_ARMASM_PLUS=yes
;;
sm4)
case $host_cpu in
*aarch64*)
;;
*)
AC_MSG_ERROR([SM4 instructions only available on Aarch64 CPU.])
break;;
esac
ENABLED_ARMASM_SM4=yes
# gcc requires -march=...+sm4 to enable SM4 instructions
ENABLED_ARMASM_CRYPTO_SM4=yes
ENABLED_ARMASM_PLUS=yes
;;
sm3)
case $host_cpu in
*aarch64*)
;;
*)
AC_MSG_ERROR([SM3 instructions only available on Aarch64 CPU.])
break;;
esac
ENABLED_ARMASM_SM3=yes
# gcc requires -march=...+sm4 to enable SM3 instructions
ENABLED_ARMASM_CRYPTO_SM4=yes
ENABLED_ARMASM_PLUS=yes
2021-08-30 22:56:38 +10:00
;;
*)
2022-02-07 09:20:49 +10:00
AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, sha512-crypto, sha3-crypto): $ENABLED_ARMASM.])
2021-08-30 22:56:38 +10:00
break;;
esac
done
ENABLED_ARMASM="yes"
2019-07-23 09:56:18 +10:00
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM"
2018-06-12 16:45:38 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW"
2016-09-28 10:22:27 -06:00
#Check if mcpu and mfpu values already set if not use default
case $CPPFLAGS in
*mcpu* | *mfpu*)
break;; #Do not override user set values
*)
case $host_cpu in
*aarch64*)
2020-09-29 13:38:02 +10:00
case $host_os in
*darwin*)
2022-01-21 16:20:32 +10:00
# All known Aarch64 Mac computers support SHA-512 instructions
2022-02-07 09:20:49 +10:00
ENABLED_ARMASM_SHA3=yes
2020-09-29 13:38:02 +10:00
;;
*)
# +crypto needed for hardware acceleration
2023-02-10 11:48:59 +10:00
if test "$ENABLED_ARMASM_PLUS" = "yes"; then
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv8.2-a+crypto"
if test "$ENABLED_ARMASM_SHA3" = "yes"; then
AM_CPPFLAGS="$AM_CPPFLAGS+sha3"
fi
if test "$ENABLED_ARMASM_CRYPTO_SM4" = "yes"; then
AM_CPPFLAGS="$AM_CPPFLAGS+sm4"
fi
2022-02-07 09:20:49 +10:00
else
AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
fi
2020-09-29 13:38:02 +10:00
;;
esac
2020-08-10 11:59:10 +10:00
# Include options.h
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
2022-05-18 16:23:48 +10:00
ENABLED_ARMASM_CRYPTO=yes
2023-07-13 17:24:36 +10:00
ENABLED_ARMASM_NEON=yes
2018-12-17 17:12:14 -07:00
# Check for and set -mstrict-align compiler flag
# Used to set assumption that Aarch64 systems will not handle
# unaligned memory references. The flag -mstrict-align is needed
# on some compiler versions to avoid an invalid addressing mode
# error with "m" constraint variables in the inline assembly AES
# code. Even though unaligned load/store access is permitted on
# normal memory with Cortex-A series boards with the exception
# being exclusive and ordered access.
case $CPPFLAGS in
*mstrict-align*)
break;; # already set by user
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mstrict-align"
AC_MSG_NOTICE([64bit ARMv8, setting -mstrict-align]);;
esac
2022-05-18 16:23:48 +10:00
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto])
;;
2023-02-16 10:36:38 +10:00
armv7a*)
2023-08-29 09:16:09 -07:00
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm"
2022-05-18 16:23:48 +10:00
# Include options.h
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
ENABLED_ARMASM_CRYPTO=no
2022-10-25 12:10:09 -05:00
ENABLED_AESGCM_STREAM=no # not yet implemented
2023-07-13 17:24:36 +10:00
ENABLED_ARMASM_NEON=yes
2022-08-24 14:24:17 +10:00
AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon])
2022-05-18 16:23:48 +10:00
;;
2023-07-13 17:24:36 +10:00
armv7m*)
# QEMU doesn't work with armv7-m
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
# Include options.h
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
ENABLED_ARMASM_CRYPTO=no
ENABLED_AESGCM_STREAM=no # not yet implemented
ENABLED_ARMASM_NEON=no
AC_MSG_NOTICE([32bit ARMv7-m found])
;;
2023-09-11 22:21:16 +10:00
armv6*)
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv6 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=6"
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
ENABLED_ARMASM_CRYPTO=no
ENABLED_AESGCM_STREAM=no # not yet implemented
ENABLED_ARMASM_NEON=no
AC_MSG_NOTICE([32bit ARMv6 found])
;;
armv4*)
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv4 -fomit-frame-pointer -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=4"
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
ENABLED_ARMASM_CRYPTO=no
ENABLED_AESGCM_STREAM=no # not yet implemented
ENABLED_ARMASM_NEON=no
AC_MSG_NOTICE([32bit ARMv4 found])
;;
2016-09-28 10:22:27 -06:00
*)
2023-07-13 17:24:36 +10:00
AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8 -marm"
2020-08-10 11:59:10 +10:00
# Include options.h
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
2022-05-18 16:23:48 +10:00
ENABLED_ARMASM_CRYPTO=yes
2023-07-13 17:24:36 +10:00
ENABLED_ARMASM_NEON=yes
2022-05-18 16:23:48 +10:00
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8])
;;
2016-09-28 10:22:27 -06:00
esac
esac
2016-07-22 15:49:15 +00:00
fi
2022-02-07 09:20:49 +10:00
if test "$ENABLED_ARMASM_SHA3" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
2022-01-21 16:20:32 +10:00
fi
2023-02-10 11:48:59 +10:00
if test "$ENABLED_ARMASM_SM3" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM3"
fi
if test "$ENABLED_ARMASM_SM4" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM4"
fi
2023-07-13 17:24:36 +10:00
if test "$ENABLED_ARMASM_CRYPTO" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_NO_HW_CRYPTO"
fi
if test "$ENABLED_ARMASM_NEON" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_NO_NEON"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_NO_NEON"
fi
if test "$ENABLED_ARMASM_INLINE" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_INLINE"
fi
2022-01-21 16:20:32 +10:00
2017-06-07 11:37:21 -06:00
# Xilinx hardened crypto
AC_ARG_ENABLE([xilinx],
[AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
[ ENABLED_XILINX=$enableval ],
[ ENABLED_XILINX=no ]
)
if test "$ENABLED_XILINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XILINX -DWOLFSSL_XILINX_CRYPT"
fi
2020-08-07 14:40:44 -06:00
# CAAM build
2021-12-08 23:59:19 +00:00
trylibsecodir="/usr"
AC_ARG_WITH([seco],
[AS_HELP_STRING([--with-seco=PATH],[PATH to SECO install (default /usr/lib/)])],
[
AC_MSG_CHECKING([for SECO])
if test "x$withval" != "xno" ; then
trylibsecodir=$withval
fi
]
)
2023-07-06 13:05:39 -04:00
AC_ARG_ENABLE([aria],
[AS_HELP_STRING([--enable-aria],[Enable wolfSSL support for ARIA (default: disabled)])],
[ ENABLED_ARIA=$enableval ],
[ ENABLED_ARIA=no ]
)
if test "$ENABLED_ARIA" = "yes"
then
ARIA_DIR=MagicCrypto
# Enable dependency
CFLAGS="$CFLAGS -I$ARIA_DIR/include"
2023-08-24 15:57:14 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ARIA"
2023-07-06 13:05:39 -04:00
AM_LDFLAGS="$AM_LDFLAGS -L$ARIA_DIR/lib -lMagicCrypto"
build_pwd="$(pwd)"
headers="mcapi_error.h mcapi_type.h mcapi.h"
for header in $headers
do
AC_CHECK_HEADER([$header], [], [
AC_MSG_ERROR([Error including $header. Please put the MagicCrypto library in $build_pwd.])
], [
extern int dummy_int_to_make_compiler_happy;
])
done
fi
2020-08-07 14:40:44 -06:00
AC_ARG_ENABLE([caam],
[AS_HELP_STRING([--enable-caam],[Enable wolfSSL support for CAAM (default: disabled)])],
[ ENABLED_CAAM=$enableval ],
[ ENABLED_CAAM=no ]
)
2023-02-20 12:55:57 -08:00
if test "$ENABLED_CAAM" != "no"
2020-08-07 14:40:44 -06:00
then
2023-02-20 12:55:57 -08:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM"
2020-08-07 14:40:44 -06:00
2023-02-20 12:55:57 -08:00
for v in `echo $ENABLED_CAAM | tr "," " "`
do
case $v in
qnx)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QNX_CAAM"
ENABLED_CAAM_QNX="yes"
;;
2021-12-08 23:59:19 +00:00
2023-02-20 12:55:57 -08:00
imx6q)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6Q_CAAM"
;;
imx6ul)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6UL_CAAM"
;;
seco)
SECO_DIR=$trylibsecodir
AM_CPPFLAGS="$AM_CPPFLAGS -I$SECO_DIR/include"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_SECO_CAAM"
AC_CHECK_LIB([hsm_lib],[hsm_open_session])
AC_CHECK_LIB([seco_nvm_manager],[seco_nvm_manager])
LIB_STATIC_ADD="$LIB_STATIC_ADD $SECO_DIR/lib/hsm_lib.a $SECO_DIR/lib/seco_nvm_manager.a"
LIB_ADD="$LIB_ADD -lz"
;;
esac
done
2021-12-08 23:59:19 +00:00
fi
2020-08-07 14:40:44 -06:00
2017-03-17 13:29:03 -07:00
# INTEL AES-NI
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([aesni],
2015-03-28 14:34:39 -07:00
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ]
)
2015-03-28 14:34:39 -07:00
# INTEL ASM
AC_ARG_ENABLE([intelasm],
[AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
[ ENABLED_INTELASM=$enableval ],
[ ENABLED_INTELASM=no ]
)
2017-11-06 14:37:34 -08:00
if test "$ENABLED_ASM" = "yes"
2017-07-18 10:14:17 +10:00
then
2017-11-06 14:37:34 -08:00
if test "$ENABLED_AESNI" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
ENABLED_AESNI=yes
fi
2017-03-17 13:29:03 -07:00
2017-11-06 14:37:34 -08:00
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
2011-02-05 11:14:47 -08:00
then
2017-11-06 14:37:34 -08:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
then
2024-04-24 16:37:41 -05:00
AM_CFLAGS="$AM_CFLAGS -DWC_C_DYNAMIC_FALLBACK"
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
fi
2022-07-07 09:30:48 +10:00
if test "$CC" != "icc"
2014-07-10 11:18:49 -06:00
then
2022-07-07 09:30:48 +10:00
case $host_os in
mingw*)
# Windows uses intrinsics for GCM which uses SSE4 instructions.
# MSVC has own build files.
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
;;
*)
# Intrinsics used in AES_set_decrypt_key (TODO: rework)
AM_CFLAGS="$AM_CFLAGS -maes"
;;
esac
2014-07-10 11:18:49 -06:00
fi
2017-11-06 14:37:34 -08:00
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
2023-07-21 09:57:53 +10:00
AS_IF([test "x$ENABLED_SM3" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SM3"])
2011-02-05 11:14:47 -08:00
fi
2017-11-06 14:37:34 -08:00
if test "$ENABLED_INTELASM" = "yes"
then
2021-03-31 14:25:57 -07:00
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
2017-11-06 14:37:34 -08:00
ENABLED_AESNI=yes
fi
2022-09-30 16:19:40 +10:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
then
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_64_BUILD"
fi
if test "$host_cpu" = "x86"
then
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_BUILD"
ENABLED_X86_ASM=yes
fi
2015-03-28 14:34:39 -07:00
fi
2021-05-26 11:33:33 -07:00
AC_ARG_ENABLE([aligndata],
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
[ ENABLED_ALIGN_DATA=$enableval ],
[ ENABLED_ALIGN_DATA=yes ]
)
if test "$ENABLED_ALIGN_DATA" = "yes"
then
2021-06-30 09:45:19 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN"
2021-05-26 11:33:33 -07:00
fi
2017-03-17 13:29:03 -07:00
# INTEL RDRAND
AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
[ ENABLED_INTELRDRAND=$enableval ],
[ ENABLED_INTELRDRAND=no ]
)
if test "$ENABLED_INTELRDRAND" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
fi
2022-03-15 15:20:08 -07:00
# AMD RDSEED
AC_ARG_ENABLE([amdrand],
[AS_HELP_STRING([--enable-amdrand],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])],
[ ENABLED_AMDRDSEED=$enableval ],
[ ENABLED_AMDRDSEED=no ]
)
if test "$ENABLED_AMDRDSEED" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AMD_RDSEED"
fi
2011-02-05 11:14:47 -08:00
2019-10-23 15:51:19 -07:00
# Linux af_alg
2018-07-18 17:26:25 -06:00
AC_ARG_ENABLE([afalg],
[AS_HELP_STRING([--enable-afalg],[Enable Linux af_alg use for crypto (default: disabled)])],
[ ENABLED_AFALG=$enableval ],
[ ENABLED_AFALG=no ]
)
if test "$ENABLED_AFALG" = "yes"
then
2019-08-30 16:15:48 -06:00
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
2018-07-18 17:26:25 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
fi
2018-08-24 10:24:53 -06:00
if test "$ENABLED_AFALG" = "xilinx"
2019-01-18 16:08:23 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3 -DWOLFSSL_AFALG_XILINX_RSA"
2021-06-01 11:38:17 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
2019-01-18 16:08:23 -07:00
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
if test "$ENABLED_AFALG" = "xilinx-aes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
if test "$ENABLED_AFALG" = "xilinx-sha3"
2018-08-24 10:24:53 -06:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
2019-01-18 16:08:23 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3"
2021-06-01 11:38:17 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
2018-08-24 10:24:53 -06:00
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
2019-01-18 16:08:23 -07:00
if test "$ENABLED_AFALG" = "xilinx-rsa"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_RSA"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
2018-07-18 17:26:25 -06:00
2021-08-19 11:25:59 +10:00
# libkcapi
AC_ARG_ENABLE([kcapi-hash],
[AS_HELP_STRING([--enable-kcapi-hash],[Enable libkcapi use for hashing (default: disabled)])],
[ ENABLED_KCAPI_HASH=$enableval ],
[ ENABLED_KCAPI_HASH=no ]
)
AC_ARG_ENABLE([kcapi-hmac],
[AS_HELP_STRING([--enable-kcapi-hmac],[Enable libkcapi use for HMAC (default: disabled)])],
2021-12-16 17:03:01 -06:00
[ ENABLED_KCAPI_HMAC=$enableval ],
[ ENABLED_KCAPI_HMAC=no ]
2021-08-19 11:25:59 +10:00
)
AC_ARG_ENABLE([kcapi-aes],
[AS_HELP_STRING([--enable-kcapi-aes],[Enable libkcapi use for AES (default: disabled)])],
[ ENABLED_KCAPI_AES=$enableval ],
[ ENABLED_KCAPI_AES=no ]
)
AC_ARG_ENABLE([kcapi-rsa],
[AS_HELP_STRING([--enable-kcapi-rsa],[Enable libkcapi use for RSA (default: disabled)])],
[ ENABLED_KCAPI_RSA=$enableval ],
[ ENABLED_KCAPI_RSA=no ]
)
AC_ARG_ENABLE([kcapi-dh],
[AS_HELP_STRING([--enable-kcapi-dh],[Enable libkcapi use for DH (default: disabled)])],
[ ENABLED_KCAPI_DH=$enableval ],
[ ENABLED_KCAPI_DH=no ]
)
AC_ARG_ENABLE([kcapi-ecc],
[AS_HELP_STRING([--enable-kcapi-ecc],[Enable libkcapi use for ECC (default: disabled)])],
[ ENABLED_KCAPI_ECC=$enableval ],
[ ENABLED_KCAPI_ECC=no ]
)
2021-12-16 17:03:01 -06:00
AC_ARG_ENABLE([kcapi],
[AS_HELP_STRING([--enable-kcapi],[Enable libkcapi use for crypto (default: disabled)])],
[ ENABLED_KCAPI=$enableval ],
[ ENABLED_KCAPI=no ]
)
if test "$ENABLED_KCAPI" = "yes"
then
AS_IF([test "$enable_kcapi_hash" != "no"], [ENABLED_KCAPI_HASH=yes])
AS_IF([test "$enable_kcapi_hmac" != "no"], [ENABLED_KCAPI_HMAC=yes])
AS_IF([test "$enable_kcapi_aes" != "no"], [ENABLED_KCAPI_AES=yes])
2022-03-17 14:41:35 -07:00
AS_IF([test "$enable_kcapi_rsa" != "no"], [ENABLED_KCAPI_RSA=yes])
AS_IF([test "$enable_kcapi_dh" != "no"], [ENABLED_KCAPI_DH=yes])
AS_IF([test "$enable_kcapi_ecc" != "no"], [ENABLED_KCAPI_ECC=yes])
2021-12-16 17:03:01 -06:00
fi
2022-03-17 14:41:35 -07:00
if test "$ENABLED_KCAPI_HASH" != "no" ||
test "$ENABLED_KCAPI_HMAC" != "no" ||
test "$ENABLED_KCAPI_AES" != "no" ||
test "$ENABLED_KCAPI_RSA" != "no" ||
test "$ENABLED_KCAPI_DH" != "no" ||
test "$ENABLED_KCAPI_ECC" != "no"
then
LIBS="$LIBS -lkcapi"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI"
fi
2021-12-16 17:03:01 -06:00
if test "$ENABLED_KCAPI_HASH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HASH -DWOLFSSL_KCAPI_HASH_KEEP"
# Linux Kernel doesn't support truncated SHA512 algorithms
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
fi
if test "$ENABLED_KCAPI_HMAC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HMAC"
fi
if test "$ENABLED_KCAPI_AES" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_AES"
HAVE_AESGCM_PORT=yes
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
2023-01-19 10:54:48 -06:00
if test "$ENABLED_AESGCM_STREAM" = "yes"
then
AC_MSG_ERROR([--enable-aesgcm-stream is incompatible with --enable-kcapi.])
fi
2021-12-16 17:03:01 -06:00
fi
if test "$ENABLED_KCAPI_RSA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_RSA"
fi
if test "$ENABLED_KCAPI_DH" = "yes"
then
2022-03-04 15:03:58 -08:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_DH -DWOLFSSL_DH_EXTRA"
2021-12-16 17:03:01 -06:00
fi
2021-08-19 11:25:59 +10:00
if test "$ENABLED_KCAPI_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_ECC"
fi
2018-08-17 09:46:16 -06:00
# Support for Linux dev/crypto calls
AC_ARG_ENABLE([devcrypto],
[AS_HELP_STRING([--enable-devcrypto],[Enable Linux dev crypto calls: all | aes (all aes support) | hash (all hash algos) | cbc (aes-cbc only) (default: disabled)])],
[ ENABLED_DEVCRYPTO=$enableval ],
[ ENABLED_DEVCRYPTO=no ]
)
if test "$ENABLED_DEVCRYPTO" = "yes" || test "$ENABLED_DEVCRYPTO" = "all"
then
#enable all devcrypto supported algorithms
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
2019-08-13 14:12:45 -06:00
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
2018-08-17 09:46:16 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "aes"
then
#enable only AES-CBC algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
2019-08-13 14:12:45 -06:00
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
2018-08-17 09:46:16 -06:00
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "cbc"
then
#enable only AES-CBC algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "hash"
then
#enable only hash algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
ENABLED_DEVCRYPTO=yes
fi
2021-12-08 23:59:19 +00:00
if test "$ENABLED_DEVCRYPTO" = "hmac"
then
#enable only hmac algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HMAC"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "rsa"
then
#enable only rsa algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_RSA"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "seco"
then
#enable support of devcrypto for algos not supported with seco
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HMAC"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CURVE25519"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_ECDSA"
ENABLED_DEVCRYPTO=yes
fi
2018-08-17 09:46:16 -06:00
2013-01-17 21:52:31 -08:00
# Camellia
AC_ARG_ENABLE([camellia],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])],
2013-01-17 21:52:31 -08:00
[ ENABLED_CAMELLIA=$enableval ],
[ ENABLED_CAMELLIA=no ]
)
if test "$ENABLED_CAMELLIA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
fi
2012-07-27 14:01:02 -07:00
# MD2
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([md2],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])],
2012-07-27 14:01:02 -07:00
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
2014-12-31 13:04:03 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
2012-07-27 14:01:02 -07:00
fi
2015-08-13 10:20:47 +02:00
# NULL CIPHER
2013-03-12 18:49:59 -07:00
AC_ARG_ENABLE([nullcipher],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])],
2013-03-12 18:49:59 -07:00
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
2015-07-17 09:14:58 -07:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_NULL_CIPHER="yes"
fi
2013-03-12 18:49:59 -07:00
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
fi
2011-02-05 11:14:47 -08:00
# RIPEMD
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([ripemd],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ]
)
2022-05-12 14:08:20 -06:00
if test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno"
2015-07-17 09:14:58 -07:00
then
ENABLED_RIPEMD="yes"
fi
2011-02-05 11:14:47 -08:00
if test "$ENABLED_RIPEMD" = "yes"
then
2014-12-18 15:40:09 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
2011-02-05 11:14:47 -08:00
fi
2012-12-31 13:10:47 -08:00
# BLAKE2
AC_ARG_ENABLE([blake2],
2019-05-23 21:47:42 -06:00
[AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])],
2012-12-31 13:10:47 -08:00
[ ENABLED_BLAKE2=$enableval ],
[ ENABLED_BLAKE2=no ]
)
if test "$ENABLED_BLAKE2" = "yes"
then
2019-05-23 21:47:42 -06:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2 -DHAVE_BLAKE2B"
2012-12-31 13:10:47 -08:00
fi
2019-05-23 21:47:42 -06:00
AC_ARG_ENABLE([blake2s],
[AS_HELP_STRING([--enable-blake2s],[Enable wolfSSL BLAKE2s support (default: disabled)])],
[ ENABLED_BLAKE2S=$enableval ],
2020-10-15 15:05:29 -05:00
[ ENABLED_BLAKE2S=no ]
2019-05-23 21:47:42 -06:00
)
if test "$ENABLED_BLAKE2S" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S"
ENABLED_BLAKE2="yes"
fi
2012-12-31 13:10:47 -08:00
2021-02-18 15:38:11 -08:00
# set sha224 default
SHA224_DEFAULT=no
2022-05-08 12:13:18 +02:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
2021-02-18 15:38:11 -08:00
then
2022-03-09 10:35:39 -08:00
if test "x$ENABLED_AFALG" = "xno" && test "x$ENABLED_DEVCRYPTO" = "xno" &&
( test "x$ENABLED_FIPS" = "xno" ||
( test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" != 1 ) )
2021-02-18 15:38:11 -08:00
then
SHA224_DEFAULT=yes
fi
fi
# SHA224
AC_ARG_ENABLE([sha224],
2022-05-08 12:13:18 +02:00
[AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64/amd64/aarch64)])],
2021-02-18 15:38:11 -08:00
[ ENABLED_SHA224=$enableval ],
[ ENABLED_SHA224=$SHA224_DEFAULT ]
)
if test "$ENABLED_SHA224" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
fi
# set sha3 default
SHA3_DEFAULT=no
2024-03-01 19:40:27 -05:00
if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" ||
2024-04-17 00:40:39 -05:00
test "$host_cpu" = "amd64")
2021-02-18 15:38:11 -08:00
then
2021-09-27 18:07:37 -05:00
if test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -ge 2
2021-02-18 15:38:11 -08:00
then
SHA3_DEFAULT=yes
fi
fi
# SHA3
AC_ARG_ENABLE([sha3],
2022-05-08 12:13:18 +02:00
[AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64/amd64/aarch64)])],
2021-02-18 15:38:11 -08:00
[ ENABLED_SHA3=$enableval ],
[ ENABLED_SHA3=$SHA3_DEFAULT ]
)
if test "$ENABLED_SHA3" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL"
fi
2022-09-01 15:07:15 +10:00
# SHAKE128
AC_ARG_ENABLE([shake128],
[AS_HELP_STRING([--enable-shake128],[Enable wolfSSL SHAKE128 support (default: disabled)])],
[ ENABLED_SHAKE128=$enableval ],
[ ENABLED_SHAKE128=no ]
)
2021-02-18 15:38:11 -08:00
# SHAKE256
AC_ARG_ENABLE([shake256],
2021-06-01 11:38:17 -06:00
[AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])],
2022-06-17 15:12:55 -07:00
[ ENABLED_SHAKE256=$enableval ],
2021-06-11 10:01:05 +10:00
[ ENABLED_SHAKE256=no ]
2021-02-18 15:38:11 -08:00
)
2011-02-05 11:14:47 -08:00
# SHA512
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([sha512],
2018-03-07 09:41:07 -08:00
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_SHA512=$enableval ],
2018-03-07 09:41:07 -08:00
[ ENABLED_SHA512=yes ]
2011-02-05 11:14:47 -08:00
)
2017-11-06 14:37:34 -08:00
# options that don't require sha512
2024-04-17 00:40:39 -05:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes"
2015-03-31 15:55:39 -07:00
then
2019-03-01 15:54:08 -08:00
ENABLED_SHA512="no"
2015-03-31 15:55:39 -07:00
fi
2017-11-06 14:37:34 -08:00
# options that require sha512
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
2015-07-17 09:14:58 -07:00
then
ENABLED_SHA512="yes"
2018-07-20 09:42:01 +10:00
ENABLED_SHA384="yes"
2015-07-17 09:14:58 -07:00
fi
2019-03-01 15:54:08 -08:00
if test "$ENABLED_SHA512" = "yes"
2011-02-05 11:14:47 -08:00
then
2018-07-20 09:42:01 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512"
2011-02-05 11:14:47 -08:00
fi
2018-07-20 09:42:01 +10:00
# SHA384
AC_ARG_ENABLE([sha384],
[AS_HELP_STRING([--enable-sha384],[Enable wolfSSL SHA-384 support (default: enabled)])],
[ ENABLED_SHA384=$enableval ],
[ ENABLED_SHA384=yes ]
)
2019-03-01 15:54:08 -08:00
# options that don't require sha384
2024-04-17 00:40:39 -05:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes"
2018-07-20 09:42:01 +10:00
then
2019-03-01 15:54:08 -08:00
ENABLED_SHA384="no"
2018-07-20 09:42:01 +10:00
fi
# options that require sha384
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
then
ENABLED_SHA384="yes"
fi
2019-03-01 15:54:08 -08:00
if test "$ENABLED_SHA384" = "yes"
2018-07-20 09:42:01 +10:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384"
fi
2011-02-05 11:14:47 -08:00
2023-02-10 11:48:59 +10:00
# SM3
AC_ARG_ENABLE([sm3],
[AS_HELP_STRING([--enable-sm3],[Enable wolfSSL SM3 support (default: disabled)])],
[ ENABLED_SM3=$enableval ],
[ ENABLED_SM3=no ]
)
if test "$ENABLED_SM3" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM3_SMALL"
fi
if test "$ENABLED_SM3" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM3"
fi
2011-02-05 11:14:47 -08:00
# SESSION CERTS
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([sessioncerts],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ]
)
2022-06-09 16:23:00 +02:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
2023-06-22 16:43:10 -07:00
test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes"
2016-12-22 12:53:29 +10:00
then
ENABLED_SESSIONCERTS=yes
fi
2016-11-24 01:31:07 +10:00
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
then
ENABLED_SESSIONCERTS=yes
fi
2016-12-22 12:53:29 +10:00
2011-02-05 11:14:47 -08:00
if test "$ENABLED_SESSIONCERTS" = "yes"
then
2011-08-24 15:54:58 -07:00
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
2011-02-05 11:14:47 -08:00
fi
# KEY GENERATION
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([keygen],
2024-04-25 11:46:18 -07:00
[AS_HELP_STRING([--enable-keygen],[Enable key generation (only applies to RSA key generation) (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ]
)
2022-06-09 16:23:00 +02:00
if test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || \
test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_OPENRESTY" = "yes" || \
test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || \
2023-01-26 17:46:33 -07:00
test "$ENABLED_STRONGSWAN" = "yes" || test "$ENABLED_SE050" = "yes"
2021-05-21 16:56:36 +02:00
then
ENABLED_KEYGEN=yes
2021-11-05 18:18:53 -05:00
fi
2021-05-21 16:56:36 +02:00
2011-02-05 11:14:47 -08:00
# CERT GENERATION
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([certgen],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])],
2011-02-05 11:14:47 -08:00
[ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ]
)
2022-06-09 16:23:00 +02:00
if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \
test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || \
2022-06-25 16:14:35 +04:00
test "$ENABLED_CHRONY" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
2023-06-22 16:43:10 -07:00
test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
2020-01-28 15:29:24 +01:00
then
ENABLED_CERTGEN=yes
fi
2011-02-05 11:14:47 -08:00
2014-01-10 11:50:55 -08:00
# CERT REQUEST GENERATION
AC_ARG_ENABLE([certreq],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])],
2014-01-10 11:50:55 -08:00
[ ENABLED_CERTREQ=$enableval ],
[ ENABLED_CERTREQ=no ]
)
2022-06-10 18:13:39 +02:00
if test "$ENABLED_WPAS_DPP" = "yes"
then
ENABLED_CERTREQ="yes"
fi
2014-01-10 11:50:55 -08:00
2015-09-07 09:51:21 +02:00
# CERT REQUEST EXTENSION
AC_ARG_ENABLE([certext],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])],
2015-09-07 09:51:21 +02:00
[ ENABLED_CERTEXT=$enableval ],
[ ENABLED_CERTEXT=no ]
)
2022-06-09 16:23:00 +02:00
if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_STRONGSWAN" = "yes"
2020-01-28 15:29:24 +01:00
then
ENABLED_CERTEXT=yes
fi
2015-09-07 09:51:21 +02:00
2019-02-28 15:07:38 -06:00
# DECODED CERT CACHE
AC_ARG_ENABLE([certgencache],
[AS_HELP_STRING([--enable-certgencache],[Enable decoded cert caching (default: disabled)])],
[ ENABLED_certgencache=$enableval ],
[ ENABLED_certgencache=no ]
)
if test "$ENABLED_certgencache" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN_CACHE"
fi
2013-06-25 16:26:53 -07:00
# SEP
AC_ARG_ENABLE([sep],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])],
2013-06-25 16:26:53 -07:00
[ ENABLED_SEP=$enableval ],
[ ENABLED_SEP=no ]
)
if test "$ENABLED_SEP" = "yes"
then
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEP -DKEEP_PEER_CERT"
2013-06-25 16:26:53 -07:00
fi
2015-08-13 10:20:47 +02:00
# HKDF
2013-10-31 18:03:00 -07:00
AC_ARG_ENABLE([hkdf],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])],
2013-10-31 18:03:00 -07:00
[ ENABLED_HKDF=$enableval ],
[ ENABLED_HKDF=no ]
)
2016-11-24 01:31:07 +10:00
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_HKDF="yes"
fi
2013-10-31 18:03:00 -07:00
if test "$ENABLED_HKDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
fi
2023-01-18 11:30:46 -08:00
# HPKE
AC_ARG_ENABLE([hpke],
[AS_HELP_STRING([--enable-hpke],[Enable HKPE support (default: disabled)])],
[ ENABLED_HPKE=$enableval ],
[ ENABLED_HPKE=no ]
)
if test "$ENABLED_HPKE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HPKE"
test "$enable_hkdf" = "" && enable_hkdf=yes
fi
2016-12-07 20:09:54 -07:00
# X9.63 KDF
AC_ARG_ENABLE([x963kdf],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])],
2016-12-07 20:09:54 -07:00
[ ENABLED_X963KDF=$enableval ],
[ ENABLED_X963KDF=no ]
)
2022-02-04 16:05:58 -05:00
if test "$ENABLED_X963KDF" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
2016-12-07 20:09:54 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
2023-10-19 11:29:59 +10:00
# SRTP-KDF
AC_ARG_ENABLE([srtp-kdf],
[AS_HELP_STRING([--enable-srtp-kdf],[Enable SRTP-KDF support (default: disabled)])],
[ ENABLED_SRTP_KDF=$enableval ],
[ ENABLED_SRTP_KDF=no ]
)
2013-03-12 13:03:42 -07:00
# DSA
AC_ARG_ENABLE([dsa],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])],
2013-03-12 13:03:42 -07:00
[ ENABLED_DSA=$enableval ],
[ ENABLED_DSA=no ]
)
2023-11-15 14:43:23 -06:00
if test "$enable_dsa" = "" && test "$enable_sha" != "no"
2015-07-17 09:14:58 -07:00
then
2022-12-20 00:42:05 -06:00
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
then
ENABLED_DSA="yes"
fi
2015-07-17 09:14:58 -07:00
fi
2022-05-12 14:08:20 -06:00
if test "$ENABLED_DSA" = "no"
2013-03-12 13:03:42 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
2020-10-28 11:47:31 +10:00
else
ENABLED_CERTS=yes
2013-03-12 13:03:42 -07:00
fi
2016-05-04 23:14:30 -07:00
# ECC Shamir
2016-05-05 12:24:08 -07:00
AC_ARG_ENABLE([eccshamir],
2018-03-07 09:41:07 -08:00
[AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled)])],
2016-05-04 23:14:30 -07:00
[ ENABLED_ECC_SHAMIR=$enableval ],
2018-03-07 09:41:07 -08:00
[ ENABLED_ECC_SHAMIR=yes ]
2016-05-04 23:14:30 -07:00
)
2015-03-31 13:28:49 -07:00
# ECC
2013-03-12 13:03:42 -07:00
AC_ARG_ENABLE([ecc],
2018-03-07 09:41:07 -08:00
[AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled)])],
2013-03-12 13:03:42 -07:00
[ ENABLED_ECC=$enableval ],
2018-03-07 09:41:07 -08:00
[ ENABLED_ECC=yes ]
2013-03-12 13:03:42 -07:00
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# lean psk doesn't need ecc
2015-04-01 09:37:41 -07:00
if test "$ENABLED_LEANPSK" = "yes"
2015-03-31 15:55:39 -07:00
then
ENABLED_ECC=no
fi
2017-11-13 18:12:18 +09:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes"
2015-07-17 09:14:58 -07:00
then
ENABLED_ECC="yes"
fi
2020-07-16 16:06:22 -07:00
if test "$ENABLED_ECC" != "no"
2013-03-12 13:03:42 -07:00
then
2016-05-04 23:14:30 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2019-02-22 17:14:19 +10:00
if test "$ENABLED_ECC_SHAMIR" = "yes" && test "$ENABLED_LOWRESOURCE" = "no"
2016-05-04 23:14:30 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2020-07-16 16:06:22 -07:00
if test "$ENABLED_ECC" = "nonblock"
then
AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK"
fi
2020-10-28 11:47:31 +10:00
2021-07-20 16:31:56 +10:00
if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_FASTMATH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE"
fi
2020-10-28 11:47:31 +10:00
ENABLED_CERTS=yes
2013-03-12 13:03:42 -07:00
fi
2019-04-10 21:06:17 -07:00
2023-02-10 11:48:59 +10:00
# SM2
AC_ARG_ENABLE([sm2],
[AS_HELP_STRING([--enable-sm2],[Enable wolfSSL SM2 support (default: disabled)])],
[ ENABLED_SM2=$enableval ],
[ ENABLED_SM2=no ]
)
if test "$ENABLED_SM2" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([Cannot enable SM2 without enabling ecc.])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM2 -DWOLFSSL_BASE16"
fi
2016-06-16 10:09:41 -07:00
# ECC Custom Curves
AC_ARG_ENABLE([ecccustcurves],
[AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
[ ENABLED_ECCCUSTCURVES=$enableval ],
[ ENABLED_ECCCUSTCURVES=no ]
)
2022-06-10 18:13:39 +02:00
if test "$ENABLED_WPAS_DPP" = "yes"
then
ENABLED_ECCCUSTCURVES="all"
fi
2020-10-16 17:18:48 -07:00
# ECC Minimum Key Size
AC_ARG_WITH([eccminsz],
[AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])],
[
ENABLED_ECCMINSZ=$withval
AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$withval"
2024-05-15 15:19:42 -04:00
],
[ ENABLED_ECCMINSZ=224 ]
2020-10-16 17:18:48 -07:00
)
2020-10-16 15:14:02 -07:00
2016-06-21 14:06:02 -07:00
# Compressed Key
AC_ARG_ENABLE([compkey],
[AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
[ ENABLED_COMPKEY=$enableval ],
[ ENABLED_COMPKEY=no ]
)
2023-07-19 15:26:04 +02:00
if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes"
2017-02-10 08:45:10 +10:00
then
ENABLED_COMPKEY=yes
fi
2016-06-21 14:06:02 -07:00
2022-11-20 11:00:50 -06:00
# Brainpool (depends on _ECCCUSTCURVES)
if test "$ENABLED_ECCCUSTCURVES" != "no"
then
BRAINPOOL_DEFAULT=yes
else
BRAINPOOL_DEFAULT=no
fi
AC_ARG_ENABLE([brainpool],
2023-05-18 10:51:04 -07:00
[AS_HELP_STRING([--enable-brainpool],[Enable Brainpool ECC curves (default: enabled with ECC custom curves)])],
2022-11-20 11:00:50 -06:00
[ ENABLED_BRAINPOOL=$enableval ],
[ ENABLED_BRAINPOOL="$BRAINPOOL_DEFAULT" ]
)
if test "$ENABLED_BRAINPOOL" != "no"
then
if test "$ENABLED_ECCCUSTCURVES" = "no"
then
AC_MSG_ERROR([cannot enable Brainpool without enabling ecccustcurves.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_BRAINPOOL"
fi
2015-06-05 15:39:37 -06:00
# for using memory optimization setting on both curve25519 and ed25519
2017-06-16 09:41:10 -07:00
ENABLED_CURVE25519_SMALL=no
ENABLED_ED25519_SMALL=no
2015-06-05 15:39:37 -06:00
2015-03-24 11:56:40 -07:00
# CURVE25519
AC_ARG_ENABLE([curve25519],
[AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
[ ENABLED_CURVE25519=$enableval ],
[ ENABLED_CURVE25519=no ]
2015-02-19 10:59:05 -07:00
)
2022-08-17 14:25:38 -05:00
if test "$ENABLED_QUIC" = "yes" && test "$ENABLED_CURVE25519" = "no"
then
ENABLED_CURVE25519=yes
fi
2015-06-05 15:39:37 -06:00
2022-05-12 14:08:20 -06:00
if test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno"
2015-08-01 18:28:18 +02:00
then
ENABLED_CURVE25519="yes"
fi
2017-11-09 11:05:28 -08:00
if test "$ENABLED_CURVE25519" != "no"
2015-06-05 15:39:37 -06:00
then
2017-11-09 11:05:28 -08:00
if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
ENABLED_CURVE25519_SMALL=yes
ENABLED_CURVE25519=yes
fi
2015-06-05 15:39:37 -06:00
2018-12-23 15:59:57 -08:00
if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes"
2017-11-09 11:05:28 -08:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
ENABLED_CURVE25519=yes
fi
2017-07-14 10:39:30 -07:00
2024-04-27 01:12:58 -05:00
if test "$ENABLED_CURVE25519" = "noasm"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64"
fi
if test "$ENABLED_CURVE25519" = "yes" && test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
then
ENABLED_CURVE25519=noasm
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64"
fi
2015-03-24 11:56:40 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
2023-07-13 17:24:36 +10:00
AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CURVE25519"
2015-06-05 15:39:37 -06:00
ENABLED_FEMATH=yes
2015-02-19 10:59:05 -07:00
fi
2015-03-19 11:40:41 -06:00
# ED25519
AC_ARG_ENABLE([ed25519],
2015-03-19 12:48:32 -07:00
[AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
2015-03-19 11:40:41 -06:00
[ ENABLED_ED25519=$enableval ],
[ ENABLED_ED25519=no ]
)
2021-07-14 15:32:33 -05:00
AC_ARG_ENABLE([ed25519-stream],
[AS_HELP_STRING([--enable-ed25519-stream],[Enable wolfSSL ED25519 support with streaming verify APIs (default: disabled)])],
[ ENABLED_ED25519_STREAM=$enableval ],
[ ENABLED_ED25519_STREAM=no ]
)
2015-03-19 11:40:41 -06:00
2022-05-18 12:52:07 -06:00
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
2022-05-12 14:08:20 -06:00
test "$ENABLED_CHRONY" = "yes"
2015-08-01 18:28:18 +02:00
then
ENABLED_ED25519="yes"
fi
2020-02-19 18:07:45 +10:00
# for using memory optimization setting on both curve448 and ed448
ENABLED_CURVE448_SMALL=no
ENABLED_ED448_SMALL=no
# CURVE448
AC_ARG_ENABLE([curve448],
[AS_HELP_STRING([--enable-curve448],[Enable Curve448 (default: disabled)])],
[ ENABLED_CURVE448=$enableval ],
[ ENABLED_CURVE448=no ]
)
# ED448
AC_ARG_ENABLE([ed448],
[AS_HELP_STRING([--enable-ed448],[Enable ED448 (default: disabled)])],
[ ENABLED_ED448=$enableval ],
[ ENABLED_ED448=no ]
)
2021-07-14 15:32:33 -05:00
AC_ARG_ENABLE([ed448-stream],
[AS_HELP_STRING([--enable-ed448-stream],[Enable wolfSSL ED448 support with streaming verify APIs (default: disabled)])],
[ ENABLED_ED448_STREAM=$enableval ],
[ ENABLED_ED448_STREAM=no ]
)
2020-02-19 18:07:45 +10:00
2021-07-14 15:32:33 -05:00
if test "$ENABLED_ED448_STREAM" != "no"
then
if test "$ENABLED_ED448" = "no"
then
AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled])
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
fi
fi
2020-02-19 18:07:45 +10:00
2015-03-19 11:40:41 -06:00
# FP ECC, Fixed Point cache ECC
2013-09-06 14:24:31 -07:00
AC_ARG_ENABLE([fpecc],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
2013-09-06 14:24:31 -07:00
[ ENABLED_FPECC=$enableval ],
[ ENABLED_FPECC=no ]
)
if test "$ENABLED_FPECC" = "yes"
then
2013-11-07 15:59:31 -08:00
if test "$ENABLED_ECC" = "no"
then
2015-08-13 10:20:47 +02:00
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
2013-11-07 15:59:31 -08:00
fi
2013-09-06 14:24:31 -07:00
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
2013-11-07 15:59:31 -08:00
# ECC encrypt
AC_ARG_ENABLE([eccencrypt],
2022-07-01 09:51:24 +10:00
[AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled). yes = SEC1 standard, geniv = Generate IV, iso18033 = ISO 18033 standard, old = original wolfSSL algorithm])],
2013-11-07 15:59:31 -08:00
[ ENABLED_ECC_ENCRYPT=$enableval ],
[ ENABLED_ECC_ENCRYPT=no ]
)
2021-07-14 15:23:26 +10:00
if test "$ENABLED_ECC_ENCRYPT" != "no"
2013-11-07 15:59:31 -08:00
then
if test "$ENABLED_ECC" = "no"
then
2015-08-13 10:20:47 +02:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
2013-11-07 15:59:31 -08:00
fi
if test "$ENABLED_HKDF" = "no"
then
2015-08-13 10:20:47 +02:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
2013-11-07 15:59:31 -08:00
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
2021-07-14 15:23:26 +10:00
if test "$ENABLED_ECC_ENCRYPT" = "old"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_OLD"
fi
if test "$ENABLED_ECC_ENCRYPT" = "iso18033"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_ISO18033"
fi
2022-07-01 09:51:24 +10:00
if test "$ENABLED_ECC_ENCRYPT" = "geniv"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_GEN_IV"
fi
2013-11-07 15:59:31 -08:00
fi
2021-01-12 12:25:52 +10:00
# Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)
AC_ARG_ENABLE([eccsi],
[AS_HELP_STRING([--enable-eccsi],[Enable ECCSI (default: disabled)])],
[ ENABLED_ECCSI=$enableval ],
[ ENABLED_ECCSI=no ]
)
if test "x$ENABLED_ECCSI" = "xyes"
then
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
if test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([ECCSI requires ECC.])
fi
2021-01-12 12:25:52 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_ECCSI -DWOLFSSL_PUBLIC_MP"
fi
# Sakai-Kasahara Key Encryption (SAKKE) - pairing based crypto
AC_ARG_ENABLE([sakke],
[AS_HELP_STRING([--enable-sakke],[Enable SAKKE - paring based crypto (default: disabled)])],
[ ENABLED_SAKKE=$enableval ],
[ ENABLED_SAKKE=no ]
)
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
if test "$ENABLED_SAKKE" != "no" && test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([SAKKE requires ECC.])
fi
2021-01-12 12:25:52 +10:00
if test "x$ENABLED_SAKKE" = "xsmall"
then
ENABLED_SAKKE="yes"
ENABLED_SAKKE_SMALL="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_SAKKE_SMALL"
fi
if test "x$ENABLED_SAKKE" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SAKKE"
fi
2013-11-07 15:59:31 -08:00
2015-08-13 10:20:47 +02:00
# PSK
2013-03-12 12:48:41 -07:00
AC_ARG_ENABLE([psk],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])],
2013-03-12 12:48:41 -07:00
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
2019-05-17 08:01:40 +10:00
# Single PSK identity
AC_ARG_ENABLE([psk-one-id],
[AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
[ ENABLED_PSK_ONE_ID=$enableval ],
[ ENABLED_PSK_ONE_ID=no ]
)
if test "$ENABLED_PSK_ONE_ID" = "yes"
then
if test "$ENABLED_PSK" = "no"
then
ENABLED_PSK="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSK_ONE_ID"
fi
2013-03-12 12:48:41 -07:00
2013-03-13 11:27:14 -07:00
# ERROR STRINGS
AC_ARG_ENABLE([errorstrings],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])],
2013-03-13 11:27:14 -07:00
[ ENABLED_ERROR_STRINGS=$enableval ],
[ ENABLED_ERROR_STRINGS=yes ]
)
if test "$ENABLED_ERROR_STRINGS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# turn off error strings if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-13 11:27:14 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no
fi
fi
2019-12-11 11:19:58 -07:00
# ERROR QUEUE
AC_ARG_ENABLE([errorqueue],
2022-01-05 11:06:25 -08:00
[AS_HELP_STRING([--enable-errorqueue],[Disables adding nodes to error queue when compiled with OPENSSL_EXTRA (default: enabled)])],
2019-12-11 11:19:58 -07:00
[ ENABLED_ERROR_QUEUE=$enableval ],
[ ENABLED_ERROR_QUEUE=yes ]
)
2023-11-06 15:06:47 -08:00
# SSLv3
AC_ARG_ENABLE([sslv3],
[AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
[ ENABLED_SSLV3=$enableval ],
[ ENABLED_SSLV3=no]
2013-03-13 11:49:11 -07:00
)
2023-11-06 15:06:47 -08:00
if test "x$ENABLED_HAPROXY" = "xyes" && test "x$ENABLED_ALL" = "xno"
2013-03-13 11:49:11 -07:00
then
2023-11-06 15:06:47 -08:00
ENABLED_SSLV3="yes"
2013-03-13 11:49:11 -07:00
fi
2022-06-30 10:12:07 -07:00
if test "$ENABLED_CRYPTONLY" = "yes"
then
2023-11-06 15:06:47 -08:00
ENABLED_SSLV3=no
2022-06-30 10:12:07 -07:00
fi
2023-11-06 15:06:47 -08:00
if test "$ENABLED_SSLV3" = "yes"
2018-05-17 09:08:03 +10:00
then
2023-11-06 15:06:47 -08:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
2018-05-17 09:08:03 +10:00
fi
2017-11-14 13:55:48 -08:00
# TLSv1.0
AC_ARG_ENABLE([tlsv10],
[AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])],
[ ENABLED_TLSV10=$enableval ],
[ ENABLED_TLSV10=no ]
)
2022-06-30 10:12:07 -07:00
if test "$ENABLED_CRYPTONLY" = "yes"
then
ENABLED_TLSV12=no
fi
2017-11-14 13:55:48 -08:00
if test "$ENABLED_TLSV10" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10"
fi
2023-11-06 15:06:47 -08:00
# OLD TLS
AC_ARG_ENABLE([oldtls],
[AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: disabled)])],
[ ENABLED_OLD_TLS=$enableval ],
[ ENABLED_OLD_TLS=no ]
2015-08-13 10:20:47 +02:00
)
2023-11-06 15:06:47 -08:00
if test "$ENABLED_CRYPTONLY" = "yes" || test "x$ENABLED_HARDEN_TLS" != "xno" || \
test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2018-07-26 12:53:21 -07:00
then
2023-11-06 15:06:47 -08:00
ENABLED_OLD_TLS=no
2018-07-26 12:53:21 -07:00
fi
2023-11-06 15:06:47 -08:00
# if SSL v3.0 or TLS v1.0 enabled, then allow "old tls". QT also requires it apparently
if test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_SSLV3" = "yes" || \
(test "$ENABLED_QT" = "yes" && test "x$ENABLED_ALL" = "xno")
2022-06-30 10:12:07 -07:00
then
2023-11-06 15:06:47 -08:00
ENABLED_OLD_TLS=yes
2022-06-30 10:12:07 -07:00
fi
2018-07-26 12:53:21 -07:00
2023-11-06 15:06:47 -08:00
if test "$ENABLED_OLD_TLS" = "no"
2015-08-13 10:20:47 +02:00
then
2023-11-06 15:06:47 -08:00
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
2015-08-13 10:20:47 +02:00
fi
2023-11-06 15:06:47 -08:00
# TLSv1.2
AC_ARG_ENABLE([tlsv12],
[AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])],
[ ENABLED_TLSV12=$enableval ],
[ ENABLED_TLSV12=yes ]
)
if test "$ENABLED_CRYPTONLY" = "yes"
then
ENABLED_TLSV12=no
fi
if test "$ENABLED_TLSV12" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS"
fi
2020-12-04 17:50:05 -06:00
# STACK SIZE info for testwolfcrypt and examples
2013-03-28 11:28:38 -07:00
AC_ARG_ENABLE([stacksize],
2017-05-18 16:46:56 -06:00
[AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],
2013-03-28 11:28:38 -07:00
[ ENABLED_STACKSIZE=$enableval ],
[ ENABLED_STACKSIZE=no ]
)
2020-12-04 17:50:05 -06:00
if test "$ENABLED_STACKSIZE" != "no"
2013-03-28 11:28:38 -07:00
then
AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
2020-10-09 22:18:51 -05:00
AC_CHECK_DECL([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
2013-06-19 17:04:43 -03:00
AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
2020-10-09 22:18:51 -05:00
AC_CHECK_DECL([pthread_attr_setstack], [], [AC_MSG_ERROR(stacksize needs pthread_attr_setstack)], [[#include <pthread.h>]])
2018-12-10 16:51:54 -08:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE"
2013-03-28 11:28:38 -07:00
fi
2020-12-04 17:50:05 -06:00
if test "$ENABLED_STACKSIZE" = "verbose"
2020-09-02 14:20:51 -05:00
then
if test "$thread_ls_on" != "yes"
then
AC_MSG_ERROR(stacksize-verbose needs thread-local storage.)
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE_VERBOSE"
fi
2013-03-28 11:28:38 -07:00
2015-08-13 10:20:47 +02:00
# MEMORY
2013-03-12 13:31:14 -07:00
AC_ARG_ENABLE([memory],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])],
2013-03-12 13:31:14 -07:00
[ ENABLED_MEMORY=$enableval ],
[ ENABLED_MEMORY=yes ]
)
if test "$ENABLED_MEMORY" = "no"
then
2014-12-31 13:04:03 -07:00
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
2013-03-12 13:31:14 -07:00
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# turn off memory cb if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-12 13:31:14 -07:00
then
2014-12-31 13:04:03 -07:00
# but don't turn on NO_WOLFSSL_MEMORY because using own
2013-03-12 13:31:14 -07:00
ENABLED_MEMORY=no
fi
fi
2017-05-19 15:24:38 -06:00
# MEMORY SIZE info
AC_ARG_ENABLE([trackmemory],
[AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])],
[ ENABLED_TRACKMEMORY=$enableval ],
[ ENABLED_TRACKMEMORY=no ]
)
2020-12-23 12:03:06 -06:00
if test "$ENABLED_TRACKMEMORY" != "no"
2017-05-19 15:24:38 -06:00
then
if test "$ENABLED_MEMORY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY"
else
AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).])
fi
2020-12-23 12:03:06 -06:00
if test "$ENABLED_TRACKMEMORY" = "verbose"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY_VERBOSE"
fi
2017-05-19 15:24:38 -06:00
fi
2018-08-21 09:03:11 +10:00
# MEMORY usage logging
AC_ARG_ENABLE([memorylog],
[AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])],
[ ENABLED_MEMORYLOG=$enableval ],
[ ENABLED_MEMORYLOG=no ]
)
if test "$ENABLED_MEMORYLOG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG"
fi
2018-08-29 10:16:51 +10:00
# STACK usage logging
AC_ARG_ENABLE([stacklog],
[AS_HELP_STRING([--enable-stacklog],[Enable stack logging (default: disabled)])],
[ ENABLED_STACKLOG=$enableval ],
[ ENABLED_STACKLOG=no ]
)
if test "$ENABLED_STACKLOG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STACK_LOG -finstrument-functions"
fi
2021-03-17 22:49:07 -05:00
2021-04-21 17:28:27 -05:00
ENABLED_WOLFSENTRY=no
2021-04-01 13:08:41 -05:00
2021-04-21 03:19:35 -05:00
AC_ARG_WITH([wolfsentry],
[AS_HELP_STRING([--with-wolfsentry=PATH],[PATH to directory with wolfSentry installation])],
[WOLFSENTRY_INSTALLDIR=$withval],
[WOLFSENTRY_INSTALLDIR=""])
2021-04-01 13:08:41 -05:00
AC_ARG_WITH([wolfsentry-lib],
[AS_HELP_STRING([--with-wolfsentry-lib=PATH],[PATH to directory with wolfSentry library])],
2021-04-21 17:28:27 -05:00
[WOLFSENTRY_LIB=$withval],
2021-04-01 13:08:41 -05:00
[WOLFSENTRY_LIB=""])
2021-04-21 17:28:27 -05:00
AC_ARG_WITH([wolfsentry-include],
[AS_HELP_STRING([--with-wolfsentry-include=PATH],[PATH to directory with wolfSentry header files])],
[WOLFSENTRY_INCLUDE=$withval],
[WOLFSENTRY_INCLUDE=""])
if test -n "$WOLFSENTRY_INSTALLDIR" || test -n "$WOLFSENTRY_LIB" || test -n "$WOLFSENTRY_INCLUDE"
2021-04-21 03:19:35 -05:00
then
2021-04-21 17:28:27 -05:00
ENABLED_WOLFSENTRY=yes
2021-04-21 03:19:35 -05:00
fi
2021-04-21 17:28:27 -05:00
AC_ARG_ENABLE([wolfsentry],
[AS_HELP_STRING([--enable-wolfsentry],[Enable wolfSentry hooks and plugins (default: disabled)])],
[ ENABLED_WOLFSENTRY=$enableval ],
[ ]
)
if test "$WOLFSENTRY_LIB" = "" && test -n "$WOLFSENTRY_INSTALLDIR"
2021-04-01 13:08:41 -05:00
then
2021-04-21 17:28:27 -05:00
WOLFSENTRY_LIB="${WOLFSENTRY_INSTALLDIR}/lib"
2021-04-01 13:08:41 -05:00
fi
2021-04-21 17:28:27 -05:00
if test "$WOLFSENTRY_INCLUDE" = "" && test -n "$WOLFSENTRY_INSTALLDIR"
then
WOLFSENTRY_INCLUDE="${WOLFSENTRY_INSTALLDIR}/include"
fi
if test -n "$WOLFSENTRY_LIB"
then
AC_MSG_CHECKING([for $WOLFSENTRY_LIB])
if ! test -d "$WOLFSENTRY_LIB"
then
AC_MSG_ERROR([wolfSentry lib dir $WOLFSENTRY_LIB not found.])
fi
AC_MSG_RESULT([yes])
WOLFSENTRY_LIB="-L$WOLFSENTRY_LIB"
fi
2021-04-01 13:08:41 -05:00
2021-04-21 17:28:27 -05:00
if test -n "$WOLFSENTRY_INCLUDE"
2021-04-21 03:19:35 -05:00
then
2021-04-21 17:28:27 -05:00
AC_MSG_CHECKING([for $WOLFSENTRY_INCLUDE])
if ! test -d "$WOLFSENTRY_INCLUDE"
then
AC_MSG_ERROR([wolfSentry include dir $WOLFSENTRY_INCLUDE not found.])
fi
AC_MSG_RESULT([yes])
WOLFSENTRY_INCLUDE="-I$WOLFSENTRY_INCLUDE"
2021-04-21 03:19:35 -05:00
fi
2021-04-21 17:28:27 -05:00
if test "$ENABLED_WOLFSENTRY" = "yes"
2021-04-21 03:19:35 -05:00
then
2021-04-21 17:28:27 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS"
WOLFSENTRY_LIB="$WOLFSENTRY_LIB -lwolfsentry"
2021-04-21 03:19:35 -05:00
fi
2021-04-01 13:08:41 -05:00
AC_SUBST([WOLFSENTRY_LIB])
AC_SUBST([WOLFSENTRY_INCLUDE])
2019-12-06 14:27:01 -07:00
if test "$ENABLED_QT" = "yes"
then
# Requires opensslextra and opensslall
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL -DHAVE_EX_DATA"
fi
2020-07-31 13:48:15 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QT -DSESSION_CERTS -DOPENSSL_NO_SSL2"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DHAVE_EX_DATA"
2019-12-06 14:27:01 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
2020-07-31 13:48:15 -07:00
if test "x$ENABLED_ALL" = "xno"; then
# Don't enable old SSL/TLS for --enable-all, which is used by distro
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3 -DWOLFSSL_ALLOW_TLSV10"
fi
2019-12-06 14:27:01 -07:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
# Requires PSK make sure on
if test "x$ENABLED_PSK" = "xno"
then
2021-07-28 10:31:15 -07:00
ENABLED_PSK="yes"
2019-12-06 14:27:01 -07:00
fi
2021-07-28 10:31:15 -07:00
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
test "$enable_arc4" = "" && enable_arc4=yes
2019-12-06 14:27:01 -07:00
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
2018-08-29 10:16:51 +10:00
2019-12-06 14:27:01 -07:00
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
# requires oldnames disabled
enable_oldnames=no
fi
AC_ARG_ENABLE([qt-test],
[AS_HELP_STRING([--enable-qt-test],[Enable qt tests (default: disabled)])],
[ ENABLED_QT_TEST=$enableval ],
[ ENABLED_QT_TEST=no ]
)
2018-08-29 10:16:51 +10:00
2019-12-06 14:27:01 -07:00
if test "$ENABLED_QT_TEST" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3 -DWOLFSSL_STATIC_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_PSK"
fi
2017-05-19 15:24:38 -06:00
2015-08-13 10:20:47 +02:00
# RSA
2013-03-11 12:49:59 -07:00
AC_ARG_ENABLE([rsa],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled)])],
2013-03-11 12:49:59 -07:00
[ ENABLED_RSA=$enableval ],
[ ENABLED_RSA=yes ]
)
if test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# turn off RSA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-11 12:49:59 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no
2020-10-28 11:47:31 +10:00
else
ENABLED_CERTS=yes
2013-03-11 12:49:59 -07:00
fi
fi
2018-12-06 17:27:10 +10:00
AC_ARG_ENABLE([oaep],
[AS_HELP_STRING([--enable-oaep],[Enable RSA OAEP (default: enabled)])],
[ ENABLED_OAEP=$enableval ],
[ ENABLED_OAEP=yes ]
)
if test "$ENABLED_OAEP" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RSA_OAEP"
fi
AC_ARG_ENABLE([rsapub],
[AS_HELP_STRING([--enable-rsapub],[Enable RSA Public Only (default: disabled)])],
[ ENABLED_RSAPUB=$enableval ],
[ ENABLED_RSAPUB=no ]
)
if test "$ENABLED_RSAPUB" = "yes"
then
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSA="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY"
fi
AC_ARG_ENABLE([rsavfy],
[AS_HELP_STRING([--enable-rsavfy],[Enable RSA Verify Inline Only (default: disabled)])],
[ ENABLED_RSAVFY=$enableval ],
[ ENABLED_RSAVFY=no ]
)
if test "$ENABLED_RSAVFY" = "yes"
then
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSA="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_ONLY"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_VERIFY_INLINE -DNO_SIG_WRAPPER"
2021-02-03 17:14:13 +10:00
AM_CFLAGS="$AM_CFLAGS -DNO_CHECK_PRIVATE_KEY"
2018-12-06 17:27:10 +10:00
fi
2013-03-11 12:49:59 -07:00
2017-05-18 15:32:06 +10:00
# RSA-PSS
AC_ARG_ENABLE([rsapss],
[ --enable-rsapss Enable RSA-PSS (default: disabled)],
[ ENABLED_RSAPSS=$enableval ],
[ ENABLED_RSAPSS=no ]
)
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSAPSS="no"
else
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_RSAPSS="yes"
fi
fi
if test "$ENABLED_RSAPSS" = "yes"
then
2022-07-25 17:36:17 +10:00
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"
2017-05-18 15:32:06 +10:00
fi
2013-03-12 13:03:42 -07:00
# DH
AC_ARG_ENABLE([dh],
2015-03-31 16:23:28 -07:00
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
2013-03-12 13:03:42 -07:00
[ ENABLED_DH=$enableval ],
2015-03-27 10:23:15 -07:00
[ ENABLED_DH=yes ]
2013-03-12 13:03:42 -07:00
)
2022-06-23 15:00:59 -05:00
if test "$ENABLED_OPENSSH" = "yes" && test "$ENABLED_DH" = "no"
2015-07-17 09:14:58 -07:00
then
ENABLED_DH="yes"
fi
2013-03-12 13:03:42 -07:00
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# turn off DH if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-12 13:03:42 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no
fi
fi
2022-06-23 15:00:59 -05:00
if test "$ENABLED_DH" = "const"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST"
fi
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_DH" != "no"
2021-08-31 16:28:24 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
fi
2013-03-12 13:03:42 -07:00
2014-12-01 11:44:32 -08:00
# Anonymous
AC_ARG_ENABLE([anon],
[AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
[ ENABLED_ANON=$enableval ],
[ ENABLED_ANON=no ]
)
2021-08-31 16:28:24 -07:00
if test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
test "x$ENABLED_HAPROXY" = "xyes" || test "$ENABLED_RSYSLOG" = "yes"
2017-02-10 08:45:10 +10:00
then
ENABLED_ANON=yes
fi
2014-12-01 11:44:32 -08:00
if test "x$ENABLED_ANON" = "xyes"
then
2022-06-23 15:00:59 -05:00
if test "$ENABLED_DH" = "no"
2014-12-01 11:44:32 -08:00
then
AC_MSG_ERROR([Anonymous suite requires DH.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
fi
2013-03-12 12:48:41 -07:00
# ASN
2015-03-27 14:28:05 -07:00
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
# and no big int (unless dh is on)
2013-03-12 12:48:41 -07:00
AC_ARG_ENABLE([asn],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
2013-03-12 12:48:41 -07:00
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "no"
then
2021-08-18 12:59:44 +10:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
enable_pwdbased=no
2013-03-12 12:48:41 -07:00
else
2023-02-03 09:59:43 +10:00
if test "$ENABLED_ASN" = "template"; then
ENABLED_ASN="yes"
fi
if test "$ENABLED_ASN" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
else
if test "$ENABLED_ASN" != "original"; then
AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
fi
fi
2013-03-12 12:48:41 -07:00
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
2020-10-28 11:47:31 +10:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
2013-03-12 12:48:41 -07:00
ENABLED_ASN=no
2018-09-25 12:16:59 -07:00
else
if test "$ENABLED_ASN" = "nocrypt"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
2018-09-26 13:56:10 -07:00
enable_pwdbased=no
2018-09-25 12:16:59 -07:00
fi
2013-03-12 12:48:41 -07:00
fi
fi
2022-06-30 10:12:07 -07:00
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \
2023-05-02 18:10:25 -07:00
test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no"
2013-03-12 12:48:41 -07:00
then
AC_MSG_ERROR([please disable rsa if disabling asn.])
fi
2013-03-12 13:03:42 -07:00
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
2023-02-03 16:09:27 -08:00
if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
2023-04-14 14:52:05 -06:00
# No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint)
2022-12-16 14:43:29 +10:00
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \
2022-06-30 10:12:07 -07:00
test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \
2023-04-14 14:52:05 -06:00
test "$ENABLED_RSA" = "no" && test "$ENABLED_OPENSSLEXTRA" = "no" && \
2023-04-21 16:05:43 -05:00
test "$ENABLED_OPENSSLALL" = "yes"
2022-06-30 10:12:07 -07:00
then
ENABLED_SP_MATH_ALL="no"
ENABLED_FASTMATH="no"
ENABLED_HEAPMATH="no"
ENABLED_BIGNUM="no"
2022-06-24 15:55:08 -05:00
else
2022-06-30 10:12:07 -07:00
ENABLED_BIGNUM="yes"
2013-03-12 15:14:03 -07:00
fi
2023-04-28 12:10:05 +10:00
case $host_os in
*linux* | *darwin* | *freebsd*)
DEF_ASN_PRINT="yes"
;;
*)
DEF_ASN_PRINT="no"
;;
esac
AC_ARG_ENABLE([asn-print],
[AS_HELP_STRING([--enable-asn-print],[Enable ASN Print API (default: enabled)])],
[ ENABLED_ASN_PRINT=$enableval ],
[ ENABLED_ASN_PRINT=$DEF_ASN_PRINT ]
)
if test "$ENABLED_ASN_PRINT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_PRINT"
fi
2013-03-12 12:48:41 -07:00
2013-03-11 17:07:37 -07:00
# AES
AC_ARG_ENABLE([aes],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])],
2013-03-11 17:07:37 -07:00
[ ENABLED_AES=$enableval ],
[ ENABLED_AES=yes ]
)
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
2015-07-17 09:30:25 -06:00
if test "$ENABLED_FORTRESS" = "yes"
then
AC_MSG_ERROR([fortress requires aes])
fi
2015-07-16 15:31:36 -06:00
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
fi
2022-07-18 10:26:20 -07:00
if test "$ENABLED_AESGCM" != "no"
2015-03-27 21:30:27 -07:00
then
AC_MSG_ERROR([AESGCM requires AES.])
fi
if test "$ENABLED_AESCCM" = "yes"
then
AC_MSG_ERROR([AESCCM requires AES.])
fi
2016-12-04 15:23:51 +01:00
if test "$ENABLED_AESCTR" = "yes"
then
AC_MSG_ERROR([AESCTR requires AES.])
fi
2013-03-11 17:07:37 -07:00
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
ENABLED_AES=no
fi
fi
2022-05-20 09:59:23 +02:00
# DTLSv1.3
AC_ARG_ENABLE([dtls13],
[AS_HELP_STRING([--enable-dtls13],[Enable wolfSSL DTLS v1.3 (default: disabled)])],
[ ENABLED_DTLS13=$enableval ],
[ ENABLED_DTLS13=no ]
)
if test "x$ENABLED_DTLS13" = "xyes"
then
if test "x$ENABLED_DTLS" != "xyes" || test "x$ENABLED_TLS13" != "xyes"
then
AC_MSG_ERROR([You need to enable both DTLS and TLSv1.3 to use DTLSv1.3])
fi
2023-04-21 16:05:43 -05:00
if test "x$ENABLED_SEND_HRR_COOKIE" = "xundefined"
2022-08-26 12:25:54 +02:00
then
AC_MSG_NOTICE([DTLSv1.3 is enabled, enabling HRR cookie])
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
ENABLED_SEND_HRR_COOKIE="yes"
fi
2022-05-30 11:17:03 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS13 -DWOLFSSL_W64_WRAPPER"
2022-05-20 09:59:23 +02:00
if test "x$ENABLED_AES" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
fi
2013-03-11 17:07:37 -07:00
2022-08-10 16:39:44 +02:00
# DTLS CID support
AC_ARG_ENABLE([dtlscid],
[AS_HELP_STRING([--enable-dtlscid],[Enable wolfSSL DTLS ConnectionID (default: disabled)])],
[ ENABLED_DTLS_CID=$enableval ],
[ ENABLED_DTLS_CID=no ]
)
if test "x$ENABLED_DTLS_CID" = "xyes"
then
if test "x$ENABLED_DTLS13" != "xyes"
then
AC_MSG_ERROR([You need to enable DTLSv1.3 to use DTLS ConnectionID])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CID"
fi
2023-09-01 16:38:52 +02:00
# DTLS 1.3 Fragment Second ClientHello
AC_ARG_ENABLE([dtls-frag-ch],
[AS_HELP_STRING([--enable-dtls-frag-ch],[Enable wolfSSL DTLS 1.3 ClientHello fragmenting (default: disabled)])],
[ ENABLED_DTLS_CH_FRAG=$enableval ],
[ ENABLED_DTLS_CH_FRAG=no ]
)
if test "x$ENABLED_DTLS_CH_FRAG" = "xyes"
then
if test "x$ENABLED_DTLS13" != "xyes"
then
AC_MSG_ERROR([You need to enable DTLSv1.3 to use DTLS ClientHello fragmenting])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG"
fi
2013-03-12 13:12:10 -07:00
# CODING
AC_ARG_ENABLE([coding],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
2013-03-12 13:12:10 -07:00
[ ENABLED_CODING=$enableval ],
[ ENABLED_CODING=yes ]
)
if test "$ENABLED_CODING" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else
# turn off CODING if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no
fi
fi
2016-06-09 16:26:39 -07:00
# Base64 Encode
BASE64ENCODE_DEFAULT=no
2022-05-08 12:13:18 +02:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
2016-06-09 16:26:39 -07:00
then
BASE64ENCODE_DEFAULT=yes
fi
AC_ARG_ENABLE([base64encode],
2022-05-08 12:13:18 +02:00
[AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64/amd64)])],
2016-06-09 16:26:39 -07:00
[ ENABLED_BASE64ENCODE=$enableval ],
[ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
)
if test "$ENABLED_BASE64ENCODE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
fi
2018-03-22 10:36:56 -07:00
# Base16
AC_ARG_ENABLE([base16],
[AS_HELP_STRING([--enable-base16],[Enable Base16 encoding/decoding (default: disabled)])],
[ ENABLED_BASE16=$enableval ],
[ ENABLED_BASE16=no ]
)
2020-08-07 14:40:44 -06:00
if test "$ENABLED_CAAM" = "qnx"
then
ENABLED_BASE16=yes
fi
2018-03-22 10:36:56 -07:00
if test "$ENABLED_BASE16" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE16"
fi
2023-07-12 13:47:40 -05:00
# MD4
AC_ARG_ENABLE([md4],
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
2013-03-12 09:46:15 -07:00
# DES3
AC_ARG_ENABLE([des3],
2016-09-15 11:17:30 -07:00
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
2013-03-12 09:46:15 -07:00
[ ENABLED_DES3=$enableval ],
2016-09-15 11:17:30 -07:00
[ ENABLED_DES3=no ]
2013-03-12 09:46:15 -07:00
)
2022-05-12 14:08:20 -06:00
# Enable 3DES with OpenSSH and FIPS 140-2 but not 140-3
if (test "$ENABLED_OPENSSH" = "yes" && \
(test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -le 2)) || \
test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || \
test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_KRB" = "yes" || \
2022-06-09 16:23:00 +02:00
test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_STRONGSWAN" = "yes"
2018-07-16 09:49:23 -07:00
then
2018-07-16 13:09:45 -07:00
ENABLED_DES3="yes"
2018-07-16 09:49:23 -07:00
fi
2013-03-12 09:46:15 -07:00
2024-03-14 10:34:38 -07:00
# DES3 TLS suites
AC_ARG_ENABLE([des3-tls-suites],
[AS_HELP_STRING([--enable-des3-tls-suites],[Enable DES3 TLS cipher suites (default: disabled)])],
[ ENABLED_DES3_TLS_SUITES=$enableval ],
[ ENABLED_DES3_TLS_SUITES=no ]
2021-03-12 14:39:25 +01:00
)
2015-08-13 10:20:47 +02:00
# ARC4
2022-05-12 14:08:20 -06:00
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes"
2021-07-28 10:31:15 -07:00
then
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
test "$enable_arc4" = "" && enable_arc4=yes
fi
2013-03-11 17:13:24 -07:00
AC_ARG_ENABLE([arc4],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
2013-03-11 17:13:24 -07:00
[ ENABLED_ARC4=$enableval ],
2015-03-27 10:17:22 -07:00
[ ENABLED_ARC4=no ]
2013-03-11 17:13:24 -07:00
)
2015-08-13 10:20:47 +02:00
# MD5
2013-03-11 17:37:08 -07:00
AC_ARG_ENABLE([md5],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])],
2013-03-11 17:37:08 -07:00
[ ENABLED_MD5=$enableval ],
[ ENABLED_MD5=yes ]
)
2015-08-13 10:20:47 +02:00
# SHA
2013-03-11 17:53:38 -07:00
AC_ARG_ENABLE([sha],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])],
2013-03-11 17:53:38 -07:00
[ ENABLED_SHA=$enableval ],
[ ENABLED_SHA=yes ]
)
if test "$ENABLED_SHA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# turn off SHA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-11 17:53:38 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no
fi
fi
2022-12-20 00:42:05 -06:00
if test "$ENABLED_SHA" = "no" && test "$ENABLED_DSA" != "no"
then
AC_MSG_ERROR([please disable DSA if disabling SHA-1.])
fi
2013-03-11 17:53:38 -07:00
2022-01-14 13:56:23 +10:00
# SipHash
AC_ARG_ENABLE([siphash],
[AS_HELP_STRING([--enable-siphash],[Enable SipHash (default: disabled)])],
[ ENABLED_SIPHASH=$enableval ],
[ ENABLED_SIPHASH=no ]
)
AS_IF([test "x$ENABLED_SIPHASH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIPHASH"])
2016-05-23 17:50:36 -07:00
# CMAC
AC_ARG_ENABLE([cmac],
[AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
[ ENABLED_CMAC=$enableval ],
[ ENABLED_CMAC=no ]
)
2023-09-25 17:37:26 -06:00
if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes"
2017-02-10 08:45:10 +10:00
then
ENABLED_CMAC=yes
fi
2016-05-23 17:50:36 -07:00
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
2017-08-30 17:50:15 -06:00
# AES-XTS
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
AC_ARG_ENABLE([aesxts],
[AS_HELP_STRING([--enable-aesxts],[Enable AES XTS (default: disabled)])],
[ ENABLED_AESXTS=$enableval ],
[ ENABLED_AESXTS=no ]
)
2024-05-14 19:24:27 -05:00
AS_IF([test "$ENABLED_AESXTS" = "yes" && test "$ENABLED_ARMASM" = "no"],
[ ENABLED_AESXTS_STREAM_DEFAULT=yes ],
[ ENABLED_AESXTS_STREAM_DEFAULT=no ]
)
2024-05-11 02:36:27 -05:00
AC_ARG_ENABLE([aesxts-stream],
[AS_HELP_STRING([--enable-aesxts-stream],[Enable wolfSSL AES-XTS support with streaming APIs (default: disabled)])],
[ ENABLED_AESXTS_STREAM=$enableval ],
2024-05-14 19:24:27 -05:00
[ ENABLED_AESXTS_STREAM=$ENABLED_AESXTS_STREAM_DEFAULT ]
2024-05-11 02:36:27 -05:00
)
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
# legacy old option name, for compatibility:
2017-08-30 17:50:15 -06:00
AC_ARG_ENABLE([xts],
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
[AS_HELP_STRING([--enable-xts],[Please use --enable-aesxts])],
[ ENABLED_AESXTS=$enableval ]
2017-08-30 17:50:15 -06:00
)
2015-08-13 10:20:47 +02:00
# Web Server Build
2014-03-03 12:18:26 -08:00
AC_ARG_ENABLE([webserver],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
2014-03-03 12:18:26 -08:00
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
2018-04-10 08:38:14 -07:00
# Web Client Build (HTTP Client)
AC_ARG_ENABLE([webclient],
[AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])],
[ ENABLED_WEBCLIENT=$enableval ],
[ ENABLED_WEBCLIENT=no ]
)
if test "$ENABLED_WEBCLIENT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT"
fi
2014-03-03 12:18:26 -08:00
2020-09-18 17:04:26 -07:00
# RC2
AC_ARG_ENABLE([rc2],
[AS_HELP_STRING([--enable-rc2],[Enable RC2 encryption (default: disabled)])],
[ ENABLED_RC2=$enableval ],
[ ENABLED_RC2=no ]
)
if test "$ENABLED_RC2" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RC2"
fi
2024-04-23 11:26:27 -04:00
# CUDA
AC_ARG_ENABLE([cuda],
[AS_HELP_STRING([--enable-cuda],[Enable NVidia CUDA support (default: disabled)])],
[ ENABLED_CUDA=$enableval ],
[ ENABLED_CUDA=no ]
)
if test "$ENABLED_CUDA" = "yes"
then
CC=nvcc
AM_CFLAGS="$AM_CFLAGS -DWC_CUDA -DHAVE_CUDA"
fi
2024-03-01 19:40:27 -05:00
# Certificate Service Support (CFLAG sections later) keep above FIPS section
AC_ARG_ENABLE([certservice],
[AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
[ ENABLED_CERT_SERVICE=$enableval ],
[ ENABLED_CERT_SERVICE=no ]
)
# PWDBASED (CFLAG sections later) keep above FIPS section
AC_ARG_ENABLE([pwdbased],
[AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
[ ENABLED_PWDBASED=$enableval ],
[ ENABLED_PWDBASED=no ]
)
# MemUse Entropy
2024-04-09 10:44:17 -06:00
# wolfEntropy Software Jitter SP800-90B certifiable entropy source
2024-03-01 19:40:27 -05:00
AC_ARG_ENABLE([wolfEntropy],
[AS_HELP_STRING([--enable-wolfEntropy],[Enable memuse entropy support (default: disabled)])],
[ ENABLED_ENTROPY_MEMUSE=$enableval ],
[ ENABLED_ENTROPY_MEMUSE=no ]
)
AC_ARG_ENABLE([entropy-memuse],
[AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])],
[ ENABLED_ENTROPY_MEMUSE=$enableval ],
[ ENABLED_ENTROPY_MEMUSE=no ]
)
# AES key wrap
AC_ARG_ENABLE([aeskeywrap],
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
[ ENABLED_AESKEYWRAP=$enableval ],
[ ENABLED_AESKEYWRAP=no ]
)
2020-09-18 17:04:26 -07:00
2021-12-16 00:02:26 -06:00
# FIPS feature and macro setup
2020-05-12 11:53:19 -07:00
AS_CASE([$FIPS_VERSION],
2024-03-22 20:12:29 -04:00
[v6|ready|dev],[ # FIPS 140-3 SRTP-KDF
2024-03-01 19:40:27 -05:00
AM_CFLAGS="$AM_CFLAGS \
-DHAVE_FIPS \
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
-DHAVE_ECC_CDH \
-DWC_RSA_NO_PADDING \
-DECC_USER_CURVES \
-DHAVE_ECC384 \
-DHAVE_ECC521 \
-DWOLFSSL_VALIDATE_FFC_IMPORT \
-DHAVE_FFDHE_Q \
-DHAVE_FFDHE_3072 \
-DHAVE_FFDHE_4096 \
-DHAVE_FFDHE_6144 \
-DHAVE_FFDHE_8192"
# KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback
AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
[AM_CFLAGS="$AM_CFLAGS \
-DWC_RNG_SEED_CB \
-DWOLFSSL_ECDSA_SET_K \
-DWOLFSSL_VALIDATE_ECC_IMPORT \
-DWOLFSSL_VALIDATE_ECC_KEYGEN \
-DHAVE_ECC192 \
-DHAVE_ECC224 \
-DHAVE_ECC256"])
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
# optimizations section
# protocol section
AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")],
[enable_ssh="yes"])
AS_IF([test "$ENABLED_HKDF" != "yes"],
[ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_PWDBASED" = "xno"],
[ENABLED_PWDBASED="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_PBKDF2 -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_SRTP" = "xno"],
[ENABLED_SRTP="yes"])
AS_IF([test "x$ENABLED_SRTP_KDF" = "xno"],
[ENABLED_SRTP_KDF="yes"])
# public key section
AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
[ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
# AS_IF([test "$ENABLED_COMPKEY" = "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
# [ENABLED_COMPKEY="yes"])
AS_IF([test "$ENABLED_RSAPSS" != "yes"],
[ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
AS_IF([test "$ENABLED_ECC" != "yes"],
[ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
AS_IF([test "x$ENABLED_ED25519" != "xyes"],
2024-04-18 08:41:05 -06:00
[ENABLED_ED25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT"])
2024-04-27 01:12:58 -05:00
AS_IF([test "$ENABLED_CURVE25519" = "no"],
2024-03-01 19:40:27 -05:00
[ENABLED_CURVE25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"])
AS_IF([test "x$ENABLED_ED448" != "xyes"],
2024-04-18 08:41:05 -06:00
[ENABLED_ED448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT"])
2024-03-01 19:40:27 -05:00
AS_IF([test "x$ENABLED_CURVE448" != "xyes"],
[ENABLED_CURVE448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"])
AS_IF([test "x$ENABLED_ED25519_STREAM" != "xyes"],
[ENABLED_ED25519_STREAM="yes"])
AS_IF([test "x$ENABLED_ED448_STREAM" != "xyes"],
[ENABLED_ED448_STREAM="yes"])
2024-04-13 21:12:22 -05:00
AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" && test "$FIPS_VERSION" != "dev"],
2024-03-01 19:40:27 -05:00
[ENABLED_ECCCUSTCURVES="no"])
# Hashing section
AS_IF([test "x$ENABLED_SHA3" != "xyes"],
[ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")],
[ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
AS_IF([test "$ENABLED_SHA512" = "no"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
# SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
# Shake128 because we're testing SHAKE256
AS_IF([test "x$ENABLED_SHAKE128" = "xno"],
[ENABLED_SHAKE128="yes"])
# Shake256 mandated for ED448
AS_IF([test "x$ENABLED_SHAKE256" = "xno"],
[ENABLED_SHAKE256="yes"])
# Aes section
AS_IF([test "$ENABLED_AESCCM" != "yes"],
[ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
AS_IF([test "$ENABLED_AESCTR" != "yes"],
[ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
AS_IF([test "$ENABLED_CMAC" != "yes"],
[ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
AS_IF([test "$ENABLED_AESGCM" = "no"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
2024-04-13 21:12:22 -05:00
# AES-GCM streaming is part of the v6 FIPS suite, but isn't implemented
# for armasm on arm-v7 or earlier (see armasm setup above).
AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" && ! (test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ARMASM_CRYPTO" = "no")],
2024-03-01 19:40:27 -05:00
[ENABLED_AESGCM_STREAM="yes"])
AS_IF([test "x$ENABLED_AESOFB" = "xno"],
[ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])
AS_IF([test "x$ENABLED_AESCFB" = "xno"],
[ENABLED_AESCFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"])
AS_IF([test "x$ENABLED_AESXTS" = "xno"],
[ENABLED_AESXTS="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS"])
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
2024-05-14 19:24:27 -05:00
AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" && ! (test "$ENABLED_ARMASM" = "yes" || test "$ENABLED_ARMASM_CRYPTO" = "no")],
[ENABLED_AESXTS_STREAM="yes"])
2024-05-11 02:36:27 -05:00
2024-03-01 19:40:27 -05:00
AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
(test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
(test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
(test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes"],
[ENABLED_AESKEYWRAP="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP"])
# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
AS_IF([test "$ENABLED_OLD_TLS" != "no"],
[ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
],
2024-03-22 20:12:29 -04:00
[v5*], [ # FIPS 140-3
2021-12-16 00:02:26 -06:00
AM_CFLAGS="$AM_CFLAGS \
2021-12-16 12:58:44 -06:00
-DHAVE_FIPS \
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
2024-04-13 21:12:22 -05:00
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
2021-12-16 12:58:44 -06:00
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
2024-04-13 21:12:22 -05:00
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
2021-12-16 12:58:44 -06:00
-DHAVE_ECC_CDH \
-DWC_RSA_NO_PADDING \
-DECC_USER_CURVES \
-DHAVE_ECC384 \
-DHAVE_ECC521 \
-DWOLFSSL_VALIDATE_FFC_IMPORT \
-DHAVE_FFDHE_Q \
-DHAVE_FFDHE_3072 \
-DHAVE_FFDHE_4096 \
-DHAVE_FFDHE_6144 \
-DHAVE_FFDHE_8192"
2021-12-16 00:02:26 -06:00
2022-03-17 14:41:35 -07:00
# KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback
AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
[AM_CFLAGS="$AM_CFLAGS \
-DWC_RNG_SEED_CB \
-DWOLFSSL_ECDSA_SET_K \
2022-04-01 11:27:17 -07:00
-DWOLFSSL_VALIDATE_ECC_IMPORT \
-DWOLFSSL_VALIDATE_ECC_KEYGEN \
2022-03-17 14:41:35 -07:00
-DHAVE_ECC192 \
-DHAVE_ECC224 \
-DHAVE_ECC256"])
2021-08-25 18:33:20 -05:00
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
2021-12-16 00:02:26 -06:00
2022-09-19 09:39:33 -07:00
# force various features to FIPS 140-3 defaults, unless overridden with dev:
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")],
2021-12-16 12:58:44 -06:00
[ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_COMPKEY" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_compkey" != "yes")],
2022-07-06 17:31:56 -05:00
[ENABLED_COMPKEY="no"])
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")],
2021-12-16 12:58:44 -06:00
[ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
2021-12-16 00:02:26 -06:00
2024-05-17 11:03:18 -06:00
AS_IF([test "$ENABLED_SHA3" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha3" != "no")],
[ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")],
2021-12-16 12:58:44 -06:00
[enable_ssh="yes"])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
# Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list
AS_IF([test "$ENABLED_SHAKE128" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake128" != "yes")],
2022-09-01 15:07:15 +10:00
[ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
2024-04-13 21:12:22 -05:00
# Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list
AS_IF([test "$ENABLED_SHAKE256" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")],
2021-12-16 12:58:44 -06:00
[ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
# SHA512-224 and SHA512-256 are SHA-2 algorithms outside the v5 FIPS algorithm list
2021-09-27 20:33:51 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_AESCCM" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")],
2021-12-16 12:58:44 -06:00
[ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_AESXTS" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesxts" != "yes")],
2024-02-09 00:46:54 -06:00
[ENABLED_AESXTS="no"])
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_RSAPSS" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")],
2021-12-16 12:58:44 -06:00
[ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_ECC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")],
2021-12-16 00:02:26 -06:00
[ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")],
2022-04-01 11:27:17 -07:00
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_AESCTR" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")],
2021-12-16 00:02:26 -06:00
[ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_CMAC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")],
2021-12-16 00:02:26 -06:00
[ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_HKDF" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")],
2021-12-16 00:02:26 -06:00
[ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "$ENABLED_INTELASM" = "yes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_SHA512" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")],
2020-10-21 11:58:38 -07:00
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")],
2022-10-24 17:31:48 -05:00
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
2021-12-16 00:02:26 -06:00
2024-04-13 21:12:22 -05:00
# AES-GCM streaming isn't part of the v5 FIPS suite.
AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm_stream" != "yes")],
2022-10-10 16:37:38 -05:00
[ENABLED_AESGCM_STREAM="no"])
2022-05-19 12:06:20 -07:00
# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
AS_IF([test "$ENABLED_OLD_TLS" != "no"],
[ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
2022-01-24 12:44:57 -08:00
2021-12-16 00:02:26 -06:00
AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
2024-04-13 21:12:22 -05:00
[AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
2021-12-16 12:58:44 -06:00
[ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])
2021-12-16 00:02:26 -06:00
2021-12-16 17:03:01 -06:00
AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
(test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
(test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
2024-02-09 00:46:54 -06:00
(test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes") ||
(test "$ENABLED_AESXTS" = "yes" && test "$HAVE_AESXTS_PORT" != "yes")],
2021-12-16 12:58:44 -06:00
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
2020-10-21 11:58:38 -07:00
],
2021-12-16 00:02:26 -06:00
[v2],[ # FIPS 140-2, Cert 3389
AM_CFLAGS="$AM_CFLAGS \
2021-12-16 12:58:44 -06:00
-DHAVE_FIPS \
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
2024-04-13 21:12:22 -05:00
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
2021-12-16 12:58:44 -06:00
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
2024-04-13 21:12:22 -05:00
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
2021-12-16 12:58:44 -06:00
-DWOLFSSL_KEY_GEN \
-DWOLFSSL_SHA224 \
-DWOLFSSL_AES_DIRECT \
-DHAVE_AES_ECB \
-DHAVE_ECC_CDH \
-DWC_RSA_NO_PADDING \
-DWOLFSSL_VALIDATE_FFC_IMPORT \
-DHAVE_FFDHE_Q \
2021-12-16 00:02:26 -06:00
-DHAVE_PUBLIC_FFDHE"
2019-06-24 15:40:05 -07:00
ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes"
2020-10-21 11:58:38 -07:00
ENABLED_DES3="yes"
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
2021-09-27 20:33:51 -05:00
ENABLED_SHAKE256=no
# SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
2019-06-24 15:40:05 -07:00
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
[ENABLED_AESCCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
[ENABLED_RSAPSS="yes"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
AS_IF([test "x$ENABLED_ECC" != "xyes"],
[ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
2022-10-05 16:33:52 +10:00
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_COUNTER"])
2019-06-24 15:40:05 -07:00
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
[ENABLED_CMAC="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
[ENABLED_HKDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
2020-10-12 16:06:20 -07:00
AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
2019-06-24 15:40:05 -07:00
],
2021-12-16 00:02:26 -06:00
2019-06-24 15:40:05 -07:00
["rand"],[
2024-04-13 21:12:22 -05:00
AM_CFLAGS="$AM_CFLAGS \
-DWOLFCRYPT_FIPS_RAND \
-DHAVE_FIPS \
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH"
2019-06-24 15:40:05 -07:00
],
2021-12-16 00:02:26 -06:00
2021-10-26 22:51:59 -05:00
["v1"],[ # FIPS 140-2, Cert 2425
2024-04-13 21:12:22 -05:00
AM_CFLAGS="$AM_CFLAGS \
-DHAVE_FIPS \
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH"
2020-10-12 16:06:20 -07:00
AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
2019-06-24 15:40:05 -07:00
])
2023-07-12 13:47:40 -05:00
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno" && test "$ENABLE_LINUXKM" = "no"],
2019-06-24 15:40:05 -07:00
[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
2024-04-13 21:12:22 -05:00
AS_IF([(test "$ENABLED_NULL_CIPHER" = "yes" || test "$ENABLED_LEANPSK" = "yes") && test "$ENABLED_FIPS" != "no" && test "$FIPS_VERSION" != "dev" && test "$FIPS_VERSION" != "v5-dev"],
2023-08-01 11:17:51 -05:00
[AC_MSG_ERROR([FIPS is incompatible with nullcipher])])
2014-03-19 09:43:57 -07:00
2018-02-22 16:17:08 -07:00
# SELFTEST
AC_ARG_ENABLE([selftest],
[AS_HELP_STRING([--enable-selftest],[Enable selftest, Will NOT work w/o CAVP selftest license (default: disabled)])],
[ ENABLED_SELFTEST=$enableval ],
2020-06-29 15:57:35 -06:00
[ ENABLED_SELFTEST="no" ]
2018-02-22 16:17:08 -07:00
)
2020-06-29 15:57:35 -06:00
AS_CASE([$ENABLED_SELFTEST],
["v2"],[
# selftest v2 (wolfCrypt 4.1.0)
ENABLED_SELFTEST="yes"
SELFTEST_VERSION="v2"
],
["no"],[SELFTEST_VERSION="none"],
[
# selftest v1 (wolfCrypt 3.14.2)
ENABLED_SELFTEST="yes"
SELFTEST_VERSION="v1"
])
AS_CASE([$SELFTEST_VERSION],
["v2"],[
2021-05-06 11:45:40 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_SELFTEST_VERSION=2 -DHAVE_PUBLIC_FFDHE"
2020-06-29 15:57:35 -06:00
],
["v1"],[
2021-05-06 11:45:40 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE"
2020-06-29 15:57:35 -06:00
])
2018-02-22 16:17:08 -07:00
2024-02-09 00:46:54 -06:00
AS_IF([test "x$ENABLED_AESXTS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
2024-03-01 19:40:27 -05:00
# ECC Custom Curves
if test "$ENABLED_ECCCUSTCURVES" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
# For distro, all or ecccustcurves=all builds, enable all curve types
if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all"
then
# Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
# Enable ECC Cofactor support
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH"
# If fastmath enabled and on x86 use speedups
if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64" -o "$host_cpu" = "amd64"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521"
fi
fi
fi
# Curve448
if test "$ENABLED_CURVE448" != "no"
then
if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL"
ENABLED_CURVE448_SMALL=yes
ENABLED_CURVE448=yes
fi
if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT"
ENABLED_CURVE448=yes
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"
ENABLED_FE448=yes
fi
# Ed448
2024-04-16 12:52:46 -05:00
if test "$ENABLED_ED448" != "no"
2024-03-01 19:40:27 -05:00
then
if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DED448_SMALL"
ENABLED_ED448_SMALL=yes
ENABLED_CURVE448_SMALL=yes
ENABLED_ED448=yes
fi
if test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([cannot enable ed448 without enabling sha512.])
fi
if test "x$HAVE_FIPS_VERSION" = "x2"
then
AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode])
fi
ENABLED_FE448=yes
ENABLED_GE448=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448"
# EdDSA448 requires SHAKE256 which requires SHA-3
if test "$ENABLED_SHA3" = "no"
then
ENABLED_SHA3=yes
fi
ENABLED_SHAKE256=yes
ENABLED_CERTS=yes
fi
# SRTP-KDF
if test "$ENABLED_SRTP" = "yes"
then
ENABLED_SRTP_KDF="yes"
fi
if test "$ENABLED_SRTP_KDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_SRTP_KDF -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT"
fi
2024-02-09 00:46:54 -06:00
2022-06-17 15:12:55 -07:00
# Set SHA-3 flags
2024-04-17 00:40:39 -05:00
if test "$ENABLED_SHA3" != "no"
2021-02-24 18:47:53 -08:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
fi
2022-06-17 15:12:55 -07:00
2022-09-01 15:07:15 +10:00
# Set SHAKE128 flags
2024-03-01 19:40:27 -05:00
# FIPS traditionally does not support SHAKE 128, v6 does
2024-03-22 19:04:16 -04:00
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],
2024-03-01 19:40:27 -05:00
[ENABLED_SHAKE128="no"])
2022-09-01 15:07:15 +10:00
2024-04-16 12:52:46 -05:00
if test "$ENABLED_SHAKE128" != "no"
2022-09-01 15:07:15 +10:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE128"
if test "$ENABLED_SHA3" = "no"
then
AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
fi
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"
fi
2022-06-17 15:12:55 -07:00
# Set SHAKE256 flags
2024-03-01 19:40:27 -05:00
# FIPS traditionally does not support SHAKE 256, v6 does
2024-03-22 19:04:16 -04:00
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],
2024-03-01 19:40:27 -05:00
[ENABLED_SHAKE256="no"])
2020-12-04 10:42:28 -08:00
2024-04-16 12:52:46 -05:00
if test "$ENABLED_SHAKE256" != "no"
2020-12-04 10:42:28 -08:00
then
2022-06-17 15:12:55 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256"
if test "$ENABLED_SHA3" = "no"
2020-12-04 10:42:28 -08:00
then
2022-06-17 15:12:55 -07:00
AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
2020-12-04 10:42:28 -08:00
fi
2022-06-17 15:12:55 -07:00
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
2020-12-04 10:42:28 -08:00
fi
2020-10-12 16:06:20 -07:00
# set POLY1305 default
POLY1305_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
POLY1305_DEFAULT=no
fi
2015-04-12 11:01:16 -07:00
# POLY1305
AC_ARG_ENABLE([poly1305],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
[ ENABLED_POLY1305=$enableval ],
[ ENABLED_POLY1305=$POLY1305_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# leanpsk and leantls don't need poly1305
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2015-04-12 11:01:16 -07:00
then
ENABLED_POLY1305=no
fi
2018-12-23 15:59:57 -08:00
if test "$ENABLED_POLY1305" = "yes"
2015-04-12 11:01:16 -07:00
then
2022-04-08 10:12:24 -06:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305"
2015-04-12 11:01:16 -07:00
fi
# set CHACHA default
CHACHA_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
CHACHA_DEFAULT=no
fi
# CHACHA
AC_ARG_ENABLE([chacha],
2017-11-06 14:37:34 -08:00
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
2015-04-12 11:01:16 -07:00
[ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
# leanpsk and leantls don't need chacha
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2015-04-12 11:01:16 -07:00
then
ENABLED_CHACHA=no
fi
2017-11-06 14:37:34 -08:00
if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
then
2021-06-23 21:25:27 +10:00
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
2017-11-06 14:37:34 -08:00
fi
2021-06-23 21:25:27 +10:00
if test "$ENABLED_CHACHA" != "no"
2015-04-12 11:01:16 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
fi
2020-10-01 12:21:38 -05:00
# XCHACHA
AC_ARG_ENABLE([xchacha],
[AS_HELP_STRING([--enable-xchacha],[Enable XCHACHA (default: disabled).])],
[ ENABLED_XCHACHA=$enableval ],
[ ENABLED_XCHACHA=no]
)
if test "$ENABLED_XCHACHA" = "yes"
then
if test "$ENABLED_CHACHA" = "no"
then
AC_MSG_ERROR([XChaCha (--enable-xchacha) depends on ChaCha (--enable-chacha)])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_XCHACHA"
fi
2014-05-07 11:54:12 -07:00
# Hash DRBG
AC_ARG_ENABLE([hashdrbg],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])],
2014-05-07 11:54:12 -07:00
[ ENABLED_HASHDRBG=$enableval ],
2014-12-01 09:12:26 -08:00
[ ENABLED_HASHDRBG=yes ]
2014-05-07 11:54:12 -07:00
)
if test "x$ENABLED_HASHDRBG" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
else
2022-03-17 14:42:23 -07:00
# turn on Hash DRBG if FIPS is on (don't force on for KCAPI)
if test "x$ENABLED_FIPS" = "xyes" && test "x$ENABLED_KCAPI" = "xno"
2014-05-07 11:54:12 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
ENABLED_HASHDRBG=yes
2017-03-17 13:44:53 -07:00
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
2014-05-07 11:54:12 -07:00
fi
fi
2024-03-01 19:40:27 -05:00
# MemUse Entropy (AKA wolfEntropy)
2022-11-25 12:40:35 +10:00
if test "x$ENABLED_ENTROPY_MEMUSE" != "xno"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ENTROPY_MEMUSE"
enable_sha3=yes
for v in `echo $ENABLED_ENTROPY_MEMUSE | tr "," " "`
do
case $v in
yes)
;;
thread)
AM_CFLAGS="$AM_CFLAGS -DENTROPY_MEMUSE_THREAD"
;;
nofallback)
AM_CFLAGS="$AM_CFLAGS -DENTROPY_MEMUSE_FORCE_FAILURE"
;;
*)
AC_MSG_ERROR([Invalid MemUse Entropy option. Valid are: thread, nofallback. Seen: $ENABLED_ENTROPY_MEMUSE.])
break;;
esac
done
fi
2015-08-13 10:20:47 +02:00
# Filesystem Build
2020-09-17 22:15:58 -05:00
if test "$ENABLED_LINUXKM" = "yes"
then
ENABLED_FILESYSTEM_DEFAULT=no
else
ENABLED_FILESYSTEM_DEFAULT=yes
fi
2013-03-13 12:14:05 -07:00
AC_ARG_ENABLE([filesystem],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])],
2013-03-13 12:14:05 -07:00
[ ENABLED_FILESYSTEM=$enableval ],
2020-09-17 22:15:58 -05:00
[ ENABLED_FILESYSTEM=$ENABLED_FILESYSTEM_DEFAULT ]
2011-06-30 10:07:49 -07:00
)
2013-03-13 12:14:05 -07:00
if test "$ENABLED_FILESYSTEM" = "no"
2011-06-30 10:07:49 -07:00
then
2011-08-24 15:54:58 -07:00
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
2013-03-13 12:14:05 -07:00
else
# turn off filesystem if leanpsk on
2020-09-17 22:15:58 -05:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LINUXKM" = "yes"
2013-03-13 12:14:05 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no
fi
2011-06-30 10:07:49 -07:00
fi
2015-08-13 10:20:47 +02:00
# inline Build
2013-03-13 12:25:34 -07:00
AC_ARG_ENABLE([inline],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
2013-03-13 12:25:34 -07:00
[ ENABLED_INLINE=$enableval ],
[ ENABLED_INLINE=yes ]
2011-08-03 10:59:08 -07:00
)
2013-03-13 12:25:34 -07:00
if test "$ENABLED_INLINE" = "no"
2011-08-03 10:59:08 -07:00
then
2011-08-25 11:41:14 -07:00
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
2011-08-03 10:59:08 -07:00
fi
2011-06-07 09:02:36 -07:00
2016-02-23 14:13:52 -03:00
# OCSP
2020-07-01 23:19:13 -04:00
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
2016-12-22 12:53:29 +10:00
then
2021-07-28 09:55:53 -07:00
test "$enable_ocsp" = "" && enable_ocsp=yes
2016-12-22 12:53:29 +10:00
fi
2021-07-28 09:55:53 -07:00
AC_ARG_ENABLE([ocsp],
[AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ]
)
2016-02-23 14:13:52 -03:00
if test "$ENABLED_OCSP" = "yes"
then
# check openssl command tool for testing ocsp
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
if test "$HAVE_OPENSSL_CMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
else
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
fi
fi
2015-12-30 17:10:25 -03:00
# Certificate Status Request : a.k.a. OCSP Stapling
AC_ARG_ENABLE([ocspstapling],
[AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
2020-07-01 23:19:13 -04:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
2016-12-22 12:53:29 +10:00
then
2017-04-11 14:18:41 +02:00
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
2016-12-22 12:53:29 +10:00
fi
2015-12-30 17:10:25 -03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
2016-02-23 14:13:52 -03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
2015-12-30 17:10:25 -03:00
fi
# Certificate Status Request v2 : a.k.a. OCSP stapling v2
AC_ARG_ENABLE([ocspstapling2],
[AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
2020-07-01 23:19:13 -04:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
2016-12-22 12:53:29 +10:00
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
2015-12-30 17:10:25 -03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
2016-02-23 14:13:52 -03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
2015-12-30 17:10:25 -03:00
then
2016-02-23 14:13:52 -03:00
ENABLED_OCSP="yes"
2015-12-30 17:10:25 -03:00
fi
fi
2015-07-21 13:56:47 -06:00
# CRL
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([crl],
2021-08-24 11:12:12 -07:00
[AS_HELP_STRING([--enable-crl],[Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)])],
2012-05-11 12:22:16 -07:00
[ ENABLED_CRL=$enableval ],
2022-06-09 16:23:00 +02:00
[ ENABLED_CRL=no ]
2012-05-11 12:22:16 -07:00
)
2021-08-24 11:12:12 -07:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
2021-10-01 14:08:58 +02:00
test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
2022-06-09 16:23:00 +02:00
test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes"
2016-12-22 12:53:29 +10:00
then
ENABLED_CRL=yes
fi
2021-08-24 11:12:12 -07:00
if test "$ENABLED_CRL" != "no"
2012-05-11 12:22:16 -07:00
then
2012-06-05 11:31:00 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
2012-05-11 12:22:16 -07:00
fi
2021-08-31 16:28:24 -07:00
if test "$ENABLED_CRL" = "io"
2021-08-24 11:12:12 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO"
fi
2012-05-11 12:22:16 -07:00
2012-06-05 11:31:00 -07:00
# CRL Monitor
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([crl-monitor],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])],
2012-06-05 11:31:00 -07:00
[ ENABLED_CRL_MONITOR=$enableval ],
2022-06-09 16:23:00 +02:00
[ ENABLED_CRL_MONITOR=no ]
2012-06-05 11:31:00 -07:00
)
if test "$ENABLED_CRL_MONITOR" = "yes"
then
2012-11-16 10:47:13 -08:00
case $host_os in
2012-11-16 13:25:45 -08:00
*linux* | *darwin* | *freebsd*)
2020-07-31 09:20:39 -07:00
if test "x$ENABLED_SINGLETHREADED" = "xno"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
else
ENABLED_CRL_MONITOR="no"
AC_MSG_ERROR([crl monitor requires threading / pthread])
fi
;;
2012-11-16 10:47:13 -08:00
*)
2016-12-07 07:07:27 -08:00
if test "x$ENABLED_DISTRO" = "xyes" ; then
ENABLED_CRL_MONITOR="no"
else
AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
fi
break;;
2012-11-16 10:47:13 -08:00
esac
2012-06-05 11:31:00 -07:00
fi
2016-05-05 15:31:25 -06:00
# Whitewood netRandom client library
ENABLED_WNR="no"
trywnrdir=""
AC_ARG_WITH([wnr],
[AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
[
AC_MSG_CHECKING([for Whitewood netRandom])
LIBS="$LIBS -lwnr"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
2019-03-01 15:54:08 -08:00
if test "x$wnr_linked" = "xno" ; then
2016-05-05 15:31:25 -06:00
if test "x$withval" != "xno" ; then
trywnrdir=$withval
fi
2019-03-01 15:54:08 -08:00
if test "x$withval" = "xyes" ; then
2016-05-05 15:31:25 -06:00
trywnrdir="/usr/local"
fi
2023-01-25 23:45:21 -06:00
CPPFLAGS="$AM_CPPFLAGS -DHAVE_WNR -I$trywnrdir/include"
2016-05-05 15:31:25 -06:00
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
2019-03-01 15:54:08 -08:00
if test "x$wnr_linked" = "xno" ; then
2016-05-05 15:31:25 -06:00
AC_MSG_ERROR([Whitewood netRandom isn't found.
If it's already installed, specify its path using --with-wnr=/dir/])
fi
AC_MSG_RESULT([yes])
2023-01-25 23:45:21 -06:00
AM_CPPFLAGS="$CPPFLAGS"
2016-05-05 15:31:25 -06:00
AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
ENABLED_WNR="yes"
]
)
2013-05-21 14:37:50 -07:00
# SNI
2023-06-29 09:26:14 -07:00
# enable SNI automatically for x86_64/x86/aarch64/amd64
SNI_DEFAULT=no
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "x86" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
then
SNI_DEFAULT=yes
fi
2013-05-21 14:37:50 -07:00
AC_ARG_ENABLE([sni],
2023-06-29 09:26:14 -07:00
[AS_HELP_STRING([--enable-sni],[Enable SNI (default: enabled on x86_64/x86/aarch64/amd64)])],
2013-05-21 14:37:50 -07:00
[ ENABLED_SNI=$enableval ],
2023-06-29 09:26:14 -07:00
[ ENABLED_SNI=$SNI_DEFAULT ]
2013-05-21 14:37:50 -07:00
)
2023-06-29 09:26:14 -07:00
if test "x$ENABLED_QT" = "xyes" || test "$ENABLED_QUIC" = "yes"
2019-12-06 14:27:01 -07:00
then
ENABLED_SNI="yes"
fi
2013-05-21 14:37:50 -07:00
if test "x$ENABLED_SNI" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
fi
2013-06-19 15:45:06 -03:00
# Maximum Fragment Length
AC_ARG_ENABLE([maxfragment],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])],
2013-06-19 15:45:06 -03:00
[ ENABLED_MAX_FRAGMENT=$enableval ],
[ ENABLED_MAX_FRAGMENT=no ]
)
2015-10-13 15:00:53 -07:00
# ALPN
AC_ARG_ENABLE([alpn],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])],
2015-10-13 15:00:53 -07:00
[ ENABLED_ALPN=$enableval ],
[ ENABLED_ALPN=no ]
)
2022-03-24 10:19:28 -07:00
2022-03-11 19:57:54 +01:00
if test "$ENABLED_BIND" = "yes"
then
ENABLED_ALPN=yes
fi
2015-10-13 15:00:53 -07:00
2022-08-08 13:24:00 +02:00
if test "$ENABLED_QUIC" = "yes"
then
ENABLED_ALPN=yes
fi
2015-10-13 15:00:53 -07:00
if test "x$ENABLED_ALPN" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
# Maximum Fragment Length
2013-06-19 15:45:06 -03:00
if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
fi
2018-09-28 09:05:59 -07:00
# Trusted CA Indication Extension
AC_ARG_ENABLE([trustedca],
[AS_HELP_STRING([--enable-trustedca],[Enable Trusted CA Indication (default: disabled)])],
[ ENABLED_TRUSTED_CA=$enableval ],[ ENABLED_TRUSTED_CA=no ])
AS_IF([test "x$ENABLED_TRUSTED_CA" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUSTED_CA"])
2013-07-23 15:42:43 -03:00
# Truncated HMAC
AC_ARG_ENABLE([truncatedhmac],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])],
2013-07-23 15:42:43 -03:00
[ ENABLED_TRUNCATED_HMAC=$enableval ],
[ ENABLED_TRUNCATED_HMAC=no ]
)
if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
fi
2014-09-16 20:33:17 -03:00
# Renegotiation Indication - (FAKE Secure Renegotiation)
2022-02-17 10:55:51 -08:00
# Client will send TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not supported
# with enabling secure renegotiation
2014-01-21 11:36:06 -03:00
AC_ARG_ENABLE([renegotiation-indication],
2022-02-17 10:55:51 -08:00
[AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication for client via empty cipher (default: disabled)])],
2014-01-21 11:36:06 -03:00
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
[ ENABLED_RENEGOTIATION_INDICATION=no ]
)
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
2014-09-05 14:29:18 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
2014-01-21 11:36:06 -03:00
fi
2014-09-16 20:33:17 -03:00
# Secure Renegotiation
AC_ARG_ENABLE([secure-renegotiation],
2015-03-12 12:25:39 -07:00
[AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
2014-09-16 20:33:17 -03:00
[ ENABLED_SECURE_RENEGOTIATION=$enableval ],
[ ENABLED_SECURE_RENEGOTIATION=no ]
)
2021-04-20 16:15:42 +02:00
if test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SECURE_RENEGOTIATION=yes
fi
2014-09-16 20:33:17 -03:00
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
then
2014-10-02 10:18:11 -07:00
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
fi
2018-11-27 17:33:49 -08:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
2014-09-16 20:33:17 -03:00
fi
2022-01-10 15:55:37 -08:00
# Secure Renegotiation Info
AC_ARG_ENABLE([secure-renegotiation-info],
[AS_HELP_STRING([--enable-secure-renegotiation-info],[Enable Secure Renegotiation info extension (default: enabled)])],
[ ENABLED_SECURE_RENEGOTIATION_INFO=$enableval ],
[ ENABLED_SECURE_RENEGOTIATION_INFO=yes ]
)
2019-06-28 15:30:35 +10:00
# Fallback SCSV
AC_ARG_ENABLE([fallback-scsv],
[AS_HELP_STRING([--enable-fallback-scsv],[Enable Fallback SCSV (default: disabled)])],
[ ENABLED_FALLBACK_SCSV=$enableval ],
[ ENABLED_FALLBACK_SCSV=no ]
)
if test "x$ENABLED_FALLBACK_SCSV" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FALLBACK_SCSV"
fi
2020-11-10 17:50:45 +01:00
# Exporting Keying Material
AC_ARG_ENABLE([keying-material],
[AS_HELP_STRING([--enable-keying-material],[Enable Keying Material Exporters (default: disabled)])],
[ ENABLED_KEYING_MATERIAL=$enableval ],
[ ENABLED_KEYING_MATERIAL=no ]
)
2022-12-20 16:42:28 +01:00
if test "$ENABLED_CHRONY" = "yes" || test "$ENABLED_SRTP" = "yes"
2022-01-18 22:02:50 -08:00
then
ENABLED_KEYING_MATERIAL=yes
fi
2020-11-10 17:50:45 +01:00
if test "x$ENABLED_KEYING_MATERIAL" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL"
fi
2014-02-03 16:11:57 -03:00
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
2016-09-16 13:26:56 -07:00
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
[ENABLED_SUPPORTED_CURVES=$enableval],
2018-03-07 09:41:07 -08:00
[ENABLED_SUPPORTED_CURVES=yes])
2013-08-26 12:44:50 -03:00
2014-02-03 16:11:57 -03:00
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
2013-08-26 12:44:50 -03:00
then
2020-07-07 22:47:28 +10:00
AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno"],
2016-09-16 13:26:56 -07:00
[ENABLED_SUPPORTED_CURVES=no],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
2013-08-26 12:44:50 -03:00
fi
2019-02-18 10:57:12 +10:00
# Diffie-Hellman
2022-06-23 15:00:59 -05:00
if test "$ENABLED_DH" != "no"
2019-02-18 10:57:12 +10:00
then
if test "$ENABLED_TLS13" = "yes" || test "$ENABLED_SUPPORTED_CURVES" = "yes"
then
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048"
2019-02-18 10:57:12 +10:00
fi
fi
# FFDHE parameters only
AC_ARG_ENABLE([ffdhe-only],
[AS_HELP_STRING([--enable-ffdhe-only],[Enable using only FFDHE in client (default: disabled)])],
[ ENABLED_FFDHE_ONLY=$enableval ],
[ ENABLED_FFDHE_ONLY=no ]
)
if test "x$ENABLED_FFDHE_ONLY" = "xyes"
then
if test "$ENABLED_DH" = "no"
then
AC_MSG_ERROR([FFDHE only support requires DH support])
fi
if test "$ENABLED_SUPPORTED_CURVES" = "no"
then
AC_MSG_ERROR([FFDHE only support requires Supported Curves extension])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
fi
2021-04-28 10:28:35 -07:00
# TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448 or libOQS
2020-10-28 11:47:31 +10:00
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ECC" = "xno" && \
2020-06-05 10:26:32 -07:00
(test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \
(test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \
2021-04-28 10:28:35 -07:00
(test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno") && \
test "x$ENABLED_LIBOQS" = "xno"
2020-06-02 14:41:19 -07:00
then
# disable TLS 1.3
ENABLED_TLS13=no
fi
2020-10-28 11:47:31 +10:00
if test "$ENABLED_TLS13" = "yes" && (test "x$ENABLED_ECC" = "xyes" || \
2022-06-23 15:00:59 -05:00
test "$ENABLED_DH" != "no")
2020-10-28 11:47:31 +10:00
then
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"
2020-10-28 11:47:31 +10:00
fi
2020-06-05 10:26:32 -07:00
if test "$ENABLED_TLS13" = "yes"
2020-06-02 14:41:19 -07:00
then
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS"
2020-06-02 14:41:19 -07:00
fi
2014-09-29 16:43:28 -03:00
# Session Ticket Extension
AC_ARG_ENABLE([session-ticket],
2015-03-12 12:25:39 -07:00
[AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
2014-09-29 16:43:28 -03:00
[ ENABLED_SESSION_TICKET=$enableval ],
[ ENABLED_SESSION_TICKET=no ]
)
2020-07-01 23:19:13 -04:00
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
2016-12-22 12:53:29 +10:00
then
ENABLED_SESSION_TICKET=yes
fi
2014-09-29 16:43:28 -03:00
if test "x$ENABLED_SESSION_TICKET" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
2022-09-14 15:35:12 +02:00
AC_ARG_ENABLE([ticket-nonce-malloc],
[AS_HELP_STRING([--enable-ticket-nonce-malloc], [Enable dynamic allocation of ticket nonces (default: disabled)])],
[ ENABLED_TICKET_NONCE_MALLOC=$enableval ],
2024-03-22 11:46:22 +01:00
[ ENABLED_TICKET_NONCE_MALLOC=no_implicit ]
2022-09-14 15:35:12 +02:00
)
if test "$ENABLED_TICKET_NONCE_MALLOC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_NONCE_MALLOC"
fi
2016-09-01 15:12:54 -06:00
# Extended Master Secret Extension
AC_ARG_ENABLE([extended-master],
2016-09-09 23:16:52 -07:00
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
2016-09-01 15:12:54 -06:00
[ ENABLED_EXTENDED_MASTER=$enableval ],
2016-09-09 23:16:52 -07:00
[ ENABLED_EXTENDED_MASTER=yes ]
2016-09-01 15:12:54 -06:00
)
2022-06-30 10:12:07 -07:00
if test "$ENABLED_CRYPTONLY" = "yes"
then
ENABLED_EXTENDED_MASTER=no
fi
2016-09-01 15:12:54 -06:00
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
then
2016-09-09 23:16:52 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
2016-09-01 15:12:54 -06:00
fi
2013-06-19 15:45:06 -03:00
# TLS Extensions
AC_ARG_ENABLE([tlsx],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])],
2013-06-19 15:45:06 -03:00
[ ENABLED_TLSX=$enableval ],
[ ENABLED_TLSX=no ]
)
2022-01-18 22:02:50 -08:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_CHRONY" = "yes"
2016-12-22 12:53:29 +10:00
then
ENABLED_TLSX=yes
fi
2013-06-19 15:45:06 -03:00
if test "x$ENABLED_TLSX" = "xyes"
then
2016-09-16 13:26:56 -07:00
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_ALPN=yes
2018-09-28 09:05:59 -07:00
ENABLED_TRUSTED_CA=yes
2019-08-22 09:33:38 +10:00
ENABLED_ENCRYPT_THEN_MAC=yes
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
2016-09-16 13:26:56 -07:00
# Check the ECC supported curves prereq
2024-04-27 01:12:58 -05:00
AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
2016-09-16 13:26:56 -07:00
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
2013-06-19 15:45:06 -03:00
fi
2011-02-05 11:14:47 -08:00
2017-06-19 11:37:10 +10:00
# Early Data handshake in TLS v1.3 and above
AC_ARG_ENABLE([earlydata],
[AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])],
2017-06-22 12:40:41 +10:00
[ ENABLED_TLS13_EARLY_DATA=$enableval ],
[ ENABLED_TLS13_EARLY_DATA=no ]
2017-06-19 11:37:10 +10:00
)
2018-09-03 08:48:28 +10:00
if test "$ENABLED_TLS13_EARLY_DATA" = "group"
then
ENABLED_TLS13_EARLY_DATA="yes"
# Group EarlyData with ClientHello
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA_GROUP"
2018-09-03 08:48:28 +10:00
fi
2017-06-22 12:40:41 +10:00
if test "$ENABLED_TLS13_EARLY_DATA" = "yes"
2017-06-19 11:37:10 +10:00
then
2023-04-21 16:05:43 -05:00
if test "x$ENABLED_TLS13" = "xno" && test "x$ENABLED_ALL" = "xno"
2017-06-19 11:37:10 +10:00
then
AC_MSG_ERROR([cannot enable earlydata without enabling tls13.])
fi
if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
fi
2022-03-14 12:03:49 +10:00
if test "x$ENABLED_TLS13" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA"
fi
2017-06-19 11:37:10 +10:00
fi
2018-08-28 15:37:15 +10:00
if test "$ENABLED_TLSV12" = "no" && test "$ENABLED_TLS13" = "yes" && test "x$ENABLED_SESSION_TICKET" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE"
fi
2017-06-19 11:37:10 +10:00
2014-01-10 16:11:17 -07:00
# PKCS7
2014-01-10 15:17:03 -07:00
AC_ARG_ENABLE([pkcs7],
2016-09-15 11:17:30 -07:00
[AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
2014-01-10 15:17:03 -07:00
[ ENABLED_PKCS7=$enableval ],
2020-12-23 08:09:24 -08:00
[ ENABLED_PKCS7=no ]
2014-01-10 15:17:03 -07:00
)
2022-06-10 18:13:39 +02:00
if test "x$ENABLED_WPAS_DPP" = "xyes"
then
ENABLED_PKCS7=yes
fi
2014-01-10 15:17:03 -07:00
2017-10-04 15:24:22 -07:00
# wolfSSH Options
2022-05-03 12:08:13 -04:00
AC_ARG_ENABLE([wolfssh],
[AS_HELP_STRING([--enable-wolfssh],[Enable wolfSSH options (default: disabled)])],
2017-10-04 15:24:22 -07:00
[ ENABLED_WOLFSSH=$enableval ],
[ ENABLED_WOLFSSH=no ]
)
2022-05-03 12:08:13 -04:00
AC_ARG_ENABLE([ssh],
[AS_HELP_STRING([--enable-ssh],[Enable wolfSSH options (default: disabled)])],
[ ENABLED_SSH=$enableval ],
[ ENABLED_SSH=no ]
)
if test "x$ENABLED_SSH" = "xyes"
then
2022-05-04 09:28:08 -04:00
ENABLED_WOLFSSH="yes"
2022-05-03 12:08:13 -04:00
fi
2020-12-23 08:09:24 -08:00
# wolfTPM Options
AC_ARG_ENABLE([wolftpm],
[AS_HELP_STRING([--enable-wolftpm],[Enable wolfTPM options (default: disabled)])],
[ ENABLED_WOLFTPM=$enableval ],
[ ENABLED_WOLFTPM=no ]
)
2021-09-01 08:44:00 -06:00
# wolfCLU Options
AC_ARG_ENABLE([wolfclu],
[AS_HELP_STRING([--enable-wolfclu],[Enable wolfCLU options (default: disabled)])],
[ ENABLED_WOLFCLU=$enableval ],
[ ENABLED_WOLFCLU=no ]
)
2020-12-23 08:09:24 -08:00
if test "x$ENABLED_WOLFTPM" = "xyes"
then
# Requires cryptocb (set in its enable section)
# Requires certgen, certreq, certext
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
# Requires PKCS7
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
# Requires aescfb
if test "x$ENABLED_AESCFB" = "xno"
then
ENABLED_AESCFB="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
fi
2023-08-07 15:06:58 -07:00
# Requires public mp_
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
2020-12-23 08:09:24 -08:00
fi
2021-02-08 17:12:24 -07:00
if test "x$ENABLED_SMIME" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SMIME"
# Requires PKCS7
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
fi
2020-12-23 08:09:24 -08:00
2014-01-27 11:35:43 -08:00
# Simple Certificate Enrollment Protocol (SCEP)
AC_ARG_ENABLE([scep],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])],
2014-01-27 11:35:43 -08:00
[ ENABLED_WOLFSCEP=$enableval ],
[ ENABLED_WOLFSCEP=no ]
)
2015-08-13 10:20:47 +02:00
# Secure Remote Password
AC_ARG_ENABLE([srp],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])],
2015-08-13 10:20:47 +02:00
[ ENABLED_SRP=$enableval ],
[ ENABLED_SRP=no ]
)
if test "x$ENABLED_SRP" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
2018-02-19 13:40:18 +10:00
# Indefinite length encoded BER message support
AC_ARG_ENABLE([indef],
[AS_HELP_STRING([--enable-indef],[Enable parsing of indefinite length encoded msgs (default: disabled)])],
[ ENABLED_BER_INDEF=$enableval ],
[ ENABLED_BER_INDEF=no ]
)
if test "x$ENABLED_BER_INDEF" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER"
fi
2023-02-07 21:45:06 -06:00
# Alternate certification chains, as opposed to requiring full chain validation.
2021-10-06 18:14:51 -07:00
# Certificate validation behavior is relaxed, similar to openssl and
# browsers. Only the peer certificate must validate to a trusted
# certificate. Without this, all certificates sent by a peer must be
# used in the trust chain or the connection will be rejected.
AC_ARG_ENABLE([altcertchains],
[AS_HELP_STRING([--enable-altcertchains],[Enable using alternative certificate chains, only require leaf certificate to validate to trust root (default: disabled)])],
[ ENABLED_ALT_CERT_CHAINS=$enableval ],
[ ENABLED_ALT_CERT_CHAINS=no ]
)
if test "x$ENABLED_ALT_CERT_CHAINS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
fi
2018-02-19 13:40:18 +10:00
2020-08-20 15:41:18 -05:00
# Small Stack - Cache on object
AC_ARG_ENABLE([smallstackcache],
[AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])],
[ ENABLED_SMALL_STACK_CACHE=$enableval ],
2020-11-26 00:19:35 -06:00
[ ENABLED_SMALL_STACK_CACHE=no ]
2020-08-20 15:41:18 -05:00
)
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK_CACHE"
fi
# Small Stack
2020-09-30 14:26:17 -05:00
if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
2020-08-20 15:41:18 -05:00
then
ENABLED_SMALL_STACK_DEFAULT=yes
else
ENABLED_SMALL_STACK_DEFAULT=no
fi
AC_ARG_ENABLE([smallstack],
[AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])],
[ ENABLED_SMALL_STACK=$enableval ],
[ ENABLED_SMALL_STACK=$ENABLED_SMALL_STACK_DEFAULT ]
)
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
then
ENABLED_SMALL_STACK=yes
fi
if test "x$ENABLED_SMALL_STACK" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
fi
2020-08-17 11:49:09 -05:00
2012-12-04 21:28:18 -08:00
#valgrind
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([valgrind],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])],
2012-12-04 21:28:18 -08:00
[ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ]
)
if test "$ENABLED_VALGRIND" = "yes"
then
2012-12-12 14:33:21 -08:00
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
2012-12-04 21:28:18 -08:00
2013-05-16 16:20:51 -07:00
if test "$HAVE_VALGRIND" = "no"
then
2012-12-04 21:28:18 -08:00
AC_MSG_ERROR([Valgrind not found.])
fi
enable_shared=no
2013-03-27 15:17:21 -07:00
enable_static=yes
2013-01-04 15:52:46 -08:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
2012-12-04 21:28:18 -08:00
fi
2015-08-13 10:20:47 +02:00
# Test certs, use internal cert functions for extra testing
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([testcert],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])],
2011-06-03 13:01:45 -07:00
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
)
if test "$ENABLED_TESTCERT" = "yes"
then
2014-12-31 13:04:03 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
2011-06-03 13:01:45 -07:00
fi
2014-03-13 18:54:51 -07:00
# I/O Pool, an example to show user how to override memory handler and use
# a pool for the input/output buffer requests
AC_ARG_ENABLE([iopool],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])],
2014-03-13 18:54:51 -07:00
[ ENABLED_IOPOOL=$enableval ],
[ ENABLED_IOPOOL=no ]
)
if test "$ENABLED_IOPOOL" = "yes"
then
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
fi
2015-08-13 10:20:47 +02:00
# Certificate Service Support
2014-02-11 13:08:12 -08:00
if test "$ENABLED_CERT_SERVICE" = "yes"
then
2014-02-13 08:53:12 -08:00
# Requires ecc,certgen, and opensslextra make sure on
2014-02-11 13:08:12 -08:00
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
2014-12-31 13:04:03 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
2014-02-11 13:08:12 -08:00
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
2016-05-04 23:14:30 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2016-11-22 11:25:40 -08:00
2016-05-04 23:14:30 -07:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2014-02-11 13:08:12 -08:00
fi
2017-09-25 18:47:36 -07:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2014-02-13 08:53:12 -08:00
then
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
2014-02-13 08:53:12 -08:00
fi
2014-12-31 13:04:03 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
2014-02-11 13:08:12 -08:00
fi
2015-10-15 13:27:43 -06:00
# wolfSSL JNI
AC_ARG_ENABLE([jni],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])],
2015-10-15 13:27:43 -06:00
[ ENABLED_JNI=$enableval ],
[ ENABLED_JNI=no ]
)
if test "$ENABLED_JNI" = "yes"
then
2023-11-22 16:33:22 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
2015-10-15 13:27:43 -06:00
# Enable prereqs if not already enabled
if test "x$ENABLED_DTLS" = "xno"
then
ENABLED_DTLS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
2020-08-05 15:43:26 -06:00
if test "x$ENABLED_OPENSSLALL" = "xno"
then
ENABLED_OPENSSLALL="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL"
fi
2015-10-15 13:27:43 -06:00
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
2016-12-07 07:07:27 -08:00
if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
2015-10-15 13:27:43 -06:00
then
ENABLED_CRL_MONITOR="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
fi
if test "x$ENABLED_SAVESESSION" = "xno"
then
ENABLED_SAVESESSION="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
if test "x$ENABLED_SAVECERT" = "xno"
then
ENABLED_SAVECERT="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
if test "x$ENABLED_ATOMICUSER" = "xno"
then
ENABLED_ATOMICUSER="yes"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
2016-05-04 23:14:30 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2016-11-22 11:25:40 -08:00
2016-05-04 23:14:30 -07:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2015-10-15 13:27:43 -06:00
fi
2022-04-21 11:06:54 -06:00
# Do not enable PK Callbacks in FIPS mode with JNI
if test "x$ENABLED_PKCALLBACKS" = "xno" && test "$ENABLED_FIPS" = "no"
2015-10-15 13:27:43 -06:00
then
ENABLED_PKCALLBACKS="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
if test "x$ENABLED_DH" = "xno"
then
ENABLED_DH="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
fi
if test "x$ENABLED_PSK" = "xno"
then
ENABLED_PSK="yes"
fi
2019-03-06 13:28:53 -07:00
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
2023-10-13 10:07:04 -06:00
# wolfCrypt JNI/JCE uses keygen, enable by default here so
# both JCE and JSSE builds can use --enable-jni
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
2023-09-01 11:59:21 -06:00
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
2020-06-03 14:24:10 -06:00
if test "x$ENABLED_SNI" = "xno"
then
ENABLED_SNI="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
fi
2020-08-05 15:43:26 -06:00
if test "x$ENABLED_ALPN" = "xno"
then
ENABLED_ALPN="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ALPN"
fi
2023-10-13 10:07:04 -06:00
if test "x$ENABLED_ALT_CERT_CHAINS" = "xno"
then
ENABLED_ALT_CERT_CHAINS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
fi
2023-07-06 15:06:32 -06:00
# cert gen requires alt names
ENABLED_ALTNAMES="yes"
2015-10-15 13:27:43 -06:00
fi
2015-07-09 09:14:33 -06:00
if test "$ENABLED_LIGHTY" = "yes"
then
# Requires opensslextra make sure on
2017-09-25 18:47:36 -07:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2015-07-09 09:14:33 -06:00
then
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
2015-07-09 09:14:33 -06:00
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
2020-07-01 23:19:13 -04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
2020-07-02 13:34:06 -04:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL"
2022-01-04 13:09:13 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
2020-07-31 15:20:22 -04:00
# recommended if building wolfSSL specifically for use by lighttpd
2020-07-31 09:20:39 -07:00
if test "x$ENABLED_ALL" = "xno"; then
2020-08-05 20:32:09 -04:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_COMP"
if test "x$ENABLED_SSLV3" = "xno"; then
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3"
if test "x$ENABLED_TLSV10" = "xno"; then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no
fi
fi
2020-07-31 15:20:22 -04:00
if test "x$ENABLED_CRL_MONITOR" = "xno"; then
AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED"
ENABLED_SINGLETHREADED="yes"
fi
2020-07-31 09:20:39 -07:00
2020-07-31 15:20:22 -04:00
# w/ lighttpd 1.4.56 once wolfSSL updated to expose non-filesystem funcs
2020-07-08 04:27:09 -04:00
#AM_CFLAGS="$AM_CFLAGS -DNO_BIO"
2020-07-31 09:20:39 -07:00
#AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
#ENABLED_FILESYSTEM=no
fi
2015-07-09 09:14:33 -06:00
fi
2016-12-22 12:53:29 +10:00
if test "$ENABLED_NGINX" = "yes"
then
2018-06-25 15:24:40 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX -DWOLFSSL_SIGNER_DER_CERT"
2023-07-06 16:48:41 +02:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ERROR_CODE_OPENSSL"
2016-12-22 12:53:29 +10:00
fi
2017-03-28 13:28:36 +02:00
if test "$ENABLED_HAPROXY" = "yes"
then
2021-04-20 16:15:42 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY -DOPENSSL_COMPATIBLE_DEFAULTS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"
2021-07-23 22:00:26 -05:00
# --enable-all defines its own DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS
if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"
then
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
fi
2021-04-20 16:15:42 +02:00
# Requires opensslextra and opensslall
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2017-03-28 13:28:36 +02:00
then
2021-04-20 16:15:42 +02:00
ENABLED_OPENSSLALL="yes"
2017-03-28 13:28:36 +02:00
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
2021-04-20 16:15:42 +02:00
fi
2021-07-23 22:00:26 -05:00
2021-04-20 16:15:42 +02:00
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
2021-07-23 22:00:26 -05:00
2021-04-20 16:15:42 +02:00
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
2021-07-23 22:00:26 -05:00
2021-04-20 16:15:42 +02:00
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
2017-03-28 13:28:36 +02:00
fi
2021-07-23 22:00:26 -05:00
2022-11-22 10:42:05 -06:00
# Requires key gen make sure on
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
2017-03-28 13:28:36 +02:00
fi
2021-07-09 15:14:11 +02:00
if test "$ENABLED_NETSNMP" = "yes"
then
2021-07-13 20:37:32 +02:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
2021-07-09 15:14:11 +02:00
if test "x$ENABLED_AESCFB" = "xno"
then
ENABLED_AESCFB="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
fi
if test "x$ENABLED_DTLS" = "xno"
then
ENABLED_DTLS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
fi
fi
2021-10-01 14:08:58 +02:00
if test "$ENABLED_KRB" = "yes"
then
2021-12-16 14:35:39 +01:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KRB -DWOLFSSL_AES_DIRECT -DWOLFSSL_DES_ECB"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
2021-10-01 14:08:58 +02:00
# Requires PKCS7
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
fi
2022-03-28 12:47:19 +02:00
if test "$ENABLED_FFMPEG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FFMPEG -DOPENSSL_COMPATIBLE_DEFAULTS"
fi
2017-11-13 18:12:18 +09:00
if test "$ENABLED_SIGNAL" = "yes"
then
2020-12-16 12:44:01 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
2017-11-13 18:12:18 +09:00
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
2017-11-13 18:12:18 +09:00
fi
fi
2021-05-21 16:56:36 +02:00
if test "$ENABLED_BIND" = "yes"
then
2021-06-15 17:13:29 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS"
2021-05-21 16:56:36 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512"
2022-03-11 19:57:54 +01:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
2021-06-01 17:36:03 +02:00
ENABLED_SHA224="yes"
ENABLED_SHA384="yes"
ENABLED_SHA512="yes"
2021-05-21 16:56:36 +02:00
fi
2021-08-12 09:50:06 -07:00
if test "$ENABLED_RSYSLOG" = "yes"
then
2021-08-16 15:13:36 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSYSLOG -DWOLFSSL_ERROR_CODE_OPENSSL"
2021-08-12 09:50:06 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DOPENSSL_COMPATIBLE_DEFAULTS"
fi
2020-01-28 15:29:24 +01:00
if test "$ENABLED_OPENVPN" = "yes"
then
2020-12-22 16:11:08 +01:00
ENABLED_SUPPORTED_CURVES="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENVPN -DHAVE_KEYING_MATERIAL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN"
2020-01-28 15:29:24 +01:00
fi
2023-06-22 16:43:10 -07:00
if test "$ENABLED_HITCH" = "yes"
then
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
# Requires ALPN
if test "x$ENABLED_ALPN" = "xno"
then
ENABLED_ALPN="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HITCH -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_CIPHER_INTERNALNAME"
fi
2023-06-02 15:06:22 -07:00
if test "$ENABLED_MEMCACHED" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_ID_CTX"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_MEMCACHED"
fi
2020-01-28 15:29:24 +01:00
2018-09-25 15:14:57 -07:00
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
2017-04-11 14:18:41 +02:00
then
2016-12-22 12:53:29 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
2017-02-09 16:28:32 +10:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
2020-12-21 15:34:56 +07:00
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
2016-12-22 12:53:29 +10:00
fi
2022-05-12 14:08:20 -06:00
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
2019-12-06 14:27:01 -07:00
then
2021-07-28 10:31:15 -07:00
test "$enable_arc4" = "" && enable_arc4=yes
2019-12-06 14:27:01 -07:00
fi
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else
# turn off ARC4 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no
fi
fi
2018-07-02 10:48:02 -06:00
# Asio Support
AC_ARG_ENABLE([asio],
[AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])],
[ ENABLED_ASIO=$enableval ],
[ ENABLED_ASIO=no ]
)
if test "$ENABLED_ASIO" = "yes"
then
2018-08-01 19:45:09 -07:00
# Requires opensslextra and opensslall
2018-07-02 10:48:02 -06:00
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
2018-08-01 19:45:09 -07:00
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
2018-07-02 10:48:02 -06:00
fi
2018-07-18 12:09:12 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN"
2018-08-01 19:45:09 -07:00
AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA"
2022-01-14 15:00:02 -07:00
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2"
2018-07-12 11:59:58 -06:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3"
if test "$ENABLED_TLSV10" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1"
fi
2022-01-14 15:00:02 -07:00
if test "$ENABLED_OLD_TLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_1"
fi
2018-07-02 10:48:02 -06:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
fi
2016-12-22 12:53:29 +10:00
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
# Apache HTTPD
AC_ARG_ENABLE([apachehttpd],
[AS_HELP_STRING([--enable-apachehttpd],[Enable Apache httpd (default: disabled)])],
[ ENABLED_APACHE_HTTPD=$enableval ],
[ ENABLED_APACHE_HTTPD=no ]
)
if test "$ENABLED_APACHE_HTTPD" = "yes"
then
# Requires opensslextra and opensslall
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APACHE_HTTPD"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
2021-03-22 10:45:31 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
2021-12-06 18:44:19 +01:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
# Requires ALPN
if test "x$ENABLED_ALPN" = "xno"
then
ENABLED_ALPN="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
# Requires CRL
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
# Requires Certificate Generation, Request and Extensions
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
# Requires Secure Renegotiation
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xno"
then
2021-07-23 22:00:26 -05:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
fi
fi
# Encrypt-Then-Mac
AC_ARG_ENABLE([enc-then-mac],
2022-04-27 16:30:18 -07:00
[AS_HELP_STRING([--enable-enc-then-mac],[Enable Encrypt-Then-Mac extension (default: enabled)])],
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
[ ENABLED_ENCRYPT_THEN_MAC=$enableval ],
[ ENABLED_ENCRYPT_THEN_MAC=yes ]
)
if test "x$ENABLED_TLSX" = "xyes"
then
ENABLED_ENCRYPT_THEN_MAC=yes
fi
if test "x$ENABLED_ENCRYPT_THEN_MAC" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ENCRYPT_THEN_MAC"
fi
2015-07-14 14:56:26 -06:00
# stunnel Support
AC_ARG_ENABLE([stunnel],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])],
2015-07-14 14:56:26 -06:00
[ ENABLED_STUNNEL=$enableval ],
[ ENABLED_STUNNEL=no ]
)
2017-02-10 08:45:10 +10:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_STUNNEL="yes"
fi
2021-03-12 13:40:07 -06:00
# stunnel support requires all the features enabled within this conditional.
2015-07-14 14:56:26 -06:00
if test "$ENABLED_STUNNEL" = "yes"
then
2017-09-25 18:47:36 -07:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2015-07-14 14:56:26 -06:00
then
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
2015-07-14 14:56:26 -06:00
fi
2021-03-12 13:40:07 -06:00
if test "x$ENABLED_SESSION_TICKET" = "xno"
then
ENABLED_SESSION_TICKET="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_SESSION_TICKET"
fi
2015-08-12 10:10:30 -06:00
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
2015-07-14 14:56:26 -06:00
if test "x$ENABLED_CODING" = "xno"
then
ENABLED_CODING="yes"
fi
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
2015-07-16 16:46:37 -07:00
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
2015-08-12 20:38:51 -06:00
2016-10-05 13:17:26 -06:00
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
2015-08-12 20:38:51 -06:00
if test "x$ENABLED_TLSX" = "xno"
then
ENABLED_TLSX="yes"
2017-06-13 09:44:14 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
# Check the ECC supported curves prereq
2024-04-27 01:12:58 -05:00
AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no"],
2017-06-13 09:44:14 -07:00
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
2015-08-12 20:38:51 -06:00
fi
2015-08-27 17:44:55 -06:00
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
2015-10-12 09:25:54 -06:00
ENABLED_ECC="yes"
2016-05-04 23:14:30 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2016-11-22 11:25:40 -08:00
2016-05-04 23:14:30 -07:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2015-08-27 17:44:55 -06:00
fi
2019-10-23 15:51:19 -07:00
2019-08-21 16:06:33 -07:00
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
2019-10-23 15:51:19 -07:00
2019-08-21 16:06:33 -07:00
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
2015-08-27 17:44:55 -06:00
2021-08-10 17:14:06 -07:00
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
2015-08-12 10:10:30 -06:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
2016-12-22 12:53:29 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
2021-03-12 13:40:07 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DWOLFSSL_SIGNER_DER_CERT"
2022-01-28 14:40:45 +01:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_TICKET_HAVE_ID"
2015-07-14 14:56:26 -06:00
fi
2021-12-22 17:34:58 -05:00
# curl Support
AC_ARG_ENABLE([curl],
[AS_HELP_STRING([--enable-curl],[Enable curl (default: disabled)])],
[ ENABLED_CURL=$enableval ],
[ ENABLED_CURL=no ]
)
# curl support requires all the features enabled within this conditional.
if test "$ENABLED_CURL" = "yes"
then
2023-07-12 13:47:40 -05:00
if test "$ENABLED_MD4" = "no"
then
ENABLED_MD4="yes"
fi
2021-12-22 17:34:58 -05:00
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
2021-12-23 17:27:25 -05:00
if test "x$ENABLED_ALPN" = "xno"
then
ENABLED_ALPN="yes"
fi
if test "x$ENABLED_WOLFSSH" = "xno"
then
ENABLED_WOLFSSH="yes"
fi
2021-12-22 17:34:58 -05:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
fi
2021-12-23 17:27:25 -05:00
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xno"
then
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
fi
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xno"
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
fi
2021-12-29 12:50:50 -05:00
if test "x$ENABLED_SNI" = "xno"
then
ENABLED_SNI="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
fi
if test "x$ENABLED_ALT_CERT_CHAINS" = "xno"
then
ENABLED_ALT_CERT_CHAINS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
fi
2023-04-21 16:05:43 -05:00
if test "x$ENABLE_IP_ALT_NAME" = "xno"
2023-02-06 16:42:01 -06:00
then
ENABLE_IP_ALT_NAME="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
fi
2022-07-29 17:05:04 -04:00
if test "x$ENABLED_SESSION_TICKET" = "xno"
then
ENABLED_SESSION_TICKET="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
# FTPS server requires pointer to session cache
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
2021-12-22 17:34:58 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
2024-03-22 11:46:22 +01:00
# support longer session ticket nonce
if test "$ENABLED_TICKET_NONCE_MALLOC" = "no_implicit"
then
ENABLED_TICKET_NONCE_MALLOC="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_NONCE_MALLOC"
fi
2021-12-22 17:34:58 -05:00
fi
2015-08-27 11:05:29 -06:00
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
&& test "x$ENABLED_STUNNEL" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
if test "$ENABLED_PSK" = "no" && \
(test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
then
ENABLED_PSK=yes
fi
2015-07-14 14:56:26 -06:00
2021-07-09 12:04:40 -07:00
# tcpdump support
AC_ARG_ENABLE([tcpdump],
[AS_HELP_STRING([--enable-tcpdump],[Enable tcpdump (default: disabled)])],
[ ENABLED_TCPDUMP=$enableval ],
[ ENABLED_TCPDUMP=no ]
)
# tcpdump support requires all the features enabled within this conditional.
if test "$ENABLED_TCPDUMP" = "yes"
then
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
2021-07-09 12:04:40 -07:00
fi
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
fi
2021-07-14 10:47:12 -07:00
# sblim-sfcb support
AC_ARG_ENABLE([sblim-sfcb],
[AS_HELP_STRING([--enable-sblim-sfcb],[Enable sblim-sfcb support (default: disabled)])],
[ ENABLED_SBLIM_SFCB=$enableval ],
[ ENABLED_SBLIM_SFCB=no ]
)
# sblim-sfcb support requires all the features enabled within this conditional.
if test "$ENABLED_SBLIM_SFCB" = "yes"
then
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
2021-07-14 10:47:12 -07:00
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_SBLIM_SFCB -DWOLFSSL_SIGNER_DER_CERT"
fi
2020-07-02 21:15:15 +02:00
# libest Support
AC_ARG_ENABLE([libest],
[AS_HELP_STRING([--enable-libest],[Enable libest (default: disabled)])],
[ ENABLED_LIBEST=$enableval ],
[ ENABLED_LIBEST=no ]
)
2021-07-23 22:00:26 -05:00
2020-07-02 21:15:15 +02:00
if test "$ENABLED_LIBEST" = "yes"
then
2020-09-14 17:05:25 +02:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES"
2020-09-17 13:45:25 +02:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
2020-07-08 20:14:27 +02:00
2020-07-02 21:15:15 +02:00
# Requires opensslextra and opensslall
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
ENABLED_OPENSSLEXTRA="yes"
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"
2020-07-02 21:15:15 +02:00
fi
2020-07-03 17:30:16 +02:00
# Requires OCSP
2020-07-02 21:15:15 +02:00
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
fi
2021-07-23 22:00:26 -05:00
2020-07-03 17:30:16 +02:00
# Requires PKCS7
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
2021-07-23 22:00:26 -05:00
2020-07-03 17:30:16 +02:00
# Requires Certificate Generation and Request
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
2020-07-10 21:03:00 +02:00
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
2021-07-23 22:00:26 -05:00
2020-07-07 19:26:24 +02:00
# Requires CRL
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
2021-07-23 22:00:26 -05:00
if test "x$ENABLED_SRP" = "xno"
then
2020-07-09 17:09:24 +02:00
ENABLED_SRP="yes"
2021-07-23 22:00:26 -05:00
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
2020-07-10 21:03:00 +02:00
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
2021-07-23 22:00:26 -05:00
2020-07-10 21:03:00 +02:00
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
2021-07-23 22:00:26 -05:00
2020-08-27 17:39:03 +02:00
if test "x$ENABLED_DSA" = "xno"
then
AC_MSG_WARN([Enabling DSA with --enable-dsa is recommended for libest])
fi
2020-07-02 21:15:15 +02:00
fi
2015-07-14 14:56:26 -06:00
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
2021-10-01 14:08:58 +02:00
if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_KRB" = "xyes"
2015-07-14 14:56:26 -06:00
then
ENABLED_MD4="yes"
else
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
fi
2015-07-09 09:14:33 -06:00
2018-03-30 15:48:15 -07:00
# Encrypted keys
AC_ARG_ENABLE([enckeys],
[AS_HELP_STRING([--enable-enckeys],[Enable PEM encrypted private key support (default: disabled)])],
[ ENABLED_ENCKEYS=$enableval ],
[ ENABLED_ENCKEYS=no ]
)
2020-05-08 13:38:26 -07:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_WPAS" != "no"
2018-03-30 15:48:15 -07:00
then
ENABLED_ENCKEYS=yes
fi
if test "$ENABLED_ENCKEYS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ENCRYPTED_KEYS"
fi
2021-08-03 14:45:45 -07:00
# PKCS#12
2021-08-04 17:37:05 -07:00
# set PKCS#12 default
PKCS12_DEFAULT=yes
2022-03-09 10:35:39 -08:00
if test "$ENABLED_ASN" = "no" || test "$FIPS_VERSION" = "rand"
2021-08-04 17:37:05 -07:00
then
PKCS12_DEFAULT=no
fi
2021-08-03 14:45:45 -07:00
AC_ARG_ENABLE([pkcs12],
[AS_HELP_STRING([--enable-pkcs12],[Enable pkcs12 (default: enabled)])],
[ ENABLED_PKCS12=$enableval ],
2021-08-04 17:37:05 -07:00
[ ENABLED_PKCS12=$PKCS12_DEFAULT ]
2021-08-03 14:45:45 -07:00
)
if test "x$ENABLED_PKCS12" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PKCS12"
fi
2015-02-16 09:54:55 -08:00
# PWDBASED has to come after certservice since we want it on w/o explicit on
if test "$ENABLED_PWDBASED" = "no"
then
2021-08-03 14:45:45 -07:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \
test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" || \
test "$ENABLED_PKCS12" = "yes"
2015-02-16 09:54:55 -08:00
then
2021-08-03 14:45:45 -07:00
# opensslextra, opensslall, webserver, enckeys and pkcs12 need pwdbased
2015-02-16 09:54:55 -08:00
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
fi
fi
2016-12-14 16:47:54 +10:00
AC_ARG_ENABLE([scrypt],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])],
2016-12-14 16:47:54 +10:00
[ ENABLED_SCRYPT=$enableval ],
[ ENABLED_SCRYPT=no ]
)
if test "$ENABLED_SCRYPT" = "yes"
then
if test "$ENABLED_PWDBASED" = "no"
then
AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
fi
2015-09-10 16:24:25 -07:00
# wolfCrypt Only Build
if test "$ENABLED_CRYPTONLY" = "yes"
then
2021-08-31 22:59:57 -05:00
if test "$ENABLED_OPENSSLALL" = "yes"
2021-08-26 15:59:29 -05:00
then
2021-08-31 22:59:57 -05:00
AC_MSG_ERROR([cryptonly and opensslall are mutually incompatible.])
2021-08-26 15:59:29 -05:00
fi
2015-09-10 16:24:25 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
fi
2016-02-10 13:03:53 -08:00
if test "x$ENABLED_CRYPTONLY" = "xno"
then
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
2018-07-18 17:26:25 -06:00
if test "$ENABLED_AFALG" = "yes"
then
# for TLS connections the intermediate hash needs to store buffer
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH_KEEP"
fi
2018-08-17 09:46:16 -06:00
if test "$ENABLED_DEVCRYPTO" = "yes"
then
# for TLS connections the intermediate hash needs to store buffer
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH_KEEP"
fi
2016-02-10 13:03:53 -08:00
fi
2013-07-01 12:10:59 -07:00
2012-11-29 11:31:57 -08:00
# Enable Examples, used to disable examples
2020-08-20 15:41:18 -05:00
if test "$ENABLED_LINUXKM" = "yes"
then
ENABLED_EXAMPLES_DEFAULT=no
else
ENABLED_EXAMPLES_DEFAULT=yes
fi
2012-12-12 14:33:21 -08:00
AC_ARG_ENABLE([examples],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
2012-11-29 11:31:57 -08:00
[ ENABLED_EXAMPLES=$enableval ],
2020-08-20 15:41:18 -05:00
[ ENABLED_EXAMPLES=$ENABLED_EXAMPLES_DEFAULT ]
2012-11-29 11:31:57 -08:00
)
2013-03-13 12:14:05 -07:00
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
2015-09-10 16:24:25 -07:00
AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
2019-06-20 13:37:53 -07:00
2012-11-29 11:31:57 -08:00
2016-02-04 12:06:24 -08:00
# Enable wolfCrypt test and benchmark
2020-08-20 15:41:18 -05:00
if test "$ENABLED_LINUXKM" = "yes"
then
ENABLED_CRYPT_TESTS_DEFAULT=no
else
ENABLED_CRYPT_TESTS_DEFAULT=yes
fi
2016-02-04 12:06:24 -08:00
AC_ARG_ENABLE([crypttests],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])],
2016-02-04 12:06:24 -08:00
[ ENABLED_CRYPT_TESTS=$enableval ],
2020-08-20 15:41:18 -05:00
[ ENABLED_CRYPT_TESTS=$ENABLED_CRYPT_TESTS_DEFAULT ]
2016-02-04 12:06:24 -08:00
)
2020-08-21 00:10:45 -05:00
AC_SUBST([ENABLED_CRYPT_TESTS])
2016-02-04 12:06:24 -08:00
2021-09-25 10:31:06 -07:00
# Build wolfCrypt test and benchmark as libraries. This will compile test.c and
# benchmark.c and make their functions available via libraries, libwolfcrypttest
# and libwolfcryptbench, respectively. Note that this feature is not enabled by
# default, and the API of these libraries should NOT be treated as stable.
AC_ARG_ENABLE([crypttests-libs],
[AS_HELP_STRING([--enable-crypttests-libs],[Enable wolfcrypt test and benchmark libraries (default: disabled)])],
[ ENABLED_CRYPT_TESTS_LIBS=$enableval ],
[ ENABLED_CRYPT_TESTS_LIBS=no ]
)
2013-01-29 16:22:49 -08:00
2011-02-05 11:14:47 -08:00
# LIBZ
2013-03-20 14:37:05 -07:00
ENABLED_LIBZ="no"
2011-02-05 11:14:47 -08:00
trylibzdir=""
2012-12-12 14:33:21 -08:00
AC_ARG_WITH([libz],
2011-02-05 11:14:47 -08:00
[ --with-libz=PATH PATH to libz install (default /usr/) ],
[
AC_MSG_CHECKING([for libz])
CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
LIBS="$LIBS -lz"
2011-08-24 15:54:58 -07:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
2011-02-05 11:14:47 -08:00
2019-03-01 15:54:08 -08:00
if test "x$libz_linked" = "xno" ; then
2011-02-05 11:14:47 -08:00
if test "x$withval" != "xno" ; then
trylibzdir=$withval
fi
2019-03-01 15:54:08 -08:00
if test "x$withval" = "xyes" ; then
2011-02-05 11:14:47 -08:00
trylibzdir="/usr"
fi
2018-09-26 14:16:32 -07:00
LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
2011-02-05 11:14:47 -08:00
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
2011-08-24 15:54:58 -07:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
2011-02-05 11:14:47 -08:00
2019-03-01 15:54:08 -08:00
if test "x$libz_linked" = "xno" ; then
2011-02-05 11:14:47 -08:00
AC_MSG_ERROR([libz isn't found.
If it's already installed, specify its path using --with-libz=/dir/])
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
2013-03-19 16:25:58 -07:00
ENABLED_LIBZ="yes"
2011-02-05 11:14:47 -08:00
]
)
2018-09-12 08:56:59 +10:00
# PKCS#11
AC_ARG_ENABLE([pkcs11],
[AS_HELP_STRING([--enable-pkcs11],[Enable pkcs11 access (default: disabled)])],
[ ENABLED_PKCS11=$enableval ],
[ ENABLED_PKCS11=no ]
)
2021-08-30 12:22:30 +10:00
if test "x$ENABLED_PKCS11" != "xno"
2018-09-12 08:56:59 +10:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11 -DHAVE_WOLF_BIGINT"
2021-08-30 12:22:30 +10:00
if test "x$ENABLED_PKCS11" != "xstatic"
then
LIBS="$LIBS -ldl"
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11_STATIC"
ENABLED_PKCS11="yes"
fi
2018-09-12 08:56:59 +10:00
fi
2021-08-03 14:45:45 -07:00
# PKCS#8
AC_ARG_ENABLE([pkcs8],
[AS_HELP_STRING([--enable-pkcs8],[Enable PKCS #8 key packages (default: enabled)])],
[ ENABLED_PKCS8=$enableval ],
[ ENABLED_PKCS8=yes ]
2019-07-02 09:35:46 -07:00
)
2021-08-03 14:45:45 -07:00
if test "x$ENABLED_PKCS8" = "xno"
2019-07-02 09:35:46 -07:00
then
2021-08-03 14:45:45 -07:00
AM_CFLAGS="$AM_CFLAGS -DNO_PKCS8"
2019-07-02 09:35:46 -07:00
fi
2015-08-13 10:20:47 +02:00
# cavium
2013-01-29 16:22:49 -08:00
trycaviumdir=""
AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
[
AC_MSG_CHECKING([for cavium])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
LIB_ADD="-lrt $LIB_ADD"
2013-01-29 16:22:49 -08:00
2019-03-01 15:54:08 -08:00
if test "x$withval" = "xyes" ; then
2016-08-15 13:59:41 -06:00
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
2013-01-29 16:22:49 -08:00
2023-01-25 23:45:21 -06:00
CPPFLAGS="$AM_CPPFLAGS -DHAVE_CAVIUM -I$trycaviumdir/include"
2016-08-15 13:59:41 -06:00
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
2013-01-29 16:22:49 -08:00
2016-08-15 13:59:41 -06:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
2013-01-29 16:22:49 -08:00
2019-03-01 15:54:08 -08:00
if test "x$cavium_linked" = "xno" ; then
2016-08-15 13:59:41 -06:00
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
else
2023-01-25 23:45:21 -06:00
AM_CPPFLAGS="$CPPFLAGS"
AM_LDFLAGS="$LDFLAGS"
2016-08-15 13:59:41 -06:00
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
],
[ ENABLED_CAVIUM=no ]
)
# cavium V
trycaviumdir=""
AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
2018-04-03 09:14:20 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt -lcrypto $LIB_ADD"
2016-08-15 13:59:41 -06:00
2019-03-01 15:54:08 -08:00
if test "x$withval" = "xyes" ; then
2016-08-15 13:59:41 -06:00
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
2021-10-06 18:07:06 -05:00
if test -e $trycaviumdir/lib/libnitrox.a
then
AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS"
else
ENABLED_CAVIUM_V=no
fi
2018-04-03 09:14:20 -07:00
LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD"
2016-08-15 13:59:41 -06:00
2018-04-03 09:14:20 -07:00
if test "$ENABLED_CAVIUM_V" = "no"; then
AC_MSG_ERROR([Could not find Nitrox library])
2016-08-15 13:59:41 -06:00
fi
enable_shared=no
enable_static=yes
2018-04-03 09:14:20 -07:00
enable_opensslextra=yes
2016-08-15 13:59:41 -06:00
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
[
2023-09-13 15:27:47 -04:00
ENABLED_CAVIUM=no
2016-08-15 13:59:41 -06:00
ENABLED_CAVIUM_V=no
2013-01-29 16:22:49 -08:00
]
)
2019-10-04 11:21:56 -07:00
# Cavium Octeon
OCTEON_ROOT=""
2019-10-22 16:26:35 -07:00
: ${OCTEON_OBJ="obj-octeon2"}
2019-11-14 14:15:21 -08:00
: ${OCTEON_HOST="standalone"}
2019-10-04 11:21:56 -07:00
AC_ARG_WITH([octeon-sync],
[AS_HELP_STRING([--with-octeon-sync=PATH],[PATH to Cavium Octeon SDK dir (sync)])],
[
AC_MSG_CHECKING([for octeon])
if test "x$withval" = "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-octeon])
fi
if test "x$withval" != "xno" ; then
OCTEON_ROOT=$withval
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM_OCTEON_SYNC"
2019-11-14 14:15:21 -08:00
AM_CFLAGS="$AM_CFLAGS -DOCTEON_MODEL=$OCTEON_MODEL"
2019-10-04 11:21:56 -07:00
AM_CFLAGS="$AM_CFLAGS -I$OCTEON_ROOT/executive"
2019-11-14 14:15:21 -08:00
AS_CASE([$OCTEON_HOST],['linux'],[AM_CFLAGS="$AM_CFLAGS -DCVMX_BUILD_FOR_LINUX_HOST"])
2019-10-04 11:21:56 -07:00
2020-08-06 16:05:03 -07:00
#-I$OCTEON_ROOT/target/include
2019-10-23 15:01:41 -07:00
AM_LDFLAGS="$AM_LDFLAGS -lrt -Xlinker -T -Xlinker $OCTEON_ROOT/executive/cvmx-shared-linux.ld"
AM_LDFLAGS="$AM_LDFLAGS -L$OCTEON_ROOT/executive/$OCTEON_OBJ -lcvmx -lfdt"
2019-10-04 11:21:56 -07:00
enable_shared=no
enable_static=yes
ENABLED_OCTEON_SYNC=yes
AC_MSG_RESULT([yes])
],
[ENABLED_OCTEON_SYNC=no]
)
2018-12-04 12:54:11 -08:00
# Intel QuickAssist
QAT_DIR=""
BUILD_INTEL_QAT_VERSION=2
2019-10-02 10:08:46 -07:00
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
AC_ARG_WITH([intelqa],
2019-10-02 10:08:46 -07:00
[AS_HELP_STRING([--with-intelqa=PATH],[PATH to Intel QuickAssist (QAT) driver dir])],
[ENABLED_INTEL_QA=yes; QAT_DIR=$withval],
[ENABLED_INTEL_QA=no])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
2019-10-02 10:08:46 -07:00
AC_ARG_WITH([intelqa-sync],
[AS_HELP_STRING([--with-intelqa-sync=PATH],[PATH to Intel QuickAssist (QAT) driver dir (sync)])],
[ENABLED_INTEL_QA_SYNC=yes; QAT_DIR=$withval],
[ENABLED_INTEL_QA_SYNC=no])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
2019-10-02 10:08:46 -07:00
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" && test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
[AC_MSG_ERROR([Both Intel QA Async and Sync are selected, only select one.])])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
2019-10-02 10:08:46 -07:00
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
[AC_MSG_CHECKING([for intelqa])
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes"],
[AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"; intelqa_opt=""],
[AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA_SYNC -DQAT_USE_POLLING_THREAD -DO_CRYPTO -DUSER_SPACE"; intelqa_opt="-sync"])
OLD_LIBS="$LIBS"
OLD_CPPFLAGS="$CPPFLAGS"
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
2019-10-02 10:08:46 -07:00
AS_IF([test "x$QAT_DIR" = "xyes"],[AC_MSG_ERROR([need a PATH for --with-intelqa$intelqa_opt])])
2018-12-04 12:54:11 -08:00
2023-03-28 12:44:22 -06:00
QAT_FLAGS="-I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \
2019-10-02 10:08:46 -07:00
-I$QAT_DIR/quickassist/utilities/osal/src/linux/user_space/include -I$QAT_DIR/quickassist/lookaside/access_layer/include \
-I$QAT_DIR/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel \
-I$QAT_DIR/quickassist/utilities/libusdm_drv"
2023-03-28 12:44:22 -06:00
AM_CPPFLAGS="$AM_CPPFLAGS $QAT_FLAGS"
2019-10-02 10:08:46 -07:00
CPPFLAGS="$AM_CPPFLAGS"
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
2019-10-02 10:08:46 -07:00
LDFLAGS="$LDFLAGS -L$QAT_DIR/build"
LIBS="$LIBS -lqat_s -lusdm_drv_s"
2018-12-04 12:54:11 -08:00
2019-10-02 10:08:46 -07:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
AS_IF([test "x$intelqa_linked" = "xno"],
[# Try old QAT driver libraries
LIBS="$OLD_LIBS -licp_qa_al_s"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
AS_IF([test "x$intelqa_linked" = "xno"],
[AC_MSG_ERROR([Intel QuickAssist not found. If it's already installed, specify its path using --with-intelqa$intelqa_opt=/dir/])],
[BUILD_INTEL_QAT_VERSION=1])
])
AC_MSG_RESULT([yes])
2020-06-24 13:41:03 -06:00
AS_IF([test "x$BUILD_INTEL_QAT_VERSION" = "x1"],
2019-10-02 10:08:46 -07:00
[LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"],
[LIB_ADD="-losal -lrt $LIB_ADD"])
CPPFLAGS="$OLD_CPPFLAGS"
])
2019-06-20 13:37:53 -07:00
2022-02-08 10:40:05 +10:00
################################################################################
# Single Precision option handling #
################################################################################
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
2019-01-25 12:03:08 +10:00
ENABLED_SP_RSA=no
ENABLED_SP_DH=no
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_2048=no
ENABLED_SP_FF_3072=no
ENABLED_SP_FF_4096=no
2019-01-25 12:03:08 +10:00
ENABLED_SP_ECC=no
2019-12-02 10:04:58 +10:00
ENABLED_SP_EC_256=no
ENABLED_SP_EC_384=no
2021-12-24 11:16:59 +10:00
ENABLED_SP_EC_521=no
2023-09-26 09:34:25 +10:00
ENABLED_SP_SM2=$ENABLED_SM2
2021-01-12 12:25:52 +10:00
ENABLED_SP_SAKKE_1024=$ENABLED_SAKKE
2020-04-10 11:13:55 -07:00
ENABLED_SP_NO_MALLOC=no
2020-07-16 16:06:22 -07:00
ENABLED_SP_NONBLOCK=no
2020-01-06 15:23:45 +10:00
ENABLED_SP_SMALL=no
2019-01-25 12:03:08 +10:00
for v in `echo $ENABLED_SP | tr "," " "`
do
case $v in
small)
2020-01-06 15:23:45 +10:00
ENABLED_SP_SMALL=yes
2019-01-25 12:03:08 +10:00
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_2048=yes
ENABLED_SP_FF_3072=yes
2019-01-25 12:03:08 +10:00
ENABLED_SP_ECC=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_EC_256=yes
2022-05-08 12:13:18 +02:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"; then
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_4096=yes
ENABLED_SP_EC_384=yes
2021-12-24 11:16:59 +10:00
ENABLED_SP_EC_521=yes
2019-12-02 10:04:58 +10:00
fi
2019-01-25 12:03:08 +10:00
;;
2020-07-16 16:06:22 -07:00
2021-07-16 22:17:20 +10:00
smallfast)
ENABLED_SP_SMALL=yes
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_FF_2048=yes
ENABLED_SP_FF_3072=yes
ENABLED_SP_ECC=yes
ENABLED_SP_EC_256=yes
2022-05-08 12:13:18 +02:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"; then
2021-07-16 22:17:20 +10:00
ENABLED_SP_FF_4096=yes
ENABLED_SP_EC_384=yes
2021-12-24 11:16:59 +10:00
ENABLED_SP_EC_521=yes
2021-07-16 22:17:20 +10:00
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_FAST_MODEXP"
;;
2019-01-25 12:03:08 +10:00
yes)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_2048=yes
ENABLED_SP_FF_3072=yes
2019-01-25 12:03:08 +10:00
ENABLED_SP_ECC=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_EC_256=yes
2022-05-08 12:13:18 +02:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"; then
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_4096=yes
ENABLED_SP_EC_384=yes
2021-12-24 11:16:59 +10:00
ENABLED_SP_EC_521=yes
2019-12-02 10:04:58 +10:00
fi
2019-01-25 12:03:08 +10:00
;;
2020-07-16 16:06:22 -07:00
2019-01-25 12:03:08 +10:00
no)
;;
smallec256 | smallp256 | small256)
2019-12-02 10:04:58 +10:00
ENABLED_SP_SMALL=yes
2020-01-06 15:23:45 +10:00
ENABLED_SP_ECC=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_EC_256=yes
2019-01-25 12:03:08 +10:00
;;
ec256 | p256 | 256)
ENABLED_SP_ECC=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_EC_256=yes
;;
smallec384 | smallp384 | small384)
ENABLED_SP_SMALL=yes
2020-01-06 15:23:45 +10:00
ENABLED_SP_ECC=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_EC_384=yes
;;
ec384 | p384 | 384)
ENABLED_SP_ECC=yes
ENABLED_SP_EC_384=yes
2019-01-25 12:03:08 +10:00
;;
2021-12-24 11:16:59 +10:00
smallec521 | smallp521 | small521)
ENABLED_SP_SMALL=yes
ENABLED_SP_ECC=yes
ENABLED_SP_EC_521=yes
;;
ec521 | p521 | 521)
ENABLED_SP_ECC=yes
ENABLED_SP_EC_521=yes
;;
2021-01-12 12:25:52 +10:00
smallec1024 | smallp1024 | small1024)
ENABLED_SP_ECC=yes
ENABLED_SP_SMALL=yes
ENABLED_SP_SAKKE_1024=yes
;;
ec1024 | p1024 | 1024)
ENABLED_SP_ECC=yes
ENABLED_SP_SAKKE_1024=yes
;;
2023-09-26 09:34:25 +10:00
smallsm2)
ENABLED_SP_SMALL=yes
ENABLED_SP_ECC=yes
ENABLED_SP_SM2=yes
;;
sm2)
ENABLED_SP_ECC=yes
ENABLED_SP_SM2=yes
;;
2019-01-25 12:03:08 +10:00
small2048)
2019-12-02 10:04:58 +10:00
ENABLED_SP_SMALL=yes
2019-01-25 12:03:08 +10:00
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_2048=yes
2019-01-25 12:03:08 +10:00
;;
2048)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_2048=yes
2019-01-25 12:03:08 +10:00
;;
smallrsa2048)
2019-12-02 10:04:58 +10:00
ENABLED_SP_SMALL=yes
2019-01-25 12:03:08 +10:00
ENABLED_SP_RSA=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_2048=yes
2019-01-25 12:03:08 +10:00
;;
rsa2048)
ENABLED_SP_RSA=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_2048=yes
2019-01-25 12:03:08 +10:00
;;
small3072)
2019-12-02 10:04:58 +10:00
ENABLED_SP_SMALL=yes
2019-01-25 12:03:08 +10:00
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_3072=yes
2019-01-25 12:03:08 +10:00
;;
3072)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_3072=yes
2019-01-25 12:03:08 +10:00
;;
smallrsa3072)
2019-12-02 10:04:58 +10:00
ENABLED_SP_SMALL=yes
2019-01-25 12:03:08 +10:00
ENABLED_SP_RSA=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_3072=yes
2019-01-25 12:03:08 +10:00
;;
rsa3072)
ENABLED_SP_RSA=yes
2019-12-02 10:04:58 +10:00
ENABLED_SP_FF_3072=yes
;;
small4096)
ENABLED_SP_SMALL=yes
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_FF_4096=yes
;;
4096 | +4096)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_FF_4096=yes
2019-01-25 12:03:08 +10:00
;;
2019-12-02 10:04:58 +10:00
smallrsa4096)
ENABLED_SP_SMALL=yes
ENABLED_SP_RSA=yes
ENABLED_SP_FF_4096=yes
;;
rsa4096)
ENABLED_SP_RSA=yes
ENABLED_SP_FF_4096=yes
2019-11-12 12:04:06 +10:00
;;
2023-02-20 17:08:51 +10:00
smallstack)
ENABLED_SP_SMALL_STACK=yes
;;
2020-04-10 11:13:55 -07:00
nomalloc)
ENABLED_SP_NO_MALLOC=yes
;;
2020-07-16 16:06:22 -07:00
nonblock)
# Requires small and no malloc
ENABLED_SP_NONBLOCK=yes
ENABLED_SP_NO_MALLOC=yes
ENABLED_SP_SMALL=yes
;;
2021-03-17 11:24:55 +10:00
asm)
ENABLED_SP_ASM=yes
;;
2022-09-08 16:20:15 +10:00
noasm)
ENABLED_SP_ASM=no
;;
2019-01-25 12:03:08 +10:00
*)
2022-05-20 12:15:58 +10:00
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 384, 521, 1024, 2048, 3072, 4096]: $ENABLED_SP.])
2019-01-25 12:03:08 +10:00
break;;
esac
done
2022-12-16 14:43:29 +10:00
ENABLED_SP_LINE="$ENABLE_SP"
2019-01-25 12:03:08 +10:00
ENABLED_SP=no
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_RSA"
fi
2022-06-23 15:00:59 -05:00
if test "$ENABLED_DH" != "no" && test "$ENABLED_SP_DH" = "yes"; then
2019-01-25 12:03:08 +10:00
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_DH"
fi
2019-12-02 10:04:58 +10:00
if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then
if test "$ENABLED_SP_FF_2048" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
fi
if test "$ENABLED_SP_FF_3072" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
fi
if test "$ENABLED_SP_FF_4096" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_4096"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_4096"
fi
2021-07-16 22:17:20 +10:00
case $host_cpu in
2022-05-08 12:13:18 +02:00
*x86_64* | *aarch64* | *amd64*)
2021-07-16 22:17:20 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE"
;;
*)
;;
esac
2019-12-02 10:04:58 +10:00
fi
2020-07-16 16:06:22 -07:00
if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then
2019-01-25 12:03:08 +10:00
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_ECC"
2019-12-02 10:04:58 +10:00
if test "$ENABLED_SP_EC_256" = "no"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_256"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_256"
fi
if test "$ENABLED_SP_EC_384" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC384 -DWOLFSSL_SP_384"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_384"
fi
2021-12-24 11:16:59 +10:00
if test "$ENABLED_SP_EC_521" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC521 -DWOLFSSL_SP_521"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_521"
fi
2021-01-12 12:25:52 +10:00
if test "$ENABLED_SP_SAKKE_1024" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_1024"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_1024"
fi
2023-09-26 09:34:25 +10:00
if test "$ENABLED_SP_SM2" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SM2"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SM2"
fi
2019-12-02 10:04:58 +10:00
fi
if test "$ENABLED_SP_SMALL" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
2019-01-25 12:03:08 +10:00
fi
2023-02-20 17:08:51 +10:00
if test "$ENABLED_SP_SMALL_STACK" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL_STACK"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL_STACK"
fi
2020-04-10 11:13:55 -07:00
if test "$ENABLED_SP_NO_MALLOC" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_MALLOC"
fi
2020-07-16 16:06:22 -07:00
if test "$ENABLED_SP_NONBLOCK" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK"
fi
2019-01-25 12:03:08 +10:00
if test "$ENABLED_SP_MATH" = "yes"; then
if test "$ENABLED_SP" = "no"; then
2022-12-16 14:43:29 +10:00
if test "$ENABLED_RSA" != "no"; then
AC_MSG_ERROR([Must have SP enabled with SP math for RSA: --enable-sp])
fi
if test "$ENABLED_DH" != "no"; then
AC_MSG_ERROR([Must have SP enabled with SP math for DH: --enable-sp])
fi
if test "$ENABLED_ECC" != "no"; then
AC_MSG_ERROR([Must have SP enabled with SP math for ECC: --enable-sp])
fi
2019-01-25 12:03:08 +10:00
fi
2022-06-10 18:13:39 +02:00
if test "$ENABLED_ECCCUSTCURVES" != "no"; then
2019-01-25 12:03:08 +10:00
AC_MSG_ERROR([Cannot use single precision math and custom curves])
fi
if test "$ENABLED_DSA" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and DSA])
fi
if test "$ENABLED_SRP" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and SRP])
fi
if test "$ENABLED_SP_RSA" = "no" && test "$ENABLED_RSA" = "yes"; then
2019-12-02 10:04:58 +10:00
AC_MSG_ERROR([Cannot use RSA single precision only math and RSA])
2019-01-25 12:03:08 +10:00
fi
2022-06-23 15:00:59 -05:00
if test "$ENABLED_SP_DH" = "no" && test "$ENABLED_DH" != "no"; then
2019-12-02 10:04:58 +10:00
AC_MSG_ERROR([Cannot use DH single precision only math and DH])
2019-01-25 12:03:08 +10:00
fi
fi
2020-01-06 15:23:45 +10:00
for v in `echo $ENABLED_SP_MATH_ALL | tr "," " "`
do
case $v in
yes | no)
;;
small)
ENABLED_SP_MATH_ALL="yes"
ENABLED_SP_SMALL="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
;;
huge)
ENABLED_SP_MATH_ALL="yes"
ENABLED_FASTHUGEMATH="yes"
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA"
;;
256 | 384 | 521 | 1024 | 2048 | 3072 | 4096)
2021-07-23 22:00:26 -05:00
if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -o "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -lt "$v"
then
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS="$v"
fi
2020-01-06 15:23:45 +10:00
ENABLED_SP_MATH_ALL="yes"
;;
2021-01-27 11:42:44 +10:00
nomalloc)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC"
ENABLED_SP_MATH_ALL="yes"
;;
2022-01-19 10:20:21 +10:00
neg)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_NEGATIVE"
ENABLED_SP_MATH_ALL="yes"
;;
2020-01-06 15:23:45 +10:00
*)
AC_MSG_ERROR([Support SP int bit sizes: 256, 384, 521, 1024, 2048, 3072, 4096. $ENABLED_SP_MATH_ALL not supported])
;;
esac
done
2022-06-28 18:15:28 -05:00
AC_ARG_WITH([arm-target],
[AS_HELP_STRING([--with-arm-target=x],[x can be "thumb" or "cortex"])],
[ARM_TARGET="$withval"],
[ARM_TARGET=''])
if test "$ENABLED_SP_MATH_ALL" = "yes" && test "$ENABLED_ASM" != "no"; then
2020-01-06 15:23:45 +10:00
ENABLED_FASTMATH="no"
ENABLED_SLOWMATH="no"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH_ALL"
case $host_cpu in
2022-05-08 12:13:18 +02:00
*x86_64* | *amd64*)
2022-09-30 16:19:40 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64"
2020-01-06 15:23:45 +10:00
;;
*x86*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86"
;;
*aarch64*)
2022-01-19 10:20:21 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64 -DWOLFSSL_AARCH64_BUILD"
2020-01-06 15:23:45 +10:00
;;
*arm*)
2022-06-28 18:15:28 -05:00
if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
2020-12-07 11:02:15 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB"
2020-01-06 15:23:45 +10:00
else
2022-06-28 18:15:28 -05:00
if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then
2020-12-07 11:02:15 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M"
2020-01-06 15:23:45 +10:00
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32"
fi
fi
;;
*ppc64* | *powerpc64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC64"
;;
*ppc* | *powerpc*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC"
;;
*mips64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS64"
;;
*mips*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS"
;;
*riscv32*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV32"
;;
*riscv64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV64"
;;
*s390x*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_S390X"
;;
esac
2022-01-19 10:20:21 +10:00
2022-06-28 15:51:53 +10:00
if test "$ENABLED_FIPS" != "no" || test "$SELFTEST_VERSION" != "none"; then
2022-01-19 10:20:21 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_NEGATIVE"
fi
2020-01-06 15:23:45 +10:00
fi
2020-12-02 18:39:36 -06:00
2022-02-08 10:40:05 +10:00
if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then
2020-12-02 18:39:36 -06:00
if test "$ENABLED_SP_NONBLOCK" = "yes"; then
AC_MSG_ERROR([SP non-blocking not supported with sp-asm])
fi
if test "$ENABLED_ASM" = "no"; then
AC_MSG_ERROR([Assembly code turned off])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ASM"
case $host_cpu in
*aarch64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM"
ENABLED_SP_ARM64_ASM=yes
;;
2023-09-11 22:21:16 +10:00
*armv7a*)
if test "$ENABLED_ARMASM" = "no"; then
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
ENABLED_SP_ARM32_ASM=yes
;;
*cortex* | *armv7m*)
if test "$ENABLED_ARMASM" = "no"; then
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -D__thumb__ -DWOLFSSL_ARM_ARCH=7"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
ENABLED_SP_ARM_CORTEX_ASM=yes
;;
*armv6*)
if test "$ENABLED_ARMASM" = "no"; then
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv6 -DWOLFSSL_ARM_ARCH=6"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
ENABLED_SP_ARM32_ASM=yes
;;
*armv4*)
if test "$ENABLED_ARMASM" = "no"; then
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv4 -DWOLFSSL_ARM_ARCH=4"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
ENABLED_SP_ARM32_ASM=yes
;;
2020-12-02 18:39:36 -06:00
*arm*)
2022-06-28 18:15:28 -05:00
if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
2020-12-10 14:46:22 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
2020-12-02 18:39:36 -06:00
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
ENABLED_SP_ARM_THUMB_ASM=yes
else
2023-09-11 22:21:16 +10:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
ENABLED_SP_ARM32_ASM=yes
2020-12-02 18:39:36 -06:00
fi
;;
2022-05-08 12:13:18 +02:00
*x86_64* | *amd64*)
2020-12-02 18:39:36 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM"
ENABLED_SP_X86_64_ASM=yes
;;
*)
AC_MSG_ERROR([ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm])
;;
esac
fi
2019-01-25 12:03:08 +10:00
if test "$ENABLED_SP_MATH" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH"
fi
2022-02-08 10:40:05 +10:00
################################################################################
# End - Single Precision option handling #
################################################################################
2020-12-02 18:39:36 -06:00
2016-03-23 10:21:26 -06:00
# static memory use
AC_ARG_ENABLE([staticmemory],
[AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
[ ENABLED_STATICMEMORY=$enableval ],
[ ENABLED_STATICMEMORY=no ]
)
if test "x$ENABLED_STATICMEMORY" = "xyes"
then
2016-06-09 11:36:31 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
2022-01-05 11:06:25 -08:00
2022-01-14 14:02:55 -08:00
if test "x$ENABLED_HEAPMATH" = "xyes"
then
AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
fi
2019-02-22 17:14:19 +10:00
if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_SMALL"
fi
2016-03-23 10:21:26 -06:00
fi
2013-03-20 14:37:05 -07:00
# microchip api
AC_ARG_ENABLE([mcapi],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])],
2013-03-20 14:37:05 -07:00
[ ENABLED_MCAPI=$enableval ],
[ ENABLED_MCAPI=no ]
)
if test "$ENABLED_MCAPI" = "yes"
then
2016-12-04 15:23:51 +01:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
if test "x$ENABLED_AESCTR" != "xyes"
then
# These flags are already implied by --enable-aesctr
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
2020-10-14 14:08:06 +10:00
if test "x$ENABLED_AESGCM" != "xyes" && test "x$ENABLED_AESGCM" != "xno"
then
# Use the smaller object size implementation
ENABLED_AESGCM=yes
fi
2013-03-20 14:37:05 -07:00
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
fi
2013-03-21 13:20:23 -07:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
fi
2013-03-20 14:37:05 -07:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
then
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
fi
2023-09-13 15:27:47 -04:00
# cryptodev is old name, replaced with cryptocb
AC_ARG_ENABLE([cryptodev],
[AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])],
[ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ])
# Support for crypto callbacks
AC_ARG_ENABLE([cryptocb],
[AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])],
[ ENABLED_CRYPTOCB=$enableval ],
[ ENABLED_CRYPTOCB=no ]
)
if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no"
then
ENABLED_CRYPTOCB=yes
fi
if test "$ENABLED_CRYPTOCB" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB"
fi
2022-09-08 15:23:22 -07:00
# Asynchronous Crypto
AC_ARG_ENABLE([asynccrypt],
[AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])],
[ ENABLED_ASYNCCRYPT=$enableval ],
[ ENABLED_ASYNCCRYPT=no ]
)
2022-08-30 14:28:09 -07:00
# Asynchronous crypto using software (i.e. not hardware). Required for
# non-blocking crypto with TLS/DTLS.
AC_ARG_ENABLE([asynccrypt-sw],
[AS_HELP_STRING([--enable-asynccrypt-sw],[Enable asynchronous software-based crypto (default: disabled)])],
[ ENABLED_ASYNCCRYPT_SW=$enableval ],
[ ENABLED_ASYNCCRYPT_SW=no ]
)
if test "$ENABLED_ASYNCCRYPT_SW" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_SW"
2022-09-08 15:23:22 -07:00
ENABLED_ASYNCCRYPT=yes
2022-08-30 14:28:09 -07:00
fi
2013-03-20 14:37:05 -07:00
2016-03-04 10:05:22 -08:00
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
2023-09-13 15:27:47 -04:00
AC_MSG_NOTICE([Enabling asynchronous support])
2023-05-17 01:03:26 -05:00
if ! test -f ${srcdir}/wolfcrypt/src/async.c || ! test -f ${srcdir}/wolfssl/wolfcrypt/async.h
then
AC_MSG_ERROR([--enable-asynccrypt requested, but WOLFSSL_ASYNC_CRYPT source files are missing.])
fi
2018-12-14 15:13:17 -08:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT -DWOLFSSL_NO_HASH_RAW"
2016-11-22 11:25:40 -08:00
2022-08-30 14:28:09 -07:00
# If no async backend (hardware or software) has been explicitly enabled,
# use the software backend for testing.
2023-09-13 15:27:47 -04:00
if test "x$ENABLED_CAVIUM" != "xyes" && test "x$ENABLED_INTEL_QA" != "xyes" && test "x$ENABLED_CRYPTOCB" != "xyes" && test "x$ENABLED_PKCALLBACKS" != "xyes" && test "x$ENABLED_ASYNCCRYPT_SW" != "xyes"
2016-03-04 10:05:22 -08:00
then
2023-09-13 15:27:47 -04:00
AC_MSG_NOTICE([Enabling asynchronous software simulator])
2022-08-30 14:28:09 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_SW"
2023-09-13 15:27:47 -04:00
ENABLED_ASYNCCRYPT_SW=yes
2016-03-04 10:05:22 -08:00
fi
fi
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
# check for async if using Intel QuckAssist or Cavium
if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
2019-10-02 10:08:46 -07:00
AC_MSG_ERROR([Please enable asynchronous support using --enable-asynccrypt])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
fi
fi
2023-09-13 15:27:47 -04:00
# Asynchronous threading (Linux specific)
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
AC_ARG_ENABLE([asyncthreads],
2017-05-19 10:54:13 -07:00
[AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])],
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
[ ENABLED_ASYNCTHREADS=$enableval ],
[ ENABLED_ASYNCTHREADS=yes ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
then
AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
else
ENABLED_ASYNCTHREADS=no
fi
if test "$ENABLED_ASYNCTHREADS" = "yes"
then
LIB_ADD="-lpthread $LIB_ADD"
AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
fi
2016-08-15 13:59:41 -06:00
2016-03-04 10:05:22 -08:00
2019-10-03 00:40:34 +07:00
# Support for autosar shim
AC_ARG_ENABLE([autosar],
[AS_HELP_STRING([--enable-autosar],[Enable AutoSAR support (default: disabled)])],
[ ENABLED_AUTOSAR=$enableval ],
[ ENABLED_AUTOSAR=no ]
)
if test "$ENABLED_AUTOSAR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AUTOSAR"
fi
2016-05-10 13:27:45 -06:00
# Session Export
AC_ARG_ENABLE([sessionexport],
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
[ ENABLED_SESSIONEXPORT=$enableval ],
[ ENABLED_SESSIONEXPORT=no ]
)
2019-07-26 14:54:44 -06:00
if test "$ENABLED_SESSIONEXPORT" = "yes" ||
test "$ENABLED_SESSIONEXPORT" = "nopeer"
2016-05-10 13:27:45 -06:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
2019-07-26 14:54:44 -06:00
if test "$ENABLED_SESSIONEXPORT" = "nopeer"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT_NOPEER"
fi
2016-05-10 13:27:45 -06:00
fi
2024-03-01 19:40:27 -05:00
if test "$ENABLED_WPAS" != "no" &&
( test "$ENABLED_FIPS" = "no" || test "x$FIPS_VERSION" = "xv6" )
2017-02-10 08:45:10 +10:00
then
ENABLED_AESKEYWRAP="yes"
fi
2016-12-05 15:38:42 -07:00
if test "$ENABLED_AESKEYWRAP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
2017-09-25 18:47:36 -07:00
# Old name support for backwards compatibility
AC_ARG_ENABLE([oldnames],
[AS_HELP_STRING([--enable-oldnames],[Keep backwards compat with old names (default: enabled)])],
[ ENABLED_OLDNAMES=$enableval ],
[ ENABLED_OLDNAMES=yes ]
)
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
2021-02-18 09:56:37 +09:00
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
2017-09-25 18:47:36 -07:00
fi
2018-07-27 10:16:14 -07:00
# Memory Tests
AC_ARG_ENABLE([memtest],
[AS_HELP_STRING([--enable-memtest],[Memory testing option, for internal use (default: disabled)])],
[ ENABLED_MEMTEST=$enableval ],
[ ENABLED_MEMTEST=no ]
)
if test "x$ENABLED_MEMTEST" != "xno"
then
2021-06-17 10:45:39 -07:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"
2018-07-27 10:16:14 -07:00
fi
2021-08-31 16:28:24 -07:00
if test "x$ENABLED_MEMTEST" = "xfail"
2021-06-17 10:45:39 -07:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FORCE_MALLOC_FAIL_TEST"
fi
2018-07-27 10:16:14 -07:00
2019-08-27 13:28:33 -07:00
# Enable hash flags support
# Hash flags are useful for runtime options such as SHA3 KECCAK256 selection
AC_ARG_ENABLE([hashflags],
[AS_HELP_STRING([--enable-hashflags],[Enable support for hash flags (default: disabled)])],
[ ENABLED_HASHFLAGS=$enableval ],
[ ENABLED_HASHFLAGS=no ]
)
if test "x$ENABLED_HASHFLAGS" != "xno"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HASH_FLAGS"
fi
2023-07-11 10:26:40 -07:00
# Support for enabling setting default DH parameters in TLS
2019-12-06 14:27:01 -07:00
AC_ARG_ENABLE([defaultdhparams],
2023-07-11 10:26:40 -07:00
[AS_HELP_STRING([--enable-defaultdhparams],[Enables option for default dh parameters (default: disabled)])],
2019-12-06 14:27:01 -07:00
[ ENABLED_DHDEFAULTPARAMS=$enableval ],
2023-07-11 10:26:40 -07:00
[ ENABLED_DHDEFAULTPARAMS=yes ]
2019-12-06 14:27:01 -07:00
)
2023-07-11 10:26:40 -07:00
if test "x$ENABLED_DH" = "xyes" && test "x$ENABLED_DHDEFAULTPARAMS" = "xyes" && test "x$ENABLED_QT" != "xyes"
2019-12-06 14:27:01 -07:00
then
ENABLED_DHDEFAULTPARAMS=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH_DEFAULT_PARAMS"
fi
2019-08-27 13:28:33 -07:00
2021-07-23 22:00:26 -05:00
AC_ARG_WITH([max-rsa-bits],
[AS_HELP_STRING([--with-max-rsa-bits=number],[number of bits to support for RSA, DH, and DSA keys])],
[WITH_MAX_CLASSIC_ASYM_KEY_BITS=$withval],
[WITH_MAX_CLASSIC_ASYM_KEY_BITS="$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"])
if test -n "$WITH_MAX_CLASSIC_ASYM_KEY_BITS"; then
if test "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -lt 1024 -o "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -gt 16384; then
AC_MSG_ERROR([--with-max-rsa-bits argument must be between 1024 and 16384 inclusive])
fi
2021-10-07 22:33:12 -05:00
if test "$ENABLED_FIPS" = "no"
2021-09-24 17:29:00 -05:00
then
AM_CFLAGS="$AM_CFLAGS -DRSA_MAX_SIZE=$WITH_MAX_CLASSIC_ASYM_KEY_BITS"
fi
2021-07-23 22:00:26 -05:00
MPI_MAX_KEY_BITS=$WITH_MAX_CLASSIC_ASYM_KEY_BITS
fi
AC_ARG_WITH([max-ecc-bits],
[AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])],
[WITH_MAX_ECC_BITS=$withval],
2024-05-15 15:16:24 -04:00
)
2021-07-23 22:00:26 -05:00
if test -n "$WITH_MAX_ECC_BITS"; then
if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then
AC_MSG_ERROR([--with-max-ecc-bits argument must be between 112 and 1024 inclusive])
fi
AM_CFLAGS="$AM_CFLAGS -DMAX_ECC_BITS=$WITH_MAX_ECC_BITS"
fi
if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
if test -n "$MAX_MPI_KEY_BITS" -a -n "$WITH_MAX_ECC_BITS"; then
2023-04-21 16:05:43 -05:00
if test "$MAX_MPI_KEY_BITS" -lt "$WITH_MAX_ECC_BITS"; then
2021-07-23 22:00:26 -05:00
MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
fi
elif test -n "$WITH_MAX_ECC_BITS"; then
MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
fi
if test "$MPI_MAX_KEY_BITS" -gt 1024; then
AM_CFLAGS="$AM_CFLAGS -DFP_MAX_BITS=$((MPI_MAX_KEY_BITS * 2)) -DSP_INT_BITS=$MPI_MAX_KEY_BITS"
fi
fi
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
AC_ARG_ENABLE([linuxkm-lkcapi-register],
[AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane. Possible values are "none", "all", "cbc(aes)", "cfb(aes)", "gcm(aes)", and "xts(aes)", or a comma-separate combination. (default: none)])],
[ENABLED_LINUXKM_LKCAPI_REGISTER=$enableval],
[ENABLED_LINUXKM_LKCAPI_REGISTER=none]
)
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "none"
then
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER"
2024-02-01 19:04:02 -06:00
2024-02-10 01:09:15 -06:00
if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$ENABLED_ARMASM" = "no" && test "$ENABLED_FIPS" = "no"; then
2024-02-01 19:04:02 -06:00
ENABLED_AESGCM_STREAM=yes
fi
2024-03-18 13:47:38 -05:00
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" = "yes"
then
ENABLED_LINUXKM_LKCAPI_REGISTER=all
fi
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
for lkcapi_alg in $(echo "$ENABLED_LINUXKM_LKCAPI_REGISTER" | tr ',' ' ')
do
case "$lkcapi_alg" in
2024-05-12 17:17:54 -05:00
all) test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL" ;;
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.])
2024-05-12 17:17:54 -05:00
test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;;
'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
2024-05-12 17:17:54 -05:00
test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;;
'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
test "$ENABLED_AESGCM_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesgcm-stream is required for LKCAPI.])
2024-05-12 17:17:54 -05:00
test "$ENABLED_EXPERIMENTAL" = "yes" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: requires --enable-experimental.])
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;;
'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.])
2024-05-11 02:36:27 -05:00
test "$ENABLED_AESXTS_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesxts-stream is required for LKCAPI.])
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;;
*) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;;
esac
done
fi
2022-12-15 10:37:10 -07:00
# Library Suffix
LIBSUFFIX=""
AC_ARG_WITH([libsuffix],
[AS_HELP_STRING([--with-libsuffix=SUFFIX],[Library artifact SUFFIX, ie libwolfsslSUFFIX.so])],
[
if test "x$withval" != "xno" ; then
LIBSUFFIX=$withval
fi
if test "x$withval" = "xyes" ; then
AC_MSG_ERROR([Invalid argument to --with-libsuffix, no suffix given])
fi
]
)
AC_SUBST(LIBSUFFIX)
2021-07-23 22:00:26 -05:00
AC_ARG_ENABLE([context-extra-user-data],
[AS_HELP_STRING([--enable-context-extra-user-data],[Enables option for storing user-defined data in TLS API contexts, with optional argument the number of slots to allocate (default: disabled)])],
[ ENABLED_EX_DATA=$enableval ],
[ ENABLED_EX_DATA=no ]
)
case "$ENABLED_EX_DATA" in
no) ;;
yes) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
;;
[[1-9]]|[[1-9]][[0-9]]) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DMAX_EX_DATA=$ENABLED_EX_DATA"
;;
*) AC_MSG_ERROR([Invalid argument to --enable-context-extra-user-data -- must be yes, no, or a number from 1 to 99])
;;
esac
2021-07-26 19:38:46 +02:00
# IoT-Safe support
AC_ARG_ENABLE([iotsafe],
[AS_HELP_STRING([--enable-iotsafe],[Enables support for IoT-Safe secure applet (default: disabled)])],
[ ENABLED_IOTSAFE=$enableval ],
[ ENABLED_IOTSAFE=no ]
)
AC_ARG_ENABLE([iotsafe-hwrng],
[AS_HELP_STRING([--enable-iotsafe-hwrng],[Enables support for IoT-Safe RNG (default: disabled)])],
[ ENABLED_IOTSAFE_HWRNG=$enableval ],
[ ENABLED_IOTSAFE_HWRNG=no ]
)
2021-07-23 22:00:26 -05:00
2022-03-02 13:20:22 -07:00
# Make clean
AC_ARG_ENABLE([makeclean],
[AS_HELP_STRING([--enable-makeclean], [Enables forced "make clean" at the
end of configure (default: enabled)])],
[ ENABLED_MAKECLEAN=$enableval ],
[ ENABLED_MAKECLEAN=yes ]
)
2019-04-30 11:45:48 -07:00
# User Settings
AC_ARG_ENABLE([usersettings],
[AS_HELP_STRING([--enable-usersettings],[Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)])],
[ ENABLED_USERSETTINGS=$enableval ],
[ ENABLED_USERSETTINGS=no ]
)
2018-03-28 13:17:25 -07:00
# Default optimization CFLAGS enable
AC_ARG_ENABLE([optflags],
[AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])],
[ ENABLED_OPTFLAGS=$enableval ],
[ ENABLED_OPTFLAGS=yes ]
2018-03-27 16:41:39 -07:00
)
2022-10-07 11:19:34 -07:00
# Adds functionality to load CA certificates from the operating system.
AC_ARG_ENABLE([sys-ca-certs],
[AS_HELP_STRING([--enable-sys-ca-certs],[Enable ability to load CA certs from OS (default: enabled)])],
[ ENABLED_SYS_CA_CERTS=$enableval ],
[ ENABLED_SYS_CA_CERTS=yes ]
)
2018-03-27 16:41:39 -07:00
2024-01-18 16:20:57 -05:00
AC_ARG_ENABLE([dual-alg-certs],
2024-03-15 16:15:26 -05:00
[AS_HELP_STRING([--enable-dual-alg-certs],[Enable support for dual key/signature certificates in TLS 1.3 as defined in X9.146 (requires --enable-experimental) (default: disabled)])],
2024-01-18 16:20:57 -05:00
[ ENABLED_DUAL_ALG_CERTS=$enableval ],
[ ENABLED_DUAL_ALG_CERTS=no ]
)
2024-03-15 16:15:26 -05:00
AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ])
2024-03-30 13:45:32 +00:00
# Adds functionality to support Raw Public Key (RPK) RFC7250
AC_ARG_ENABLE([rpk],
[AS_HELP_STRING([--enable-rpk],[Enable support for Raw Public Key (RPK) RFC7250 (default: disabled)])],
[ ENABLED_RPK=$enableval ],
[ ENABLED_RPK=no ]
)
2016-03-01 16:35:32 -07:00
# check if should run the trusted peer certs test
2016-03-12 09:37:32 -07:00
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
2020-01-22 14:26:16 -08:00
AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
2016-03-01 16:35:32 -07:00
2023-10-04 15:44:51 +02:00
# Allows disabling the OPENSSL_COMPATIBLE_DEFAULTS macro
AC_ARG_ENABLE([openssl-compatible-defaults],
[AS_HELP_STRING([--disable-openssl-compatible-defaults],[Disable OpenSSL compatible defaults when enabled by other options (default: enabled)])],
[ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=$enableval ],
[ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes ]
)
2016-03-01 16:35:32 -07:00
2022-01-28 14:40:45 +01:00
AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
2023-10-04 15:44:51 +02:00
[FOUND_OPENSSL_COMPATIBLE_DEFAULTS=yes])
if test "x$FOUND_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
2022-01-28 14:40:45 +01:00
then
2023-10-04 15:44:51 +02:00
if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
ENABLED_TRUSTED_PEER_CERT=yes
else
CFLAGS=$(printf "%s" "$CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
CPPFLAGS=$(printf "%s" "$CPPFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
AM_CFLAGS=$(printf "%s" "$AM_CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
fi
2022-01-28 14:40:45 +01:00
fi
2023-02-07 21:45:06 -06:00
# determine if we have key validation mechanism
2020-07-16 16:06:22 -07:00
if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes"
2017-10-19 16:17:51 -07:00
then
if test "x$ENABLED_ASN" = "xyes"
then
ENABLED_PKI="yes"
fi
fi
2019-08-16 09:33:41 -07:00
# When building for wolfRand, strip out all options to disable everything.
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" = "xrand"],
[NEW_AM_CFLAGS="-DNO_AES -DNO_DH -DNO_ASN -DNO_RSA -DNO_SHA -DNO_MD5 -DNO_BIG_INT"
for v in $AM_CFLAGS
do
case $v in
-DHAVE_FFDHE_2048 | -DTFM_TIMING_RESISTANT | -DECC_TIMING_RESISTANT | \
-DWC_RSA_BLINDING | -DHAVE_AESGCM | -DWOLFSSL_SHA512 | -DWOLFSSL_SHA384 | \
-DHAVE_ECC | -DTFM_ECC256 | -DECC_SHAMIR | -DHAVE_TLS_EXTENSIONS | \
2022-03-09 10:35:39 -08:00
-DHAVE_SUPPORTED_CURVES | -DHAVE_EXTENDED_MASTER | -DUSE_FAST_MATH | \
-DWOLFSSL_SHA3)
2019-08-16 09:33:41 -07:00
AS_ECHO(["ignoring $v"])
;;
*)
NEW_AM_CFLAGS="$NEW_AM_CFLAGS $v"
;;
esac
done
AM_CFLAGS=$NEW_AM_CFLAGS])
2020-12-07 11:02:15 +10:00
case $host_cpu in
*arm*)
2022-06-28 18:15:28 -05:00
if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
2020-12-07 11:02:15 +10:00
AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6"
else
2022-06-28 18:15:28 -05:00
if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then
2020-12-07 11:02:15 +10:00
AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5"
fi
fi
;;
esac
2019-08-16 09:33:41 -07:00
2023-05-05 08:43:50 +10:00
if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_ECC" = "yes" && (test "$ENABLED_RSA" = "yes" || test "$ENABLED_DH" = "yes") && (test "$ENABLED_SP_MATH" = "yes" || test "$ENABLED_SP_MATH_ALL" = "yes")
2023-04-24 17:03:34 +10:00
then
AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE"
fi
2021-09-01 08:44:00 -06:00
################################################################################
# Update ENABLE_* variables #
################################################################################
2022-10-07 11:19:34 -07:00
if test "x$ENABLED_SYS_CA_CERTS" = "xyes"
then
if test "x$ENABLED_FILESYSTEM" = "xno"
then
ENABLED_SYS_CA_CERTS="no"
elif test "x$ENABLED_CERTS" = "xno"
then
ENABLED_SYS_CA_CERTS="no"
fi
2022-11-03 11:03:05 -07:00
case $host_os in
*darwin*)
2023-10-23 09:13:46 -06:00
# Headers used for MacOS default system CA certs behavior. Only MacOS SDK will have this header
2023-10-11 16:21:38 -06:00
AC_CHECK_HEADERS([Security/SecTrustSettings.h])
2023-10-23 09:13:46 -06:00
# Headers used for Apple native cert validation. All device SDKs should have these headers
2023-10-11 16:21:38 -06:00
AC_CHECK_HEADERS([Security/SecCertificate.h])
AC_CHECK_HEADERS([Security/SecTrust.h])
AC_CHECK_HEADERS([Security/SecPolicy.h])
# Either Security/SecTrustSettings (for MacOS cert loading), or the
# trio of Security/SecCertificate.h, Security/SecTrust.h, and
2023-10-23 09:13:46 -06:00
# Security/SecPolicy.h (for native trust APIs on other apple devices)
# must be present. Default to SecTrustSettings method on MacOS.
AS_IF([test "$ac_cv_header_Security_SecTrustSettings_h" = "yes" \
|| (test "$ac_cv_header_Security_SecCertificate_h" = "yes" \
&& test "$ac_cv_header_Security_SecTrust_h" = "yes" \
&& test "$ac_cv_header_Security_SecPolicy_h" = "yes")],
[
LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
AS_IF([test "$ac_cv_header_Security_SecTrustSettings_h" != "yes"],
2022-11-03 11:03:05 -07:00
[
2023-10-23 09:13:46 -06:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APPLE_NATIVE_CERT_VALIDATION"
])
],
[
AC_MSG_ERROR([Unable to find Apple Security.framework headers])
])
2022-11-03 11:03:05 -07:00
;;
esac
2022-10-07 11:19:34 -07:00
fi
2021-09-01 08:44:00 -06:00
if test "x$ENABLED_WOLFCLU" = "xyes"
then
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
fi
# Requires md5
if test "$ENABLED_MD5" = "no"
then
ENABLED_MD5="yes"
fi
# Requires aesctr
if test "x$ENABLED_AESCTR" = "xno"
then
ENABLED_AESCTR="yes"
fi
# Uses key generation
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
fi
# Uses functions guarded by opensslall
if test "$ENABLED_OPENSSLALL" = "no"
then
ENABLED_OPENSSLALL="yes"
fi
# Has option for signing with ED25519
if test "$ENABLED_ED25519" = "no"
then
ENABLED_ED25519=yes
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
ENABLED_CERTS=yes
fi
# Has sha512 hashing
if test "$ENABLED_SHA512" = "no"
then
ENABLED_SHA512="yes"
fi
# Has support for DES3 encrypt/decrypt
if test "$ENABLED_DES3" = "no"
then
ENABLED_DES3="yes"
fi
# Uses alt name
ENABLED_ALTNAMES="yes"
2023-06-22 11:04:03 -06:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_OID_ENCODING -DWOLFSSL_NO_ASN_STRICT"
2021-09-01 08:44:00 -06:00
fi
2022-06-09 16:23:00 +02:00
if test "$ENABLED_STRONGSWAN" = "yes"; then
if test "$ENABLED_CERTREQ" = "no"; then
ENABLED_CERTREQ="yes"
fi
if test "$ENABLED_OCSP" = "no"; then
ENABLED_OCSP="yes"
fi
fi
2021-09-01 08:44:00 -06:00
AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
[AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || \
test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || \
2022-04-08 15:22:16 -07:00
test "$ENABLED_OPENSSLALL" = "yes" || \
2021-09-01 08:44:00 -06:00
test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
2022-06-25 16:14:35 +04:00
test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \
2023-06-22 16:43:10 -07:00
test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
2021-09-01 08:44:00 -06:00
then
ENABLED_OPENSSLEXTRA="yes"
fi
2024-04-16 12:52:46 -05:00
if test "$ENABLED_ED25519" != "no"
2021-09-01 08:44:00 -06:00
then
if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
ENABLED_ED25519_SMALL=yes
ENABLED_CURVE25519_SMALL=yes
ENABLED_ED25519=yes
fi
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
ENABLED_CERTS=yes
fi
2022-10-27 17:47:48 +10:00
if test "$ENABLED_ED25519" != "no" || test "$ENABLED_ED448" != "no"
then
ENABLED_CERTS=yes
fi
2021-09-10 12:17:11 -06:00
if test "$ENABLED_MD5" = "yes"
then
# turn off MD5 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
ENABLED_MD5=no
fi
fi
2021-09-01 08:44:00 -06:00
2022-10-27 17:47:48 +10:00
if test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_CERTS" = "xno" || \
test "x$ENABLED_ASN" = "xno"
then
ENABLED_CERTS=no
ENABLED_ASN=no
fi
2016-02-23 15:19:04 -03:00
################################################################################
# Check for build-type conflicts #
################################################################################
2015-04-01 11:55:49 -07:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_LEANPSK" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
2016-02-24 16:45:07 -03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_ASN" = "xno"],
2016-02-23 15:19:04 -03:00
[AC_MSG_ERROR([please enable asn if enabling ocsp.])])
2021-02-08 17:12:24 -07:00
AS_IF([test "x$ENABLED_SMIME" = "xyes" && \
test "x$ENABLED_ASN" = "xno"],
[AC_MSG_ERROR([please enable asn if enabling S/MIME.])])
2016-02-24 18:57:16 -03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
2019-10-04 11:21:56 -07:00
# Sync Intel QA and Sync Cavium Octeon require the crypto callback
AS_IF([test "x$ENABLED_INTEL_QA_SYNC" = "xyes" || test "x$ENABLED_OCTEON_SYNC" = "xyes"],
[AS_IF([test "x$ENABLED_CRYPTOCB" = "xno"],
[AC_MSG_ERROR([please enable the crypto callback support using --enable-cryptocb])])])
2019-10-02 10:08:46 -07:00
2016-04-06 09:25:53 -06:00
# checks for pkcs7 needed enables
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
2018-04-03 09:26:57 -07:00
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
2016-04-06 09:25:53 -06:00
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
2022-12-20 00:42:05 -06:00
test "x$ENABLED_SHA" = "xno" && \
test "x$ENABLED_SHA256" = "xno"],
[AC_MSG_ERROR([please enable sha or sha256 if enabling pkcs7.])])
2016-04-06 09:25:53 -06:00
2017-11-20 13:16:44 -07:00
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
2016-04-06 09:25:53 -06:00
AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc if enabling leantls.])])
AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
2020-07-09 13:52:49 -07:00
test "x$ENABLED_RSA" = "xno" && \
2021-08-31 16:28:24 -07:00
test "x$ENABLED_ECC" = "xno" && \
test "x$ENABLED_CURVE25519" = "xno"],
[AC_MSG_ERROR([please enable ecc, rsa or curve25519 if enabling sniffer.])])
2016-04-06 09:25:53 -06:00
2016-09-15 11:17:30 -07:00
# Lean TLS forces off prereqs of SCEP.
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
test "x$ENABLED_LEANTLS" = "xyes"],
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
2016-05-23 17:50:36 -07:00
# CMAC currently requires AES.
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
test "x$ENABLED_AES" = "xno"],
[AC_MSG_ERROR([cannot use CMAC without AES.])])
2021-09-01 08:44:00 -06:00
# certreq requires certgen
AS_IF([test "x$ENABLED_CERT_REQ" = "xyes" && \
test "x$ENABLED_CERT_GEN" = "xno"],
[AC_MSG_ERROR([cannot use certreq without certgen.])])
# ed25519 requires sha512
AS_IF([test "x$ENABLED_ED25519" = "xyes" && \
2021-09-20 13:38:52 -05:00
test "x$ENABLED_SHA512" = "xno" && \
test "x$ENABLED_32BIT" = "xno"],
2021-09-01 08:44:00 -06:00
[AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])])
# ed25519 stream requires ed25519
AS_IF([test "x$ENABLED_ED25519_STREAM" = "xyes" && \
test "x$ENABLED_ED25519" = "xno"],
[AC_MSG_ERROR([ED25519 verify streaming enabled but ED25519 is disabled])])
2022-02-08 10:40:05 +10:00
# Ensure only one size is enabled
AS_IF([test "x$ENABLED_64BIT" = "xyes" && \
test "x$ENABLED_32BIT" = "xyes"],
[AC_MSG_ERROR([cannot specify 64-bit build and 32-bit build.])])
AS_IF([test "x$ENABLED_64BIT" = "xyes" && \
test "x$ENABLED_16BIT" = "xyes"],
[AC_MSG_ERROR([cannot specify 64-bit build and 16-bit build.])])
AS_IF([test "x$ENABLED_32BIT" = "xyes" && \
test "x$ENABLED_16BIT" = "xyes"],
[AC_MSG_ERROR([cannot specify 32-bit build and 16-bit build.])])
# 16-bit build not supported with SP
AS_IF([test "x$ENABLED_16BIT" = "xyes" && \
test "x$ENABLED_SP" = "xyes"],
[AC_MSG_ERROR([16-bit build not available with SP.])])
2016-02-23 15:19:04 -03:00
################################################################################
# Update CFLAGS based on options #
################################################################################
2023-04-13 14:38:35 -07:00
AS_IF([test "x$ENABLED_SP_MATH_ALL" = "xno" && test "x$ENABLED_FASTMATH" = "xno" &&
test "x$ENABLED_HEAPMATH" = "xno"],
[AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"])
2022-10-07 11:19:34 -07:00
AS_IF([test "x$ENABLED_CERTS" = "xno"],
[AM_CFLAGS="$AM_CFLAGS -DNO_CERTS"])
AS_IF([test "x$ENABLED_ASN" = "xno"],
[AM_CFLAGS="$AM_CFLAGS -DNO_ASN"])
AS_IF([test "x$ENABLED_SYS_CA_CERTS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SYS_CA_CERTS"])
2015-04-01 11:55:49 -07:00
2024-01-18 16:20:57 -05:00
AS_IF([test "x$ENABLED_DUAL_ALG_CERTS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DUAL_ALG_CERTS"])
2024-03-30 13:45:32 +00:00
AS_IF([test "x$ENABLED_RPK" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_RPK"])
2021-09-01 08:44:00 -06:00
AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES"])
AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
AS_IF([test "x$ENABLED_CERTREQ" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"])
AS_IF([test "x$ENABLED_CERTGEN" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"])
AS_IF([test "x$ENABLED_CERTEXT" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"])
2024-04-17 00:40:39 -05:00
AS_IF([test "x$ENABLED_ED25519" = "xyes"],
2021-09-01 08:44:00 -06:00
[AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"])
2024-04-17 00:40:39 -05:00
AS_IF([test "x$ENABLED_ED25519" = "xyes"],
2023-07-13 17:24:36 +10:00
[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_ED25519"])
2021-09-01 08:44:00 -06:00
AS_IF([test "x$ENABLED_ED25519_SMALL" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"])
2022-06-09 16:23:00 +02:00
AS_IF([test "x$ENABLED_OCSP" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"])
AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA"])
2022-06-25 16:14:35 +04:00
AS_IF([test "x$ENABLED_OPENLDAP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"])
2022-10-19 10:10:48 -06:00
if test "$ENABLED_ED25519_STREAM" != "no" && test "$ENABLED_SE050" != "yes"
2021-09-01 08:44:00 -06:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
fi
2021-10-06 11:55:40 -06:00
if test "$ENABLED_ERROR_QUEUE" = "no" || test "$ENABLED_JNI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_QUEUE"
fi
2021-09-01 08:44:00 -06:00
AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"],
2022-08-01 10:52:09 -07:00
[AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_CERT_NAME_ALL"])
2021-09-01 08:44:00 -06:00
2022-01-14 16:52:03 -08:00
AS_IF([test "x$ENABLED_AESSIV" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_SIV"])
2021-09-01 08:44:00 -06:00
AS_IF([test "x$ENABLED_AESCTR" = "xyes" && test "x$ENABLED_FORTRESS" != "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"])
if test "$ENABLED_MD5" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
fi
2023-11-13 07:40:40 +10:00
AS_IF([test "x$ENABLED_AESBS" = "xyes" && test "x$ENABLED_ARMASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"])
2022-02-14 17:22:10 +10:00
if test "$ENABLED_HMAC" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_HMAC"
fi
2021-09-01 08:44:00 -06:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
2023-08-10 22:07:26 -04:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
2021-09-01 08:44:00 -06:00
fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
then
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
2021-09-01 08:44:00 -06:00
fi
2016-09-15 14:53:28 -07:00
2016-09-15 11:17:30 -07:00
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
if test "x$ENABLED_PKCS7" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
# Enable prereqs if not already enabled
2016-12-09 17:22:09 -07:00
if test "x$ENABLED_AESKEYWRAP" = "xno"
then
ENABLED_AESKEYWRAP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
2020-07-16 16:06:22 -07:00
if test "x$ENABLED_X963KDF" = "xno" && test "$ENABLED_ECC" != "no"
2016-12-09 17:22:09 -07:00
then
ENABLED_X963KDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
2016-09-15 11:17:30 -07:00
fi
if test "x$ENABLED_DES3" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
2024-03-14 10:34:38 -07:00
if test "x$ENABLED_DES3_TLS_SUITES" = "xno"
2021-03-12 14:39:25 +01:00
then
2024-03-14 10:34:38 -07:00
AM_CFLAGS="$AM_CFLAGS -DNO_DES3_TLS_SUITES"
2021-03-12 14:39:25 +01:00
else
AS_IF([test "x$ENABLED_DES3" = "xno"],
2024-03-14 10:34:38 -07:00
[AC_MSG_ERROR([DES3 TLS suites require DES3])])
2021-03-12 14:39:25 +01:00
fi
2020-10-14 14:08:06 +10:00
if test "$ENABLED_AESGCM" != "no"
then
2021-08-24 11:28:10 +10:00
if test "$ENABLED_AESGCM" = "word"
then
ENABLED_AESGCM=yes
fi
2020-10-14 14:08:06 +10:00
if test "$ENABLED_AESGCM" = "word32"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "table"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "4bit"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE_4BIT"
ENABLED_AESGCM=yes
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
fi
2021-03-04 16:01:45 +10:00
if test "$ENABLED_AESGCM_STREAM" != "no"
then
2021-03-17 11:31:03 +10:00
if test "$ENABLED_AESGCM" = "no"
then
AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled])
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
fi
2021-03-04 16:01:45 +10:00
fi
2020-10-14 14:08:06 +10:00
2024-05-11 02:36:27 -05:00
if test "$ENABLED_AESXTS_STREAM" != "no"
then
if test "$ENABLED_AESXTS" = "no"
then
AC_MSG_ERROR([AES-XTS streaming enabled but AES-XTS is disabled])
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESXTS_STREAM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESXTS_STREAM"
fi
fi
2021-07-26 19:38:46 +02:00
if test "$ENABLED_IOTSAFE" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IOTSAFE"
ENABLED_IOTSAFE=yes
fi
if test "$ENABLED_IOTSAFE_HWRNG" != "no"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_IOTSAFE_HWRNG"
ENABLED_IOTSAFE_HWRNG=yes
fi
2022-02-04 16:05:58 -05:00
if test "x$ENABLED_WOLFENGINE" = "xyes"
2022-01-31 11:56:11 -05:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_ECB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=192"
fi
2022-03-14 15:54:39 -04:00
if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"
2022-01-31 11:56:11 -05:00
then
AM_CFLAGS="$AM_CFLAGS -DSha3=wc_Sha3"
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES"
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_MD5_NAME"
fi
2022-12-16 13:42:01 -05:00
if test "$ENABLED_WOLFENGINE" = "yes" && test "$FIPS_VERSION" != "v2"
2022-01-31 11:56:11 -05:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_LONG_SALT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
fi
2016-09-15 11:17:30 -07:00
2015-04-01 11:55:49 -07:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
2022-06-10 12:52:34 -07:00
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH -DWOLFSSL_CIPHER_TEXT_CHECK"])
2015-04-01 11:55:49 -07:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_OLD_TLS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no])
2015-08-13 10:20:47 +02:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_SSLV3" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
2016-08-24 13:17:38 -07:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
2021-10-29 13:59:53 -07:00
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SCTP"])
2016-08-24 13:17:38 -07:00
2022-01-13 16:09:11 -08:00
AS_IF([test "x$ENABLED_SRTP" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SRTP"])
2016-12-06 14:08:52 -08:00
AS_IF([test "x$ENABLED_MCAST" = "xyes"],
2021-10-29 13:59:53 -07:00
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTICAST"])
2016-12-06 14:08:52 -08:00
2018-07-18 17:26:25 -06:00
# WOLFSSL_AFALG does not support SHA224 yet
AS_IF([(test "x$ENABLED_AFALG" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")],
[AC_MSG_ERROR([--enable-sha224 with --enable-afalg not yet supported])])
2018-08-17 09:46:16 -06:00
# WOLFSSL_DEVCRYPTO does not support SHA224 yet
2021-12-08 23:59:19 +00:00
AS_IF([(test "x$ENABLED_DEVCRYPTO" = "xyes") && \
(test "x$ENABLED_CAAM" = "xno") && \
(test "x$ENABLED_SHA224" = "xyes")],
2018-08-17 09:46:16 -06:00
[AC_MSG_ERROR([--enable-sha224 with --enable-devcrypto not yet supported])])
2022-06-09 16:23:00 +02:00
# SCTP, Multicast, SRTP, and strongSwan require DTLS
2016-12-06 14:08:52 -08:00
AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
2022-06-09 16:23:00 +02:00
(test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes" || \
test "x$ENABLED_SRTP" = "xyes" || \
test "x$ENABLED_STRONGSWAN" = "xyes")],
2021-10-29 13:59:53 -07:00
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
2016-08-01 07:51:42 -07:00
ENABLED_DTLS=yes])
2016-12-15 11:43:15 -08:00
# Multicast requires the null cipher
AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \
test "x$ENABLED_MCAST" = "xyes"],
2021-10-29 13:59:53 -07:00
[AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
2016-12-15 11:43:15 -08:00
ENABLED_NULL_CIPHER=yes])
2017-10-04 15:24:22 -07:00
# wolfSSH and WPA Supplicant both need Public MP, only enable once.
# This will let you know if you enabled wolfSSH but have any of the prereqs
# disabled. Some of these options, disabling them adds things to the FLAGS and
# you need to check and add items in two places depending on the option.
2021-10-29 13:59:53 -07:00
AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"])])
2017-10-04 15:24:22 -07:00
2019-10-23 15:51:19 -07:00
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
if test "x$ENABLED_OPENSSLALL" = "xyes"; then
AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall])
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xyes"; then
AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
fi
fi
2020-10-28 11:47:31 +10:00
refactor AESNI implementations and *VECTOR_REGISTERS* macros to allow dynamic as-needed fallback to pure C, via WC_AES_C_DYNAMIC_FALLBACK.
wolfssl/wolfcrypt/aes.h: add key_C_fallback[] to struct Aes, and remove comment that "AESNI needs key first, rounds 2nd, not sure why yet" now that AES_128_Key_Expansion_AESNI no longer writes rounds after the expanded key.
wolfcrypt/src/aes.c:
* add _AESNI or _aesni suffixes/infixes to AESNI implementations that were missing them: AES_CBC_encrypt(), AES_CBC_decrypt_by*(), AES_ECB_encrypt(), AES_*_Key_Expansion(), AES_set_encrypt_key(), AES_set_decrypt_key(), AES_GCM_encrypt(), AES_GCM_decrypt(), AES_XTS_encrypt(), and AES_XTS_decrypt().
* move key size check from to start of wc_AesSetKeyLocal().
* refactor pure-C AES setkey and cipher implementations to use aes->key_C_fallback when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor wc_AesSetKeyLocal() to set up both AESNI and pure-C expanded keys when defined(WC_AES_C_DYNAMIC_FALLBACK).
* refactor all (haveAESNI && aes->use_aesni) conditions to just (aes->use_aesni).
* add macros VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, which do nothing but push a brace level when !defined(WC_AES_C_DYNAMIC_FALLBACK), but when defined(WC_AES_C_DYNAMIC_FALLBACK), they call SAVE_VECTOR_REGISTERS2() and on failure, temporarily clear aes->use_aesni and restore at _POP().
* refactor all invocations of SAVE_VECTOR_REGISTERS() and RESTORE_VECTOR_REGISTERS() to VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, except in wc_AesSetKeyLocal(), wc_AesXtsEncrypt(), and wc_AesXtsDecrypt(), which are refactored to use SAVE_VECTOR_REGISTERS2(), with graceful failure concealment if defined(WC_AES_C_DYNAMIC_FALLBACK).
* orthogonalize cleanup code in wc_AesCbcEncrypt(), wc_AesCcmEncrypt() and wc_AesCcmDecrypt().
* streamline fallthrough software definitions of wc_AesEncryptDirect() and wc_AesDecryptDirect(), and remove special-casing for defined(WOLFSSL_LINUXKM)&&defined(WOLFSSL_AESNI).
wolfcrypt/src/aes_asm.{S,asm}:
* remove errant "movl $10, 240(%rsi)" from AES_128_Key_Expansion_AESNI.
* add _AESNI suffixes/infixes to implementations that needed them.
wolfcrypt/src/{aes_gcm_asm.{S,asm},aes_xts_asm.S}: regenerate from revisions in scripts#357 -- adds _aesni suffixes to implementations that were missing them.
wolfssl/wolfcrypt/types.h: remove DEBUG_VECTOR_REGISTER_ACCESS macros, and add dummy fallthrough definitions for SAVE_VECTOR_REGISTERS2 and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
wolfssl/wolfcrypt/memory.h: adopt DEBUG_VECTOR_REGISTER_ACCESS code from types.h, and add definitions for WC_DEBUG_VECTOR_REGISTERS_RETVAL_INITVAL and WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL.
linuxkm/linuxkm_wc_port.h: add arch-specific macro definitions for SAVE_VECTOR_REGISTERS2().
wolfcrypt/benchmark/benchmark.c: add missing gates around calls to RESTORE_VECTOR_REGISTERS().
configure.ac:
* cover various interdependencies in enable-all/enable-all-crypto, for better behavior in combination with --disable-aesgcm, --disable-ecc, --disable-ocsp, --disable-hmac, --disable-chacha, --disable-ed25519, and --disable-ed448.
* inhibit aesgcm_stream in enable-all/enable-all-crypto when ENABLED_LINUXKM_DEFAULTS, because it is currently incompatible with WC_AES_C_DYNAMIC_FALLBACK.
* add -DWC_AES_C_DYNAMIC_FALLBACK when ENABLED_LINUXKM_DEFAULTS.
* add 3 new interdependency checks: "ECCSI requires ECC.", "SAKKE requires ECC.", "WOLFSSH requires HMAC."
wolfcrypt/src/asn.c: tweak gating to accommodate defined(NO_RSA) && !defined(HAVE_ECC).
wolfcrypt/src/evp.c: tweak gating to accommodate defined(NO_HMAC).
wolfcrypt/src/logging.c: remove DEBUG_VECTOR_REGISTER_ACCESS code (moved to memory.c).
wolfcrypt/src/memory.c: change #include of settings.h to types.h; adopt DEBUG_VECTOR_REGISTER_ACCESS code from logging.c; add implementation of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/src/pwdbased.c: add explanatory #error scrypt requires HMAC.
wolfcrypt/test/test.c:
* add DEBUG_VECTOR_REGISTER_ACCESS clauses to aes_xts_128_test(), aesecb_test(), aesctr_test(), aes_test() CBC section, aes256_test() CBC section, and aesgcm_default_test_helper()
* remove duplicate wc_AesEcbDecrypt() in aesecb_test().
* add gating for pbkdf2_test().
* fix cleanup code in dsa_test().
* fix gating in pkcs7authenveloped_run_vectors() to accommodate !defined(HAVE_AESGCM).
* fix gating in cryptocb_test() to accommodate defined(NO_HMAC).
wolfssl/wolfcrypt/cryptocb.h: remove gates around "pk" sub-struct of struct wc_CryptoInfo -- wc_CryptoInfo.pk.type (an int) is used unconditionally when --enable-debug, and is used with DH.
wolfssl/wolfcrypt/error-crypt.h: fix whitespace.
2023-11-17 01:15:28 -06:00
if test "$ENABLED_WOLFSSH" = "yes" && test "$ENABLED_HMAC" = "no"
then
AC_MSG_ERROR([WOLFSSH requires HMAC.])
fi
2020-12-14 11:09:56 -08:00
AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_WOLFSSH"])
2022-01-10 15:55:37 -08:00
# only allow secure renegotiation info with TLSV12 and ASN
if test "x$ENABLED_ASN" = "xno" || \
test "x$ENABLED_TLSV12" = "xno" || \
test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"; then
ENABLED_SECURE_RENEGOTIATION_INFO="no"
fi
if test "x$ENABLED_SECURE_RENEGOTIATION_INFO" = "xyes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SERVER_RENEGOTIATION_INFO"
2020-10-28 11:47:31 +10:00
fi
2021-07-28 10:31:15 -07:00
2022-07-06 17:31:56 -05:00
if test "$ENABLED_COMPKEY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
fi
2022-01-10 15:55:37 -08:00
2022-07-06 17:31:56 -05:00
# Deprecated Algorithm Handling
2021-07-28 10:31:15 -07:00
if test "$ENABLED_ARC4" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_RC4"
fi
2022-06-23 15:00:59 -05:00
# Link with the math library iff needed.
if test "$ENABLED_DH" != "no" && test "$ENABLED_DH" != "const"; then
LT_LIB_M
fi
2016-02-23 15:19:04 -03:00
################################################################################
2013-03-20 14:37:05 -07:00
2019-04-30 11:45:48 -07:00
# USER SETTINGS
if test "x$ENABLED_USERSETTINGS" = "xyes"
then
2022-10-18 09:20:06 -07:00
# Replace all options and just use WOLFSSL_USER_SETTINGS and
# WOLFSSL_USER_SETTINGS_ASM.
AM_CFLAGS="-DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM"
# Generate assembly-safe user_settings_asm.h (just preprocessor directives
# from user_settings.h).
$srcdir/scripts/user_settings_asm.sh "$CPPFLAGS $CFLAGS $CXXFLAGS"
if test $? -ne 0; then
AC_MSG_ERROR([$srcdir/scripts/user_settings_asm.sh failed.])
fi
2019-04-30 11:45:48 -07:00
fi
2011-02-05 11:14:47 -08:00
# OPTIMIZE FLAGS
2016-11-22 11:25:40 -08:00
# For distro disable custom build options that interfere with symbol generation
if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
2011-02-05 11:14:47 -08:00
then
2024-04-23 11:26:27 -04:00
if test "$ENABLED_CUDA" != "yes"
then
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
fi
2012-10-22 11:37:46 -07:00
if test "$ax_enable_debug" = "no"
2011-02-05 11:14:47 -08:00
then
2018-03-28 13:17:25 -07:00
AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
2011-02-05 11:14:47 -08:00
if test "$ENABLED_FASTMATH" = "yes"
then
2011-08-24 15:54:58 -07:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
2011-02-05 11:14:47 -08:00
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
2011-08-24 15:54:58 -07:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
2011-02-05 11:14:47 -08:00
fi
else
2022-02-10 15:54:10 -06:00
if (test "$ENABLED_SP" = "yes" || test "$ENABLED_SP_MATH_ALL" = "yes") && test "$ENABLED_SP_SMALL" = "no"
2020-01-06 15:23:45 +10:00
then
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA"
fi
else
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
fi
2011-02-05 11:14:47 -08:00
fi
2018-03-27 16:41:39 -07:00
])
2011-02-05 11:14:47 -08:00
fi
fi
2014-07-10 11:18:49 -06:00
# ICC command line warning for non supported warning flags
if test "$CC" = "icc"
then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
2015-08-13 10:20:47 +02:00
# Expose HAVE___UINT128_T to options flags"
if test "$ac_cv_type___uint128_t" = "yes"
then
2019-04-30 11:45:48 -07:00
AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1"
2015-08-13 10:20:47 +02:00
fi
2011-02-05 11:14:47 -08:00
LIB_SOCKET_NSL
2014-02-17 15:33:07 -08:00
AX_HARDEN_CC_COMPILER_FLAGS
2011-02-05 11:14:47 -08:00
2013-05-01 14:17:11 -06:00
case $host_os in
2016-04-01 15:45:53 -07:00
mingw*)
2022-12-03 17:00:44 -06:00
# if mingw then link to ws2_32 for sockets, and crypt32
2016-04-15 16:04:15 -06:00
LDFLAGS="$LDFLAGS -lws2_32"
2022-12-03 17:00:44 -06:00
LIB_ADD="$LIB_ADD -lcrypt32"
2016-04-15 16:04:15 -06:00
if test "$enable_shared" = "yes"
then
AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
if test "$enable_static" = "yes"
then
MINGW_LIB_WARNING="yes"
fi
fi ;;
2013-05-01 14:17:11 -06:00
esac
2022-05-27 16:30:59 +10:00
if test "$enable_shared" = "no"; then
if test "$enable_static" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_STATIC_BUILD"
fi
fi
2020-08-18 23:38:00 -05:00
if test "x$ENABLED_LINUXKM" = "xyes"; then
2020-09-01 14:40:53 -05:00
AX_SIMD_CC_COMPILER_FLAGS
AC_SUBST([CFLAGS_FPU_DISABLE])
AC_SUBST([CFLAGS_FPU_ENABLE])
AC_SUBST([CFLAGS_SIMD_DISABLE])
AC_SUBST([CFLAGS_SIMD_ENABLE])
AC_SUBST([CFLAGS_AUTO_VECTORIZE_DISABLE])
AC_SUBST([CFLAGS_AUTO_VECTORIZE_ENABLE])
2020-09-08 23:09:34 -05:00
AC_SUBST([ASFLAGS_FPU_DISABLE_SIMD_ENABLE])
AC_SUBST([ASFLAGS_FPU_ENABLE_SIMD_DISABLE])
AC_SUBST([ASFLAGS_FPUSIMD_DISABLE])
AC_SUBST([ASFLAGS_FPUSIMD_ENABLE])
2020-09-01 14:40:53 -05:00
2022-07-20 18:21:29 -05:00
if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_CRYPTONLY" = "no"; then
AC_MSG_ERROR([--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.])
2021-10-22 16:30:43 -05:00
fi
2020-09-17 22:15:58 -05:00
if test "$ENABLED_FILESYSTEM" = "yes"; then
AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.])
fi
2020-08-18 23:38:00 -05:00
if test "$ENABLED_AFALG" = "yes"; then
AC_MSG_ERROR([--enable-afalg is incompatible with --enable-linuxkm.])
fi
if test "$ENABLED_DEVCRYPTO" = "yes"; then
AC_MSG_ERROR([--enable-devcrypto is incompatible with --enable-linuxkm.])
fi
if test "$ENABLED_PKCS11" = "yes"; then
AC_MSG_ERROR([--enable-pkcs11 is incompatible with --enable-linuxkm.])
fi
if test "$ENABLED_JNI" = "yes"; then
AC_MSG_ERROR([--enable-jni is incompatible with --enable-linuxkm.])
fi
if test "$ENABLED_16BIT" = "yes"; then
AC_MSG_ERROR([--enable-16bit is incompatible with --enable-linuxkm.])
fi
if test "$ENABLED_SINGLETHREADED" = "yes"; then
AC_MSG_ERROR([--enable-singlethreaded is incompatible with --enable-linuxkm.])
fi
if test "$ENABLED_VALGRIND" = "yes"; then
AC_MSG_ERROR([--enable-valgrind is incompatible with --enable-linuxkm.])
fi
2020-08-20 11:42:34 -05:00
if test "$ENABLED_FASTMATH" = "yes"; then
2020-09-03 23:22:48 -05:00
AC_MSG_ERROR([--enable-fastmath is incompatible with --enable-linuxkm (exceeds stack limit).])
2020-08-20 11:42:34 -05:00
fi
2020-09-04 23:52:17 -05:00
if test "$ENABLED_LIBZ_RSA" = "yes"; then
AC_MSG_ERROR([--with-libz is incompatible with --enable-linuxkm.])
fi
2020-08-20 11:42:34 -05:00
if test "$ENABLED_IOPOOL" = "yes"; then
AC_MSG_ERROR([--enable-iopool is incompatible with --enable-linuxkm.])
fi
2020-08-18 23:38:00 -05:00
if test "$ENABLED_EXAMPLES" = "yes"; then
2020-08-20 15:41:18 -05:00
AC_MSG_ERROR([--enable-examples is incompatible with --enable-linuxkm.])
2020-08-18 23:38:00 -05:00
fi
2020-08-20 15:41:18 -05:00
if test "$ENABLED_SMALL_STACK" != "yes"; then
AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.])
fi
2022-06-24 15:55:08 -05:00
if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
2020-12-01 18:26:22 -06:00
AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.])
2020-08-20 15:41:18 -05:00
fi
2020-12-23 12:03:06 -06:00
if test "$ENABLED_STACKSIZE" != "no"; then
2020-09-02 14:20:51 -05:00
AC_MSG_ERROR([--enable-stacksize is incompatible with --enable-linuxkm.])
fi
if test "$ENABLED_STACKLOG" = "yes"; then
AC_MSG_ERROR([--enable-stacklog is incompatible with --enable-linuxkm.])
fi
2020-09-02 23:59:03 -05:00
if test "$ENABLED_COMPKEY" = "yes"; then
AC_MSG_ERROR([--enable-compkey is incompatible with --enable-linuxkm.])
fi
2020-08-18 23:38:00 -05:00
fi
2017-05-11 14:32:21 -07:00
2019-06-20 13:37:53 -07:00
# The following AM_CONDITIONAL statements set flags for use in the Makefiles.
# Some of these affect build targets and objects, some trigger different
# test scripts for make check.
AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SCTP],[test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-01-13 16:09:11 -08:00
AM_CONDITIONAL([BUILD_SRTP],[test "x$ENABLED_SRTP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_MCAST],[test "x$ENABLED_MCAST" = "xyes"])
AM_CONDITIONAL([BUILD_IPV6],[test "x$ENABLED_IPV6" = "xyes"])
AM_CONDITIONAL([BUILD_LEANPSK],[test "x$ENABLED_LEANPSK" = "xyes"])
AM_CONDITIONAL([BUILD_LEANTLS],[test "x$ENABLED_LEANTLS" = "xyes"])
AM_CONDITIONAL([BUILD_LOWMEM],[test "x$ENABLED_LOWRESOURCE" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB],[test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes"])
AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
AM_CONDITIONAL([BUILD_AESXTS],[test "x$ENABLED_AESXTS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
2022-02-07 09:20:49 +10:00
AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
2022-05-18 16:23:48 +10:00
AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"])
2023-07-13 17:24:36 +10:00
AM_CONDITIONAL([BUILD_ARMASM_NEON],[test "x$ENABLED_ARMASM_NEON" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
2022-09-30 16:19:40 +10:00
AM_CONDITIONAL([BUILD_X86_ASM],[test "x$ENABLED_X86_ASM" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_AFALG],[test "x$ENABLED_AFALG" = "xyes"])
2021-08-19 11:25:59 +10:00
AM_CONDITIONAL([BUILD_KCAPI],[test "x$ENABLED_KCAPI" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_DEVCRYPTO],[test "x$ENABLED_DEVCRYPTO" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_BLAKE2],[test "x$ENABLED_BLAKE2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-07-16 16:06:22 -07:00
AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-06-02 13:10:18 -07:00
AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2024-04-27 01:12:58 -05:00
AM_CONDITIONAL([BUILD_CURVE25519],[test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE25519_INTELASM],[test "$ENABLED_CURVE25519" != "noasm" && test "$ENABLED_INTELASM" = "yes"])
2022-06-02 13:10:18 -07:00
AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-02-19 18:07:45 +10:00
AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"])
AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2023-07-06 10:55:53 -05:00
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2023-10-09 10:13:32 -05:00
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-09-08 11:23:30 +10:00
AM_CONDITIONAL([BUILD_WC_KYBER],[test "x$ENABLED_WC_KYBER" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2021-01-12 12:25:52 +10:00
AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-06-23 15:00:59 -05:00
AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2023-05-02 18:10:25 -07:00
AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_MD5],[test "x$ENABLED_MD5" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
2022-10-20 11:56:08 +02:00
AC_SUBST([ENABLED_FIPS])
2021-09-27 18:07:37 -05:00
AM_CONDITIONAL([BUILD_FIPS_V1],[test "$HAVE_FIPS_VERSION" = 1])
2022-03-09 10:35:39 -08:00
AM_CONDITIONAL([BUILD_FIPS_V2],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 0])
AM_CONDITIONAL([BUILD_FIPS_RAND],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1])
2021-09-27 18:07:37 -05:00
AM_CONDITIONAL([BUILD_FIPS_V5],[test "$HAVE_FIPS_VERSION" = 5])
2024-03-22 20:12:29 -04:00
AM_CONDITIONAL([BUILD_FIPS_V6],[test $HAVE_FIPS_VERSION -ge 6])
2021-09-27 18:07:37 -05:00
AM_CONDITIONAL([BUILD_FIPS_CURRENT],[test "$HAVE_FIPS_VERSION" -ge 2 ])
2022-03-09 10:35:39 -08:00
# BUILD_FIPS_CURRENT is for builds after cert 2425.
2022-01-14 13:56:23 +10:00
AM_CONDITIONAL([BUILD_SIPHASH],[test "x$ENABLED_SIPHASH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-06-17 15:12:55 -07:00
AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2021-04-08 12:46:05 +02:00
AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes" || test "x$ENABLED_CHACHA" = "xnoasm" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-10-01 12:21:38 -05:00
AM_CONDITIONAL([BUILD_XCHACHA],[test "x$ENABLED_XCHACHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2023-02-10 11:48:59 +10:00
AM_CONDITIONAL([BUILD_SM2],[test "x$ENABLED_SM2" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SM3],[test "x$ENABLED_SM3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SM4],[test "x$ENABLED_SM4" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
2021-08-24 11:12:12 -07:00
AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
2023-07-06 10:55:53 -05:00
AM_CONDITIONAL([BUILD_LIBLMS],[test "x$ENABLED_LIBLMS" = "xyes"])
2023-10-05 09:18:50 -05:00
AM_CONDITIONAL([BUILD_LIBXMSS],[test "x$ENABLED_LIBXMSS" = "xyes"])
2021-04-28 10:28:35 -07:00
AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-10-11 16:40:08 -06:00
AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes" && test "x$ENABLED_OPENSSLEXTRA" = "xno"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-01-14 14:02:55 -08:00
AM_CONDITIONAL([BUILD_HEAPMATH],[test "x$ENABLED_HEAPMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
2023-04-28 12:10:05 +10:00
AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes"] && [test "x$ENABLED_ASN_PRINT" = "xyes"] && [test "x$ENABLED_ASN" = "xyes"])
2020-09-17 02:22:35 -05:00
AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
2021-09-25 10:31:06 -07:00
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS_LIBS],[test "x$ENABLED_CRYPT_TESTS_LIBS" = "xyes"])
2023-02-16 14:20:57 -08:00
AM_CONDITIONAL([BUILD_LIBZ],[test "x$ENABLED_LIBZ" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_PKCS11],[test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS12],[test "x$ENABLED_PKCS12" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2021-08-03 14:45:45 -07:00
AM_CONDITIONAL([BUILD_PKCS8],[test "x$ENABLED_PKCS8" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_CAVIUM],[test "x$ENABLED_CAVIUM" = "xyes"])
AM_CONDITIONAL([BUILD_CAVIUM_V],[test "x$ENABLED_CAVIUM_V" = "xyes"])
2019-10-04 11:21:56 -07:00
AM_CONDITIONAL([BUILD_OCTEON_SYNC],[test "x$ENABLED_OCTEON_SYNC" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"])
2019-10-02 10:08:46 -07:00
AM_CONDITIONAL([BUILD_INTEL_QA_SYNC],[test "x$ENABLED_INTEL_QA_SYNC" = "xyes"])
2022-10-20 11:56:08 +02:00
INCLUDE_SP_INT="no"
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-05-19 18:19:11 -05:00
AM_CONDITIONAL([BUILD_SP_C32],[ ( ( (test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \
2022-01-05 11:06:25 -08:00
|| test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \
2022-02-08 10:40:05 +10:00
|| test "x$ENABLED_USERSETTINGS" = "xyes") && test "x$ENABLED_64BIT" != "xyes"])
2022-05-19 18:19:11 -05:00
AM_CONDITIONAL([BUILD_SP_C64],[ ( ( (test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \
2021-09-20 13:38:52 -05:00
|| test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \
2022-02-08 10:40:05 +10:00
|| test "x$ENABLED_USERSETTINGS" = "xyes") && test "x$ENABLED_32BIT" != "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_ARM_CORTEX],[test "x$ENABLED_SP_ARM_CORTEX_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_X86_64],[test "x$ENABLED_SP_X86_64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2020-01-06 15:23:45 +10:00
AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" || test "x$ENABLED_SP_MATH_ALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-10-20 11:56:08 +02:00
AM_COND_IF([BUILD_SP], [INCLUDE_SP_INT="yes"])
AM_COND_IF([BUILD_SP_INT], [INCLUDE_SP_INT="yes"])
AC_SUBST([INCLUDE_SP_INT])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_CRYPTOCB],[test "x$ENABLED_CRYPTOCB" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_PSK],[test "x$ENABLED_PSK" = "xyes"])
2020-01-22 14:26:16 -08:00
AM_CONDITIONAL([BUILD_TRUST_PEER_CERT],[test "x$ENABLED_TRUSTED_PEER_CERT" = "xyes"])
2019-06-20 13:37:53 -07:00
AM_CONDITIONAL([BUILD_PKI],[test "x$ENABLED_PKI" = "xyes"])
2020-01-20 21:35:32 -08:00
AM_CONDITIONAL([BUILD_DES3],[test "x$ENABLED_DES3" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2021-02-08 17:12:24 -07:00
AM_CONDITIONAL([BUILD_SMIME],[test "x$ENABLED_SMIME" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2019-08-27 13:28:33 -07:00
AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"])
2020-09-23 18:30:45 -05:00
AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"])
AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"])
2021-11-08 18:25:15 -06:00
AM_CONDITIONAL([BUILD_BENCHMARK],[test "$ENABLED_BENCHMARK" = "yes"])
2020-09-18 17:04:26 -07:00
AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"])
2024-04-23 11:26:27 -04:00
AM_CONDITIONAL([BUILD_CUDA],[test "x$ENABLED_CUDA" = "xyes"])
2023-02-20 12:55:57 -08:00
AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" != "xno"])
AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM_QNX" = "xyes"])
2021-07-26 19:38:46 +02:00
AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"])
AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"])
2021-08-20 15:45:10 -07:00
AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"])
2022-01-05 11:06:25 -08:00
AM_CONDITIONAL([BUILD_KDF],[test "x$ENABLED_KDF" = "xyes"])
AM_CONDITIONAL([BUILD_HMAC],[test "x$ENABLED_HMAC" = "xyes"])
AM_CONDITIONAL([BUILD_ERROR_STRINGS],[test "x$ENABLED_ERROR_STRINGS" = "xyes"])
AM_CONDITIONAL([BUILD_DO178],[test "x$ENABLED_DO178" = "xyes"])
2021-12-21 13:24:27 +01:00
AM_CONDITIONAL([BUILD_PSA],[test "x$ENABLED_PSA" = "xyes"])
2023-01-03 10:48:00 -08:00
AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-08-08 13:24:00 +02:00
AM_CONDITIONAL([BUILD_QUIC],[test "x$ENABLED_QUIC" = "xyes"])
2022-08-10 16:39:44 +02:00
AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
2023-01-18 11:30:46 -08:00
AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2023-01-03 10:48:00 -08:00
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
2022-09-21 03:21:33 -04:00
AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
2023-07-06 13:05:39 -04:00
AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
2023-12-10 05:47:47 -08:00
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
2019-10-03 00:40:34 +07:00
AM_CONDITIONAL([BUILD_AUTOSAR],[test "x$ENABLED_AUTOSAR" = "xyes"])
2019-06-20 13:37:53 -07:00
2021-08-27 23:03:14 -05:00
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
(test "$ax_enable_debug" = "yes" ||
2020-12-23 12:03:06 -06:00
test "$ENABLED_STACKSIZE" != "no" ||
2020-11-26 00:19:35 -06:00
(test "$ENABLED_LEANTLS" = "no" &&
test "$ENABLED_LEANPSK" = "no" &&
2021-08-27 23:03:14 -05:00
test "$ENABLED_LOWRESOURCE" = "no"))
2020-10-23 15:27:10 -05:00
then
2020-10-28 17:17:06 -05:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_WC_INTROSPECTION"
2020-10-23 15:27:10 -05:00
fi
2021-08-31 22:59:57 -05:00
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
then
2021-10-29 13:59:53 -07:00
AM_CFLAGS="$AM_CFLAGS -include ${output_objdir}/.build_params"
2021-08-31 22:59:57 -05:00
fi
2023-01-25 23:45:21 -06:00
AM_CPPFLAGS="$AM_CPPFLAGS $EXTRA_CPPFLAGS"
AM_CFLAGS="$AM_CFLAGS $EXTRA_CFLAGS"
AM_CCASFLAGS="$AM_CCASFLAGS $EXTRA_CCASFLAGS"
AM_LDFLAGS="$AM_LDFLAGS $EXTRA_LDFLAGS"
2021-08-31 22:59:57 -05:00
2011-08-24 15:54:58 -07:00
CREATE_HEX_VERSION
2012-10-24 11:53:33 -07:00
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_CFLAGS])
AC_SUBST([AM_LDFLAGS])
2015-10-30 16:03:26 -07:00
AC_SUBST([AM_CCASFLAGS])
2015-09-28 10:06:30 -06:00
AC_SUBST([LIB_ADD])
AC_SUBST([LIB_STATIC_ADD])
2024-02-09 13:58:28 +09:00
AC_SUBST([LIBM])
2011-02-05 11:14:47 -08:00
# FINAL
2011-08-24 15:54:58 -07:00
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
2021-02-05 10:40:31 -08:00
AC_CONFIG_FILES([Makefile
wolfssl/version.h
wolfssl/options.h
support/wolfssl.pc
2023-08-09 00:39:55 +02:00
debian/control
debian/changelog
2021-02-05 10:40:31 -08:00
rpm/spec
wolfcrypt/test/test_paths.h
])
AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test])
2011-08-24 15:54:58 -07:00
2012-10-26 02:06:06 -04:00
AX_CREATE_GENERIC_CONFIG
2012-10-26 15:38:37 -07:00
AX_AM_JOBSERVER([yes])
2012-10-26 00:35:52 -04:00
Fix for make distcheck, maintainer-clean, to allow distribution builds.
This the second pass at this after seeing how fips is added to tree in later phases.
This allow autoreconf to be directly called which allows the Makefile to rebuild when seeing that changes have been ( having an autogen.sh is older convention which left to history in the way autotools are invoked )
This fixes "make distcheck" and "make maintainer-clean" which are required by most distributions packaging systems.
The files previously touched by autogen.sh are now properly placed into autoconf.
The include files files are generated by configure. ( There is a note placed in configure.ac as to why and reference to the automake documention for this ). Append to file was done on purpose, touch cannot be in configure safetly. Normally autoheader would be used for this but since the include files are created out of tree, care has to be taken to not overwrite those file.
For the source files, they were moved into the coresponding automake file. It is safe to use touch in automake. Since files can optionally copied from elsewhere, they have to be listed in BUILT_SOURCES. They are written srcdir in order to allow make to do VPATH builds ( which is configure by make distcheck ).
To show fips files are preserved without having the actual fips files, a C style comment can be echoed into the files.
There are a few current, but outstanding issues.
1) config.h needs to be fixed configure.ac to use autoheader in order to allow configure to know to rebuilt depencies on its changes. ( Out of scope for this patch. )
2) verion.h checked into the tree and it is a built file. A make maintainer-clean followed by "git status --ignored" will confirm this. ( Out of scope for this patch )
3) autogen.sh has not been updated to reflect fixes. I believe that for this patch, it should be left alone and checked for regression in Jenkins by itself.
4) There is an out of date .spec file for building RPM which should be updated now that distcheck is working.
5) maintainer-clean should have rule added to remove build-aux testdriver.
This has been tested on current Ubuntu testing, OSX, Fedora 34, and Debian 10.
Additionaly "make distcheck" should be added to regression testing, along with "make maintainer-check".
Other improvement possibilities:
A possible future improvement is to let autoconf handle build with optional out of dist files.
Modify fips configure.ac check to allow for an injection of comments into blank fips files in order to prove distribution of fips/non-fips builds.
Update git rules to use 'make maintainer-clean', 'autoreconf -if', 'make distcheck'.
2021-06-19 20:16:14 -07:00
# See Automake 9.4.1 Built Sources Example
AC_DEFUN([AX_OUT_OF_TREE_FILE],[
AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && >> $srcdir/$1])
])
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/async.h])
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/fips.h])
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h])
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist.h])
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist_mem.h])
2011-02-05 11:14:47 -08:00
AC_OUTPUT
2013-04-12 11:21:38 -07:00
2022-03-02 13:20:22 -07:00
if test "$ENABLED_MAKECLEAN" = "yes"
then
# force make clean
AC_MSG_NOTICE([---])
AC_MSG_NOTICE([Running make clean...])
2022-03-03 15:46:57 -07:00
if test -z "$MAKE"; then
MAKE="make"
fi
2022-03-02 13:20:22 -07:00
if test "$verbose" = "yes"; then
2022-03-03 15:46:57 -07:00
$MAKE clean
2022-03-02 13:20:22 -07:00
else
2022-03-03 15:46:57 -07:00
$MAKE clean >/dev/null
2022-03-02 13:20:22 -07:00
fi
2021-08-25 18:33:20 -05:00
fi
2012-11-29 11:31:57 -08:00
2021-08-27 23:03:14 -05:00
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
then
2023-07-12 13:47:40 -05:00
ESCAPED_ARGS=$(echo "$ac_configure_args" | sed 's/\\/\\\\/g;s/\"/\\\"/g')
ESCAPED_GLOBAL_CFLAGS=$(echo "$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS" | sed 's/\\/\\\\/g;s/\"/\\\"/g')
2023-07-06 16:48:41 +02:00
echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ESCAPED_ARGS\"" > "${output_objdir}/.build_params" &&
2023-07-12 13:47:40 -05:00
echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$ESCAPED_GLOBAL_CFLAGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> "${output_objdir}/.build_params" ||
2021-08-27 23:03:14 -05:00
AC_MSG_ERROR([Couldn't create ${output_objdir}/.build_params.])
2023-01-26 14:53:56 -06:00
else
rm -f "${output_objdir}/.build_params"
2021-08-27 23:03:14 -05:00
fi
2015-08-13 10:20:47 +02:00
# generate user options header
2021-08-25 18:33:20 -05:00
AC_MSG_NOTICE([---])
AC_MSG_NOTICE([Generating user options header...])
2014-12-31 14:06:01 -07:00
2015-01-05 16:58:28 -07:00
OPTION_FILE="wolfssl/options.h"
2013-04-12 11:21:38 -07:00
rm -f $OPTION_FILE
2015-08-13 10:20:47 +02:00
echo "/* wolfssl options.h" > $OPTION_FILE
2013-04-12 16:50:16 -07:00
echo " * generated from configure options" >> $OPTION_FILE
2013-04-12 12:56:44 -07:00
echo " *" >> $OPTION_FILE
2024-04-25 22:44:28 -05:00
echo " * Copyright (C) 2006-2024 wolfSSL Inc." >> $OPTION_FILE
2013-04-12 12:56:44 -07:00
echo " *" >> $OPTION_FILE
2014-12-31 13:04:03 -07:00
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
2013-04-12 12:56:44 -07:00
echo " *" >> $OPTION_FILE
echo " */" >> $OPTION_FILE
2015-08-13 10:20:47 +02:00
echo "" >> $OPTION_FILE
2015-12-17 13:19:17 -07:00
echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2015-08-13 10:20:47 +02:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2013-04-12 11:21:38 -07:00
2023-06-27 13:18:25 -05:00
# Check for supported command to trim option with.
# note: cut requires an argument to exit with success.
2023-04-21 16:05:43 -05:00
if colrm >/dev/null 2>&1 </dev/null; then
2023-03-29 14:11:56 -07:00
TRIM="colrm 3"
2023-06-27 13:18:25 -05:00
elif cut --version >/dev/null 2>&1 </dev/null; then
2023-04-03 15:49:39 -05:00
TRIM="cut -c1-2"
2023-03-29 14:11:56 -07:00
else
2023-04-03 15:49:39 -05:00
AC_MSG_ERROR([Could not find colrm or cut to make options file])
2023-03-29 14:11:56 -07:00
fi
2023-10-03 21:11:59 -05:00
for option in $AM_CPPFLAGS $CPPFLAGS $AM_CFLAGS $CFLAGS; do
2023-03-29 14:11:56 -07:00
opt_type=$(echo $option | $TRIM )
2023-01-25 23:45:21 -06:00
case "$opt_type" in
-D)
2023-04-27 17:38:29 -05:00
option=$(echo "$option" | tr -d '\\')
RHS_only=$(echo "$option" | sed 's/^-D//')
noequalsign=$(echo "$RHS_only" | tr '=' ' ')
2015-04-13 12:01:21 -07:00
if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
then
2021-08-25 18:33:20 -05:00
if test "$verbose" = "yes"; then
AC_MSG_NOTICE([not outputting (N)DEBUG to $OPTION_FILE])
fi
2015-04-13 12:01:21 -07:00
continue
fi
2018-07-10 17:30:47 -07:00
# allow user to ignore system options
2018-07-20 15:14:03 -07:00
ignoresys=$(echo "$noequalsign" | grep '^_.*')
if test -n "$ignoresys"
2015-04-17 09:23:43 -07:00
then
echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
fi
2023-04-27 17:38:29 -05:00
# note need to use both autotools-style [] quoting and shell-style ''
# quoting for sed script with [] character set expression here.
noarg=$(echo "$RHS_only" | sed ['s/\(([^=)]*)\)\{0,1\}=.*//'])
2015-04-17 09:23:43 -07:00
echo "#undef $noarg" >> $OPTION_FILE
echo "#define $noequalsign" >> $OPTION_FILE
2018-07-20 15:14:03 -07:00
if test -n "$ignoresys"
2015-04-17 09:23:43 -07:00
then
echo "#endif" >> $OPTION_FILE
fi
echo "" >> $OPTION_FILE
2023-01-25 23:45:21 -06:00
;;
-U)
RHS_only=$(echo $option | sed 's/^-U//')
echo "#undef $RHS_only" >> $OPTION_FILE
echo "" >> $OPTION_FILE
;;
*)
2021-08-25 18:33:20 -05:00
if test "$verbose" = "yes"; then
2023-01-25 23:45:21 -06:00
AC_MSG_NOTICE([option "$option" is not a preprocessor directive -- not saving to $OPTION_FILE])
2021-08-25 18:33:20 -05:00
fi
2023-01-25 23:45:21 -06:00
;;
esac
2013-04-12 11:21:38 -07:00
done
2015-08-13 10:20:47 +02:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "}" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2015-12-17 13:19:17 -07:00
echo "" >> $OPTION_FILE
echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2013-04-12 11:21:38 -07:00
2023-03-04 12:12:08 -06:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no"
2023-03-02 17:51:13 +01:00
then
SAVE_CFLAGS=$CFLAGS
2023-05-24 11:58:41 +02:00
CFLAGS="$CFLAGS $DEFS -I. -I$srcdir"
2023-03-28 12:44:22 -06:00
if test "$ENABLED_INTEL_QA" = "yes"
then
CFLAGS="$CFLAGS $QAT_FLAGS"
fi
2023-03-06 15:21:23 -06:00
build_pwd="$(pwd)"
cd "$srcdir"
openssl_headers=$(echo wolfssl/openssl/*.h)
cd "$build_pwd"
for header in $openssl_headers
2023-03-02 17:51:13 +01:00
do
AC_CHECK_HEADER([$header], [], [
2023-05-17 01:03:26 -05:00
AC_MSG_ERROR([Header file inconsistency detected -- error including ${header}.])
2023-03-02 17:51:13 +01:00
], [
2023-05-17 01:03:26 -05:00
#include <${OPTION_FILE}>
2023-03-02 17:51:13 +01:00
extern int dummy_int_to_make_compiler_happy;
])
done
CFLAGS=$SAVE_CFLAGS
fi
2021-08-25 18:33:20 -05:00
if test "$silent" != "yes"; then
2016-04-01 15:45:53 -07:00
2013-04-12 11:21:38 -07:00
# output config summary
2012-09-19 23:38:41 -07:00
echo "---"
echo "Configuration summary for $PACKAGE_NAME version $VERSION"
echo ""
2015-11-02 15:51:01 -03:00
echo " * Installation prefix: $prefix"
echo " * System type: $host_vendor-$host_os"
echo " * Host CPU: $host_cpu"
echo " * C Compiler: $CC"
echo " * C Flags: $CFLAGS"
echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS"
echo " * CCAS Flags: $CCASFLAGS"
2023-01-25 23:45:21 -06:00
echo " * LD Flags: $LDFLAGS"
2015-11-02 15:51:01 -03:00
echo " * LIB Flags: $LIB"
2022-12-15 10:37:10 -07:00
echo " * Library Suffix: $LIBSUFFIX"
2020-09-23 18:30:45 -05:00
2020-09-01 14:40:53 -05:00
test "$ENABLED_LINUXKM" = "yes" && \
echo " * Linux Kernel Build Root: $KERNEL_ROOT" && \
echo " * Linux Kernel Build Arch: $KERNEL_ARCH" && \
echo " * fpu disable C flags: $CFLAGS_FPU_DISABLE" && \
echo " * fpu enable C flags: $CFLAGS_FPU_ENABLE" && \
echo " * SIMD disable C flags: $CFLAGS_SIMD_DISABLE" && \
echo " * SIMD enable C flags: $CFLAGS_SIMD_ENABLE" && \
echo " * No-auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_DISABLE" && \
2020-09-08 23:09:34 -05:00
echo " * Auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_ENABLE" && \
echo " * SIMD enable as flags: $ASFLAGS_FPU_DISABLE_SIMD_ENABLE" && \
echo " * FPU enable as flags: $ASFLAGS_FPU_ENABLE_SIMD_DISABLE" && \
echo " * SIMD+FPU disable as flags: $ASFLAGS_FPUSIMD_DISABLE" && \
2021-08-19 11:15:52 -05:00
echo " * SIMD+FPU enable as flags: $ASFLAGS_FPUSIMD_ENABLE" && \
echo " * Linux kernel module PIE: $ENABLED_LINUXKM_PIE"
2020-09-23 18:30:45 -05:00
2015-11-02 15:51:01 -03:00
echo " * Debug enabled: $ax_enable_debug"
2017-08-10 17:27:22 +10:00
echo " * Coverage enabled: $ax_enable_coverage"
2015-11-02 15:51:01 -03:00
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout"
2015-08-13 10:20:47 +02:00
echo
2012-10-19 22:00:17 -04:00
echo " Features "
2024-03-18 13:47:38 -05:00
if test "$ENABLED_EXPERIMENTAL" = "yes"
then
echo " * Experimental settings: Allowed"
else
echo " * Experimental settings: Forbidden"
fi
2020-11-26 00:19:35 -06:00
if test "$ENABLED_FIPS" = "yes"; then
echo " * FIPS: $FIPS_VERSION"
else
echo " * FIPS: $ENABLED_FIPS"
fi
2015-11-02 15:51:01 -03:00
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
2017-09-25 18:47:36 -07:00
echo " * OpenSSL Coexist: $ENABLED_OPENSSLCOEXIST"
echo " * Old Names: $ENABLED_OLDNAMES"
2015-11-02 15:51:01 -03:00
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
2016-08-22 10:00:37 -06:00
echo " * Distro Build: $ENABLED_DISTRO"
2021-02-11 00:12:05 -06:00
echo " * Reproducible Build: $ENABLED_REPRODUCIBLE_BUILD"
2022-06-24 15:55:08 -05:00
echo " * Side-channel Hardening: $ENABLED_HARDEN"
2022-01-14 14:02:55 -08:00
echo " * Single Precision Math: $ENABLED_SP"
if test "$ENABLED_SP_MATH_ALL" != "no"
then
ENABLED_SP_MATH_DESC="all"
else
if test "$ENABLED_SP_MATH" != "no"
then
ENABLED_SP_MATH_DESC="restricted"
else
ENABLED_SP_MATH_DESC="no"
fi
fi
echo " * SP implementation: $ENABLED_SP_MATH_DESC"
echo " * Fast Math: $ENABLED_FASTMATH"
echo " * Heap Math: $ENABLED_HEAPMATH"
2017-11-06 14:37:34 -08:00
echo " * Assembly Allowed: $ENABLED_ASM"
2015-11-02 15:51:01 -03:00
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"
echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
2018-07-25 11:22:48 +10:00
echo " * AES-CBC: $ENABLED_AESCBC"
2021-03-26 14:04:25 -05:00
echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
2015-11-02 15:51:01 -03:00
echo " * AES-GCM: $ENABLED_AESGCM"
2021-07-14 15:32:33 -05:00
echo " * AES-GCM streaming: $ENABLED_AESGCM_STREAM"
2015-11-02 15:51:01 -03:00
echo " * AES-CCM: $ENABLED_AESCCM"
2016-12-04 15:23:51 +01:00
echo " * AES-CTR: $ENABLED_AESCTR"
2020-12-23 08:09:24 -08:00
echo " * AES-CFB: $ENABLED_AESCFB"
2021-01-28 22:51:28 -06:00
echo " * AES-OFB: $ENABLED_AESOFB"
linuxkm: completion and stabilization of LKCAPI integration for AES-CBC, AES-CFB, AES-GCM, and AES-XTS:
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
2024-01-26 20:01:19 -06:00
echo " * AES-XTS: $ENABLED_AESXTS"
2024-05-11 02:36:27 -05:00
echo " * AES-XTS streaming: $ENABLED_AESXTS_STREAM"
2022-01-14 16:52:03 -08:00
echo " * AES-SIV: $ENABLED_AESSIV"
2023-09-25 17:37:26 -06:00
echo " * AES-EAX: $ENABLED_AESEAX"
2023-10-10 15:34:29 +10:00
echo " * AES Bitspliced: $ENABLED_AESBS"
2024-03-01 19:40:27 -05:00
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
2023-07-06 13:05:39 -04:00
echo " * ARIA: $ENABLED_ARIA"
2015-11-02 15:51:01 -03:00
echo " * DES3: $ENABLED_DES3"
2024-03-14 10:34:38 -07:00
echo " * DES3 TLS Suites: $ENABLED_DES3_TLS_SUITES"
2015-11-02 15:51:01 -03:00
echo " * Camellia: $ENABLED_CAMELLIA"
2024-04-23 11:26:27 -04:00
echo " * CUDA: $ENABLED_CUDA"
2023-02-10 11:48:59 +10:00
echo " * SM4-ECB: $ENABLED_SM4_ECB"
echo " * SM4-CBC: $ENABLED_SM4_CBC"
echo " * SM4-CTR: $ENABLED_SM4_CTR"
echo " * SM4-GCM: $ENABLED_SM4_GCM"
echo " * SM4-CCM: $ENABLED_SM4_CCM"
2015-11-02 15:51:01 -03:00
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
2020-10-15 15:05:29 -05:00
echo " * MD2: $ENABLED_MD2"
echo " * MD4: $ENABLED_MD4"
2015-11-02 15:51:01 -03:00
echo " * MD5: $ENABLED_MD5"
echo " * RIPEMD: $ENABLED_RIPEMD"
echo " * SHA: $ENABLED_SHA"
2016-11-10 15:52:26 +10:00
echo " * SHA-224: $ENABLED_SHA224"
2018-07-20 09:42:01 +10:00
echo " * SHA-384: $ENABLED_SHA384"
2015-11-02 15:51:01 -03:00
echo " * SHA-512: $ENABLED_SHA512"
2017-05-23 13:50:49 +10:00
echo " * SHA3: $ENABLED_SHA3"
2022-09-01 15:07:15 +10:00
echo " * SHAKE128: $ENABLED_SHAKE128"
2020-02-19 18:07:45 +10:00
echo " * SHAKE256: $ENABLED_SHAKE256"
2023-02-10 11:48:59 +10:00
echo " * SM3: $ENABLED_SM3"
2015-11-02 15:51:01 -03:00
echo " * BLAKE2: $ENABLED_BLAKE2"
2020-10-01 12:21:38 -05:00
echo " * BLAKE2S: $ENABLED_BLAKE2S"
2022-01-14 13:56:23 +10:00
echo " * SipHash: $ENABLED_SIPHASH"
2016-05-23 17:50:36 -07:00
echo " * CMAC: $ENABLED_CMAC"
2015-11-02 15:51:01 -03:00
echo " * keygen: $ENABLED_KEYGEN"
echo " * certgen: $ENABLED_CERTGEN"
echo " * certreq: $ENABLED_CERTREQ"
echo " * certext: $ENABLED_CERTEXT"
2019-02-28 15:07:38 -06:00
echo " * certgencache: $ENABLED_certgencache"
2015-11-02 15:51:01 -03:00
echo " * CHACHA: $ENABLED_CHACHA"
2020-10-01 12:21:38 -05:00
echo " * XCHACHA: $ENABLED_XCHACHA"
2015-11-02 15:51:01 -03:00
echo " * Hash DRBG: $ENABLED_HASHDRBG"
2024-03-01 19:40:27 -05:00
echo " * MmemUse Entropy:"
echo " * (AKA: wolfEntropy): $ENABLED_ENTROPY_MEMUSE"
2015-11-02 15:51:01 -03:00
echo " * PWDBASED: $ENABLED_PWDBASED"
2023-06-13 11:39:24 -07:00
echo " * Encrypted keys: $ENABLED_ENCKEYS"
2016-12-14 16:47:54 +10:00
echo " * scrypt: $ENABLED_SCRYPT"
2015-11-02 15:51:01 -03:00
echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
echo " * HKDF: $ENABLED_HKDF"
2023-01-18 11:30:46 -08:00
echo " * HPKE: $ENABLED_HPKE"
2016-12-07 20:09:54 -07:00
echo " * X9.63 KDF: $ENABLED_X963KDF"
2023-10-19 11:29:59 +10:00
echo " * SRTP-KDF: $ENABLED_SRTP_KDF"
2015-11-02 15:51:01 -03:00
echo " * PSK: $ENABLED_PSK"
echo " * Poly1305: $ENABLED_POLY1305"
echo " * LEANPSK: $ENABLED_LEANPSK"
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-12 14:30:26 -08:00
echo " * LEANTLS: $ENABLED_LEANTLS"
2015-11-02 15:51:01 -03:00
echo " * RSA: $ENABLED_RSA"
2017-05-18 15:32:06 +10:00
echo " * RSA-PSS: $ENABLED_RSAPSS"
2015-11-02 15:51:01 -03:00
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
2019-12-06 14:27:01 -07:00
echo " * DH Default Parameters: $ENABLED_DHDEFAULTPARAMS"
2015-11-02 15:51:01 -03:00
echo " * ECC: $ENABLED_ECC"
2021-03-17 22:49:07 -05:00
echo " * ECC Custom Curves: $ENABLED_ECCCUSTCURVES"
echo " * ECC Minimum Bits: $ENABLED_ECCMINSZ"
2022-09-08 11:23:30 +10:00
echo " * FPECC: $ENABLED_FPECC"
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
2022-11-20 11:00:50 -06:00
echo " * Brainpool: $ENABLED_BRAINPOOL"
2023-07-19 10:56:46 +10:00
echo " * SM2: $ENABLED_SM2"
2015-11-02 15:51:01 -03:00
echo " * CURVE25519: $ENABLED_CURVE25519"
echo " * ED25519: $ENABLED_ED25519"
2021-07-14 15:32:33 -05:00
echo " * ED25519 streaming: $ENABLED_ED25519_STREAM"
2020-02-19 18:07:45 +10:00
echo " * CURVE448: $ENABLED_CURVE448"
echo " * ED448: $ENABLED_ED448"
2021-07-14 15:32:33 -05:00
echo " * ED448 streaming: $ENABLED_ED448_STREAM"
2023-07-06 10:55:53 -05:00
echo " * LMS: $ENABLED_LMS"
echo " * LMS wolfSSL impl: $ENABLED_WC_LMS"
2023-10-05 09:18:50 -05:00
echo " * XMSS: $ENABLED_XMSS"
echo " * XMSS wolfSSL impl: $ENABLED_WC_XMSS"
if test "$ENABLED_LIBXMSS" = "yes"; then
echo " * XMSS_ROOT: $XMSS_ROOT"
fi
2022-09-08 11:23:30 +10:00
echo " * KYBER: $ENABLED_KYBER"
echo " * KYBER wolfSSL impl: $ENABLED_WC_KYBER"
2021-01-12 12:25:52 +10:00
echo " * ECCSI $ENABLED_ECCSI"
echo " * SAKKE $ENABLED_SAKKE"
2015-11-02 15:51:01 -03:00
echo " * ASN: $ENABLED_ASN"
echo " * Anonymous cipher: $ENABLED_ANON"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
2021-04-01 13:08:41 -05:00
echo " * wolfSentry: $ENABLED_WOLFSENTRY"
2015-11-02 15:51:01 -03:00
echo " * LIGHTY: $ENABLED_LIGHTY"
2022-01-07 21:36:24 -06:00
echo " * WPA Supplicant: $ENABLED_WPAS"
2017-03-28 13:28:36 +02:00
echo " * HAPROXY: $ENABLED_HAPROXY"
2015-11-02 15:51:01 -03:00
echo " * STUNNEL: $ENABLED_STUNNEL"
2021-07-09 12:04:40 -07:00
echo " * tcpdump: $ENABLED_TCPDUMP"
2021-07-30 13:37:31 -07:00
echo " * libssh2: $ENABLED_LIBSSH2"
2021-07-26 10:05:13 -07:00
echo " * ntp: $ENABLED_NTP"
2021-08-12 09:50:06 -07:00
echo " * rsyslog: $ENABLED_RSYSLOG"
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-19 18:11:10 -06:00
echo " * Apache httpd: $ENABLED_APACHE_HTTPD"
2016-12-22 12:53:29 +10:00
echo " * NGINX: $ENABLED_NGINX"
2021-08-12 14:25:19 +02:00
echo " * OpenResty: $ENABLED_OPENRESTY"
2018-07-02 10:48:02 -06:00
echo " * ASIO: $ENABLED_ASIO"
2019-10-21 12:03:18 -06:00
echo " * LIBWEBSOCKETS: $ENABLED_LIBWEBSOCKETS"
2021-03-17 22:49:07 -05:00
echo " * Qt: $ENABLED_QT"
echo " * Qt Unit Testing: $ENABLED_QT_TEST"
2017-11-13 18:12:18 +09:00
echo " * SIGNAL: $ENABLED_SIGNAL"
2022-01-18 22:02:50 -08:00
echo " * chrony: $ENABLED_CHRONY"
2022-06-09 16:23:00 +02:00
echo " * strongSwan: $ENABLED_STRONGSWAN"
2022-06-25 16:14:35 +04:00
echo " * OpenLDAP: $ENABLED_OPENLDAP"
2023-06-22 16:43:10 -07:00
echo " * hitch: $ENABLED_HITCH"
2023-06-02 15:06:22 -07:00
echo " * memcached: $ENABLED_MEMCACHED"
2015-11-02 15:51:01 -03:00
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
2022-05-20 09:59:23 +02:00
echo " * DTLS v1.3: $ENABLED_DTLS13"
2016-08-01 07:51:42 -07:00
echo " * SCTP: $ENABLED_SCTP"
2022-01-13 16:09:11 -08:00
echo " * SRTP: $ENABLED_SRTP"
2018-02-19 13:40:18 +10:00
echo " * Indefinite Length: $ENABLED_BER_INDEF"
2016-12-06 14:08:52 -08:00
echo " * Multicast: $ENABLED_MCAST"
2020-07-31 13:48:15 -07:00
echo " * SSL v3.0 (Old): $ENABLED_SSLV3"
echo " * TLS v1.0 (Old): $ENABLED_TLSV10"
echo " * TLS v1.1 (Old): $ENABLED_OLD_TLS"
echo " * TLS v1.2: $ENABLED_TLSV12"
2016-11-24 01:31:07 +10:00
echo " * TLS v1.3: $ENABLED_TLS13"
2024-03-30 13:45:32 +00:00
echo " * RPK: $ENABLED_RPK"
2017-06-22 12:40:41 +10:00
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
2022-08-08 13:24:00 +02:00
echo " * QUIC: $ENABLED_QUIC"
2017-06-27 08:52:53 +10:00
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
2015-11-02 15:51:01 -03:00
echo " * OCSP: $ENABLED_OCSP"
2015-12-30 17:10:25 -03:00
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
2015-11-02 15:51:01 -03:00
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
2023-10-05 09:18:50 -05:00
echo " * libxmss: $ENABLED_LIBXMSS"
2023-07-06 10:55:53 -05:00
echo " * liblms: $ENABLED_LIBLMS"
2021-04-28 10:28:35 -07:00
echo " * liboqs: $ENABLED_LIBOQS"
2016-05-05 15:31:25 -06:00
echo " * Whitewood netRandom: $ENABLED_WNR"
2015-11-02 15:51:01 -03:00
echo " * Server Name Indication: $ENABLED_SNI"
echo " * ALPN: $ENABLED_ALPN"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
2018-09-28 09:05:59 -07:00
echo " * Trusted CA Indication: $ENABLED_TRUSTED_CA"
2015-11-02 15:51:01 -03:00
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
2019-02-18 10:57:12 +10:00
echo " * FFDHE only in client: $ENABLED_FFDHE_ONLY"
2015-11-02 15:51:01 -03:00
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
2016-09-01 15:12:54 -06:00
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
2015-11-02 15:51:01 -03:00
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
2019-06-28 15:30:35 +10:00
echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV"
2020-11-10 17:50:45 +01:00
echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL"
2015-11-02 15:51:01 -03:00
echo " * All TLS Extensions: $ENABLED_TLSX"
2021-03-17 22:49:07 -05:00
echo " * S/MIME: $ENABLED_SMIME"
2023-11-15 14:43:23 -06:00
echo " * PKCS#7: $ENABLED_PKCS7"
echo " * PKCS#8: $ENABLED_PKCS8"
echo " * PKCS#11: $ENABLED_PKCS11"
echo " * PKCS#12: $ENABLED_PKCS12"
2021-03-17 22:49:07 -05:00
echo " * wolfSSH: $ENABLED_WOLFSSH"
2022-01-31 11:56:11 -05:00
echo " * wolfEngine: $ENABLED_WOLFENGINE"
2021-03-17 22:49:07 -05:00
echo " * wolfTPM: $ENABLED_WOLFTPM"
2021-09-01 08:44:00 -06:00
echo " * wolfCLU: $ENABLED_WOLFCLU"
2021-03-17 22:49:07 -05:00
echo " * wolfSCEP: $ENABLED_WOLFSCEP"
echo " * Secure Remote Password: $ENABLED_SRP"
2015-11-02 15:51:01 -03:00
echo " * Small Stack: $ENABLED_SMALL_STACK"
2015-11-19 13:36:21 -08:00
echo " * Linux Kernel Module: $ENABLED_LINUXKM"
2024-03-18 13:47:38 -05:00
test "$ENABLED_LINUXKM" = "yes" && \
echo " * Linux kernel module bench: $ENABLED_LINUXKM_BENCHMARKS" && \
echo " * Linux kernel alg register: $ENABLED_LINUXKM_LKCAPI_REGISTER"
2015-11-02 15:51:01 -03:00
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
2020-09-23 18:30:45 -05:00
echo " * Crypt tests: $ENABLED_CRYPT_TESTS"
echo " * Stack sizes in tests: $ENABLED_STACKSIZE"
2020-12-23 12:03:06 -06:00
echo " * Heap stats in tests: $ENABLED_TRACKMEMORY"
2023-09-13 15:27:47 -04:00
echo " * Asynchronous Crypto: $ENABLED_ASYNCCRYPT"
echo " * Asynchronous Crypto (sim): $ENABLED_ASYNCCRYPT_SW"
2020-12-16 13:08:32 -07:00
echo " * Cavium Nitrox: $ENABLED_CAVIUM"
2019-10-04 11:21:56 -07:00
echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC"
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
2022-02-07 09:20:49 +10:00
if test "$ENABLED_ARMASM_INLINE" = "yes"
then
ENABLED_ARMASM="inline C"
fi
2016-07-22 15:49:15 +00:00
echo " * ARM ASM: $ENABLED_ARMASM"
2022-02-07 09:20:49 +10:00
echo " * ARM ASM SHA512/SHA3 Crypto $ENABLED_ARMASM_SHA3"
2023-02-10 11:48:59 +10:00
echo " * ARM ASM SM3/SM4 Crypto $ENABLED_ARMASM_CRYPTO_SM4"
2017-03-20 15:08:34 -07:00
echo " * Write duplicate: $ENABLED_WRITEDUP"
2017-06-07 11:37:21 -06:00
echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
2018-01-17 14:20:49 -07:00
echo " * Inline Code: $ENABLED_INLINE"
2018-07-18 17:26:25 -06:00
echo " * Linux AF_ALG: $ENABLED_AFALG"
2021-08-19 11:25:59 +10:00
echo " * Linux KCAPI: $ENABLED_KCAPI"
2019-03-20 11:01:24 -07:00
echo " * Linux devcrypto: $ENABLED_DEVCRYPTO"
2023-09-13 15:27:47 -04:00
echo " * PK callbacks: $ENABLED_PKCALLBACKS"
2019-10-04 11:21:56 -07:00
echo " * Crypto callbacks: $ENABLED_CRYPTOCB"
2021-12-08 23:59:19 +00:00
echo " * i.MX CAAM: $ENABLED_CAAM"
2021-07-26 19:38:46 +02:00
echo " * IoT-Safe: $ENABLED_IOTSAFE"
echo " * IoT-Safe HWRNG: $ENABLED_IOTSAFE_HWRNG"
2021-08-20 15:45:10 -07:00
echo " * NXP SE050: $ENABLED_SE050"
2022-09-21 03:21:33 -04:00
echo " * Maxim Integrated MAXQ10XX: $ENABLED_MAXQ10XX"
2021-12-21 13:24:27 +01:00
echo " * PSA: $ENABLED_PSA"
2022-10-07 11:19:34 -07:00
echo " * System CA certs: $ENABLED_SYS_CA_CERTS"
2024-01-18 16:20:57 -05:00
echo " * Dual alg cert support: $ENABLED_DUAL_ALG_CERTS"
2022-12-07 18:14:45 +01:00
echo " * ERR Queues per Thread: $ENABLED_ERRORQUEUEPERTHREAD"
2023-02-14 13:55:59 +01:00
echo " * rwlock: $ENABLED_RWLOCK"
2023-07-20 16:10:23 -06:00
echo " * keylog export: $ENABLED_KEYLOG_EXPORT"
2019-10-03 00:40:34 +07:00
echo " * AutoSAR : $ENABLED_AUTOSAR"
2012-09-19 23:38:41 -07:00
echo ""
echo "---"
2016-03-30 15:15:38 -07:00
2024-01-15 10:07:00 -05:00
echo "./configure flags: $(./config.status --config)"
2021-08-25 18:33:20 -05:00
fi # $silent != yes
2016-04-15 16:04:15 -06:00
################################################################################
2016-03-30 15:15:38 -07:00
# Show warnings at bottom so they are noticed
2016-04-15 16:04:15 -06:00
################################################################################
2021-10-01 00:56:59 -05:00
if test "$ENABLED_ASYNCCRYPT" = "yes" && ! test -s $srcdir/wolfcrypt/src/async.c
2016-03-30 15:15:38 -07:00
then
AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
fi
2016-04-15 16:04:15 -06:00
# MinGW static vs shared library
2016-04-18 12:14:47 -06:00
# Reference URL from libtool for MinGW is located at
2016-04-15 16:04:15 -06:00
# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
# this allows for not even having dllimport/dllexport on functions
# with recent libtools, only requiring it with global variables.
2016-04-18 12:14:47 -06:00
#
# The following warning is displayed here because if not using "contemporary GNU
2016-04-15 16:04:15 -06:00
# tools" there is the possibility of export/import issues.
2016-04-18 12:14:47 -06:00
# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
# case where both static and shared libraries are built.
2016-04-15 16:04:15 -06:00
#
# More can be found about the MinGW linker at
# https://sourceware.org/binutils/docs/ld/WIN32.html
if test "$MINGW_LIB_WARNING" = "yes"
then
AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
fi
2024-05-15 15:19:13 -04:00
if test -n "$WITH_MAX_ECC_BITS"; then
if test "$WITH_MAX_ECC_BITS" -lt "$ENABLED_ECCMINSZ"; then
AC_MSG_ERROR([--with-max-ecc-bits argument ($WITH_MAX_ECC_BITS) must be greater than --with-eccminsz argument ($ENABLED_ECCMINSZ)])
fi
fi
