wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-03-24 11:17:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3329aa7bef418f60641acf4f4087b4e085a245b2
wolfssl/configure.ac
John Safranek 431a0cbea9 Multicast 
1. Since multicast's only cipher suite uses null cipher
   automatically enable it.
2. Add options to example client and server to start
   testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
2017-07-19 13:31:39 -07:00

3925 lines
112 KiB
Plaintext
Raw Blame History

# configure.ac
#
# Copyright (C) 2006-2016 wolfSSL Inc.
#
# This file is part of wolfSSL. (formerly known as CyaSSL)
#
#
AC_INIT([wolfssl],[3.11.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux])
# The following sets CFLAGS to empty if unset on command line. We do not want
# the default "-g -O2" that AC_PROG_CC sets automatically.
: ${CFLAGS=""}
AC_CANONICAL_HOST
AC_CANONICAL_BUILD
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
AC_PREREQ([2.63])
AC_ARG_PROGRAM
AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS],
[AX_SAVE_FLAGS
AC_LANG_PUSH([C])
AC_USE_SYSTEM_EXTENSIONS
AC_LANG_POP([C])
AX_RESTORE_FLAGS
])
#PROTECT_AC_USE_SYSTEM_EXTENSIONS
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
#shared library versioning
WOLFSSL_LIBRARY_VERSION=12:0:0
# | | |
# +------+ | +---+
# | | |
# current:revision:age
# | | |
# | | +- increment if interfaces have been added
# | | set to zero if interfaces have been removed
# | | or changed
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell
USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
USER_CFLAGS="$CFLAGS"
LT_PREREQ([2.2])
LT_INIT([disable-static],[win32-dll])
LT_LANG([C++])
LT_LANG([C])
gl_VISIBILITY
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
])
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
# Moved these size of and type checks before the library checks.
# The library checks add the library to subsequent test compiles
# and in some rare cases, the networking check causes these sizeof
# checks to fail.
AC_CHECK_SIZEOF(long long, 8)
AC_CHECK_SIZEOF(long, 4)
AC_CHECK_TYPES(__uint128_t)
AC_CHECK_FUNCS([gethostbyname])
AC_CHECK_FUNCS([getaddrinfo])
AC_CHECK_FUNCS([gettimeofday])
AC_CHECK_FUNCS([gmtime_r])
AC_CHECK_FUNCS([inet_ntoa])
AC_CHECK_FUNCS([memset])
AC_CHECK_FUNCS([socket])
AC_CHECK_HEADERS([arpa/inet.h])
AC_CHECK_HEADERS([fcntl.h])
AC_CHECK_HEADERS([limits.h])
AC_CHECK_HEADERS([netdb.h])
AC_CHECK_HEADERS([netinet/in.h])
AC_CHECK_HEADERS([stddef.h])
AC_CHECK_HEADERS([sys/ioctl.h])
AC_CHECK_HEADERS([sys/socket.h])
AC_CHECK_HEADERS([sys/time.h])
AC_CHECK_HEADERS([errno.h])
AC_CHECK_LIB(network,socket)
AC_C_BIGENDIAN
# mktime check takes forever on some systems, if time supported it would be
# highly unusual for mktime to be missing
#AC_FUNC_MKTIME
AC_PROG_CC
AC_PROG_CC_C_O
AC_PROG_CXX
AC_PROG_INSTALL
AC_TYPE_SIZE_T
AC_TYPE_UINT8_T
AM_PROG_AS
AM_PROG_CC_C_O
LT_LIB_M
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
LIB_ADD=
LIB_STATIC_ADD=
thread_ls_on=no
# Thread local storage
AX_TLS([
[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]
[thread_ls_on=yes]
] , [:])
# DEBUG
AX_DEBUG
AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
enable_all=yes
fi
AM_CONDITIONAL([BUILD_DISTRO], [test "x$ENABLED_DISTRO" = "xyes"])
# ALL FEATURES
AC_ARG_ENABLE([all],
[AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
[ ENABLED_ALL=$enableval ],
[ ENABLED_ALL=no ]
)
if test "$ENABLED_ALL" = "yes"
then
enable_dtls=yes
enable_tls13=yes
enable_openssh=yes
enable_opensslextra=yes
enable_savesession=yes
enable_savecert=yes
enable_atomicuser=yes
enable_pkcallbacks=yes
enable_aesgcm=yes
enable_aesccm=yes
enable_aesctr=yes
enable_camellia=yes
enable_ripemd=yes
enable_sha512=yes
enable_sha224=yes
enable_sha3=yes
enable_sessioncerts=yes
enable_keygen=yes
enable_certgen=yes
enable_certreq=yes
enable_certext=yes
enable_sep=yes
enable_hkdf=yes
enable_dsa=yes
enable_ecccustcurves=yes
enable_compkey=yes
enable_curve25519=yes
enable_ed25519=yes
enable_fpecc=yes
enable_eccencrypt=yes
enable_psk=yes
enable_idea=yes
enable_cmac=yes
enable_webserver=yes
enable_hc128=yes
enable_rabbit=yes
enable_ocsp=yes
enable_ocspstapling=yes
enable_ocspstapling2=yes
enable_crl=yes
enable_crl_monitor=yes
enable_sni=yes
enable_maxfragment=yes
enable_alpn=yes
enable_truncatedhmac=yes
enable_supportedcurves=yes
enable_session_ticket=yes
enable_tlsx=yes
enable_pkcs7=yes
enable_scep=yes
enable_srp=yes
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
enable_haproxy=yes
enable_stunnel=yes
enable_nginx=yes
enable_pwdbased=yes
enable_aeskeywrap=yes
enable_x963kdf=yes
enable_scrypt=yes
fi
AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])
# SINGLE THREADED
AC_ARG_ENABLE([singlethreaded],
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
[ ENABLED_SINGLETHREADED=$enableval ],
[ ENABLED_SINGLETHREADED=no ])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
AX_PTHREAD([
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS"
LIBS="$LIBS $PTHREAD_LIBS"
],[
ENABLED_SINGLETHREADED=yes
])
])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
# DTLS
AC_ARG_ENABLE([dtls],
[AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])],
[ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ]
)
if test "$ENABLED_DTLS" = "yes"
then
AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
fi
# TLS v1.3 Draft 18
AC_ARG_ENABLE([tls13-draft18],
[AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
[ ENABLED_TLS13_DRAFT18=$enableval ],
[ ENABLED_TLS13_DRAFT18=no ]
)
if test "$ENABLED_TLS13_DRAFT18" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT18 $AM_CFLAGS"
fi
# TLS v1.3
AC_ARG_ENABLE([tls13],
[AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: disabled)])],
[ ENABLED_TLS13=$enableval ],
[ ENABLED_TLS13=no ]
)
if test "$ENABLED_TLS13_DRAFT18" = "yes"
then
ENABLED_TLS13="yes"
fi
if test "$ENABLED_TLS13" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_FFDHE_2048 $AM_CFLAGS"
fi
# check if TLS v1.3 was enabled for conditionally running tls13.test script
AM_CONDITIONAL([BUILD_TLS13], [test "x$ENABLED_TLS13" = "xyes"])
# Post-handshake Authentication
AC_ARG_ENABLE([postauth],
[AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])],
[ ENABLED_TLS13_POST_AUTH=$enableval ],
[ ENABLED_TLS13_POST_AUTH=no ]
)
if test "$ENABLED_TLS13_POST_AUTH" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable postauth without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_POST_HANDSHAKE_AUTH $AM_CFLAGS"
fi
# Post-handshake Authentication
AC_ARG_ENABLE([hrrcookie],
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
[ ENABLED_SEND_HRR_COOKIE=no ]
)
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable hrrcookie without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
fi
AC_ARG_ENABLE([rng],
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
[ ENABLED_RNG=$enableval ],
[ ENABLED_RNG=yes ]
)
if test "$ENABLED_RNG" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
fi
AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"])
# DTLS-SCTP
AC_ARG_ENABLE([sctp],
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
[ENABLED_SCTP=$enableval],
[ENABLED_SCTP=no])
AM_CONDITIONAL([BUILD_SCTP], [test "x$ENABLED_SCTP" = "xyes"])
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AC_MSG_CHECKING([for SCTP])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <sys/socket.h>
#include <arpa/inet.h>
]],
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
])
# DTLS-MULTICAST
AC_ARG_ENABLE([mcast],
[AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
[ENABLED_MCAST=$enableval],
[ENABLED_MCAST=no])
AM_CONDITIONAL([BUILD_MCAST], [test "x$ENABLED_MCAST" = "xyes"])
# RNG
AC_ARG_ENABLE([rng],
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
[ ENABLED_RNG=$enableval ],
[ ENABLED_RNG=yes ]
)
if test "$ENABLED_RNG" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
fi
AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"])
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
[ENABLED_OPENSSH=$enableval],
[ENABLED_OPENSSH=no])
# nginx compatibility build
AC_ARG_ENABLE([nginx],
[AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])],
[ ENABLED_NGINX=$enableval ],
[ ENABLED_NGINX=no ]
)
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
[AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])],
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
# OPENSSL Extra Compatibility
AC_ARG_ENABLE([opensslextra],
[AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes"
then
ENABLED_OPENSSLEXTRA="yes"
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes"
then
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
fi
# High Strength Build
AC_ARG_ENABLE([maxstrength],
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strengh build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
[ENABLED_MAXSTRENGTH=$enableval],
[ENABLED_MAXSTRENGTH=no])
# Harden, enable Timing Resistance and Blinding by default
AC_ARG_ENABLE([harden],
[AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
[ENABLED_HARDEN=$enableval],
[ENABLED_HARDEN=yes])
if test "$ENABLED_HARDEN" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING"
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
fi
# IPv6 Test Apps
AC_ARG_ENABLE([ipv6],
[AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])],
[ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ]
)
if test "$ENABLED_IPV6" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
fi
AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
# wpa_supplicant support
AC_ARG_ENABLE([wpas],
[AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])],
[ ENABLED_WPAS=$enableval ],
[ ENABLED_WPAS=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER -DHAVE_EX_DATA -DWOLFSSL_KEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
# Fortress build
AC_ARG_ENABLE([fortress],
[AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])],
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
then
ENABLED_FORTRESS="yes"
fi
if test "$ENABLED_FORTRESS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
fi
# ssl bump build
AC_ARG_ENABLE([bump],
[AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])],
[ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
fi
ENABLED_SLOWMATH="yes"
# lean psk build
AC_ARG_ENABLE([leanpsk],
[AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
[ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ]
)
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
ENABLED_SLOWMATH="no"
ENABLED_SINGLETHREADED="yes"
fi
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
AC_ARG_ENABLE([leantls],
[AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])],
[ ENABLED_LEANTLS=$enableval ],
[ ENABLED_LEANTLS=no ]
)
if test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY"
fi
AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
# big cache
AC_ARG_ENABLE([bigcache],
[AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
[ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ]
)
if test "$ENABLED_BIGCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
fi
# HUGE cache
AC_ARG_ENABLE([hugecache],
[AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])],
[ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ]
)
if test "$ENABLED_HUGECACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
fi
# SMALL cache
AC_ARG_ENABLE([smallcache],
[AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])],
[ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ]
)
if test "$ENABLED_SMALLCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
fi
# Persistent session cache
AC_ARG_ENABLE([savesession],
[AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])],
[ ENABLED_SAVESESSION=$enableval ],
[ ENABLED_SAVESESSION=no ]
)
if test "$ENABLED_SAVESESSION" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
# Persistent cert cache
AC_ARG_ENABLE([savecert],
[AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])],
[ ENABLED_SAVECERT=$enableval ],
[ ENABLED_SAVECERT=no ]
)
if test "$ENABLED_SAVECERT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
# Write duplicate WOLFSSL object
AC_ARG_ENABLE([writedup],
[AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])],
[ ENABLED_WRITEDUP=$enableval ],
[ ENABLED_WRITEDUP=no ]
)
if test "$ENABLED_WRITEDUP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
fi
# Atomic User Record Layer
AC_ARG_ENABLE([atomicuser],
[AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])],
[ ENABLED_ATOMICUSER=$enableval ],
[ ENABLED_ATOMICUSER=no ]
)
if test "$ENABLED_ATOMICUSER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
# Public Key Callbacks
AC_ARG_ENABLE([pkcallbacks],
[AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])],
[ ENABLED_PKCALLBACKS=$enableval ],
[ ENABLED_PKCALLBACKS=no ]
)
if test "$ENABLED_PKCALLBACKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes" ])
# SNIFFER
AC_ARG_ENABLE([sniffer],
[AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
[ ENABLED_SNIFFER=$enableval ],
[ ENABLED_SNIFFER=no ]
)
# sniffer doesn't work in maxstrength mode
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
then
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
fi
ENABLED_SNIFFTEST=no
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
[
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DOPENSSL_EXTRA"
AC_CHECK_HEADERS([pcap/pcap.h],
[ ENABLED_SNIFFTEST=yes ],
[ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
)
])
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
AM_CONDITIONAL([BUILD_SNIFFTEST], [ test "x$ENABLED_SNIFFTEST" = "xyes" ])
# AES-GCM
AC_ARG_ENABLE([aesgcm],
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
[ ENABLED_AESGCM=$enableval ],
[ ENABLED_AESGCM=yes ]
)
# leanpsk and leantls don't need gcm
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
ENABLED_AESGCM=no
fi
if test "$ENABLED_AESGCM" = "word32"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "table"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
ENABLED_AESGCM=yes
fi
if test "$ENABLED_AESGCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
fi
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
# AES-CCM
AC_ARG_ENABLE([aesccm],
[AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])],
[ ENABLED_AESCCM=$enableval ],
[ ENABLED_AESCCM=no ]
)
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
fi
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
# AES-CTR
AC_ARG_ENABLE([aesctr],
[AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
[ ENABLED_AESCTR=$enableval ],
[ ENABLED_AESCTR=no ]
)
if test "$ENABLED_AESCTR" = "yes"
then
if test "x$ENABLED_FORTRESS" != "xyes"
then
# This is already implied by fortress build
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
fi
# AES-ARM
AC_ARG_ENABLE([armasm],
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])],
[ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ]
)
if test "$ENABLED_ARMASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
#Check if mcpu and mfpu values already set if not use default
case $CPPFLAGS in
*mcpu* | *mfpu*)
break;; #Do not override user set values
*)
case $host_cpu in
*aarch64*)
#+crypto needed for hardware acceleration
AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]);;
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8"
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]);;
esac
esac
fi
AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
# INTEL AES-NI
AC_ARG_ENABLE([aesni],
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
[ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ]
)
# INTEL ASM
AC_ARG_ENABLE([intelasm],
[AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
[ ENABLED_INTELASM=$enableval ],
[ ENABLED_INTELASM=no ]
)
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
if test "$GCC" = "yes"
then
# GCC needs these flags, icc doesn't
# opt levels greater than 2 may cause problems on systems w/o aesni
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4"
fi
fi
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
fi
if test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes
fi
# INTEL RDRAND
AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
[ ENABLED_INTELRDRAND=$enableval ],
[ ENABLED_INTELRDRAND=no ]
)
if test "$ENABLED_INTELRDRAND" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
fi
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
# Camellia
AC_ARG_ENABLE([camellia],
[AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])],
[ ENABLED_CAMELLIA=$enableval ],
[ ENABLED_CAMELLIA=no ]
)
if test "$ENABLED_CAMELLIA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
fi
AM_CONDITIONAL([BUILD_CAMELLIA], [test "x$ENABLED_CAMELLIA" = "xyes"])
# MD2
AC_ARG_ENABLE([md2],
[AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])],
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
# NULL CIPHER
AC_ARG_ENABLE([nullcipher],
[AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])],
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_NULL_CIPHER="yes"
fi
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
fi
# RIPEMD
AC_ARG_ENABLE([ripemd],
[AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])],
[ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_RIPEMD="yes"
fi
if test "$ENABLED_RIPEMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
fi
AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
# BLAKE2
AC_ARG_ENABLE([blake2],
[AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2 support (default: disabled)])],
[ ENABLED_BLAKE2=$enableval ],
[ ENABLED_BLAKE2=no ]
)
if test "$ENABLED_BLAKE2" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2"
fi
AM_CONDITIONAL([BUILD_BLAKE2], [test "x$ENABLED_BLAKE2" = "xyes"])
# set sha512 default
SHA512_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
SHA512_DEFAULT=yes
fi
# SHA512
AC_ARG_ENABLE([sha512],
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled on x86_64)])],
[ ENABLED_SHA512=$enableval ],
[ ENABLED_SHA512=$SHA512_DEFAULT ]
)
# leanpsk and leantls don't need sha512
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
ENABLED_SHA512=no
fi
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_SHA512="yes"
fi
if test "$ENABLED_SHA512" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
fi
if test "$ENABLED_FORTRESS" = "yes"
then
ENABLED_SHA512="yes"
fi
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
# SESSION CERTS
AC_ARG_ENABLE([sessioncerts],
[AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])],
[ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ]
)
if test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_SESSIONCERTS=yes
fi
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
then
ENABLED_SESSIONCERTS=yes
fi
if test "$ENABLED_SESSIONCERTS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
# KEY GENERATION
AC_ARG_ENABLE([keygen],
[AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])],
[ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ]
)
if test "$ENABLED_KEYGEN" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
# CERT GENERATION
AC_ARG_ENABLE([certgen],
[AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])],
[ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ]
)
if test "$ENABLED_CERTGEN" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
# CERT REQUEST GENERATION
AC_ARG_ENABLE([certreq],
[AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])],
[ ENABLED_CERTREQ=$enableval ],
[ ENABLED_CERTREQ=no ]
)
if test "$ENABLED_CERTREQ" = "yes"
then
if test "$ENABLED_CERTGEN" = "no"
then
AC_MSG_ERROR([cannot enable certreq without enabling certgen.])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
# CERT REQUEST EXTENSION
AC_ARG_ENABLE([certext],
[AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])],
[ ENABLED_CERTEXT=$enableval ],
[ ENABLED_CERTEXT=no ]
)
if test "$ENABLED_CERTEXT" = "yes"
then
if test "$ENABLED_CERTGEN" = "no"
then
AC_MSG_ERROR([cannot enable certext without enabling certgen.])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
# SEP
AC_ARG_ENABLE([sep],
[AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])],
[ ENABLED_SEP=$enableval ],
[ ENABLED_SEP=no ]
)
if test "$ENABLED_SEP" = "yes"
then
AM_CFLAGS="-DWOLFSSL_SEP -DKEEP_PEER_CERT $AM_CFLAGS"
fi
# HKDF
AC_ARG_ENABLE([hkdf],
[AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])],
[ ENABLED_HKDF=$enableval ],
[ ENABLED_HKDF=no ]
)
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_HKDF="yes"
fi
if test "$ENABLED_HKDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
fi
# X9.63 KDF
AC_ARG_ENABLE([x963kdf],
[AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])],
[ ENABLED_X963KDF=$enableval ],
[ ENABLED_X963KDF=no ]
)
if test "$ENABLED_X963KDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
# DSA
AC_ARG_ENABLE([dsa],
[AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])],
[ ENABLED_DSA=$enableval ],
[ ENABLED_DSA=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes"
then
ENABLED_DSA="yes"
fi
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
fi
AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"])
# set ecc default
ECC_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
ECC_DEFAULT=yes
fi
# ECC Shamir
AC_ARG_ENABLE([eccshamir],
[AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled on x86_64)])],
[ ENABLED_ECC_SHAMIR=$enableval ],
[ ENABLED_ECC_SHAMIR=$ECC_DEFAULT ]
)
# ECC
AC_ARG_ENABLE([ecc],
[AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled on x86_64)])],
[ ENABLED_ECC=$enableval ],
[ ENABLED_ECC=$ECC_DEFAULT ]
)
# lean psk doesn't need ecc
if test "$ENABLED_LEANPSK" = "yes"
then
ENABLED_ECC=no
fi
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes"
then
ENABLED_ECC="yes"
fi
if test "$ENABLED_ECC" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
# ECC Custom Curves
AC_ARG_ENABLE([ecccustcurves],
[AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
[ ENABLED_ECCCUSTCURVES=$enableval ],
[ ENABLED_ECCCUSTCURVES=no ]
)
if test "$ENABLED_ECCCUSTCURVES" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
# For distro or all builds, enable all curve types
if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
fi
fi
# Compressed Key
AC_ARG_ENABLE([compkey],
[AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
[ ENABLED_COMPKEY=$enableval ],
[ ENABLED_COMPKEY=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_COMPKEY=yes
fi
if test "$ENABLED_COMPKEY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
fi
# for using memory optimization setting on both curve25519 and ed25519
ENABLED_CURVE25519_SMALL=no
ENABLED_ED25519_SMALL=no
# CURVE25519
AC_ARG_ENABLE([curve25519],
[AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
[ ENABLED_CURVE25519=$enableval ],
[ ENABLED_CURVE25519=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_CURVE25519="yes"
fi
if test "$ENABLED_CURVE25519" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
ENABLED_CURVE25519_SMALL=yes
ENABLED_CURVE25519=yes
fi
if test "$ENABLED_CURVE25519" = "no128bit"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
ENABLED_CURVE25519=yes
fi
if test "$ENABLED_CURVE25519" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
ENABLED_FEMATH=yes
fi
AM_CONDITIONAL([BUILD_CURVE25519], [test "x$ENABLED_CURVE25519" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE25519_SMALL], [test "x$ENABLED_CURVE25519_SMALL" = "xyes"])
# ED25519
AC_ARG_ENABLE([ed25519],
[AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
[ ENABLED_ED25519=$enableval ],
[ ENABLED_ED25519=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_ED25519="yes"
fi
if test "$ENABLED_ED25519" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"
ENABLED_ED25519_SMALL=yes
ENABLED_ED25519=yes
fi
if test "$ENABLED_ED25519" = "yes"
then
if test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])
fi
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
fi
AM_CONDITIONAL([BUILD_ED25519], [test "x$ENABLED_ED25519" = "xyes"])
AM_CONDITIONAL([BUILD_ED25519_SMALL], [test "x$ENABLED_ED25519_SMALL" = "xyes"])
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"])
# FP ECC, Fixed Point cache ECC
AC_ARG_ENABLE([fpecc],
[AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
[ ENABLED_FPECC=$enableval ],
[ ENABLED_FPECC=no ]
)
if test "$ENABLED_FPECC" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
fi
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
# ECC encrypt
AC_ARG_ENABLE([eccencrypt],
[AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled)])],
[ ENABLED_ECC_ENCRYPT=$enableval ],
[ ENABLED_ECC_ENCRYPT=no ]
)
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
fi
if test "$ENABLED_HKDF" = "no"
then
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
fi
# PSK
AC_ARG_ENABLE([psk],
[AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])],
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
# ERROR STRINGS
AC_ARG_ENABLE([errorstrings],
[AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])],
[ ENABLED_ERROR_STRINGS=$enableval ],
[ ENABLED_ERROR_STRINGS=yes ]
)
if test "$ENABLED_ERROR_STRINGS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else
# turn off error strings if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no
fi
fi
# OLD TLS
AC_ARG_ENABLE([oldtls],
[AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: enabled)])],
[ ENABLED_OLD_TLS=$enableval ],
[ ENABLED_OLD_TLS=yes ]
)
if test "$ENABLED_OLD_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
else
# turn off old if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no
fi
fi
# SSLv3
AC_ARG_ENABLE([sslv3],
[AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
[ ENABLED_SSLV3=$enableval ],
[ ENABLED_SSLV3=no]
)
if test "$ENABLED_SSLV3" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
fi
# STACK SIZE info for examples
AC_ARG_ENABLE([stacksize],
[AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],
[ ENABLED_STACKSIZE=$enableval ],
[ ENABLED_STACKSIZE=no ]
)
if test "$ENABLED_STACKSIZE" = "yes"
then
AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE -DWOLFSSL_LOW_MEMORY"
fi
# MEMORY
AC_ARG_ENABLE([memory],
[AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])],
[ ENABLED_MEMORY=$enableval ],
[ ENABLED_MEMORY=yes ]
)
if test "$ENABLED_MEMORY" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
else
# turn off memory cb if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
# but don't turn on NO_WOLFSSL_MEMORY because using own
ENABLED_MEMORY=no
fi
fi
AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
# MEMORY SIZE info
AC_ARG_ENABLE([trackmemory],
[AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])],
[ ENABLED_TRACKMEMORY=$enableval ],
[ ENABLED_TRACKMEMORY=no ]
)
if test "$ENABLED_TRACKMEMORY" = "yes"
then
if test "$ENABLED_MEMORY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY"
else
AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).])
fi
fi
# RSA
AC_ARG_ENABLE([rsa],
[AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled)])],
[ ENABLED_RSA=$enableval ],
[ ENABLED_RSA=yes ]
)
if test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
else
# turn off RSA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no
fi
fi
AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
# RSA-PSS
AC_ARG_ENABLE([rsapss],
[ --enable-rsapss Enable RSA-PSS (default: disabled)],
[ ENABLED_RSAPSS=$enableval ],
[ ENABLED_RSAPSS=no ]
)
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSAPSS="no"
else
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_RSAPSS="yes"
fi
fi
if test "$ENABLED_RSAPSS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"
fi
# DH
AC_ARG_ENABLE([dh],
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
[ ENABLED_DH=$enableval ],
[ ENABLED_DH=yes ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_DH="yes"
fi
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else
# turn off DH if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no
fi
fi
AM_CONDITIONAL([BUILD_DH], [test "x$ENABLED_DH" = "xyes"])
# Anonymous
AC_ARG_ENABLE([anon],
[AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
[ ENABLED_ANON=$enableval ],
[ ENABLED_ANON=no ]
)
if test "x$ENABLED_WPAS" = "xyes"
then
ENABLED_ANON=yes
fi
if test "x$ENABLED_ANON" = "xyes"
then
if test "x$ENABLED_DH" != "xyes"
then
AC_MSG_ERROR([Anonymous suite requires DH.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
fi
# ASN
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
# and no big int (unless dh is on)
AC_ARG_ENABLE([asn],
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" == "no"
then
# DH and ECC need bigint
AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
fi
else
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
ENABLED_ASN=no
fi
fi
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable rsa if disabling asn.])
fi
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
# DH and ECC need bigint
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
then
ENABLED_FASTMATH=no
ENABLED_SLOWMATH=no
fi
AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
# AES
AC_ARG_ENABLE([aes],
[AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])],
[ ENABLED_AES=$enableval ],
[ ENABLED_AES=yes ]
)
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
if test "$ENABLED_FORTRESS" = "yes"
then
AC_MSG_ERROR([fortress requires aes])
fi
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
fi
if test "$ENABLED_AESGCM" = "yes"
then
AC_MSG_ERROR([AESGCM requires AES.])
fi
if test "$ENABLED_AESCCM" = "yes"
then
AC_MSG_ERROR([AESCCM requires AES.])
fi
if test "$ENABLED_AESCTR" = "yes"
then
AC_MSG_ERROR([AESCTR requires AES.])
fi
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
ENABLED_AES=no
fi
fi
AM_CONDITIONAL([BUILD_AES], [test "x$ENABLED_AES" = "xyes"])
# CODING
AC_ARG_ENABLE([coding],
[AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
[ ENABLED_CODING=$enableval ],
[ ENABLED_CODING=yes ]
)
if test "$ENABLED_CODING" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else
# turn off CODING if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no
fi
fi
AM_CONDITIONAL([BUILD_CODING], [test "x$ENABLED_CODING" = "xyes"])
# Base64 Encode
BASE64ENCODE_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
BASE64ENCODE_DEFAULT=yes
fi
AC_ARG_ENABLE([base64encode],
[AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64)])],
[ ENABLED_BASE64ENCODE=$enableval ],
[ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
)
if test "$ENABLED_BASE64ENCODE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
fi
# DES3
AC_ARG_ENABLE([des3],
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
[ ENABLED_DES3=$enableval ],
[ ENABLED_DES3=no ]
)
# IDEA
AC_ARG_ENABLE([idea],
[AS_HELP_STRING([--enable-idea],[Enable IDEA Cipher (default: disabled)])],
[ ENABLED_IDEA=$enableval ],
[ ENABLED_IDEA=no ]
)
if test "x$ENABLED_IDEA" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_IDEA"
fi
AM_CONDITIONAL([BUILD_IDEA], [test "x$ENABLED_IDEA" = "xyes"])
# ARC4
AC_ARG_ENABLE([arc4],
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
[ ENABLED_ARC4=$enableval ],
[ ENABLED_ARC4=no ]
)
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
then
ENABLED_ARC4="yes"
fi
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else
# turn off ARC4 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no
fi
fi
AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
# MD5
AC_ARG_ENABLE([md5],
[AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])],
[ ENABLED_MD5=$enableval ],
[ ENABLED_MD5=yes ]
)
if test "$ENABLED_MD5" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
else
# turn off MD5 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
ENABLED_MD5=no
fi
fi
AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
# SHA
AC_ARG_ENABLE([sha],
[AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])],
[ ENABLED_SHA=$enableval ],
[ ENABLED_SHA=yes ]
)
if test "$ENABLED_SHA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else
# turn off SHA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no
fi
fi
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
# CMAC
AC_ARG_ENABLE([cmac],
[AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
[ ENABLED_CMAC=$enableval ],
[ ENABLED_CMAC=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_CMAC=yes
fi
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
AM_CONDITIONAL([BUILD_CMAC], [test "x$ENABLED_CMAC" = "xyes"])
# Web Server Build
AC_ARG_ENABLE([webserver],
[AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
# HC128
AC_ARG_ENABLE([hc128],
[AS_HELP_STRING([--enable-hc128],[Enable HC-128 (default: disabled)])],
[ ENABLED_HC128=$enableval ],
[ ENABLED_HC128=no ]
)
if test "$ENABLED_HC128" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
fi
AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
# RABBIT
AC_ARG_ENABLE([rabbit],
[AS_HELP_STRING([--enable-rabbit],[Enable RABBIT (default: disabled)])],
[ ENABLED_RABBIT=$enableval ],
[ ENABLED_RABBIT=no ]
)
if test "$ENABLED_RABBIT" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# FIPS
AC_ARG_ENABLE([fips],
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
[ ENABLED_FIPS=$enableval ],
[ ENABLED_FIPS=no ]
)
if test "x$ENABLED_FIPS" = "xyes"
then
# requires thread local storage
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([FIPS requires Thread Local Storage])
fi
# requires SHA512
if test "x$ENABLED_SHA512" = "xno"
then
ENABLED_SHA512="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
fi
# requires AESGCM
if test "x$ENABLED_AESGCM" != "xyes"
then
ENABLED_AESGCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
fi
# requires DES3
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
else
if test "x$ENABLED_FORTRESS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
fi
fi
AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
# set sha224 default
SHA224_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
if test "x$ENABLED_FIPS" = "xno"
then
SHA224_DEFAULT=yes
fi
fi
# SHA224
AC_ARG_ENABLE([sha224],
[AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64)])],
[ ENABLED_SHA224=$enableval ],
[ ENABLED_SHA224=$SHA224_DEFAULT ]
)
if test "$ENABLED_SHA224" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
fi
AM_CONDITIONAL([BUILD_SHA224], [test "x$ENABLED_SHA224" = "xyes"])
# set sha3 default
SHA3_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
if test "x$ENABLED_FIPS" = "xno"
then
SHA3_DEFAULT=yes
fi
fi
# SHA3
AC_ARG_ENABLE([sha3],
[AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64)])],
[ ENABLED_SHA3=$enableval ],
[ ENABLED_SHA3=$SHA3_DEFAULT ]
)
if test "$ENABLED_SHA3" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL"
ENABLED_SHA3="yes"
fi
if test "$ENABLED_SHA3" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
fi
AM_CONDITIONAL([BUILD_SHA3], [test "x$ENABLED_SHA3" = "xyes"])
# set POLY1305 default
POLY1305_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
POLY1305_DEFAULT=no
fi
# POLY1305
AC_ARG_ENABLE([poly1305],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
[ ENABLED_POLY1305=$enableval ],
[ ENABLED_POLY1305=$POLY1305_DEFAULT]
)
# leanpsk and leantls don't need poly1305
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
ENABLED_POLY1305=no
fi
if test "$ENABLED_POLY1305" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
fi
AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
# set CHACHA default
CHACHA_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
CHACHA_DEFAULT=no
fi
# CHACHA
AC_ARG_ENABLE([chacha],
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled)])],
[ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
)
# leanpsk and leantls don't need chacha
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
ENABLED_CHACHA=no
fi
if test "$ENABLED_CHACHA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
fi
AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
# Hash DRBG
AC_ARG_ENABLE([hashdrbg],
[AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])],
[ ENABLED_HASHDRBG=$enableval ],
[ ENABLED_HASHDRBG=yes ]
)
if test "x$ENABLED_HASHDRBG" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
else
# turn on Hash DRBG if FIPS is on
if test "x$ENABLED_FIPS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
ENABLED_HASHDRBG=yes
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
fi
fi
# Filesystem Build
AC_ARG_ENABLE([filesystem],
[AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])],
[ ENABLED_FILESYSTEM=$enableval ],
[ ENABLED_FILESYSTEM=yes ]
)
if test "$ENABLED_FILESYSTEM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
else
# turn off filesystem if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no
fi
fi
# inline Build
AC_ARG_ENABLE([inline],
[AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
[ ENABLED_INLINE=$enableval ],
[ ENABLED_INLINE=yes ]
)
if test "$ENABLED_INLINE" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
fi
AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"])
# OCSP
AC_ARG_ENABLE([ocsp],
[AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
)
if test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_OCSP=yes
fi
if test "$ENABLED_OCSP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
if test "$ENABLED_OCSP" = "yes"
then
# check openssl command tool for testing ocsp
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
if test "$HAVE_OPENSSL_CMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
else
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
fi
fi
# Certificate Status Request : a.k.a. OCSP Stapling
AC_ARG_ENABLE([ocspstapling],
[AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
echo "ELLO"
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
fi
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
fi
AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
# Certificate Status Request v2 : a.k.a. OCSP stapling v2
AC_ARG_ENABLE([ocspstapling2],
[AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
fi
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
# CRL
AC_ARG_ENABLE([crl],
[AS_HELP_STRING([--enable-crl],[Enable CRL (default: disabled)])],
[ ENABLED_CRL=$enableval ],
[ ENABLED_CRL=no ],
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_CRL=yes
fi
if test "$ENABLED_CRL" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
# CRL Monitor
AC_ARG_ENABLE([crl-monitor],
[AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])],
[ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ],
)
if test "$ENABLED_CRL_MONITOR" = "yes"
then
case $host_os in
*linux* | *darwin* | *freebsd*)
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
*)
if test "x$ENABLED_DISTRO" = "xyes" ; then
ENABLED_CRL_MONITOR="no"
else
AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
fi
break;;
esac
fi
AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
# USER CRYPTO
ENABLED_USER_CRYPTO="no"
ENABLED_USER_RSA="no"
AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
trycryptodir=""
AC_ARG_WITH([user-crypto],
[AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
[
CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
LIBS="$LIBS -lusercrypto"
if test "x$withval" != "xno" ; then
trycryptodir=$withval
fi
if test "x$withval" == "xyes" ; then
trycryptodir="/usr/local"
fi
LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
#Look for RSA Init function in usercrypto lib
AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
if test "x$user_rsa_linked" == "xyes" ; then
AC_MSG_NOTICE([User user_rsa.h being used])
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
ENABLED_USER_RSA=yes
ENABLED_USER_CRYPTO=yes
fi
#Display check and find result of link attempts
AC_MSG_CHECKING([for USER_CRYPTO])
if test "x$ENABLED_USER_CRYPTO" == "xno" ; then
AC_MSG_RESULT([no])
AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
Specify its path using --with-user-crypto=/dir/])
else
AC_MSG_RESULT([yes])
# Check if .la is available if not then rely on exported path
AC_CHECK_FILE($trycryptodir/lib/libusercrypto.la, [LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"], [LIB_ADD="-lusercrypto $LIB_ADD"])
AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
fi
]
)
AM_CONDITIONAL([BUILD_USER_RSA], [test "x$ENABLED_USER_RSA" == "xyes"] )
AM_CONDITIONAL([BUILD_USER_CRYPTO], [test "x$ENABLED_USER_CRYPTO" = "xyes"])
if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
then
AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
fi
# NTRU
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
[AS_HELP_STRING([--with-ntru=PATH],[Path to NTRU install (default /usr/)])],
[
AC_MSG_CHECKING([for NTRU])
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
LIBS="$LIBS -lntruencrypt"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
tryntrudir=$withval
fi
if test "x$withval" == "xyes" ; then
tryntrudir="/usr"
fi
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryntrudir/lib"
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
if test "x$ntru_linked" == "xno" ; then
AC_MSG_ERROR([NTRU isn't found.
If it's already installed, specify its path using --with-ntru=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
ENABLED_NTRU="yes"
]
)
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
# Whitewood netRandom client library
ENABLED_WNR="no"
trywnrdir=""
AC_ARG_WITH([wnr],
[AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
[
AC_MSG_CHECKING([for Whitewood netRandom])
CPPFLAGS="$CPPFLAGS -DHAVE_WNR"
LIBS="$LIBS -lwnr"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
if test "x$wnr_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
trywnrdir=$withval
fi
if test "x$withval" == "xyes" ; then
trywnrdir="/usr/local"
fi
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
CPPFLAGS="$CPPFLAGS -I$trywnrdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
if test "x$wnr_linked" == "xno" ; then
AC_MSG_ERROR([Whitewood netRandom isn't found.
If it's already installed, specify its path using --with-wnr=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
ENABLED_WNR="yes"
]
)
AM_CONDITIONAL([BUILD_WNR], [test "x$ENABLED_WNR" = "xyes"])
# SNI
AC_ARG_ENABLE([sni],
[AS_HELP_STRING([--enable-sni],[Enable SNI (default: disabled)])],
[ ENABLED_SNI=$enableval ],
[ ENABLED_SNI=no ]
)
if test "x$ENABLED_SNI" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
fi
# Maximum Fragment Length
AC_ARG_ENABLE([maxfragment],
[AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])],
[ ENABLED_MAX_FRAGMENT=$enableval ],
[ ENABLED_MAX_FRAGMENT=no ]
)
# ALPN
AC_ARG_ENABLE([alpn],
[AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])],
[ ENABLED_ALPN=$enableval ],
[ ENABLED_ALPN=no ]
)
if test "x$ENABLED_ALPN" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
# Maximum Fragment Length
if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
fi
# Truncated HMAC
AC_ARG_ENABLE([truncatedhmac],
[AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])],
[ ENABLED_TRUNCATED_HMAC=$enableval ],
[ ENABLED_TRUNCATED_HMAC=no ]
)
if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
fi
# Renegotiation Indication - (FAKE Secure Renegotiation)
AC_ARG_ENABLE([renegotiation-indication],
[AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])],
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
[ ENABLED_RENEGOTIATION_INDICATION=no ]
)
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
fi
# Secure Renegotiation
AC_ARG_ENABLE([secure-renegotiation],
[AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
[ ENABLED_SECURE_RENEGOTIATION=$enableval ],
[ ENABLED_SECURE_RENEGOTIATION=no ]
)
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
then
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION"
fi
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
[ENABLED_SUPPORTED_CURVES=$enableval],
[ENABLED_SUPPORTED_CURVES=$ECC_DEFAULT])
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
then
AS_IF([test "x$ENABLED_ECC" = "xno"],
[ENABLED_SUPPORTED_CURVES=no],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
fi
# Session Ticket Extension
AC_ARG_ENABLE([session-ticket],
[AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
[ ENABLED_SESSION_TICKET=$enableval ],
[ ENABLED_SESSION_TICKET=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SESSION_TICKET=yes
fi
if test "x$ENABLED_SESSION_TICKET" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
# Extended Master Secret Extension
AC_ARG_ENABLE([extended-master],
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
[ ENABLED_EXTENDED_MASTER=$enableval ],
[ ENABLED_EXTENDED_MASTER=yes ]
)
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
fi
# TLS Extensions
AC_ARG_ENABLE([tlsx],
[AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])],
[ ENABLED_TLSX=$enableval ],
[ ENABLED_TLSX=no ]
)
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_TLSX=yes
fi
if test "x$ENABLED_TLSX" = "xyes"
then
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_ALPN=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN"
# Check the ECC supported curves prereq
AS_IF([test "x$ENABLED_ECC" = "xyes"],
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
fi
# Early Data handshake in TLS v1.3 and above
AC_ARG_ENABLE([earlydata],
[AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])],
[ ENABLED_TLS13_EARLY_DATA=$enableval ],
[ ENABLED_TLS13_EARLY_DATA=no ]
)
if test "$ENABLED_TLS13_EARLY_DATA" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling tls13.])
fi
if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
fi
AM_CFLAGS="-DWOLFSSL_EARLY_DATA $AM_CFLAGS"
fi
# PKCS7
AC_ARG_ENABLE([pkcs7],
[AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
[ ENABLED_PKCS7=$enableval ],
[ ENABLED_PKCS7=no ],
)
# Simple Certificate Enrollment Protocol (SCEP)
AC_ARG_ENABLE([scep],
[AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])],
[ ENABLED_WOLFSCEP=$enableval ],
[ ENABLED_WOLFSCEP=no ]
)
# Secure Remote Password
AC_ARG_ENABLE([srp],
[AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])],
[ ENABLED_SRP=$enableval ],
[ ENABLED_SRP=no ]
)
if test "x$ENABLED_SRP" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"])
# Small Stack
AC_ARG_ENABLE([smallstack],
[AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])],
[ ENABLED_SMALL_STACK=$enableval ],
[ ENABLED_SMALL_STACK=no ]
)
if test "x$ENABLED_SMALL_STACK" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
fi
#valgrind
AC_ARG_ENABLE([valgrind],
[AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])],
[ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ]
)
if test "$ENABLED_VALGRIND" = "yes"
then
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
if test "$HAVE_VALGRIND" = "no"
then
AC_MSG_ERROR([Valgrind not found.])
fi
enable_shared=no
enable_static=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
fi
AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
# Test certs, use internal cert functions for extra testing
AC_ARG_ENABLE([testcert],
[AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])],
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
)
if test "$ENABLED_TESTCERT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
fi
# I/O Pool, an example to show user how to override memory handler and use
# a pool for the input/output buffer requests
AC_ARG_ENABLE([iopool],
[AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])],
[ ENABLED_IOPOOL=$enableval ],
[ ENABLED_IOPOOL=no ]
)
if test "$ENABLED_IOPOOL" = "yes"
then
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
fi
# Certificate Service Support
AC_ARG_ENABLE([certservice],
[AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
[ ENABLED_CERT_SERVICE=$enableval ],
[ ENABLED_CERT_SERVICE=no ]
)
if test "$ENABLED_CERT_SERVICE" = "yes"
then
# Requires ecc,certgen, and opensslextra make sure on
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
fi
# wolfSSL JNI
AC_ARG_ENABLE([jni],
[AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])],
[ ENABLED_JNI=$enableval ],
[ ENABLED_JNI=no ]
)
if test "$ENABLED_JNI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
# Enable prereqs if not already enabled
if test "x$ENABLED_DTLS" = "xno"
then
ENABLED_DTLS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
fi
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
then
ENABLED_CRL_MONITOR="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
fi
if test "x$ENABLED_SAVESESSION" = "xno"
then
ENABLED_SAVESESSION="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
if test "x$ENABLED_SAVECERT" = "xno"
then
ENABLED_SAVECERT="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
if test "x$ENABLED_ATOMICUSER" = "xno"
then
ENABLED_ATOMICUSER="yes"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
fi
if test "x$ENABLED_PKCALLBACKS" = "xno"
then
ENABLED_PKCALLBACKS="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
if test "x$ENABLED_DH" = "xno"
then
ENABLED_DH="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
fi
if test "x$ENABLED_PSK" = "xno"
then
ENABLED_PSK="yes"
fi
fi
# lighty Support
AC_ARG_ENABLE([lighty],
[AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
[ ENABLED_LIGHTY=$enableval ],
[ ENABLED_LIGHTY=no ]
)
if test "$ENABLED_LIGHTY" = "yes"
then
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
fi
if test "$ENABLED_NGINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX"
fi
if test "$ENABLED_HAPROXY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
fi
# stunnel Support
AC_ARG_ENABLE([stunnel],
[AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])],
[ ENABLED_STUNNEL=$enableval ],
[ ENABLED_STUNNEL=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_STUNNEL="yes"
fi
if test "$ENABLED_STUNNEL" = "yes"
then
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
# Requires coding make sure on
if test "x$ENABLED_CODING" = "xno"
then
ENABLED_CODING="yes"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
# Requires crls, make sure on
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
fi
# Requires DES3, make sure on
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
# Requires tlsx, make sure on
if test "x$ENABLED_TLSX" = "xno"
then
ENABLED_TLSX="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
# Check the ECC supported curves prereq
AS_IF([test "x$ENABLED_ECC" = "xyes"],
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
fi
# Requires ecc make sure on
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
fi
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
&& test "x$ENABLED_STUNNEL" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
if test "$ENABLED_PSK" = "no" && \
(test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
then
ENABLED_PSK=yes
fi
# MD4
AC_ARG_ENABLE([md4],
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes"
then
ENABLED_MD4="yes"
else
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
AC_ARG_ENABLE([pwdbased],
[AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
[ ENABLED_PWDBASED=$enableval ],
[ ENABLED_PWDBASED=no ]
)
if test "$ENABLED_PWDBASED" = "no"
then
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
then
# opensslextra and webserver needs pwdbased
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
fi
fi
AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"])
AC_ARG_ENABLE([scrypt],
[AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])],
[ ENABLED_SCRYPT=$enableval ],
[ ENABLED_SCRYPT=no ]
)
if test "$ENABLED_SCRYPT" = "yes"
then
if test "$ENABLED_PWDBASED" = "no"
then
AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
fi
AM_CONDITIONAL([BUILD_SCRYPT], [test "x$ENABLED_SCRYPT" = "xyes"])
# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])
if test "$ENABLED_CRYPTONLY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
fi
AM_CONDITIONAL([BUILD_CRYPTONLY], [test "x$ENABLED_CRYPTONLY" = "xyes"])
if test "x$ENABLED_CRYPTONLY" = "xno"
then
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
if test "x$ENABLED_ECC" = "xyes" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
fi
# set fastmath default
FASTMATH_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
FASTMATH_DEFAULT=yes
fi
# fastmath
AC_ARG_ENABLE([fastmath],
[AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: enabled on x86_64)])],
[ ENABLED_FASTMATH=$enableval ],
[ ENABLED_FASTMATH=$FASTMATH_DEFAULT]
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
# turn off fastmth if leanpsk on or asn off (w/o DH and ECC)
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
then
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
then
ENABLED_FASTMATH=no
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
if test "$host_cpu" = "x86_64"
then
# Have settings.h set FP_MAX_BITS higher if user didn't set directly
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
fi
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
[AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
# Enable Examples, used to disable examples
AC_ARG_ENABLE([examples],
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
[ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ]
)
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS], [test "x$ENABLED_EXAMPLES" = "xyes"])
AM_CONDITIONAL([BUILD_TESTS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
# Enable wolfCrypt test and benchmark
AC_ARG_ENABLE([crypttests],
[AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])],
[ ENABLED_CRYPT_TESTS=$enableval ],
[ ENABLED_CRYPT_TESTS=yes ]
)
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS], [test "x$ENABLED_CRYPT_TESTS" = "xyes"])
# LIBZ
ENABLED_LIBZ="no"
trylibzdir=""
AC_ARG_WITH([libz],
[ --with-libz=PATH PATH to libz install (default /usr/) ],
[
AC_MSG_CHECKING([for libz])
CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
LIBS="$LIBS -lz"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
if test "x$libz_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
trylibzdir=$withval
fi
if test "x$withval" == "xyes" ; then
trylibzdir="/usr"
fi
AM_LDFLAGS="$AM_LDFLAGS -L$trylibzdir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
if test "x$libz_linked" == "xno" ; then
AC_MSG_ERROR([libz isn't found.
If it's already installed, specify its path using --with-libz=/dir/])
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
ENABLED_LIBZ="yes"
]
)
AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
# cavium
trycaviumdir=""
AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
LIB_ADD="-lrt $LIB_ADD"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM"
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
],
[ ENABLED_CAVIUM=no ]
)
# cavium V
trycaviumdir=""
AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt $LIB_ADD"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/obj/cavium_common.o $trycaviumdir/api/obj/cavium_sym_crypto.o $trycaviumdir/api/obj/cavium_asym_crypto.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
#AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium-v=/dir/])
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
[
ENABLED_CAVIUM_=no
ENABLED_CAVIUM_V=no
]
)
AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
# Intel Quick Assist
tryqatdir=""
AC_ARG_WITH([intelqa],
[ --with-intelqa=PATH PATH to Intel QuickAssit (QAT) driver dir ],
[
AC_MSG_CHECKING([for intelqa])
CPPFLAGS="$CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-intelqa])
fi
if test "x$withval" != "xno" ; then
tryqatdir=$withval
fi
CPPFLAGS="$CPPFLAGS -I$tryqatdir/quickassist/include -I$tryqatdir/quickassist/include/lac -I$tryqatdir/quickassist/utilities/osal/include -I$tryqatdir/quickassist/utilities/osal/src/linux/user_space/include -I$tryqatdir/quickassist/lookaside/access_layer/include -I$tryqatdir/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel"
LDFLAGS="$LDFLAGS -L$tryqatdir/build -Wl,-Map=output.map"
LIBS="$LIBS -licp_qa_al_s"
LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]], [[ Cpa16U count = 0; cpaCyGetNumInstances(&count); ]])],[ intelqa_linked=yes ],[ intelqa_linked=no ])
if test "x$intelqa_linked" == "xno" ; then
AC_MSG_ERROR([Intel QuickAssist not found.
If it's already installed, specify its path using --with-intelqa=/dir/])
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
fi
AC_MSG_RESULT([yes])
ENABLED_INTEL_QA=yes
],
[
ENABLED_INTEL_QA=no
]
)
AM_CONDITIONAL([BUILD_INTEL_QA], [test "x$ENABLED_INTEL_QA" = "xyes"])
# Fast RSA using Intel IPP
ippdir="${srcdir}/IPP"
ipplib="lib" # if autoconf guesses 32bit system changes lib directory
fastRSA_found=no
abs_path=`pwd`
# set up variables used
IPPLIBS=
IPPHEADERS=
IPPLINK=
AC_ARG_ENABLE([fast-rsa],
[AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
[ ENABLED_FAST_RSA=$enableval ],
[ ENABLED_FAST_RSA=no ],
)
if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected
fi
# Use static IPP Libraries
if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
case $host_os in
*darwin*)
ipplib="$ipplib/mac_static"
AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
Dynamic IPP libraries supported on Mac])
break;;
*linux*)
ipplib="$ipplib/linux_static"
break;;
*)
ENABLED_FAST_RSA=no
esac
AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no])
AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
if test "$ENABLED_FAST_RSA" = "no"; then
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
else
# Check for and use bundled IPP libraries
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_NOTICE([Using local IPP crypto library])
AC_CHECK_FILES([$abs_path/IPP/include/ippcp.h],
[
# build and default locations on linux and mac
STORE_LDFLAGS=${LDFLAGS}
STORE_CPPFLAGS=${CPPFLAGS}
# using LDFLAGS instead of AM_ temporarily to test link to library
LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
CPPFLAGS="-I$ippdir/include"
AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
name="$ippdir/$ipplib/libippcp"
case $host_os in
*darwin*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.dylib], [
IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
], [fastRSA_found=no])
break;;
*linux*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.so.9.0], [
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
else
IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
fi
], [fastRSA_found=no])
break;;
*)
fastRSA_found=no
esac
if test "$fastRSA_found" = "yes"; then
# was succesfull so add tested LDFLAGS to AM_ flags
AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
IPPHEADERS="${srcdir}/IPP/include/*.h"
fi
# restore LDFLAGS to user set
LDFLAGS=${STORE_LDFLAGS}
CPPFLAGS=${STORE_CPPFLAGS}
], [fastRSA_found=no])
fi
# Don't cache the result so it can be checked
AS_UNSET([ac_cv_header_ippcp_h])
AS_UNSET([ac_cv_header_ipp_h])
AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
# Check link and see if user has pre-existing IPP Libraries if not using local
if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
AC_MSG_NOTICE([Checking if IPP crypto library installed])
AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
[
fastRSA_found=yes
AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
], [ fastRSA_found=no])
], [fastRSA_found=no])
# Error out on not finding libraries
if test "$fastRSA_found" = "no"; then
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
fi
fi # end of if for shared library
else # if user rsa is set than do not use fast rsa option
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
fi
fi # end of if for user rsa crypto or fips
# End result of checking for IPP Libraries
AC_MSG_CHECKING([for fast RSA])
if test "$ENABLED_FAST_RSA" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
# add in user crypto header that uses Intel IPP
AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
if test "$enable_shared" = "yes"; then
LIBS="$LIBS -lippcore -lippcp"
LIB_ADD="-lippcp -lippcore $LIB_ADD"
else
LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
AC_SUBST([IPPLIBS])
AC_SUBST([IPPHEADERS])
AC_SUBST([IPPLINK])
AM_CONDITIONAL([BUILD_FAST_RSA], [test "x$ENABLED_FAST_RSA" = "xyes"])
# static memory use
AC_ARG_ENABLE([staticmemory],
[AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
[ ENABLED_STATICMEMORY=$enableval ],
[ ENABLED_STATICMEMORY=no ]
)
if test "x$ENABLED_STATICMEMORY" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
if test "x$ENABLED_FASTMATH" = "xno"
then
AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
fi
fi
# microchip api
AC_ARG_ENABLE([mcapi],
[AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])],
[ ENABLED_MCAPI=$enableval ],
[ ENABLED_MCAPI=no ]
)
if test "$ENABLED_MCAPI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
if test "x$ENABLED_AESCTR" != "xyes"
then
# These flags are already implied by --enable-aesctr
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
then
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
fi
AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
# Asynchronous Crypto
AC_ARG_ENABLE([asynccrypt],
[AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])],
[ ENABLED_ASYNCCRYPT=$enableval ],
[ ENABLED_ASYNCCRYPT=no ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT"
# if no async hardware then use simulator for testing
if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno"
then
# Async threading is Linux specific
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
fi
fi
AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_WOLFEVENT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
# check for async if using Intel QuckAssist or Cavium
if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
AC_MSG_ERROR([Please enable enable asynchronous support using --enable-asynccrypt])
fi
fi
# Asynchronous threading
AC_ARG_ENABLE([asyncthreads],
[AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])],
[ ENABLED_ASYNCTHREADS=$enableval ],
[ ENABLED_ASYNCTHREADS=yes ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
then
AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
else
ENABLED_ASYNCTHREADS=no
fi
if test "$ENABLED_ASYNCTHREADS" = "yes"
then
LIB_ADD="-lpthread $LIB_ADD"
AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
fi
# Session Export
AC_ARG_ENABLE([sessionexport],
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
[ ENABLED_SESSIONEXPORT=$enableval ],
[ ENABLED_SESSIONEXPORT=no ]
)
if test "$ENABLED_SESSIONEXPORT" = "yes"
then
if test "$ENABLED_DTLS" = "no"
then
AC_MSG_ERROR([Only DTLS supported with session export])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
fi
# AES key wrap
AC_ARG_ENABLE([aeskeywrap],
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
[ ENABLED_AESKEYWRAP=$enableval ],
[ ENABLED_AESKEYWRAP=no ]
)
if test "$ENABLED_WPAS" = "yes" && test "$ENABLED_FIPS" = "no"
then
ENABLED_AESKEYWRAP="yes"
fi
if test "$ENABLED_AESKEYWRAP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
# check if PSK was enabled for conditionally running psk.test script
AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
# check if should run the trusted peer certs test
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
case $C_EXTRA_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
if test "$have_tp" = "no"; then
case $C_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
fi
AM_CONDITIONAL([BUILD_TRUST_PEER_CERT], [test "x$have_tp" = "xyes"])
################################################################################
# Check for build-type conflicts #
################################################################################
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_LEANPSK" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_ASN" = "xno"],
[AC_MSG_ERROR([please enable asn if enabling ocsp.])])
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
# checks for pkcs7 needed enables
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling pkcs7.])])
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_SHA" = "xno"],
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc if enabling leantls.])])
AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
# Lean TLS forces off prereqs of SCEP.
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
test "x$ENABLED_LEANTLS" = "xyes"],
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
# CMAC currently requires AES.
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
test "x$ENABLED_AES" = "xno"],
[AC_MSG_ERROR([cannot use CMAC without AES.])])
################################################################################
# Update CFLAGS based on options #
################################################################################
AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
[AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
if test "x$ENABLED_PKCS7" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
# Enable prereqs if not already enabled
if test "x$ENABLED_AESKEYWRAP" = "xno"
then
ENABLED_AESKEYWRAP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
if test "x$ENABLED_X963KDF" = "xno"
then
ENABLED_X963KDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
AS_IF([test "x$ENABLED_DES3" = "xno"],
[ENABLED_DES3=yes])
fi
if test "x$ENABLED_DES3" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_OLD_TLS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_SSLV3" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
AS_IF([test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_MULTICAST $AM_CFLAGS"])
# SCTP and Multicast require DTLS
AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
(test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")],
[AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
ENABLED_DTLS=yes])
# Multicast requires the null cipher
AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \
test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DHAVE_NULL_CIPHER $AM_CFLAGS"
ENABLED_NULL_CIPHER=yes])
################################################################################
# OPTIMIZE FLAGS
# For distro disable custom build options that interfere with symbol generation
if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
then
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
if test "$ax_enable_debug" = "no"
then
if test "$ENABLED_FASTMATH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
fi
else
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
fi
fi
fi
# ICC command line warning for non supported warning flags
if test "$CC" = "icc"
then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
# Expose HAVE___UINT128_T to options flags"
if test "$ac_cv_type___uint128_t" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T"
fi
LIB_SOCKET_NSL
AX_HARDEN_CC_COMPILER_FLAGS
# if mingw then link to ws2_32 for sockets
case $host_os in
mingw*)
LDFLAGS="$LDFLAGS -lws2_32"
if test "$enable_shared" = "yes"
then
AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
if test "$enable_static" = "yes"
then
MINGW_LIB_WARNING="yes"
fi
fi ;;
esac
# add user C_EXTRA_FLAGS back
# For distro disable custom build options that interfere with symbol generation
if test "$ENABLED_DISTRO" = "no"
then
CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
fi
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS"
CREATE_HEX_VERSION
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_CFLAGS])
AC_SUBST([AM_LDFLAGS])
AC_SUBST([AM_CCASFLAGS])
AC_SUBST([LIB_ADD])
AC_SUBST([LIB_STATIC_ADD])
# FINAL
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
AC_CONFIG_FILES([Makefile])
AC_CONFIG_FILES([wolfssl/version.h])
AC_CONFIG_FILES([wolfssl/options.h])
#have options.h and version.h for autoconf fips tag and build
#if test "x$ENABLED_FIPS" = "xyes"
#then
# AC_CONFIG_FILES([cyassl/version.h])
# AC_CONFIG_FILES([cyassl/options.h])
#fi
AC_CONFIG_FILES([support/wolfssl.pc])
AC_CONFIG_FILES([rpm/spec])
AX_CREATE_GENERIC_CONFIG
AX_AM_JOBSERVER([yes])
AC_OUTPUT
# force make clean
echo "---"
echo "Running make clean..."
make clean >/dev/null 2>&1
# generate user options header
echo "---"
echo "Generating user options header..."
OPTION_FILE="wolfssl/options.h"
#if
#OPTION_FILE+="cyassl/options.h"
#fi
rm -f $OPTION_FILE
echo "/* wolfssl options.h" > $OPTION_FILE
echo " * generated from configure options" >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
for option in $OPTION_FLAGS; do
defonly=`echo $option | sed 's/-D//'`
if test "$defonly" != "$option"
then
noequalsign=`echo $defonly | sed 's/=/ /'`
if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
then
echo "not outputting (N)DEBUG to $OPTION_FILE"
continue
fi
# allow user to igonore system options
ignoresys=no
if [[[ $noequalsign == _* ]]] ;
then
ignoresys=yes
echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
fi
noarg=`echo $defonly | sed 's/=.*//'`
echo "#undef $noarg" >> $OPTION_FILE
echo "#define $noequalsign" >> $OPTION_FILE
if test "$ignoresys" = "yes"
then
echo "#endif" >> $OPTION_FILE
fi
echo "" >> $OPTION_FILE
else
echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
fi
done
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "}" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
echo
#backwards compatibility for those who have included options or version
touch cyassl/options.h
echo "/* cyassl options.h" > cyassl/options.h
echo " * generated from wolfssl/options.h" >> cyassl/options.h
echo " */" >> cyassl/options.h
echo ""
while read -r line
do
echo "$line" >> cyassl/options.h
done < $OPTION_FILE
# switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak
sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h
# workaround for mingw sed that may get "Permission denied" trying to preserver permissions
case $host_os in
mingw*)
chmod u+w cyassl/options.h ;;
esac
rm cyassl/options.h.bak
# output config summary
echo "---"
echo "Configuration summary for $PACKAGE_NAME version $VERSION"
echo ""
echo " * Installation prefix: $prefix"
echo " * System type: $host_vendor-$host_os"
echo " * Host CPU: $host_cpu"
echo " * C Compiler: $CC"
echo " * C Flags: $CFLAGS"
echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS"
echo " * CCAS Flags: $CCASFLAGS"
echo " * LIB Flags: $LIB"
echo " * Debug enabled: $ax_enable_debug"
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout"
echo
echo " Features "
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
echo " * Distro Build: $ENABLED_DISTRO"
echo " * fastmath: $ENABLED_FASTMATH"
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"
echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
echo " * AES-CTR: $ENABLED_AESCTR"
echo " * DES3: $ENABLED_DES3"
echo " * IDEA: $ENABLED_IDEA"
echo " * Camellia: $ENABLED_CAMELLIA"
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
echo " * MD5: $ENABLED_MD5"
echo " * RIPEMD: $ENABLED_RIPEMD"
echo " * SHA: $ENABLED_SHA"
echo " * SHA-224: $ENABLED_SHA224"
echo " * SHA-512: $ENABLED_SHA512"
echo " * SHA3: $ENABLED_SHA3"
echo " * BLAKE2: $ENABLED_BLAKE2"
echo " * CMAC: $ENABLED_CMAC"
echo " * keygen: $ENABLED_KEYGEN"
echo " * certgen: $ENABLED_CERTGEN"
echo " * certreq: $ENABLED_CERTREQ"
echo " * certext: $ENABLED_CERTEXT"
echo " * HC-128: $ENABLED_HC128"
echo " * RABBIT: $ENABLED_RABBIT"
echo " * CHACHA: $ENABLED_CHACHA"
echo " * Hash DRBG: $ENABLED_HASHDRBG"
echo " * PWDBASED: $ENABLED_PWDBASED"
echo " * scrypt: $ENABLED_SCRYPT"
echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
echo " * HKDF: $ENABLED_HKDF"
echo " * X9.63 KDF: $ENABLED_X963KDF"
echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK"
echo " * Poly1305: $ENABLED_POLY1305"
echo " * LEANPSK: $ENABLED_LEANPSK"
echo " * LEANTLS: $ENABLED_LEANTLS"
echo " * RSA: $ENABLED_RSA"
echo " * RSA-PSS: $ENABLED_RSAPSS"
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
echo " * CURVE25519: $ENABLED_CURVE25519"
echo " * ED25519: $ENABLED_ED25519"
echo " * FPECC: $ENABLED_FPECC"
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
echo " * ASN: $ENABLED_ASN"
echo " * Anonymous cipher: $ENABLED_ANON"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * LIGHTY: $ENABLED_LIGHTY"
echo " * HAPROXY: $ENABLED_HAPROXY"
echo " * STUNNEL: $ENABLED_STUNNEL"
echo " * NGINX: $ENABLED_NGINX"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
echo " * SCTP: $ENABLED_SCTP"
echo " * Multicast: $ENABLED_MCAST"
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * SSL version 3.0: $ENABLED_SSLV3"
echo " * TLS v1.3: $ENABLED_TLS13"
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
echo " * OCSP: $ENABLED_OCSP"
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * NTRU: $ENABLED_NTRU"
echo " * Whitewood netRandom: $ENABLED_WNR"
echo " * Server Name Indication: $ENABLED_SNI"
echo " * ALPN: $ENABLED_ALPN"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
echo " * wolfSCEP $ENABLED_WOLFSCEP"
echo " * Secure Remote Password $ENABLED_SRP"
echo " * Small Stack: $ENABLED_SMALL_STACK"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
echo " * Cavium: $ENABLED_CAVIUM"
echo " * ARM ASM: $ENABLED_ARMASM"
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
echo " * Write duplicate: $ENABLED_WRITEDUP"
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
echo ""
echo "---"
################################################################################
# Show warnings at bottom so they are noticed
################################################################################
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
fi
# MinGW static vs shared library
# Reference URL from libtool for MinGW is located at
# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
# this allows for not even having dllimport/dllexport on functions
# with recent libtools, only requiring it with global variables.
#
# The following warning is displayed here because if not using "contemporary GNU
# tools" there is the possibility of export/import issues.
# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
# case where both static and shared libraries are built.
#
# More can be found about the MinGW linker at
# https://sourceware.org/binutils/docs/ld/WIN32.html
if test "$MINGW_LIB_WARNING" = "yes"
then
AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
fi
Reference in New Issue View Git Blame Copy Permalink