mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 18:40:49 +02:00
fb6b62dd8e
NIST standardized the pre-standardization Dilithium signature scheme as ML-DSA in FIPS 204. Migrate the provider's user-visible surface to canonical spellings, with a temporary shim that preserves source-level backward compatibility for existing consumers. Renames ------- * File: wolfcrypt/src/dilithium.c -> wolfcrypt/src/wc_mldsa.c * New canonical header: wolfssl/wolfcrypt/wc_mldsa.h * Types: dilithium_key -> MlDsaKey, wc_dilithium_params -> MlDsaParams * Functions: wc_dilithium_* / wc_Dilithium_* -> wc_MlDsaKey_* * Build gates: HAVE_DILITHIUM -> WOLFSSL_HAVE_MLDSA, WOLFSSL_DILITHIUM_* / WC_DILITHIUM_* -> WOLFSSL_MLDSA_* / WC_MLDSA_* * Configure flag: --enable-mldsa (legacy --enable-dilithium still works) * CMake option: WOLFSSL_MLDSA (legacy WOLFSSL_DILITHIUM emits a DEPRECATION message) Backward compatibility ---------------------- wolfssl/wolfcrypt/dilithium.h is now a temporary compatibility shim: * Forward-translates legacy build gates to canonical (the two sub-gates read by certs_test.h are translated in settings.h so the auto-generated header is reachable without including dilithium.h; the remainder lives in dilithium.h itself). * Reverse-translates canonical gates back to legacy so unmigrated consumer code keying off HAVE_DILITHIUM / WOLFSSL_DILITHIUM_* keeps compiling. * Provides macro / static-inline aliases for the legacy type and function names so source-level callers compile unchanged. Sets WC_DILITHIUMKEY_TYPE_DEFINED to suppress strict-C99 typedef redefinition in asn_public.h. Two opt-outs are honored: WOLFSSL_NO_DILITHIUM_LEGACY_GATES disables build-gate translation; WOLFSSL_NO_DILITHIUM_LEGACY_NAMES disables the symbol aliases. Both are temporary and the shim will be removed in a future release. doc/dilithium-to-mldsa-migration.md describes the migration path for downstream consumers. ABI note -------- The library now exports wc_MlDsaKey_* instead of wc_dilithium_*. Pre-built binaries that linked against the legacy symbols need to recompile against the shim header (which resolves to the new symbols at compile time) or migrate to the canonical names directly. Source code keeps building unchanged. Other changes ------------- * wolfssl/wolfcrypt/memory.h: drop ML-DSA sub-gate branching for static memory pool sizing; WOLFSSL_HAVE_MLDSA builds now pick the larger LARGEST_MEM_BUCKET / WOLFMEM_BUCKETS / WOLFMEM_DIST unconditionally. Override these macros for small-mem builds. * gencertbuf.pl + wolfssl/certs_test.h: outer guards migrated to the canonical WOLFSSL_HAVE_MLDSA spelling. * tests/api/test_mldsa.c: adds compile-time API surface validators (canonical wc_MlDsaKey_* surface plus legacy alias surface) so signature drift produces a build error during make check. * IDE files (Xcode, INTIME-RTOS, WIN10, VS2022, CSharp wrapper), Zephyr CMakeLists.txt, and autotools include.am updated for the rename. * DYNAMIC_TYPE_DILITHIUM and ML_DSA_PCT_E retained as internal symbols; scheduled to be renamed alongside the eventual shim removal.
12960 lines
431 KiB
Plaintext
12960 lines
431 KiB
Plaintext
# configure.ac
|
|
#
|
|
# Copyright (C) 2006-2026 wolfSSL Inc.
|
|
#
|
|
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
|
#
|
|
#
|
|
AC_COPYRIGHT([Copyright (C) 2006-2026 wolfSSL Inc.])
|
|
AC_PREREQ([2.69])
|
|
AC_INIT([wolfssl],[5.9.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
|
|
AC_CONFIG_AUX_DIR([build-aux])
|
|
|
|
# Inhibit unwanted regeneration of autotools artifacts by Makefile.
|
|
AM_MAINTAINER_MODE([disable])
|
|
|
|
# The following sets CFLAGS to empty if unset on command line. We do not
|
|
# want the default "-g -O2" that AC_PROG_CC sets automatically.
|
|
: ${CFLAGS=""}
|
|
|
|
# Capture user C_EXTRA_FLAGS from configure line.
|
|
# Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone
|
|
# might still be using it.
|
|
CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS"
|
|
|
|
AC_PROG_CC
|
|
AM_PROG_CC_C_O
|
|
AC_CANONICAL_HOST
|
|
AC_CONFIG_MACRO_DIR([m4])
|
|
|
|
AM_INIT_AUTOMAKE([1.13.4 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
|
|
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
|
|
|
|
AC_ARG_PROGRAM
|
|
|
|
# Optional CMake package install (enabled by default)
|
|
AC_ARG_ENABLE([cmake-install],
|
|
[AS_HELP_STRING([--disable-cmake-install],[Disable installation of CMake package files])],
|
|
[ ENABLED_CMAKE_INSTALL=$enableval ],
|
|
[ ENABLED_CMAKE_INSTALL=yes ])
|
|
AM_CONDITIONAL([CMAKE_INSTALL],[test "x$ENABLED_CMAKE_INSTALL" = "xyes"])
|
|
|
|
AC_CONFIG_HEADERS([config.h:config.in])
|
|
|
|
LT_PREREQ([2.4.2])
|
|
LT_INIT([disable-static win32-dll])
|
|
|
|
AC_ARG_VAR(EXTRA_CPPFLAGS, [Extra CPPFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
|
|
AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
|
|
AC_ARG_VAR(EXTRA_CCASFLAGS, [Extra CCASFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
|
|
AC_ARG_VAR(EXTRA_LDFLAGS, [Extra LDFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
|
|
|
|
WOLFSSL_CONFIG_ARGS=$ac_configure_args
|
|
AC_SUBST([WOLFSSL_CONFIG_ARGS])
|
|
|
|
# Store configure options and CFLAGS for debian rules generation
|
|
CONFIGURE_OPTIONS="$ac_configure_args"
|
|
AC_SUBST([CONFIGURE_OPTIONS])
|
|
|
|
# shared library versioning
|
|
# The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
|
|
|
|
# increment if interfaces have been removed or changed
|
|
WOLFSSL_LIBRARY_VERSION_FIRST=44
|
|
|
|
# increment if interfaces have been added
|
|
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
|
|
WOLFSSL_LIBRARY_VERSION_SECOND=2
|
|
|
|
# increment if source code has changed
|
|
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
|
|
# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
|
|
WOLFSSL_LIBRARY_VERSION_THIRD=0
|
|
|
|
WOLFSSL_LIBRARY_VERSION=${WOLFSSL_LIBRARY_VERSION_FIRST}:${WOLFSSL_LIBRARY_VERSION_SECOND}:${WOLFSSL_LIBRARY_VERSION_THIRD}
|
|
AC_SUBST([WOLFSSL_LIBRARY_VERSION_FIRST])
|
|
AC_SUBST([WOLFSSL_LIBRARY_VERSION_SECOND])
|
|
AC_SUBST([WOLFSSL_LIBRARY_VERSION_THIRD])
|
|
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
|
|
|
|
gl_VISIBILITY
|
|
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
|
|
AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
|
|
])
|
|
|
|
WOLFSSL_BUILD_DATE=$(LC_TIME=C date +"%a, %d %b %Y %T %z")
|
|
AC_SUBST([WOLFSSL_BUILD_DATE])
|
|
|
|
|
|
# Moved these size of and type checks before the library checks.
|
|
# The library checks add the library to subsequent test compiles
|
|
# and in some rare cases, the networking check causes these sizeof
|
|
# checks to fail.
|
|
AC_CHECK_SIZEOF([long long])
|
|
AC_CHECK_SIZEOF([long])
|
|
AC_CHECK_SIZEOF([time_t])
|
|
AC_CHECK_TYPES([__uint128_t])
|
|
|
|
|
|
# Distro build feature subset (Debian, Ubuntu, etc.)
|
|
AC_ARG_ENABLE([distro],
|
|
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
|
|
[ ENABLED_DISTRO=$enableval ],
|
|
[ ENABLED_DISTRO=no ]
|
|
)
|
|
if test "$ENABLED_DISTRO" = "yes"
|
|
then
|
|
enable_shared=yes
|
|
enable_static=yes
|
|
enable_all=yes
|
|
enable_earlydata=no
|
|
REPRODUCIBLE_BUILD_DEFAULT=yes
|
|
else
|
|
REPRODUCIBLE_BUILD_DEFAULT=no
|
|
fi
|
|
|
|
# Fail when an option is passed that is not recognized
|
|
m4_divert_once([DEFAULTS], [enable_option_checking=fatal])
|
|
|
|
# Allow experimental settings
|
|
AC_ARG_ENABLE([experimental],
|
|
[AS_HELP_STRING([--enable-experimental],[Allow experimental settings in the configuration (default: disabled)])],
|
|
[ ENABLED_EXPERIMENTAL=$enableval ],
|
|
[ ENABLED_EXPERIMENTAL=no ]
|
|
)
|
|
if test "$ENABLED_EXPERIMENTAL" = "yes"
|
|
then
|
|
AS_IF([ test "$ENABLED_DISTRO" = "yes" && test "$ENABLED_EXPERIMENTAL" = "yes" ],[ AC_MSG_ERROR([--enable-distro and --enable-experimental are mutually exclusive.]) ])
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS"
|
|
fi
|
|
|
|
# Kernel module benchmark
|
|
AC_ARG_ENABLE([kernel-benchmarks],
|
|
[AS_HELP_STRING([--enable-kernel-benchmarks],[Enable crypto benchmarking autorun at module load time for kernel module (default: disabled)])],
|
|
[ENABLED_KERNEL_BENCHMARKS=$enableval],
|
|
[ENABLED_KERNEL_BENCHMARKS="no"])
|
|
if test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_BENCHMARKS"
|
|
fi
|
|
AC_SUBST([ENABLED_KERNEL_BENCHMARKS])
|
|
|
|
AC_ARG_ENABLE([kernel-verbose-debug],
|
|
[AS_HELP_STRING([--enable-kernel-verbose-debug],[Enable supplementary runtime debugging messages for kernel module (default: disabled)])],
|
|
[ENABLED_KERNEL_VERBOSE_DEBUG=$enableval],
|
|
[ENABLED_KERNEL_VERBOSE_DEBUG="no"])
|
|
if test "$ENABLED_KERNEL_VERBOSE_DEBUG" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_VERBOSE_DEBUG"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([kernel-stack-debug],
|
|
[AS_HELP_STRING([--enable-kernel-stack-debug],[Enable runtime reporting of stack usage in kernel module (default: disabled)])],
|
|
[ENABLED_KERNEL_STACK_DEBUG=$enableval],
|
|
[ENABLED_KERNEL_STACK_DEBUG="no"])
|
|
if test "$ENABLED_KERNEL_STACK_DEBUG" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_STACK_DEBUG"
|
|
fi
|
|
|
|
# Linux Kernel Module options (more options later)
|
|
AC_ARG_ENABLE([linuxkm],
|
|
[AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
|
|
[ENABLED_LINUXKM=$enableval],
|
|
[ENABLED_LINUXKM=no]
|
|
)
|
|
|
|
AC_ARG_ENABLE([linuxkm-defaults],
|
|
[AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])],
|
|
[KERNEL_MODE_DEFAULTS=$enableval],
|
|
[KERNEL_MODE_DEFAULTS=$ENABLED_LINUXKM]
|
|
)
|
|
|
|
# FreeBSD Kernel Module
|
|
AC_ARG_ENABLE([freebsdkm],
|
|
[AS_HELP_STRING([--enable-freebsdkm],[Enable FreeBSD Kernel Module (default: disabled)])],
|
|
[ENABLED_BSDKM=$enableval],
|
|
[ENABLED_BSDKM=no]
|
|
)
|
|
|
|
AC_ARG_ENABLE([freebsdkm-crypto-register],
|
|
[AS_HELP_STRING([--enable-freebsdkm-crypto-register],[Register wolfCrypt implementations with the FreeBSD kernel opencrypto framework. (default: disabled)])],
|
|
[ENABLED_BSDKM_REGISTER=$enableval],
|
|
[ENABLED_BSDKM_REGISTER=no]
|
|
)
|
|
|
|
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h])
|
|
AC_CHECK_LIB([network],[socket])
|
|
AC_C_BIGENDIAN
|
|
AC_C___ATOMIC
|
|
if test "x$ENABLED_BSDKM" = "xyes"; then
|
|
# The <stdatomic.h> header should not be included in freebsd kernel build.
|
|
# Look for <machine/atomic.h> instead.
|
|
AC_CHECK_HEADER(machine/atomic.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ATOMIC_H"],[])
|
|
else
|
|
AC_CHECK_HEADER(stdatomic.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ATOMIC_H"],[])
|
|
fi
|
|
AC_CHECK_HEADER(assert.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ASSERT_H"],[])
|
|
|
|
# check if functions of interest are linkable, but also check if
|
|
# they're declared by the expected headers, and if not, supersede the
|
|
# unusable positive from AC_CHECK_FUNCS().
|
|
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii getpid getrandom])
|
|
AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii, getpid, getrandom], [], [
|
|
if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
|
|
then
|
|
AC_MSG_NOTICE([ note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])
|
|
eval "ac_cv_func_${as_decl_name}=no"
|
|
_mask_varname=HAVE_`eval "echo '${as_decl_name}'" | tr 'a-z' 'A-Z'`
|
|
sed --in-place "s~^#define ${_mask_varname} 1$~~" confdefs.h
|
|
fi
|
|
], [[
|
|
#ifdef HAVE_SYS_SOCKET_H
|
|
#include <sys/socket.h>
|
|
#endif
|
|
#ifdef HAVE_STRING_H
|
|
#include <string.h>
|
|
#endif
|
|
#ifdef HAVE_NETDB_H
|
|
#include <netdb.h>
|
|
#endif
|
|
#ifdef HAVE_ARPA_INET_H
|
|
#include <arpa/inet.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_TIME_H
|
|
#include <sys/time.h>
|
|
#endif
|
|
#ifdef HAVE_TIME_H
|
|
#include <time.h>
|
|
#endif
|
|
#ifdef HAVE_STDLIB_H
|
|
#include <stdlib.h>
|
|
#endif
|
|
#ifdef HAVE_UNISTD_H
|
|
#include <unistd.h>
|
|
#endif
|
|
#ifdef HAVE_CTYPE_H
|
|
#include <ctype.h>
|
|
#endif
|
|
#ifdef HAVE_SYS_RANDOM_H
|
|
#include <sys/random.h>
|
|
#endif
|
|
]])
|
|
|
|
AC_PROG_INSTALL
|
|
AC_TYPE_SIZE_T
|
|
AC_TYPE_UINT8_T
|
|
AC_TYPE_UINTPTR_T
|
|
AM_PROG_AS
|
|
|
|
OPTIMIZE_CFLAGS="-Os"
|
|
OPTIMIZE_FAST_CFLAGS="-O2"
|
|
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
|
|
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
|
|
LIB_ADD=
|
|
LIB_STATIC_ADD=
|
|
PC_LIBS_PRIVATE=""
|
|
|
|
OPTIMIZE_CFLAGS="$OPTIMIZE_CFLAGS $EXTRA_OPTS_CFLAGS"
|
|
OPTIMIZE_FAST_CFLAGS="$OPTIMIZE_FAST_CFLAGS $EXTRA_OPTS_CFLAGS"
|
|
OPTIMIZE_HUGE_CFLAGS="$OPTIMIZE_HUGE_CFLAGS $EXTRA_OPTS_CFLAGS"
|
|
DEBUG_VFLAGS="$DEBUG_VFLAGS $EXTRA_OPTS_CFLAGS"
|
|
|
|
if test "$output_objdir" = ""
|
|
then
|
|
output_objdir=.
|
|
fi
|
|
|
|
|
|
# Thread local storage
|
|
thread_ls_on="no"
|
|
AC_ARG_ENABLE([threadlocal],
|
|
[AS_HELP_STRING([--enable-threadlocal],[Enable thread local support (default: enabled)])],
|
|
[ ENABLED_THREADLOCAL=$enableval ],
|
|
[ ENABLED_THREADLOCAL=yes ]
|
|
)
|
|
if test "$ENABLED_THREADLOCAL" = "yes"
|
|
then
|
|
AX_TLS([thread_ls_on=yes],[thread_ls_on=no])
|
|
AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
|
|
fi
|
|
|
|
|
|
# DEBUG
|
|
AX_DEBUG
|
|
AS_IF([test "$ax_enable_debug" = "yes"],
|
|
[AM_CFLAGS="$AM_CFLAGS $DEBUG_CFLAGS"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
|
|
AS_IF([test "$ax_enable_debug" = "yes"],
|
|
[AM_CCASFLAGS="$DEBUG_CFLAGS $AM_CCASFLAGS"],
|
|
[AM_CCASFLAGS="$AM_CCASFLAGS -DNDEBUG"])
|
|
|
|
AC_ARG_ENABLE([debug-code-points],
|
|
[ AS_HELP_STRING([--enable-debug-code-points],[Include source file and line number in --enable-debug messages.]) ],
|
|
[ ENABLED_DEBUG_CODEPOINTS=$enableval ],
|
|
[ ENABLED_DEBUG_CODEPOINTS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_DEBUG_CODEPOINTS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEBUG_CODEPOINTS"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([debug-trace-errcodes],
|
|
[ AS_HELP_STRING([--enable-debug-trace-errcodes],[Print trace messages when library errors are thrown.]) ],
|
|
[ ENABLED_DEBUG_TRACE_ERRCODES=$enableval ],
|
|
[ ENABLED_DEBUG_TRACE_ERRCODES=no ]
|
|
)
|
|
|
|
if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEBUG_TRACE_ERROR_CODES"
|
|
fi
|
|
|
|
if test "$ENABLED_DEBUG_TRACE_ERRCODES" = "backtrace"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -g -funwind-tables -DWOLFSSL_DEBUG_BACKTRACE_ERROR_CODES"
|
|
AM_LDFLAGS="$AM_LDFLAGS -lbacktrace"
|
|
fi
|
|
|
|
# Start without certificates enabled and enable if a certificate algorithm is
|
|
# enabled
|
|
ENABLED_CERTS="no"
|
|
|
|
# Implements requirements from RFC9325
|
|
AC_ARG_ENABLE([harden-tls],
|
|
[AS_HELP_STRING([--enable-harden-tls],[Enable requirements from RFC9325. Possible values are <yes>, <112>, or <128>. <yes> is equivalent to <112>. (default: disabled)])],
|
|
[ ENABLED_HARDEN_TLS=$enableval ],
|
|
[ ENABLED_HARDEN_TLS=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_HARDEN_TLS" != "xno"
|
|
then
|
|
if test "x$ENABLED_HARDEN_TLS" = "xyes" || test "x$ENABLED_HARDEN_TLS" = "x112"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HARDEN_TLS=112"
|
|
elif test "x$ENABLED_HARDEN_TLS" = "x128"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HARDEN_TLS=128"
|
|
else
|
|
AC_MSG_ERROR([Invalid value for --enable-harden-tls])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_ALERTS -DWOLFSSL_CHECK_ALERT_ON_ERR"
|
|
fi
|
|
|
|
# Support for forcing 32-bit mode
|
|
# To force 32-bit instructions use:
|
|
# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make
|
|
# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement.
|
|
AC_ARG_ENABLE([32bit],
|
|
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
|
|
[ ENABLED_32BIT=$enableval ],
|
|
[ ENABLED_32BIT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_32BIT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_32BIT_CPU"
|
|
fi
|
|
|
|
# 16-bit compiler support
|
|
AC_ARG_ENABLE([16bit],
|
|
[AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])],
|
|
[ ENABLED_16BIT=$enableval ],
|
|
[ ENABLED_16BIT=no ]
|
|
)
|
|
if test "$ENABLED_16BIT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([64bit],
|
|
[AS_HELP_STRING([--enable-64bit],[Enables 64-bit support (default: disabled)])],
|
|
[ ENABLED_64BIT=$enableval ],
|
|
[ ENABLED_64BIT=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([kdf],
|
|
[AS_HELP_STRING([--enable-kdf],[Enables kdf support (default: enabled)])],
|
|
[ ENABLED_KDF=$enableval ],
|
|
[ ENABLED_KDF=yes ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([hmac],
|
|
[AS_HELP_STRING([--enable-hmac],[Enables HMAC support (default: enabled)])],
|
|
[ ENABLED_HMAC=$enableval ],
|
|
[ ENABLED_HMAC=yes ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([hmac-copy],
|
|
[AS_HELP_STRING([--enable-hmac-copy],[Enables digest copying implementation for HMAC (default: disabled)])],
|
|
[ ENABLED_HMAC_COPY=$enableval ],
|
|
[ ENABLED_HMAC_COPY=no ]
|
|
)
|
|
if test "$ENABLED_HMAC_COPY" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HMAC_COPY_HASH"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([do178],
|
|
[AS_HELP_STRING([--enable-do178],[Enable DO-178, Will NOT work w/o DO178 license (default: disabled)])],
|
|
[ENABLED_DO178=$enableval],
|
|
[ENABLED_DO178="no"])
|
|
|
|
if test "$ENABLED_DO178" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DO178"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_DO178"
|
|
fi
|
|
# Support for disabling all ASM
|
|
AC_ARG_ENABLE([asm],
|
|
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
|
|
[ ENABLED_ASM=$enableval ],
|
|
[ ENABLED_ASM=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_ASM" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
|
|
fi
|
|
AC_SUBST([ENABLED_ASM])
|
|
|
|
# Default math is SP Math all and not fast math
|
|
# FIPS v1 and v2 must use fast math
|
|
DEF_SP_MATH="yes"
|
|
DEF_FAST_MATH="no"
|
|
|
|
# FIPS 140
|
|
AC_ARG_ENABLE([fips],
|
|
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2/3, Will NOT work w/o FIPS license (default: disabled)])],
|
|
[ENABLED_FIPS=$enableval],
|
|
[ENABLED_FIPS="no"])
|
|
|
|
FIPS_FLAVOR="$ENABLED_FIPS"
|
|
AC_SUBST([FIPS_FLAVOR])
|
|
|
|
# wolfProvider Options
|
|
AC_ARG_ENABLE([wolfprovider],
|
|
[AS_HELP_STRING([--enable-wolfprovider],[Enable wolfProvider options (default: disabled)])],
|
|
[ ENABLED_WOLFPROVIDER=$enableval ],
|
|
[ ENABLED_WOLFPROVIDER=no ]
|
|
)
|
|
if test "x$ENABLED_WOLFPROVIDER" != "xno"
|
|
then
|
|
test -z "$enable_all_crypto" && enable_all_crypto=yes
|
|
test -z "$enable_opensslcoexist" && enable_opensslcoexist=yes
|
|
test -z "$enable_sha" && enable_sha=yes
|
|
test -z "$with_eccminsz" && with_eccminsz=192
|
|
test -z "$with_max_ecc_bits" && with_max_ecc_bits=1024
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFPROVIDER -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
|
|
fi
|
|
|
|
# wolfEngine Options
|
|
AC_ARG_ENABLE([engine],
|
|
[AS_HELP_STRING([--enable-engine],[Enable wolfEngine options (default: disabled)])],
|
|
[ ENABLED_WOLFENGINE=$enableval ],
|
|
[ ENABLED_WOLFENGINE=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_WOLFENGINE" != "xno"
|
|
then
|
|
test -z "$with_eccminsz" && with_eccminsz=192
|
|
fi
|
|
|
|
AS_CASE([$ENABLED_WOLFENGINE],
|
|
[no],[
|
|
ENABLED_WOLFENGINE="no"
|
|
],
|
|
[disabled],[
|
|
ENABLED_WOLFENGINE="no"
|
|
],
|
|
[yes|fips-v2|cert3389],[
|
|
ENABLED_WOLFENGINE="yes"
|
|
ENABLED_FIPS="v2"
|
|
],
|
|
[fips-v5],[
|
|
ENABLED_WOLFENGINE="yes"
|
|
ENABLED_FIPS="v5"
|
|
],
|
|
[fips-v6],[
|
|
ENABLED_WOLFENGINE="yes"
|
|
ENABLED_FIPS="v6"
|
|
],
|
|
[fips-ready],[
|
|
ENABLED_WOLFENGINE="yes"
|
|
ENABLED_FIPS="ready"
|
|
],
|
|
[no-fips],[
|
|
ENABLED_WOLFENGINE="yes"
|
|
ENABLED_FIPS="no"
|
|
],
|
|
[
|
|
AC_MSG_ERROR([Invalid value for --enable-engine "$ENABLED_WOLFENGINE" (options: fips-v2, fips-ready, no-fips, no, disabled)])
|
|
])
|
|
|
|
# The FIPS options are:
|
|
# no - FIPS build disabled, FIPS sources forbidden in build tree
|
|
# disabled - FIPS build disabled, FIPS sources ignored in build tree
|
|
# v1 - FIPS 140-2 Cert 2425
|
|
# default - same as v1
|
|
# v2 - FIPS 140-2 Cert 3389
|
|
# cert3389 - alias for v2
|
|
# rand - wolfRand
|
|
# v5 - FIPS 140-3 Cert 4718
|
|
# cert4718 - alias for v5
|
|
# v5.2.3 -- FIPS 140-3 with support for ARM acceleration, derived from Cert 4718
|
|
# v5.2.4 -- FIPS 140-3 with support for Linux kernel mode, derived from v5.2.3
|
|
# ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked
|
|
# dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable
|
|
# v5-ready - Alias for ready.
|
|
# v5-dev - Alias for dev.
|
|
# v6 - The SRTP-KDF-full-submission
|
|
#
|
|
# These options have been retired, but are listed here for historical reference:
|
|
# v5-RC8 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC8).
|
|
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 0.
|
|
# v5-RC9 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC9)
|
|
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 1.
|
|
# v5-RC10 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC10
|
|
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
|
|
# v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11
|
|
# HAVE_FIPS_VERSION = 5, HAVE_FIPS_VERSION_MINOR = 2.
|
|
# v5-RC12 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
|
|
AS_CASE([$ENABLED_FIPS],
|
|
[no],[
|
|
FIPS_VERSION="none"
|
|
],
|
|
[disabled],[
|
|
FIPS_VERSION="disabled"
|
|
ENABLED_FIPS="no"
|
|
],
|
|
[v1|cert2425],[
|
|
FIPS_VERSION="v1"
|
|
HAVE_FIPS_VERSION_MAJOR=1
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="no"
|
|
DEF_FAST_MATH="yes"
|
|
],
|
|
[v2|cert3389],[
|
|
FIPS_VERSION="v2"
|
|
HAVE_FIPS_VERSION_MAJOR=2
|
|
HAVE_FIPS_VERSION_MINOR=0
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="no"
|
|
DEF_FAST_MATH="yes"
|
|
],
|
|
[rand],[
|
|
FIPS_VERSION="rand"
|
|
HAVE_FIPS_VERSION_MAJOR=2
|
|
HAVE_FIPS_VERSION_MINOR=1
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="no"
|
|
DEF_FAST_MATH="no"
|
|
],
|
|
[v5|cert4718],[
|
|
FIPS_VERSION="v5"
|
|
HAVE_FIPS_VERSION_MAJOR=5
|
|
HAVE_FIPS_VERSION_MINOR=2
|
|
HAVE_FIPS_VERSION_PATCH=1
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="no"
|
|
DEF_FAST_MATH="yes"
|
|
],
|
|
[v5.2.3],[
|
|
FIPS_VERSION="v5"
|
|
HAVE_FIPS_VERSION_MAJOR=5
|
|
HAVE_FIPS_VERSION_MINOR=2
|
|
HAVE_FIPS_VERSION_PATCH=3
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="yes"
|
|
DEF_FAST_MATH="no"
|
|
],
|
|
[v5.2.4],[
|
|
FIPS_VERSION="v5"
|
|
HAVE_FIPS_VERSION_MAJOR=5
|
|
HAVE_FIPS_VERSION_MINOR=2
|
|
HAVE_FIPS_VERSION_PATCH=4
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="yes"
|
|
DEF_FAST_MATH="no"
|
|
],
|
|
[v5-RC12],[
|
|
FIPS_VERSION="v5-RC12"
|
|
HAVE_FIPS_VERSION_MAJOR=5
|
|
HAVE_FIPS_VERSION_MINOR=2
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="no"
|
|
DEF_FAST_MATH="yes"
|
|
],
|
|
[v5-ready],[
|
|
FIPS_VERSION="v5-ready"
|
|
HAVE_FIPS_VERSION_MAJOR=5
|
|
HAVE_FIPS_VERSION_MINOR=3
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="no"
|
|
DEF_FAST_MATH="yes"
|
|
],
|
|
[v5-dev],[
|
|
FIPS_VERSION="v5-dev"
|
|
HAVE_FIPS_VERSION_MAJOR=5
|
|
HAVE_FIPS_VERSION_MINOR=2
|
|
HAVE_FIPS_VERSION_PATCH=1
|
|
ENABLED_FIPS="yes"
|
|
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
|
|
],
|
|
[v5-kcapi],[
|
|
FIPS_VERSION="v5-dev"
|
|
HAVE_FIPS_VERSION_MAJOR=5
|
|
HAVE_FIPS_VERSION_MINOR=3
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
ENABLED_FIPS="yes"
|
|
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
|
|
],
|
|
[v6|v6-dev],[
|
|
FIPS_VERSION="v6"
|
|
HAVE_FIPS_VERSION=6
|
|
HAVE_FIPS_VERSION_MAJOR=6
|
|
HAVE_FIPS_VERSION_MINOR=0
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="yes"
|
|
DEF_FAST_MATH="no"
|
|
],
|
|
[v7],[
|
|
FIPS_VERSION="v7"
|
|
HAVE_FIPS_VERSION=7
|
|
HAVE_FIPS_VERSION_MAJOR=7
|
|
HAVE_FIPS_VERSION_MINOR=0
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="yes"
|
|
DEF_FAST_MATH="no"
|
|
],
|
|
# Should always remain one ahead of the latest so as not to be confused with
|
|
# the latest
|
|
[ready|v7-ready],[
|
|
FIPS_VERSION="ready"
|
|
HAVE_FIPS_VERSION=8
|
|
HAVE_FIPS_VERSION_MAJOR=8
|
|
HAVE_FIPS_VERSION_MINOR=0
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
ENABLED_FIPS="yes"
|
|
DEF_SP_MATH="yes"
|
|
DEF_FAST_MATH="no"
|
|
],
|
|
[dev|v7-dev],[
|
|
FIPS_VERSION="dev"
|
|
HAVE_FIPS_VERSION_MAJOR=8
|
|
HAVE_FIPS_VERSION_MINOR=0
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
ENABLED_FIPS="yes"
|
|
# for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all)
|
|
],
|
|
[lean-aesgcm|lean-aesgcm-ready|lean-aesgcm-dev],[
|
|
FIPS_VERSION="$ENABLED_FIPS"
|
|
HAVE_FIPS_VERSION_MAJOR=8
|
|
HAVE_FIPS_VERSION_MINOR=0
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
ENABLED_FIPS="yes"
|
|
],
|
|
[
|
|
AS_IF([test "$ENABLED_FIPS" = "yes"],[ENABLED_FIPS="(unset)"],[ENABLED_FIPS=\"$ENABLED_FIPS\"])
|
|
AC_MSG_ERROR([Invalid value for --enable-fips $ENABLED_FIPS (main options: v1, v2, v5, v6, v7, ready, dev, rand, lean-aesgcm, no, disabled)])
|
|
])
|
|
|
|
if test -z "$HAVE_FIPS_VERSION_MAJOR"
|
|
then
|
|
HAVE_FIPS_VERSION_MAJOR=0
|
|
fi
|
|
if test -z "$HAVE_FIPS_VERSION_MINOR"
|
|
then
|
|
HAVE_FIPS_VERSION_MINOR=0
|
|
fi
|
|
if test -z "$HAVE_FIPS_VERSION_PATCH"
|
|
then
|
|
HAVE_FIPS_VERSION_PATCH=0
|
|
fi
|
|
if test -z "$HAVE_FIPS_VERSION"
|
|
then
|
|
HAVE_FIPS_VERSION="$HAVE_FIPS_VERSION_MAJOR"
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" != "no"
|
|
then
|
|
REPRODUCIBLE_BUILD_DEFAULT=yes
|
|
fi
|
|
|
|
AS_CASE([$FIPS_VERSION],
|
|
[none],
|
|
[
|
|
AS_IF([ test -s $srcdir/wolfcrypt/src/fips.c ],
|
|
[AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])])
|
|
],
|
|
[disabled],
|
|
[],
|
|
[
|
|
AS_IF([ ! test -s $srcdir/wolfcrypt/src/fips.c],
|
|
[AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])])
|
|
]
|
|
)
|
|
|
|
# For reproducible build, gate out from the build anything that might
|
|
# introduce semantically frivolous jitter, maximizing chance of
|
|
# identical object files.
|
|
AC_ARG_ENABLE([reproducible-build],
|
|
[AS_HELP_STRING([--enable-reproducible-build],[Enable maximally reproducible build (default: disabled)])],
|
|
[ ENABLED_REPRODUCIBLE_BUILD=$enableval ],
|
|
[ ENABLED_REPRODUCIBLE_BUILD=$REPRODUCIBLE_BUILD_DEFAULT ]
|
|
)
|
|
|
|
if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
|
|
then
|
|
# Test ar for the "D" option. Should be checked before the libtool macros.
|
|
if test -z "$AR"; then
|
|
AR=ar
|
|
fi
|
|
xxx_ar_flags=$(${AR} --help 2>&1)
|
|
if test -z "$RANLIB"; then
|
|
RANLIB=ranlib
|
|
fi
|
|
xxx_ranlib_flags=$(${RANLIB} --help 2>&1)
|
|
|
|
AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr" lt_ar_flags="Dcr"])
|
|
AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="${RANLIB} -D"])
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD"
|
|
|
|
# opportunistically use -ffile-prefix-map (added in GCC8 and LLVM10)
|
|
|
|
if "$CC" -ffile-prefix-map=/tmp=. -x c - -o /dev/null >/dev/null 2>&1 <<' EOF'
|
|
#include <stdlib.h>
|
|
int main(int argc, char **argv) {
|
|
(void)argc; (void)argv; return 0;
|
|
}
|
|
EOF
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -ffile-prefix-map=\$(abs_top_srcdir)/= -ffile-prefix-map=\$(top_srcdir)/="
|
|
fi
|
|
|
|
# opportunistically force linker option --build-id=sha1 (usually the default)
|
|
if "$CC" -Wl,--build-id=sha1 -x c - -o /dev/null >/dev/null 2>&1 <<' EOF'
|
|
#include <stdlib.h>
|
|
int main(int argc, char **argv) {
|
|
(void)argc; (void)argv; return 0;
|
|
}
|
|
EOF
|
|
then
|
|
AM_LDFLAGS="$AM_LDFLAGS -Wl,--build-id=sha1"
|
|
fi
|
|
fi
|
|
|
|
|
|
AC_ARG_ENABLE([benchmark],
|
|
[AS_HELP_STRING([--enable-benchmark],[Build benchmark when building crypttests (default: enabled)])],
|
|
[ENABLED_BENCHMARK=$enableval],
|
|
[ENABLED_BENCHMARK=yes]
|
|
)
|
|
|
|
|
|
# Remainder of Linux kernel module options, continued from earlier:
|
|
|
|
ENABLED_LINUXKM_PIE=$ENABLED_FIPS
|
|
|
|
AC_ARG_ENABLE([kernel-reloc-tables],
|
|
[AS_HELP_STRING([--enable-kernel-reloc-tables],[Enable containerized object build of wolfCrypt module in kernel build (default: disabled)])],
|
|
[ENABLED_LINUXKM_PIE=$enableval])
|
|
|
|
AC_ARG_ENABLE([linuxkm-pie],
|
|
[AS_HELP_STRING([--enable-linuxkm-pie],[Alias for --enable-kernel-reloc-tables])],
|
|
[ENABLED_LINUXKM_PIE=$enableval])
|
|
|
|
if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_LINUXKM_PIE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_SYM_RELOC_TABLES"
|
|
fi
|
|
AC_SUBST([ENABLED_LINUXKM_PIE])
|
|
|
|
AC_ARG_ENABLE([linuxkm-benchmarks],
|
|
[AS_HELP_STRING([--enable-linuxkm-benchmarks],[Enable crypto benchmarking autorun at module load time for Linux kernel module (default: disabled)])],
|
|
[ENABLED_KERNEL_BENCHMARKS=$enableval])
|
|
if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_KERNEL_BENCHMARKS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM_BENCHMARKS"
|
|
fi
|
|
AC_SUBST([ENABLED_KERNEL_BENCHMARKS])
|
|
|
|
if test "$ENABLED_LINUXKM" = "yes" && test "$KERNEL_MODE_DEFAULTS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWC_SHA3_NO_ASM"
|
|
if test "$ENABLED_LINUXKM_PIE" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
|
|
fi
|
|
if test "$ENABLED_FIPS" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OLD_PRIME_CHECK"
|
|
fi
|
|
DEF_SP_MATH="yes"
|
|
DEF_FAST_MATH="no"
|
|
fi
|
|
|
|
#
|
|
# kernel mode variables. Shared by linuxkm, freebsdkm.
|
|
KERNEL_ROOT=""
|
|
HAVE_KERNEL_MODE=no
|
|
|
|
# Kernel root source tree.
|
|
AC_ARG_WITH([kernel-source],
|
|
[AS_HELP_STRING([--with-kernel-source=PATH],[PATH to root of kernel build tree])],
|
|
[KERNEL_ROOT=$withval])
|
|
|
|
# For backwards compatibility.
|
|
AC_ARG_WITH([linux-source],
|
|
[AS_HELP_STRING([--with-linux-source=PATH],[PATH to root of Linux kernel build tree])],
|
|
[KERNEL_ROOT=$withval])
|
|
|
|
AC_ARG_WITH([linux-arch],
|
|
[AS_HELP_STRING([--with-linux-arch=arch],[built arch (SRCARCH) of Linux kernel build tree])],
|
|
[KERNEL_ARCH=$withval],
|
|
[KERNEL_ARCH=""])
|
|
|
|
if test "x$ENABLED_LINUXKM" = "xyes"
|
|
then
|
|
HAVE_KERNEL_MODE=yes
|
|
# Currently DWARF 5 is the default debug format, but it results in
|
|
# "Unsupported DW_TAG_atomic_type(0x47): type: 0x1eefc" in some
|
|
# kernel module builds.
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM -DWC_SIPHASH_NO_ASM -gdwarf-4"
|
|
AS_IF([test "$ax_enable_debug" = "yes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -g3"],
|
|
[AM_CFLAGS="$AM_CFLAGS -g1"])
|
|
AM_CCASFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM -DWC_SIPHASH_NO_ASM -gdwarf-4"
|
|
AS_IF([test "$ax_enable_debug" = "yes"],
|
|
[AM_CCASFLAGS="$AM_CFLAGS -g3"],
|
|
[AM_CCASFLAGS="$AM_CFLAGS -g1"])
|
|
|
|
ENABLED_NO_LIBRARY=yes
|
|
ENABLED_BENCHMARK=no
|
|
output_objdir="$(realpath "$output_objdir")/linuxkm"
|
|
|
|
if test "$KERNEL_ROOT" = ""; then
|
|
AC_PATH_DEFAULT_KERNEL_SOURCE
|
|
KERNEL_ROOT="$DEFAULT_KERNEL_ROOT"
|
|
fi
|
|
AC_SUBST([KERNEL_ROOT])
|
|
|
|
if test "$KERNEL_ARCH" = ""; then
|
|
AC_DEFAULT_KERNEL_ARCH
|
|
KERNEL_ARCH="$DEFAULT_KERNEL_ARCH"
|
|
fi
|
|
AC_SUBST([KERNEL_ARCH])
|
|
|
|
if test "${KERNEL_ROOT}" = ""; then
|
|
AC_MSG_ERROR([Linux kernel source root not found -- supply with --with-linux-source=PATH.])
|
|
fi
|
|
if test "${KERNEL_ARCH}" = ""; then
|
|
AC_MSG_ERROR([Linux kernel target architecture for build tree ${KERNEL_ROOT} could not be determined. Is target kernel configured?])
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO"
|
|
fi
|
|
|
|
#
|
|
# FreeBSD
|
|
AC_ARG_WITH([bsd-export-syms],
|
|
[AS_HELP_STRING([--with-bsd-export-syms=LIST],[Sets FreeBSD kernel module EXPORT_SYMS. Allowed values: YES, NO, or LIST of symbols to export (default NO).])],
|
|
[BSDKM_EXPORT_SYMS=$withval],
|
|
[BSDKM_EXPORT_SYMS="NO"])
|
|
|
|
if test "x$ENABLED_BSDKM" = "xyes"
|
|
then
|
|
# note: bsdkm is wolfcrypt only for now.
|
|
HAVE_KERNEL_MODE=yes
|
|
KERNEL_MODE_DEFAULTS=yes
|
|
ENABLED_NO_LIBRARY=yes
|
|
ENABLED_BENCHMARK=no
|
|
|
|
output_objdir="$(realpath "$output_objdir")/bsdkm"
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BSDKM -DWC_SIPHASH_NO_ASM"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO"
|
|
AM_CFLAGS="$AM_CFLAGS -DXMALLOC_OVERRIDE -DWOLFCRYPT_ONLY"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_TIME"
|
|
|
|
if test "$ax_enable_debug" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BSDKM_VERBOSE_DEBUG"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_DEBUG_CERTS"
|
|
fi
|
|
|
|
if test "$KERNEL_ROOT" = ""; then
|
|
AC_PATH_DEFAULT_BSDKM_SOURCE
|
|
KERNEL_ROOT="$DEFAULT_BSDKM_ROOT"
|
|
fi
|
|
AC_SUBST([KERNEL_ROOT])
|
|
AC_SUBST([BSDKM_EXPORT_SYMS])
|
|
fi
|
|
|
|
if test "x$ENABLED_BSDKM_REGISTER" = "xyes"
|
|
then
|
|
if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$enable_aesgcm_stream" != "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 6); then
|
|
ENABLED_AESGCM_STREAM=yes
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DBSDKM_CRYPTO_REGISTER"
|
|
AC_SUBST([ENABLED_BSDKM_REGISTER])
|
|
fi
|
|
# end FreeBSD configure
|
|
|
|
# MATH LIBRARY SELECTION
|
|
|
|
# Assure consistency of defaults
|
|
if test "$DEF_FAST_MATH" = "yes" && ( (test "$enable_sp_math" != "no" && test "$enable_sp_math" != "") || test "$enable_heapmath" = "yes")
|
|
then
|
|
DEF_FAST_MATH=no
|
|
fi
|
|
|
|
if test "$DEF_SP_MATH" = "yes" && (test "$enable_fastmath" = "yes" || test "$enable_fasthugemath" = "yes" || test "$enable_heapmath" = "yes")
|
|
then
|
|
DEF_SP_MATH=no
|
|
fi
|
|
|
|
# Single Precision maths implementation
|
|
AC_ARG_ENABLE([sp],
|
|
[AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
|
|
[ ENABLED_SP=$enableval ],
|
|
[ ENABLED_SP=$ENABLED_SP_DEFAULT ],
|
|
)
|
|
|
|
AC_ARG_ENABLE([sp-math-all],
|
|
[AS_HELP_STRING([--enable-sp-math-all],[Enable Single Precision math implementation for full algorithm suite (default: enabled)])],
|
|
[ ENABLED_SP_MATH_ALL=$enableval ],
|
|
[ ENABLED_SP_MATH_ALL=$DEF_SP_MATH ],
|
|
)
|
|
|
|
# Single Precision maths (acceleration for common key sizes and curves)
|
|
if test "$KERNEL_MODE_DEFAULTS" = "yes" && test "$ENABLED_SP" != "no" && test "$ENABLED_SP_MATH_ALL" = "no"
|
|
then
|
|
ENABLED_SP_MATH_DEFAULT=yes
|
|
else
|
|
ENABLED_SP_MATH_DEFAULT=no
|
|
fi
|
|
AC_ARG_ENABLE([sp-math],
|
|
[AS_HELP_STRING([--enable-sp-math],[Enable Single Precision math implementation with restricted algorithm suite (default: disabled)])],
|
|
[ ENABLED_SP_MATH=$enableval ],
|
|
[ ENABLED_SP_MATH=$ENABLED_SP_MATH_DEFAULT ],
|
|
)
|
|
|
|
if test "$enable_sp_math" != ""
|
|
then
|
|
# When the restricted SP Math is selected and not SP Math ALL, then disable
|
|
# SP Math ALL.
|
|
if test "$enable_sp_math" != "no" && test "$enable_sp_math_all" = ""
|
|
then
|
|
ENABLED_SP_MATH_ALL="no"
|
|
else
|
|
# Can't choose restricted and unrestricted SP Math
|
|
if test "$enable_sp_math" != "no" && test "$enable_sp_math_all" != "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-sp-math and --enable-sp-math-all are incompatible. Use --enable-sp-math-all only when all key sizes need to be supported.])
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# enable SP math assembly support automatically for x86_64 and aarch64 (except Linux kernel module)
|
|
SP_ASM_DEFAULT=no
|
|
if test "$ENABLED_SP_MATH" = "yes" && test "$KERNEL_MODE_DEFAULTS" = "no"
|
|
then
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
|
|
then
|
|
SP_ASM_DEFAULT=yes
|
|
fi
|
|
fi
|
|
AC_ARG_ENABLE([sp-asm],
|
|
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: enabled on x86_64/aarch64/amd64)])],
|
|
[ ENABLED_SP_ASM=$enableval ],
|
|
[ ENABLED_SP_ASM=$SP_ASM_DEFAULT ],
|
|
)
|
|
|
|
if test "$ENABLED_SP_ASM" != "no"
|
|
then
|
|
if test "$ENABLED_SP" = "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-sp-asm requires SP to be enabled.])
|
|
fi
|
|
if test "$ENABLED_SP" = ""
|
|
then
|
|
ENABLED_SP=yes
|
|
fi
|
|
fi
|
|
|
|
# fastmath
|
|
AC_ARG_ENABLE([fastmath],
|
|
[AS_HELP_STRING([--enable-fastmath],[Enable legacy Tom's Fast Math back end (default: disabled)])],
|
|
[ ENABLED_FASTMATH=$enableval ],
|
|
[ ENABLED_FASTMATH=$DEF_FAST_MATH ]
|
|
)
|
|
|
|
# fast HUGE math
|
|
AC_ARG_ENABLE([fasthugemath],
|
|
[AS_HELP_STRING([--enable-fasthugemath],[Enable legacy Tom's Fast Math + huge code (default: disabled)])],
|
|
[ ENABLED_FASTHUGEMATH=$enableval ],
|
|
[ ENABLED_FASTHUGEMATH=no ]
|
|
)
|
|
|
|
# ssl bump build
|
|
AC_ARG_ENABLE([bump],
|
|
[AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])],
|
|
[ ENABLED_BUMP=$enableval ],
|
|
[ ENABLED_BUMP=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BUMP" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
|
|
if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no"
|
|
then
|
|
ENABLED_FASTHUGEMATH="yes"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_FASTHUGEMATH" = "yes"
|
|
then
|
|
ENABLED_FASTMATH="yes"
|
|
fi
|
|
|
|
if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64") &&
|
|
test "$ENABLED_32BIT" != "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
|
|
fi
|
|
if test "$host_cpu" = "x86"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_BUILD"
|
|
fi
|
|
|
|
|
|
AC_ARG_ENABLE([leanpsk],
|
|
[AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
|
|
[ ENABLED_LEANPSK=$enableval ],
|
|
[ ENABLED_LEANPSK=no ]
|
|
)
|
|
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
|
|
ENABLED_SLOWMATH="no"
|
|
ENABLED_SINGLETHREADED="yes"
|
|
enable_lowresource=yes
|
|
fi
|
|
|
|
|
|
# ASN
|
|
|
|
# disabling ASN implicitly disables certs, RSA, DSA, and ECC,
|
|
# and also disables MPI unless DH is enabled.
|
|
|
|
# turn off ASN if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
enable_asn=no
|
|
fi
|
|
|
|
AC_ARG_ENABLE([asn],
|
|
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
|
|
[ ENABLED_ASN=$enableval ],
|
|
[ ENABLED_ASN=yes ]
|
|
)
|
|
|
|
for v in `echo $ENABLED_ASN | tr "," " "`
|
|
do
|
|
case $v in
|
|
all)
|
|
# Enable all ASN features
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
|
|
ENABLED_ASN=yes
|
|
ASN_IMPL=template
|
|
;;
|
|
template | yes)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
|
|
ENABLED_ASN=yes
|
|
ASN_IMPL=template
|
|
;;
|
|
original)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL"
|
|
ASN_IMPL=original
|
|
;;
|
|
nocrypt)
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
|
|
enable_pwdbased=no
|
|
ASN_IMPL=template
|
|
;;
|
|
no)
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
|
|
enable_pwdbased=no
|
|
ASN_IMPL=no
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.])
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
|
|
# if sp-math-all is not set, then enable fast math
|
|
if test "x$ENABLED_FASTMATH" = "xyes" && test "$enable_sp_math_all" = "" && test "$enable_sp_math" = ""
|
|
then
|
|
# turn off fastmath if leanpsk on or asn off (w/o DH and ECC)
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
|
|
then
|
|
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
|
|
then
|
|
ENABLED_FASTMATH="no"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
|
|
ENABLED_HEAPMATH="no"
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
|
|
ENABLED_HEAPMATH="no"
|
|
ENABLED_SP_MATH_ALL="no"
|
|
fi
|
|
AS_IF([test "x$host_cpu" = "xaarch64"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AARCH64_BUILD"])
|
|
|
|
if test "$ENABLED_SAKKE" = "yes" && test "$ENABLED_SAKKE_SMALL" != "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -funroll-loops -DTFM_SMALL_SET"
|
|
fi
|
|
fi
|
|
|
|
|
|
# heap based integer.c math (not timing resistant)
|
|
AC_ARG_ENABLE([heapmath],
|
|
[AS_HELP_STRING([--enable-heapmath],[Enable heap based integer.c math ops (default: disabled)])],
|
|
[ ENABLED_HEAPMATH=$enableval ],
|
|
[ ENABLED_HEAPMATH=no]
|
|
)
|
|
if test "x$ENABLED_HEAPMATH" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEGER_HEAP_MATH"
|
|
ENABLED_HEAPMATH="yes"
|
|
ENABLED_SP="no"
|
|
ENABLED_SP_MATH_ALL="no"
|
|
fi
|
|
|
|
# wolfCrypt Only Build
|
|
AC_ARG_ENABLE([cryptonly],
|
|
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
|
|
[ENABLED_CRYPTONLY=$enableval],
|
|
[ENABLED_CRYPTONLY=no])
|
|
|
|
AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
|
|
|
|
# TLS
|
|
AC_ARG_ENABLE([tls],
|
|
[AS_HELP_STRING([--enable-tls],[Enable TLS support (default: enabled)])],
|
|
[ ENABLED_TLS=$enableval ],
|
|
[ ENABLED_TLS=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_CRYPTONLY" = "yes"
|
|
then
|
|
ENABLED_TLS=no
|
|
fi
|
|
if test "$ENABLED_TLS" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_TLS"
|
|
# don't set enable_tls13 or enable_tlsv12 to "no" -- even in cryptonly and
|
|
# NO_TLS build, they're needed for their crypto-layer KDFs.
|
|
# enable_tlsv10 defaults to "no", so we don't need to set it here either.
|
|
test "$enable_dtls" = "" && enable_dtls=no
|
|
test "$enable_dtls13" = "" && enable_dtls13=no
|
|
test "$enable_dtls_mtu" = "" && enable_dtls_mtu=no
|
|
test "$enable_dtlscid" = "" && enable_dtlscid=no
|
|
test "$enable_dtls_frag_ch" = "" && enable_dtls_frag_ch=no
|
|
test "$enable_mcast" = "" && enable_mcast=no
|
|
test "$enable_srtp" = "" && enable_srtp=no
|
|
test "$enable_ocsp" = "" && enable_ocsp=no
|
|
test "$enable_tlsx" = "" && enable_tlsx=no
|
|
test "$enable_sni" = "" && enable_sni=no
|
|
test "$enable_crl_monitor" = "" && enable_crl_monitor=no
|
|
test "$enable_alpn" = "" && enable_alpn=no
|
|
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=no
|
|
test "$enable_quic" = "" && enable_quic=no
|
|
test "$enable_ech" = "" && enable_ech=no
|
|
test "$enable_ocspstapling" = "" && enable_ocspstapling=no
|
|
test "$enable_earlydata" = "" && enable_earlydata=no
|
|
test "$enable_renegotiation_indication" = "" && enable_renegotiation_indication=no
|
|
test "$enable_secure_renegotiation_info" = "" && enable_secure_renegotiation_info=no
|
|
test "$enable_secure_renegotiation" = "" && enable_secure_renegotiation=no
|
|
|
|
# Disable all open source compatibility enables that might get set with all
|
|
test "$enable_all_osp" = "" && enable_all_osp=no
|
|
fi
|
|
|
|
|
|
# All features, except conflicting or experimental:
|
|
AC_ARG_ENABLE([all],
|
|
[AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
|
|
[ ENABLED_ALL=$enableval ],
|
|
[ ENABLED_ALL=no ]
|
|
)
|
|
if test "$ENABLED_ALL" = "yes"
|
|
then
|
|
test "$enable_all_crypto" = "" && enable_all_crypto=yes
|
|
|
|
test "$enable_all_osp" = "" && test "$KERNEL_MODE_DEFAULTS" != "yes" && enable_all_osp=yes
|
|
|
|
test "$enable_dtls" = "" && enable_dtls=yes
|
|
test "$enable_dtls_mtu" = "" && enable_dtls_mtu=yes
|
|
test "$enable_dtlscid" = "" && enable_dtlscid=yes
|
|
test "$enable_dtls_frag_ch" = "" && enable_dtls_frag_ch=yes
|
|
if test "x$FIPS_VERSION" != "xv1"
|
|
then
|
|
test "$enable_tls13" = "" && enable_tls13=yes
|
|
test "$enable_dtls13" = "" && enable_dtls13=yes
|
|
fi
|
|
|
|
test "$enable_ocsp" = "" && enable_ocsp=yes
|
|
test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
|
|
test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
|
|
test "$enable_ocsp_responder" = "" &&
|
|
test "$enable_ocsp" != "no" &&
|
|
test "$enable_sha" != "no" &&
|
|
test "$ASN_IMPL" = "template" &&
|
|
enable_ocsp_responder=yes
|
|
test "$enable_savesession" = "" && enable_savesession=yes
|
|
test "$enable_savecert" = "" && enable_savecert=yes
|
|
test "$enable_postauth" = "" && enable_postauth=yes
|
|
test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
|
|
test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
|
|
test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
|
|
test "$enable_sni" = "" && enable_sni=yes
|
|
test "$enable_maxfragment" = "" && enable_maxfragment=yes
|
|
test "$enable_alpn" = "" && enable_alpn=yes
|
|
test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes
|
|
test "$enable_trustedca" = "" && enable_trustedca=yes
|
|
test "$enable_session_ticket" = "" && enable_session_ticket=yes
|
|
test "$enable_earlydata" = "" && enable_earlydata=yes
|
|
test "$enable_rpk" = "" && enable_rpk=yes
|
|
|
|
if test "$KERNEL_MODE_DEFAULTS" != "yes"
|
|
then
|
|
# Disable QUIC with JNI since incompatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
|
|
test "$enable_quic" = "" && test "$enable_cryptonly" != "yes" && test "$enable_jni" != "yes" && enable_quic=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
|
|
fi
|
|
|
|
if test "$ENABLED_SP_MATH" != "yes"
|
|
then
|
|
# linuxkm is incompatible with opensslextra and its dependents.
|
|
if test "$KERNEL_MODE_DEFAULTS" != "yes"
|
|
then
|
|
test "$enable_opensslextra" = "" && enable_opensslextra=yes
|
|
test "$enable_opensslall" = "" && enable_opensslall=yes
|
|
test "$enable_certservice" = "" && enable_certservice=yes
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" = "no"
|
|
then
|
|
# Disable ECH with JNI since incompatible with WOLFSSL_TLS13_MIDDLEBOX_COMPAT
|
|
test "$enable_ech" = "" && test "$enable_jni" != "yes" && enable_ech=yes
|
|
test "$enable_scep" = "" && enable_scep=yes
|
|
test "$enable_mcast" = "" && enable_mcast=yes
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
|
|
then
|
|
test "$enable_srtp" = "" && enable_srtp=yes
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
|
|
|
|
# Certificate extensions and alt. names for FPKI use
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SUBJ_DIR_ATTR -DWOLFSSL_FPKI -DWOLFSSL_SUBJ_INFO_ACC"
|
|
|
|
# Handle as many subject/issuer name OIDs as possible
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_NAME_ALL"
|
|
|
|
# More thorough error queue usage.
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERBOSE_ERRORS"
|
|
fi
|
|
|
|
|
|
# All OSP meta-features:
|
|
AC_ARG_ENABLE([all-osp],
|
|
[AS_HELP_STRING([--enable-all-osp],[Enable all OSP meta feature sets (default: disabled)])],
|
|
[ ENABLED_ALL_OSP=$enableval ],
|
|
[ ENABLED_ALL_OSP=no]
|
|
)
|
|
|
|
if test "$ENABLED_ALL_OSP" = "yes"
|
|
then
|
|
if test "$KERNEL_MODE_DEFAULTS" = "yes"
|
|
then
|
|
AC_MSG_ERROR([--enable-all-osp is incompatible with --enable-linuxkm-defaults])
|
|
fi
|
|
|
|
test "$enable_tailscale" = "" && enable_tailscale=yes
|
|
test "$enable_wolfguard" = "" && enable_wolfguard=yes
|
|
test "$enable_webserver" = "" && enable_webserver=yes
|
|
|
|
if test "$ENABLED_SP_MATH" != "yes"
|
|
then
|
|
if test "$ENABLED_FIPS" = "no"
|
|
then
|
|
# S/MIME support requires PKCS7, which requires no FIPS.
|
|
test "$enable_smime" = "" && enable_smime=yes
|
|
if test "$ENABLED_32BIT" != "yes"
|
|
then
|
|
test "$enable_openssh" = "" && enable_openssh=yes
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_ALL_OSP" != "no"
|
|
then
|
|
test "$enable_lighty" = "" && enable_lighty=yes
|
|
test "$enable_nginx" = "" && enable_nginx=yes
|
|
test "$enable_openvpn" = "" && enable_openvpn=yes
|
|
test "$enable_asio" = "" && enable_asio=yes
|
|
test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" = "no"
|
|
then
|
|
# these use DES3:
|
|
test "$enable_stunnel" = "" && enable_stunnel=yes
|
|
test "$enable_curl" = "" && enable_curl=yes
|
|
test "$enable_tcpdump" = "" && enable_tcpdump=yes
|
|
fi
|
|
fi
|
|
|
|
|
|
# Auto-selected activation of all applicable asm accelerations
|
|
|
|
# Enable asm automatically only if the compiler advertises itself as full Gnu C.
|
|
if "$CC" $AM_CFLAGS $CPPFLAGS $CFLAGS -x c - -o /dev/null >/dev/null 2>&1 <<' EOF'
|
|
#include <stdlib.h>
|
|
int main(int argc, char **argv) {
|
|
(void)argc; (void)argv;
|
|
#ifdef __STRICT_ANSI__
|
|
#error __STRICT_ANSI__
|
|
#endif
|
|
#ifndef __GNUC__
|
|
#error !__GNUC__
|
|
#endif
|
|
return 0;
|
|
}
|
|
EOF
|
|
then
|
|
HAVE_GNUC=yes
|
|
fi
|
|
|
|
if test "$enable_all_crypto" = "yes" &&
|
|
test "$KERNEL_MODE_DEFAULTS" = "no" &&
|
|
test "$ENABLED_ASM" != "no" &&
|
|
test "$HAVE_GNUC" = "yes" &&
|
|
test "$enable_sp_asm" != "no" &&
|
|
test "$enable_intelasm" != "no" &&
|
|
test "$enable_armasm" != "no" &&
|
|
test "$enable_afalg" != "yes" &&
|
|
test "$ENABLED_32BIT" = "no"
|
|
then
|
|
DEFAULT_ENABLED_ALL_ASM=yes
|
|
else
|
|
DEFAULT_ENABLED_ALL_ASM=no
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" = "yes" && test "$HAVE_FIPS_VERSION" -lt 6
|
|
then
|
|
case "$host_cpu" in
|
|
*x86_64*|*amd64*) ;;
|
|
*) DEFAULT_ENABLED_ALL_ASM=no
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
AC_ARG_ENABLE([all-asm],
|
|
[AS_HELP_STRING([--enable-all-asm],[Enable all applicable assembly accelerations (default: disabled)])],
|
|
[ ENABLED_ALL_ASM=$enableval ],
|
|
[ ENABLED_ALL_ASM=$DEFAULT_ENABLED_ALL_ASM ]
|
|
)
|
|
|
|
if test "$ENABLED_ALL_ASM" != "no"
|
|
then
|
|
if test "$ENABLED_ASM" = "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-asm])
|
|
fi
|
|
|
|
if test "$enable_sp_asm" = "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-sp-asm])
|
|
fi
|
|
|
|
if test "$enable_intelasm" = "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-intelasm])
|
|
fi
|
|
|
|
if test "$enable_armasm" = "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-armasm])
|
|
fi
|
|
|
|
if test "$enable_ppc32_asm" = "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-all-asm is incompatible with --disable-ppc32-asm])
|
|
fi
|
|
|
|
case "$host_cpu" in
|
|
*x86_64*|*amd64*)
|
|
if test "$enable_intelasm" = ""
|
|
then
|
|
enable_intelasm=yes
|
|
fi
|
|
if test "$ENABLED_SP" != "no"
|
|
then
|
|
ENABLED_SP_ASM=yes
|
|
if test "$ENABLED_SP" = ""
|
|
then
|
|
ENABLED_SP=yes
|
|
fi
|
|
fi
|
|
;;
|
|
*aarch64*)
|
|
if test "$enable_armasm" = ""
|
|
then
|
|
enable_armasm=yes
|
|
fi
|
|
if test "$ENABLED_SP" != "no"
|
|
then
|
|
ENABLED_SP_ASM=yes
|
|
if test "$ENABLED_SP" = ""
|
|
then
|
|
ENABLED_SP=yes
|
|
fi
|
|
fi
|
|
;;
|
|
*powerpc64*)
|
|
;;
|
|
*powerpc*)
|
|
if test "$enable_ppc32_asm" = ""
|
|
then
|
|
enable_ppc32_asm=yes
|
|
fi
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
# RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM. Disable
|
|
# implicit activation, and error on explicit activation.
|
|
if test "$enable_riscv_asm" = "yes"
|
|
then
|
|
if test "$enable_aesgcm_stream" = "yes"
|
|
then
|
|
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
|
|
fi
|
|
enable_aesgcm_stream=no
|
|
fi
|
|
|
|
# All wolfCrypt features:
|
|
AC_ARG_ENABLE([all-crypto],
|
|
[AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
|
|
[ ENABLED_ALL_CRYPT=$enableval ],
|
|
[ ENABLED_ALL_CRYPT=no ]
|
|
)
|
|
if test "$ENABLED_ALL_CRYPT" = "yes"
|
|
then
|
|
test "$enable_atomicuser" = "" && enable_atomicuser=yes
|
|
test "$enable_aesecb" = "" && enable_aesecb=yes
|
|
test "$enable_aesgcm" = "" && enable_aesgcm=yes
|
|
test "$enable_aesccm" = "" && enable_aesccm=yes
|
|
test "$enable_aesctr" = "" && enable_aesctr=yes
|
|
test "$enable_aesofb" = "" && enable_aesofb=yes
|
|
test "$enable_aescfb" = "" && enable_aescfb=yes
|
|
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
|
|
test "$enable_camellia" = "" && enable_camellia=yes
|
|
test "$enable_ripemd" = "" && enable_ripemd=yes
|
|
test "$enable_sha224" = "" && enable_sha224=yes
|
|
test "$enable_sha512" = "" && enable_sha512=yes
|
|
test "$enable_sha3" = "" && enable_sha3=yes
|
|
test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
|
|
test "$enable_keygen" = "" && enable_keygen=yes
|
|
test "$enable_certgen" = "" && enable_certgen=yes
|
|
test "$enable_certreq" = "" && enable_certreq=yes
|
|
test "$enable_certext" = "" && enable_certext=yes
|
|
test "$enable_sep" = "" && enable_sep=yes
|
|
test "$enable_hkdf" = "" && enable_hkdf=yes
|
|
test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
|
|
test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
|
|
test "$enable_psk" = "" && enable_psk=yes
|
|
test "$enable_cmac" = "" && enable_cmac=yes
|
|
test "$enable_cmac_kdf" = "" && enable_cmac_kdf=yes
|
|
test "$enable_siphash" = "" && enable_siphash=yes
|
|
test "$enable_ocsp" = "" && enable_ocsp=yes
|
|
test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes
|
|
test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes
|
|
test "$enable_crl" = "" && enable_crl=yes
|
|
test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
|
|
test "$enable_tlsx" = "" && enable_tlsx=yes
|
|
test "$enable_pwdbased" = "" && enable_pwdbased=yes
|
|
test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
|
|
test "$enable_x963kdf" = "" && enable_x963kdf=yes
|
|
test "$enable_indef" = "" && enable_indef=yes
|
|
test "$enable_enckeys" = "" && enable_enckeys=yes
|
|
test "$enable_hashflags" = "" && enable_hashflags=yes
|
|
test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
|
|
test "$enable_base64encode" = "" && enable_base64encode=yes
|
|
test "$enable_base16" = "" && enable_base16=yes
|
|
test "$enable_arc4" = "" && enable_arc4=yes
|
|
test "$enable_blake2b" = "" && enable_blake2b=yes
|
|
test "$enable_blake2s" = "" && enable_blake2s=yes
|
|
test "$enable_md2" = "" && enable_md2=yes
|
|
test "$enable_md4" = "" && enable_md4=yes
|
|
test "$enable_md5" = "" && enable_md5=yes
|
|
test "$enable_anon" = "" && enable_anon=yes
|
|
test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
|
|
test "$enable_rng_bank" = "" && enable_rng_bank=yes
|
|
|
|
if test "$KERNEL_MODE_DEFAULTS" != "yes"
|
|
then
|
|
# Scrypt is excluded from kernel module builds (unless explicitly
|
|
# enabled) because of its excessive memory requirements.
|
|
test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes
|
|
fi
|
|
|
|
if test "x$FIPS_VERSION" != "xv1"
|
|
then
|
|
test "$enable_rsapss" = "" && enable_rsapss=yes
|
|
fi
|
|
|
|
# sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
|
|
if test "$ENABLED_SP_MATH" != "yes"
|
|
then
|
|
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
|
|
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
|
|
test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
|
|
test "$enable_ecccustcurves" != "no" && test "$enable_brainpool" = "" && enable_brainpool=yes
|
|
test "$enable_ecccustcurves" != "no" && AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH -DHAVE_ECC_KOBLITZ -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3"
|
|
fi
|
|
test "$enable_srp" = "" && enable_srp=yes
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" = "no"
|
|
then
|
|
test "$enable_curve25519" = "" && enable_curve25519=yes
|
|
test "$enable_curve448" = "" && enable_curve448=yes
|
|
test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
|
|
test "$enable_pkcs7" = "" && enable_pkcs7=yes
|
|
test "$enable_nullcipher" = "" && enable_nullcipher=yes
|
|
test "$enable_ed25519" = "" && enable_ed25519=yes
|
|
test "$enable_ed25519_stream" = "" && test "$enable_ed25519" != "no" && enable_ed25519_stream=yes
|
|
test "$enable_ed448" = "" && enable_ed448=yes
|
|
test "$enable_ed448_stream" = "" && test "$enable_ed448" != "no" && enable_ed448_stream=yes
|
|
test "$enable_aessiv" = "" && enable_aessiv=yes
|
|
# AFALG lacks AES-EAX
|
|
test "$enable_aeseax" = "" && test "$enable_afalg" != "yes" && enable_aeseax=yes
|
|
|
|
if test "$KERNEL_MODE_DEFAULTS" != "yes"
|
|
then
|
|
test "$enable_cryptocb" = "" && enable_cryptocb=yes
|
|
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
|
|
test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
|
|
test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
|
|
then
|
|
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
|
|
test "$enable_aesxts" = "" && enable_aesxts=yes
|
|
test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes
|
|
test "$enable_shake128" = "" && enable_shake128=yes
|
|
test "$enable_shake256" = "" && enable_shake256=yes
|
|
test "$enable_compkey" = "" && enable_compkey=yes
|
|
# AFALG lacks AES-ECB
|
|
test "$enable_srtp_kdf" = "" && test "$enable_afalg" != "yes" && enable_srtp_kdf=yes
|
|
fi
|
|
|
|
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -lt 5; then
|
|
test "$enable_des3" = "" && enable_des3=yes
|
|
test "$enable_des3" != "no" && AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES"
|
|
|
|
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
|
|
|
|
# Enable all parsing features for ASN */
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
|
|
|
|
# Enable DH Extra
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
|
|
|
|
# Enable deterministic ECC signing API with variant
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
|
|
|
|
# Store issuer name components when parsing certificates.
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
|
|
|
|
# Enable onestep KDF from NIST SP 800 56c option 1.
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_KDF_NIST_SP_800_56C"
|
|
fi
|
|
|
|
# kernel-appropriate settings, also in enable-all-crypto above:
|
|
if test "$KERNEL_MODE_DEFAULTS" = "yes" && test "$ENABLED_ALL_CRYPT" != "yes"
|
|
then
|
|
# note several of these are currently on by default, including aesgcm, sha512
|
|
if test "$enable_aes" != "no"
|
|
then
|
|
test "$enable_aesgcm" = "" && enable_aesgcm=yes
|
|
test "$enable_aesccm" = "" && enable_aesccm=yes
|
|
test "$enable_aesecb" = "" && enable_aesecb=yes
|
|
test "$enable_aesctr" = "" && enable_aesctr=yes
|
|
test "$enable_aesofb" = "" && enable_aesofb=yes
|
|
test "$enable_cmac" = "" && enable_cmac=yes
|
|
fi
|
|
test "$enable_sha224" = "" && enable_sha224=yes
|
|
test "$enable_sha512" = "" && enable_sha512=yes
|
|
test "$enable_sha3" = "" && enable_sha3=yes
|
|
test "$enable_keygen" = "" && enable_keygen=yes
|
|
if test "$enable_ecc" != "no"
|
|
then
|
|
test "$enable_eccencrypt" = "" && enable_eccencrypt=yes
|
|
test "$enable_fpecc" = "" && enable_fpecc=yes
|
|
test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
|
|
fi
|
|
test "$enable_rng" != "no" && test "$enable_rng_bank" = "" && enable_rng_bank=yes
|
|
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
|
|
then
|
|
test "$enable_aes" != "no" && test "$enable_aescfb" = "" && enable_aescfb=yes
|
|
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
|
|
test "$enable_aes" != "no" && test "$enable_aesxts" = "" && enable_aesxts=yes
|
|
test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes
|
|
test "$enable_shake128" = "" && test "$enable_sha3" = "yes" && enable_shake128=yes
|
|
test "$enable_shake256" = "" && test "$enable_sha3" = "yes" && enable_shake256=yes
|
|
test "$enable_compkey" = "" && enable_compkey=yes
|
|
fi
|
|
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
|
|
fi
|
|
|
|
# Support for Tailscale port
|
|
AC_ARG_ENABLE([tailscale],
|
|
[AS_HELP_STRING([--enable-tailscale],[Enable Tailscale build dependencies (default: disabled)])],
|
|
[ ENABLED_TAILSCALE=$enableval ],
|
|
[ ENABLED_TAILSCALE=no ]
|
|
)
|
|
if test "$ENABLED_TAILSCALE" = "yes"
|
|
then
|
|
enable_wolfguard=yes
|
|
test "x$enable_sp" = "x" && enable_sp="yes,256"
|
|
enable_opensslall=yes
|
|
enable_alpn=yes
|
|
enable_sni=yes
|
|
enable_certgen=yes
|
|
enable_certreq=yes
|
|
enable_certext=yes
|
|
enable_sessioncerts=yes
|
|
enable_cert_setup_cb=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_INIT_CTX_KEY"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_CTC_NAME_SIZE=128 -DWOLFSSL_ACME_OID"
|
|
fi
|
|
|
|
# wolfGuard
|
|
AC_ARG_ENABLE([wolfguard],
|
|
[AS_HELP_STRING([--enable-wolfguard],[Enable wolfGuard dependencies (default: disabled)])],
|
|
[ ENABLED_WOLFGUARD=$enableval ],
|
|
[ ENABLED_WOLFGUARD=no ]
|
|
)
|
|
if test "$ENABLED_WOLFGUARD" = "yes"
|
|
then
|
|
test "$enable_ecc" = "" && enable_ecc=yes
|
|
test "$enable_sha256" = "" && enable_sha256=yes
|
|
test "$enable_aesgcm" = "" && enable_aesgcm=yes
|
|
test "$enable_base64encode" = "" && enable_base64encode=yes
|
|
test "$enable_base16" = "" && enable_base16=yes
|
|
test "$enable_compkey" = "" && enable_compkey=yes
|
|
if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
|
|
then
|
|
test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes
|
|
fi
|
|
fi
|
|
|
|
# liboqs
|
|
ENABLED_LIBOQS="no"
|
|
tryliboqsdir=""
|
|
AC_ARG_WITH([liboqs],
|
|
[AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) (requires --enable-experimental)])],
|
|
[
|
|
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([LIBOQS requires --enable-experimental.]) ])
|
|
AC_MSG_CHECKING([for liboqs])
|
|
LIBS="$LIBS -loqs"
|
|
AM_CFLAGS="$AM_CFLAGS -pthread"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
|
|
|
|
if test "x$liboqs_linked" = "xno" ; then
|
|
if test "x$withval" != "xno" ; then
|
|
tryliboqsdir=$withval
|
|
fi
|
|
if test "x$withval" = "xyes" ; then
|
|
tryliboqsdir="/usr/local"
|
|
fi
|
|
|
|
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include -pthread"
|
|
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
|
|
|
|
if test "x$liboqs_linked" = "xno" ; then
|
|
AC_MSG_ERROR([liboqs isn't found.
|
|
If it's already installed, specify its path using --with-liboqs=/dir/])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
AM_CPPFLAGS="$CPPFLAGS"
|
|
AM_LDFLAGS="$AM_LDFLAGS -L$tryliboqsdir/lib"
|
|
else
|
|
AC_MSG_RESULT([yes])
|
|
fi
|
|
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS"
|
|
ENABLED_LIBOQS="yes"
|
|
]
|
|
)
|
|
|
|
# Falcon (provided via liboqs)
|
|
AC_ARG_ENABLE([falcon],
|
|
[AS_HELP_STRING([--enable-falcon],[Enable Falcon post-quantum signatures via liboqs (default: disabled)])],
|
|
[ ENABLED_FALCON=$enableval ],
|
|
[ ENABLED_FALCON=no ])
|
|
|
|
if test "$ENABLED_FALCON" = "yes" && test "$ENABLED_LIBOQS" = "no"; then
|
|
AC_MSG_ERROR([--enable-falcon requires --with-liboqs.])
|
|
fi
|
|
if test "$ENABLED_LIBOQS" = "yes" && test "$ENABLED_FALCON" != "yes"; then
|
|
AC_MSG_ERROR([--with-liboqs requires --enable-falcon.])
|
|
fi
|
|
|
|
if test "$ENABLED_FALCON" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_FALCON"
|
|
fi
|
|
|
|
|
|
# MLKEM
|
|
# Used:
|
|
# - SHA3, Shake128 and Shake256
|
|
#
|
|
# Note, setup is later, after FIPS setup.
|
|
|
|
if test "$enable_shake128" != "no" &&
|
|
test "$enable_shake256" != "no" &&
|
|
test "$enable_sha3" != "no" &&
|
|
(test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 7)
|
|
then
|
|
ENABLED_MLKEM_DEFAULT=yes
|
|
else
|
|
ENABLED_MLKEM_DEFAULT=no
|
|
fi
|
|
|
|
AC_ARG_ENABLE([mlkem],
|
|
[AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: enabled)])],
|
|
[ ENABLED_MLKEM=$enableval ],
|
|
[ ENABLED_MLKEM=$ENABLED_MLKEM_DEFAULT ]
|
|
)
|
|
# note, inherits default from "mlkem" clause above.
|
|
AC_ARG_ENABLE([kyber],
|
|
[AS_HELP_STRING([--enable-kyber],[Alias for --enable-mlkem])],
|
|
[ ENABLED_MLKEM=$enableval ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([tls-mlkem-standalone],
|
|
[AS_HELP_STRING([--enable-tls-mlkem-standalone],[Enable ML-KEM as standalone TLS key exchange (non-hybrid) (default: disabled)])],
|
|
[ ENABLED_MLKEM_STANDALONE=$enableval ],
|
|
[ ENABLED_MLKEM_STANDALONE=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([pqc-hybrids],
|
|
[AS_HELP_STRING([--enable-pqc-hybrids],[Enable PQ/T hybrid combinations (default: enabled)])],
|
|
[ ENABLED_PQC_HYBRIDS=$enableval ],
|
|
[ ENABLED_PQC_HYBRIDS=yes ]
|
|
)
|
|
|
|
# Extra PQ/T Hybrid combinations
|
|
AC_ARG_ENABLE([extra-pqc-hybrids],
|
|
[AS_HELP_STRING([--enable-extra-pqc-hybrids],[Enable extra PQ/T hybrid combinations (default: disabled)])],
|
|
[ ENABLED_EXTRA_PQC_HYBRIDS=$enableval ],
|
|
[ ENABLED_EXTRA_PQC_HYBRIDS=no ]
|
|
)
|
|
|
|
|
|
# Dilithium
|
|
# - SHA3, Shake128 and Shake256
|
|
AC_ARG_ENABLE([mldsa],
|
|
[AS_HELP_STRING([--enable-mldsa],[Enable ML-DSA/Dilithium (default: disabled)])],
|
|
[ ENABLED_MLDSA=$enableval ],
|
|
[ ENABLED_MLDSA=no ]
|
|
)
|
|
# note, inherits default from "mldsa" clause above.
|
|
AC_ARG_ENABLE([dilithium],
|
|
[AS_HELP_STRING([--enable-dilithium],[Alias for --enable-mldsa])],
|
|
[ ENABLED_MLDSA=$enableval ]
|
|
)
|
|
|
|
ENABLED_MLDSA_OPTS=$ENABLED_MLDSA
|
|
ENABLED_MLDSA_MAKE_KEY=no
|
|
ENABLED_MLDSA_SIGN=no
|
|
ENABLED_MLDSA_VERIFY=no
|
|
for v in `echo $ENABLED_MLDSA_OPTS | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
ENABLED_MLDSA44=yes
|
|
ENABLED_MLDSA65=yes
|
|
ENABLED_MLDSA87=yes
|
|
ENABLED_MLDSA_MAKE_KEY=yes
|
|
ENABLED_MLDSA_SIGN=yes
|
|
ENABLED_MLDSA_VERIFY=yes
|
|
;;
|
|
no)
|
|
;;
|
|
all)
|
|
ENABLED_MLDSA_MAKE_KEY=yes
|
|
ENABLED_MLDSA_SIGN=yes
|
|
ENABLED_MLDSA_VERIFY=yes
|
|
;;
|
|
make)
|
|
ENABLED_MLDSA_MAKE_KEY=yes
|
|
;;
|
|
sign)
|
|
ENABLED_MLDSA_SIGN=yes
|
|
;;
|
|
verify)
|
|
ENABLED_MLDSA_VERIFY=yes
|
|
;;
|
|
verify-only)
|
|
ENABLED_MLDSA_MAKE_KEY=no
|
|
ENABLED_MLDSA_SIGN=no
|
|
ENABLED_MLDSA_VERIFY=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_VERIFY_ONLY"
|
|
;;
|
|
small)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_SMALL"
|
|
;;
|
|
44)
|
|
ENABLED_MLDSA44=yes
|
|
;;
|
|
65)
|
|
ENABLED_MLDSA65=yes
|
|
;;
|
|
87)
|
|
ENABLED_MLDSA87=yes
|
|
;;
|
|
draft|fips204-draft)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_FIPS204_DRAFT"
|
|
;;
|
|
no-ctx)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_CTX"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid choice for ML-DSA [all,make,sign,verify,verify-only,small,44,65,87,no-ctx]: $ENABLED_MLDSA.])
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
# XMSS
|
|
AC_ARG_ENABLE([xmss],
|
|
[AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])],
|
|
[ ENABLED_XMSS=$enableval ],
|
|
[ ENABLED_XMSS=no ]
|
|
)
|
|
|
|
for v in `echo $ENABLED_XMSS | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
;;
|
|
no)
|
|
;;
|
|
verify-only)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XMSS_VERIFY_ONLY -DXMSS_VERIFY_ONLY"
|
|
;;
|
|
small)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_XMSS_SMALL"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid choice for XMSS []: $ENABLED_XMSS.])
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
# LMS
|
|
AC_ARG_ENABLE([lms],
|
|
[AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])],
|
|
[ ENABLED_LMS=$enableval ],
|
|
[ ENABLED_LMS=no ]
|
|
)
|
|
|
|
for v in `echo $ENABLED_LMS | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
;;
|
|
no)
|
|
;;
|
|
verify-only)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_VERIFY_ONLY"
|
|
;;
|
|
small)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_LMS_SMALL"
|
|
;;
|
|
no-sha256-256)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_LMS_SHA256_256"
|
|
;;
|
|
sha256-192)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192"
|
|
;;
|
|
shake256)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHAKE256"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid choice for LMS []: $ENABLED_LMS.])
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
# SLH-DSA
|
|
ENABLED_SLHDSA=yes
|
|
AC_ARG_ENABLE([slhdsa],
|
|
[AS_HELP_STRING([--enable-slhdsa],[Enable SLH-DSA signatures (default: disabled)])],
|
|
[ ENABLED_SLHDSA=$enableval ],
|
|
[ ENABLED_SLHDSA=no ]
|
|
)
|
|
|
|
for v in `echo $ENABLED_SLHDSA | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
SLHDSA_PARAM_128S=yes
|
|
SLHDSA_PARAM_128F=yes
|
|
SLHDSA_PARAM_192S=yes
|
|
SLHDSA_PARAM_192F=yes
|
|
SLHDSA_PARAM_256S=yes
|
|
SLHDSA_PARAM_256F=yes
|
|
;;
|
|
no)
|
|
;;
|
|
verify-only)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_VERIFY_ONLY"
|
|
;;
|
|
small)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_SLHDSA_SMALL"
|
|
;;
|
|
small-mem)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_SLHDSA_SMALL_MEM"
|
|
;;
|
|
128s)
|
|
SLHDSA_PARAM_128S=yes
|
|
;;
|
|
128f)
|
|
SLHDSA_PARAM_128F=yes
|
|
;;
|
|
192s)
|
|
SLHDSA_PARAM_192S=yes
|
|
;;
|
|
192f)
|
|
SLHDSA_PARAM_192F=yes
|
|
;;
|
|
256s)
|
|
SLHDSA_PARAM_256S=yes
|
|
;;
|
|
256f)
|
|
SLHDSA_PARAM_256F=yes
|
|
;;
|
|
no-s)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SMALL"
|
|
;;
|
|
no-f)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_FAST"
|
|
;;
|
|
sha2)
|
|
SLHDSA_SHA2=yes
|
|
SLHDSA_PARAM_SHA2_128S=yes
|
|
SLHDSA_PARAM_SHA2_128F=yes
|
|
SLHDSA_PARAM_SHA2_192S=yes
|
|
SLHDSA_PARAM_SHA2_192F=yes
|
|
SLHDSA_PARAM_SHA2_256S=yes
|
|
SLHDSA_PARAM_SHA2_256F=yes
|
|
;;
|
|
sha2-128s)
|
|
SLHDSA_SHA2=yes
|
|
SLHDSA_PARAM_SHA2_128S=yes
|
|
;;
|
|
sha2-128f)
|
|
SLHDSA_SHA2=yes
|
|
SLHDSA_PARAM_SHA2_128F=yes
|
|
;;
|
|
sha2-192s)
|
|
SLHDSA_SHA2=yes
|
|
SLHDSA_PARAM_SHA2_192S=yes
|
|
;;
|
|
sha2-192f)
|
|
SLHDSA_SHA2=yes
|
|
SLHDSA_PARAM_SHA2_192F=yes
|
|
;;
|
|
sha2-256s)
|
|
SLHDSA_SHA2=yes
|
|
SLHDSA_PARAM_SHA2_256S=yes
|
|
;;
|
|
sha2-256f)
|
|
SLHDSA_SHA2=yes
|
|
SLHDSA_PARAM_SHA2_256F=yes
|
|
;;
|
|
no-sha2-s)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_SMALL"
|
|
;;
|
|
no-sha2-f)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_FAST"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid choice for SLH-DSA []: $ENABLED_SLHDSA.])
|
|
break;;
|
|
esac
|
|
done
|
|
# SINGLE THREADED
|
|
AC_ARG_ENABLE([singlethreaded],
|
|
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
|
|
[ ENABLED_SINGLETHREADED=$enableval ],
|
|
[ ENABLED_SINGLETHREADED=no ])
|
|
|
|
WOLFSSL_HAVE_PTHREAD=0
|
|
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
|
|
AX_PTHREAD([
|
|
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
|
|
WOLFSSL_HAVE_PTHREAD=1
|
|
# If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
|
|
# versions of clang don't need the -Q flag when using pthreads.
|
|
AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
|
|
AM_CFLAGS="$AM_CFLAGS $PTHREAD_CFLAGS"
|
|
LIBS="$LIBS $PTHREAD_LIBS"
|
|
],[
|
|
ENABLED_SINGLETHREADED=yes
|
|
])
|
|
])
|
|
|
|
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" ])
|
|
|
|
# Enable rwlock
|
|
AC_ARG_ENABLE([rwlock],
|
|
[AS_HELP_STRING([--enable-rwlock],[Enable use of rwlock (default: disabled)])],
|
|
[ENABLED_RWLOCK=$enableval],
|
|
[ENABLED_RWLOCK=no])
|
|
|
|
if test "$ENABLED_RWLOCK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_RWLOCK"
|
|
fi
|
|
|
|
# ECH
|
|
AC_ARG_ENABLE([ech],
|
|
[AS_HELP_STRING([--enable-ech],[Enable ECH (default: disabled)])],
|
|
[ ENABLED_ECH=$enableval ],
|
|
[ ENABLED_ECH=no ]
|
|
)
|
|
if test "$ENABLED_ECH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECH"
|
|
|
|
test "$enable_hpke" = "" && enable_hpke=yes
|
|
test "$enable_ecc" = "" && enable_ecc=yes
|
|
test "$enable_curve25519" = "" && enable_curve25519=yes
|
|
test "$enable_sha256" = "" && enable_sha256=yes
|
|
test "$enable_sni" = "" && enable_sni=yes
|
|
test "$enable_tls13" = "" && enable_tls13=yes
|
|
fi
|
|
|
|
# DTLS
|
|
# DTLS is a prereq for the options mcast, sctp, and jni. Enabling any of those
|
|
# without DTLS will also enable DTLS.
|
|
AC_ARG_ENABLE([dtls],
|
|
[AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])],
|
|
[ ENABLED_DTLS=$enableval ],
|
|
[ ENABLED_DTLS=no ]
|
|
)
|
|
if test "$ENABLED_DTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
|
|
fi
|
|
|
|
# DTLS change MTU
|
|
AC_ARG_ENABLE([dtls-mtu],
|
|
[AS_HELP_STRING([--enable-dtls-mtu],[Enable setting the MTU size for wolfSSL DTLS (default: disabled)])],
|
|
[ ENABLED_DTLS_MTU=$enableval ],
|
|
[ ENABLED_DTLS_MTU=no ]
|
|
)
|
|
if test "$ENABLED_DTLS_MTU" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU"
|
|
fi
|
|
|
|
# KeyLog file export
|
|
AC_ARG_ENABLE([keylog-export],
|
|
[AS_HELP_STRING([--enable-keylog-export],[Enable insecure export of TLS secrets to an NSS keylog file (default: disabled)])],
|
|
[ ENABLED_KEYLOG_EXPORT=$enableval ],
|
|
[ ENABLED_KEYLOG_EXPORT=no ]
|
|
)
|
|
if test "$ENABLED_KEYLOG_EXPORT" = "yes"
|
|
then
|
|
AC_MSG_WARN([Keylog export enabled -- Sensitive key data will be stored insecurely.])
|
|
AM_CFLAGS="$AM_CFLAGS -DSHOW_SECRETS -DHAVE_SECRET_CALLBACK -DWOLFSSL_SSLKEYLOGFILE -DWOLFSSL_KEYLOG_EXPORT_WARNED"
|
|
fi
|
|
|
|
# TLS v1.3 Draft 18 (Note: only final TLS v1.3 supported, here for backwards build compatibility)
|
|
AC_ARG_ENABLE([tls13-draft18],
|
|
[AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
|
|
[ ENABLED_TLS13_DRAFT18=$enableval ],
|
|
[ ENABLED_TLS13_DRAFT18=no ]
|
|
)
|
|
|
|
# TLS v1.3
|
|
AC_ARG_ENABLE([tls13],
|
|
[AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: enabled)])],
|
|
[ ENABLED_TLS13=$enableval ],
|
|
[ ENABLED_TLS13=yes ]
|
|
)
|
|
if test "x$FIPS_VERSION" = "xv1" ||
|
|
( test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1 )
|
|
then
|
|
ENABLED_TLS13="no"
|
|
fi
|
|
|
|
# QUIC support
|
|
AC_ARG_ENABLE([quic],
|
|
[AS_HELP_STRING([--enable-quic],[Enable QUIC API with wolfSSL TLS v1.3 (default: disabled)])],
|
|
[ ENABLED_QUIC=$enableval ],
|
|
[ ENABLED_QUIC=no ]
|
|
)
|
|
|
|
if test "$ENABLED_QUIC" = "yes"
|
|
then
|
|
if test "x$ENABLED_TLS13" = "xno"
|
|
then
|
|
AC_MSG_ERROR([TLS 1.3 is disabled - necessary for QUIC])
|
|
fi
|
|
if test "$enable_aesgcm" = "no"
|
|
then
|
|
AC_MSG_ERROR([AES-GCM is disabled - necessary for QUIC])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QUIC"
|
|
# QUIC proto handlers need app_data at WOLFSSL*
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
fi
|
|
|
|
|
|
# Post-handshake Authentication
|
|
AC_ARG_ENABLE([postauth],
|
|
[AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])],
|
|
[ ENABLED_TLS13_POST_AUTH=$enableval ],
|
|
[ ENABLED_TLS13_POST_AUTH=no ]
|
|
)
|
|
if test "$ENABLED_TLS13_POST_AUTH" = "yes"
|
|
then
|
|
if test "x$ENABLED_TLS13" = "xno"
|
|
then
|
|
AC_MSG_NOTICE([TLS 1.3 is disabled - disabling Post-handshake Authentication])
|
|
ENABLED_TLS13_POST_AUTH="no"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_POST_HANDSHAKE_AUTH"
|
|
fi
|
|
fi
|
|
|
|
|
|
# Hello Retry Request Cookie
|
|
AC_ARG_ENABLE([hrrcookie],
|
|
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
|
|
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
|
|
[ ENABLED_SEND_HRR_COOKIE=undefined ]
|
|
)
|
|
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
|
|
then
|
|
if test "x$ENABLED_TLS13" = "xno"
|
|
then
|
|
AC_MSG_NOTICE([TLS 1.3 is disabled - disabling HRR Cookie])
|
|
ENABLED_SEND_HRR_COOKIE="no"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
|
|
fi
|
|
fi
|
|
|
|
|
|
# RNG
|
|
AC_ARG_ENABLE([rng],
|
|
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
|
|
[ ENABLED_RNG=$enableval ],
|
|
[ ENABLED_RNG=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_RNG" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([rng-bank],
|
|
[AS_HELP_STRING([--enable-rng-bank],[Enable compiling and using RNG banks (default: disabled)])],
|
|
[ ENABLED_RNG_BANK=$enableval ],
|
|
[ ENABLED_RNG_BANK=$KERNEL_MODE_DEFAULTS ]
|
|
)
|
|
|
|
if test "$ENABLED_RNG_BANK" = "yes"
|
|
then
|
|
AS_IF([test "$ENABLED_RNG" = "no"],
|
|
AC_MSG_ERROR([--enable-rng-bank requires --enable-rng]))
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RNG_BANK_SUPPORT"
|
|
fi
|
|
|
|
|
|
# DTLS-SCTP
|
|
AC_ARG_ENABLE([sctp],
|
|
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
|
|
[ENABLED_SCTP=$enableval],
|
|
[ENABLED_SCTP=no])
|
|
|
|
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
|
|
[AC_MSG_CHECKING([for SCTP])
|
|
AC_RUN_IFELSE(
|
|
[AC_LANG_PROGRAM(
|
|
[[
|
|
#include <sys/socket.h>
|
|
#include <arpa/inet.h>
|
|
]],
|
|
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
|
|
[AC_MSG_RESULT(yes)],
|
|
[AC_MSG_RESULT(no)
|
|
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])],
|
|
: ,
|
|
: ,
|
|
: )])
|
|
|
|
# DTLS-SRTP
|
|
AC_ARG_ENABLE([srtp],
|
|
[AS_HELP_STRING([--enable-srtp],[Enable wolfSSL DTLS-SRTP support (default: disabled)])],
|
|
[ENABLED_SRTP=$enableval],
|
|
[ENABLED_SRTP=no])
|
|
|
|
# DTLS-MULTICAST
|
|
AC_ARG_ENABLE([mcast],
|
|
[AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
|
|
[ENABLED_MCAST=$enableval],
|
|
[ENABLED_MCAST=no])
|
|
|
|
|
|
# List of open source project defines using our openssl compatibility layer:
|
|
# bind dns (--enable-bind) WOLFSSL_BIND
|
|
# libssh2 (--enable-libssh2)
|
|
# openssh (--enable-openssh) WOLFSSL_OPENSSH
|
|
# openvpn (--enable-openvpn) WOLFSSL_OPENVPN
|
|
# nginx (--enable-nginx) WOLFSSL_NGINX
|
|
# ntp (--enable-ntp)
|
|
# openresty (--enable-openresty)
|
|
# haproxy (--enable-haproxy) WOLFSSL_HAPROXY
|
|
# wpa_supplicant (--enable-wpas) WOLFSSL_WPAS
|
|
# ssl fortress (--enable-fortress) FORTRESS
|
|
# ssl bump (--enable-bump)
|
|
# signal (--enable-signal)
|
|
# lighty (--enable-lighty) HAVE_LIGHTY
|
|
# rsyslog (--enable-rsyslog)
|
|
# stunnel (--enable-stunnel) HAVE_STUNNEL
|
|
# curl (--enable-curl) HAVE_CURL
|
|
# libest (--enable-libest) HAVE_LIBEST
|
|
# asio (--enable-asio) WOLFSSL_ASIO
|
|
# libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS
|
|
# qt (--enable-qt) WOLFSSL_QT
|
|
# qt test (--enable-qt-test) WOLFSSL_QT_TEST
|
|
# HAVE_POCO_LIB
|
|
# WOLFSSL_MYSQL_COMPATIBLE
|
|
# web server (--enable-webserver) HAVE_WEBSERVER
|
|
# net-snmp (--enable-net-snmp)
|
|
# krb (--enable-krb) WOLFSSL_KRB
|
|
# FFmpeg (--enable-ffmpeg) WOLFSSL_FFMPEG
|
|
# strongSwan (--enable-strongswan)
|
|
# OpenLDAP (--enable-openldap)
|
|
# hitch (--enable-hitch)
|
|
# memcached (--enable-memcached)
|
|
# Mosquitto (--enable-mosquitto) HAVE_MOSQUITTO
|
|
|
|
# Bind DNS compatibility Build
|
|
AC_ARG_ENABLE([bind],
|
|
[AS_HELP_STRING([--enable-bind],[Enable Bind DNS compatibility build (default: disabled)])],
|
|
[ENABLED_BIND=$enableval],
|
|
[ENABLED_BIND=no])
|
|
|
|
AC_ARG_ENABLE([libssh2],
|
|
[AS_HELP_STRING([--enable-libssh2],[Enable libssh2 compatibility build (default: disabled)])],
|
|
[ENABLED_LIBSSH2=$enableval],
|
|
[ENABLED_LIBSSH2=no])
|
|
|
|
# OpenSSH compatibility Build
|
|
AC_ARG_ENABLE([openssh],
|
|
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
|
|
[ENABLED_OPENSSH=$enableval],
|
|
[ENABLED_OPENSSH=no])
|
|
|
|
if test "$ENABLED_OPENSSH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH -DHAVE_EX_DATA -DWOLFSSL_BASE16"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ERROR_CODE_OPENSSL -DWC_RNG_SEED_CB"
|
|
fi
|
|
|
|
# OpenVPN compatibility Build
|
|
AC_ARG_ENABLE([openvpn],
|
|
[AS_HELP_STRING([--enable-openvpn],[Enable OpenVPN compatibility build (default: disabled)])],
|
|
[ENABLED_OPENVPN=$enableval],
|
|
[ENABLED_OPENVPN=no])
|
|
|
|
# openresty compatibility build
|
|
AC_ARG_ENABLE([openresty],
|
|
[AS_HELP_STRING([--enable-openresty],[Enable openresty (default: disabled)])],
|
|
[ ENABLED_OPENRESTY=$enableval ],
|
|
[ ENABLED_OPENRESTY=no ]
|
|
)
|
|
|
|
# nginx compatibility build
|
|
AC_ARG_ENABLE([nginx],
|
|
[AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])],
|
|
[ ENABLED_NGINX=$enableval ],
|
|
[ ENABLED_NGINX=no ]
|
|
)
|
|
|
|
# chrony support. Needs the compatibility layer for SNI callback functionality,
|
|
# but otherwise uses pure wolfCrypt.
|
|
AC_ARG_ENABLE([chrony],
|
|
[AS_HELP_STRING([--enable-chrony],[Enable chrony support (default: disabled)])],
|
|
[ ENABLED_CHRONY=$enableval ],
|
|
[ ENABLED_CHRONY=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CHRONY" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
|
fi
|
|
|
|
if test "$ENABLED_OPENRESTY" = "yes"
|
|
then
|
|
ENABLED_NGINX="yes"
|
|
fi
|
|
|
|
# OpenLDAP support
|
|
AC_ARG_ENABLE([openldap],
|
|
[AS_HELP_STRING([--enable-openldap],[Enable OpenLDAP support (default: disabled)])],
|
|
[ ENABLED_OPENLDAP=$enableval ],
|
|
[ ENABLED_OPENLDAP=no ]
|
|
)
|
|
|
|
# Mosquitto support
|
|
AC_ARG_ENABLE([mosquitto],
|
|
[AS_HELP_STRING([--enable-mosquitto],[Enable Mosquitto support (default: disabled)])],
|
|
[ ENABLED_MOSQUITTO=$enableval ],
|
|
[ ENABLED_MOSQUITTO=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_MOSQUITTO" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_MOSQUITTO"
|
|
fi
|
|
|
|
# lighty Support
|
|
AC_ARG_ENABLE([lighty],
|
|
[AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
|
|
[ ENABLED_LIGHTY=$enableval ],
|
|
[ ENABLED_LIGHTY=no ]
|
|
)
|
|
|
|
# rsyslog Support
|
|
AC_ARG_ENABLE([rsyslog],
|
|
[AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])],
|
|
[ ENABLED_RSYSLOG=$enableval ],
|
|
[ ENABLED_RSYSLOG=no ]
|
|
)
|
|
|
|
# haproxy compatibility build
|
|
AC_ARG_ENABLE([haproxy],
|
|
[AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])],
|
|
[ ENABLED_HAPROXY=$enableval ],
|
|
[ ENABLED_HAPROXY=no ]
|
|
)
|
|
|
|
# wpa_supplicant support
|
|
AC_ARG_ENABLE([wpas],
|
|
[AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])],
|
|
[ ENABLED_WPAS=$enableval ],
|
|
[ ENABLED_WPAS=no ]
|
|
)
|
|
|
|
# wpa_supplicant support
|
|
AC_ARG_ENABLE([wpas-dpp],
|
|
[AS_HELP_STRING([--enable-wpas-dpp],[Enable wpa_supplicant support with dpp (default: disabled)])],
|
|
[ ENABLED_WPAS_DPP=$enableval ],
|
|
[ ENABLED_WPAS_DPP=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WPAS_DPP" = "yes"
|
|
then
|
|
ENABLED_WPAS="yes"
|
|
fi
|
|
|
|
# ntp support
|
|
AC_ARG_ENABLE([ntp],
|
|
[AS_HELP_STRING([--enable-ntp],[Enable ntp support (default: disabled)])],
|
|
[ ENABLED_NTP=$enableval ],
|
|
[ ENABLED_NTP=no ]
|
|
)
|
|
|
|
# Fortress build
|
|
AC_ARG_ENABLE([fortress],
|
|
[AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])],
|
|
[ ENABLED_FORTRESS=$enableval ],
|
|
[ ENABLED_FORTRESS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_OPENSSH" = "yes"
|
|
then
|
|
ENABLED_FORTRESS="yes"
|
|
fi
|
|
|
|
# libwebsockets Support
|
|
AC_ARG_ENABLE([libwebsockets],
|
|
[AS_HELP_STRING([--enable-libwebsockets],[Enable libwebsockets (default: disabled)])],
|
|
[ ENABLED_LIBWEBSOCKETS=$enableval ],
|
|
[ ENABLED_LIBWEBSOCKETS=no ]
|
|
)
|
|
if test "$ENABLED_LIBWEBSOCKETS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_NO_EC"
|
|
fi
|
|
|
|
# net-snmp Build
|
|
AC_ARG_ENABLE([net-snmp],
|
|
[AS_HELP_STRING([--enable-net-snmp],[Enable net-snmp (default: disabled)])],
|
|
[ ENABLED_NETSNMP=$enableval ],
|
|
[ ENABLED_NETSNMP=no ]
|
|
)
|
|
|
|
# kerberos 5 Build
|
|
AC_ARG_ENABLE([krb],
|
|
[AS_HELP_STRING([--enable-krb],[Enable kerberos 5 support (default: disabled)])],
|
|
[ ENABLED_KRB=$enableval ],
|
|
[ ENABLED_KRB=no ]
|
|
)
|
|
|
|
# FFmpeg Build
|
|
AC_ARG_ENABLE([ffmpeg],
|
|
[AS_HELP_STRING([--enable-ffmpeg],[Enable FFmpeg support (default: disabled)])],
|
|
[ ENABLED_FFMPEG=$enableval ],
|
|
[ ENABLED_FFMPEG=no ]
|
|
)
|
|
|
|
|
|
# IP alternative name Support
|
|
AC_ARG_ENABLE([ip-alt-name],
|
|
[AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
|
|
[ ENABLE_IP_ALT_NAME=$enableval ],
|
|
[ ENABLE_IP_ALT_NAME=no ]
|
|
)
|
|
|
|
if test "$ENABLE_IP_ALT_NAME" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
|
|
fi
|
|
|
|
# QT Support
|
|
AC_ARG_ENABLE([qt],
|
|
[AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])],
|
|
[ ENABLED_QT=$enableval ],
|
|
[ ENABLED_QT=no ]
|
|
)
|
|
|
|
# SNIFFER
|
|
AC_ARG_ENABLE([sniffer],
|
|
[AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
|
|
[ ENABLED_SNIFFER=$enableval ],
|
|
[ ENABLED_SNIFFER=no ]
|
|
)
|
|
|
|
# signal compatibility build
|
|
AC_ARG_ENABLE([signal],
|
|
[AS_HELP_STRING([--enable-signal],[Enable signal (default: disabled)])],
|
|
[ ENABLED_SIGNAL=$enableval ],
|
|
[ ENABLED_SIGNAL=no ]
|
|
)
|
|
|
|
# strongSwan support
|
|
AC_ARG_ENABLE([strongswan],
|
|
[AS_HELP_STRING([--enable-strongswan],[Enable strongSwan support (default: disabled)])],
|
|
[ ENABLED_STRONGSWAN=$enableval ],
|
|
[ ENABLED_STRONGSWAN=no ]
|
|
)
|
|
|
|
# hitch support
|
|
AC_ARG_ENABLE([hitch],
|
|
[AS_HELP_STRING([--enable-hitch],[Enable hitch support (default: disabled)])],
|
|
[ ENABLED_HITCH=$enableval ],
|
|
[ ENABLED_HITCH=no ]
|
|
)
|
|
|
|
# memcached support
|
|
AC_ARG_ENABLE([memcached],
|
|
[AS_HELP_STRING([--enable-memcached],[Enable memcached support (default: disabled)])],
|
|
[ ENABLED_MEMCACHED=$enableval ],
|
|
[ ENABLED_MEMCACHED=no ]
|
|
)
|
|
|
|
# OpenSSL Coexist
|
|
AC_ARG_ENABLE([opensslcoexist],
|
|
[AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])],
|
|
[ ENABLED_OPENSSLCOEXIST=$enableval ],
|
|
[ ENABLED_OPENSSLCOEXIST=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes" || test "$ENABLED_WOLFENGINE" = "yes"
|
|
then
|
|
# make sure old names are disabled (except RNG)
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST"
|
|
fi
|
|
|
|
# S/MIME
|
|
AC_ARG_ENABLE([smime],
|
|
[AS_HELP_STRING([--enable-smime],[Enable S/MIME (default: disabled)])],
|
|
[ ENABLED_SMIME=$enableval ],
|
|
[ ENABLED_SMIME=no ]
|
|
)
|
|
|
|
# Platform Security Architecture (PSA)
|
|
AC_ARG_ENABLE([psa],
|
|
[AS_HELP_STRING([--enable-psa],[use Platform Security Architecture (PSA) interface (default: disabled)])],
|
|
[ ENABLED_PSA=$enableval ],
|
|
[ ENABLED_PSA=no ]
|
|
)
|
|
|
|
AC_ARG_WITH([psa-include],
|
|
[AS_HELP_STRING([--with-psa-include=PATH],
|
|
[PATH to directory with PSA header files])],
|
|
[PSA_INCLUDE=$withval],
|
|
[PSA_INCLUDE=""])
|
|
|
|
AC_ARG_WITH([psa-lib],
|
|
[AS_HELP_STRING([--with-psa-lib=PATH],[PATH to directory with the PSA library])],
|
|
[PSA_LIB=$withval],
|
|
[PSA_LIB=""])
|
|
|
|
AC_ARG_WITH([psa-lib-name],
|
|
[AS_HELP_STRING([--with-psa-lib-name=NAME],[NAME of PSA library])],
|
|
[PSA_LIB_NAME=$withval],
|
|
[PSA_LIB_NAME=""])
|
|
|
|
AC_ARG_ENABLE([psa-lib-static],
|
|
[AS_HELP_STRING([--enable-psa-lib-static],[Link PSA as static library (default: disable)])],
|
|
[ ENABLED_PSA_STATIC=$enableval ],
|
|
[ ENABLED_PSA_STATIC=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_PSA" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_PSA"
|
|
fi
|
|
|
|
if test "x$ENABLED_PSA" != "xyes" && \
|
|
(test "x$PSA_LIB" != "x" || test "x$PSA_INCLUDE" != "x" || test "x$PSA_LIB_NAME" != "x" )
|
|
then
|
|
AC_MSG_ERROR([to use PSA you need to enable it with --enable-psa])
|
|
fi
|
|
|
|
if test -n "$PSA_LIB"
|
|
then
|
|
AC_MSG_CHECKING([for $PSA_LIB])
|
|
if ! test -d "$PSA_LIB"
|
|
then
|
|
AC_MSG_ERROR([PSA lib dir $PSA_LIB not found.])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
AM_LDFLAGS="$AM_LDFLAGS -L$PSA_LIB"
|
|
fi
|
|
|
|
if test -n "$PSA_LIB_NAME"
|
|
then
|
|
if test "x$ENABLED_PSA_STATIC" = "xyes"
|
|
then
|
|
LIB_STATIC_ADD="$LIB_STATIC_ADD $PSA_LIB/$PSA_LIB_NAME"
|
|
else
|
|
LIB_ADD="$LIB_ADD -l$PSA_LIB_NAME"
|
|
fi
|
|
fi
|
|
|
|
if test -n "$PSA_INCLUDE"
|
|
then
|
|
AC_MSG_CHECKING([for $PSA_INCLUDE])
|
|
if ! test -d "$PSA_INCLUDE"
|
|
then
|
|
AC_MSG_ERROR([psa include dir $PSA_INCLUDE not found.])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
AM_CFLAGS="$AM_CFLAGS -I$PSA_INCLUDE"
|
|
fi
|
|
|
|
AC_SUBST([PSA_LIB])
|
|
AC_SUBST([PSA_LIB_NAME])
|
|
AC_SUBST([PSA_INCLUDE])
|
|
|
|
# OPENSSL Compatibility ALL
|
|
AC_ARG_ENABLE([opensslall],
|
|
[AS_HELP_STRING([--enable-opensslall],[Enable all OpenSSL API, size++ (default: disabled)])],
|
|
[ ENABLED_OPENSSLALL=$enableval ],
|
|
[ ENABLED_OPENSSLALL=no ]
|
|
)
|
|
if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
|
|
test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \
|
|
test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \
|
|
test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \
|
|
test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
|
|
test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
|
|
test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
|
|
test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || \
|
|
test "$ENABLED_HITCH" = "yes" || test "$ENABLED_NGINX" = "yes"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
fi
|
|
|
|
# OPENSSL Extra Compatibility
|
|
AC_ARG_ENABLE([opensslextra],
|
|
[AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled). Skip compat header install using "noinstall"])],
|
|
[ ENABLED_OPENSSLEXTRA=$enableval ],
|
|
[ ENABLED_OPENSSLEXTRA=no ]
|
|
)
|
|
|
|
if test "$ENABLED_QUIC" = "yes"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
fi
|
|
|
|
|
|
# One Error Queue per Thread
|
|
AC_ARG_ENABLE([error-queue-per-thread],
|
|
[AS_HELP_STRING([--enable-error-queue-per-thread],[Enable one error queue per thread. Requires thread local storage. (default: disabled)])],
|
|
[ ENABLED_ERRORQUEUEPERTHREAD=$enableval ],
|
|
[ ENABLED_ERRORQUEUEPERTHREAD=check ]
|
|
)
|
|
|
|
if test "$ENABLED_ERRORQUEUEPERTHREAD" = "check"
|
|
then
|
|
AS_IF([test "$thread_ls_on" = "no" ||
|
|
test "$ENABLED_SINGLETHREADED" = "yes"],
|
|
[ENABLED_ERRORQUEUEPERTHREAD=no],
|
|
[ENABLED_ERRORQUEUEPERTHREAD=yes])
|
|
fi
|
|
|
|
if test "$ENABLED_ERRORQUEUEPERTHREAD" = "yes"
|
|
then
|
|
if test "$thread_ls_on" != "yes"
|
|
then
|
|
AC_MSG_ERROR(error-queue-per-thread needs thread-local storage.)
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DERROR_QUEUE_PER_THREAD"
|
|
fi
|
|
|
|
# High Strength Build
|
|
AC_ARG_ENABLE([maxstrength],
|
|
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strength build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
|
|
[ENABLED_MAXSTRENGTH=$enableval],
|
|
[ENABLED_MAXSTRENGTH=no])
|
|
|
|
|
|
# Harden, enable Timing Resistance and Blinding by default
|
|
AC_ARG_ENABLE([harden],
|
|
[AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
|
|
[ENABLED_HARDEN=$enableval],
|
|
[ENABLED_HARDEN=yes])
|
|
|
|
if test "$ENABLED_HARDEN" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
|
|
if test "$ENABLED_RNG" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN -DWC_NO_CACHE_RESISTANT"
|
|
fi
|
|
|
|
# Fault protection hardening
|
|
AC_ARG_ENABLE([faultharden],
|
|
[AS_HELP_STRING([--enable-faultharden],[Enable Fault Hardened build (default: disabled)])],
|
|
[ENABLED_FAULTHARDEN=$enableval],
|
|
[ENABLED_FAULTHARDEN=no])
|
|
|
|
if test "$ENABLED_FAULTHARDEN" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_SIG_FAULTS -DWOLFSSL_CHECK_VER_FAULTS -DWC_SHA3_FAULT_HARDEN -DWC_MLKEM_FAULT_HARDEN -DWC_MLDSA_FAULT_HARDEN"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([compileharden],
|
|
[AS_HELP_STRING([--enable-compileharden],[Enable extra hardening compile flags (default: disabled)])],
|
|
[ENABLED_COMPILEHARDEN=$enableval],
|
|
[ENABLED_COMPILEHARDEN=no])
|
|
|
|
EXTRA_OPTS_CFLAGS=
|
|
if test "$ENABLED_COMPILEHARDEN" = "yes"
|
|
then
|
|
CAN_USE_32B_BOUNDARIES_FLAG=no
|
|
AX_CHECK_COMPILE_FLAG([-Wa,-mbranches-within-32B-boundaries],
|
|
[CAN_USE_32B_BOUNDARIES_FLAG=yes],
|
|
[CAN_USE_32B_BOUNDARIES_FLAG=no],
|
|
[-Werror],[])
|
|
|
|
if test "$CAN_USE_32B_BOUNDARIES_FLAG" = "yes"
|
|
then
|
|
EXTRA_OPTS_CFLAGS="$EXTRA_OPTS_CFLAGS -Wa,-mbranches-within-32B-boundaries -falign-loops=64"
|
|
else
|
|
AC_MSG_ERROR([compiler does not accept -mbranches-within-32B-boundaries flag])
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
# IPv6 Test Apps
|
|
AC_ARG_ENABLE([ipv6],
|
|
[AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])],
|
|
[ ENABLED_IPV6=$enableval ],
|
|
[ ENABLED_IPV6=no ]
|
|
)
|
|
|
|
if test "$ENABLED_IPV6" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
|
|
fi
|
|
|
|
if test "$ENABLED_WPAS" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
|
|
fi
|
|
if test "$ENABLED_WPAS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
|
|
fi
|
|
if test "$ENABLED_WPAS" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
|
|
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"])
|
|
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_CTC_NAME_SIZE=128"
|
|
|
|
if test "$ENABLED_OPENSSLEXTRA" = "no"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_FORTRESS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
|
|
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
|
|
AC_ARG_ENABLE([leantls],
|
|
[AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])],
|
|
[ ENABLED_LEANTLS=$enableval ],
|
|
[ ENABLED_LEANTLS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY -DNO_WOLFSSL_CM_VERIFY"
|
|
enable_lowresource=yes
|
|
fi
|
|
|
|
|
|
# low resource options to reduce flash and memory use
|
|
AC_ARG_ENABLE([lowresource],
|
|
[AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])],
|
|
[ ENABLED_LOWRESOURCE=$enableval ],
|
|
[ ENABLED_LOWRESOURCE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_LOWRESOURCE" = "yes"
|
|
then
|
|
# low memory / flash flags
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO"
|
|
|
|
# low flash flags
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
|
|
|
|
# AES small
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL -DWOLFSSL_AES_NO_UNROLL -DWOLFSSL_AES_SMALL_TABLES"
|
|
fi
|
|
|
|
|
|
# TITAN cache
|
|
AC_ARG_ENABLE([titancache],
|
|
[AS_HELP_STRING([--enable-titancache],[Enable titan session cache (default: disabled)])],
|
|
[ ENABLED_TITANCACHE=$enableval ],
|
|
[ ENABLED_TITANCACHE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_TITANCACHE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DTITAN_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# HUGE cache
|
|
AC_ARG_ENABLE([hugecache],
|
|
[AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])],
|
|
[ ENABLED_HUGECACHE=$enableval ],
|
|
[ ENABLED_HUGECACHE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_HUGECACHE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# big cache
|
|
AC_ARG_ENABLE([bigcache],
|
|
[AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
|
|
[ ENABLED_BIGCACHE=$enableval ],
|
|
[ ENABLED_BIGCACHE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BIGCACHE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# SMALL cache
|
|
AC_ARG_ENABLE([smallcache],
|
|
[AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])],
|
|
[ ENABLED_SMALLCACHE=$enableval ],
|
|
[ ENABLED_SMALLCACHE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SMALLCACHE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# Persistent session cache
|
|
AC_ARG_ENABLE([savesession],
|
|
[AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])],
|
|
[ ENABLED_SAVESESSION=$enableval ],
|
|
[ ENABLED_SAVESESSION=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SAVESESSION" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# Persistent cert cache
|
|
AC_ARG_ENABLE([savecert],
|
|
[AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])],
|
|
[ ENABLED_SAVECERT=$enableval ],
|
|
[ ENABLED_SAVECERT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SAVECERT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
|
|
fi
|
|
|
|
|
|
# Write duplicate WOLFSSL object
|
|
AC_ARG_ENABLE([writedup],
|
|
[AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])],
|
|
[ ENABLED_WRITEDUP=$enableval ],
|
|
[ ENABLED_WRITEDUP=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WRITEDUP" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
|
|
fi
|
|
|
|
|
|
# Atomic User Record Layer
|
|
AC_ARG_ENABLE([atomicuser],
|
|
[AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])],
|
|
[ ENABLED_ATOMICUSER=$enableval ],
|
|
[ ENABLED_ATOMICUSER=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ATOMICUSER" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
|
|
fi
|
|
|
|
|
|
# Public Key Callbacks
|
|
AC_ARG_ENABLE([pkcallbacks],
|
|
[AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])],
|
|
[ ENABLED_PKCALLBACKS=$enableval ],
|
|
[ ENABLED_PKCALLBACKS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_PKCALLBACKS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
|
|
fi
|
|
|
|
|
|
# Maxim Integrated MAXQ10XX
|
|
ENABLED_MAXQ10XX="no"
|
|
maxqpartnumber=""
|
|
AC_ARG_WITH([maxq10xx],
|
|
[AS_HELP_STRING([--with-maxq10xx=PART],[MAXQ10XX PART Number])],
|
|
[
|
|
AC_MSG_CHECKING([for maxq10xx])
|
|
|
|
# Read the part number
|
|
maxqpartnumber=$withval
|
|
|
|
if test "$maxqpartnumber" = "MAXQ1065"; then
|
|
LIB_STATIC_ADD="$LIB_STATIC_ADD lib/libmaxq1065_api.a"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAXQ1065"
|
|
ENABLED_MAXQ10XX="yes"
|
|
AC_CHECK_LIB([rt], [clock_gettime])
|
|
elif test "$maxqpartnumber" = "MAXQ108x"; then
|
|
LIB_STATIC_ADD="$LIB_STATIC_ADD lib/libmaxq108x_api.a"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAXQ108X"
|
|
ENABLED_MAXQ10XX="yes"
|
|
AC_CHECK_LIB([rt], [clock_gettime])
|
|
else
|
|
AC_MSG_ERROR([need a valid MAXQ part number])
|
|
fi
|
|
|
|
AC_MSG_RESULT([yes])
|
|
]
|
|
)
|
|
|
|
AC_ARG_ENABLE([microchip],
|
|
[AS_HELP_STRING([--enable-microchip],[Enable wolfSSL support for microchip/atmel 508/608/100 (default: disabled)])],
|
|
[ ENABLED_ATMEL=$enableval ],
|
|
[ ENABLED_ATMEL=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ATMEL" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP"
|
|
|
|
for v in `echo $ENABLED_ATMEL | tr "," " "`
|
|
do
|
|
case $v in
|
|
508)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
|
|
;;
|
|
|
|
608)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC608A"
|
|
;;
|
|
|
|
100)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MICROCHIP_TA100 -DMICROCHIP_DEV_TYPE=TA100"
|
|
;;
|
|
esac
|
|
done
|
|
fi
|
|
|
|
|
|
# Microchip/Atmel CryptoAuthLib
|
|
ENABLED_CRYPTOAUTHLIB="no"
|
|
AC_ARG_WITH([cryptoauthlib],
|
|
[AS_HELP_STRING([--with-cryptoauthlib=PATH],
|
|
[PATH to CryptoAuthLib install (default: system paths)])],
|
|
[with_cryptoauthlib=$withval],
|
|
[with_cryptoauthlib=no])
|
|
|
|
AS_IF([test "x$with_cryptoauthlib" != "xno"], [
|
|
AS_IF([test "x$ENABLED_ATMEL" = "xno"], [
|
|
AC_MSG_ERROR([--with-cryptoauthlib requires --enable-microchip=<devices>.])
|
|
])
|
|
AC_MSG_CHECKING([for CryptoAuthLib])
|
|
|
|
libdir=""
|
|
incdir=""
|
|
cryptoauthlib_found="no"
|
|
|
|
saved_LIBS="$LIBS"
|
|
saved_LDFLAGS="$LDFLAGS"
|
|
saved_CPPFLAGS="$CPPFLAGS"
|
|
saved_CFLAGS="$CFLAGS"
|
|
|
|
# Method 1: Try pkg-config first (most reliable)
|
|
m4_ifdef([PKG_CHECK_MODULES], [
|
|
PKG_CHECK_MODULES([CRYPTOAUTHLIB], [cryptoauthlib], [
|
|
CPPFLAGS="$CRYPTOAUTHLIB_CFLAGS $CPPFLAGS"
|
|
CFLAGS="$CRYPTOAUTHLIB_CFLAGS $CFLAGS"
|
|
LIBS="$CRYPTOAUTHLIB_LIBS $LIBS"
|
|
cryptoauthlib_found="pkg-config"
|
|
], [:])
|
|
])
|
|
|
|
# Method 2: Manual search if pkg-config failed
|
|
AS_IF([test "x$cryptoauthlib_found" = "xno"], [
|
|
AS_IF([test "x$with_cryptoauthlib" = "xyes"], [
|
|
search_dirs="/usr /usr/local"
|
|
], [
|
|
search_dirs="$with_cryptoauthlib"
|
|
])
|
|
|
|
for trylibatcadir in $search_dirs; do
|
|
for try_libdir in "$trylibatcadir/lib" "$trylibatcadir/lib64"; do
|
|
if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
|
|
libdir="$try_libdir"
|
|
break
|
|
fi
|
|
done
|
|
|
|
if test -z "$libdir"; then
|
|
if test -x /usr/bin/dpkg-architecture; then
|
|
DEB_HOST_MULTIARCH=`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`
|
|
if test -n "$DEB_HOST_MULTIARCH"; then
|
|
try_libdir="$trylibatcadir/lib/$DEB_HOST_MULTIARCH"
|
|
if test -f "$try_libdir/libcryptoauth.so" || test -f "$try_libdir/libcryptoauth.a"; then
|
|
libdir="$try_libdir"
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
for try_incdir in "$trylibatcadir/include/cryptoauthlib" "$trylibatcadir/include"; do
|
|
if test -f "$try_incdir/cryptoauthlib.h"; then
|
|
incdir="$try_incdir"
|
|
break
|
|
fi
|
|
done
|
|
|
|
if test -n "$libdir" && test -n "$incdir"; then
|
|
break
|
|
fi
|
|
libdir=""
|
|
incdir=""
|
|
done
|
|
|
|
if test -n "$libdir" && test -n "$incdir"; then
|
|
CPPFLAGS="-I$incdir $CPPFLAGS"
|
|
CFLAGS="-I$incdir $CFLAGS"
|
|
LDFLAGS="-L$libdir $LDFLAGS"
|
|
LIBS="-lcryptoauth $LIBS"
|
|
cryptoauthlib_found="$libdir"
|
|
fi
|
|
])
|
|
|
|
AS_IF([test "x$cryptoauthlib_found" != "xno"], [
|
|
wolfssl_include=""
|
|
AS_IF([test -f "${srcdir}/wolfssl/wolfcrypt/types.h"], [
|
|
wolfssl_include="-I${srcdir}"
|
|
], [test -f "${srcdir}/wolfssl.h"], [
|
|
wolfssl_include="-I${srcdir}"
|
|
])
|
|
|
|
test_CPPFLAGS="$wolfssl_include $CPPFLAGS"
|
|
test_CFLAGS="$wolfssl_include $CFLAGS"
|
|
|
|
saved_test_CPPFLAGS="$CPPFLAGS"
|
|
saved_test_CFLAGS="$CFLAGS"
|
|
CPPFLAGS="$test_CPPFLAGS"
|
|
CFLAGS="$test_CFLAGS"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM(
|
|
[[#include <cryptoauthlib.h>]],
|
|
[[atcab_init(0); return 0;]])],
|
|
[
|
|
ENABLED_CRYPTOAUTHLIB="yes"
|
|
AC_MSG_RESULT([yes ($cryptoauthlib_found)])
|
|
AC_DEFINE([HAVE_CRYPTOAUTHLIB], [1], [CryptoAuthLib support])
|
|
CPPFLAGS="$saved_test_CPPFLAGS"
|
|
CFLAGS="$saved_test_CFLAGS"
|
|
],
|
|
[
|
|
LIBS="$saved_LIBS"
|
|
LDFLAGS="$saved_LDFLAGS"
|
|
CPPFLAGS="$saved_CPPFLAGS"
|
|
CFLAGS="$saved_CFLAGS"
|
|
AC_MSG_RESULT([no - compilation failed])
|
|
AC_MSG_ERROR([CryptoAuthLib found but compilation check failed. Check config.log for details.])
|
|
])
|
|
], [
|
|
AC_MSG_RESULT([no - library not found])
|
|
AC_MSG_ERROR([CryptoAuthLib not found. Install it or specify path with --with-cryptoauthlib=/path])
|
|
])
|
|
])
|
|
|
|
# TropicSquare TROPIC01
|
|
# Example: "./configure --with-tropic01=/home/pi/libtropic"
|
|
ENABLED_TROPIC01="no"
|
|
trylibtropicdir=""
|
|
AC_ARG_WITH([tropic01],
|
|
[AS_HELP_STRING([--with-tropic01=PATH],[PATH to install (default /usr/)])],
|
|
[
|
|
AC_MSG_CHECKING([for libtropic])
|
|
if test "x$withval" != "xno" ; then
|
|
trylibtropicdir=$withval
|
|
fi
|
|
if test "x$withval" = "xyes" ; then
|
|
trylibtropicdir="libtropic"
|
|
fi
|
|
if test -e $trylibtropicdir/build/libtropic.a
|
|
then
|
|
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibtropicdir/build/libtropic.a"
|
|
LIB_STATIC_ADD="$LIB_STATIC_ADD $trylibtropicdir/build/trezor_crypto/libtrezor_crypto.a"
|
|
AM_CFLAGS="$AM_CFLAGS -I$trylibtropicdir/include"
|
|
else
|
|
ENABLED_TROPIC01="no"
|
|
AC_MSG_ERROR([Could not find libtropic - TropicSquare library])
|
|
fi
|
|
enable_shared=no
|
|
enable_static=yes
|
|
ENABLED_TROPIC01="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TROPIC01"
|
|
AC_MSG_RESULT([yes])
|
|
]
|
|
)
|
|
|
|
|
|
# STMicro STSAFE-A100 / STSAFE-A120
|
|
# Example: "./configure --enable-stsafe=a120"
|
|
ENABLED_STSAFE="no"
|
|
AC_ARG_ENABLE([stsafe],
|
|
[AS_HELP_STRING([--enable-stsafe@<:@=a100|a120@:>@],
|
|
[Enable STMicro STSAFE secure-element support. Variant selects the SDK:
|
|
a100 (legacy STSAFE-A1xx SDK, default) or a120 (STSELib).])],
|
|
[ ENABLED_STSAFE=$enableval ],
|
|
[ ENABLED_STSAFE=no ])
|
|
|
|
case "$ENABLED_STSAFE" in
|
|
no) ;;
|
|
yes|a100) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STSAFE -DWOLFSSL_STSAFEA100"
|
|
ENABLED_STSAFE="a100" ;;
|
|
a120) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STSAFE -DWOLFSSL_STSAFEA120" ;;
|
|
*) AC_MSG_ERROR([Invalid --enable-stsafe value '$ENABLED_STSAFE'; use a100 or a120]) ;;
|
|
esac
|
|
|
|
|
|
# NXP SE050
|
|
# Example: "./configure --with-se050=/home/pi/simw_top"
|
|
ENABLED_SE050="no"
|
|
trylibse050dir=""
|
|
AC_ARG_WITH([se050],
|
|
[AS_HELP_STRING([--with-se050=PATH],[PATH to SE050 install (default /usr/local)])],
|
|
[
|
|
AC_MSG_CHECKING([for SE050])
|
|
|
|
LIBS="$LIBS -lSSS_APIs -lex_common"
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0);]])],[ libse050_linked=yes ],[ libse050_linked=no ])
|
|
|
|
if test "x$libse050_linked" = "xno" ; then
|
|
if test "x$withval" != "xno" ; then
|
|
trylibse050dir=$withval
|
|
fi
|
|
if test "x$withval" = "xyes" ; then
|
|
trylibse050dir="/usr/local"
|
|
fi
|
|
LDFLAGS="$LDFLAGS -L$trylibse050dir/lib"
|
|
LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/include/se05x"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/build"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/ex/inc"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/log"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/se05x_03_xx_xx"
|
|
|
|
if test -e "$trylibse050dir/build/sss/libSSS_APIs.a"; then
|
|
SE050_STATIC=yes
|
|
else
|
|
SE050_STATIC=no
|
|
fi
|
|
if test "x$SE050_STATIC" = "xyes"; then
|
|
LIB_STATIC_ADD="$trylibse050dir/build/sss/ex/src/libex_common.a \
|
|
$trylibse050dir/build/sss/libSSS_APIs.a \
|
|
$trylibse050dir/build/hostlib/hostLib/se05x/libse05x.a \
|
|
$trylibse050dir/build/hostlib/hostLib/liba7x_utils.a \
|
|
$trylibse050dir/build/hostlib/hostLib/libCommon/log/libmwlog.a \
|
|
$trylibse050dir/build/hostlib/hostLib/libCommon/libsmCom.a $LIB_STATIC_ADD"
|
|
else
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ])
|
|
if test "x$libse050_linked" = "xno" ; then
|
|
AC_MSG_ERROR([SE050 isn't found.
|
|
If it's already installed, specify its path using --with-se050=/dir/])
|
|
fi
|
|
fi
|
|
|
|
# Requires AES direct
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"
|
|
|
|
# Does not support SHA2-512 224/256
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
|
|
|
AC_MSG_RESULT([yes])
|
|
else
|
|
AC_MSG_RESULT([yes])
|
|
fi
|
|
|
|
ENABLED_SE050="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050 -DSSS_USE_FTR_FILE"
|
|
]
|
|
)
|
|
|
|
ENABLED_SNIFFTEST=no
|
|
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
|
|
[
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DWOLFSSL_STATIC_EPHEMERAL"
|
|
AC_CHECK_HEADERS([pcap/pcap.h],
|
|
[ ENABLED_SNIFFTEST=yes ],
|
|
[ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
|
|
)
|
|
])
|
|
|
|
|
|
# AES-ECB
|
|
AC_ARG_ENABLE([aesecb],
|
|
[AS_HELP_STRING([--enable-aesecb],[Enable wolfSSL AES-ECB support (default: enabled)])],
|
|
[ ENABLED_AESECB=$enableval ],
|
|
[ ENABLED_AESECB=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESECB" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_ECB"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AES_ECB"
|
|
fi
|
|
|
|
# AES-CBC
|
|
AC_ARG_ENABLE([aescbc],
|
|
[AS_HELP_STRING([--enable-aescbc],[Enable wolfSSL AES-CBC support (default: enabled)])],
|
|
[ ENABLED_AESCBC=$enableval ],
|
|
[ ENABLED_AESCBC=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_AESCBC" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DNO_AES_CBC"
|
|
fi
|
|
|
|
# AES-CBC length checks (checks that input lengths are multiples of block size)
|
|
AC_ARG_ENABLE([aescbc_length_checks],
|
|
[AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])],
|
|
[ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ],
|
|
[ ENABLED_AESCBC_LENGTH_CHECKS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS"
|
|
fi
|
|
|
|
# leanpsk and leantls don't need gcm
|
|
|
|
# AES-GCM
|
|
AC_ARG_ENABLE([aesgcm],
|
|
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
|
|
[ ENABLED_AESGCM=$enableval ],
|
|
[ ENABLED_AESGCM=yes ]
|
|
)
|
|
AC_ARG_ENABLE([aesgcm-stream],
|
|
[AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: disabled)])],
|
|
[ ENABLED_AESGCM_STREAM=$enableval ],
|
|
[ ENABLED_AESGCM_STREAM=no ]
|
|
)
|
|
|
|
# leanpsk and leantls don't need gcm
|
|
if test "$FIPS_VERSION" = "rand" || test "$ENABLED_LEANPSK" = "yes" ||
|
|
(test "$ENABLED_LEANTLS" = "yes" && test "$ENABLED_TLS13" = "no")
|
|
then
|
|
ENABLED_AESGCM=no
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "yes"
|
|
then
|
|
ENABLED_AESGCM="4bit"
|
|
fi
|
|
|
|
|
|
# AES-CCM
|
|
AC_ARG_ENABLE([aesccm],
|
|
[AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])],
|
|
[ ENABLED_AESCCM=$enableval ],
|
|
[ ENABLED_AESCCM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESCCM" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESCCM"
|
|
fi
|
|
|
|
# AES-EAX
|
|
AC_ARG_ENABLE([aeseax],
|
|
[AS_HELP_STRING([--enable-aeseax],[Enable wolfSSL AES-EAX support (default: disabled)])],
|
|
[ ENABLED_AESEAX=$enableval ],
|
|
[ ENABLED_AESEAX=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESEAX" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_EAX"
|
|
fi
|
|
|
|
# AES-SIV (RFC 5297)
|
|
AC_ARG_ENABLE([aessiv],
|
|
[AS_HELP_STRING([--enable-aessiv],[Enable AES-SIV (RFC 5297) (default: disabled)])],
|
|
[ ENABLED_AESSIV=$enableval ],
|
|
[ ENABLED_AESSIV=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CHRONY" = "yes"
|
|
then
|
|
ENABLED_AESSIV=yes
|
|
fi
|
|
|
|
# AES-CTR
|
|
AC_ARG_ENABLE([aesctr],
|
|
[AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
|
|
[ ENABLED_AESCTR=$enableval ],
|
|
[ ENABLED_AESCTR=no ]
|
|
)
|
|
if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes"
|
|
then
|
|
ENABLED_AESCTR=yes
|
|
fi
|
|
|
|
if test "$ENABLED_QUIC" = "yes"
|
|
then
|
|
ENABLED_AESCTR=yes
|
|
fi
|
|
|
|
# AES-OFB
|
|
AC_ARG_ENABLE([aesofb],
|
|
[AS_HELP_STRING([--enable-aesofb],[Enable wolfSSL AES-OFB support (default: disabled)])],
|
|
[ ENABLED_AESOFB=$enableval ],
|
|
[ ENABLED_AESOFB=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESOFB" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
|
|
|
|
# AES-CFB
|
|
AC_ARG_ENABLE([aescfb],
|
|
[AS_HELP_STRING([--enable-aescfb],[Enable wolfSSL AES-CFB support (default: disabled)])],
|
|
[ ENABLED_AESCFB=$enableval ],
|
|
[ ENABLED_AESCFB=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESCFB" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([aes-bitsliced],
|
|
[AS_HELP_STRING([--enable-aes-bitsliced],[Enable bitsliced implementation of AES (default: disabled)])],
|
|
[ ENABLED_AESBS=$enableval ],
|
|
[ ENABLED_AESBS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESBS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_AES_BITSLICED -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
|
|
# SM4
|
|
ENABLED_SM4="no"
|
|
AC_ARG_ENABLE([sm4-ecb],
|
|
[AS_HELP_STRING([--enable-sm4-ecb],[Enable wolfSSL SM4-ECB support (default: disabled)])],
|
|
[ ENABLED_SM4_ECB=$enableval ],
|
|
[ ENABLED_SM4_ECB=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SM4_ECB" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
|
|
fi
|
|
if test "$ENABLED_SM4_ECB" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_ECB"
|
|
ENABLED_SM4="yes"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([sm4-cbc],
|
|
[AS_HELP_STRING([--enable-sm4-cbc],[Enable wolfSSL SM4-CBC support (default: disabled)])],
|
|
[ ENABLED_SM4_CBC=$enableval ],
|
|
[ ENABLED_SM4_CBC=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SM4_CBC" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
|
|
fi
|
|
if test "$ENABLED_SM4_CBC" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_CBC"
|
|
ENABLED_SM4="yes"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([sm4-ctr],
|
|
[AS_HELP_STRING([--enable-sm4-ctr],[Enable wolfSSL SM4-CTR support (default: disabled)])],
|
|
[ ENABLED_SM4_CTR=$enableval ],
|
|
[ ENABLED_SM4_CTR=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SM4_CTR" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
|
|
fi
|
|
if test "$ENABLED_SM4_CTR" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_CTR"
|
|
ENABLED_SM4="yes"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([sm4-gcm],
|
|
[AS_HELP_STRING([--enable-sm4-gcm],[Enable wolfSSL SM4-GCM support (default: disabled)])],
|
|
[ ENABLED_SM4_GCM=$enableval ],
|
|
[ ENABLED_SM4_GCM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SM4_GCM" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
|
|
fi
|
|
if test "$ENABLED_SM4_GCM" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_GCM"
|
|
ENABLED_SM4="yes"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([sm4-ccm],
|
|
[AS_HELP_STRING([--enable-sm4-ccm],[Enable wolfSSL SM4-CCM support (default: disabled)])],
|
|
[ ENABLED_SM4_CCM=$enableval ],
|
|
[ ENABLED_SM4_CCM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SM4_CCM" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_SMALL"
|
|
fi
|
|
if test "$ENABLED_SM4_CCM" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4_CCM"
|
|
ENABLED_SM4="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_SM4" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM4"
|
|
fi
|
|
|
|
|
|
ENABLED_ARMASM_CRYPTO="unknown"
|
|
ENABLED_ARMASM_INLINE="no"
|
|
ENABLED_ARMASM_SHA256_SMALL="no"
|
|
ENABLED_ARMASM_SHA3="unknown"
|
|
ENABLED_ARMASM_CRYPTO_SM4="no"
|
|
# ARM Assembly
|
|
# Both SHA3 and SHA512 instructions available with ARMV8.2-a
|
|
AC_ARG_ENABLE([armasm],
|
|
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled). Set to sha512-crypto or sha3-crypto to use SHA512 and SHA3 instructions with Aarch64 CPU.])],
|
|
[ ENABLED_ARMASM=$enableval ],
|
|
[ ENABLED_ARMASM=no ]
|
|
)
|
|
if test "$ENABLED_ARMASM" != "no" && test "$ENABLED_ASM" = "yes"
|
|
then
|
|
|
|
for v in `echo $ENABLED_ARMASM | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
;;
|
|
inline)
|
|
ENABLED_ARMASM_INLINE=yes
|
|
;;
|
|
no-crypto)
|
|
ENABLED_ARMASM_CRYPTO=no
|
|
;;
|
|
sha256-small)
|
|
case $host_cpu in
|
|
*arm*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SHA256 small option only available on 32-bit ARM CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_SHA256_SMALL=yes
|
|
;;
|
|
sha512-crypto | sha3-crypto)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SHA512/SHA3 instructions only available on Aarch64 CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_SHA3=yes
|
|
ENABLED_ARMASM_PLUS=yes
|
|
;;
|
|
no-sha512-crypto | no-sha3-crypto)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SHA512/SHA3 instructions only available on Aarch64 CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_SHA3=no
|
|
;;
|
|
sm4)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SM4 instructions only available on Aarch64 CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_SM4=yes
|
|
# gcc requires -march=...+sm4 to enable SM4 instructions
|
|
ENABLED_ARMASM_CRYPTO_SM4=yes
|
|
ENABLED_ARMASM_PLUS=yes
|
|
;;
|
|
sm3)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SM3 instructions only available on Aarch64 CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_SM3=yes
|
|
# gcc requires -march=...+sm4 to enable SM3 instructions
|
|
ENABLED_ARMASM_CRYPTO_SM4=yes
|
|
ENABLED_ARMASM_PLUS=yes
|
|
;;
|
|
barrier-sb)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SB instructions only available on Aarch64 v8.5+ CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_BARRIER_SB=yes
|
|
;;
|
|
barrier-detect)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SB instructions only available on Aarch64 v8.5+ CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_BARRIER_DETECT=yes
|
|
;;
|
|
aes-block-dup)
|
|
case $host_cpu in
|
|
*arm*)
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([AES assembly option only available on 32-bit ARM CPU.])
|
|
break;;
|
|
esac
|
|
ENABLED_ARMASM_AES_BLOCK_INLINE=yes
|
|
;;
|
|
*)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, inline, no-crypto, sha512-crypto, sha3-crypto, no-sha512-crypto, no-sha3-crypto, barrier-sb, barrier-detect): $ENABLED_ARMASM.])
|
|
break;;
|
|
*arm*)
|
|
AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, inline, no-crypto, sha256-small, aes-block-dup): $ENABLED_ARMASM.])
|
|
break;;
|
|
esac
|
|
break;;
|
|
esac
|
|
done
|
|
ENABLED_ARMASM="yes"
|
|
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
|
|
#Check if mcpu and mfpu values already set if not use default
|
|
case $CPPFLAGS in
|
|
*mcpu* | *mfpu*)
|
|
break;; #Do not override user set values
|
|
*)
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
case $host_os in
|
|
*darwin*)
|
|
# Turn it on unless explicitly turned off.
|
|
if test "$ENABLED_ARMASM_SHA3" = "unknown"; then
|
|
ENABLED_ARMASM_SHA3="yes"
|
|
fi
|
|
;;
|
|
*)
|
|
# +crypto needed for hardware acceleration
|
|
if test "$ENABLED_ARMASM_PLUS" = "yes"; then
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv8.2-a+crypto"
|
|
if test "$ENABLED_ARMASM_SHA3" = "yes"; then
|
|
AM_CPPFLAGS="$AM_CPPFLAGS+sha3"
|
|
fi
|
|
if test "$ENABLED_ARMASM_CRYPTO_SM4" = "yes"; then
|
|
AM_CPPFLAGS="$AM_CPPFLAGS+sm4"
|
|
fi
|
|
else
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto -DWOLFSSL_AARCH64_NO_SQRDMLSH"
|
|
fi
|
|
;;
|
|
esac
|
|
# Include options.h
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
|
|
if test "$ENABLED_ARMASM_CRYPTO" = "unknown"; then
|
|
ENABLED_ARMASM_CRYPTO=yes
|
|
fi
|
|
ENABLED_ARMASM_NEON=yes
|
|
ENABLED_ARM_64=yes
|
|
|
|
# Check for and set -mstrict-align compiler flag
|
|
# Used to set assumption that Aarch64 systems will not handle
|
|
# unaligned memory references. The flag -mstrict-align is needed
|
|
# on some compiler versions to avoid an invalid addressing mode
|
|
# error with "m" constraint variables in the inline assembly AES
|
|
# code. Even though unaligned load/store access is permitted on
|
|
# normal memory with Cortex-A series boards with the exception
|
|
# being exclusive and ordered access.
|
|
case $CPPFLAGS in
|
|
*mstrict-align*)
|
|
break;; # already set by user
|
|
*)
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -mstrict-align"
|
|
AC_MSG_NOTICE([64bit ARMv8, setting -mstrict-align]);;
|
|
esac
|
|
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto])
|
|
;;
|
|
armv7a* | armv7l*)
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm"
|
|
# Include options.h
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
|
|
ENABLED_ARMASM_CRYPTO=no
|
|
ENABLED_ARMASM_NEON=yes
|
|
ENABLED_ARM_32=yes
|
|
AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon])
|
|
if test "$ENABLED_FIPS" != "no" ||
|
|
test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
|
|
then
|
|
# Use inline ASM with FIPS because of known "issue" with the
|
|
# assembly code
|
|
ENABLED_ARMASM_INLINE=yes
|
|
AC_MSG_NOTICE([32bit ARMv7-a found, setting inline for FIPS])
|
|
fi
|
|
;;
|
|
armv7m*)
|
|
# QEMU doesn't work with armv7-m
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
|
|
# Include options.h
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
|
|
ENABLED_ARMASM_CRYPTO=no
|
|
ENABLED_ARMASM_NEON=no
|
|
ENABLED_ARM_THUMB=yes
|
|
ENABLED_ARM_32=yes
|
|
AC_MSG_NOTICE([32bit ARMv7-m found])
|
|
if test "$ENABLED_FIPS" != "no" ||
|
|
test "$HAVE_FIPS_VERSION_MAJOR" -ge 5;
|
|
then
|
|
# Use inline ASM with FIPS because of known "issue" with the
|
|
# assembly code
|
|
ENABLED_ARMASM_INLINE=yes
|
|
AC_MSG_NOTICE([32bit ARMv7-m found, setting inline for FIPS])
|
|
fi
|
|
;;
|
|
armv6*)
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv6 -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=6"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
|
|
ENABLED_ARMASM_CRYPTO=no
|
|
ENABLED_ARMASM_NEON=no
|
|
ENABLED_ARM_32=yes
|
|
AC_MSG_NOTICE([32bit ARMv6 found])
|
|
;;
|
|
armv4*)
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv4 -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=4"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
|
|
ENABLED_ARMASM_CRYPTO=no
|
|
ENABLED_ARMASM_NEON=no
|
|
ENABLED_ARM_32=yes
|
|
AC_MSG_NOTICE([32bit ARMv4 found])
|
|
;;
|
|
*)
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8 -marm"
|
|
# Include options.h
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
|
|
ENABLED_ARMASM_CRYPTO=yes
|
|
ENABLED_ARMASM_NEON=yes
|
|
ENABLED_ARM_32=yes
|
|
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8])
|
|
;;
|
|
esac
|
|
esac
|
|
fi
|
|
|
|
if test "$ENABLED_ARMASM_SHA256_SMALL" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_SHA256_SMALL"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_SHA256_SMALL"
|
|
fi
|
|
if test "$ENABLED_ARMASM_SHA3" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
|
|
fi
|
|
if test "$ENABLED_ARMASM_SHA3" = "unknown"; then
|
|
ENABLED_ARMASM_SHA3="no"
|
|
fi
|
|
if test "$ENABLED_ARMASM_SM3" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM3"
|
|
fi
|
|
if test "$ENABLED_ARMASM_SM4" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SM4"
|
|
fi
|
|
if test "$ENABLED_ARMASM_BARRIER_SB" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_BARRIER_SB"
|
|
fi
|
|
if test "$ENABLED_ARMASM_BARRIER_DETECT" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_BARRIER_DETECT"
|
|
fi
|
|
if test "$ENABLED_ARMASM_CRYPTO" = "unknown"; then
|
|
ENABLED_ARMASM_CRYPTO=no
|
|
fi
|
|
if test "$ENABLED_ARMASM_CRYPTO" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_NO_HW_CRYPTO"
|
|
fi
|
|
if test "$ENABLED_ARMASM_NEON" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_NO_NEON"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_NO_NEON"
|
|
fi
|
|
|
|
if test "$ENABLED_ARMASM_INLINE" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_INLINE"
|
|
fi
|
|
if test "$ENABLED_ARMASM_AES_BLOCK_INLINE" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_AES_BLOCK_INLINE"
|
|
fi
|
|
|
|
# RISC-V Assembly
|
|
AC_ARG_ENABLE([riscv-asm],
|
|
[AS_HELP_STRING([--enable-riscv-asm],[Enable wolfSSL RISC-V ASM support (default: disabled).])],
|
|
[ ENABLED_RISCV_ASM=$enableval ],
|
|
[ ENABLED_RISCV_ASM=no ]
|
|
)
|
|
if test "$ENABLED_RISCV_ASM" != "no" && test "$ENABLED_ASM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_ASM"
|
|
AC_MSG_NOTICE([64bit RISC-V assembly for AES])
|
|
fi
|
|
|
|
ENABLED_RISCV_ASM_OPTS=$ENABLED_RISCV_ASM
|
|
for v in `echo $ENABLED_RISCV_ASM_OPTS | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
;;
|
|
no)
|
|
;;
|
|
zbb)
|
|
# REV8
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION"
|
|
;;
|
|
zbc|zbkc)
|
|
# CLMUL, CLMULH
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_CARRYLESS"
|
|
;;
|
|
zbkb)
|
|
# PACK, REV8
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BASE_BIT_MANIPULATION"
|
|
;;
|
|
zbt)
|
|
# FSL, FSR, FSRI, CMOV, CMIX - QEMU doesn't know about these instructions
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_BIT_MANIPULATION_TERNARY"
|
|
;;
|
|
zkn|zkned)
|
|
# AES encrypt/decrpyt, SHA-2
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_SCALAR_CRYPTO_ASM"
|
|
;;
|
|
zv)
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR"
|
|
;;
|
|
zvbb|zvkb)
|
|
# VBREV8
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION"
|
|
;;
|
|
zvbc)
|
|
# VCLMUL, VCLMULH
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CARRYLESS"
|
|
;;
|
|
zvkg)
|
|
# VGMUL, VHHSH
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_GCM"
|
|
;;
|
|
zvkned)
|
|
# Vector AES, SHA-2
|
|
ENABLED_RISCV_ASM=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CRYPTO_ASM"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid RISC-V option [yes,zbkb,zbb,zbc,zbkc,zkn,zkned,zv,zvkg,zvbc,zvbb,zvkb,zvkned]: $ENABLED_RISCV_ASM.])
|
|
break
|
|
;;
|
|
esac
|
|
done
|
|
|
|
|
|
# PPC32 Assembly
|
|
AC_ARG_ENABLE([ppc32-asm],
|
|
[AS_HELP_STRING([--enable-ppc32-asm],[Enable wolfSSL PowerPC 32-bit ASM support (default: disabled).])],
|
|
[ ENABLED_PPC32_ASM=$enableval ],
|
|
[ ENABLED_PPC32_ASM=no ]
|
|
)
|
|
|
|
|
|
if test "$ENABLED_PPC32_ASM" != "no" && test "$ENABLED_ASM" = "yes"
|
|
then
|
|
ENABLED_PPC32_ASM_OPTS=$ENABLED_PPC32_ASM
|
|
for v in `echo $ENABLED_PPC32_ASM_OPTS | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
;;
|
|
inline)
|
|
ENABLED_PPC32_ASM_INLINE=yes
|
|
;;
|
|
inline-reg)
|
|
ENABLED_PPC32_ASM_INLINE_REG=yes
|
|
;;
|
|
small)
|
|
ENABLED_PPC32_ASM_SMALL=yes
|
|
;;
|
|
spe)
|
|
ENABLED_PPC32_ASM_SPE=yes
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid RISC-V option [yes,inline,small]: $ENABLED_PPC32_ASM.])
|
|
break
|
|
;;
|
|
esac
|
|
done
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM"
|
|
AC_MSG_NOTICE([32-bit PowerPC assembly for SHA-256])
|
|
ENABLED_PPC32_ASM=yes
|
|
fi
|
|
if test "$ENABLED_PPC32_ASM_INLINE" = "yes" || test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_INLINE"
|
|
else
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM"
|
|
fi
|
|
if test "$ENABLED_PPC32_ASM_SMALL" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SMALL"
|
|
fi
|
|
if test "$ENABLED_PPC32_ASM_SPE" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_SPE"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM_SPE"
|
|
fi
|
|
|
|
# Xilinx hardened crypto
|
|
AC_ARG_ENABLE([xilinx],
|
|
[AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
|
|
[ ENABLED_XILINX=$enableval ],
|
|
[ ENABLED_XILINX=no ]
|
|
)
|
|
if test "$ENABLED_XILINX" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XILINX -DWOLFSSL_XILINX_CRYPT"
|
|
fi
|
|
|
|
|
|
# CAAM build
|
|
trylibsecodir="/usr"
|
|
AC_ARG_WITH([seco],
|
|
[AS_HELP_STRING([--with-seco=PATH],[PATH to SECO install (default /usr/lib/)])],
|
|
[
|
|
AC_MSG_CHECKING([for SECO])
|
|
|
|
if test "x$withval" != "xno" ; then
|
|
trylibsecodir=$withval
|
|
fi
|
|
]
|
|
)
|
|
|
|
AC_ARG_ENABLE([aria],
|
|
[AS_HELP_STRING([--enable-aria],[Enable wolfSSL support for ARIA (default: disabled)])],
|
|
[ ENABLED_ARIA=$enableval ],
|
|
[ ENABLED_ARIA=no ]
|
|
)
|
|
if test "$ENABLED_ARIA" = "yes"
|
|
then
|
|
ARIA_DIR=MagicCrypto
|
|
# Enable dependency
|
|
CFLAGS="$CFLAGS -I$ARIA_DIR/include"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ARIA"
|
|
AM_LDFLAGS="$AM_LDFLAGS -L$ARIA_DIR/lib -lMagicCrypto"
|
|
build_pwd="$(pwd)"
|
|
headers="mcapi_error.h mcapi_type.h mcapi.h"
|
|
for header in $headers
|
|
do
|
|
AC_CHECK_HEADER([$header], [], [
|
|
AC_MSG_ERROR([Error including $header. Please put the MagicCrypto library in $build_pwd.])
|
|
], [
|
|
extern int dummy_int_to_make_compiler_happy;
|
|
])
|
|
done
|
|
fi
|
|
|
|
AC_ARG_ENABLE([caam],
|
|
[AS_HELP_STRING([--enable-caam],[Enable wolfSSL support for CAAM (default: disabled)])],
|
|
[ ENABLED_CAAM=$enableval ],
|
|
[ ENABLED_CAAM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CAAM" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM"
|
|
|
|
for v in `echo $ENABLED_CAAM | tr "," " "`
|
|
do
|
|
case $v in
|
|
qnx)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QNX_CAAM"
|
|
ENABLED_CAAM_QNX="yes"
|
|
;;
|
|
|
|
imx6q)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6Q_CAAM"
|
|
;;
|
|
|
|
imx6ul)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6UL_CAAM"
|
|
;;
|
|
|
|
seco)
|
|
SECO_DIR=$trylibsecodir
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -I$SECO_DIR/include"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_SECO_CAAM"
|
|
|
|
AC_CHECK_LIB([hsm_lib],[hsm_open_session])
|
|
AC_CHECK_LIB([seco_nvm_manager],[seco_nvm_manager])
|
|
LIB_STATIC_ADD="$LIB_STATIC_ADD $SECO_DIR/lib/hsm_lib.a $SECO_DIR/lib/seco_nvm_manager.a"
|
|
LIB_ADD="$LIB_ADD -lz"
|
|
;;
|
|
|
|
esac
|
|
done
|
|
fi
|
|
|
|
# INTEL AES-NI
|
|
AC_ARG_ENABLE([aesni],
|
|
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
|
|
[ ENABLED_AESNI=$enableval ],
|
|
[ ENABLED_AESNI=no ]
|
|
)
|
|
|
|
# INTEL AES-NI with AVX
|
|
AC_ARG_ENABLE([aesni-with-avx],
|
|
[AS_HELP_STRING([--enable-aesni-with-avx],[Enable AES-NI with additional AVX acceleration for AES (default: disabled)])],
|
|
[ ENABLED_AESNI_WITH_AVX=$enableval ],
|
|
[ ENABLED_AESNI_WITH_AVX=no ]
|
|
)
|
|
|
|
# INTEL ASM
|
|
AC_ARG_ENABLE([intelasm],
|
|
[AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
|
|
[ ENABLED_INTELASM=$enableval ],
|
|
[ ENABLED_INTELASM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ASM" = "yes"
|
|
then
|
|
if test "$ENABLED_AESNI" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
|
|
ENABLED_AESNI=yes
|
|
fi
|
|
|
|
if test "$ENABLED_INTELASM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
|
|
ENABLED_AESNI=yes
|
|
ENABLED_AESNI_WITH_AVX=yes
|
|
elif test "$ENABLED_AESNI_WITH_AVX" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP_FOR_AES"
|
|
ENABLED_AESNI=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
|
|
if test "$KERNEL_MODE_DEFAULTS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_C_DYNAMIC_FALLBACK"
|
|
fi
|
|
if test "$CC" != "icc"
|
|
then
|
|
case $host_os in
|
|
mingw*)
|
|
# Windows uses intrinsics for GCM which uses SSE4 instructions.
|
|
# MSVC has own build files.
|
|
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
|
|
;;
|
|
*)
|
|
# Intrinsics used in AES_set_decrypt_key (TODO: rework)
|
|
AM_CFLAGS="$AM_CFLAGS -maes"
|
|
;;
|
|
esac
|
|
fi
|
|
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
|
|
AS_IF([test "x$ENABLED_SM3" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SM3"])
|
|
fi
|
|
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
|
|
then
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_64_BUILD"
|
|
fi
|
|
if test "$host_cpu" = "x86"
|
|
then
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_X86_BUILD"
|
|
ENABLED_X86_ASM=yes
|
|
fi
|
|
fi
|
|
AC_SUBST([ENABLED_AESNI])
|
|
AC_SUBST([ENABLED_AESNI_WITH_AVX])
|
|
|
|
AC_ARG_ENABLE([aligndata],
|
|
[AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
|
|
[ ENABLED_ALIGN_DATA=$enableval ],
|
|
[ ENABLED_ALIGN_DATA=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_ALIGN_DATA" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN"
|
|
fi
|
|
|
|
# INTEL RDRAND
|
|
AC_ARG_ENABLE([intelrand],
|
|
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
|
|
[ ENABLED_INTELRDRAND=$enableval ],
|
|
[ ENABLED_INTELRDRAND=no ]
|
|
)
|
|
|
|
if test "$ENABLED_INTELRDRAND" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
|
|
fi
|
|
|
|
# INTEL RDSEED
|
|
AC_ARG_ENABLE([intelrdseed],
|
|
[AS_HELP_STRING([--enable-intelrdseed],[Enable Intel rdseed as preferred RNG seeding source (default: disabled)])],
|
|
[ ENABLED_INTELRDSEED=$enableval ],
|
|
[ ENABLED_INTELRDSEED=no ]
|
|
)
|
|
|
|
if test "$ENABLED_INTELRDSEED" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED"
|
|
fi
|
|
|
|
# AMD RDSEED
|
|
AC_ARG_ENABLE([amdrdseed],
|
|
[AS_HELP_STRING([--enable-amdrdseed],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])],
|
|
[ ENABLED_AMDRDSEED=$enableval ],
|
|
[ ENABLED_AMDRDSEED=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([amdrand],
|
|
[AS_HELP_STRING([--enable-amdrand],[Alias for --enable-amdrdseed])],
|
|
[ ENABLED_AMDRDSEED=$enableval ]
|
|
)
|
|
|
|
if test "$ENABLED_AMDRDSEED" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AMD_RDSEED"
|
|
fi
|
|
|
|
|
|
# Linux af_alg
|
|
AC_ARG_ENABLE([afalg],
|
|
[AS_HELP_STRING([--enable-afalg],[Enable Linux af_alg use for crypto (default: disabled)])],
|
|
[ ENABLED_AFALG=$enableval ],
|
|
[ ENABLED_AFALG=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AFALG" = "yes"
|
|
then
|
|
if test "$ENABLED_AESCCM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
|
|
fi
|
|
|
|
if test "$ENABLED_AFALG" = "xilinx"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3 -DWOLFSSL_AFALG_XILINX_RSA"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
|
|
ENABLED_AFALG="yes"
|
|
ENABLED_XILINX="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_AFALG" = "xilinx-aes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
|
|
ENABLED_AFALG="yes"
|
|
ENABLED_XILINX="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_AFALG" = "xilinx-sha3"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
|
|
ENABLED_AFALG="yes"
|
|
ENABLED_XILINX="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_AFALG" = "xilinx-rsa"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_RSA"
|
|
ENABLED_AFALG="yes"
|
|
ENABLED_XILINX="yes"
|
|
fi
|
|
|
|
|
|
# libkcapi
|
|
|
|
AC_ARG_ENABLE([kcapi-hash],
|
|
[AS_HELP_STRING([--enable-kcapi-hash],[Enable libkcapi use for hashing (default: disabled)])],
|
|
[ ENABLED_KCAPI_HASH=$enableval ],
|
|
[ ENABLED_KCAPI_HASH=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([kcapi-hmac],
|
|
[AS_HELP_STRING([--enable-kcapi-hmac],[Enable libkcapi use for HMAC (default: disabled)])],
|
|
[ ENABLED_KCAPI_HMAC=$enableval ],
|
|
[ ENABLED_KCAPI_HMAC=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([kcapi-aes],
|
|
[AS_HELP_STRING([--enable-kcapi-aes],[Enable libkcapi use for AES (default: disabled)])],
|
|
[ ENABLED_KCAPI_AES=$enableval ],
|
|
[ ENABLED_KCAPI_AES=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([kcapi-rsa],
|
|
[AS_HELP_STRING([--enable-kcapi-rsa],[Enable libkcapi use for RSA (default: disabled)])],
|
|
[ ENABLED_KCAPI_RSA=$enableval ],
|
|
[ ENABLED_KCAPI_RSA=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([kcapi-dh],
|
|
[AS_HELP_STRING([--enable-kcapi-dh],[Enable libkcapi use for DH (default: disabled)])],
|
|
[ ENABLED_KCAPI_DH=$enableval ],
|
|
[ ENABLED_KCAPI_DH=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([kcapi-ecc],
|
|
[AS_HELP_STRING([--enable-kcapi-ecc],[Enable libkcapi use for ECC (default: disabled)])],
|
|
[ ENABLED_KCAPI_ECC=$enableval ],
|
|
[ ENABLED_KCAPI_ECC=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([kcapi],
|
|
[AS_HELP_STRING([--enable-kcapi],[Enable libkcapi use for crypto (default: disabled)])],
|
|
[ ENABLED_KCAPI=$enableval ],
|
|
[ ENABLED_KCAPI=no ]
|
|
)
|
|
|
|
if test "$ENABLED_KCAPI" = "yes"
|
|
then
|
|
AS_IF([test "$enable_kcapi_hash" != "no"], [ENABLED_KCAPI_HASH=yes])
|
|
AS_IF([test "$enable_kcapi_hmac" != "no"], [ENABLED_KCAPI_HMAC=yes])
|
|
AS_IF([test "$enable_kcapi_aes" != "no"], [ENABLED_KCAPI_AES=yes])
|
|
AS_IF([test "$enable_kcapi_rsa" != "no"], [ENABLED_KCAPI_RSA=yes])
|
|
AS_IF([test "$enable_kcapi_dh" != "no"], [ENABLED_KCAPI_DH=yes])
|
|
AS_IF([test "$enable_kcapi_ecc" != "no"], [ENABLED_KCAPI_ECC=yes])
|
|
fi
|
|
|
|
if test "$ENABLED_KCAPI_HASH" != "no" ||
|
|
test "$ENABLED_KCAPI_HMAC" != "no" ||
|
|
test "$ENABLED_KCAPI_AES" != "no" ||
|
|
test "$ENABLED_KCAPI_RSA" != "no" ||
|
|
test "$ENABLED_KCAPI_DH" != "no" ||
|
|
test "$ENABLED_KCAPI_ECC" != "no"
|
|
then
|
|
LIBS="$LIBS -lkcapi"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI"
|
|
fi
|
|
|
|
if test "$ENABLED_KCAPI_HASH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HASH -DWOLFSSL_KCAPI_HASH_KEEP"
|
|
# Linux Kernel doesn't support truncated SHA512 algorithms
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
|
fi
|
|
|
|
if test "$ENABLED_KCAPI_HMAC" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HMAC"
|
|
fi
|
|
|
|
if test "$ENABLED_KCAPI_AES" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_AES"
|
|
HAVE_AESGCM_PORT=yes
|
|
if test "$ENABLED_AESCCM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM_STREAM" = "yes"
|
|
then
|
|
AC_MSG_ERROR([--enable-aesgcm-stream is incompatible with --enable-kcapi.])
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_KCAPI_RSA" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_RSA"
|
|
fi
|
|
|
|
if test "$ENABLED_KCAPI_DH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_DH -DWOLFSSL_DH_EXTRA"
|
|
fi
|
|
|
|
if test "$ENABLED_KCAPI_ECC" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_ECC"
|
|
fi
|
|
|
|
|
|
# Support for Linux dev/crypto calls
|
|
AC_ARG_ENABLE([devcrypto],
|
|
[AS_HELP_STRING([--enable-devcrypto],[Enable Linux dev crypto calls: all | aes (all aes support) | hash (all hash algos) | cbc (aes-cbc only) (default: disabled)])],
|
|
[ ENABLED_DEVCRYPTO=$enableval ],
|
|
[ ENABLED_DEVCRYPTO=no ]
|
|
)
|
|
|
|
if test "$ENABLED_DEVCRYPTO" = "yes" || test "$ENABLED_DEVCRYPTO" = "all"
|
|
then
|
|
#enable all devcrypto supported algorithms
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
|
|
if test "$ENABLED_AESCCM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
|
|
ENABLED_DEVCRYPTO=yes
|
|
fi
|
|
if test "$ENABLED_DEVCRYPTO" = "aes"
|
|
then
|
|
#enable only AES-CBC algorithm support
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
|
|
if test "$ENABLED_AESCCM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
ENABLED_DEVCRYPTO=yes
|
|
fi
|
|
if test "$ENABLED_DEVCRYPTO" = "cbc"
|
|
then
|
|
#enable only AES-CBC algorithm support
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
|
|
ENABLED_DEVCRYPTO=yes
|
|
fi
|
|
if test "$ENABLED_DEVCRYPTO" = "hash"
|
|
then
|
|
#enable only hash algorithm support
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
|
|
ENABLED_DEVCRYPTO=yes
|
|
fi
|
|
if test "$ENABLED_DEVCRYPTO" = "hmac"
|
|
then
|
|
#enable only hmac algorithm support
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HMAC"
|
|
ENABLED_DEVCRYPTO=yes
|
|
fi
|
|
if test "$ENABLED_DEVCRYPTO" = "rsa"
|
|
then
|
|
#enable only rsa algorithm support
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_RSA"
|
|
ENABLED_DEVCRYPTO=yes
|
|
fi
|
|
if test "$ENABLED_DEVCRYPTO" = "seco"
|
|
then
|
|
#enable support of devcrypto for algos not supported with seco
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HMAC"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_RSA"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CURVE25519"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_ECDSA"
|
|
ENABLED_DEVCRYPTO=yes
|
|
fi
|
|
|
|
|
|
# Camellia
|
|
AC_ARG_ENABLE([camellia],
|
|
[AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])],
|
|
[ ENABLED_CAMELLIA=$enableval ],
|
|
[ ENABLED_CAMELLIA=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CAMELLIA" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
|
|
fi
|
|
|
|
|
|
# MD2
|
|
AC_ARG_ENABLE([md2],
|
|
[AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])],
|
|
[ ENABLED_MD2=$enableval ],
|
|
[ ENABLED_MD2=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BUMP" = "yes"
|
|
then
|
|
ENABLED_MD2="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_MD2" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
|
|
fi
|
|
|
|
|
|
# NULL CIPHER
|
|
AC_ARG_ENABLE([nullcipher],
|
|
[AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])],
|
|
[ ENABLED_NULL_CIPHER=$enableval ],
|
|
[ ENABLED_NULL_CIPHER=no ]
|
|
)
|
|
|
|
if test "$ENABLED_NULL_CIPHER" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
|
|
fi
|
|
|
|
# RIPEMD
|
|
AC_ARG_ENABLE([ripemd],
|
|
[AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])],
|
|
[ ENABLED_RIPEMD=$enableval ],
|
|
[ ENABLED_RIPEMD=no ]
|
|
)
|
|
|
|
if test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno"
|
|
then
|
|
ENABLED_RIPEMD="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_RIPEMD" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
|
|
fi
|
|
|
|
|
|
# BLAKE2
|
|
AC_ARG_ENABLE([blake2b],
|
|
[AS_HELP_STRING([--enable-blake2b],[Enable wolfSSL BLAKE2b support (default: disabled)])],
|
|
[ ENABLED_BLAKE2B=$enableval ],
|
|
[ ENABLED_BLAKE2B=no ]
|
|
)
|
|
|
|
# Backward-compat synonym for blake2b:
|
|
AC_ARG_ENABLE([blake2],
|
|
[AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])],
|
|
[ ENABLED_BLAKE2B=$enableval ]
|
|
)
|
|
|
|
if test "$ENABLED_BLAKE2B" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2B"
|
|
fi
|
|
|
|
|
|
AC_ARG_ENABLE([blake2s],
|
|
[AS_HELP_STRING([--enable-blake2s],[Enable wolfSSL BLAKE2s support (default: disabled)])],
|
|
[ ENABLED_BLAKE2S=$enableval ],
|
|
[ ENABLED_BLAKE2S=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BLAKE2S" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S"
|
|
fi
|
|
|
|
|
|
# SHA256
|
|
AC_ARG_ENABLE([sha256],
|
|
[AS_HELP_STRING([--enable-sha256],[Enable wolfSSL SHA256 support (default: enabled)])],
|
|
[ ENABLED_SHA256=$enableval ],
|
|
[ ENABLED_SHA256=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_SHA256" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SHA256"
|
|
fi
|
|
|
|
|
|
# set sha224 default
|
|
SHA224_DEFAULT=no
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
|
|
then
|
|
if test "x$ENABLED_AFALG" = "xno" && test "x$ENABLED_DEVCRYPTO" = "xno" &&
|
|
( test "x$ENABLED_FIPS" = "xno" ||
|
|
( test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" != 1 ) )
|
|
then
|
|
SHA224_DEFAULT=$ENABLED_SHA256
|
|
fi
|
|
fi
|
|
|
|
# SHA224
|
|
AC_ARG_ENABLE([sha224],
|
|
[AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64/amd64/aarch64)])],
|
|
[ ENABLED_SHA224=$enableval ],
|
|
[ ENABLED_SHA224=$SHA224_DEFAULT ]
|
|
)
|
|
|
|
if test "$ENABLED_SHA224" = "yes"
|
|
then
|
|
if test "$ENABLED_SHA256" = "no"
|
|
then
|
|
AC_MSG_ERROR([Enabling SHA224 requires enabling SHA256.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
|
|
fi
|
|
|
|
|
|
# set sha3 default
|
|
SHA3_DEFAULT=no
|
|
if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" ||
|
|
test "$host_cpu" = "amd64")
|
|
then
|
|
if test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -ge 2
|
|
then
|
|
SHA3_DEFAULT=yes
|
|
fi
|
|
fi
|
|
|
|
# SHA3
|
|
AC_ARG_ENABLE([sha3],
|
|
[AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64/amd64/aarch64)])],
|
|
[ ENABLED_SHA3=$enableval ],
|
|
[ ENABLED_SHA3=$SHA3_DEFAULT ]
|
|
)
|
|
|
|
if test "$ENABLED_SHA3" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL"
|
|
fi
|
|
|
|
if test "$ENABLED_SHA3" = "noasm"
|
|
then
|
|
ENABLED_SHA3=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_SHA3_NO_ASM"
|
|
fi
|
|
|
|
if test "$ENABLED_SHA3" != "no" &&
|
|
(test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6)
|
|
then
|
|
SHAKE_DEFAULT=yes
|
|
else
|
|
SHAKE_DEFAULT=no
|
|
fi
|
|
|
|
# SHAKE128
|
|
AC_ARG_ENABLE([shake128],
|
|
[AS_HELP_STRING([--enable-shake128],[Enable wolfSSL SHAKE128 support (default: disabled)])],
|
|
[ ENABLED_SHAKE128=$enableval ],
|
|
[ ENABLED_SHAKE128=$SHAKE_DEFAULT ]
|
|
)
|
|
|
|
# MLKEM requires SHAKE128. Force-enable when MLKEM is enabled.
|
|
if test "$ENABLED_MLKEM" != "no"
|
|
then
|
|
if test "$ENABLED_SHAKE128" = "no"
|
|
then
|
|
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128])
|
|
ENABLED_SHAKE128=yes
|
|
fi
|
|
fi
|
|
|
|
# SHAKE256
|
|
AC_ARG_ENABLE([shake256],
|
|
[AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])],
|
|
[ ENABLED_SHAKE256=$enableval ],
|
|
[ ENABLED_SHAKE256=$SHAKE_DEFAULT ]
|
|
)
|
|
|
|
# MLKEM requires SHAKE256. Force-enable when MLKEM is enabled.
|
|
if test "$ENABLED_MLKEM" != "no"
|
|
then
|
|
if test "$ENABLED_SHAKE256" = "no"
|
|
then
|
|
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256])
|
|
ENABLED_SHAKE256=yes
|
|
fi
|
|
fi
|
|
|
|
# SHA512
|
|
AC_ARG_ENABLE([sha512],
|
|
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
|
|
[ ENABLED_SHA512=$enableval ],
|
|
[ ENABLED_SHA512=yes ]
|
|
)
|
|
|
|
# options that don't require sha512
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes"
|
|
then
|
|
ENABLED_SHA512="no"
|
|
fi
|
|
|
|
# options that require sha512
|
|
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
|
|
then
|
|
ENABLED_SHA512="yes"
|
|
ENABLED_SHA384="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_SHA512" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512"
|
|
fi
|
|
|
|
# SHA-256 Hash DRBG (SP 800-90A) -- sub-option of hashdrbg
|
|
AC_ARG_ENABLE([sha256-drbg],
|
|
[AS_HELP_STRING([--enable-sha256-drbg],[Enable SHA-256 Hash DRBG (default: enabled)])],
|
|
[ ENABLED_SHA256_DRBG=$enableval ],
|
|
[ ENABLED_SHA256_DRBG=yes ]
|
|
)
|
|
|
|
# SHA-512 Hash DRBG (SP 800-90A) -- sub-option of hashdrbg
|
|
AC_ARG_ENABLE([sha512-drbg],
|
|
[AS_HELP_STRING([--enable-sha512-drbg],[Enable SHA-512 Hash DRBG (default: enabled)])],
|
|
[ ENABLED_SHA512_DRBG=$enableval ],
|
|
[ ENABLED_SHA512_DRBG=yes ]
|
|
)
|
|
|
|
# SHA-512 DRBG requires SHA-512
|
|
if test "$ENABLED_SHA512" != "yes"
|
|
then
|
|
ENABLED_SHA512_DRBG=no
|
|
fi
|
|
|
|
# SHA384
|
|
AC_ARG_ENABLE([sha384],
|
|
[AS_HELP_STRING([--enable-sha384],[Enable wolfSSL SHA-384 support (default: enabled)])],
|
|
[ ENABLED_SHA384=$enableval ],
|
|
[ ENABLED_SHA384=yes ]
|
|
)
|
|
|
|
# options that don't require sha384
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_16BIT" = "yes"
|
|
then
|
|
ENABLED_SHA384="no"
|
|
fi
|
|
|
|
# options that require sha384
|
|
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
|
|
then
|
|
ENABLED_SHA384="yes"
|
|
fi
|
|
if test "$ENABLED_SHA384" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384"
|
|
fi
|
|
|
|
|
|
# SM3
|
|
AC_ARG_ENABLE([sm3],
|
|
[AS_HELP_STRING([--enable-sm3],[Enable wolfSSL SM3 support (default: disabled)])],
|
|
[ ENABLED_SM3=$enableval ],
|
|
[ ENABLED_SM3=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SM3" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM3_SMALL"
|
|
fi
|
|
if test "$ENABLED_SM3" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM3"
|
|
fi
|
|
|
|
# SESSION CERTS
|
|
AC_ARG_ENABLE([sessioncerts],
|
|
[AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])],
|
|
[ ENABLED_SESSIONCERTS=$enableval ],
|
|
[ ENABLED_SESSIONCERTS=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
|
|
test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
|
|
test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
|
|
then
|
|
ENABLED_SESSIONCERTS=yes
|
|
fi
|
|
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
|
|
then
|
|
ENABLED_SESSIONCERTS=yes
|
|
fi
|
|
|
|
if test "$ENABLED_SESSIONCERTS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
|
|
# KEY GENERATION
|
|
AC_ARG_ENABLE([keygen],
|
|
[AS_HELP_STRING([--enable-keygen],[Enable key generation (only applies to RSA key generation) (default: disabled)])],
|
|
[ ENABLED_KEYGEN=$enableval ],
|
|
[ ENABLED_KEYGEN=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || \
|
|
test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_OPENRESTY" = "yes" || \
|
|
test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || \
|
|
test "$ENABLED_STRONGSWAN" = "yes" || test "$ENABLED_SE050" = "yes"
|
|
then
|
|
ENABLED_KEYGEN=yes
|
|
fi
|
|
|
|
# ATTRIBUTE CERTIFICATES
|
|
AC_ARG_ENABLE([acert],
|
|
[AS_HELP_STRING([--enable-acert],[Enable attribute certificate support (default: disabled)])],
|
|
[ ENABLED_ACERT=$enableval ],
|
|
[ ENABLED_ACERT=no ]
|
|
)
|
|
|
|
# CERT GENERATION
|
|
AC_ARG_ENABLE([certgen],
|
|
[AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])],
|
|
[ ENABLED_CERTGEN=$enableval ],
|
|
[ ENABLED_CERTGEN=no ]
|
|
)
|
|
if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \
|
|
test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || \
|
|
test "$ENABLED_CHRONY" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
|
|
test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes"
|
|
then
|
|
ENABLED_CERTGEN=yes
|
|
fi
|
|
|
|
# CERT REQUEST GENERATION
|
|
AC_ARG_ENABLE([certreq],
|
|
[AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])],
|
|
[ ENABLED_CERTREQ=$enableval ],
|
|
[ ENABLED_CERTREQ=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WPAS_DPP" = "yes"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
fi
|
|
|
|
# CERT REQUEST EXTENSION
|
|
AC_ARG_ENABLE([certext],
|
|
[AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])],
|
|
[ ENABLED_CERTEXT=$enableval ],
|
|
[ ENABLED_CERTEXT=no ]
|
|
)
|
|
if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_STRONGSWAN" = "yes"
|
|
then
|
|
ENABLED_CERTEXT=yes
|
|
fi
|
|
|
|
|
|
# DECODED CERT CACHE
|
|
AC_ARG_ENABLE([certgencache],
|
|
[AS_HELP_STRING([--enable-certgencache],[Enable decoded cert caching (default: disabled)])],
|
|
[ ENABLED_certgencache=$enableval ],
|
|
[ ENABLED_certgencache=no ]
|
|
)
|
|
|
|
if test "$ENABLED_certgencache" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN_CACHE"
|
|
fi
|
|
|
|
|
|
# CERT SIGN CALLBACK
|
|
AC_ARG_ENABLE([certsigncb],
|
|
[AS_HELP_STRING([--enable-certsigncb],[Enable cert signing callback API for TPM/HSM (default: disabled)])],
|
|
[ ENABLED_CERTSIGNCB=$enableval ],
|
|
[ ENABLED_CERTSIGNCB=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CERTSIGNCB" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_SIGN_CB"
|
|
fi
|
|
|
|
|
|
# SEP
|
|
AC_ARG_ENABLE([sep],
|
|
[AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])],
|
|
[ ENABLED_SEP=$enableval ],
|
|
[ ENABLED_SEP=no ]
|
|
)
|
|
if test "$ENABLED_SEP" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEP -DKEEP_PEER_CERT"
|
|
fi
|
|
|
|
|
|
# HKDF
|
|
AC_ARG_ENABLE([hkdf],
|
|
[AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])],
|
|
[ ENABLED_HKDF=$enableval ],
|
|
[ ENABLED_HKDF=no ]
|
|
)
|
|
if test "$ENABLED_TLS13" = "yes"
|
|
then
|
|
ENABLED_HKDF="yes"
|
|
fi
|
|
if test "$ENABLED_HKDF" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
|
|
fi
|
|
|
|
|
|
# HPKE
|
|
AC_ARG_ENABLE([hpke],
|
|
[AS_HELP_STRING([--enable-hpke],[Enable HKPE support (default: disabled)])],
|
|
[ ENABLED_HPKE=$enableval ],
|
|
[ ENABLED_HPKE=no ]
|
|
)
|
|
if test "$ENABLED_HPKE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HPKE"
|
|
|
|
test "$enable_hkdf" = "" && enable_hkdf=yes
|
|
fi
|
|
|
|
# X9.63 KDF
|
|
AC_ARG_ENABLE([x963kdf],
|
|
[AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])],
|
|
[ ENABLED_X963KDF=$enableval ],
|
|
[ ENABLED_X963KDF=no ]
|
|
)
|
|
if test "$ENABLED_X963KDF" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
|
|
fi
|
|
|
|
# SRTP-KDF
|
|
AC_ARG_ENABLE([srtp-kdf],
|
|
[AS_HELP_STRING([--enable-srtp-kdf],[Enable SRTP-KDF support (default: disabled)])],
|
|
[ ENABLED_SRTP_KDF=$enableval ],
|
|
[ ENABLED_SRTP_KDF=no ]
|
|
)
|
|
|
|
# DSA
|
|
AC_ARG_ENABLE([dsa],
|
|
[AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])],
|
|
[ ENABLED_DSA=$enableval ],
|
|
[ ENABLED_DSA=no ]
|
|
)
|
|
|
|
if test "$enable_dsa" = "" && test "$enable_sha" != "no"
|
|
then
|
|
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
|
|
then
|
|
ENABLED_DSA="yes"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_DSA" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
|
|
else
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
# ECC Shamir
|
|
AC_ARG_ENABLE([eccshamir],
|
|
[AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled)])],
|
|
[ ENABLED_ECC_SHAMIR=$enableval ],
|
|
[ ENABLED_ECC_SHAMIR=yes ]
|
|
)
|
|
|
|
|
|
# ECC
|
|
AC_ARG_ENABLE([ecc],
|
|
[AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled)])],
|
|
[ ENABLED_ECC=$enableval ],
|
|
[ ENABLED_ECC=yes ]
|
|
)
|
|
|
|
# lean psk doesn't need ecc
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
ENABLED_ECC=no
|
|
fi
|
|
|
|
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes"
|
|
then
|
|
ENABLED_ECC="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_ECC" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC"
|
|
|
|
if test "$ENABLED_ECC_SHAMIR" = "yes" && test "$ENABLED_LOWRESOURCE" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
|
|
fi
|
|
|
|
if test "$ENABLED_ECC" = "nonblock"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK"
|
|
fi
|
|
|
|
if test "$ENABLED_FASTMATH" = "yes"
|
|
then
|
|
if test "$ENABLED_LOWRESOURCE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DTFM_ECC256"
|
|
fi
|
|
fi
|
|
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
|
|
# SM2
|
|
AC_ARG_ENABLE([sm2],
|
|
[AS_HELP_STRING([--enable-sm2],[Enable wolfSSL SM2 support (default: disabled)])],
|
|
[ ENABLED_SM2=$enableval ],
|
|
[ ENABLED_SM2=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SM2" = "yes"
|
|
then
|
|
if test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([Cannot enable SM2 without enabling ecc.])
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SM2 -DWOLFSSL_BASE16"
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
|
|
# ECC Custom Curves
|
|
AC_ARG_ENABLE([ecccustcurves],
|
|
[AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
|
|
[ ENABLED_ECCCUSTCURVES=$enableval ],
|
|
[ ENABLED_ECCCUSTCURVES=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WPAS_DPP" = "yes"
|
|
then
|
|
ENABLED_ECCCUSTCURVES="all"
|
|
fi
|
|
|
|
# ECC Minimum Key Size
|
|
AC_ARG_WITH([eccminsz],
|
|
[AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits non-FIPS / 192 bits with FIPS)])],
|
|
[ ENABLED_ECCMINSZ=$withval ],
|
|
[
|
|
if test "x$ENABLED_FIPS" = "xno"
|
|
then
|
|
ENABLED_ECCMINSZ=224
|
|
else
|
|
ENABLED_ECCMINSZ=192
|
|
fi
|
|
]
|
|
)
|
|
AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$ENABLED_ECCMINSZ"
|
|
|
|
# Compressed Key
|
|
AC_ARG_ENABLE([compkey],
|
|
[AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
|
|
[ ENABLED_COMPKEY=$enableval ],
|
|
[ ENABLED_COMPKEY=no ]
|
|
)
|
|
|
|
if (test "$ENABLED_WPAS" = "yes" || test "$ENABLED_OPENSSLALL" = "yes")
|
|
then
|
|
ENABLED_COMPKEY=yes
|
|
fi
|
|
|
|
|
|
# Brainpool (depends on _ECCCUSTCURVES)
|
|
if test "$ENABLED_ECCCUSTCURVES" != "no"
|
|
then
|
|
BRAINPOOL_DEFAULT=yes
|
|
else
|
|
BRAINPOOL_DEFAULT=no
|
|
fi
|
|
|
|
AC_ARG_ENABLE([brainpool],
|
|
[AS_HELP_STRING([--enable-brainpool],[Enable Brainpool ECC curves (default: enabled with ECC custom curves)])],
|
|
[ ENABLED_BRAINPOOL=$enableval ],
|
|
[ ENABLED_BRAINPOOL="$BRAINPOOL_DEFAULT" ]
|
|
)
|
|
|
|
if test "$ENABLED_BRAINPOOL" != "no"
|
|
then
|
|
if test "$ENABLED_ECCCUSTCURVES" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable Brainpool without enabling ecccustcurves.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_BRAINPOOL"
|
|
fi
|
|
|
|
|
|
# for using memory optimization setting on both curve25519 and ed25519
|
|
ENABLED_CURVE25519_SMALL=no
|
|
ENABLED_ED25519_SMALL=no
|
|
|
|
# CURVE25519
|
|
AC_ARG_ENABLE([curve25519],
|
|
[AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled). Set to "nonblock" to enable non-blocking support for key gen and shared secret])],
|
|
[ ENABLED_CURVE25519=$enableval ],
|
|
[ ENABLED_CURVE25519=no ]
|
|
)
|
|
|
|
# Handle curve25519 nonblock option - enable asynccrypt and asynccrypt-sw early
|
|
if test "$ENABLED_CURVE25519" = "nonblock"
|
|
then
|
|
test -z "$enable_asynccrypt" && enable_asynccrypt=yes
|
|
test -z "$enable_asynccrypt_sw" && enable_asynccrypt_sw=yes
|
|
fi
|
|
|
|
# Handle RSA/DH nonblock - the SP non-blocking dispatch wants the same
|
|
# WOLFSSL_ASYNC_CRYPT_SW shim that ECC/Curve25519 nonblock use so the
|
|
# TLS layer can manage per-SSL nb contexts and yield MP_WOULDBLOCK.
|
|
if test "$enable_rsa" = "nonblock" || test "$enable_dh" = "nonblock"
|
|
then
|
|
test -z "$enable_asynccrypt" && enable_asynccrypt=yes
|
|
test -z "$enable_asynccrypt_sw" && enable_asynccrypt_sw=yes
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" = "no" && test "$ENABLED_QUIC" = "yes" && test "$ENABLED_FIPS" = "no"
|
|
then
|
|
ENABLED_CURVE25519=yes
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" = "no" && test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno"
|
|
then
|
|
ENABLED_CURVE25519="yes"
|
|
fi
|
|
|
|
|
|
# ED25519
|
|
AC_ARG_ENABLE([ed25519],
|
|
[AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
|
|
[ ENABLED_ED25519=$enableval ],
|
|
[ ENABLED_ED25519=no ]
|
|
)
|
|
AC_ARG_ENABLE([ed25519-stream],
|
|
[AS_HELP_STRING([--enable-ed25519-stream],[Enable wolfSSL ED25519 support with streaming verify APIs (default: disabled)])],
|
|
[ ENABLED_ED25519_STREAM=$enableval ],
|
|
[ ENABLED_ED25519_STREAM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ED25519" = "no" && \
|
|
( (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
|
|
test "$ENABLED_CHRONY" = "yes")
|
|
then
|
|
ENABLED_ED25519="yes"
|
|
fi
|
|
|
|
# for using memory optimization setting on both curve448 and ed448
|
|
ENABLED_CURVE448_SMALL=no
|
|
ENABLED_ED448_SMALL=no
|
|
|
|
# CURVE448
|
|
AC_ARG_ENABLE([curve448],
|
|
[AS_HELP_STRING([--enable-curve448],[Enable Curve448 (default: disabled)])],
|
|
[ ENABLED_CURVE448=$enableval ],
|
|
[ ENABLED_CURVE448=no ]
|
|
)
|
|
|
|
# ED448
|
|
AC_ARG_ENABLE([ed448],
|
|
[AS_HELP_STRING([--enable-ed448],[Enable ED448 (default: disabled)])],
|
|
[ ENABLED_ED448=$enableval ],
|
|
[ ENABLED_ED448=no ]
|
|
)
|
|
AC_ARG_ENABLE([ed448-stream],
|
|
[AS_HELP_STRING([--enable-ed448-stream],[Enable wolfSSL ED448 support with streaming verify APIs (default: disabled)])],
|
|
[ ENABLED_ED448_STREAM=$enableval ],
|
|
[ ENABLED_ED448_STREAM=no ]
|
|
)
|
|
|
|
# FP ECC, Fixed Point cache ECC
|
|
AC_ARG_ENABLE([fpecc],
|
|
[AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
|
|
[ ENABLED_FPECC=$enableval ],
|
|
[ ENABLED_FPECC=no ]
|
|
)
|
|
|
|
if test "$ENABLED_FPECC" = "yes"
|
|
then
|
|
if test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
|
|
fi
|
|
|
|
|
|
# ECC encrypt
|
|
AC_ARG_ENABLE([eccencrypt],
|
|
[AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled). yes = SEC1 standard, geniv = Generate IV, iso18033 = ISO 18033 standard, old = original wolfSSL algorithm])],
|
|
[ ENABLED_ECC_ENCRYPT=$enableval ],
|
|
[ ENABLED_ECC_ENCRYPT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ECC_ENCRYPT" != "no"
|
|
then
|
|
if test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
|
|
fi
|
|
if test "$ENABLED_HKDF" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
|
|
if test "$ENABLED_ECC_ENCRYPT" = "old"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_OLD"
|
|
fi
|
|
if test "$ENABLED_ECC_ENCRYPT" = "iso18033"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_ISO18033"
|
|
fi
|
|
if test "$ENABLED_ECC_ENCRYPT" = "geniv"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_GEN_IV"
|
|
fi
|
|
fi
|
|
|
|
# Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)
|
|
AC_ARG_ENABLE([eccsi],
|
|
[AS_HELP_STRING([--enable-eccsi],[Enable ECCSI (default: disabled)])],
|
|
[ ENABLED_ECCSI=$enableval ],
|
|
[ ENABLED_ECCSI=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_ECCSI" = "xyes"
|
|
then
|
|
if test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([ECCSI requires ECC.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_ECCSI -DWOLFSSL_PUBLIC_MP"
|
|
fi
|
|
|
|
# Sakai-Kasahara Key Encryption (SAKKE) - pairing based crypto
|
|
AC_ARG_ENABLE([sakke],
|
|
[AS_HELP_STRING([--enable-sakke],[Enable SAKKE - paring based crypto (default: disabled)])],
|
|
[ ENABLED_SAKKE=$enableval ],
|
|
[ ENABLED_SAKKE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SAKKE" != "no" && test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([SAKKE requires ECC.])
|
|
fi
|
|
|
|
if test "x$ENABLED_SAKKE" = "xsmall"
|
|
then
|
|
ENABLED_SAKKE="yes"
|
|
ENABLED_SAKKE_SMALL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_SAKKE_SMALL"
|
|
fi
|
|
if test "x$ENABLED_SAKKE" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SAKKE"
|
|
fi
|
|
|
|
|
|
# PSK
|
|
AC_ARG_ENABLE([psk],
|
|
[AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])],
|
|
[ ENABLED_PSK=$enableval ],
|
|
[ ENABLED_PSK=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_MOSQUITTO" = "xyes"
|
|
then
|
|
ENABLED_PSK=yes
|
|
fi
|
|
|
|
# Single PSK identity
|
|
AC_ARG_ENABLE([psk-one-id],
|
|
[AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
|
|
[ ENABLED_PSK_ONE_ID=$enableval ],
|
|
[ ENABLED_PSK_ONE_ID=no ]
|
|
)
|
|
if test "$ENABLED_PSK_ONE_ID" = "yes"
|
|
then
|
|
if test "$ENABLED_PSK" = "no"
|
|
then
|
|
ENABLED_PSK="yes"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSK_ONE_ID"
|
|
fi
|
|
|
|
# Certificate Authentication with External PSK (RFC 8773bis)
|
|
AC_ARG_ENABLE([cert-with-extern-psk],
|
|
[AS_HELP_STRING([--enable-cert-with-extern-psk],[Enable Certificate Authentication with External PSKs for TLS 1.3 (default: disabled)])],
|
|
[ ENABLED_CERT_WITH_EXTERN_PSK=$enableval ],
|
|
[ ENABLED_CERT_WITH_EXTERN_PSK=no ]
|
|
)
|
|
if test "$ENABLED_CERT_WITH_EXTERN_PSK" = "yes"
|
|
then
|
|
if test "$ENABLED_TLS13" = "no"
|
|
then
|
|
AC_MSG_NOTICE([TLS 1.3 is disabled - disabling cert-with-extern-psk])
|
|
ENABLED_CERT_WITH_EXTERN_PSK="no"
|
|
elif test "$ENABLED_PSK" = "no"
|
|
then
|
|
AC_MSG_NOTICE([PSK is disabled - disabling cert-with-extern-psk])
|
|
ENABLED_CERT_WITH_EXTERN_PSK="no"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_WITH_EXTERN_PSK"
|
|
fi
|
|
fi
|
|
|
|
# ERROR STRINGS
|
|
AC_ARG_ENABLE([errorstrings],
|
|
[AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])],
|
|
[ ENABLED_ERROR_STRINGS=$enableval ],
|
|
[ ENABLED_ERROR_STRINGS=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_ERROR_STRINGS" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
|
|
else
|
|
# turn off error strings if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
|
|
ENABLED_ERROR_STRINGS=no
|
|
fi
|
|
fi
|
|
|
|
|
|
# ERROR QUEUE
|
|
AC_ARG_ENABLE([errorqueue],
|
|
[AS_HELP_STRING([--enable-errorqueue],[Disables adding nodes to error queue when compiled with OPENSSL_EXTRA (default: enabled)])],
|
|
[ ENABLED_ERROR_QUEUE=$enableval ],
|
|
[ ENABLED_ERROR_QUEUE=yes ]
|
|
)
|
|
|
|
|
|
# SSLv3
|
|
AC_ARG_ENABLE([sslv3],
|
|
[AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
|
|
[ ENABLED_SSLV3=$enableval ],
|
|
[ ENABLED_SSLV3=no]
|
|
)
|
|
|
|
if test "x$ENABLED_HAPROXY" = "xyes" && test "x$ENABLED_ALL" = "xno"
|
|
then
|
|
ENABLED_SSLV3="yes"
|
|
fi
|
|
if test "$ENABLED_CRYPTONLY" = "yes"
|
|
then
|
|
ENABLED_SSLV3=no
|
|
fi
|
|
|
|
if test "$ENABLED_SSLV3" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
|
|
fi
|
|
|
|
# TLSv1.0
|
|
AC_ARG_ENABLE([tlsv10],
|
|
[AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])],
|
|
[ ENABLED_TLSV10=$enableval ],
|
|
[ ENABLED_TLSV10=no ]
|
|
)
|
|
|
|
if test "$ENABLED_TLSV10" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10"
|
|
fi
|
|
|
|
|
|
# OLD TLS
|
|
AC_ARG_ENABLE([oldtls],
|
|
[AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: disabled)])],
|
|
[ ENABLED_OLD_TLS=$enableval ],
|
|
[ ENABLED_OLD_TLS=no ]
|
|
)
|
|
|
|
|
|
if test "$ENABLED_CRYPTONLY" = "yes" || test "x$ENABLED_HARDEN_TLS" != "xno" || \
|
|
test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
ENABLED_OLD_TLS=no
|
|
fi
|
|
|
|
# if SSL v3.0 or TLS v1.0 enabled, then allow "old tls". QT also requires it apparently
|
|
if test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_SSLV3" = "yes" || \
|
|
(test "$ENABLED_QT" = "yes" && test "x$ENABLED_ALL" = "xno")
|
|
then
|
|
ENABLED_OLD_TLS=yes
|
|
fi
|
|
|
|
if test "$ENABLED_OLD_TLS" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
|
|
fi
|
|
|
|
|
|
# TLSv1.2
|
|
AC_ARG_ENABLE([tlsv12],
|
|
[AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])],
|
|
[ ENABLED_TLSV12=$enableval ],
|
|
[ ENABLED_TLSV12=yes ]
|
|
)
|
|
|
|
# STACK SIZE info for testwolfcrypt and examples
|
|
AC_ARG_ENABLE([stacksize],
|
|
[AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],
|
|
[ ENABLED_STACKSIZE=$enableval ],
|
|
[ ENABLED_STACKSIZE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_STACKSIZE" != "no"
|
|
then
|
|
AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
|
|
AC_CHECK_DECL([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
|
|
AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
|
|
AC_CHECK_DECL([pthread_attr_setstack], [], [AC_MSG_ERROR(stacksize needs pthread_attr_setstack)], [[#include <pthread.h>]])
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE"
|
|
fi
|
|
|
|
if test "$ENABLED_STACKSIZE" = "verbose"
|
|
then
|
|
if test "$thread_ls_on" != "yes" && test "x$ENABLED_SINGLETHREADED" = "xno"
|
|
then
|
|
AC_MSG_ERROR(stacksize-verbose needs thread-local storage.)
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE_VERBOSE"
|
|
fi
|
|
|
|
|
|
# MEMORY
|
|
AC_ARG_ENABLE([memory],
|
|
[AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])],
|
|
[ ENABLED_MEMORY=$enableval ],
|
|
[ ENABLED_MEMORY=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_MEMORY" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
|
|
else
|
|
# turn off memory cb if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
# but don't turn on NO_WOLFSSL_MEMORY because using own
|
|
ENABLED_MEMORY=no
|
|
fi
|
|
fi
|
|
|
|
|
|
# MEMORY SIZE info
|
|
AC_ARG_ENABLE([trackmemory],
|
|
[AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])],
|
|
[ ENABLED_TRACKMEMORY=$enableval ],
|
|
[ ENABLED_TRACKMEMORY=no ]
|
|
)
|
|
|
|
if test "$ENABLED_TRACKMEMORY" != "no"
|
|
then
|
|
if test "$ENABLED_MEMORY" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY"
|
|
else
|
|
AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).])
|
|
fi
|
|
if test "$ENABLED_TRACKMEMORY" = "verbose"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY_VERBOSE"
|
|
fi
|
|
fi
|
|
|
|
# MEMORY usage logging
|
|
AC_ARG_ENABLE([memorylog],
|
|
[AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])],
|
|
[ ENABLED_MEMORYLOG=$enableval ],
|
|
[ ENABLED_MEMORYLOG=no ]
|
|
)
|
|
|
|
if test "$ENABLED_MEMORYLOG" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG"
|
|
fi
|
|
|
|
|
|
# STACK usage logging
|
|
AC_ARG_ENABLE([stacklog],
|
|
[AS_HELP_STRING([--enable-stacklog],[Enable stack logging (default: disabled)])],
|
|
[ ENABLED_STACKLOG=$enableval ],
|
|
[ ENABLED_STACKLOG=no ]
|
|
)
|
|
|
|
if test "$ENABLED_STACKLOG" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STACK_LOG -finstrument-functions"
|
|
fi
|
|
|
|
|
|
ENABLED_WOLFSENTRY=no
|
|
|
|
AC_ARG_WITH([wolfsentry],
|
|
[AS_HELP_STRING([--with-wolfsentry=PATH],[PATH to directory with wolfSentry installation])],
|
|
[WOLFSENTRY_INSTALLDIR=$withval],
|
|
[WOLFSENTRY_INSTALLDIR=""])
|
|
|
|
AC_ARG_WITH([wolfsentry-lib],
|
|
[AS_HELP_STRING([--with-wolfsentry-lib=PATH],[PATH to directory with wolfSentry library])],
|
|
[WOLFSENTRY_LIB=$withval],
|
|
[WOLFSENTRY_LIB=""])
|
|
|
|
AC_ARG_WITH([wolfsentry-include],
|
|
[AS_HELP_STRING([--with-wolfsentry-include=PATH],[PATH to directory with wolfSentry header files])],
|
|
[WOLFSENTRY_INCLUDE=$withval],
|
|
[WOLFSENTRY_INCLUDE=""])
|
|
|
|
if test -n "$WOLFSENTRY_INSTALLDIR" || test -n "$WOLFSENTRY_LIB" || test -n "$WOLFSENTRY_INCLUDE"
|
|
then
|
|
ENABLED_WOLFSENTRY=yes
|
|
fi
|
|
|
|
AC_ARG_ENABLE([wolfsentry],
|
|
[AS_HELP_STRING([--enable-wolfsentry],[Enable wolfSentry hooks and plugins (default: disabled)])],
|
|
[ ENABLED_WOLFSENTRY=$enableval ],
|
|
[ ]
|
|
)
|
|
|
|
if test "$WOLFSENTRY_LIB" = "" && test -n "$WOLFSENTRY_INSTALLDIR"
|
|
then
|
|
WOLFSENTRY_LIB="${WOLFSENTRY_INSTALLDIR}/lib"
|
|
fi
|
|
|
|
if test "$WOLFSENTRY_INCLUDE" = "" && test -n "$WOLFSENTRY_INSTALLDIR"
|
|
then
|
|
WOLFSENTRY_INCLUDE="${WOLFSENTRY_INSTALLDIR}/include"
|
|
fi
|
|
|
|
if test -n "$WOLFSENTRY_LIB"
|
|
then
|
|
AC_MSG_CHECKING([for $WOLFSENTRY_LIB])
|
|
if ! test -d "$WOLFSENTRY_LIB"
|
|
then
|
|
AC_MSG_ERROR([wolfSentry lib dir $WOLFSENTRY_LIB not found.])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
WOLFSENTRY_LIB="-L$WOLFSENTRY_LIB"
|
|
fi
|
|
|
|
if test -n "$WOLFSENTRY_INCLUDE"
|
|
then
|
|
AC_MSG_CHECKING([for $WOLFSENTRY_INCLUDE])
|
|
if ! test -d "$WOLFSENTRY_INCLUDE"
|
|
then
|
|
AC_MSG_ERROR([wolfSentry include dir $WOLFSENTRY_INCLUDE not found.])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
WOLFSENTRY_INCLUDE="-I$WOLFSENTRY_INCLUDE"
|
|
fi
|
|
|
|
if test "$ENABLED_WOLFSENTRY" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS"
|
|
if test "$ENABLED_OPENSSLEXTRA" = "no"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
WOLFSENTRY_LIB="$WOLFSENTRY_LIB -lwolfsentry"
|
|
fi
|
|
|
|
AC_SUBST([WOLFSENTRY_LIB])
|
|
AC_SUBST([WOLFSENTRY_INCLUDE])
|
|
|
|
|
|
if test "$ENABLED_QT" = "yes"
|
|
then
|
|
# Requires opensslextra and opensslall
|
|
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL -DHAVE_EX_DATA"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QT -DSESSION_CERTS -DOPENSSL_NO_SSL2"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DHAVE_EX_DATA"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
|
|
if test "x$ENABLED_ALL" = "xno"; then
|
|
# Don't enable old SSL/TLS for --enable-all, which is used by distro
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3 -DWOLFSSL_ALLOW_TLSV10"
|
|
fi
|
|
|
|
# Requires OCSP make sure on
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
|
|
# Requires PSK make sure on
|
|
if test "x$ENABLED_PSK" = "xno"
|
|
then
|
|
ENABLED_PSK="yes"
|
|
fi
|
|
|
|
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
|
|
test "$enable_arc4" = "" && enable_arc4=yes
|
|
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
|
|
# requires oldnames disabled
|
|
enable_oldnames=no
|
|
fi
|
|
|
|
AC_ARG_ENABLE([qt-test],
|
|
[AS_HELP_STRING([--enable-qt-test],[Enable qt tests (default: disabled)])],
|
|
[ ENABLED_QT_TEST=$enableval ],
|
|
[ ENABLED_QT_TEST=no ]
|
|
)
|
|
|
|
if test "$ENABLED_QT_TEST" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3 -DWOLFSSL_STATIC_RSA"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_PSK"
|
|
fi
|
|
|
|
# RSA
|
|
AC_ARG_ENABLE([rsa],
|
|
[AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled). Set to "nonblock" to enable non-blocking RSA via TFM fp_exptmod_nb or SP small mod_exp_nb])],
|
|
[ ENABLED_RSA=$enableval ],
|
|
[ ENABLED_RSA=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_RSA" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
|
|
elif test "$ENABLED_RSA" = "nonblock"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NONBLOCK"
|
|
ENABLED_RSA=yes
|
|
ENABLED_CERTS=yes
|
|
# asynccrypt + asynccrypt-sw are auto-enabled earlier in this file when
|
|
# --enable-rsa=nonblock is detected, so the TLS layer can pick up the
|
|
# per-SSL nb context and yield MP_WOULDBLOCK. RSA_LOW_MEM is left as a
|
|
# user choice - the SP non-block backend's compile-time check in
|
|
# wolfssl/wolfcrypt/rsa.h enforces it for SP, while the TFM (fastmath)
|
|
# backend supports the CRT path without it.
|
|
else
|
|
# turn off RSA if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
|
|
ENABLED_RSA=no
|
|
else
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
fi
|
|
|
|
AC_ARG_ENABLE([oaep],
|
|
[AS_HELP_STRING([--enable-oaep],[Enable RSA OAEP (default: enabled)])],
|
|
[ ENABLED_OAEP=$enableval ],
|
|
[ ENABLED_OAEP=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_OAEP" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RSA_OAEP"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([rsapub],
|
|
[AS_HELP_STRING([--enable-rsapub],[Enable RSA Public Only (default: disabled)])],
|
|
[ ENABLED_RSAPUB=$enableval ],
|
|
[ ENABLED_RSAPUB=no ]
|
|
)
|
|
|
|
if test "$ENABLED_RSAPUB" = "yes"
|
|
then
|
|
if test "$ENABLED_RSA" = "no"
|
|
then
|
|
ENABLED_RSA="yes"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([rsavfy],
|
|
[AS_HELP_STRING([--enable-rsavfy],[Enable RSA Verify Inline Only (default: disabled)])],
|
|
[ ENABLED_RSAVFY=$enableval ],
|
|
[ ENABLED_RSAVFY=no ]
|
|
)
|
|
|
|
if test "$ENABLED_RSAVFY" = "yes"
|
|
then
|
|
if test "$ENABLED_RSA" = "no"
|
|
then
|
|
ENABLED_RSA="yes"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_ONLY"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_VERIFY_INLINE -DNO_SIG_WRAPPER"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CHECK_PRIVATE_KEY"
|
|
fi
|
|
|
|
|
|
# RSA-PSS
|
|
AC_ARG_ENABLE([rsapss],
|
|
[ --enable-rsapss Enable RSA-PSS (default: disabled)],
|
|
[ ENABLED_RSAPSS=$enableval ],
|
|
[ ENABLED_RSAPSS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_RSA" = "no"
|
|
then
|
|
ENABLED_RSAPSS="no"
|
|
else
|
|
if test "$ENABLED_TLS13" = "yes"
|
|
then
|
|
ENABLED_RSAPSS="yes"
|
|
fi
|
|
fi
|
|
if test "$ENABLED_RSAPSS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"
|
|
fi
|
|
|
|
|
|
# DH
|
|
AC_ARG_ENABLE([dh],
|
|
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled). Set to "nonblock" to enable non-blocking DH key agreement via SP small mod_exp_nb])],
|
|
[ ENABLED_DH=$enableval ],
|
|
[ ENABLED_DH=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_OPENSSH" = "yes" && test "$ENABLED_DH" = "no"
|
|
then
|
|
ENABLED_DH="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_DH" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
|
|
elif test "$ENABLED_DH" = "nonblock"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_DH_NONBLOCK"
|
|
ENABLED_DH=yes
|
|
# asynccrypt + asynccrypt-sw are auto-enabled earlier in this file.
|
|
else
|
|
# turn off DH if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
|
|
ENABLED_DH=no
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_DH" = "const"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST"
|
|
fi
|
|
|
|
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_DH" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
|
|
fi
|
|
|
|
|
|
# Anonymous
|
|
AC_ARG_ENABLE([anon],
|
|
[AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
|
|
[ ENABLED_ANON=$enableval ],
|
|
[ ENABLED_ANON=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
|
|
test "x$ENABLED_HAPROXY" = "xyes" || test "$ENABLED_RSYSLOG" = "yes"
|
|
then
|
|
ENABLED_ANON=yes
|
|
fi
|
|
if test "x$ENABLED_ANON" = "xyes"
|
|
then
|
|
if test "$ENABLED_DH" = "no"
|
|
then
|
|
AC_MSG_ERROR([Anonymous suite requires DH.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
|
|
fi
|
|
|
|
|
|
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \
|
|
test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no"
|
|
then
|
|
AC_MSG_ERROR([please disable rsa if disabling asn.])
|
|
fi
|
|
|
|
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
|
|
then
|
|
AC_MSG_ERROR([please disable dsa if disabling asn.])
|
|
fi
|
|
|
|
# No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint)
|
|
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \
|
|
test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \
|
|
test "$ENABLED_RSA" = "no" && test "$ENABLED_OPENSSLEXTRA" = "no" && \
|
|
test "$ENABLED_OPENSSLALL" = "yes"
|
|
then
|
|
ENABLED_SP_MATH_ALL="no"
|
|
ENABLED_FASTMATH="no"
|
|
ENABLED_HEAPMATH="no"
|
|
ENABLED_BIGNUM="no"
|
|
else
|
|
ENABLED_BIGNUM="yes"
|
|
fi
|
|
|
|
case $host_os in
|
|
*linux* | *darwin* | *freebsd*)
|
|
DEF_ASN_PRINT="yes"
|
|
;;
|
|
*)
|
|
DEF_ASN_PRINT="no"
|
|
;;
|
|
esac
|
|
|
|
AC_ARG_ENABLE([asn-print],
|
|
[AS_HELP_STRING([--enable-asn-print],[Enable ASN Print API (default: enabled)])],
|
|
[ ENABLED_ASN_PRINT=$enableval ],
|
|
[ ENABLED_ASN_PRINT=$DEF_ASN_PRINT ]
|
|
)
|
|
|
|
if test "$ENABLED_ASN_PRINT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_PRINT"
|
|
fi
|
|
|
|
|
|
# AES
|
|
AC_ARG_ENABLE([aes],
|
|
[AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])],
|
|
[ ENABLED_AES=$enableval ],
|
|
[ ENABLED_AES=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_AES" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
|
|
if test "$ENABLED_FORTRESS" = "yes"
|
|
then
|
|
AC_MSG_ERROR([fortress requires aes])
|
|
fi
|
|
if test "$ENABLED_ECC_ENCRYPT" = "yes"
|
|
then
|
|
AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
|
|
fi
|
|
if test "$ENABLED_AESGCM" != "no"
|
|
then
|
|
AC_MSG_ERROR([AESGCM requires AES.])
|
|
fi
|
|
if test "$ENABLED_AESCCM" = "yes"
|
|
then
|
|
AC_MSG_ERROR([AESCCM requires AES.])
|
|
fi
|
|
if test "$ENABLED_AESCTR" = "yes"
|
|
then
|
|
AC_MSG_ERROR([AESCTR requires AES.])
|
|
fi
|
|
else
|
|
# turn off AES if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
|
|
ENABLED_AES=no
|
|
fi
|
|
fi
|
|
|
|
# DTLSv1.3
|
|
AC_ARG_ENABLE([dtls13],
|
|
[AS_HELP_STRING([--enable-dtls13],[Enable wolfSSL DTLS v1.3 (default: disabled)])],
|
|
[ ENABLED_DTLS13=$enableval ],
|
|
[ ENABLED_DTLS13=no ]
|
|
)
|
|
if test "x$ENABLED_DTLS13" = "xyes"
|
|
then
|
|
# DTLSv1.3 implies TLS 1.3 and DTLS; auto-enable, but don't
|
|
# override explicit --disable.
|
|
if test "x$enable_tls13" = "xno" || test "x$ENABLED_TLS13" = "xno"
|
|
then
|
|
AC_MSG_ERROR([--enable-dtls13 requires TLS 1.3, but TLS 1.3 is disabled])
|
|
fi
|
|
if test "x$ENABLED_TLS13" != "xyes"
|
|
then
|
|
AC_MSG_NOTICE([DTLSv1.3 is enabled, enabling TLS 1.3])
|
|
ENABLED_TLS13=yes
|
|
fi
|
|
if test "x$enable_dtls" = "xno"
|
|
then
|
|
AC_MSG_ERROR([--enable-dtls13 requires DTLS, but --disable-dtls was given])
|
|
fi
|
|
if test "x$ENABLED_DTLS" != "xyes"
|
|
then
|
|
AC_MSG_NOTICE([DTLSv1.3 is enabled, enabling DTLS])
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
|
|
ENABLED_DTLS=yes
|
|
fi
|
|
if test "x$ENABLED_SEND_HRR_COOKIE" = "xundefined"
|
|
then
|
|
AC_MSG_NOTICE([DTLSv1.3 is enabled, enabling HRR cookie])
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
|
|
ENABLED_SEND_HRR_COOKIE="yes"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS13 -DWOLFSSL_W64_WRAPPER"
|
|
if test "x$ENABLED_AES" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
fi
|
|
|
|
# DTLS CID support
|
|
AC_ARG_ENABLE([dtlscid],
|
|
[AS_HELP_STRING([--enable-dtlscid],[Enable wolfSSL DTLS ConnectionID (default: disabled)])],
|
|
[ ENABLED_DTLS_CID=$enableval ],
|
|
[ ENABLED_DTLS_CID=no ]
|
|
)
|
|
if test "x$ENABLED_DTLS_CID" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CID"
|
|
fi
|
|
|
|
# DTLS 1.3 Fragment Second ClientHello
|
|
AC_ARG_ENABLE([dtls-frag-ch],
|
|
[AS_HELP_STRING([--enable-dtls-frag-ch],[Enable wolfSSL DTLS 1.3 ClientHello fragmenting (default: disabled)])],
|
|
[ ENABLED_DTLS_CH_FRAG=$enableval ],
|
|
[ ENABLED_DTLS_CH_FRAG=no ]
|
|
)
|
|
if test "x$ENABLED_DTLS_CH_FRAG" = "xyes"
|
|
then
|
|
if test "x$ENABLED_DTLS13" != "xyes"
|
|
then
|
|
AC_MSG_ERROR([You need to enable DTLSv1.3 to use DTLS ClientHello fragmenting])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG"
|
|
fi
|
|
|
|
# When MLKEM and DTLS 1.3 are both enabled, DTLS ClientHello fragmenting is
|
|
# required (PQC keys in ClientHello can exceed MTU), so enable it automatically.
|
|
if test "x$ENABLED_MLKEM" != "xno" && test "x$ENABLED_DTLS13" = "xyes" && test "x$ENABLED_DTLS_CH_FRAG" != "xyes"
|
|
then
|
|
AC_MSG_NOTICE([MLKEM and DTLS 1.3 are enabled; enabling DTLS ClientHello fragmenting])
|
|
ENABLED_DTLS_CH_FRAG=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG"
|
|
fi
|
|
|
|
# CODING
|
|
AC_ARG_ENABLE([coding],
|
|
[AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
|
|
[ ENABLED_CODING=$enableval ],
|
|
[ ENABLED_CODING=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_CODING" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
|
|
else
|
|
# turn off CODING if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
|
|
ENABLED_CODING=no
|
|
fi
|
|
fi
|
|
|
|
|
|
# Base64 Encode
|
|
BASE64ENCODE_DEFAULT=no
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"
|
|
then
|
|
BASE64ENCODE_DEFAULT=yes
|
|
fi
|
|
AC_ARG_ENABLE([base64encode],
|
|
[AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64/amd64)])],
|
|
[ ENABLED_BASE64ENCODE=$enableval ],
|
|
[ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
|
|
)
|
|
if test "$ENABLED_BASE64ENCODE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
|
|
fi
|
|
|
|
|
|
# Base16
|
|
AC_ARG_ENABLE([base16],
|
|
[AS_HELP_STRING([--enable-base16],[Enable Base16 encoding/decoding (default: disabled)])],
|
|
[ ENABLED_BASE16=$enableval ],
|
|
[ ENABLED_BASE16=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CAAM" = "qnx"
|
|
then
|
|
ENABLED_BASE16=yes
|
|
fi
|
|
|
|
if test "$ENABLED_BASE16" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE16"
|
|
fi
|
|
|
|
|
|
# MD4
|
|
AC_ARG_ENABLE([md4],
|
|
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
|
|
[ ENABLED_MD4=$enableval ],
|
|
[ ENABLED_MD4=no ]
|
|
)
|
|
|
|
|
|
# DES3
|
|
AC_ARG_ENABLE([des3],
|
|
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
|
|
[ ENABLED_DES3=$enableval ],
|
|
[ ENABLED_DES3=no ]
|
|
)
|
|
|
|
# Enable 3DES for various metafeatures, unless FIPS 140-3
|
|
if (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2) && \
|
|
(test "$ENABLED_OPENSSH" = "yes" || \
|
|
test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
|
|
test "$ENABLED_WPAS" != "no" || test "$ENABLED_NETSNMP" = "yes" || \
|
|
test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_KRB" = "yes" || \
|
|
test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_STRONGSWAN" = "yes")
|
|
then
|
|
ENABLED_DES3="yes"
|
|
fi
|
|
|
|
# DES3 TLS suites
|
|
AC_ARG_ENABLE([des3-tls-suites],
|
|
[AS_HELP_STRING([--enable-des3-tls-suites],[Enable DES3 TLS cipher suites (default: disabled)])],
|
|
[ ENABLED_DES3_TLS_SUITES=$enableval ],
|
|
[ ENABLED_DES3_TLS_SUITES=no ]
|
|
)
|
|
|
|
# ARC4
|
|
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
|
|
test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes"
|
|
then
|
|
# Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
|
|
test "$enable_arc4" = "" && enable_arc4=yes
|
|
fi
|
|
|
|
AC_ARG_ENABLE([arc4],
|
|
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
|
|
[ ENABLED_ARC4=$enableval ],
|
|
[ ENABLED_ARC4=no ]
|
|
)
|
|
|
|
# MD5
|
|
AC_ARG_ENABLE([md5],
|
|
[AS_HELP_STRING([--enable-md5],[Enable MD5 (default: disabled)])],
|
|
[ ENABLED_MD5=$enableval ],
|
|
[ ENABLED_MD5=no ]
|
|
)
|
|
|
|
# Options that require MD5
|
|
if test "$ENABLED_WPAS" = "yes" || test "$ENABLED_HAPROXY" = "yes" || \
|
|
test "$ENABLED_KRB" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \
|
|
test "$ENABLED_NGINX" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \
|
|
test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
|
|
test "$ENABLED_TLSV10" = "yes" || test "$ENABLED_OLD_TLS" = "yes" || \
|
|
test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_LIGHTY" = "yes" || \
|
|
test "$ENABLED_DES3" = "yes" || test "$ENABLED_BUMP" = "yes" || \
|
|
test "$ENABLED_OPENSSLALL" = "yes"
|
|
then
|
|
ENABLED_MD5=yes
|
|
fi
|
|
|
|
# SHA
|
|
AC_ARG_ENABLE([sha],
|
|
[AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])],
|
|
[ ENABLED_SHA=$enableval ],
|
|
[ ENABLED_SHA=yes ]
|
|
)
|
|
if test "$ENABLED_SHA" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
|
|
else
|
|
# turn off SHA if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
|
|
ENABLED_SHA=no
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_SHA" = "no" && test "$ENABLED_DSA" != "no"
|
|
then
|
|
AC_MSG_ERROR([please disable DSA if disabling SHA-1.])
|
|
fi
|
|
|
|
|
|
# SipHash
|
|
AC_ARG_ENABLE([siphash],
|
|
[AS_HELP_STRING([--enable-siphash],[Enable SipHash (default: disabled)])],
|
|
[ ENABLED_SIPHASH=$enableval ],
|
|
[ ENABLED_SIPHASH=no ]
|
|
)
|
|
|
|
AS_IF([test "x$ENABLED_SIPHASH" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIPHASH"])
|
|
|
|
AC_ARG_ENABLE([cmac-kdf],
|
|
[AS_HELP_STRING([--enable-cmac-kdf],[Enables cmac-kdf support (default: disabled)])],
|
|
[ ENABLED_CMAC_KDF=$enableval ],
|
|
[ ENABLED_CMAC_KDF=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CMAC_KDF" = "yes"
|
|
then
|
|
if test "$ENABLED_KDF" != "yes"
|
|
then
|
|
AC_MSG_ERROR([enable-cmac-kdf requires --enable-kdf])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CMAC_KDF"
|
|
fi
|
|
|
|
# CMAC
|
|
AC_ARG_ENABLE([cmac],
|
|
[AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
|
|
[ ENABLED_CMAC=$enableval ],
|
|
[ ENABLED_CMAC=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_AESEAX" = "yes" || test "$ENABLED_CMAC_KDF" = "yes"
|
|
then
|
|
ENABLED_CMAC=yes
|
|
fi
|
|
|
|
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
|
|
|
|
# SHE (Secure Hardware Extension) key update message generation
|
|
# --enable-she=standard: standard SHE support
|
|
# --enable-she=extended: standard + extended overrides (custom KDF/headers)
|
|
AC_ARG_ENABLE([she],
|
|
[AS_HELP_STRING([--enable-she@<:@=standard|extended@:>@],
|
|
[Enable SHE key update support (default: disabled)])],
|
|
[ ENABLED_SHE=$enableval ],
|
|
[ ENABLED_SHE=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SHE" = "xstandard" || test "x$ENABLED_SHE" = "xextended"
|
|
then
|
|
if test "$ENABLED_AESCBC" = "no"
|
|
then
|
|
AC_MSG_ERROR([SHE requires AES-CBC. Cannot use --disable-aescbc with --enable-she.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHE -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"
|
|
ENABLED_CMAC=yes
|
|
ENABLED_AESCBC=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_SHE" = "xextended"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHE_EXTENDED"
|
|
fi
|
|
|
|
# AES-XTS
|
|
AC_ARG_ENABLE([aesxts],
|
|
[AS_HELP_STRING([--enable-aesxts],[Enable AES XTS (default: disabled)])],
|
|
[ ENABLED_AESXTS=$enableval ],
|
|
[ ENABLED_AESXTS=no ]
|
|
)
|
|
|
|
AS_IF([test "$ENABLED_AESXTS" = "yes" && test "$ENABLED_ARMASM" = "no"],
|
|
[ ENABLED_AESXTS_STREAM_DEFAULT=yes ],
|
|
[ ENABLED_AESXTS_STREAM_DEFAULT=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([aesxts-stream],
|
|
[AS_HELP_STRING([--enable-aesxts-stream],[Enable wolfSSL AES-XTS support with streaming APIs (default: disabled)])],
|
|
[ ENABLED_AESXTS_STREAM=$enableval ],
|
|
[ ENABLED_AESXTS_STREAM=$ENABLED_AESXTS_STREAM_DEFAULT ]
|
|
)
|
|
|
|
# legacy old option name, for compatibility:
|
|
AC_ARG_ENABLE([xts],
|
|
[AS_HELP_STRING([--enable-xts],[Please use --enable-aesxts])],
|
|
[ ENABLED_AESXTS=$enableval ]
|
|
)
|
|
|
|
# AES-CTS
|
|
AC_ARG_ENABLE([aescts],
|
|
[AS_HELP_STRING([--enable-aescts],[Enable AES CTS (default: disabled)])],
|
|
[ ENABLED_AESCTS=$enableval ],
|
|
[ ENABLED_AESCTS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESCTS" = "yes"
|
|
then
|
|
if test "$ENABLED_AESCBC" = "no"
|
|
then
|
|
AC_MSG_ERROR([AES CTS requires AES CBC.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CTS"
|
|
fi
|
|
|
|
# Web Server Build
|
|
AC_ARG_ENABLE([webserver],
|
|
[AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
|
|
[ ENABLED_WEBSERVER=$enableval ],
|
|
[ ENABLED_WEBSERVER=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WEBSERVER" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
|
|
fi
|
|
|
|
# Web Client Build (HTTP Client)
|
|
AC_ARG_ENABLE([webclient],
|
|
[AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])],
|
|
[ ENABLED_WEBCLIENT=$enableval ],
|
|
[ ENABLED_WEBCLIENT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WEBCLIENT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT"
|
|
fi
|
|
|
|
# RC2
|
|
AC_ARG_ENABLE([rc2],
|
|
[AS_HELP_STRING([--enable-rc2],[Enable RC2 encryption (default: disabled)])],
|
|
[ ENABLED_RC2=$enableval ],
|
|
[ ENABLED_RC2=no ]
|
|
)
|
|
|
|
if test "$ENABLED_RC2" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RC2"
|
|
fi
|
|
|
|
# CUDA
|
|
AC_ARG_ENABLE([cuda],
|
|
[AS_HELP_STRING([--enable-cuda],[Enable NVidia CUDA support (default: disabled)])],
|
|
[ ENABLED_CUDA=$enableval ],
|
|
[ ENABLED_CUDA=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CUDA" = "yes"
|
|
then
|
|
CC=nvcc
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_CUDA -DHAVE_CUDA"
|
|
fi
|
|
|
|
# Certificate Service Support (CFLAG sections later) keep above FIPS section
|
|
AC_ARG_ENABLE([certservice],
|
|
[AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
|
|
[ ENABLED_CERT_SERVICE=$enableval ],
|
|
[ ENABLED_CERT_SERVICE=no ]
|
|
)
|
|
|
|
# PWDBASED (CFLAG sections later) keep above FIPS section
|
|
AC_ARG_ENABLE([pwdbased],
|
|
[AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
|
|
[ ENABLED_PWDBASED=$enableval ],
|
|
[ ENABLED_PWDBASED=no ]
|
|
)
|
|
|
|
# MemUse Entropy
|
|
# wolfEntropy Software Jitter SP800-90B certifiable entropy source
|
|
|
|
if test "$KERNEL_MODE_DEFAULTS" = "yes" && \
|
|
test "$ENABLED_AMDRDSEED" != "yes" && \
|
|
test "$ENABLED_INTELRDRAND" != "yes" && \
|
|
test "$ENABLED_INTELRDSEED" != "yes"
|
|
then
|
|
ENABLED_ENTROPY_MEMUSE_DEFAULT=yes
|
|
else
|
|
ENABLED_ENTROPY_MEMUSE_DEFAULT=no
|
|
fi
|
|
|
|
AC_ARG_ENABLE([wolfEntropy],
|
|
[AS_HELP_STRING([--enable-wolfEntropy],[Enable memuse entropy support (default: disabled)])],
|
|
[ ENABLED_ENTROPY_MEMUSE=$enableval ],
|
|
[ ENABLED_ENTROPY_MEMUSE=$ENABLED_ENTROPY_MEMUSE_DEFAULT ]
|
|
)
|
|
AC_ARG_ENABLE([wolfentropy],
|
|
[AS_HELP_STRING([--enable-wolfentropy],[Alias for --enable-wolfEntropy])],
|
|
[ ENABLED_ENTROPY_MEMUSE=$enableval ],
|
|
)
|
|
AC_ARG_ENABLE([entropy-memuse],
|
|
[AS_HELP_STRING([--enable-entropy-memuse],[Alias for --enable-wolfEntropy])],
|
|
[ ENABLED_ENTROPY_MEMUSE=$enableval ]
|
|
)
|
|
|
|
# AES key wrap
|
|
AC_ARG_ENABLE([aeskeywrap],
|
|
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
|
|
[ ENABLED_AESKEYWRAP=$enableval ],
|
|
[ ENABLED_AESKEYWRAP=no ]
|
|
)
|
|
|
|
# FIPS feature and macro setup
|
|
|
|
AS_CASE([$FIPS_VERSION],
|
|
[v7|ready|dev],[ # FIPS 140-3 PQ-FS
|
|
|
|
AS_IF([test "$FIPS_VERSION" = "dev"],
|
|
ENABLED_FIPS_DEV=yes
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"])
|
|
AS_IF([test "$FIPS_VERSION" = "ready" || test "$FIPS_VERSION" = "v7"],
|
|
ENABLED_FIPS_READY=yes
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"])
|
|
|
|
AM_CFLAGS="$AM_CFLAGS \
|
|
-DHAVE_FIPS \
|
|
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
|
|
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
|
|
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
|
|
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
|
|
-DHAVE_ECC_CDH \
|
|
-DWC_RSA_NO_PADDING \
|
|
-DECC_USER_CURVES \
|
|
-DHAVE_ECC384 \
|
|
-DHAVE_ECC521 \
|
|
-DWOLFSSL_VALIDATE_FFC_IMPORT \
|
|
-DHAVE_FFDHE_Q \
|
|
-DHAVE_FFDHE_3072 \
|
|
-DHAVE_FFDHE_4096 \
|
|
-DHAVE_FFDHE_6144 \
|
|
-DHAVE_FFDHE_8192"
|
|
|
|
# KCAPI API does not support custom k for sign, don't force enable ECC key sizes and don't use seed callback
|
|
AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
|
|
[AM_CFLAGS="$AM_CFLAGS \
|
|
-DWC_RNG_SEED_CB \
|
|
-DWOLFSSL_ECDSA_SET_K \
|
|
-DWOLFSSL_VALIDATE_ECC_IMPORT \
|
|
-DWOLFSSL_VALIDATE_ECC_KEYGEN \
|
|
-DHAVE_ECC192 \
|
|
-DHAVE_ECC224 \
|
|
-DHAVE_ECC256"])
|
|
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
|
|
# optimizations section
|
|
|
|
# protocol section
|
|
AS_IF([test "$ENABLED_WOLFSSH" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")],
|
|
[enable_ssh="yes"])
|
|
|
|
AS_IF([test "$ENABLED_HKDF" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_hkdf" != "no")],
|
|
[ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
|
|
|
AS_IF([test "x$ENABLED_PWDBASED" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_pwdbased" != "no")],
|
|
[ENABLED_PWDBASED="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_PBKDF2 -DHAVE_AESGCM"])
|
|
|
|
AS_IF([test "x$ENABLED_SRTP" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_srtp" != "no")],
|
|
[ENABLED_SRTP="yes"])
|
|
AS_IF([test "x$ENABLED_SRTP_KDF" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_srtp_kdf" != "no")],
|
|
[ENABLED_SRTP_KDF="yes"])
|
|
|
|
# public key section
|
|
AS_IF([test "$ENABLED_KEYGEN" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
|
|
[ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
|
|
|
|
# AS_IF([test "$ENABLED_COMPKEY" != "yes" &&
|
|
# (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
|
|
# [ENABLED_COMPKEY="yes"])
|
|
|
|
AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")],
|
|
[ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
|
|
|
|
AS_IF([test "$ENABLED_ECC" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")],
|
|
[ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
|
|
AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
|
|
|
|
AS_IF([test "$ENABLED_ED25519" = "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed25519" != "no")],
|
|
[ENABLED_ED25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT"])
|
|
|
|
AS_IF([test "$ENABLED_CURVE25519" != "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_curve25519" = "")],
|
|
[ENABLED_CURVE25519="no"; AM_CFLAGS="$AM_CFLAGS"])
|
|
|
|
AS_IF([test "x$ENABLED_ED448" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed448" != "no")],
|
|
[ENABLED_ED448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT"])
|
|
|
|
AS_IF([test "$ENABLED_CURVE448" != "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_curve448" = "")],
|
|
[ENABLED_CURVE448="no"; AM_CFLAGS="$AM_CFLAGS"])
|
|
|
|
AS_IF([test "x$ENABLED_ED25519_STREAM" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed25519_stream" != "no")],
|
|
[ENABLED_ED25519_STREAM="yes"])
|
|
AS_IF([test "x$ENABLED_ED448_STREAM" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed448_stream" != "no")],
|
|
[ENABLED_ED448_STREAM="yes"])
|
|
|
|
AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" &&
|
|
test "$FIPS_VERSION" != "dev"],
|
|
[AC_MSG_WARN([Forcing off ecccustcurves for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_ECCCUSTCURVES="no"])
|
|
|
|
# Hashing section
|
|
AS_IF([test "x$ENABLED_SHA3" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_sha3" != "no")],
|
|
[ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
|
|
|
|
AS_IF([test "$ENABLED_SHA224" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")],
|
|
[ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
|
|
|
|
AS_IF([test "$ENABLED_SHA512" = "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_sha512" != "no")],
|
|
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
|
|
|
# SHA512-224 and SHA512-256 enabled for FIPS v7+ (needed for ML-DSA
|
|
# HashML-DSA ACVP test vectors with SHA2-512/224 and SHA2-512/256)
|
|
|
|
# Shake128 because we're testing SHAKE256
|
|
AS_IF([test "x$ENABLED_SHAKE128" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_shake128" != "no")],
|
|
[ENABLED_SHAKE128="yes"])
|
|
|
|
# Shake256 mandated for ED448
|
|
AS_IF([test "x$ENABLED_SHAKE256" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_shake256" != "no")],
|
|
[ENABLED_SHAKE256="yes"])
|
|
|
|
# Aes section
|
|
AS_IF([test "$ENABLED_AESCCM" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")],
|
|
[ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
|
|
|
AS_IF([test "$ENABLED_AESCTR" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesctr" != "no")],
|
|
[ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
|
|
|
|
AS_IF([test "$ENABLED_CMAC" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_cmac" != "no")],
|
|
[ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
|
|
|
|
AS_IF([test "$ENABLED_AESGCM" = "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
|
|
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
|
|
|
|
AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no")],
|
|
[ENABLED_AESGCM_STREAM="yes"])
|
|
|
|
AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesofb" != "no")],
|
|
[ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])
|
|
|
|
AS_IF([test "x$ENABLED_AESCFB" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aescfb" != "no")],
|
|
[ENABLED_AESCFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"])
|
|
|
|
AS_IF([test "x$ENABLED_AESXTS" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesxts" != "no")],
|
|
[ENABLED_AESXTS="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS"])
|
|
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
|
|
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
|
|
|
|
AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no")],
|
|
[ENABLED_AESXTS_STREAM="yes"])
|
|
|
|
AS_IF([(test "$ENABLED_AESCCM" != "no" && test "$HAVE_AESCCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESCTR" != "no" && test "$HAVE_AESCTR_PORT" != "yes") ||
|
|
(test "$ENABLED_AESGCM" != "no" && test "$HAVE_AESGCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESOFB" != "no" && test "$HAVE_AESOFB_PORT" != "yes")],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
|
|
|
|
AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aeskeywrap" != "no")],
|
|
[ENABLED_AESKEYWRAP="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP"])
|
|
|
|
# Post-Quantum section
|
|
AS_IF([test "$ENABLED_MLKEM" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_mlkem" != "no")],
|
|
[ENABLED_MLKEM="yes"
|
|
ENABLED_MLKEM512="yes"
|
|
ENABLED_MLKEM768="yes"
|
|
ENABLED_MLKEM1024="yes"
|
|
ENABLED_MLKEM_MAKE_KEY="yes"
|
|
ENABLED_MLKEM_ENCAPSULATE="yes"
|
|
ENABLED_MLKEM_DECAPSULATE="yes"])
|
|
|
|
AS_IF([test "$ENABLED_MLDSA" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_dilithium" != "no")],
|
|
[ENABLED_MLDSA="yes"
|
|
ENABLED_MLDSA44="yes"
|
|
ENABLED_MLDSA65="yes"
|
|
ENABLED_MLDSA87="yes"
|
|
ENABLED_MLDSA_MAKE_KEY="yes"
|
|
ENABLED_MLDSA_SIGN="yes"
|
|
ENABLED_MLDSA_VERIFY="yes"])
|
|
|
|
AS_IF([test "$ENABLED_XMSS" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_xmss" != "no")],
|
|
[ENABLED_XMSS="yes"])
|
|
|
|
AS_IF([test "$ENABLED_LMS" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_lms" != "no")],
|
|
[ENABLED_LMS="yes"])
|
|
# LMS: enable SHA-256/192 and SHAKE256 parameter sets for FIPS v7
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LMS_SHA256_192 -DWOLFSSL_LMS_SHAKE256"
|
|
|
|
AS_IF([test "$ENABLED_SLHDSA" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_slhdsa" != "no")],
|
|
[ENABLED_SLHDSA="yes"
|
|
SLHDSA_PARAM_128S="yes"
|
|
SLHDSA_PARAM_128F="yes"
|
|
SLHDSA_PARAM_192S="yes"
|
|
SLHDSA_PARAM_192F="yes"
|
|
SLHDSA_PARAM_256S="yes"
|
|
SLHDSA_PARAM_256F="yes"
|
|
SLHDSA_SHA2="yes"
|
|
SLHDSA_PARAM_SHA2_128S="yes"
|
|
SLHDSA_PARAM_SHA2_128F="yes"
|
|
SLHDSA_PARAM_SHA2_192S="yes"
|
|
SLHDSA_PARAM_SHA2_192F="yes"
|
|
SLHDSA_PARAM_SHA2_256S="yes"
|
|
SLHDSA_PARAM_SHA2_256F="yes"])
|
|
|
|
# SHA-256 DRBG -- cannot be disabled at build time in FIPS mode
|
|
AS_IF([test "$ENABLED_SHA256_DRBG" != "yes" &&
|
|
test "$FIPS_VERSION" != "dev"],
|
|
[AC_MSG_ERROR([Can not disable SHA256-DRBG at build time in FIPS mode. Disable at run-time with wc_Sha256Drbg_Disable() or wc_Sha256Drbg_Disable_fips()])])
|
|
|
|
# SHA-512 DRBG -- cannot be disabled at build time in FIPS mode
|
|
AS_IF([test "$ENABLED_SHA512_DRBG" != "yes" &&
|
|
test "$FIPS_VERSION" != "dev"],
|
|
[AC_MSG_ERROR([Can not disable SHA512-DRBG at build time in FIPS mode. Disable it at run-time with wc_Sha512Drbg_Disable() or wc_Sha512Drbg_Disable_fips()])])
|
|
|
|
# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
|
|
AS_IF([test "$ENABLED_OLD_TLS" != "no"],
|
|
[AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
|
|
|
|
],
|
|
|
|
[v6],[ # FIPS 140-3 SRTP-KDF (frozen)
|
|
|
|
AM_CFLAGS="$AM_CFLAGS \
|
|
-DHAVE_FIPS \
|
|
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
|
|
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
|
|
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
|
|
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
|
|
-DHAVE_ECC_CDH \
|
|
-DWC_RSA_NO_PADDING \
|
|
-DECC_USER_CURVES \
|
|
-DHAVE_ECC384 \
|
|
-DHAVE_ECC521 \
|
|
-DWOLFSSL_VALIDATE_FFC_IMPORT \
|
|
-DHAVE_FFDHE_Q \
|
|
-DHAVE_FFDHE_3072 \
|
|
-DHAVE_FFDHE_4096 \
|
|
-DHAVE_FFDHE_6144 \
|
|
-DHAVE_FFDHE_8192"
|
|
|
|
# KCAPI API does not support custom k for sign, don't force enable ECC key sizes and don't use seed callback
|
|
AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
|
|
[AM_CFLAGS="$AM_CFLAGS \
|
|
-DWC_RNG_SEED_CB \
|
|
-DWOLFSSL_ECDSA_SET_K \
|
|
-DWOLFSSL_VALIDATE_ECC_IMPORT \
|
|
-DWOLFSSL_VALIDATE_ECC_KEYGEN \
|
|
-DHAVE_ECC192 \
|
|
-DHAVE_ECC224 \
|
|
-DHAVE_ECC256"])
|
|
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
|
|
# optimizations section
|
|
|
|
# protocol section
|
|
AS_IF([test "$ENABLED_WOLFSSH" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ssh" != "no")],
|
|
[enable_ssh="yes"])
|
|
|
|
AS_IF([test "$ENABLED_HKDF" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_hkdf" != "no")],
|
|
[ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
|
|
|
AS_IF([test "x$ENABLED_PWDBASED" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_pwdbased" != "no")],
|
|
[ENABLED_PWDBASED="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_PBKDF2 -DHAVE_AESGCM"])
|
|
|
|
AS_IF([test "x$ENABLED_SRTP" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_srtp" != "no")],
|
|
[ENABLED_SRTP="yes"])
|
|
AS_IF([test "x$ENABLED_SRTP_KDF" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_srtp_kdf" != "no")],
|
|
[ENABLED_SRTP_KDF="yes"])
|
|
|
|
# public key section
|
|
AS_IF([test "$ENABLED_KEYGEN" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
|
|
[ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
|
|
|
|
# AS_IF([test "$ENABLED_COMPKEY" != "yes" &&
|
|
# (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
|
|
# [ENABLED_COMPKEY="yes"])
|
|
|
|
AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_rsapss" != "no")],
|
|
[ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
|
|
|
|
AS_IF([test "$ENABLED_ECC" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ecc" != "no")],
|
|
[ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
|
|
AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
|
|
|
|
AS_IF([test "$ENABLED_ED25519" = "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed25519" != "no")],
|
|
[ENABLED_ED25519="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519 -DHAVE_ED25519_KEY_IMPORT"])
|
|
|
|
AS_IF([test "$ENABLED_CURVE25519" != "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_curve25519" = "")],
|
|
[ENABLED_CURVE25519="no"; AM_CFLAGS="$AM_CFLAGS"])
|
|
|
|
AS_IF([test "x$ENABLED_ED448" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed448" != "no")],
|
|
[ENABLED_ED448="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448 -DHAVE_ED448_KEY_IMPORT"])
|
|
|
|
AS_IF([test "$ENABLED_CURVE448" != "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_curve448" = "")],
|
|
[ENABLED_CURVE448="no"; AM_CFLAGS="$AM_CFLAGS"])
|
|
|
|
AS_IF([test "x$ENABLED_ED25519_STREAM" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed25519_stream" != "no")],
|
|
[ENABLED_ED25519_STREAM="yes"])
|
|
AS_IF([test "x$ENABLED_ED448_STREAM" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_ed448_stream" != "no")],
|
|
[ENABLED_ED448_STREAM="yes"])
|
|
|
|
AS_IF([test "x$ENABLED_ECCCUSTCURVES" != "xno" &&
|
|
test "$FIPS_VERSION" != "dev"],
|
|
[AC_MSG_WARN([Forcing off ecccustcurves for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_ECCCUSTCURVES="no"])
|
|
|
|
# Hashing section
|
|
AS_IF([test "x$ENABLED_SHA3" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_sha3" != "no")],
|
|
[ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
|
|
|
|
AS_IF([test "$ENABLED_SHA224" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_sha224" != "no")],
|
|
[ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
|
|
|
|
AS_IF([test "$ENABLED_SHA512" = "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_sha512" != "no")],
|
|
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
|
|
|
# SHA512-224 and SHA512-256 are not in-boundary in FIPS v6.
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
|
|
|
# Shake128 because we're testing SHAKE256
|
|
AS_IF([test "x$ENABLED_SHAKE128" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_shake128" != "no")],
|
|
[ENABLED_SHAKE128="yes"])
|
|
|
|
# Shake256 mandated for ED448
|
|
AS_IF([test "x$ENABLED_SHAKE256" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_shake256" != "no")],
|
|
[ENABLED_SHAKE256="yes"])
|
|
|
|
# Aes section
|
|
AS_IF([test "$ENABLED_AESCCM" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesccm" != "no")],
|
|
[ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
|
|
|
AS_IF([test "$ENABLED_AESCTR" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesctr" != "no")],
|
|
[ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
|
|
|
|
AS_IF([test "$ENABLED_CMAC" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_cmac" != "no")],
|
|
[ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
|
|
|
|
AS_IF([test "$ENABLED_AESGCM" = "no" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm" != "no")],
|
|
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
|
|
|
|
AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesgcm_stream" != "no")],
|
|
[ENABLED_AESGCM_STREAM="yes"])
|
|
|
|
AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesofb" != "no")],
|
|
[ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])
|
|
|
|
AS_IF([test "x$ENABLED_AESCFB" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aescfb" != "no")],
|
|
[ENABLED_AESCFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"])
|
|
|
|
AS_IF([test "x$ENABLED_AESXTS" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesxts" != "no")],
|
|
[ENABLED_AESXTS="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS"])
|
|
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
|
|
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
|
|
|
|
AS_IF([test "x$ENABLED_AESXTS_STREAM" = "xno" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aesxts_stream" != "no")],
|
|
[ENABLED_AESXTS_STREAM="yes"])
|
|
|
|
AS_IF([(test "$ENABLED_AESCCM" != "no" && test "$HAVE_AESCCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESCTR" != "no" && test "$HAVE_AESCTR_PORT" != "yes") ||
|
|
(test "$ENABLED_AESGCM" != "no" && test "$HAVE_AESGCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESOFB" != "no" && test "$HAVE_AESOFB_PORT" != "yes")],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
|
|
|
|
AS_IF([test "x$ENABLED_AESKEYWRAP" != "xyes" &&
|
|
(test "$FIPS_VERSION" != "dev" || test "$enable_aeskeywrap" != "no")],
|
|
[ENABLED_AESKEYWRAP="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP"])
|
|
|
|
# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
|
|
AS_IF([test "$ENABLED_OLD_TLS" != "no"],
|
|
[AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
|
|
|
|
],
|
|
|
|
[lean-aesgcm|lean-aesgcm-ready|lean-aesgcm-dev],[
|
|
|
|
AS_IF([test "$FIPS_VERSION" = "lean-aesgcm-dev"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"])
|
|
AS_IF([test "$FIPS_VERSION" = "lean-aesgcm-ready"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"])
|
|
|
|
AM_CFLAGS="$AM_CFLAGS \
|
|
-DHAVE_FIPS \
|
|
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
|
|
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
|
|
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
|
|
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
|
|
-DNO_BIG_INT \
|
|
-DWC_RNG_SEED_CB \
|
|
-DNO_PBKDF2"
|
|
|
|
# optimizations section
|
|
|
|
# protocol section
|
|
AS_IF([test "$ENABLED_CRYPTONLY" != "yes" && test "$enable_cryptonly" != "no"],
|
|
[ENABLED_CRYPTONLY="yes"; enable_cryptonly="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"])
|
|
|
|
AS_IF([test "$ENABLED_TLS" != "no" && test "$enable_tls" != "yes"],
|
|
[ENABLED_TLS="no"; enable_tls="no"; AM_CFLAGS="$AM_CFLAGS -DNO_TLS"])
|
|
|
|
AS_IF([test "$ENABLED_TLSV12" != "no" && test "$enable_tlsv12" != "yes"],
|
|
[ENABLED_TLSV12="no"; enable_tlsv12="no"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12"])
|
|
|
|
AS_IF([test "$ENABLED_ASN" != "no" && test "$enable_asn" != "yes"],
|
|
[ENABLED_ASN="no"; enable_asn="no"; AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"])
|
|
|
|
AS_IF([test "$ENABLED_SEND_HRR_COOKIE" != "no" && test "$enable_hrrcookie" != "yes"],
|
|
[ENABLED_SEND_HRR_COOKIE="no"; enable_hrrcookie="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SEND_HRR_COOKIE"])
|
|
|
|
AS_IF([test "$ENABLED_WOLFSSH" != "no" && test "$enable_ssh" != "yes"],
|
|
[ENABLED_WOLFSSH="no"; enable_ssh="no"])
|
|
|
|
AS_IF([test "$ENABLED_HKDF" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_hkdf" != "yes")],
|
|
[enable_hkdf="no"; ENABLED_HKDF="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_HKDF"])
|
|
|
|
AS_IF([test "$ENABLED_PWDBASED" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_pwdbased" != "yes")],
|
|
[enable_pwdbased="no"; ENABLED_PWDBASED="no"])
|
|
|
|
AS_IF([test "$ENABLED_SRTP" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_srtp" != "yes")],
|
|
[enable_srtp="no"; ENABLED_SRTP="no"])
|
|
|
|
AS_IF([test "$ENABLED_SRTP_KDF" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_srtp_kdf" != "yes")],
|
|
[enable_srtp_kdf="no"; ENABLED_SRTP_KDF="no"])
|
|
|
|
AS_IF([test "$ENABLED_PKCS8" != "no" && test "$enable_pkcs8" != "yes"],
|
|
[enable_pkcs8="no"; ENABLED_PKCS8="no"; AM_CFLAGS="$AM_CFLAGS -DNO_PKCS8"])
|
|
|
|
# public key section
|
|
|
|
AS_IF([test "$ENABLED_SP_MATH_ALL" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sp_math_all" != "yes")],
|
|
[enable_sp_math_all="no"; ENABLED_SP_MATH_ALL="no"])
|
|
|
|
AS_IF([test "$ENABLED_KEYGEN" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_keygen" != "yes")],
|
|
[enable_keygen="no"; ENABLED_KEYGEN="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_KEY_GEN"])
|
|
|
|
AS_IF([test "$ENABLED_COMPKEY" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_compkey" != "yes")],
|
|
[enable_compkey="no"; ENABLED_COMPKEY="no"])
|
|
|
|
AS_IF([test "$ENABLED_RSA" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_rsa" != "yes")],
|
|
[enable_rsa="no"; ENABLED_RSA="no"; AM_CFLAGS="$AM_CFLAGS -DNO_RSA"])
|
|
|
|
AS_IF([test "$ENABLED_RSAPSS" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_rsapss" != "yes")],
|
|
[enable_rsapss="no"; ENABLED_RSAPSS="no"; AM_CFLAGS="$AM_CFLAGS -UWC_RSA_PSS"])
|
|
|
|
AS_IF([test "$ENABLED_DH" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_dh" != "yes")],
|
|
[enable_dh="no"; ENABLED_DH="no"; AM_CFLAGS="$AM_CFLAGS -DNO_DH"])
|
|
|
|
AS_IF([test "$ENABLED_ECC" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ecc" != "yes")],
|
|
[enable_ecc="no"; ENABLED_ECC="no"; ENABLED_ECCMINSZ="n/a"; ENABLED_ECC_SHAMIR="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_ECC -UTFM_ECC256 -UECC_MIN_KEY_SZ -UECC_SHAMIR"])
|
|
|
|
AS_IF([test "$ENABLED_ED25519" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed25519" != "yes")],
|
|
[enable_ed25519="no"; ENABLED_ED25519="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_ED25519 -UHAVE_ED25519_KEY_IMPORT"])
|
|
AS_IF([test "$ENABLED_CURVE25519" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_curve25519" != "yes")],
|
|
[enable_curve25519="no"; ENABLED_CURVE25519="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_CURVE25519"])
|
|
|
|
AS_IF([test "$ENABLED_ED448" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed448" != "yes")],
|
|
[enable_ed448="no"; ENABLED_ED448="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_ED448 -UHAVE_ED448_KEY_IMPORT"])
|
|
AS_IF([test "$ENABLED_CURVE448" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_curve448" != "yes")],
|
|
[enable_curve448="no"; ENABLED_CURVE448="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_CURVE448"])
|
|
|
|
AS_IF([test "$ENABLED_ED25519_STREAM" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed25519_stream" != "yes")],
|
|
[enable_ed25519_stream="no"; ENABLED_ED25519_STREAM="no"])
|
|
AS_IF([test "$ENABLED_ED448_STREAM" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_ed448_stream" != "yes")],
|
|
[enable_ed448_stream="no"; ENABLED_ED448_STREAM="no"])
|
|
|
|
AS_IF([test "$ENABLED_ECCCUSTCURVES" != "no" &&
|
|
test "$FIPS_VERSION" != "lean-aesgcm-dev"],
|
|
[ENABLED_ECCCUSTCURVES="no"])
|
|
|
|
# Hashing section
|
|
AS_IF([test "$ENABLED_SHA" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha" != "yes")],
|
|
[enable_sha="no"; ENABLED_SHA="no"; AM_CFLAGS="$AM_CFLAGS -DNO_SHA"])
|
|
|
|
AS_IF([test "$ENABLED_SHA256" = "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha256" != "no")],
|
|
[enable_sha256="yes"; ENABLED_SHA256="yes"; AM_CFLAGS="$AM_CFLAGS -UNO_SHA256"])
|
|
|
|
AS_IF([test "$ENABLED_SHA3" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha3" != "yes")],
|
|
[enable_sha3="no"; ENABLED_SHA3="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA3"])
|
|
|
|
AS_IF([test "$ENABLED_SHAKE128" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake128" != "yes")],
|
|
[enable_shake128="no"; ENABLED_SHAKE128="no"])
|
|
|
|
AS_IF([test "$ENABLED_SHAKE256" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake256" != "yes")],
|
|
[enable_shake256="no"; ENABLED_SHAKE256="no"])
|
|
|
|
AS_IF([test "$ENABLED_SHA224" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha224" != "yes")],
|
|
[enable_sha224="no"; ENABLED_SHA224="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA224"])
|
|
|
|
AS_IF([test "$ENABLED_SHA384" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha384" != "yes")],
|
|
[enable_sha384="no"; ENABLED_SHA384="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA384 -UWOLFSSL_SHA384"])
|
|
|
|
AS_IF([test "$ENABLED_SHA512" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_sha512" != "yes")],
|
|
[enable_sha512="no"; ENABLED_SHA512="no"; ENABLED_SHA512_DRBG="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_SHA512 -UWOLFSSL_SHA384"])
|
|
|
|
# SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
|
|
|
AS_IF([test "$ENABLED_SHAKE128" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake128" != "yes")],
|
|
[enable_shake128="no"; ENABLED_SHAKE128="no"])
|
|
|
|
AS_IF([test "$ENABLED_SHAKE256" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake256" != "yes")],
|
|
[enable_shake256="no"; ENABLED_SHAKE256="no"])
|
|
|
|
AS_IF([test "$ENABLED_MLKEM" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_mlkem" != "yes")],
|
|
[enable_mlkem="no"; ENABLED_MLKEM="no"])
|
|
|
|
AS_IF([test "$ENABLED_MD5" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_md5" != "yes")],
|
|
[enable_md5="no"; ENABLED_MD5="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5"])
|
|
|
|
# Aes section
|
|
AS_IF([test "$ENABLED_AESCBC" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aescbc" != "yes")],
|
|
[enable_aescbc="no"; ENABLED_AESCBC="no"; AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"])
|
|
|
|
AS_IF([test "$ENABLED_AESCCM" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesccm" != "yes")],
|
|
[enable_aesccm="no"; ENABLED_AESCCM="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_AESCCM"])
|
|
|
|
AS_IF([test "$ENABLED_AESCTR" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesctr" != "yes")],
|
|
[enable_aesctr="no"; ENABLED_AESCTR="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_COUNTER"])
|
|
|
|
AS_IF([test "$ENABLED_CMAC" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_cmac" != "yes")],
|
|
[enable_cmac="no"; ENABLED_CMAC="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_CMAC"])
|
|
|
|
AS_IF([test "$ENABLED_AESGCM" = "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesgcm" != "no")],
|
|
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
|
|
|
|
AS_IF([test "$ENABLED_AESGCM_STREAM" != "yes" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesgcm_stream" != "no")],
|
|
[ENABLED_AESGCM_STREAM="yes"])
|
|
|
|
AS_IF([test "$ENABLED_AESOFB" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesofb" != "yes")],
|
|
[enable_aesofb="no"; ENABLED_AESOFB="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_OFB"])
|
|
|
|
AS_IF([test "$ENABLED_AESCFB" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aescfb" != "yes")],
|
|
[enable_aescfb="no"; ENABLED_AESCFB="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_CFB"])
|
|
|
|
AS_IF([test "$ENABLED_AESXTS" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesxts" != "yes")],
|
|
[enable_aesxts="no"; ENABLED_AESXTS="no"; AM_CFLAGS="$AM_CFLAGS -UWOLFSSL_AES_XTS"])
|
|
AS_IF([test "$ENABLED_AESXTS" = "yes" && test "$ENABLED_AESNI" = "yes"],
|
|
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
|
|
|
|
AS_IF([test "$ENABLED_AESXTS_STREAM" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aesxts_stream" != "yes")],
|
|
[enable_aesxts_stream="no"; ENABLED_AESXTS_STREAM="no"])
|
|
|
|
AS_IF([(test "$ENABLED_AESCCM" != "no" && test "$HAVE_AESCCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESCTR" != "no" && test "$HAVE_AESCTR_PORT" != "yes") ||
|
|
(test "$ENABLED_AESGCM" != "no" && test "$HAVE_AESGCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESOFB" != "no" && test "$HAVE_AESOFB_PORT" != "yes")],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
|
|
|
|
AS_IF([test "$ENABLED_AESKEYWRAP" != "no" &&
|
|
(test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_aeskeywrap" != "yes")],
|
|
[enable_aeskeywrap="no"; ENABLED_AESKEYWRAP="no"; AM_CFLAGS="$AM_CFLAGS -UHAVE_AES_KEYWRAP"])
|
|
|
|
# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
|
|
AS_IF([test "$ENABLED_OLD_TLS" != "no"],
|
|
[AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
|
|
|
|
],
|
|
|
|
[v5*], [ # FIPS 140-3
|
|
|
|
AM_CFLAGS="$AM_CFLAGS \
|
|
-DHAVE_FIPS \
|
|
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
|
|
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
|
|
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
|
|
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
|
|
-DHAVE_ECC_CDH \
|
|
-DWC_RSA_NO_PADDING \
|
|
-DECC_USER_CURVES \
|
|
-DHAVE_ECC384 \
|
|
-DHAVE_ECC521 \
|
|
-DWOLFSSL_VALIDATE_FFC_IMPORT \
|
|
-DHAVE_FFDHE_Q \
|
|
-DHAVE_FFDHE_3072 \
|
|
-DHAVE_FFDHE_4096 \
|
|
-DHAVE_FFDHE_6144 \
|
|
-DHAVE_FFDHE_8192"
|
|
|
|
# KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback
|
|
AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
|
|
[AM_CFLAGS="$AM_CFLAGS \
|
|
-DWC_RNG_SEED_CB \
|
|
-DWOLFSSL_ECDSA_SET_K \
|
|
-DWOLFSSL_VALIDATE_ECC_IMPORT \
|
|
-DWOLFSSL_VALIDATE_ECC_KEYGEN \
|
|
-DHAVE_ECC192 \
|
|
-DHAVE_ECC224 \
|
|
-DHAVE_ECC256"])
|
|
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
|
|
|
|
# force various features to FIPS 140-3 defaults, unless overridden with dev:
|
|
|
|
AS_IF([test "$ENABLED_KEYGEN" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")],
|
|
[ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
|
|
|
|
AS_IF([test "$ENABLED_SHA224" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")],
|
|
[ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
|
|
|
|
AS_IF([test "$ENABLED_SHA3" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha3" != "no")],
|
|
[ENABLED_SHA3="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"])
|
|
|
|
AS_IF([test "$ENABLED_WOLFSSH" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")],
|
|
[enable_ssh="yes"])
|
|
|
|
# Shake128 is a SHA-3 algorithm outside the v5 FIPS algorithm list
|
|
AS_IF([test "$ENABLED_SHAKE128" != "no" &&
|
|
! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake128" = "yes")],
|
|
[AC_MSG_WARN([Forcing off shake128 for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_SHAKE128=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"])
|
|
|
|
# Shake256 is a SHA-3 algorithm outside the v5 FIPS algorithm list
|
|
AS_IF([test "$ENABLED_SHAKE256" != "no" &&
|
|
! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_shake256" = "yes")],
|
|
[AC_MSG_WARN([Forcing off shake256 for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
|
|
|
|
# SHA512-224 and SHA512-256 are SHA-2 algorithms outside the v5 FIPS algorithm list
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
|
|
|
AS_IF([test "$ENABLED_AESCCM" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")],
|
|
[ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
|
|
|
AS_IF([test "$ENABLED_AESXTS" = "yes" &&
|
|
! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesxts" = "yes")],
|
|
[AC_MSG_WARN([Forcing off aesxts for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_AESXTS="no"])
|
|
|
|
AS_IF([test "$ENABLED_RSAPSS" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")],
|
|
[ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
|
|
|
|
AS_IF([test "$ENABLED_ECC" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")],
|
|
[ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
|
|
AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")],
|
|
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
|
|
|
|
AS_IF([test "$ENABLED_AESCTR" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")],
|
|
[ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
|
|
|
|
AS_IF([test "$ENABLED_CMAC" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")],
|
|
[ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
|
|
|
|
AS_IF([test "$ENABLED_HKDF" != "yes" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")],
|
|
[ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
|
|
|
AS_IF([test "$ENABLED_INTELASM" = "yes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
|
|
|
|
AS_IF([test "$ENABLED_SHA512" = "no" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")],
|
|
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
|
|
|
AS_IF([test "$ENABLED_AESGCM" = "no" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")],
|
|
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"; AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
|
|
|
|
# AES-GCM streaming isn't part of the v5 FIPS suite.
|
|
AS_IF([test "$ENABLED_AESGCM_STREAM" = "yes" &&
|
|
! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_aesgcm_stream" = "yes")],
|
|
[AC_MSG_WARN([Forcing off aesgcm-stream for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_AESGCM_STREAM="no"])
|
|
|
|
# Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
|
|
AS_IF([test "$ENABLED_OLD_TLS" != "no"],
|
|
[AC_MSG_WARN([Forcing off oldtls for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
|
|
|
|
AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
|
|
[AS_IF([test "x$ENABLED_AESOFB" = "xno" &&
|
|
(test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
|
|
[ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])
|
|
|
|
AS_IF([test "$ENABLED_SRTP" != "no" &&
|
|
! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp" = "yes")],
|
|
[AC_MSG_WARN([Forcing off srtp for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_SRTP="no"])
|
|
|
|
AS_IF([test "$ENABLED_SRTP_KDF" != "no" &&
|
|
! (test "$FIPS_VERSION" = "v5-dev" && test "$enable_srtp_kdf" = "yes")],
|
|
[AC_MSG_WARN([Forcing off srtp-kdf for FIPS ${FIPS_VERSION}.])
|
|
ENABLED_SRTP_KDF="no"])
|
|
|
|
AS_IF([(test "$ENABLED_AESCCM" != "no" && test "$HAVE_AESCCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESCTR" != "no" && test "$HAVE_AESCTR_PORT" != "yes") ||
|
|
(test "$ENABLED_AESGCM" != "no" && test "$HAVE_AESGCM_PORT" != "yes") ||
|
|
(test "$ENABLED_AESOFB" != "no" && test "$HAVE_AESOFB_PORT" != "yes") ||
|
|
(test "$ENABLED_AESXTS" != "no" && test "$HAVE_AESXTS_PORT" != "yes")],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
|
|
],
|
|
|
|
[v2],[ # FIPS 140-2, Cert 3389
|
|
AM_CFLAGS="$AM_CFLAGS \
|
|
-DHAVE_FIPS \
|
|
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
|
|
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
|
|
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
|
|
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH \
|
|
-DWOLFSSL_KEY_GEN \
|
|
-DWOLFSSL_SHA224 \
|
|
-DWOLFSSL_AES_DIRECT \
|
|
-DHAVE_AES_ECB \
|
|
-DHAVE_ECC_CDH \
|
|
-DWC_RSA_NO_PADDING \
|
|
-DWOLFSSL_VALIDATE_FFC_IMPORT \
|
|
-DHAVE_FFDHE_Q \
|
|
-DHAVE_PUBLIC_FFDHE"
|
|
|
|
ENABLED_KEYGEN="yes"
|
|
ENABLED_SHA224="yes"
|
|
ENABLED_DES3="yes"
|
|
# Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
|
|
ENABLED_SHAKE256=no
|
|
# SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
|
|
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
|
|
[ENABLED_AESCCM="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
|
|
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
|
|
[ENABLED_RSAPSS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
|
|
AS_IF([test "x$ENABLED_ECC" != "xyes"],
|
|
[ENABLED_ECC="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
|
|
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
|
|
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
|
|
[ENABLED_AESCTR="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
|
|
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
|
|
[ENABLED_AESCTR="yes"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_COUNTER"])
|
|
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
|
|
[ENABLED_CMAC="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
|
|
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
|
|
[ENABLED_HKDF="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
|
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
|
|
AS_IF([test "x$ENABLED_SHA512" = "xno"],
|
|
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
|
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
|
|
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
|
|
],
|
|
|
|
["rand"],[
|
|
AM_CFLAGS="$AM_CFLAGS \
|
|
-DWOLFCRYPT_FIPS_RAND \
|
|
-DHAVE_FIPS \
|
|
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
|
|
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
|
|
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
|
|
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH"
|
|
],
|
|
|
|
["v1"],[ # FIPS 140-2, Cert 2425
|
|
AM_CFLAGS="$AM_CFLAGS \
|
|
-DHAVE_FIPS \
|
|
-DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
|
|
-DHAVE_FIPS_VERSION_MAJOR=$HAVE_FIPS_VERSION_MAJOR \
|
|
-DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
|
|
-DHAVE_FIPS_VERSION_PATCH=$HAVE_FIPS_VERSION_PATCH"
|
|
AS_IF([test "x$ENABLED_SHA512" = "xno"],
|
|
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
|
|
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
|
|
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
|
|
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
|
|
])
|
|
|
|
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno" && test "$ENABLE_LINUXKM" = "no"],
|
|
[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
|
|
|
|
AS_IF([(test "$ENABLED_NULL_CIPHER" = "yes" || test "$ENABLED_LEANPSK" = "yes") && test "$ENABLED_FIPS" != "no" && test "$FIPS_VERSION" != "dev" && test "$FIPS_VERSION" != "v5-dev"],
|
|
[AC_MSG_ERROR([FIPS is incompatible with nullcipher])])
|
|
|
|
# SELFTEST
|
|
AC_ARG_ENABLE([selftest],
|
|
[AS_HELP_STRING([--enable-selftest],[Enable selftest, Will NOT work w/o CAVP selftest license (default: disabled)])],
|
|
[ ENABLED_SELFTEST=$enableval ],
|
|
[ ENABLED_SELFTEST="no" ]
|
|
)
|
|
|
|
AS_CASE([$ENABLED_SELFTEST],
|
|
["v2"],[
|
|
# selftest v2 (wolfCrypt 4.1.0)
|
|
ENABLED_SELFTEST="yes"
|
|
SELFTEST_VERSION="v2"
|
|
],
|
|
["no"],[SELFTEST_VERSION="none"],
|
|
[
|
|
# selftest v1 (wolfCrypt 3.14.2)
|
|
ENABLED_SELFTEST="yes"
|
|
SELFTEST_VERSION="v1"
|
|
])
|
|
|
|
AS_IF([test "x$ENABLED_SELFTEST" = "xyes" && test ! -s "${srcdir}/wolfcrypt/src/selftest.c"],
|
|
[AC_MSG_ERROR([selftest.c is missing, --enable-selftest requires the CAVP selftest source])])
|
|
|
|
AS_CASE([$SELFTEST_VERSION],
|
|
["v2"],[
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_SELFTEST_VERSION=2 -DHAVE_PUBLIC_FFDHE"
|
|
],
|
|
["v1"],[
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE"
|
|
])
|
|
|
|
|
|
# Set ML-KEM flags
|
|
|
|
if test "$ENABLED_MLKEM" != "no"
|
|
then
|
|
if test "$ENABLED_SHA3" = "no"
|
|
then
|
|
AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3])
|
|
ENABLED_SHA3=yes
|
|
enable_sha3=yes
|
|
fi
|
|
|
|
if test "$ENABLED_SHAKE128" = "no"
|
|
then
|
|
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128])
|
|
ENABLED_SHAKE128=yes
|
|
fi
|
|
|
|
if test "$ENABLED_SHAKE256" = "no"
|
|
then
|
|
AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256])
|
|
ENABLED_SHAKE256=yes
|
|
fi
|
|
fi
|
|
|
|
ENABLED_ML_KEM=unset
|
|
ENABLED_MLKEM_MAKE_KEY=no
|
|
ENABLED_MLKEM_ENCAPSULATE=no
|
|
ENABLED_MLKEM_DECAPSULATE=no
|
|
for v in `echo $ENABLED_MLKEM | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
ENABLED_MLKEM512=yes
|
|
ENABLED_MLKEM768=yes
|
|
ENABLED_MLKEM1024=yes
|
|
ENABLED_MLKEM_MAKE_KEY=yes
|
|
ENABLED_MLKEM_ENCAPSULATE=yes
|
|
ENABLED_MLKEM_DECAPSULATE=yes
|
|
;;
|
|
all)
|
|
ENABLED_MLKEM_MAKE_KEY=yes
|
|
ENABLED_MLKEM_ENCAPSULATE=yes
|
|
ENABLED_MLKEM_DECAPSULATE=yes
|
|
ENABLED_ML_KEM=yes
|
|
ENABLED_ORIGINAL=yes
|
|
;;
|
|
no)
|
|
;;
|
|
small)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL"
|
|
;;
|
|
no-large-code)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE"
|
|
;;
|
|
cache-a)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A"
|
|
;;
|
|
512)
|
|
ENABLED_MLKEM512=yes
|
|
;;
|
|
768)
|
|
ENABLED_MLKEM768=yes
|
|
;;
|
|
1024)
|
|
ENABLED_MLKEM1024=yes
|
|
;;
|
|
make)
|
|
ENABLED_MLKEM_MAKE_KEY=yes
|
|
;;
|
|
encapsulate|enc)
|
|
ENABLED_MLKEM_ENCAPSULATE=yes
|
|
;;
|
|
decapsulate|dec)
|
|
ENABLED_MLKEM_DECAPSULATE=yes
|
|
;;
|
|
original|kyber)
|
|
ENABLED_ORIGINAL=yes
|
|
;;
|
|
ml-kem)
|
|
ENABLED_ML_KEM=yes
|
|
;;
|
|
noasm)
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.])
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
# Selftest uses its own random.c which doesn't support SHA-512 DRBG
|
|
# or runtime DRBG disable/enable APIs
|
|
AS_IF([test "x$ENABLED_SELFTEST" = "xyes"],
|
|
[ENABLED_SHA512_DRBG=no])
|
|
|
|
AS_IF([test "x$ENABLED_AESXTS" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
|
|
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"],
|
|
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
|
|
AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_AESNI" = "xyes"],
|
|
[AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AES_XTS"])
|
|
|
|
# ECC Custom Curves
|
|
if test "$ENABLED_ECCCUSTCURVES" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
|
|
|
|
# For distro, all or ecccustcurves=all builds, enable all curve types
|
|
if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all"
|
|
then
|
|
# Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
|
|
|
|
# Enable ECC Cofactor support
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH"
|
|
|
|
# If fastmath enabled and on x86 use speedups
|
|
if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64" -o "$host_cpu" = "amd64"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# Curve448
|
|
if test "$ENABLED_CURVE448" != "no"
|
|
then
|
|
if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL"
|
|
ENABLED_CURVE448_SMALL=yes
|
|
ENABLED_CURVE448=yes
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT"
|
|
ENABLED_CURVE448=yes
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"
|
|
ENABLED_FE448=yes
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
# Ed448
|
|
if test "$ENABLED_ED448" != "no"
|
|
then
|
|
if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DED448_SMALL"
|
|
ENABLED_ED448_SMALL=yes
|
|
ENABLED_CURVE448_SMALL=yes
|
|
ENABLED_ED448=yes
|
|
fi
|
|
|
|
if test "$ENABLED_SHA512" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable ed448 without enabling sha512.])
|
|
fi
|
|
if test "x$HAVE_FIPS_VERSION" = "x2"
|
|
then
|
|
AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode])
|
|
fi
|
|
ENABLED_FE448=yes
|
|
ENABLED_GE448=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448"
|
|
|
|
# EdDSA448 requires SHAKE256 which requires SHA-3
|
|
if test "$ENABLED_SHA3" = "no"
|
|
then
|
|
ENABLED_SHA3=yes
|
|
fi
|
|
ENABLED_SHAKE256=yes
|
|
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
if test "$ENABLED_ED448_STREAM" != "no"
|
|
then
|
|
if test "$ENABLED_ED448" = "no"
|
|
then
|
|
AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled])
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
|
|
fi
|
|
fi
|
|
|
|
|
|
# SRTP-KDF
|
|
if test "$ENABLED_SRTP" = "yes"
|
|
then
|
|
ENABLED_SRTP_KDF="yes"
|
|
fi
|
|
if test "$ENABLED_SRTP_KDF" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_SRTP_KDF -DHAVE_AES_ECB -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
|
|
# ML-KEM and Dilithium require SHA-3 and SHAKE -- force them on before flag
|
|
# processing so that the correct -D flags are emitted.
|
|
if test "$ENABLED_MLKEM" != "no"
|
|
then
|
|
ENABLED_SHA3=yes
|
|
ENABLED_SHAKE128=yes
|
|
ENABLED_SHAKE256=yes
|
|
fi
|
|
if test "$ENABLED_MLDSA" != "no"
|
|
then
|
|
ENABLED_SHA3=yes
|
|
ENABLED_SHAKE128=yes
|
|
ENABLED_SHAKE256=yes
|
|
fi
|
|
|
|
# Set SHA-3 flags
|
|
if test "$ENABLED_SHA3" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
|
|
fi
|
|
|
|
# Set SHAKE128 flags
|
|
# FIPS traditionally does not support SHAKE 128, v6 does
|
|
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],
|
|
[ENABLED_SHAKE128="no"])
|
|
|
|
if test "$ENABLED_SHAKE128" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE128"
|
|
if test "$ENABLED_SHA3" = "no"
|
|
then
|
|
AC_MSG_ERROR([shake128 requires SHA-3: --enable-sha3])
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE128"
|
|
fi
|
|
|
|
# Set SHAKE256 flags
|
|
# FIPS traditionally does not support SHAKE 256, v6 does
|
|
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 6],
|
|
[ENABLED_SHAKE256="no"])
|
|
|
|
if test "$ENABLED_SHAKE256" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256"
|
|
if test "$ENABLED_SHA3" = "no"
|
|
then
|
|
AC_MSG_ERROR([shake256 requires SHA-3: --enable-sha3])
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
|
|
fi
|
|
|
|
# MLKEM CFLAG processing (after FIPS section for sandwich pattern)
|
|
if test "$ENABLED_MLKEM" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_MLKEM"
|
|
|
|
if test "$ENABLED_ORIGINAL" = "yes"; then
|
|
# FIPS 203 (ML-KEM) and Kyber use different implicit rejection.
|
|
# Kyber mode must not be used in FIPS v7+ builds.
|
|
AS_IF([test "$HAVE_FIPS_VERSION" -ge 7],
|
|
[AC_MSG_ERROR([Kyber (--enable-mlkem=original) is not compatible with FIPS v7+. Use ML-KEM (FIPS 203) instead.])])
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER"
|
|
if test "$ENABLED_MLKEM512" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512"
|
|
fi
|
|
if test "$ENABLED_MLKEM768" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768"
|
|
fi
|
|
if test "$ENABLED_MLKEM1024" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024"
|
|
fi
|
|
if test "$ENABLED_ML_KEM" = "unset"; then
|
|
ENABLED_ML_KEM=no
|
|
fi
|
|
fi
|
|
if test "$ENABLED_ML_KEM" = "unset"; then
|
|
ENABLED_ML_KEM=yes
|
|
fi
|
|
if test "$ENABLED_ML_KEM" = "yes"; then
|
|
if test "$ENABLED_MLKEM512" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512"
|
|
fi
|
|
if test "$ENABLED_MLKEM768" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768"
|
|
fi
|
|
if test "$ENABLED_MLKEM1024" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024"
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM"
|
|
fi
|
|
if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY"
|
|
fi
|
|
if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE"
|
|
fi
|
|
if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE"
|
|
fi
|
|
|
|
test "$enable_sha3" = "" && enable_sha3=yes
|
|
test "$enable_shake128" = "" && enable_shake128=yes
|
|
test "$enable_shake256" = "" && enable_shake256=yes
|
|
fi
|
|
|
|
AC_ARG_ENABLE([tls-mlkem-standalone],
|
|
[AS_HELP_STRING([--enable-tls-mlkem-standalone],[Enable ML-KEM as standalone TLS key exchange (non-hybrid) (default: disabled)])],
|
|
[ ENABLED_MLKEM_STANDALONE=$enableval ],
|
|
[ ENABLED_MLKEM_STANDALONE=no ]
|
|
)
|
|
|
|
AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])])
|
|
if test "$ENABLED_MLKEM_STANDALONE" != "yes"
|
|
then
|
|
# Hybrid PQ/T groups all combine ML-KEM with an ECC/Curve25519/Curve448
|
|
# base. If none of those is available, hybrids contribute no usable groups
|
|
# for TLS 1.3 key exchange. In that case, auto-enable standalone ML-KEM so
|
|
# TLS 1.3 has a functional KEM.
|
|
if test "$ENABLED_MLKEM" = "yes" && test "$ENABLED_ML_KEM" != "no" && \
|
|
test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && \
|
|
test "x$ENABLED_CURVE448" = "xno"
|
|
then
|
|
AC_MSG_NOTICE([No ECC/Curve25519/Curve448 base for ML-KEM hybrids; auto-enabling standalone ML-KEM for TLS 1.3.])
|
|
ENABLED_MLKEM_STANDALONE=yes
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE"
|
|
fi
|
|
fi
|
|
|
|
AC_ARG_ENABLE([pqc-hybrids],
|
|
[AS_HELP_STRING([--enable-pqc-hybrids],[Enable PQ/T hybrid combinations (default: enabled)])],
|
|
[ ENABLED_PQC_HYBRIDS=$enableval ],
|
|
[ ENABLED_PQC_HYBRIDS=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_PQC_HYBRIDS" = "yes"
|
|
then
|
|
if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no"
|
|
then
|
|
ENABLED_PQC_HYBRIDS=no
|
|
elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then
|
|
AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.])
|
|
ENABLED_PQC_HYBRIDS=no
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no"
|
|
then
|
|
if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no"
|
|
then
|
|
AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.])
|
|
fi
|
|
fi
|
|
|
|
# Extra PQ/T Hybrid combinations
|
|
AC_ARG_ENABLE([extra-pqc-hybrids],
|
|
[AS_HELP_STRING([--enable-extra-pqc-hybrids],[Enable extra PQ/T hybrid combinations (default: disabled)])],
|
|
[ ENABLED_EXTRA_PQC_HYBRIDS=$enableval ],
|
|
[ ENABLED_EXTRA_PQC_HYBRIDS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes"
|
|
then
|
|
AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ])
|
|
AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ])
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS"
|
|
fi
|
|
|
|
# ML-DSA CFLAG processing (after FIPS section for sandwich pattern)
|
|
if test "$ENABLED_MLDSA" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLDSA"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_MLDSA"
|
|
|
|
if test "$ENABLED_MLDSA44" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_44"
|
|
fi
|
|
if test "$ENABLED_MLDSA65" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_65"
|
|
fi
|
|
if test "$ENABLED_MLDSA87" = ""; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_DSA_87"
|
|
fi
|
|
if test "$ENABLED_MLDSA_MAKE_KEY" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_MAKE_KEY"
|
|
fi
|
|
if test "$ENABLED_MLDSA_SIGN" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_SIGN"
|
|
fi
|
|
if test "$ENABLED_MLDSA_VERIFY" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLDSA_NO_VERIFY"
|
|
fi
|
|
|
|
test "$enable_sha3" = "" && enable_sha3=yes
|
|
test "$enable_shake128" = "" && enable_shake128=yes
|
|
test "$enable_shake256" = "" && enable_shake256=yes
|
|
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
# XMSS CFLAG processing (after FIPS section for sandwich pattern)
|
|
if test "$ENABLED_XMSS" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_XMSS"
|
|
fi
|
|
|
|
# LMS CFLAG processing (after FIPS section for sandwich pattern)
|
|
if test "$ENABLED_LMS" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_LMS"
|
|
fi
|
|
|
|
# SLH-DSA CFLAG processing (after FIPS section for sandwich pattern)
|
|
if test "$ENABLED_SLHDSA" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SLHDSA"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SLHDSA"
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_SLHDSA"
|
|
|
|
if test "$SLHDSA_PARAM_128S" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_128S"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_128S"
|
|
fi
|
|
if test "$SLHDSA_PARAM_128F" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_128F"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_128F"
|
|
fi
|
|
if test "$SLHDSA_PARAM_192S" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_192S"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_192S"
|
|
fi
|
|
if test "$SLHDSA_PARAM_192F" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_192F"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_192F"
|
|
fi
|
|
if test "$SLHDSA_PARAM_256S" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_256S"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_256S"
|
|
fi
|
|
if test "$SLHDSA_PARAM_256F" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_256F"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_256F"
|
|
fi
|
|
|
|
# SHA2 parameter set support
|
|
if test "$SLHDSA_SHA2" = "yes"
|
|
then
|
|
# Dependency checks for SHA2 SLH-DSA
|
|
if test "$ENABLED_SHA256" = "no"
|
|
then
|
|
AC_MSG_ERROR([SLH-DSA SHA2 requires SHA-256 (--enable-sha256)])
|
|
fi
|
|
if test "$ENABLED_SHA512" = "no"
|
|
then
|
|
AC_MSG_ERROR([SLH-DSA SHA2 requires SHA-512 (--enable-sha512)])
|
|
fi
|
|
if test "$ENABLED_HMAC" = "no"
|
|
then
|
|
AC_MSG_ERROR([SLH-DSA SHA2 requires HMAC (--enable-hmac)])
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_SHA2"
|
|
|
|
if test "$SLHDSA_PARAM_SHA2_128S" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_SHA2_128S"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_128S"
|
|
fi
|
|
if test "$SLHDSA_PARAM_SHA2_128F" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_SHA2_128F"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_128F"
|
|
fi
|
|
if test "$SLHDSA_PARAM_SHA2_192S" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_SHA2_192S"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_192S"
|
|
fi
|
|
if test "$SLHDSA_PARAM_SHA2_192F" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_SHA2_192F"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_192F"
|
|
fi
|
|
if test "$SLHDSA_PARAM_SHA2_256S" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_SHA2_256S"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_256S"
|
|
fi
|
|
if test "$SLHDSA_PARAM_SHA2_256F" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_SHA2_256F"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SHA2_256F"
|
|
fi
|
|
fi
|
|
|
|
# SLH-DSA requires SHAKE-256 (and SHA-3 as its dependency).
|
|
# This runs after the SHAKE256 flags section, so we must set both the
|
|
# ENABLED variable and emit the CFLAGS ourselves.
|
|
if test "$ENABLED_SHAKE256" = "no" || test "$ENABLED_SHAKE256" = ""
|
|
then
|
|
ENABLED_SHAKE256=yes
|
|
if test "$ENABLED_SHA3" = "no"
|
|
then
|
|
ENABLED_SHA3=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
|
|
fi
|
|
# Remove -DWOLFSSL_NO_SHAKE256 if it was already added and add the
|
|
# positive define.
|
|
AM_CFLAGS=$(echo "$AM_CFLAGS" | sed 's/-DWOLFSSL_NO_SHAKE256//g')
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256"
|
|
fi
|
|
fi
|
|
|
|
# set POLY1305 default
|
|
POLY1305_DEFAULT=yes
|
|
|
|
if test "x$ENABLED_FIPS" = "xyes"
|
|
then
|
|
POLY1305_DEFAULT=no
|
|
fi
|
|
|
|
# POLY1305
|
|
AC_ARG_ENABLE([poly1305],
|
|
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
|
|
[ ENABLED_POLY1305=$enableval ],
|
|
[ ENABLED_POLY1305=$POLY1305_DEFAULT]
|
|
)
|
|
|
|
# leanpsk and leantls don't need poly1305
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
ENABLED_POLY1305=no
|
|
fi
|
|
|
|
if test "$ENABLED_POLY1305" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305"
|
|
fi
|
|
|
|
|
|
# set CHACHA default
|
|
CHACHA_DEFAULT=yes
|
|
|
|
if test "x$ENABLED_FIPS" = "xyes"
|
|
then
|
|
CHACHA_DEFAULT=no
|
|
fi
|
|
|
|
# CHACHA
|
|
AC_ARG_ENABLE([chacha],
|
|
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable asm speedups])],
|
|
[ ENABLED_CHACHA=$enableval ],
|
|
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
|
|
)
|
|
|
|
# leanpsk and leantls don't need chacha
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
ENABLED_CHACHA=no
|
|
fi
|
|
|
|
if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
|
|
fi
|
|
|
|
if test "$ENABLED_CHACHA" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CHACHA"
|
|
fi
|
|
|
|
|
|
# XCHACHA
|
|
AC_ARG_ENABLE([xchacha],
|
|
[AS_HELP_STRING([--enable-xchacha],[Enable XCHACHA (default: disabled).])],
|
|
[ ENABLED_XCHACHA=$enableval ],
|
|
[ ENABLED_XCHACHA=no]
|
|
)
|
|
|
|
if test "$ENABLED_XCHACHA" = "yes"
|
|
then
|
|
if test "$ENABLED_CHACHA" = "no"
|
|
then
|
|
AC_MSG_ERROR([XChaCha (--enable-xchacha) depends on ChaCha (--enable-chacha)])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_XCHACHA"
|
|
fi
|
|
|
|
# ASCON
|
|
AC_ARG_ENABLE([ascon],
|
|
[AS_HELP_STRING([--enable-ascon],[Enable ASCON (default: disabled).])],
|
|
[ ENABLED_ASCON=$enableval ],
|
|
[ ENABLED_ASCON=no]
|
|
)
|
|
|
|
if test "$ENABLED_ASCON" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ASCON"
|
|
fi
|
|
|
|
# PUF
|
|
AC_ARG_ENABLE([puf],
|
|
[AS_HELP_STRING([--enable-puf],[Enable SRAM PUF support (default: disabled)])],
|
|
[ ENABLED_PUF=$enableval ],
|
|
[ ENABLED_PUF=no ]
|
|
)
|
|
|
|
if test "$ENABLED_PUF" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUF -DWOLFSSL_PUF_SRAM"
|
|
AS_IF([test "$ENABLED_HKDF" != "yes"],
|
|
[ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
|
|
fi
|
|
|
|
# PUF test mode
|
|
AC_ARG_ENABLE([puf-test],
|
|
[AS_HELP_STRING([--enable-puf-test],[Enable PUF test mode with synthetic data (default: disabled)])],
|
|
[ ENABLED_PUF_TEST=$enableval ],
|
|
[ ENABLED_PUF_TEST=no ]
|
|
)
|
|
|
|
if test "$ENABLED_PUF_TEST" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUF_TEST"
|
|
fi
|
|
|
|
# Hash DRBG (master switch for all Hash DRBGs)
|
|
AC_ARG_ENABLE([hashdrbg],
|
|
[AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])],
|
|
[ ENABLED_HASHDRBG=$enableval ],
|
|
[ ENABLED_HASHDRBG=yes ]
|
|
)
|
|
|
|
# If hashdrbg is explicitly disabled, force both sub-options off
|
|
if test "x$ENABLED_HASHDRBG" = "xno"
|
|
then
|
|
ENABLED_SHA256_DRBG=no
|
|
ENABLED_SHA512_DRBG=no
|
|
fi
|
|
|
|
# If both sub-options are off, treat hashdrbg as off
|
|
if test "x$ENABLED_SHA256_DRBG" != "xyes" && test "x$ENABLED_SHA512_DRBG" != "xyes"
|
|
then
|
|
ENABLED_HASHDRBG=no
|
|
fi
|
|
|
|
# FIPS override: Hash DRBG is mandatory
|
|
if test "$ENABLED_HASHDRBG" != "yes" && test "$ENABLED_FIPS" = "yes" &&
|
|
test "$FIPS_VERSION" != "dev" && test "$ENABLED_KCAPI" = "no"
|
|
then
|
|
if test "$enable_hashdrbg" = "no"
|
|
then
|
|
AC_MSG_WARN([SHA256-DRBG required in FIPS build])
|
|
fi
|
|
ENABLED_HASHDRBG=yes
|
|
ENABLED_SHA256_DRBG=yes
|
|
fi
|
|
|
|
# SHA-512 DRBG and runtime DRBG disable/enable APIs are v7+ only
|
|
if test "x$ENABLED_FIPS" = "xyes" && test $HAVE_FIPS_VERSION -lt 7
|
|
then
|
|
ENABLED_SHA512_DRBG=no
|
|
fi
|
|
|
|
# Set Hash DRBG compiler flags
|
|
if test "x$ENABLED_HASHDRBG" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
|
|
if test "x$ENABLED_SHA256_DRBG" != "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHA256_DRBG"
|
|
fi
|
|
if test "x$ENABLED_SHA512_DRBG" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DRBG_SHA512"
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
|
|
fi
|
|
|
|
|
|
# MemUse Entropy (AKA wolfEntropy)
|
|
if test "x$ENABLED_ENTROPY_MEMUSE" != "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ENTROPY_MEMUSE"
|
|
enable_sha3=yes
|
|
|
|
for v in `echo $ENABLED_ENTROPY_MEMUSE | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
;;
|
|
thread)
|
|
AM_CFLAGS="$AM_CFLAGS -DENTROPY_MEMUSE_THREAD"
|
|
;;
|
|
nofallback)
|
|
AM_CFLAGS="$AM_CFLAGS -DENTROPY_MEMUSE_FORCE_FAILURE"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid MemUse Entropy option. Valid are: thread, nofallback. Seen: $ENABLED_ENTROPY_MEMUSE.])
|
|
break;;
|
|
esac
|
|
done
|
|
fi
|
|
|
|
if (test "$ENABLED_RNG" = "yes" && test "$ENABLED_ENTROPY_MEMUSE" != "no") || test "$ENABLED_BENCHMARK" = "yes"
|
|
then
|
|
AC_SEARCH_LIBS([clock_gettime],[rt])
|
|
fi
|
|
|
|
|
|
# Filesystem Build
|
|
if test "$HAVE_KERNEL_MODE" = "yes"
|
|
then
|
|
ENABLED_FILESYSTEM_DEFAULT=no
|
|
else
|
|
ENABLED_FILESYSTEM_DEFAULT=yes
|
|
fi
|
|
AC_ARG_ENABLE([filesystem],
|
|
[AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])],
|
|
[ ENABLED_FILESYSTEM=$enableval ],
|
|
[ ENABLED_FILESYSTEM=$ENABLED_FILESYSTEM_DEFAULT ]
|
|
)
|
|
|
|
if test "$ENABLED_FILESYSTEM" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
|
|
else
|
|
# turn off filesystem if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LINUXKM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
|
|
ENABLED_FILESYSTEM=no
|
|
fi
|
|
fi
|
|
|
|
|
|
# C89 build
|
|
AC_ARG_ENABLE([c89],
|
|
[AS_HELP_STRING([--enable-c89],[Build with C89 toolchain (default: disabled)])],
|
|
[ ENABLED_C89=$enableval ],
|
|
[ ENABLED_C89=no ]
|
|
)
|
|
|
|
if test "$ENABLED_C89" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_C89"
|
|
test "$enable_inline" = "" && enable_inline=no
|
|
fi
|
|
|
|
# inline Build
|
|
AC_ARG_ENABLE([inline],
|
|
[AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
|
|
[ ENABLED_INLINE=$enableval ],
|
|
[ ENABLED_INLINE=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_INLINE" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
|
|
fi
|
|
|
|
|
|
# OCSP
|
|
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
|
|
test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
|
|
then
|
|
test "$enable_ocsp" = "" && enable_ocsp=yes
|
|
fi
|
|
|
|
AC_ARG_ENABLE([ocsp],
|
|
[AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
|
|
[ ENABLED_OCSP=$enableval ],
|
|
[ ENABLED_OCSP=no ]
|
|
)
|
|
|
|
|
|
# Certificate Status Request : a.k.a. OCSP Stapling
|
|
AC_ARG_ENABLE([ocspstapling],
|
|
[AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling ((options: yes, no-multi, no, disabled default: disabled)])],
|
|
[ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
|
|
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
|
|
)
|
|
AS_CASE([$ENABLED_CERTIFICATE_STATUS_REQUEST],
|
|
[no],[
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST="no"
|
|
ENABLED_TLS_OCSP_MULTI="no"
|
|
],
|
|
[disabled],[
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST="no"
|
|
ENABLED_TLS_OCSP_MULTI="no"
|
|
],
|
|
[yes],[
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
|
|
ENABLED_TLS_OCSP_MULTI="yes"
|
|
],
|
|
[no-multi],[
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
|
|
ENABLED_TLS_OCSP_MULTI="no"
|
|
])
|
|
|
|
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \
|
|
test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \
|
|
test "x$ENABLED_MOSQUITTO" = "xyes"
|
|
then
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
|
|
|
|
# Requires OCSP make sure on
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
fi
|
|
|
|
|
|
# Certificate Status Request v2 : a.k.a. OCSP stapling v2
|
|
AC_ARG_ENABLE([ocspstapling2],
|
|
[AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
|
|
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
|
|
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
|
|
then
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
|
|
|
|
# Requires OCSP make sure on
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
fi
|
|
|
|
|
|
AC_ARG_ENABLE([ocsp-responder],
|
|
[AS_HELP_STRING([--enable-ocsp-responder],[Enable OCSP Responder (default: disabled)])],
|
|
[ ENABLED_OCSP_RESPONDER=$enableval ],
|
|
[ ENABLED_OCSP_RESPONDER=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_OCSP_RESPONDER" = "xyes"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
ENABLED_CERTGEN="yes"
|
|
fi
|
|
|
|
# CRL
|
|
AC_ARG_ENABLE([crl],
|
|
[AS_HELP_STRING([--enable-crl],[Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)])],
|
|
[ ENABLED_CRL=$enableval ],
|
|
[ ENABLED_CRL=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || \
|
|
test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" || \
|
|
test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
|
|
test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes" || \
|
|
test "x$ENABLED_MOSQUITTO" = "xyes"
|
|
then
|
|
ENABLED_CRL=yes
|
|
fi
|
|
|
|
if test "$ENABLED_CRL" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
|
fi
|
|
if test "$ENABLED_CRL" = "io"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO"
|
|
fi
|
|
|
|
|
|
# CRL Monitor
|
|
AC_ARG_ENABLE([crl-monitor],
|
|
[AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])],
|
|
[ ENABLED_CRL_MONITOR=$enableval ],
|
|
[ ENABLED_CRL_MONITOR=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CRL_MONITOR" = "yes"
|
|
then
|
|
case $host_os in
|
|
*linux* | *darwin* | *freebsd*)
|
|
if test "x$ENABLED_SINGLETHREADED" = "xno"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
|
|
else
|
|
ENABLED_CRL_MONITOR="no"
|
|
AC_MSG_ERROR([crl monitor requires threading / pthread])
|
|
fi
|
|
;;
|
|
*)
|
|
if test "x$ENABLED_DISTRO" = "xyes" ; then
|
|
ENABLED_CRL_MONITOR="no"
|
|
else
|
|
AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
|
|
fi
|
|
break;;
|
|
esac
|
|
fi
|
|
|
|
# Whitewood netRandom client library
|
|
ENABLED_WNR="no"
|
|
trywnrdir=""
|
|
AC_ARG_WITH([wnr],
|
|
[AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
|
|
[
|
|
AC_MSG_CHECKING([for Whitewood netRandom])
|
|
LIBS="$LIBS -lwnr"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
|
|
|
|
if test "x$wnr_linked" = "xno" ; then
|
|
if test "x$withval" != "xno" ; then
|
|
trywnrdir=$withval
|
|
fi
|
|
if test "x$withval" = "xyes" ; then
|
|
trywnrdir="/usr/local"
|
|
fi
|
|
|
|
CPPFLAGS="$AM_CPPFLAGS -DHAVE_WNR -I$trywnrdir/include"
|
|
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
|
|
|
|
if test "x$wnr_linked" = "xno" ; then
|
|
AC_MSG_ERROR([Whitewood netRandom isn't found.
|
|
If it's already installed, specify its path using --with-wnr=/dir/])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
AM_CPPFLAGS="$CPPFLAGS"
|
|
AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
|
|
else
|
|
AC_MSG_RESULT([yes])
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
|
|
ENABLED_WNR="yes"
|
|
]
|
|
)
|
|
|
|
|
|
# SNI
|
|
# enable SNI automatically for x86_64/x86/aarch64/amd64
|
|
SNI_DEFAULT=no
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "x86" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
|
|
then
|
|
SNI_DEFAULT=yes
|
|
fi
|
|
|
|
if test "$ENABLED_TLS" = "no"
|
|
then
|
|
SNI_DEFAULT=no
|
|
fi
|
|
|
|
AC_ARG_ENABLE([sni],
|
|
[AS_HELP_STRING([--enable-sni],[Enable SNI (default: enabled on x86_64/x86/aarch64/amd64)])],
|
|
[ ENABLED_SNI=$enableval ],
|
|
[ ENABLED_SNI=$SNI_DEFAULT ]
|
|
)
|
|
if test "x$ENABLED_QT" = "xyes" || test "$ENABLED_QUIC" = "yes"
|
|
then
|
|
ENABLED_SNI="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_SNI" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
|
|
fi
|
|
|
|
# Maximum Fragment Length
|
|
AC_ARG_ENABLE([maxfragment],
|
|
[AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])],
|
|
[ ENABLED_MAX_FRAGMENT=$enableval ],
|
|
[ ENABLED_MAX_FRAGMENT=no ]
|
|
)
|
|
|
|
# ALPN
|
|
AC_ARG_ENABLE([alpn],
|
|
[AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])],
|
|
[ ENABLED_ALPN=$enableval ],
|
|
[ ENABLED_ALPN=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BIND" = "yes"
|
|
then
|
|
ENABLED_ALPN=yes
|
|
fi
|
|
|
|
if test "$ENABLED_QUIC" = "yes"
|
|
then
|
|
ENABLED_ALPN=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_ALPN" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
|
|
fi
|
|
|
|
# Maximum Fragment Length
|
|
if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
|
|
fi
|
|
|
|
# Trusted CA Indication Extension
|
|
AC_ARG_ENABLE([trustedca],
|
|
[AS_HELP_STRING([--enable-trustedca],[Enable Trusted CA Indication (default: disabled)])],
|
|
[ ENABLED_TRUSTED_CA=$enableval ],[ ENABLED_TRUSTED_CA=no ])
|
|
|
|
AS_IF([test "x$ENABLED_TRUSTED_CA" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUSTED_CA"])
|
|
|
|
# Truncated HMAC
|
|
AC_ARG_ENABLE([truncatedhmac],
|
|
[AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])],
|
|
[ ENABLED_TRUNCATED_HMAC=$enableval ],
|
|
[ ENABLED_TRUNCATED_HMAC=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
|
|
fi
|
|
|
|
# Renegotiation Indication - (FAKE Secure Renegotiation)
|
|
# Client will send TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not supported
|
|
# with enabling secure renegotiation
|
|
AC_ARG_ENABLE([renegotiation-indication],
|
|
[AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication for client via empty cipher (default: disabled)])],
|
|
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
|
|
[ ENABLED_RENEGOTIATION_INDICATION=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
|
|
fi
|
|
|
|
# Secure Renegotiation
|
|
AC_ARG_ENABLE([secure-renegotiation],
|
|
[AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
|
|
[ ENABLED_SECURE_RENEGOTIATION=$enableval ],
|
|
[ ENABLED_SECURE_RENEGOTIATION=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_HAPROXY" = "xyes"
|
|
then
|
|
ENABLED_SECURE_RENEGOTIATION=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
|
|
then
|
|
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
|
|
then
|
|
AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
|
|
fi
|
|
|
|
# Secure Renegotiation Info
|
|
AC_ARG_ENABLE([secure-renegotiation-info],
|
|
[AS_HELP_STRING([--enable-secure-renegotiation-info],[Enable Secure Renegotiation info extension (default: enabled)])],
|
|
[ ENABLED_SECURE_RENEGOTIATION_INFO=$enableval ],
|
|
[ ENABLED_SECURE_RENEGOTIATION_INFO=yes ]
|
|
)
|
|
|
|
|
|
# Fallback SCSV
|
|
AC_ARG_ENABLE([fallback-scsv],
|
|
[AS_HELP_STRING([--enable-fallback-scsv],[Enable Fallback SCSV (default: disabled)])],
|
|
[ ENABLED_FALLBACK_SCSV=$enableval ],
|
|
[ ENABLED_FALLBACK_SCSV=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_FALLBACK_SCSV" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_FALLBACK_SCSV"
|
|
fi
|
|
|
|
# Exporting Keying Material
|
|
AC_ARG_ENABLE([keying-material],
|
|
[AS_HELP_STRING([--enable-keying-material],[Enable Keying Material Exporters (default: disabled)])],
|
|
[ ENABLED_KEYING_MATERIAL=$enableval ],
|
|
[ ENABLED_KEYING_MATERIAL=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CHRONY" = "yes" || test "$ENABLED_SRTP" = "yes"
|
|
then
|
|
ENABLED_KEYING_MATERIAL=yes
|
|
fi
|
|
if test "x$ENABLED_KEYING_MATERIAL" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL"
|
|
fi
|
|
|
|
# Supported Elliptic Curves Extensions
|
|
AC_ARG_ENABLE([supportedcurves],
|
|
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
|
|
[ENABLED_SUPPORTED_CURVES=$enableval],
|
|
[ENABLED_SUPPORTED_CURVES=yes])
|
|
|
|
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
|
|
then
|
|
AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno"],
|
|
[ENABLED_SUPPORTED_CURVES=no],
|
|
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
|
|
fi
|
|
|
|
# Diffie-Hellman
|
|
if test "$ENABLED_DH" != "no"
|
|
then
|
|
if test "$ENABLED_TLS13" = "yes" || test "$ENABLED_SUPPORTED_CURVES" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048"
|
|
fi
|
|
fi
|
|
|
|
# FFDHE parameters only
|
|
AC_ARG_ENABLE([ffdhe-only],
|
|
[AS_HELP_STRING([--enable-ffdhe-only],[Enable using only FFDHE in client (default: disabled)])],
|
|
[ ENABLED_FFDHE_ONLY=$enableval ],
|
|
[ ENABLED_FFDHE_ONLY=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_FFDHE_ONLY" = "xyes"
|
|
then
|
|
if test "$ENABLED_DH" = "no"
|
|
then
|
|
AC_MSG_ERROR([FFDHE only support requires DH support])
|
|
fi
|
|
if test "$ENABLED_SUPPORTED_CURVES" = "no"
|
|
then
|
|
AC_MSG_ERROR([FFDHE only support requires Supported Curves extension])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
|
|
fi
|
|
|
|
# TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448 or ML-KEM
|
|
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ECC" = "xno" && \
|
|
(test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \
|
|
(test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \
|
|
(test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno") && \
|
|
test "x$ENABLED_MLKEM" = "xno"
|
|
then
|
|
# disable TLS 1.3
|
|
ENABLED_TLS13=no
|
|
fi
|
|
# DTLSv1.3 cannot survive a downgrade of TLS 1.3.
|
|
if test "x$ENABLED_DTLS13" = "xyes" && test "x$ENABLED_TLS13" = "xno"
|
|
then
|
|
AC_MSG_ERROR([--enable-dtls13 requires TLS 1.3, but TLS 1.3 was disabled by an earlier prerequisite check (no key-exchange or signature algorithms reachable). Enable at least one of ECC, RSA+DH, Curve25519+Ed25519, Curve448+Ed448, PSK, or ML-KEM.])
|
|
fi
|
|
if test "$ENABLED_TLS13" = "yes" && (test "x$ENABLED_ECC" = "xyes" || \
|
|
test "$ENABLED_DH" != "no" || test "x$ENABLED_MLKEM" = "xyes")
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"
|
|
fi
|
|
if test "$ENABLED_TLS13" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS"
|
|
fi
|
|
|
|
|
|
# Session Ticket Extension
|
|
AC_ARG_ENABLE([session-ticket],
|
|
[AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
|
|
[ ENABLED_SESSION_TICKET=$enableval ],
|
|
[ ENABLED_SESSION_TICKET=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
|
|
then
|
|
ENABLED_SESSION_TICKET=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_SESSION_TICKET" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
|
|
fi
|
|
|
|
AC_ARG_ENABLE([ticket-nonce-malloc],
|
|
[AS_HELP_STRING([--enable-ticket-nonce-malloc], [Enable dynamic allocation of ticket nonces (default: disabled)])],
|
|
[ ENABLED_TICKET_NONCE_MALLOC=$enableval ],
|
|
[ ENABLED_TICKET_NONCE_MALLOC=no_implicit ]
|
|
)
|
|
|
|
if test "$ENABLED_TICKET_NONCE_MALLOC" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_NONCE_MALLOC"
|
|
fi
|
|
|
|
# Extended Master Secret Extension
|
|
AC_ARG_ENABLE([extended-master],
|
|
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
|
|
[ ENABLED_EXTENDED_MASTER=$enableval ],
|
|
[ ENABLED_EXTENDED_MASTER=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_CRYPTONLY" = "yes"
|
|
then
|
|
ENABLED_EXTENDED_MASTER=no
|
|
fi
|
|
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
|
|
fi
|
|
|
|
# TLS Extensions
|
|
AC_ARG_ENABLE([tlsx],
|
|
[AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])],
|
|
[ ENABLED_TLSX=$enableval ],
|
|
[ ENABLED_TLSX=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_CHRONY" = "yes"
|
|
then
|
|
ENABLED_TLSX=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_TLSX" = "xyes"
|
|
then
|
|
ENABLED_SNI=yes
|
|
ENABLED_MAX_FRAGMENT=yes
|
|
ENABLED_TRUNCATED_HMAC=yes
|
|
ENABLED_ALPN=yes
|
|
ENABLED_TRUSTED_CA=yes
|
|
ENABLED_ENCRYPT_THEN_MAC=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
|
|
# Check the ECC supported curves prereq
|
|
AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
|
|
[ENABLED_SUPPORTED_CURVES=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
|
|
fi
|
|
|
|
# Early Data handshake in TLS v1.3 and above
|
|
AC_ARG_ENABLE([earlydata],
|
|
[AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])],
|
|
[ ENABLED_TLS13_EARLY_DATA=$enableval ],
|
|
[ ENABLED_TLS13_EARLY_DATA=no ]
|
|
)
|
|
|
|
if test "$ENABLED_TLS13_EARLY_DATA" = "group"
|
|
then
|
|
ENABLED_TLS13_EARLY_DATA="yes"
|
|
# Group EarlyData with ClientHello
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA_GROUP"
|
|
fi
|
|
if test "$ENABLED_TLS13_EARLY_DATA" = "yes"
|
|
then
|
|
if test "x$ENABLED_TLS13" = "xno" && test "x$ENABLED_ALL" = "xno"
|
|
then
|
|
AC_MSG_ERROR([cannot enable earlydata without enabling tls13.])
|
|
fi
|
|
if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno"
|
|
then
|
|
AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
|
|
fi
|
|
if test "x$ENABLED_TLS13" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_TLSV12" = "no" && test "$ENABLED_TLS13" = "yes" && test "x$ENABLED_SESSION_TICKET" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE"
|
|
fi
|
|
|
|
# PKCS7
|
|
AC_ARG_ENABLE([pkcs7],
|
|
[AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
|
|
[ ENABLED_PKCS7=$enableval ],
|
|
[ ENABLED_PKCS7=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_WPAS_DPP" = "xyes"
|
|
then
|
|
ENABLED_PKCS7=yes
|
|
fi
|
|
|
|
# wolfSSH Options
|
|
AC_ARG_ENABLE([wolfssh],
|
|
[AS_HELP_STRING([--enable-wolfssh],[Enable wolfSSH options (default: disabled)])],
|
|
[ ENABLED_WOLFSSH=$enableval ],
|
|
[ ENABLED_WOLFSSH=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([ssh],
|
|
[AS_HELP_STRING([--enable-ssh],[Enable wolfSSH options (default: disabled)])],
|
|
[ ENABLED_SSH=$enableval ],
|
|
[ ENABLED_SSH=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SSH" = "xyes"
|
|
then
|
|
ENABLED_WOLFSSH="yes"
|
|
fi
|
|
|
|
# wolfTPM Options
|
|
AC_ARG_ENABLE([wolftpm],
|
|
[AS_HELP_STRING([--enable-wolftpm],[Enable wolfTPM options (default: disabled)])],
|
|
[ ENABLED_WOLFTPM=$enableval ],
|
|
[ ENABLED_WOLFTPM=no ]
|
|
)
|
|
|
|
# wolfCLU Options
|
|
AC_ARG_ENABLE([wolfclu],
|
|
[AS_HELP_STRING([--enable-wolfclu],[Enable wolfCLU options (default: disabled)])],
|
|
[ ENABLED_WOLFCLU=$enableval ],
|
|
[ ENABLED_WOLFCLU=no ]
|
|
)
|
|
|
|
|
|
if test "x$ENABLED_WOLFTPM" = "xyes"
|
|
then
|
|
# Requires cryptocb (set in its enable section)
|
|
# Requires certgen, certreq, certext
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
|
fi
|
|
|
|
# Requires PKCS7
|
|
if test "x$ENABLED_PKCS7" = "xno"
|
|
then
|
|
ENABLED_PKCS7="yes"
|
|
fi
|
|
|
|
# Requires aescfb
|
|
if test "x$ENABLED_AESCFB" = "xno"
|
|
then
|
|
ENABLED_AESCFB="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
|
|
fi
|
|
|
|
# Requires public mp_
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
|
|
|
|
# Requires allowing CA:FALSE in BasicConstraints
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_ENCODING_CA_FALSE"
|
|
fi
|
|
|
|
if test "x$ENABLED_SMIME" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SMIME"
|
|
# Requires PKCS7
|
|
if test "x$ENABLED_PKCS7" = "xno"
|
|
then
|
|
ENABLED_PKCS7="yes"
|
|
fi
|
|
fi
|
|
|
|
# Simple Certificate Enrollment Protocol (SCEP)
|
|
AC_ARG_ENABLE([scep],
|
|
[AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])],
|
|
[ ENABLED_WOLFSCEP=$enableval ],
|
|
[ ENABLED_WOLFSCEP=no ]
|
|
)
|
|
|
|
|
|
# Secure Remote Password
|
|
AC_ARG_ENABLE([srp],
|
|
[AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])],
|
|
[ ENABLED_SRP=$enableval ],
|
|
[ ENABLED_SRP=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SRP" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
|
|
fi
|
|
|
|
|
|
# Indefinite length encoded BER message support
|
|
AC_ARG_ENABLE([indef],
|
|
[AS_HELP_STRING([--enable-indef],[Enable parsing of indefinite length encoded msgs (default: disabled)])],
|
|
[ ENABLED_BER_INDEF=$enableval ],
|
|
[ ENABLED_BER_INDEF=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_BER_INDEF" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER"
|
|
fi
|
|
|
|
# Alternate certification chains, as opposed to requiring full chain validation.
|
|
# Certificate validation behavior is relaxed, similar to openssl and
|
|
# browsers. Only the peer certificate must validate to a trusted
|
|
# certificate. Without this, all certificates sent by a peer must be
|
|
# used in the trust chain or the connection will be rejected.
|
|
AC_ARG_ENABLE([altcertchains],
|
|
[AS_HELP_STRING([--enable-altcertchains],[Enable using alternative certificate chains, only require leaf certificate to validate to trust root (default: disabled)])],
|
|
[ ENABLED_ALT_CERT_CHAINS=$enableval ],
|
|
[ ENABLED_ALT_CERT_CHAINS=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_ALT_CERT_CHAINS" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
|
|
fi
|
|
|
|
# Small Stack - Cache on object
|
|
if test "$KERNEL_MODE_DEFAULTS" = "yes"
|
|
then
|
|
ENABLED_SMALL_STACK_CACHE_DEFAULT=yes
|
|
else
|
|
ENABLED_SMALL_STACK_CACHE_DEFAULT=no
|
|
fi
|
|
AC_ARG_ENABLE([smallstackcache],
|
|
[AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])],
|
|
[ ENABLED_SMALL_STACK_CACHE=$enableval ],
|
|
[ ENABLED_SMALL_STACK_CACHE=$ENABLED_SMALL_STACK_CACHE_DEFAULT ]
|
|
)
|
|
|
|
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK_CACHE"
|
|
fi
|
|
|
|
# Small Stack
|
|
if test "$KERNEL_MODE_DEFAULTS" = "yes"
|
|
then
|
|
ENABLED_SMALL_STACK_DEFAULT=yes
|
|
else
|
|
ENABLED_SMALL_STACK_DEFAULT=no
|
|
fi
|
|
AC_ARG_ENABLE([smallstack],
|
|
[AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])],
|
|
[ ENABLED_SMALL_STACK=$enableval ],
|
|
[ ENABLED_SMALL_STACK=$ENABLED_SMALL_STACK_DEFAULT ]
|
|
)
|
|
|
|
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
|
|
then
|
|
ENABLED_SMALL_STACK=yes
|
|
fi
|
|
if test "x$ENABLED_SMALL_STACK" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
|
|
fi
|
|
|
|
|
|
#valgrind
|
|
AC_ARG_ENABLE([valgrind],
|
|
[AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])],
|
|
[ ENABLED_VALGRIND=$enableval ],
|
|
[ ENABLED_VALGRIND=no ]
|
|
)
|
|
|
|
if test "$ENABLED_VALGRIND" = "yes"
|
|
then
|
|
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
|
|
|
|
if test "$HAVE_VALGRIND" = "no"
|
|
then
|
|
AC_MSG_ERROR([Valgrind not found.])
|
|
fi
|
|
enable_shared=no
|
|
enable_static=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
|
|
fi
|
|
|
|
|
|
# Test certs, use internal cert functions for extra testing
|
|
AC_ARG_ENABLE([testcert],
|
|
[AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])],
|
|
[ ENABLED_TESTCERT=$enableval ],
|
|
[ ENABLED_TESTCERT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_TESTCERT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
|
|
fi
|
|
|
|
|
|
# I/O Pool, an example to show user how to override memory handler and use
|
|
# a pool for the input/output buffer requests
|
|
AC_ARG_ENABLE([iopool],
|
|
[AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])],
|
|
[ ENABLED_IOPOOL=$enableval ],
|
|
[ ENABLED_IOPOOL=no ]
|
|
)
|
|
|
|
if test "$ENABLED_IOPOOL" = "yes"
|
|
then
|
|
if test "$thread_ls_on" = "no"
|
|
then
|
|
AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
|
|
fi
|
|
|
|
# Certificate Service Support
|
|
if test "$ENABLED_CERT_SERVICE" = "yes"
|
|
then
|
|
# Requires ecc,certgen, and opensslextra make sure on
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
if test "x$ENABLED_ECC" = "xno"
|
|
then
|
|
ENABLED_ECC="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
|
|
|
|
if test "$ENABLED_ECC_SHAMIR" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
|
|
fi
|
|
fi
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
|
|
fi
|
|
|
|
|
|
# wolfSSL JNI
|
|
AC_ARG_ENABLE([jni],
|
|
[AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])],
|
|
[ ENABLED_JNI=$enableval ],
|
|
[ ENABLED_JNI=no ]
|
|
)
|
|
if test "$ENABLED_JNI" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
|
|
|
|
# Enable openssl compat layer AES-CTS to maintain FIPS compatibility
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CTS"
|
|
|
|
# Enable prereqs if not already enabled
|
|
if test "x$ENABLED_DTLS" = "xno"
|
|
then
|
|
ENABLED_DTLS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
|
|
fi
|
|
|
|
if test "x$ENABLED_DTLS13" = "xno"
|
|
then
|
|
ENABLED_DTLS13="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS13 -DWOLFSSL_W64_WRAPPER"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_DROP_STATS"
|
|
if test "x$ENABLED_SEND_HRR_COOKIE" = "xundefined"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
|
|
ENABLED_SEND_HRR_COOKIE="yes"
|
|
fi
|
|
if test "x$ENABLED_MLKEM" != "xno" && test "x$ENABLED_DTLS_CH_FRAG" != "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG"
|
|
ENABLED_DTLS_CH_FRAG="yes"
|
|
fi
|
|
if test "x$ENABLED_AES" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
fi
|
|
|
|
if test "x$ENABLED_DTLS_MTU" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU"
|
|
fi
|
|
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
if test "x$ENABLED_OPENSSLALL" = "xno"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL"
|
|
fi
|
|
if test "x$ENABLED_CRL" = "xno"
|
|
then
|
|
ENABLED_CRL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
|
fi
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
|
|
then
|
|
ENABLED_CRL_MONITOR="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
|
|
fi
|
|
if test "x$ENABLED_SAVESESSION" = "xno"
|
|
then
|
|
ENABLED_SAVESESSION="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
|
|
fi
|
|
if test "x$ENABLED_SAVECERT" = "xno"
|
|
then
|
|
ENABLED_SAVECERT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
|
|
fi
|
|
if test "x$ENABLED_ATOMICUSER" = "xno"
|
|
then
|
|
ENABLED_ATOMICUSER="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
|
|
fi
|
|
if test "x$ENABLED_ECC" = "xno"
|
|
then
|
|
ENABLED_ECC="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
|
|
|
|
if test "$ENABLED_ECC_SHAMIR" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
|
|
fi
|
|
fi
|
|
# Do not enable PK Callbacks in FIPS mode with JNI
|
|
if test "x$ENABLED_PKCALLBACKS" = "xno" && test "$ENABLED_FIPS" = "no"
|
|
then
|
|
ENABLED_PKCALLBACKS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
|
|
fi
|
|
if test "x$ENABLED_DH" = "xno"
|
|
then
|
|
ENABLED_DH="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
|
|
fi
|
|
if test "x$ENABLED_PSK" = "xno"
|
|
then
|
|
ENABLED_PSK="yes"
|
|
fi
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
|
fi
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
# wolfCrypt JNI/JCE uses keygen, enable by default here so
|
|
# both JCE and JSSE builds can use --enable-jni
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
if test "x$ENABLED_SNI" = "xno"
|
|
then
|
|
ENABLED_SNI="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
|
|
fi
|
|
if test "x$ENABLED_ALPN" = "xno"
|
|
then
|
|
ENABLED_ALPN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ALPN"
|
|
fi
|
|
if test "x$ENABLED_ALT_CERT_CHAINS" = "xno"
|
|
then
|
|
ENABLED_ALT_CERT_CHAINS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
|
|
fi
|
|
|
|
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
|
then
|
|
ENABLED_SESSIONCERTS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
# cert gen requires alt names
|
|
ENABLED_ALTNAMES="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_LIGHTY" = "yes"
|
|
then
|
|
# Requires opensslextra make sure on
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
# recommended if building wolfSSL specifically for use by lighttpd
|
|
if test "x$ENABLED_ALL" = "xno"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_COMP"
|
|
if test "x$ENABLED_SSLV3" = "xno"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3"
|
|
if test "x$ENABLED_TLSV10" = "xno"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
|
|
ENABLED_OLD_TLS=no
|
|
fi
|
|
fi
|
|
if test "x$ENABLED_CRL_MONITOR" = "xno"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED"
|
|
ENABLED_SINGLETHREADED="yes"
|
|
fi
|
|
|
|
# w/ lighttpd 1.4.56 once wolfSSL updated to expose non-filesystem funcs
|
|
#AM_CFLAGS="$AM_CFLAGS -DNO_BIO"
|
|
#AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
|
|
#ENABLED_FILESYSTEM=no
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_NGINX" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX -DWOLFSSL_SIGNER_DER_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ERROR_CODE_OPENSSL"
|
|
fi
|
|
|
|
if test "$ENABLED_HAPROXY" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY -DOPENSSL_COMPATIBLE_DEFAULTS"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT -DWOLFSSL_KEEP_RNG_SEED_FD_OPEN"
|
|
# --enable-all defines its own DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS
|
|
if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"
|
|
then
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
|
|
fi
|
|
# Requires opensslextra and opensslall
|
|
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
|
|
# Requires sessioncerts make sure on
|
|
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
|
then
|
|
ENABLED_SESSIONCERTS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
# Requires key gen make sure on
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_NETSNMP" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
|
|
if test "x$ENABLED_AESCFB" = "xno"
|
|
then
|
|
ENABLED_AESCFB="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
|
|
fi
|
|
|
|
if test "x$ENABLED_DTLS" = "xno"
|
|
then
|
|
ENABLED_DTLS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_KRB" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KRB -DWOLFSSL_AES_DIRECT"
|
|
AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"])
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
|
|
# Requires PKCS7
|
|
if test "x$ENABLED_PKCS7" = "xno"
|
|
then
|
|
ENABLED_PKCS7="yes"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_FFMPEG" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FFMPEG -DOPENSSL_COMPATIBLE_DEFAULTS"
|
|
fi
|
|
|
|
if test "$ENABLED_SIGNAL" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
|
|
# Requires opensslextra make sure on
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_BIND" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"
|
|
AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"])
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
|
|
ENABLED_SHA224="yes"
|
|
ENABLED_SHA384="yes"
|
|
ENABLED_SHA512="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_RSYSLOG" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSYSLOG -DWOLFSSL_ERROR_CODE_OPENSSL"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DOPENSSL_COMPATIBLE_DEFAULTS"
|
|
fi
|
|
|
|
if test "$ENABLED_OPENVPN" = "yes"
|
|
then
|
|
ENABLED_SUPPORTED_CURVES="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENVPN -DHAVE_KEYING_MATERIAL"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN"
|
|
AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"])
|
|
fi
|
|
|
|
if test "$ENABLED_HITCH" = "yes"
|
|
then
|
|
# Requires opensslextra make sure on
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
|
|
# Requires OCSP make sure on
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
|
|
# Requires ALPN
|
|
if test "x$ENABLED_ALPN" = "xno"
|
|
then
|
|
ENABLED_ALPN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
|
|
fi
|
|
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
|
|
# Requires sessioncerts make sure on
|
|
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
|
then
|
|
ENABLED_SESSIONCERTS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HITCH -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_CIPHER_INTERNALNAME"
|
|
fi
|
|
|
|
if test "$ENABLED_MEMCACHED" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_ID_CTX"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_MEMCACHED"
|
|
fi
|
|
|
|
|
|
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
|
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
|
|
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
|
|
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
|
|
test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
|
|
then
|
|
test "$enable_arc4" = "" && enable_arc4=yes
|
|
fi
|
|
|
|
if test "$ENABLED_ARC4" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
|
else
|
|
# turn off ARC4 if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
|
ENABLED_ARC4=no
|
|
fi
|
|
fi
|
|
|
|
# Asio Support
|
|
AC_ARG_ENABLE([asio],
|
|
[AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])],
|
|
[ ENABLED_ASIO=$enableval ],
|
|
[ ENABLED_ASIO=no ]
|
|
)
|
|
if test "$ENABLED_ASIO" = "yes"
|
|
then
|
|
# Requires opensslextra and opensslall
|
|
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
ENABLED_MD5="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN"
|
|
AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA"
|
|
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3"
|
|
if test "$ENABLED_TLSV10" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1"
|
|
fi
|
|
if test "$ENABLED_OLD_TLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_1"
|
|
fi
|
|
|
|
# Requires OCSP make sure on
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
fi
|
|
|
|
# Apache HTTPD
|
|
AC_ARG_ENABLE([apachehttpd],
|
|
[AS_HELP_STRING([--enable-apachehttpd],[Enable Apache httpd (default: disabled)])],
|
|
[ ENABLED_APACHE_HTTPD=$enableval ],
|
|
[ ENABLED_APACHE_HTTPD=no ]
|
|
)
|
|
if test "$ENABLED_APACHE_HTTPD" = "yes"
|
|
then
|
|
# Requires opensslextra and opensslall
|
|
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APACHE_HTTPD"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
|
|
|
|
# Requires OCSP make sure on
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
|
|
# Requires sessioncerts make sure on
|
|
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
|
then
|
|
ENABLED_SESSIONCERTS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
# Requires ALPN
|
|
if test "x$ENABLED_ALPN" = "xno"
|
|
then
|
|
ENABLED_ALPN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
|
|
fi
|
|
|
|
# Requires CRL
|
|
if test "x$ENABLED_CRL" = "xno"
|
|
then
|
|
ENABLED_CRL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
|
fi
|
|
|
|
# Requires Certificate Generation, Request and Extensions
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
|
fi
|
|
|
|
# Requires Secure Renegotiation
|
|
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
|
|
fi
|
|
fi
|
|
|
|
# Encrypt-Then-Mac
|
|
AC_ARG_ENABLE([enc-then-mac],
|
|
[AS_HELP_STRING([--enable-enc-then-mac],[Enable Encrypt-Then-Mac extension (default: enabled)])],
|
|
[ ENABLED_ENCRYPT_THEN_MAC=$enableval ],
|
|
[ ENABLED_ENCRYPT_THEN_MAC=yes ]
|
|
)
|
|
|
|
if test "x$ENABLED_TLSX" = "xyes"
|
|
then
|
|
ENABLED_ENCRYPT_THEN_MAC=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_ENCRYPT_THEN_MAC" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ENCRYPT_THEN_MAC"
|
|
fi
|
|
|
|
|
|
# stunnel Support
|
|
AC_ARG_ENABLE([stunnel],
|
|
[AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])],
|
|
[ ENABLED_STUNNEL=$enableval ],
|
|
[ ENABLED_STUNNEL=no ]
|
|
)
|
|
if test "$ENABLED_WPAS" = "yes"
|
|
then
|
|
ENABLED_STUNNEL="yes"
|
|
fi
|
|
# stunnel support requires all the features enabled within this conditional.
|
|
if test "$ENABLED_STUNNEL" = "yes"
|
|
then
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
|
|
if test "x$ENABLED_SESSION_TICKET" = "xno"
|
|
then
|
|
ENABLED_SESSION_TICKET="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SESSION_TICKET"
|
|
fi
|
|
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_CODING" = "xno"
|
|
then
|
|
ENABLED_CODING="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
|
then
|
|
ENABLED_SESSIONCERTS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
if test "x$ENABLED_CRL" = "xno"
|
|
then
|
|
ENABLED_CRL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
|
fi
|
|
|
|
if test "$ENABLED_DES3" = "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -lt 5)
|
|
then
|
|
ENABLED_DES3="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_TLSX" = "xno"
|
|
then
|
|
ENABLED_TLSX="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
|
|
|
|
# Check the ECC supported curves prereq
|
|
AS_IF([test "x$ENABLED_ECC" != "xno" || test "$ENABLED_CURVE25519" != "no"],
|
|
[ENABLED_SUPPORTED_CURVES=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
|
|
fi
|
|
|
|
if test "x$ENABLED_ECC" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
ENABLED_ECC="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
|
|
|
|
if test "$ENABLED_ECC_SHAMIR" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
|
|
fi
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
|
|
if test "x$ENABLED_MD5" = "xno"
|
|
then
|
|
ENABLED_MD5="yes"
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"
|
|
AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"])
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_TICKET_HAVE_ID"
|
|
fi
|
|
|
|
# curl Support
|
|
AC_ARG_ENABLE([curl],
|
|
[AS_HELP_STRING([--enable-curl],[Enable curl (default: disabled)])],
|
|
[ ENABLED_CURL=$enableval ],
|
|
[ ENABLED_CURL=no ]
|
|
)
|
|
# curl support requires all the features enabled within this conditional.
|
|
if test "$ENABLED_CURL" = "yes"
|
|
then
|
|
if test "$ENABLED_MD4" = "no"
|
|
then
|
|
ENABLED_MD4="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_DES3" = "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -lt 5)
|
|
then
|
|
ENABLED_DES3="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_ALPN" = "xno"
|
|
then
|
|
ENABLED_ALPN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ALPN"
|
|
fi
|
|
|
|
if test "x$ENABLED_EX_DATA" = "xno"
|
|
then
|
|
ENABLED_EX_DATA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
fi
|
|
|
|
if test "x$ENABLED_WOLFSSH" = "xno"
|
|
then
|
|
ENABLED_WOLFSSH="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_CRL" = "xno"
|
|
then
|
|
ENABLED_CRL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
|
fi
|
|
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xno"
|
|
then
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xno"
|
|
then
|
|
ENABLED_CERTIFICATE_STATUS_REQUEST_V2="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
|
|
fi
|
|
|
|
if test "x$ENABLED_SNI" = "xno"
|
|
then
|
|
ENABLED_SNI="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
|
|
fi
|
|
|
|
if test "x$ENABLED_ALT_CERT_CHAINS" = "xno"
|
|
then
|
|
ENABLED_ALT_CERT_CHAINS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
|
|
fi
|
|
|
|
if test "x$ENABLE_IP_ALT_NAME" = "xno"
|
|
then
|
|
ENABLE_IP_ALT_NAME="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
|
|
fi
|
|
|
|
if test "x$ENABLED_SESSION_TICKET" = "xno"
|
|
then
|
|
ENABLED_SESSION_TICKET="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
|
|
fi
|
|
|
|
# FTPS server requires pointer to session cache
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
|
|
|
|
AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"])
|
|
|
|
# support longer session ticket nonce
|
|
if test "$ENABLED_TICKET_NONCE_MALLOC" = "no_implicit"
|
|
then
|
|
ENABLED_TICKET_NONCE_MALLOC="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_NONCE_MALLOC"
|
|
fi
|
|
elif test "$ENABLED_CURL" = "tiny"
|
|
then
|
|
# basic config to support tiny-curl.
|
|
# OPENSSL_EXTRA_X509_SMALL is sufficient.
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="x509small"
|
|
fi
|
|
|
|
# expose a bit more compat API without full OPENSSL_EXTRA.
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURL"
|
|
|
|
# session cache is necessary, but can be small or micro.
|
|
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
|
|
fi
|
|
|
|
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
|
|
&& test "x$ENABLED_STUNNEL" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
|
|
fi
|
|
|
|
if test "$ENABLED_PSK" = "no" && \
|
|
(test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
|
|
then
|
|
ENABLED_PSK=yes
|
|
fi
|
|
|
|
# tcpdump support
|
|
AC_ARG_ENABLE([tcpdump],
|
|
[AS_HELP_STRING([--enable-tcpdump],[Enable tcpdump (default: disabled)])],
|
|
[ ENABLED_TCPDUMP=$enableval ],
|
|
[ ENABLED_TCPDUMP=no ]
|
|
)
|
|
# tcpdump support requires all the features enabled within this conditional.
|
|
if test "$ENABLED_TCPDUMP" = "yes"
|
|
then
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
|
|
if test "$ENABLED_DES3" = "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -lt 5)
|
|
then
|
|
ENABLED_DES3="yes"
|
|
fi
|
|
fi
|
|
|
|
# sblim-sfcb support
|
|
AC_ARG_ENABLE([sblim-sfcb],
|
|
[AS_HELP_STRING([--enable-sblim-sfcb],[Enable sblim-sfcb support (default: disabled)])],
|
|
[ ENABLED_SBLIM_SFCB=$enableval ],
|
|
[ ENABLED_SBLIM_SFCB=no ]
|
|
)
|
|
# sblim-sfcb support requires all the features enabled within this conditional.
|
|
if test "$ENABLED_SBLIM_SFCB" = "yes"
|
|
then
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SBLIM_SFCB -DWOLFSSL_SIGNER_DER_CERT"
|
|
fi
|
|
|
|
# libest Support
|
|
AC_ARG_ENABLE([libest],
|
|
[AS_HELP_STRING([--enable-libest],[Enable libest (default: disabled)])],
|
|
[ ENABLED_LIBEST=$enableval ],
|
|
[ ENABLED_LIBEST=no ]
|
|
)
|
|
|
|
if test "$ENABLED_LIBEST" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
|
|
|
|
# Requires opensslextra and opensslall
|
|
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING"
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"
|
|
fi
|
|
|
|
# Requires OCSP
|
|
if test "x$ENABLED_OCSP" = "xno"
|
|
then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
|
|
# Requires PKCS7
|
|
if test "x$ENABLED_PKCS7" = "xno"
|
|
then
|
|
ENABLED_PKCS7="yes"
|
|
fi
|
|
|
|
# Requires Certificate Generation and Request
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
|
fi
|
|
|
|
# Requires CRL
|
|
if test "x$ENABLED_CRL" = "xno"
|
|
then
|
|
ENABLED_CRL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
|
fi
|
|
|
|
if test "x$ENABLED_SRP" = "xno"
|
|
then
|
|
ENABLED_SRP="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
|
|
fi
|
|
|
|
# Enable prereqs if not already enabled
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
|
|
# Requires sessioncerts make sure on
|
|
if test "x$ENABLED_SESSIONCERTS" = "xno"
|
|
then
|
|
ENABLED_SESSIONCERTS="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
if test "x$ENABLED_DSA" = "xno"
|
|
then
|
|
AC_MSG_WARN([Enabling DSA with --enable-dsa is recommended for libest])
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_MD4" = "no"
|
|
then
|
|
#turn on MD4 if using stunnel
|
|
if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_KRB" = "xyes"
|
|
then
|
|
ENABLED_MD4="yes"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
|
|
fi
|
|
fi
|
|
|
|
|
|
# Encrypted keys
|
|
AC_ARG_ENABLE([enckeys],
|
|
[AS_HELP_STRING([--enable-enckeys],[Enable PEM encrypted private key support (default: disabled)])],
|
|
[ ENABLED_ENCKEYS=$enableval ],
|
|
[ ENABLED_ENCKEYS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_WPAS" != "no"
|
|
then
|
|
ENABLED_ENCKEYS=yes
|
|
fi
|
|
|
|
if test "$ENABLED_ENCKEYS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ENCRYPTED_KEYS"
|
|
fi
|
|
|
|
|
|
# PKCS#12
|
|
# set PKCS#12 default
|
|
PKCS12_DEFAULT=yes
|
|
if test "$ENABLED_ASN" = "no" || test "$FIPS_VERSION" = "rand"
|
|
then
|
|
PKCS12_DEFAULT=no
|
|
fi
|
|
AC_ARG_ENABLE([pkcs12],
|
|
[AS_HELP_STRING([--enable-pkcs12],[Enable pkcs12 (default: enabled)])],
|
|
[ ENABLED_PKCS12=$enableval ],
|
|
[ ENABLED_PKCS12=$PKCS12_DEFAULT ]
|
|
)
|
|
|
|
if test "x$ENABLED_PKCS12" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_PKCS12"
|
|
fi
|
|
|
|
# PWDBASED has to come after certservice since we want it on w/o explicit on
|
|
if test "$ENABLED_PWDBASED" = "no"
|
|
then
|
|
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \
|
|
test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" || \
|
|
test "$ENABLED_PKCS12" = "yes"
|
|
then
|
|
# opensslextra, opensslall, webserver, enckeys and pkcs12 need pwdbased
|
|
ENABLED_PWDBASED=yes
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
|
|
fi
|
|
fi
|
|
|
|
|
|
AC_ARG_ENABLE([scrypt],
|
|
[AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])],
|
|
[ ENABLED_SCRYPT=$enableval ],
|
|
[ ENABLED_SCRYPT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SCRYPT" = "yes"
|
|
then
|
|
if test "$ENABLED_PWDBASED" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
|
|
fi
|
|
|
|
|
|
# wolfCrypt Only Build
|
|
if test "$ENABLED_CRYPTONLY" = "yes"
|
|
then
|
|
if test "$ENABLED_OPENSSLALL" = "yes"
|
|
then
|
|
AC_MSG_ERROR([cryptonly and opensslall are mutually incompatible.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
|
|
fi
|
|
|
|
if test "x$ENABLED_CRYPTONLY" = "xno"
|
|
then
|
|
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
|
|
then
|
|
AC_MSG_ERROR([please enable psk if disabling asn.])
|
|
fi
|
|
|
|
if test "$ENABLED_AFALG" = "yes"
|
|
then
|
|
# for TLS connections the intermediate hash needs to store buffer
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH_KEEP"
|
|
fi
|
|
|
|
if test "$ENABLED_DEVCRYPTO" = "yes"
|
|
then
|
|
# for TLS connections the intermediate hash needs to store buffer
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH_KEEP"
|
|
fi
|
|
fi
|
|
|
|
|
|
# Enable Examples, used to disable examples
|
|
if test "$HAVE_KERNEL_MODE" = "yes"
|
|
then
|
|
ENABLED_EXAMPLES_DEFAULT=no
|
|
else
|
|
ENABLED_EXAMPLES_DEFAULT=yes
|
|
fi
|
|
AC_ARG_ENABLE([examples],
|
|
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
|
|
[ ENABLED_EXAMPLES=$enableval ],
|
|
[ ENABLED_EXAMPLES=$ENABLED_EXAMPLES_DEFAULT ]
|
|
)
|
|
|
|
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
|
|
AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
|
|
|
|
|
|
# Enable wolfCrypt test and benchmark
|
|
if test "$HAVE_KERNEL_MODE" = "yes"
|
|
then
|
|
ENABLED_CRYPT_TESTS_DEFAULT=no
|
|
else
|
|
ENABLED_CRYPT_TESTS_DEFAULT=yes
|
|
fi
|
|
AC_ARG_ENABLE([crypttests],
|
|
[AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])],
|
|
[ ENABLED_CRYPT_TESTS=$enableval ],
|
|
[ ENABLED_CRYPT_TESTS=$ENABLED_CRYPT_TESTS_DEFAULT ]
|
|
)
|
|
AC_SUBST([ENABLED_CRYPT_TESTS])
|
|
|
|
if test "$ENABLED_CRYPT_TESTS" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CRYPT_TEST"
|
|
fi
|
|
|
|
# Build wolfCrypt test and benchmark as libraries. This will compile test.c and
|
|
# benchmark.c and make their functions available via libraries, libwolfcrypttest
|
|
# and libwolfcryptbench, respectively. Note that this feature is not enabled by
|
|
# default, and the API of these libraries should NOT be treated as stable.
|
|
AC_ARG_ENABLE([crypttests-libs],
|
|
[AS_HELP_STRING([--enable-crypttests-libs],[Enable wolfcrypt test and benchmark libraries (default: disabled)])],
|
|
[ ENABLED_CRYPT_TESTS_LIBS=$enableval ],
|
|
[ ENABLED_CRYPT_TESTS_LIBS=no ]
|
|
)
|
|
|
|
# LIBZ
|
|
ENABLED_LIBZ="no"
|
|
trylibzdir=""
|
|
AC_ARG_WITH([libz],
|
|
[ --with-libz=PATH PATH to libz install (default /usr/) ],
|
|
[
|
|
AC_MSG_CHECKING([for libz])
|
|
CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
|
|
LIBS="$LIBS -lz"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
|
|
|
|
if test "x$libz_linked" = "xno" ; then
|
|
if test "x$withval" != "xno" ; then
|
|
trylibzdir=$withval
|
|
fi
|
|
if test "x$withval" = "xyes" ; then
|
|
trylibzdir="/usr"
|
|
fi
|
|
|
|
LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
|
|
|
|
if test "x$libz_linked" = "xno" ; then
|
|
AC_MSG_ERROR([libz isn't found.
|
|
If it's already installed, specify its path using --with-libz=/dir/])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
else
|
|
AC_MSG_RESULT([yes])
|
|
fi
|
|
ENABLED_LIBZ="yes"
|
|
]
|
|
)
|
|
|
|
|
|
# PKCS#11
|
|
AC_ARG_ENABLE([pkcs11],
|
|
[AS_HELP_STRING([--enable-pkcs11],[Enable pkcs11 access (default: disabled)])],
|
|
[ ENABLED_PKCS11=$enableval ],
|
|
[ ENABLED_PKCS11=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_PKCS11" != "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11 -DHAVE_WOLF_BIGINT"
|
|
if test "x$ENABLED_PKCS11" != "xstatic"
|
|
then
|
|
LIBS="$LIBS -ldl"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11_STATIC"
|
|
ENABLED_PKCS11="yes"
|
|
fi
|
|
fi
|
|
|
|
|
|
# PKCS#8
|
|
AC_ARG_ENABLE([pkcs8],
|
|
[AS_HELP_STRING([--enable-pkcs8],[Enable PKCS #8 key packages (default: enabled)])],
|
|
[ ENABLED_PKCS8=$enableval ],
|
|
[ ENABLED_PKCS8=yes ]
|
|
)
|
|
|
|
if test "x$ENABLED_PKCS8" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_PKCS8"
|
|
fi
|
|
|
|
|
|
# cavium
|
|
trycaviumdir=""
|
|
AC_ARG_WITH([cavium],
|
|
[ --with-cavium=PATH PATH to cavium/software dir ],
|
|
[
|
|
AC_MSG_CHECKING([for cavium])
|
|
LIB_ADD="-lrt $LIB_ADD"
|
|
|
|
if test "x$withval" = "xyes" ; then
|
|
AC_MSG_ERROR([need a PATH for --with-cavium])
|
|
fi
|
|
if test "x$withval" != "xno" ; then
|
|
trycaviumdir=$withval
|
|
fi
|
|
|
|
CPPFLAGS="$AM_CPPFLAGS -DHAVE_CAVIUM -I$trycaviumdir/include"
|
|
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
|
|
|
|
if test "x$cavium_linked" = "xno" ; then
|
|
AC_MSG_ERROR([cavium isn't found.
|
|
If it's already installed, specify its path using --with-cavium=/dir/])
|
|
else
|
|
AM_CPPFLAGS="$CPPFLAGS"
|
|
AM_LDFLAGS="$LDFLAGS"
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
enable_shared=no
|
|
enable_static=yes
|
|
ENABLED_CAVIUM=yes
|
|
],
|
|
[ ENABLED_CAVIUM=no ]
|
|
)
|
|
|
|
# cavium V
|
|
trycaviumdir=""
|
|
AC_ARG_WITH([cavium-v],
|
|
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
|
|
[
|
|
AC_MSG_CHECKING([for cavium])
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
|
|
LIB_ADD="-lrt -lcrypto $LIB_ADD"
|
|
|
|
if test "x$withval" = "xyes" ; then
|
|
AC_MSG_ERROR([need a PATH for --with-cavium])
|
|
fi
|
|
if test "x$withval" != "xno" ; then
|
|
trycaviumdir=$withval
|
|
fi
|
|
|
|
if test -e $trycaviumdir/lib/libnitrox.a
|
|
then
|
|
AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS"
|
|
else
|
|
ENABLED_CAVIUM_V=no
|
|
fi
|
|
LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD"
|
|
|
|
if test "$ENABLED_CAVIUM_V" = "no"; then
|
|
AC_MSG_ERROR([Could not find Nitrox library])
|
|
fi
|
|
|
|
enable_shared=no
|
|
enable_static=yes
|
|
enable_opensslextra=yes
|
|
|
|
ENABLED_CAVIUM=yes
|
|
ENABLED_CAVIUM_V=yes
|
|
],
|
|
[
|
|
ENABLED_CAVIUM=no
|
|
ENABLED_CAVIUM_V=no
|
|
]
|
|
)
|
|
|
|
|
|
# Cavium Octeon
|
|
OCTEON_ROOT=""
|
|
: ${OCTEON_OBJ="obj-octeon2"}
|
|
: ${OCTEON_HOST="standalone"}
|
|
|
|
AC_ARG_WITH([octeon-sync],
|
|
[AS_HELP_STRING([--with-octeon-sync=PATH],[PATH to Cavium Octeon SDK dir (sync)])],
|
|
[
|
|
AC_MSG_CHECKING([for octeon])
|
|
|
|
if test "x$withval" = "xyes" ; then
|
|
AC_MSG_ERROR([need a PATH for --with-octeon])
|
|
fi
|
|
if test "x$withval" != "xno" ; then
|
|
OCTEON_ROOT=$withval
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM_OCTEON_SYNC"
|
|
AM_CFLAGS="$AM_CFLAGS -DOCTEON_MODEL=$OCTEON_MODEL"
|
|
AM_CFLAGS="$AM_CFLAGS -I$OCTEON_ROOT/executive"
|
|
AS_CASE([$OCTEON_HOST],['linux'],[AM_CFLAGS="$AM_CFLAGS -DCVMX_BUILD_FOR_LINUX_HOST"])
|
|
|
|
#-I$OCTEON_ROOT/target/include
|
|
AM_LDFLAGS="$AM_LDFLAGS -lrt -Xlinker -T -Xlinker $OCTEON_ROOT/executive/cvmx-shared-linux.ld"
|
|
AM_LDFLAGS="$AM_LDFLAGS -L$OCTEON_ROOT/executive/$OCTEON_OBJ -lcvmx -lfdt"
|
|
|
|
enable_shared=no
|
|
enable_static=yes
|
|
|
|
ENABLED_OCTEON_SYNC=yes
|
|
AC_MSG_RESULT([yes])
|
|
],
|
|
[ENABLED_OCTEON_SYNC=no]
|
|
)
|
|
|
|
|
|
# Intel QuickAssist
|
|
QAT_DIR=""
|
|
BUILD_INTEL_QAT_VERSION=2
|
|
|
|
AC_ARG_WITH([intelqa],
|
|
[AS_HELP_STRING([--with-intelqa=PATH],[PATH to Intel QuickAssist (QAT) driver dir])],
|
|
[ENABLED_INTEL_QA=yes; QAT_DIR=$withval],
|
|
[ENABLED_INTEL_QA=no])
|
|
|
|
AC_ARG_WITH([intelqa-sync],
|
|
[AS_HELP_STRING([--with-intelqa-sync=PATH],[PATH to Intel QuickAssist (QAT) driver dir (sync)])],
|
|
[ENABLED_INTEL_QA_SYNC=yes; QAT_DIR=$withval],
|
|
[ENABLED_INTEL_QA_SYNC=no])
|
|
|
|
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" && test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
|
|
[AC_MSG_ERROR([Both Intel QA Async and Sync are selected, only select one.])])
|
|
|
|
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
|
|
[AC_MSG_CHECKING([for intelqa])
|
|
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes"],
|
|
[AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"; intelqa_opt=""],
|
|
[AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA_SYNC -DQAT_USE_POLLING_THREAD -DO_CRYPTO -DUSER_SPACE"; intelqa_opt="-sync"])
|
|
OLD_LIBS="$LIBS"
|
|
OLD_CPPFLAGS="$CPPFLAGS"
|
|
|
|
AS_IF([test "x$QAT_DIR" = "xyes"],[AC_MSG_ERROR([need a PATH for --with-intelqa$intelqa_opt])])
|
|
|
|
QAT_FLAGS="-I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \
|
|
-I$QAT_DIR/quickassist/utilities/osal/src/linux/user_space/include -I$QAT_DIR/quickassist/lookaside/access_layer/include \
|
|
-I$QAT_DIR/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel \
|
|
-I$QAT_DIR/quickassist/utilities/libusdm_drv -I$QAT_DIR/quickassist/include/icp"
|
|
AM_CPPFLAGS="$AM_CPPFLAGS $QAT_FLAGS"
|
|
CPPFLAGS="$AM_CPPFLAGS"
|
|
|
|
LDFLAGS="$LDFLAGS -L$QAT_DIR/build"
|
|
LIBS="$LIBS -lqat_s -lusdm_drv_s"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
|
|
|
|
AS_IF([test "x$intelqa_linked" = "xno"],
|
|
[# Try old QAT driver libraries
|
|
LIBS="$OLD_LIBS -licp_qa_al_s"
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
|
|
AS_IF([test "x$intelqa_linked" = "xno"],
|
|
[AC_MSG_ERROR([Intel QuickAssist not found. If it's already installed, specify its path using --with-intelqa$intelqa_opt=/dir/])],
|
|
[BUILD_INTEL_QAT_VERSION=1])
|
|
])
|
|
|
|
AC_MSG_RESULT([yes])
|
|
|
|
AS_IF([test "x$BUILD_INTEL_QAT_VERSION" = "x1"],
|
|
[LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"],
|
|
[LIB_ADD="-losal -lrt $LIB_ADD"])
|
|
CPPFLAGS="$OLD_CPPFLAGS"
|
|
])
|
|
|
|
################################################################################
|
|
# Single Precision option handling #
|
|
################################################################################
|
|
|
|
ENABLED_SP_RSA=no
|
|
ENABLED_SP_DH=no
|
|
ENABLED_SP_FF_2048=no
|
|
ENABLED_SP_FF_3072=no
|
|
ENABLED_SP_FF_4096=no
|
|
ENABLED_SP_ECC=no
|
|
ENABLED_SP_EC_256=no
|
|
ENABLED_SP_EC_384=no
|
|
ENABLED_SP_EC_521=no
|
|
ENABLED_SP_SM2=$ENABLED_SM2
|
|
ENABLED_SP_SAKKE_1024=$ENABLED_SAKKE
|
|
ENABLED_SP_NO_MALLOC=no
|
|
ENABLED_SP_NONBLOCK=no
|
|
ENABLED_SP_SMALL=no
|
|
for v in `echo $ENABLED_SP | tr "," " "`
|
|
do
|
|
case $v in
|
|
small)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_2048=yes
|
|
ENABLED_SP_FF_3072=yes
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_256=yes
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"; then
|
|
ENABLED_SP_FF_4096=yes
|
|
ENABLED_SP_EC_384=yes
|
|
ENABLED_SP_EC_521=yes
|
|
fi
|
|
;;
|
|
|
|
smallfast)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_2048=yes
|
|
ENABLED_SP_FF_3072=yes
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_256=yes
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"; then
|
|
ENABLED_SP_FF_4096=yes
|
|
ENABLED_SP_EC_384=yes
|
|
ENABLED_SP_EC_521=yes
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_FAST_MODEXP"
|
|
;;
|
|
|
|
yes)
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_2048=yes
|
|
ENABLED_SP_FF_3072=yes
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_256=yes
|
|
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"; then
|
|
ENABLED_SP_FF_4096=yes
|
|
ENABLED_SP_EC_384=yes
|
|
ENABLED_SP_EC_521=yes
|
|
fi
|
|
;;
|
|
|
|
no)
|
|
;;
|
|
|
|
smallec256 | smallp256 | small256)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_256=yes
|
|
;;
|
|
ec256 | p256 | 256)
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_256=yes
|
|
;;
|
|
smallec384 | smallp384 | small384)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_384=yes
|
|
;;
|
|
ec384 | p384 | 384)
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_384=yes
|
|
;;
|
|
smallec521 | smallp521 | small521)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_521=yes
|
|
;;
|
|
ec521 | p521 | 521)
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_EC_521=yes
|
|
;;
|
|
smallec1024 | smallp1024 | small1024)
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_SAKKE_1024=yes
|
|
;;
|
|
ec1024 | p1024 | 1024)
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_SAKKE_1024=yes
|
|
;;
|
|
smallsm2)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_SM2=yes
|
|
;;
|
|
sm2)
|
|
ENABLED_SP_ECC=yes
|
|
ENABLED_SP_SM2=yes
|
|
;;
|
|
|
|
small2048)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_2048=yes
|
|
;;
|
|
2048)
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_2048=yes
|
|
;;
|
|
smallrsa2048)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_FF_2048=yes
|
|
;;
|
|
rsa2048)
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_FF_2048=yes
|
|
;;
|
|
|
|
small3072)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_3072=yes
|
|
;;
|
|
3072)
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_3072=yes
|
|
;;
|
|
smallrsa3072)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_FF_3072=yes
|
|
;;
|
|
rsa3072)
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_FF_3072=yes
|
|
;;
|
|
|
|
small4096)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_4096=yes
|
|
;;
|
|
4096 | +4096)
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_DH=yes
|
|
ENABLED_SP_FF_4096=yes
|
|
;;
|
|
smallrsa4096)
|
|
ENABLED_SP_SMALL=yes
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_FF_4096=yes
|
|
;;
|
|
rsa4096)
|
|
ENABLED_SP_RSA=yes
|
|
ENABLED_SP_FF_4096=yes
|
|
;;
|
|
|
|
smallstack)
|
|
ENABLED_SP_SMALL_STACK=yes
|
|
;;
|
|
|
|
nomalloc)
|
|
ENABLED_SP_NO_MALLOC=yes
|
|
;;
|
|
|
|
nonblock)
|
|
# Requires small and no malloc
|
|
ENABLED_SP_NONBLOCK=yes
|
|
ENABLED_SP_NO_MALLOC=yes
|
|
ENABLED_SP_SMALL=yes
|
|
;;
|
|
|
|
asm)
|
|
ENABLED_SP_ASM=yes
|
|
;;
|
|
|
|
noasm)
|
|
ENABLED_SP_ASM=no
|
|
;;
|
|
|
|
*)
|
|
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 384, 521, 1024, 2048, 3072, 4096]: $ENABLED_SP.])
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
ENABLED_SP_LINE="$ENABLE_SP"
|
|
ENABLED_SP=no
|
|
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
|
|
ENABLED_SP=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_RSA"
|
|
fi
|
|
if test "$ENABLED_DH" != "no" && test "$ENABLED_SP_DH" = "yes"; then
|
|
ENABLED_SP=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_DH"
|
|
fi
|
|
if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then
|
|
if test "$ENABLED_SP_FF_2048" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
|
|
fi
|
|
if test "$ENABLED_SP_FF_3072" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
|
|
fi
|
|
if test "$ENABLED_SP_FF_4096" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_4096"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_4096"
|
|
fi
|
|
|
|
case $host_cpu in
|
|
*x86_64* | *aarch64* | *amd64*)
|
|
if test "$ENABLED_SP_SMALL" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE"
|
|
fi
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
fi
|
|
if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then
|
|
ENABLED_SP=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_ECC"
|
|
if test "$ENABLED_SP_EC_256" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_256"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_256"
|
|
fi
|
|
if test "$ENABLED_SP_EC_384" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC384 -DWOLFSSL_SP_384"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_384"
|
|
fi
|
|
if test "$ENABLED_SP_EC_521" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC521 -DWOLFSSL_SP_521"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_521"
|
|
fi
|
|
if test "$ENABLED_SP_SAKKE_1024" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_1024"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_1024"
|
|
fi
|
|
if test "$ENABLED_SP_SM2" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SM2"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SM2"
|
|
fi
|
|
fi
|
|
if test "$ENABLED_SP_SMALL" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
|
|
fi
|
|
if test "$ENABLED_SP_SMALL_STACK" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL_STACK"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL_STACK"
|
|
fi
|
|
if test "$ENABLED_SP_NO_MALLOC" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_MALLOC"
|
|
fi
|
|
if test "$ENABLED_SP_NONBLOCK" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK"
|
|
fi
|
|
|
|
if test "$ENABLED_SP_MATH" = "yes"; then
|
|
if test "$ENABLED_SP" = "no"; then
|
|
if test "$ENABLED_RSA" != "no"; then
|
|
AC_MSG_ERROR([Must have SP enabled with SP math for RSA: --enable-sp])
|
|
fi
|
|
if test "$ENABLED_DH" != "no"; then
|
|
AC_MSG_ERROR([Must have SP enabled with SP math for DH: --enable-sp])
|
|
fi
|
|
if test "$ENABLED_ECC" != "no"; then
|
|
AC_MSG_ERROR([Must have SP enabled with SP math for ECC: --enable-sp])
|
|
fi
|
|
fi
|
|
if test "$ENABLED_ECCCUSTCURVES" != "no"; then
|
|
AC_MSG_ERROR([Cannot use single precision math and custom curves])
|
|
fi
|
|
if test "$ENABLED_DSA" = "yes"; then
|
|
AC_MSG_ERROR([Cannot use single precision math and DSA])
|
|
fi
|
|
if test "$ENABLED_SRP" = "yes"; then
|
|
AC_MSG_ERROR([Cannot use single precision math and SRP])
|
|
fi
|
|
if test "$ENABLED_SP_RSA" = "no" && test "$ENABLED_RSA" = "yes"; then
|
|
AC_MSG_ERROR([Cannot use RSA single precision only math and RSA])
|
|
fi
|
|
if test "$ENABLED_SP_DH" = "no" && test "$ENABLED_DH" != "no"; then
|
|
AC_MSG_ERROR([Cannot use DH single precision only math and DH])
|
|
fi
|
|
fi
|
|
|
|
for v in `echo $ENABLED_SP_MATH_ALL | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes | no)
|
|
;;
|
|
small)
|
|
ENABLED_SP_MATH_ALL="yes"
|
|
ENABLED_SP_SMALL="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
|
|
;;
|
|
huge)
|
|
ENABLED_SP_MATH_ALL="yes"
|
|
ENABLED_FASTHUGEMATH="yes"
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA"
|
|
;;
|
|
256 | 384 | 521 | 1024 | 2048 | 3072 | 4096)
|
|
if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -o "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -lt "$v"
|
|
then
|
|
DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS="$v"
|
|
fi
|
|
ENABLED_SP_MATH_ALL="yes"
|
|
;;
|
|
nomalloc)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC"
|
|
ENABLED_SP_MATH_ALL="yes"
|
|
;;
|
|
neg)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_NEGATIVE"
|
|
ENABLED_SP_MATH_ALL="yes"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Support SP int bit sizes: 256, 384, 521, 1024, 2048, 3072, 4096. $ENABLED_SP_MATH_ALL not supported])
|
|
;;
|
|
esac
|
|
done
|
|
|
|
AC_ARG_WITH([arm-target],
|
|
[AS_HELP_STRING([--with-arm-target=x],[x can be "thumb" or "cortex"])],
|
|
[ARM_TARGET="$withval"],
|
|
[ARM_TARGET=''])
|
|
|
|
if test "$ENABLED_SP_MATH_ALL" = "yes" && test "$ENABLED_ASM" != "no"; then
|
|
|
|
ENABLED_FASTMATH="no"
|
|
ENABLED_SLOWMATH="no"
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH_ALL"
|
|
|
|
case $host_cpu in
|
|
*x86_64* | *amd64*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64"
|
|
;;
|
|
*x86*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86"
|
|
;;
|
|
*aarch64*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64 -DWOLFSSL_AARCH64_BUILD"
|
|
;;
|
|
*arm*)
|
|
if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB"
|
|
else
|
|
if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32"
|
|
fi
|
|
fi
|
|
;;
|
|
*ppc64* | *powerpc64*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC64"
|
|
;;
|
|
*ppc* | *powerpc*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC"
|
|
;;
|
|
*mips64*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS64"
|
|
;;
|
|
*mips*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS"
|
|
;;
|
|
*riscv32*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV32"
|
|
;;
|
|
*riscv64*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV64"
|
|
;;
|
|
*s390x*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_S390X"
|
|
;;
|
|
esac
|
|
|
|
if test "$ENABLED_FIPS" != "no" || test "$SELFTEST_VERSION" != "none"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_NEGATIVE"
|
|
fi
|
|
fi
|
|
|
|
|
|
if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then
|
|
if test "$ENABLED_SP_NONBLOCK" = "yes"; then
|
|
AC_MSG_ERROR([SP non-blocking not supported with sp-asm])
|
|
fi
|
|
if test "$ENABLED_ASM" = "no"; then
|
|
AC_MSG_ERROR([Assembly code turned off])
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ASM"
|
|
case $host_cpu in
|
|
*aarch64*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM"
|
|
ENABLED_SP_ARM64_ASM=yes
|
|
;;
|
|
*armv7a* | *armv7l*)
|
|
if test "$ENABLED_ARMASM" = "no"; then
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARM_ARCH=7 -marm"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
ENABLED_SP_ARM32_ASM=yes
|
|
;;
|
|
*cortex* | *armv7m*)
|
|
if test "$ENABLED_ARMASM" = "no"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_THUMB2"
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-r -DWOLFSSL_ARMASM_THUMB2 -DWOLFSSL_ARM_ARCH=7"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
|
|
ENABLED_SP_ARM_CORTEX_ASM=yes
|
|
ENABLED_ARM_THUMB=yes
|
|
;;
|
|
*armv6*)
|
|
if test "$ENABLED_ARMASM" = "no"; then
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv6 -DWOLFSSL_ARM_ARCH=6"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
ENABLED_SP_ARM32_ASM=yes
|
|
;;
|
|
*armv4*)
|
|
if test "$ENABLED_ARMASM" = "no"; then
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv4 -DWOLFSSL_ARM_ARCH=4"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
ENABLED_SP_ARM32_ASM=yes
|
|
;;
|
|
*arm*)
|
|
if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
|
|
ENABLED_SP_ARM_THUMB_ASM=yes
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
|
|
ENABLED_SP_ARM32_ASM=yes
|
|
fi
|
|
;;
|
|
*x86_64* | *amd64*)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM"
|
|
ENABLED_SP_X86_64_ASM=yes
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([SP ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm])
|
|
;;
|
|
esac
|
|
|
|
fi
|
|
|
|
|
|
if test "$ENABLED_SP_MATH" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH"
|
|
fi
|
|
|
|
################################################################################
|
|
# End - Single Precision option handling #
|
|
################################################################################
|
|
|
|
# static memory use
|
|
AC_ARG_ENABLE([staticmemory],
|
|
[AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
|
|
[ ENABLED_STATICMEMORY=$enableval ],
|
|
[ ENABLED_STATICMEMORY=no ]
|
|
)
|
|
|
|
for v in `echo $ENABLED_STATICMEMORY | tr "," " "`
|
|
do
|
|
case $v in
|
|
yes)
|
|
;;
|
|
no)
|
|
;;
|
|
small|lean)
|
|
ENABLED_STATICMEMORY=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_LEAN"
|
|
;;
|
|
debug)
|
|
ENABLED_STATICMEMORY=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Invalid choice for staticmemory.])
|
|
break;;
|
|
esac
|
|
done
|
|
|
|
if test "x$ENABLED_STATICMEMORY" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
|
|
|
|
if test "x$ENABLED_HEAPMATH" = "xyes"
|
|
then
|
|
AC_MSG_ERROR([--enable-heapmath is incompatible with --enable-staticmemory.])
|
|
fi
|
|
if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_SMALL"
|
|
fi
|
|
fi
|
|
|
|
|
|
# microchip api
|
|
AC_ARG_ENABLE([mcapi],
|
|
[AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])],
|
|
[ ENABLED_MCAPI=$enableval ],
|
|
[ ENABLED_MCAPI=no ]
|
|
)
|
|
|
|
if test "$ENABLED_MCAPI" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
|
|
if test "x$ENABLED_AESCTR" != "xyes"
|
|
then
|
|
# These flags are already implied by --enable-aesctr
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
if test "x$ENABLED_AESGCM" != "xyes" && test "x$ENABLED_AESGCM" != "xno"
|
|
then
|
|
# Use the smaller object size implementation
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
ENABLED_MD5=yes
|
|
fi
|
|
|
|
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
|
|
then
|
|
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
|
|
fi
|
|
|
|
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
|
|
fi
|
|
|
|
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
|
|
then
|
|
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
|
|
fi
|
|
|
|
|
|
# cryptodev is old name, replaced with cryptocb
|
|
AC_ARG_ENABLE([cryptodev],
|
|
[AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])],
|
|
[ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ])
|
|
|
|
# Support for crypto callbacks
|
|
AC_ARG_ENABLE([cryptocb],
|
|
[AS_HELP_STRING([--enable-cryptocb],
|
|
[Enable crypto callbacks (default: disabled). Use 'no-default-devid' to enable without a platform-specific default device ID])],
|
|
[
|
|
case "$enableval" in
|
|
no-default-devid)
|
|
ENABLED_CRYPTOCB=yes
|
|
AM_CPPFLAGS="$AM_CPPFLAGS -DWC_NO_DEFAULT_DEVID"
|
|
;;
|
|
*)
|
|
ENABLED_CRYPTOCB="$enableval"
|
|
;;
|
|
esac
|
|
],
|
|
[ ENABLED_CRYPTOCB=no ])
|
|
|
|
# Enable testing of cryptoCb using software crypto. On platforms where wolfCrypt tests
|
|
# are used to test a custom cryptoCb, it may be desired to disable this so wolfCrypt tests
|
|
# don't also test software implementations of every algorithm
|
|
AC_ARG_ENABLE([cryptocb-sw-test],
|
|
[AS_HELP_STRING([--disable-cryptocb-sw-test],[Disable wolfCrypt crypto callback tests using software crypto (default: enabled). Only valid with --enable-cryptocb])],
|
|
[ if test "x$ENABLED_CRYPTOCB" = "xno"; then
|
|
AC_MSG_ERROR([--disable-cryptocb-sw-test requires --enable-cryptocb])
|
|
else
|
|
ENABLED_CRYPTOCB_SW_TEST=$enableval
|
|
fi ],
|
|
[ ENABLED_CRYPTOCB_SW_TEST=yes ]
|
|
)
|
|
|
|
if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" != "no"
|
|
then
|
|
ENABLED_CRYPTOCB=yes
|
|
fi
|
|
if test "$ENABLED_CRYPTOCB" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB"
|
|
fi
|
|
|
|
if test "$ENABLED_CRYPTOCB_SW_TEST" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_TEST_NO_CRYPTOCB_SW_TEST"
|
|
fi
|
|
|
|
# Crypto Callbacks Utils (Copy/Free/etc)
|
|
AC_ARG_ENABLE([cryptocbutils],
|
|
[AS_HELP_STRING([--enable-cryptocbutils@<:@=copy,free,setkey,export,...@:>@],
|
|
[Enable crypto callback utilities (default: all)])],
|
|
[ ENABLED_CRYPTOCB_UTILS=$enableval ],
|
|
[ ENABLED_CRYPTOCB_UTILS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CRYPTOCB_UTILS" != "no"; then
|
|
if test "$ENABLED_CRYPTOCB" = "no"; then
|
|
AC_MSG_ERROR([--enable-cryptocbutils requires --enable-cryptocb])
|
|
fi
|
|
|
|
if test "$ENABLED_CRYPTOCB_UTILS" = "yes"; then
|
|
# Enable all utilities
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_COPY -DWOLF_CRYPTO_CB_FREE -DWOLF_CRYPTO_CB_SETKEY -DWOLF_CRYPTO_CB_EXPORT_KEY"
|
|
else
|
|
# Parse comma-separated list
|
|
OIFS="$IFS"
|
|
IFS=','
|
|
for util in $ENABLED_CRYPTOCB_UTILS; do
|
|
case "$util" in
|
|
copy)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_COPY"
|
|
;;
|
|
free)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_FREE"
|
|
;;
|
|
setkey)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_SETKEY"
|
|
;;
|
|
export)
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_EXPORT_KEY"
|
|
;;
|
|
*)
|
|
AC_MSG_ERROR([Unknown cryptocbutils option: $util. Valid options: copy, free, setkey, export])
|
|
;;
|
|
esac
|
|
done
|
|
IFS="$OIFS"
|
|
fi
|
|
fi
|
|
|
|
# Crypto callback RSA padding support
|
|
# When enabled, the RSA crypto callback args struct exposes the RsaPadding
|
|
# parameters so the callback can perform RSA padding/unpadding itself or
|
|
# offload it together with the modular exponentiation.
|
|
AC_ARG_ENABLE([cryptocb-rsa-pad],
|
|
[AS_HELP_STRING([--enable-cryptocb-rsa-pad],[Enable RSA padding aware crypto callbacks (default: disabled). Requires --enable-cryptocb])],
|
|
[ ENABLED_CRYPTOCB_RSA_PAD=$enableval ],
|
|
[ ENABLED_CRYPTOCB_RSA_PAD=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CRYPTOCB_RSA_PAD" = "yes"
|
|
then
|
|
if test "x$ENABLED_CRYPTOCB" = "xno"; then
|
|
AC_MSG_ERROR([--enable-cryptocb-rsa-pad requires --enable-cryptocb])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB_RSA_PAD"
|
|
fi
|
|
|
|
|
|
# wc_swdev: software crypto-callback device for testing
|
|
AC_ARG_ENABLE([swdev],
|
|
[AS_HELP_STRING([--enable-swdev],[Build wc_swdev software crypto-callback for tests (default: disabled). Requires --enable-cryptocb])],
|
|
[ ENABLED_SWDEV=$enableval ],
|
|
[ ENABLED_SWDEV=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SWDEV" = "yes"
|
|
then
|
|
if test "$ENABLED_CRYPTOCB" != "yes" && test "$enable_usersettings" != "yes"; then
|
|
AC_MSG_ERROR([--enable-swdev requires --enable-cryptocb (or --enable-usersettings with WOLF_CRYPTO_CB defined in user_settings.h)])
|
|
fi
|
|
if test "x$srcdir" != "x."; then
|
|
AC_MSG_ERROR([--enable-swdev currently supports in-tree builds only])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SWDEV -DWOLF_CRYPTO_CB_FIND"
|
|
fi
|
|
|
|
|
|
# Asynchronous Crypto
|
|
AC_ARG_ENABLE([asynccrypt],
|
|
[AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])],
|
|
[ ENABLED_ASYNCCRYPT=$enableval ],
|
|
[ ENABLED_ASYNCCRYPT=no ]
|
|
)
|
|
|
|
# Asynchronous crypto using software (i.e. not hardware). Required for
|
|
# non-blocking crypto with TLS/DTLS.
|
|
AC_ARG_ENABLE([asynccrypt-sw],
|
|
[AS_HELP_STRING([--enable-asynccrypt-sw],[Enable asynchronous software-based crypto (default: disabled)])],
|
|
[ ENABLED_ASYNCCRYPT_SW=$enableval ],
|
|
[ ENABLED_ASYNCCRYPT_SW=no ]
|
|
)
|
|
if test "$ENABLED_ASYNCCRYPT_SW" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_SW"
|
|
ENABLED_ASYNCCRYPT=yes
|
|
fi
|
|
|
|
if test "$ENABLED_ASYNCCRYPT" = "yes"
|
|
then
|
|
AC_MSG_NOTICE([Enabling asynchronous support])
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT -DWOLFSSL_NO_HASH_RAW"
|
|
|
|
# If no async backend (hardware or software) has been explicitly enabled,
|
|
# use the software backend for testing.
|
|
if test "x$ENABLED_CAVIUM" != "xyes" && test "x$ENABLED_INTEL_QA" != "xyes" && test "x$ENABLED_CRYPTOCB" != "xyes" && test "x$ENABLED_PKCALLBACKS" != "xyes" && test "x$ENABLED_ASYNCCRYPT_SW" != "xyes"
|
|
then
|
|
AC_MSG_NOTICE([Enabling asynchronous software simulator])
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_SW"
|
|
ENABLED_ASYNCCRYPT_SW=yes
|
|
fi
|
|
fi
|
|
|
|
# check for async if using Intel QuckAssist or Cavium
|
|
if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
|
|
if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
|
|
AC_MSG_ERROR([Please enable asynchronous support using --enable-asynccrypt])
|
|
fi
|
|
fi
|
|
|
|
# Asynchronous threading (Linux specific)
|
|
AC_ARG_ENABLE([asyncthreads],
|
|
[AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])],
|
|
[ ENABLED_ASYNCTHREADS=$enableval ],
|
|
[ ENABLED_ASYNCTHREADS=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
|
|
then
|
|
AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
|
|
else
|
|
ENABLED_ASYNCTHREADS=no
|
|
fi
|
|
|
|
if test "$ENABLED_ASYNCTHREADS" = "yes"
|
|
then
|
|
LIB_ADD="-lpthread $LIB_ADD"
|
|
AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
|
|
fi
|
|
|
|
|
|
# Support for autosar shim
|
|
AC_ARG_ENABLE([autosar],
|
|
[AS_HELP_STRING([--enable-autosar],[Enable AutoSAR support (default: disabled)])],
|
|
[ ENABLED_AUTOSAR=$enableval ],
|
|
[ ENABLED_AUTOSAR=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AUTOSAR" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AUTOSAR"
|
|
fi
|
|
|
|
|
|
# Session Export
|
|
AC_ARG_ENABLE([sessionexport],
|
|
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
|
|
[ ENABLED_SESSIONEXPORT=$enableval ],
|
|
[ ENABLED_SESSIONEXPORT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SESSIONEXPORT" = "yes" ||
|
|
test "$ENABLED_SESSIONEXPORT" = "nopeer"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
|
|
|
|
if test "$ENABLED_SESSIONEXPORT" = "nopeer"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT_NOPEER"
|
|
fi
|
|
fi
|
|
|
|
|
|
if test "$ENABLED_WPAS" != "no" &&
|
|
( test "$ENABLED_FIPS" = "no" || test "x$FIPS_VERSION" = "xv6" )
|
|
then
|
|
ENABLED_AESKEYWRAP="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_AESKEYWRAP" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
|
|
|
|
# Old name support for backwards compatibility
|
|
AC_ARG_ENABLE([oldnames],
|
|
[AS_HELP_STRING([--enable-oldnames],[Keep backwards compat with old names (default: enabled)])],
|
|
[ ENABLED_OLDNAMES=$enableval ],
|
|
[ ENABLED_OLDNAMES=yes ]
|
|
)
|
|
|
|
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
|
|
fi
|
|
|
|
|
|
# Memory Tests
|
|
AC_ARG_ENABLE([memtest],
|
|
[AS_HELP_STRING([--enable-memtest],[Memory testing option, for internal use (default: disabled)])],
|
|
[ ENABLED_MEMTEST=$enableval ],
|
|
[ ENABLED_MEMTEST=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_MEMTEST" != "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"
|
|
fi
|
|
|
|
if test "x$ENABLED_MEMTEST" = "xfail"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FORCE_MALLOC_FAIL_TEST"
|
|
fi
|
|
|
|
# Enable hash flags support
|
|
# Hash flags are useful for runtime options such as SHA3 KECCAK256 selection
|
|
AC_ARG_ENABLE([hashflags],
|
|
[AS_HELP_STRING([--enable-hashflags],[Enable support for hash flags (default: disabled)])],
|
|
[ ENABLED_HASHFLAGS=$enableval ],
|
|
[ ENABLED_HASHFLAGS=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_HASHFLAGS" != "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HASH_FLAGS"
|
|
fi
|
|
|
|
# Support for enabling setting default DH parameters in TLS
|
|
AC_ARG_ENABLE([defaultdhparams],
|
|
[AS_HELP_STRING([--enable-defaultdhparams],[Enables option for default dh parameters (default: disabled)])],
|
|
[ ENABLED_DHDEFAULTPARAMS=$enableval ],
|
|
[ ENABLED_DHDEFAULTPARAMS=$ENABLED_DH ]
|
|
)
|
|
if test "x$ENABLED_DHDEFAULTPARAMS" = "xyes" && test "x$ENABLED_QT" != "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH_DEFAULT_PARAMS"
|
|
fi
|
|
|
|
|
|
AC_ARG_WITH([max-rsa-bits],
|
|
[AS_HELP_STRING([--with-max-rsa-bits=number],[number of bits to support for RSA, DH, and DSA keys])],
|
|
[WITH_MAX_CLASSIC_ASYM_KEY_BITS=$withval],
|
|
[WITH_MAX_CLASSIC_ASYM_KEY_BITS="$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"])
|
|
|
|
if test -n "$WITH_MAX_CLASSIC_ASYM_KEY_BITS"; then
|
|
if test "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -lt 1024 -o "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -gt 16384; then
|
|
AC_MSG_ERROR([--with-max-rsa-bits argument must be between 1024 and 16384 inclusive])
|
|
fi
|
|
if test "$ENABLED_FIPS" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DRSA_MAX_SIZE=$WITH_MAX_CLASSIC_ASYM_KEY_BITS"
|
|
fi
|
|
MPI_MAX_KEY_BITS=$WITH_MAX_CLASSIC_ASYM_KEY_BITS
|
|
fi
|
|
|
|
AC_ARG_WITH([max-ecc-bits],
|
|
[AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])],
|
|
[WITH_MAX_ECC_BITS=$withval],
|
|
)
|
|
|
|
if test -n "$WITH_MAX_ECC_BITS"; then
|
|
if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then
|
|
AC_MSG_ERROR([--with-max-ecc-bits argument must be between 112 and 1024 inclusive])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DMAX_ECC_BITS=$WITH_MAX_ECC_BITS"
|
|
fi
|
|
|
|
if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
|
|
if test -n "$MAX_MPI_KEY_BITS" -a -n "$WITH_MAX_ECC_BITS"; then
|
|
if test "$MAX_MPI_KEY_BITS" -lt "$WITH_MAX_ECC_BITS"; then
|
|
MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
|
|
fi
|
|
elif test -n "$WITH_MAX_ECC_BITS"; then
|
|
MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
|
|
fi
|
|
if test "$MPI_MAX_KEY_BITS" -gt 1024; then
|
|
AM_CFLAGS="$AM_CFLAGS -DFP_MAX_BITS=$((MPI_MAX_KEY_BITS * 2)) -DSP_INT_BITS=$MPI_MAX_KEY_BITS"
|
|
fi
|
|
fi
|
|
|
|
AC_ARG_ENABLE([linuxkm-lkcapi-register],
|
|
[AS_HELP_STRING([--enable-linuxkm-lkcapi-register],[Register wolfCrypt implementations with the Linux Kernel Crypto API backplane.
|
|
Possible values are "none" or a comma-separated combination of "all", "all-kconfig", "sysfs-nodes-only", "cbc(aes)", "cfb(aes)",
|
|
"gcm(aes)", "rfc4106(gcm(aes))", "xts(aes)", "ctr(aes)", "ofb(aes)", "ecb(aes)", "all-aes", "sha1", "sha2", "sha3", "all-sha",
|
|
"hmac(sha1)", "hmac(sha2)", "hmac(sha3)", "all-hmac", "stdrng", "stdrng-default", "ecdsa", "ecdh", "rsa", "dh", and negations of
|
|
the foregoing algorithms by prefixing "-".
|
|
(default: none)])],
|
|
[ENABLED_LINUXKM_LKCAPI_REGISTER=$enableval],
|
|
[ENABLED_LINUXKM_LKCAPI_REGISTER=no]
|
|
)
|
|
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER"
|
|
|
|
if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$enable_aesgcm_stream" != "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 6); then
|
|
ENABLED_AESGCM_STREAM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_LINUXKM_LKCAPI_REGISTER" = "yes"
|
|
then
|
|
ENABLED_LINUXKM_LKCAPI_REGISTER=all
|
|
fi
|
|
|
|
for lkcapi_alg in $(echo "$ENABLED_LINUXKM_LKCAPI_REGISTER" | tr ',' ' ')
|
|
do
|
|
case "$lkcapi_alg" in
|
|
all) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA"
|
|
;;
|
|
all-kconfig) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ALL -DLINUXKM_LKCAPI_REGISTER_ALL_KCONFIG -DWC_RSA_NO_PADDING -DWOLFSSL_DH_EXTRA"
|
|
;;
|
|
sysfs-nodes-only) AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND" ;;
|
|
'cbc(aes)') test "$ENABLED_AESCBC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CBC implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCBC" ;;
|
|
'cfb(aes)') test "$ENABLED_AESCFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CFB implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCFB" ;;
|
|
'gcm(aes)') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM" ;;
|
|
'rfc4106(gcm(aes))') test "$ENABLED_AESGCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-GCM implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106" ;;
|
|
'ccm(aes)') test "$ENABLED_AESCCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CCM implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCCM" ;;
|
|
'rfc4309(ccm(aes))') test "$ENABLED_AESCCM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CCM implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCCM_RFC4309" ;;
|
|
'xts(aes)') test "$ENABLED_AESXTS" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-XTS implementation not enabled.])
|
|
test "$ENABLED_AESXTS_STREAM" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: --enable-aesxts-stream is required for LKCAPI.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESXTS" ;;
|
|
'ctr(aes)') test "$ENABLED_AESCTR" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-CTR implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESCTR" ;;
|
|
'ofb(aes)') test "$ENABLED_AESOFB" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES-OFB implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESOFB" ;;
|
|
'ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AESECB -DHAVE_AES_ECB" ;;
|
|
'all-aes') test "$ENABLED_AES" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: AES is disabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_AES_ALL" ;;
|
|
'sha1') test "$ENABLED_SHA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-1 implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA1" ;;
|
|
'sha2') test "$ENABLED_SHA224" != "no" || test "$ENABLED_SHA256" != "no" || test "$ENABLED_SHA384" != "no" || test "$ENABLED_SHA512" != "no" || \
|
|
AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: No SHA-2 implementations are enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2" ;;
|
|
'sha3') test "$ENABLED_SHA3" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3" ;;
|
|
'all-sha') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA_ALL" ;;
|
|
'hmac(sha1)') test "$ENABLED_SHA" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-1 HMAC implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA1_HMAC" ;;
|
|
'hmac(sha2)') (test "$ENABLED_SHA224" != "no" || test "$ENABLED_SHA256" != "no" || test "$ENABLED_SHA384" != "no" || test "$ENABLED_SHA512" != "no") && \
|
|
test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: No SHA-2 HMAC implementations are enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA2_HMAC" ;;
|
|
'hmac(sha3)') test "$ENABLED_SHA3" != "no" && test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: SHA-3 HMAC implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_SHA3_HMAC" ;;
|
|
'all-hmac') test "$ENABLED_HMAC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HMAC implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HMAC_ALL" ;;
|
|
'stdrng') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG" ;;
|
|
'stdrng-default') test "$ENABLED_HASHDRBG" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: HASHDRBG implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG -DLINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT" ;;
|
|
'ecdsa') test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;;
|
|
'ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDH" ;;
|
|
'rsa') test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.])
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA -DWC_RSA_NO_PADDING" ;;
|
|
'dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_DH -DWOLFSSL_DH_EXTRA"
|
|
;;
|
|
# disable options
|
|
'-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
|
|
'-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;;
|
|
'-gcm(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM" ;;
|
|
'-rfc4106(gcm(aes))')
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESGCM_RFC4106" ;;
|
|
'-ccm(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCCM" ;;
|
|
'-rfc4309(ccm(aes))')
|
|
AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCCM_RFC4309" ;;
|
|
'-xts(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESXTS" ;;
|
|
'-ctr(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCTR" ;;
|
|
'-ofb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESOFB" ;;
|
|
'-ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESECB" ;;
|
|
'-all-aes') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AES_ALL" ;;
|
|
'-sha1') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA1" ;;
|
|
'-sha2') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA2" ;;
|
|
'-sha3') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA3" ;;
|
|
'-all-sha') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA_ALL" ;;
|
|
'-hmac(sha1)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA1_HMAC" ;;
|
|
'-hmac(sha2)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA2_HMAC" ;;
|
|
'-hmac(sha3)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_SHA3_HMAC" ;;
|
|
'-all-hmac') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_HMAC_ALL" ;;
|
|
'-stdrng') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG" ;;
|
|
'-stdrng-default') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT" ;;
|
|
'-ecdsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDSA" ;;
|
|
'-ecdh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDH" ;;
|
|
'-rsa') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_RSA" ;;
|
|
'-dh') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_DH" ;;
|
|
*) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".]) ;;
|
|
esac
|
|
done
|
|
fi
|
|
AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER])
|
|
|
|
# Library Suffix
|
|
LIBSUFFIX=""
|
|
AC_ARG_WITH([libsuffix],
|
|
[AS_HELP_STRING([--with-libsuffix=SUFFIX],[Library artifact SUFFIX, ie libwolfsslSUFFIX.so])],
|
|
[
|
|
if test "x$withval" != "xno" ; then
|
|
LIBSUFFIX=$withval
|
|
fi
|
|
if test "x$withval" = "xyes" ; then
|
|
AC_MSG_ERROR([Invalid argument to --with-libsuffix, no suffix given])
|
|
fi
|
|
]
|
|
)
|
|
AC_SUBST(LIBSUFFIX)
|
|
|
|
# Support system wide crypto-policy file:
|
|
# - Pass path to your wolfssl.config system crypto-policy file.
|
|
# - Pass no argument to use default.
|
|
AC_ARG_WITH([sys-crypto-policy],
|
|
[AS_HELP_STRING([--with-sys-crypto-policy=PATH],[Support for system-wide crypto-policy file. (default: disabled)])],
|
|
[ SYS_CRYPTO_POLICY=$withval],
|
|
[ SYS_CRYPTO_POLICY=no ]
|
|
)
|
|
|
|
if test "$SYS_CRYPTO_POLICY" != "no"; then
|
|
if test "$SYS_CRYPTO_POLICY" = "yes"; then
|
|
# Default to the wolfssl fedora crypto-policy file.
|
|
SYS_CRYPTO_POLICY="/etc/crypto-policies/back-ends/wolfssl.config"
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SYS_CRYPTO_POLICY"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CRYPTO_POLICY_FILE=\"$SYS_CRYPTO_POLICY\""
|
|
fi
|
|
|
|
AC_ARG_ENABLE([context-extra-user-data],
|
|
[AS_HELP_STRING([--enable-context-extra-user-data],[Enables option for storing user-defined data in TLS API contexts, with optional argument the number of slots to allocate (default: disabled)])],
|
|
[ ENABLED_EX_DATA=$enableval ],
|
|
[ ENABLED_EX_DATA=no ]
|
|
)
|
|
case "$ENABLED_EX_DATA" in
|
|
no) ;;
|
|
yes) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
|
|
;;
|
|
[[1-9]]|[[1-9]][[0-9]]|[[1-9]][[0-9]][[0-9]]|[[1-9]][[0-9]][[0-9]][[0-9]])
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DMAX_EX_DATA=$ENABLED_EX_DATA"
|
|
;;
|
|
*) AC_MSG_ERROR([Invalid argument to --enable-context-extra-user-data -- must be yes, no, or a number from 1 to 9999 (note: each index reserves one pointer per object, so large values increase memory use)])
|
|
;;
|
|
esac
|
|
|
|
# IoT-Safe support
|
|
AC_ARG_ENABLE([iotsafe],
|
|
[AS_HELP_STRING([--enable-iotsafe],[Enables support for IoT-Safe secure applet (default: disabled)])],
|
|
[ ENABLED_IOTSAFE=$enableval ],
|
|
[ ENABLED_IOTSAFE=no ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([iotsafe-hwrng],
|
|
[AS_HELP_STRING([--enable-iotsafe-hwrng],[Enables support for IoT-Safe RNG (default: disabled)])],
|
|
[ ENABLED_IOTSAFE_HWRNG=$enableval ],
|
|
[ ENABLED_IOTSAFE_HWRNG=no ]
|
|
)
|
|
|
|
# Make clean
|
|
AC_ARG_ENABLE([makeclean],
|
|
[AS_HELP_STRING([--enable-makeclean], [Enables forced "make clean" at the
|
|
end of configure (default: enabled)])],
|
|
[ ENABLED_MAKECLEAN=$enableval ],
|
|
[ ENABLED_MAKECLEAN=yes ]
|
|
)
|
|
|
|
# User Settings
|
|
AC_ARG_ENABLE([usersettings],
|
|
[AS_HELP_STRING([--enable-usersettings],[Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)])],
|
|
[ ENABLED_USERSETTINGS=$enableval ],
|
|
[ ENABLED_USERSETTINGS=no ]
|
|
)
|
|
|
|
|
|
# Default optimization CFLAGS enable
|
|
AC_ARG_ENABLE([optflags],
|
|
[AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])],
|
|
[ ENABLED_OPTFLAGS=$enableval ],
|
|
[ ENABLED_OPTFLAGS=yes ]
|
|
)
|
|
|
|
# Adds functionality to load CA certificates from the operating system.
|
|
AC_ARG_ENABLE([sys-ca-certs],
|
|
[AS_HELP_STRING([--enable-sys-ca-certs],[Enable ability to load CA certs from OS (default: enabled)])],
|
|
[ ENABLED_SYS_CA_CERTS=$enableval ],
|
|
[ ENABLED_SYS_CA_CERTS=yes ]
|
|
)
|
|
|
|
AC_ARG_ENABLE([dual-alg-certs],
|
|
[AS_HELP_STRING([--enable-dual-alg-certs],[Enable support for dual key/signature certificates in TLS 1.3 as defined in X9.146 (requires --enable-experimental) (default: disabled)])],
|
|
[ ENABLED_DUAL_ALG_CERTS=$enableval ],
|
|
[ ENABLED_DUAL_ALG_CERTS=no ]
|
|
)
|
|
|
|
AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([dual-alg-certs requires --enable-experimental.]) ])
|
|
|
|
AS_IF([ test "$ENABLED_DUAL_ALG_CERTS" != "no" && test "$ENABLED_CRYPTONLY" = "yes" ],[ AC_MSG_ERROR([dual-alg-certs is incompatible with --enable-cryptonly.]) ])
|
|
|
|
# Adds functionality to support Raw Public Key (RPK) RFC7250
|
|
AC_ARG_ENABLE([rpk],
|
|
[AS_HELP_STRING([--enable-rpk],[Enable support for Raw Public Key (RPK) RFC7250 (default: disabled)])],
|
|
[ ENABLED_RPK=$enableval ],
|
|
[ ENABLED_RPK=no ]
|
|
)
|
|
|
|
# Allows dynamically loading the certificate
|
|
AC_ARG_ENABLE([cert-setup-cb],
|
|
[AS_HELP_STRING([--enable-cert-setup-cb],[Enable support for dynamically loading TLS certificates (default: disabled)])],
|
|
[ ENABLED_CERT_SETUP_CB=$enableval ],
|
|
[ ENABLED_CERT_SETUP_CB=no ]
|
|
)
|
|
|
|
# check if should run the trusted peer certs test
|
|
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
|
|
AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
|
|
|
|
# Allows disabling the OPENSSL_COMPATIBLE_DEFAULTS macro
|
|
AC_ARG_ENABLE([openssl-compatible-defaults],
|
|
[AS_HELP_STRING([--disable-openssl-compatible-defaults],[Disable OpenSSL compatible defaults when enabled by other options (default: enabled)])],
|
|
[ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=$enableval ],
|
|
[ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes ]
|
|
)
|
|
|
|
AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
|
|
[FOUND_OPENSSL_COMPATIBLE_DEFAULTS=yes])
|
|
if test "x$FOUND_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
|
|
then
|
|
if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
|
|
ENABLED_TRUSTED_PEER_CERT=yes
|
|
else
|
|
CFLAGS=$(printf "%s" "$CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
|
|
CPPFLAGS=$(printf "%s" "$CPPFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
|
|
AM_CFLAGS=$(printf "%s" "$AM_CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
|
|
fi
|
|
fi
|
|
|
|
# Make function 'wolfSSL_X509_EXTENSION_get_data' return different type of
|
|
# data for each type of extension, as it used to do in the past, instead of
|
|
# always returning the full OCTET STRING of the extension. Use only if you
|
|
# need to keep compatibility with older versions.
|
|
AC_ARG_ENABLE([old-extdata-fmt],
|
|
[AS_HELP_STRING([--enable-old-extdata-fmt],[Enable old format for extracting extension data (default: disabled)])],
|
|
[ ENABLED_OLD_EXTDATA_FMT=$enableval ],
|
|
[ ENABLED_OLD_EXTDATA_FMT=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_OLD_EXTDATA_FMT" = "xyes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OLD_EXTDATA_FMT"
|
|
fi
|
|
|
|
# determine if we have key validation mechanism
|
|
if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes"
|
|
then
|
|
if test "$ENABLED_ASN" != "no" && test "$ENABLED_ASN" != "nocrypt"
|
|
then
|
|
ENABLED_PKI="yes"
|
|
fi
|
|
fi
|
|
|
|
# When building for wolfRand, strip out all options to disable everything.
|
|
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" = "xrand"],
|
|
[NEW_AM_CFLAGS="-DNO_AES -DNO_DH -DNO_ASN -DNO_RSA -DNO_SHA -DNO_MD5 -DNO_BIG_INT"
|
|
for v in $AM_CFLAGS
|
|
do
|
|
case $v in
|
|
-DHAVE_FFDHE_2048 | -DTFM_TIMING_RESISTANT | -DECC_TIMING_RESISTANT | \
|
|
-DWC_RSA_BLINDING | -DHAVE_AESGCM | -DWOLFSSL_SHA512 | -DWOLFSSL_SHA384 | \
|
|
-DHAVE_ECC | -DTFM_ECC256 | -DECC_SHAMIR | -DHAVE_TLS_EXTENSIONS | \
|
|
-DHAVE_SUPPORTED_CURVES | -DHAVE_EXTENDED_MASTER | -DUSE_FAST_MATH | \
|
|
-DWOLFSSL_SHA3)
|
|
AS_ECHO(["ignoring $v"])
|
|
;;
|
|
*)
|
|
NEW_AM_CFLAGS="$NEW_AM_CFLAGS $v"
|
|
;;
|
|
esac
|
|
done
|
|
AM_CFLAGS=$NEW_AM_CFLAGS])
|
|
|
|
case $host_cpu in
|
|
*arm*)
|
|
if test "$host_alias" = "thumb" || test "$ARM_TARGET" = "thumb"; then
|
|
AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6"
|
|
ENABLED_ARM_THUMB=yes
|
|
else
|
|
if test "$host_alias" = "cortex" || test "$ARM_TARGET" = "cortex"; then
|
|
AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5"
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_ECC" = "yes" && (test "$ENABLED_RSA" = "yes" || test "$ENABLED_DH" = "yes") && (test "$ENABLED_SP_MATH" = "yes" || test "$ENABLED_SP_MATH_ALL" = "yes")
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE"
|
|
fi
|
|
|
|
################################################################################
|
|
# Update ENABLE_* variables #
|
|
################################################################################
|
|
|
|
if test "x$ENABLED_SYS_CA_CERTS" = "xyes"
|
|
then
|
|
if test "x$ENABLED_CERTS" = "xno"
|
|
then
|
|
ENABLED_SYS_CA_CERTS="no"
|
|
fi
|
|
|
|
case $host_os in
|
|
*darwin*)
|
|
# Headers used for MacOS default system CA certs behavior. Only MacOS SDK will have this header
|
|
AC_CHECK_HEADERS([Security/SecTrustSettings.h])
|
|
# Headers used for Apple native cert validation. All device SDKs should have these headers
|
|
AC_CHECK_HEADERS([Security/SecCertificate.h])
|
|
AC_CHECK_HEADERS([Security/SecTrust.h])
|
|
AC_CHECK_HEADERS([Security/SecPolicy.h])
|
|
# Either Security/SecTrustSettings (for MacOS cert loading), or the
|
|
# trio of Security/SecCertificate.h, Security/SecTrust.h, and
|
|
# Security/SecPolicy.h (for native trust APIs on other apple devices)
|
|
# must be present. Default to SecTrustSettings method on MacOS.
|
|
AS_IF([test "$ac_cv_header_Security_SecTrustSettings_h" = "yes" \
|
|
|| (test "$ac_cv_header_Security_SecCertificate_h" = "yes" \
|
|
&& test "$ac_cv_header_Security_SecTrust_h" = "yes" \
|
|
&& test "$ac_cv_header_Security_SecPolicy_h" = "yes")],
|
|
[
|
|
LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
|
|
AS_IF([test "$ac_cv_header_Security_SecTrustSettings_h" != "yes"],
|
|
[
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APPLE_NATIVE_CERT_VALIDATION"
|
|
])
|
|
],
|
|
[
|
|
AC_MSG_ERROR([Unable to find Apple Security.framework headers])
|
|
])
|
|
;;
|
|
mingw*)
|
|
;;
|
|
*)
|
|
# Only disable on no filesystem non Mac/Windows, as Mac and Windows
|
|
# depend on APIs which don't need filesystem support enabled in wolfSSL.
|
|
if test "x$ENABLED_FILESYSTEM" = "xno"
|
|
then
|
|
ENABLED_SYS_CA_CERTS="no"
|
|
fi
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if test "x$ENABLED_WOLFCLU" = "xyes"
|
|
then
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
fi
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
fi
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
fi
|
|
|
|
# Requires md5
|
|
if test "$ENABLED_MD5" = "no"
|
|
then
|
|
ENABLED_MD5="yes"
|
|
fi
|
|
|
|
# Requires aesctr
|
|
if test "x$ENABLED_AESCTR" = "xno"
|
|
then
|
|
ENABLED_AESCTR="yes"
|
|
fi
|
|
|
|
# Uses key generation
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
fi
|
|
|
|
# Uses functions guarded by opensslall
|
|
if test "$ENABLED_OPENSSLALL" = "no"
|
|
then
|
|
ENABLED_OPENSSLALL="yes"
|
|
fi
|
|
|
|
# Has option for signing with ED25519
|
|
if test "$ENABLED_ED25519" = "no"
|
|
then
|
|
ENABLED_ED25519=yes
|
|
ENABLED_FEMATH=yes
|
|
ENABLED_GEMATH=yes
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
# Has sha512 hashing
|
|
if test "$ENABLED_SHA512" = "no"
|
|
then
|
|
ENABLED_SHA512="yes"
|
|
fi
|
|
|
|
# Has support for DES3 encrypt/decrypt
|
|
if test "$ENABLED_DES3" = "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -lt 5)
|
|
then
|
|
ENABLED_DES3="yes"
|
|
fi
|
|
|
|
# Has support for PKCS7
|
|
if test "$ENABLED_PKCS7" = "no"
|
|
then
|
|
ENABLED_PKCS7=yes
|
|
fi
|
|
|
|
# Uses alt name
|
|
ENABLED_ALTNAMES="yes"
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_OID_ENCODING -DWOLFSSL_NO_ASN_STRICT"
|
|
|
|
# OCSP responder
|
|
if test "$ENABLED_OCSP" = "no"; then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
if test "$ENABLED_OCSP_RESPONDER" = "no"; then
|
|
ENABLED_OCSP_RESPONDER="yes"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_STRONGSWAN" = "yes"; then
|
|
if test "$ENABLED_CERTREQ" = "no"; then
|
|
ENABLED_CERTREQ="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_OCSP" = "no"; then
|
|
ENABLED_OCSP="yes"
|
|
fi
|
|
fi
|
|
|
|
AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
|
|
[AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
|
|
|
|
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
|
|
test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || \
|
|
test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || \
|
|
test "$ENABLED_OPENSSLALL" = "yes" || \
|
|
test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
|
|
test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
|
|
test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \
|
|
test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" != "no" && test "$ENABLED_CURVE25519" != "asm" && test "$KERNEL_MODE_DEFAULTS" = "yes"
|
|
then
|
|
ENABLED_CURVE25519=noasm
|
|
fi
|
|
|
|
if test "$ENABLED_ED25519" != "no" && test "$ENABLED_ED25519" != "asm" && test "$KERNEL_MODE_DEFAULTS" = "yes"
|
|
then
|
|
ENABLED_ED25519=noasm
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" = "noasm" || test "$ENABLED_ED25519" = "noasm"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_X64"
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" != "no"
|
|
then
|
|
if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_CURVE25519" = "nonblock" || test "$ENABLED_LOWRESOURCE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
|
|
ENABLED_CURVE25519_SMALL=yes
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" = "nonblock"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_X25519_NONBLOCK"
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
|
|
fi
|
|
|
|
if test "$ENABLED_CURVE25519" = "ed"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CURVE25519_USE_ED25519"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_CURVE25519_USE_ED25519"
|
|
fi
|
|
if test "$ENABLED_CURVE25519" = "not-ed"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CURVE25519_NOT_USE_ED25519"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_CURVE25519_NOT_USE_ED25519"
|
|
fi
|
|
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CURVE25519"
|
|
ENABLED_FEMATH=yes
|
|
fi
|
|
|
|
if test "$ENABLED_ED25519" != "no"
|
|
then
|
|
if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"
|
|
ENABLED_ED25519_SMALL=yes
|
|
ENABLED_CURVE25519_SMALL=yes
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_ED25519"
|
|
ENABLED_FEMATH=yes
|
|
ENABLED_GEMATH=yes
|
|
ENABLED_CERTS=yes
|
|
fi
|
|
|
|
if test "$ENABLED_MD5" = "yes"
|
|
then
|
|
# turn off MD5 if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
ENABLED_MD5=no
|
|
fi
|
|
fi
|
|
|
|
if test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_CERTS" = "xno" || \
|
|
test "x$ENABLED_ASN" = "xno"
|
|
then
|
|
ENABLED_CERTS=no
|
|
ENABLED_ASN=no
|
|
fi
|
|
|
|
################################################################################
|
|
# Check for build-type conflicts #
|
|
################################################################################
|
|
|
|
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
|
|
test "x$ENABLED_LEANPSK" = "xyes"],
|
|
[AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
|
|
|
|
AS_IF([test "x$ENABLED_CRYPTONLY" = "xno" && \
|
|
test "x$ENABLED_PSK" = "xno" && \
|
|
test "x$ENABLED_ASN" = "xno"],
|
|
[AC_MSG_ERROR([please enable psk if disabling asn.])])
|
|
|
|
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
|
|
test "x$ENABLED_ASN" = "xno"],
|
|
[AC_MSG_ERROR([please enable asn if enabling ocsp.])])
|
|
|
|
AS_IF([test "x$ENABLED_SMIME" = "xyes" && \
|
|
test "x$ENABLED_ASN" = "xno"],
|
|
[AC_MSG_ERROR([please enable asn if enabling S/MIME.])])
|
|
|
|
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
|
|
test "x$ENABLED_RSA" = "xno" && \
|
|
test "x$ENABLED_ECC" = "xno"],
|
|
[AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
|
|
|
|
# Sync Intel QA and Sync Cavium Octeon require the crypto callback
|
|
AS_IF([test "x$ENABLED_INTEL_QA_SYNC" = "xyes" || test "x$ENABLED_OCTEON_SYNC" = "xyes"],
|
|
[AS_IF([test "x$ENABLED_CRYPTOCB" = "xno"],
|
|
[AC_MSG_ERROR([please enable the crypto callback support using --enable-cryptocb])])])
|
|
|
|
# checks for pkcs7 needed enables
|
|
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
|
test "x$ENABLED_RSA" = "xno" && \
|
|
test "x$ENABLED_ECC" = "xno"],
|
|
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
|
|
|
|
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
|
test "x$ENABLED_SHA" = "xno" && \
|
|
test "x$ENABLED_SHA256" = "xno"],
|
|
[AC_MSG_ERROR([please enable sha or sha256 if enabling pkcs7.])])
|
|
|
|
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
|
|
test "x$ENABLED_AES" = "xno" && \
|
|
test "x$ENABLED_DES3" = "xno"],
|
|
[AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
|
|
|
|
AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
|
|
test "x$ENABLED_AES" = "xno" && \
|
|
test "x$ENABLED_DES3" = "xno"],
|
|
[AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
|
|
|
|
AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
|
|
test "x$ENABLED_ECC" = "xno"],
|
|
[AC_MSG_ERROR([please enable ecc if enabling leantls.])])
|
|
|
|
AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
|
|
test "x$ENABLED_RSA" = "xno" && \
|
|
test "x$ENABLED_ECC" = "xno" && \
|
|
test "x$ENABLED_CURVE25519" = "xno"],
|
|
[AC_MSG_ERROR([please enable ecc, rsa or curve25519 if enabling sniffer.])])
|
|
|
|
# Lean TLS forces off prereqs of SCEP.
|
|
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
|
|
test "x$ENABLED_LEANTLS" = "xyes"],
|
|
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
|
|
|
|
# CMAC currently requires AES.
|
|
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
|
|
test "x$ENABLED_AES" = "xno"],
|
|
[AC_MSG_ERROR([cannot use CMAC without AES.])])
|
|
|
|
# certreq requires certgen
|
|
AS_IF([test "x$ENABLED_CERT_REQ" = "xyes" && \
|
|
test "x$ENABLED_CERT_GEN" = "xno"],
|
|
[AC_MSG_ERROR([cannot use certreq without certgen.])])
|
|
|
|
# ed25519 requires sha512
|
|
AS_IF([test "$ENABLED_ED25519" != "no" && \
|
|
test "x$ENABLED_SHA512" = "xno" && \
|
|
test "x$ENABLED_32BIT" = "xno"],
|
|
[AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])])
|
|
|
|
# ed25519 stream requires ed25519
|
|
AS_IF([test "x$ENABLED_ED25519_STREAM" = "xyes" && \
|
|
test "x$ENABLED_ED25519" = "xno"],
|
|
[AC_MSG_ERROR([ED25519 verify streaming enabled but ED25519 is disabled])])
|
|
|
|
# Ensure only one size is enabled
|
|
AS_IF([test "x$ENABLED_64BIT" = "xyes" && \
|
|
test "x$ENABLED_32BIT" = "xyes"],
|
|
[AC_MSG_ERROR([cannot specify 64-bit build and 32-bit build.])])
|
|
AS_IF([test "x$ENABLED_64BIT" = "xyes" && \
|
|
test "x$ENABLED_16BIT" = "xyes"],
|
|
[AC_MSG_ERROR([cannot specify 64-bit build and 16-bit build.])])
|
|
AS_IF([test "x$ENABLED_32BIT" = "xyes" && \
|
|
test "x$ENABLED_16BIT" = "xyes"],
|
|
[AC_MSG_ERROR([cannot specify 32-bit build and 16-bit build.])])
|
|
|
|
# 16-bit build not supported with SP
|
|
AS_IF([test "x$ENABLED_16BIT" = "xyes" && \
|
|
test "x$ENABLED_SP" = "xyes"],
|
|
[AC_MSG_ERROR([16-bit build not available with SP.])])
|
|
|
|
################################################################################
|
|
# Update CFLAGS based on options #
|
|
################################################################################
|
|
AS_IF([test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" &&
|
|
test "$ENABLED_FASTMATH" = "no" && test "$ENABLED_HEAPMATH" = "no"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"])
|
|
|
|
AS_IF([test "x$ENABLED_CERTS" = "xno"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DNO_CERTS"])
|
|
|
|
AS_IF([test "x$ENABLED_ASN" = "xno"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DNO_ASN"])
|
|
|
|
AS_IF([test "x$ENABLED_SYS_CA_CERTS" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SYS_CA_CERTS"])
|
|
|
|
AS_IF([test "x$ENABLED_DUAL_ALG_CERTS" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DUAL_ALG_CERTS"])
|
|
|
|
AS_IF([test "x$ENABLED_RPK" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DHAVE_RPK"])
|
|
|
|
AS_IF([test "x$ENABLED_CERT_SETUP_CB" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_SETUP_CB"])
|
|
|
|
AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES"])
|
|
|
|
AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
|
|
|
|
AS_IF([test "x$ENABLED_ACERT" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ACERT"])
|
|
|
|
AS_IF([test "x$ENABLED_CERTREQ" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"])
|
|
|
|
AS_IF([test "x$ENABLED_CERTGEN" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"])
|
|
|
|
AS_IF([test "x$ENABLED_CERTEXT" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"])
|
|
|
|
AS_IF([test "x$ENABLED_OCSP" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"])
|
|
|
|
AS_IF([test "x$ENABLED_OCSP_RESPONDER" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP_RESPONDER"])
|
|
|
|
if test "$ENABLED_OCSP" = "yes"
|
|
then
|
|
# check openssl command tool for testing ocsp
|
|
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
|
|
|
|
if test "$HAVE_OPENSSL_CMD" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
|
|
else
|
|
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
|
|
fi
|
|
fi
|
|
|
|
AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA"
|
|
AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"])])
|
|
|
|
AS_IF([test "x$ENABLED_OPENLDAP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"])
|
|
|
|
AS_IF([test "x$ENABLED_MOSQUITTO" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"])
|
|
|
|
if test "$ENABLED_ED25519_STREAM" != "no" && test "$ENABLED_SE050" != "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
|
|
fi
|
|
|
|
if test "$ENABLED_ERROR_QUEUE" = "no" || test "$ENABLED_JNI" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_QUEUE"
|
|
fi
|
|
|
|
AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL -DWOLFSSL_CERT_NAME_ALL"])
|
|
|
|
AS_IF([test "x$ENABLED_AESSIV" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_SIV"])
|
|
|
|
AS_IF([test "x$ENABLED_AESCTR" = "xyes" && test "x$ENABLED_FORTRESS" != "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"])
|
|
|
|
if test "$ENABLED_MD5" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
|
|
fi
|
|
|
|
AS_IF([test "x$ENABLED_AESBS" = "xyes" && test "x$ENABLED_ARMASM" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"])
|
|
|
|
if test "$ENABLED_HMAC" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_HMAC"
|
|
fi
|
|
|
|
if test "$ENABLED_OPENSSLEXTRA" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
|
|
fi
|
|
|
|
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
|
|
then
|
|
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
|
|
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
|
|
fi
|
|
|
|
if test "$ENABLED_WOLFSCEP" = "yes"
|
|
then
|
|
# Enable prereqs if not already enabled
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
if test "x$ENABLED_CERTEXT" = "xno"
|
|
then
|
|
ENABLED_CERTEXT="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
|
|
fi
|
|
if test "x$ENABLED_PKCS7" = "xno"
|
|
then
|
|
ENABLED_PKCS7="yes"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
|
|
fi
|
|
|
|
if test "x$ENABLED_PKCS7" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
|
|
# Enable prereqs if not already enabled
|
|
if test "x$ENABLED_AESKEYWRAP" = "xno"
|
|
then
|
|
ENABLED_AESKEYWRAP="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
if test "x$ENABLED_X963KDF" = "xno" && test "$ENABLED_ECC" != "no"
|
|
then
|
|
ENABLED_X963KDF="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
|
|
fi
|
|
fi
|
|
|
|
if test "x$ENABLED_DES3" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
|
|
else
|
|
# turn off DES3 if leanpsk or leantls on
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
|
|
ENABLED_DES3=no
|
|
fi
|
|
fi
|
|
|
|
if test "x$ENABLED_DES3_TLS_SUITES" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DES3_TLS_SUITES"
|
|
else
|
|
AS_IF([test "x$ENABLED_DES3" = "xno"],
|
|
[AC_MSG_ERROR([DES3 TLS suites require DES3])])
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" != "no"
|
|
then
|
|
if test "$ENABLED_AESGCM" = "word"
|
|
then
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "word32"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "table"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "4bit"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE_4BIT"
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
|
|
fi
|
|
if test "$ENABLED_AESGCM_STREAM" != "no"
|
|
then
|
|
if test "$ENABLED_AESGCM" = "no"
|
|
then
|
|
AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.])
|
|
elif test "$ENABLED_RISCV_ASM" = "yes"
|
|
then
|
|
AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.])
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_AESXTS_STREAM" != "no"
|
|
then
|
|
if test "$ENABLED_AESXTS" = "no"
|
|
then
|
|
AC_MSG_ERROR([AES-XTS streaming enabled but AES-XTS is disabled])
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESXTS_STREAM"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESXTS_STREAM"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_IOTSAFE" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IOTSAFE"
|
|
ENABLED_IOTSAFE=yes
|
|
fi
|
|
|
|
if test "$ENABLED_IOTSAFE_HWRNG" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_IOTSAFE_HWRNG"
|
|
ENABLED_IOTSAFE_HWRNG=yes
|
|
fi
|
|
|
|
if test "x$ENABLED_WOLFENGINE" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_ECB"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
|
|
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WOLFENGINE"
|
|
fi
|
|
|
|
if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DSha3=wc_Sha3"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES"
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_MD5_NAME"
|
|
fi
|
|
|
|
if test "$ENABLED_WOLFENGINE" = "yes" && test "$FIPS_VERSION" != "v2"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_LONG_SALT"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
|
|
fi
|
|
|
|
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH -DWOLFSSL_CIPHER_TEXT_CHECK"])
|
|
|
|
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
|
|
test "x$ENABLED_OLD_TLS" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
|
|
ENABLED_OLD_TLS=no])
|
|
|
|
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
|
|
test "x$ENABLED_SSLV3" = "xyes"],
|
|
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
|
|
|
|
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SCTP"])
|
|
|
|
AS_IF([test "x$ENABLED_SRTP" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SRTP"])
|
|
|
|
AS_IF([test "x$ENABLED_MCAST" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTICAST"])
|
|
|
|
# WOLFSSL_AFALG does not support SHA224 yet
|
|
AS_IF([(test "x$ENABLED_AFALG" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")],
|
|
[AC_MSG_ERROR([--enable-sha224 with --enable-afalg not yet supported])])
|
|
|
|
# WOLFSSL_DEVCRYPTO does not support SHA224 yet
|
|
AS_IF([(test "x$ENABLED_DEVCRYPTO" = "xyes") && \
|
|
(test "x$ENABLED_CAAM" = "xno") && \
|
|
(test "x$ENABLED_SHA224" = "xyes")],
|
|
[AC_MSG_ERROR([--enable-sha224 with --enable-devcrypto not yet supported])])
|
|
|
|
# SCTP, Multicast, SRTP, and strongSwan require DTLS
|
|
AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
|
|
(test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes" || \
|
|
test "x$ENABLED_SRTP" = "xyes" || \
|
|
test "x$ENABLED_STRONGSWAN" = "xyes")],
|
|
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
|
|
ENABLED_DTLS=yes])
|
|
|
|
# Multicast requires the null cipher
|
|
AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \
|
|
test "x$ENABLED_MCAST" = "xyes"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
|
|
ENABLED_NULL_CIPHER=yes])
|
|
|
|
# wolfSSH and WPA Supplicant both need Public MP, only enable once.
|
|
# This will let you know if you enabled wolfSSH but have any of the prereqs
|
|
# disabled. Some of these options, disabling them adds things to the FLAGS and
|
|
# you need to check and add items in two places depending on the option.
|
|
AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"])])
|
|
|
|
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
|
|
if test "x$ENABLED_OPENSSLALL" = "xyes"; then
|
|
AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall])
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_WOLFSSH" = "yes" && test "$ENABLED_HMAC" = "no"
|
|
then
|
|
AC_MSG_ERROR([WOLFSSH requires HMAC.])
|
|
fi
|
|
|
|
AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_WOLFSSH"])
|
|
|
|
# only allow secure renegotiation info with TLSV12 and ASN
|
|
if test "x$ENABLED_ASN" = "xno" || \
|
|
test "x$ENABLED_TLSV12" = "xno" || \
|
|
test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"; then
|
|
ENABLED_SECURE_RENEGOTIATION_INFO="no"
|
|
fi
|
|
|
|
if test "x$ENABLED_SECURE_RENEGOTIATION_INFO" = "xyes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SERVER_RENEGOTIATION_INFO"
|
|
fi
|
|
|
|
|
|
if test "$ENABLED_COMPKEY" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
|
|
fi
|
|
|
|
|
|
# Deprecated Algorithm Handling
|
|
if test "$ENABLED_ARC4" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_RC4"
|
|
fi
|
|
|
|
|
|
# Link with the math library iff needed.
|
|
if test "$ENABLED_DH" != "no" && test "$ENABLED_DH" != "const"; then
|
|
LT_LIB_M
|
|
fi
|
|
|
|
# multiple OCSP stapling for TLS 1.3 Certificate extension
|
|
if test "$ENABLED_CERTIFICATE_STATUS_REQUEST" = "yes"
|
|
then
|
|
if test "$ENABLED_TLS13" = "yes"
|
|
then
|
|
if test "$ENABLED_TLS_OCSP_MULTI" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_OCSP_MULTI"
|
|
fi
|
|
fi
|
|
fi
|
|
################################################################################
|
|
|
|
# USER SETTINGS
|
|
if test "x$ENABLED_USERSETTINGS" = "xyes"
|
|
then
|
|
# Replace all options and just use WOLFSSL_USER_SETTINGS and
|
|
# WOLFSSL_USER_SETTINGS_ASM. Re-append build-system flags that affect
|
|
# preprocessor guards in test files and must survive the reset.
|
|
AM_CFLAGS="-DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM"
|
|
AM_CCASFLAGS="-DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM"
|
|
AS_IF([test "x$ENABLED_SWDEV" = "xyes"],[
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SWDEV -DWOLF_CRYPTO_CB_FIND"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SWDEV -DWOLF_CRYPTO_CB_FIND"
|
|
])
|
|
|
|
# Generate assembly-safe user_settings_asm.h (just preprocessor directives
|
|
# from user_settings.h).
|
|
$srcdir/scripts/user_settings_asm.sh "$CPPFLAGS $CFLAGS $CXXFLAGS"
|
|
if test $? -ne 0; then
|
|
AC_MSG_ERROR([$srcdir/scripts/user_settings_asm.sh failed.])
|
|
fi
|
|
fi
|
|
|
|
# OPTIMIZE FLAGS
|
|
# For distro disable custom build options that interfere with symbol generation
|
|
if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
|
|
then
|
|
if test "$ENABLED_CUDA" != "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
|
|
fi
|
|
if test "$ax_enable_debug" = "no"
|
|
then
|
|
AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
|
|
if test "$ENABLED_FASTMATH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
|
|
if test "$ENABLED_FASTHUGEMATH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
|
|
fi
|
|
else
|
|
if (test "$ENABLED_SP" = "yes" || test "$ENABLED_SP_MATH_ALL" = "yes") && test "$ENABLED_SP_SMALL" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
|
|
if test "$ENABLED_FASTHUGEMATH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA"
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
|
|
fi
|
|
fi
|
|
])
|
|
fi
|
|
fi
|
|
|
|
# ICC command line warning for non supported warning flags
|
|
if test "$CC" = "icc"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -wd10006"
|
|
fi
|
|
|
|
# Expose HAVE___UINT128_T to options flags"
|
|
if test "$ac_cv_type___uint128_t" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1"
|
|
fi
|
|
|
|
# Add HAVE_GETPID to AM_CFLAGS for inclusion in options.h
|
|
if test "$ac_cv_func_getpid" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_GETPID=1"
|
|
fi
|
|
|
|
LIB_SOCKET_NSL
|
|
AX_HARDEN_CC_COMPILER_FLAGS
|
|
|
|
if test "$ENABLED_SELFTEST" = yes || test "$ENABLED_FIPS" = yes
|
|
then
|
|
if ! test "$ENABLED_FIPS_DEV" = yes && ! test "$ENABLED_FIPS_READY" = yes
|
|
then
|
|
# rsa.c wc_hash2mgf() switches on enum wc_HashType, which is defined
|
|
# outside the FIPS boundary. Unsupported hashes are correctly handled
|
|
# by the default clause.
|
|
AC_LANG_PUSH([C])
|
|
AX_APPEND_COMPILE_FLAGS([-Wno-switch-enum],,[$ax_append_compile_cflags_extra])
|
|
AC_LANG_POP
|
|
fi
|
|
fi
|
|
|
|
# -Wdeprecated-enum-enum-conversion is on by default in C++20, but conflicts with
|
|
# our use of enum constructs to define fungible constants.
|
|
if test "$KERNEL_MODE_DEFAULTS" != "yes"
|
|
then
|
|
AX_CHECK_COMPILE_FLAG([-Werror -Wno-deprecated-enum-enum-conversion],
|
|
[AX_APPEND_FLAG([-Wno-deprecated-enum-enum-conversion], [AM_CFLAGS])])
|
|
fi
|
|
|
|
case $host_os in
|
|
mingw*)
|
|
# if mingw then link to ws2_32 for sockets, and crypt32
|
|
LDFLAGS="$LDFLAGS -lws2_32"
|
|
LIB_ADD="$LIB_ADD -lcrypt32"
|
|
if test "$enable_shared" = "yes"
|
|
then
|
|
AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
|
|
if test "$enable_static" = "yes"
|
|
then
|
|
MINGW_LIB_WARNING="yes"
|
|
fi
|
|
fi ;;
|
|
*darwin*)
|
|
# Add required frameworks for static linking on macOS
|
|
if test "$enable_shared" = "no"; then
|
|
if test "x$ENABLED_SYS_CA_CERTS" = "xyes"; then
|
|
PC_LIBS_PRIVATE="$PC_LIBS_PRIVATE -framework CoreFoundation -framework Security"
|
|
fi
|
|
fi ;;
|
|
esac
|
|
|
|
if test "$enable_shared" = "no"; then
|
|
if test "$enable_static" = "yes"; then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_STATIC_BUILD"
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_WOLFGUARD" = "yes"; then
|
|
if test "$ENABLED_ECC" = "no" ||
|
|
test "$ENABLED_SHA256" = "no" ||
|
|
test "$ENABLED_AESGCM" = "no" ||
|
|
test "$ENABLED_HMAC" = "no" ||
|
|
test "$ENABLED_RNG" = "no"
|
|
then
|
|
AC_MSG_ERROR([--enable-wolfguard requires ECC, SHA256-HMAC, AES-GCM, and RNG.])
|
|
fi
|
|
fi
|
|
|
|
if test "x$ENABLED_LINUXKM" = "xyes"; then
|
|
AX_SIMD_CC_COMPILER_FLAGS
|
|
AC_SUBST([CFLAGS_FPU_DISABLE])
|
|
AC_SUBST([CFLAGS_FPU_ENABLE])
|
|
AC_SUBST([CFLAGS_SIMD_DISABLE])
|
|
AC_SUBST([CFLAGS_SIMD_ENABLE])
|
|
AC_SUBST([CFLAGS_AUTO_VECTORIZE_DISABLE])
|
|
AC_SUBST([CFLAGS_AUTO_VECTORIZE_ENABLE])
|
|
AC_SUBST([ASFLAGS_FPU_DISABLE_SIMD_ENABLE])
|
|
AC_SUBST([ASFLAGS_FPU_ENABLE_SIMD_DISABLE])
|
|
AC_SUBST([ASFLAGS_FPUSIMD_DISABLE])
|
|
AC_SUBST([ASFLAGS_FPUSIMD_ENABLE])
|
|
|
|
if test "$ENABLED_OPENSSLEXTRA" != "no" && test "$ENABLED_LINUXKM_PIE" = "yes" && test "$ENABLED_CRYPTONLY" = "no"; then
|
|
AC_MSG_ERROR([--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_FILESYSTEM" = "yes"; then
|
|
AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_AFALG" = "yes"; then
|
|
AC_MSG_ERROR([--enable-afalg is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_DEVCRYPTO" = "yes"; then
|
|
AC_MSG_ERROR([--enable-devcrypto is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_PKCS11" = "yes"; then
|
|
AC_MSG_ERROR([--enable-pkcs11 is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_JNI" = "yes"; then
|
|
AC_MSG_ERROR([--enable-jni is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_16BIT" = "yes"; then
|
|
AC_MSG_ERROR([--enable-16bit is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_SINGLETHREADED" = "yes"; then
|
|
AC_MSG_ERROR([--enable-singlethreaded is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_VALGRIND" = "yes"; then
|
|
AC_MSG_ERROR([--enable-valgrind is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_FASTMATH" = "yes"; then
|
|
AC_MSG_ERROR([--enable-fastmath is incompatible with --enable-linuxkm (exceeds stack limit).])
|
|
fi
|
|
if test "$ENABLED_LIBZ_RSA" = "yes"; then
|
|
AC_MSG_ERROR([--with-libz is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_IOPOOL" = "yes"; then
|
|
AC_MSG_ERROR([--enable-iopool is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_EXAMPLES" = "yes"; then
|
|
AC_MSG_ERROR([--enable-examples is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_SMALL_STACK" != "yes"; then
|
|
AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_SP_MATH" != "yes" && test "$ENABLED_SP_MATH_ALL" = "no" && test "$ENABLED_BIGNUM" != "no"; then
|
|
AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_STACKSIZE" != "no"; then
|
|
AC_MSG_ERROR([--enable-stacksize is incompatible with --enable-linuxkm.])
|
|
fi
|
|
if test "$ENABLED_STACKLOG" = "yes"; then
|
|
AC_MSG_ERROR([--enable-stacklog is incompatible with --enable-linuxkm.])
|
|
fi
|
|
fi
|
|
|
|
AS_IF([test "$ENABLED_ASM" = "no" && (test "$ENABLED_INTELASM" != "no" || \
|
|
test "$ENABLED_AESNI" != "no" || \
|
|
test "$ENABLED_ARMASM" != "no" || \
|
|
test "$ENABLED_RISCV_ASM" != "no" || \
|
|
test "$ENABLED_SP_ASM" != "no")],
|
|
[AC_MSG_WARN([Conflicting asm settings.])])
|
|
|
|
# The following AM_CONDITIONAL statements set flags for use in the Makefiles.
|
|
# Some of these affect build targets and objects, some trigger different
|
|
# test scripts for make check.
|
|
AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_OPENSSL_COMPAT],[test "x$ENABLED_OPENSSLEXTRA" != "xnoinstall"])
|
|
AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SCTP],[test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SRTP],[test "x$ENABLED_SRTP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MCAST],[test "x$ENABLED_MCAST" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_IPV6],[test "x$ENABLED_IPV6" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_LEANPSK],[test "x$ENABLED_LEANPSK" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_LEANTLS],[test "x$ENABLED_LEANTLS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_LOWMEM],[test "x$ENABLED_LOWRESOURCE" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB],[test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_AESXTS],[test "x$ENABLED_AESXTS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ARMASM_NEON],[test "x$ENABLED_ARMASM_NEON" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ARM_THUMB],[test "$ENABLED_ARM_THUMB" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"])
|
|
AM_CONDITIONAL([BUILD_ARM_NONTHUMB],[test "$ENABLED_ARM_THUMB" != "yes" || test "$ENABLED_USERSETTINGS" = "yes"])
|
|
AM_CONDITIONAL([BUILD_ARM_32],[test "$ENABLED_ARM_32" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"])
|
|
AM_CONDITIONAL([BUILD_ARM_64],[test "$ENABLED_ARM_64" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"])
|
|
AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PPC32_ASM],[test "x$ENABLED_PPC32_ASM" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE],[test "x$ENABLED_PPC32_ASM_INLINE" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE_REG],[test "x$ENABLED_PPC32_ASM_INLINE_REG" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_X86_ASM],[test "x$ENABLED_X86_ASM" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_AFALG],[test "x$ENABLED_AFALG" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_KCAPI],[test "x$ENABLED_KCAPI" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DEVCRYPTO],[test "x$ENABLED_DEVCRYPTO" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_BLAKE2B],[test "x$ENABLED_BLAKE2B" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ED25519],[test "$ENABLED_ED25519" != "no" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CURVE25519],[test "$ENABLED_CURVE25519" != "no" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CURVE25519_INTELASM],[test "$ENABLED_CURVE25519" != "noasm" && test "$ENABLED_ED25519" != "noasm" && test "$ENABLED_INTELASM" = "yes"])
|
|
AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_WC_SLHDSA],[test "x$ENABLED_SLHDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MLDSA],[test "x$ENABLED_MLDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MEMUSE],[test "x$ENABLED_ENTROPY_MEMUSE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_RNG_BANK],[test "$ENABLED_RNG_BANK" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"])
|
|
AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MD5],[test "x$ENABLED_MD5" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
|
|
AC_SUBST([ENABLED_FIPS])
|
|
AM_CONDITIONAL([BUILD_FIPS_V1],[test "$HAVE_FIPS_VERSION" = 1])
|
|
AM_CONDITIONAL([BUILD_FIPS_V2],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 0])
|
|
AM_CONDITIONAL([BUILD_FIPS_V2_PLUS],[test "$HAVE_FIPS_VERSION" -ge 2 ])
|
|
AM_CONDITIONAL([BUILD_FIPS_RAND],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1])
|
|
AM_CONDITIONAL([BUILD_FIPS_V5],[test "$HAVE_FIPS_VERSION" = 5])
|
|
AM_CONDITIONAL([BUILD_FIPS_V5_PLUS],[test "$HAVE_FIPS_VERSION" -ge 5])
|
|
AM_CONDITIONAL([BUILD_FIPS_V6],[test $HAVE_FIPS_VERSION = 6])
|
|
AM_CONDITIONAL([BUILD_FIPS_V6_PLUS],[test $HAVE_FIPS_VERSION -ge 6])
|
|
AM_CONDITIONAL([BUILD_FIPS_V7],[test $HAVE_FIPS_VERSION = 7])
|
|
AM_CONDITIONAL([BUILD_FIPS_V7_PLUS],[test $HAVE_FIPS_VERSION -ge 7])
|
|
AM_CONDITIONAL([BUILD_SIPHASH],[test "x$ENABLED_SIPHASH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SHE],[test "x$ENABLED_SHE" = "xstandard" || test "x$ENABLED_SHE" = "xextended" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes" || test "x$ENABLED_CHACHA" = "xnoasm" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CHACHA_NOASM],[test "$ENABLED_CHACHA" = "noasm"])
|
|
AM_CONDITIONAL([BUILD_XCHACHA],[test "x$ENABLED_XCHACHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ASCON],[test "x$ENABLED_ASCON" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PUF],[test "x$ENABLED_PUF" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SM2],[test "x$ENABLED_SM2" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SM3],[test "x$ENABLED_SM3" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SM4],[test "x$ENABLED_SM4" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_OCSP_STAPLING_MULTI],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" && test "x$ENABLED_TLS13" = "xyes" && test "x$ENABLED_TLS_OCSP_MULTI" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_HEAPMATH],[test "x$ENABLED_HEAPMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
|
|
AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_ASN_PRINT" = "xyes" && test "$ENABLED_ASN" != "no"])
|
|
AM_CONDITIONAL([BUILD_OCSP_RESPONDER],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_OCSP_RESPONDER" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
|
|
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS_LIBS],[test "x$ENABLED_CRYPT_TESTS_LIBS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_LIBZ],[test "x$ENABLED_LIBZ" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PKCS11],[test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PKCS12],[test "x$ENABLED_PKCS12" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PKCS8],[test "x$ENABLED_PKCS8" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CAVIUM],[test "x$ENABLED_CAVIUM" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CAVIUM_V],[test "x$ENABLED_CAVIUM_V" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_OCTEON_SYNC],[test "x$ENABLED_OCTEON_SYNC" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_INTEL_QA_SYNC],[test "x$ENABLED_INTEL_QA_SYNC" = "xyes"])
|
|
INCLUDE_SP_INT="no"
|
|
AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_C32],[ ( ( (test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \
|
|
|| test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \
|
|
|| test "x$ENABLED_USERSETTINGS" = "xyes") && test "x$ENABLED_64BIT" != "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_C64],[ ( ( (test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \
|
|
|| test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \
|
|
|| test "x$ENABLED_USERSETTINGS" = "xyes") && test "x$ENABLED_32BIT" != "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_ARM_CORTEX],[test "x$ENABLED_SP_ARM_CORTEX_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_X86_64],[test "x$ENABLED_SP_X86_64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" || test "x$ENABLED_SP_MATH_ALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_COND_IF([BUILD_SP], [INCLUDE_SP_INT="yes"])
|
|
AM_COND_IF([BUILD_SP_INT], [INCLUDE_SP_INT="yes"])
|
|
AC_SUBST([INCLUDE_SP_INT])
|
|
AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CRYPTOCB],[test "x$ENABLED_CRYPTOCB" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SWDEV],[test "x$ENABLED_SWDEV" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PSK],[test "x$ENABLED_PSK" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_TRUST_PEER_CERT],[test "x$ENABLED_TRUSTED_PEER_CERT" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PKI],[test "x$ENABLED_PKI" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DES3],[test "x$ENABLED_DES3" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SMIME],[test "x$ENABLED_SMIME" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"])
|
|
AM_CONDITIONAL([BUILD_KERNEL_MODE_DEFAULTS],[test "$KERNEL_MODE_DEFAULTS" != "no"])
|
|
AM_CONDITIONAL([BUILD_BSDKM],[test "$ENABLED_BSDKM" = "yes"])
|
|
AM_CONDITIONAL([BUILD_KERNEL_MODULE],[test "$ENABLED_BSDKM" = "yes" || test "$ENABLED_LINUXKM" = "yes"])
|
|
AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"])
|
|
AM_CONDITIONAL([BUILD_BENCHMARK],[test "$ENABLED_BENCHMARK" = "yes"])
|
|
AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CUDA],[test "x$ENABLED_CUDA" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" != "xno"])
|
|
AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM_QNX" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_STSAFE],[test "x$ENABLED_STSAFE" != "xno"])
|
|
AM_CONDITIONAL([BUILD_TROPIC01],[test "x$ENABLED_TROPIC01" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_KDF],[test "x$ENABLED_KDF" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_HMAC],[test "x$ENABLED_HMAC" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ERROR_STRINGS],[test "x$ENABLED_ERROR_STRINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DO178],[test "x$ENABLED_DO178" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_PSA],[test "x$ENABLED_PSA" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_QUIC],[test "x$ENABLED_QUIC" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DTLS_CID],[test "x$ENABLED_DTLS_CID" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_HPKE],[test "x$ENABLED_HPKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_DTLS],[test "x$ENABLED_DTLS" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_MAXQ10XX],[test "x$ENABLED_MAXQ10XX" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_ARIA],[test "x$ENABLED_ARIA" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_AUTOSAR],[test "x$ENABLED_AUTOSAR" = "xyes"])
|
|
|
|
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
|
|
(test "$ax_enable_debug" = "yes" ||
|
|
test "$ENABLED_STACKSIZE" != "no" ||
|
|
(test "$ENABLED_LEANTLS" = "no" &&
|
|
test "$ENABLED_LEANPSK" = "no" &&
|
|
test "$ENABLED_LOWRESOURCE" = "no"))
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WC_INTROSPECTION"
|
|
fi
|
|
|
|
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -include ${output_objdir}/.build_params"
|
|
fi
|
|
|
|
AM_CPPFLAGS="$AM_CPPFLAGS $EXTRA_CPPFLAGS"
|
|
AM_CFLAGS="$AM_CFLAGS $EXTRA_CFLAGS"
|
|
AM_CCASFLAGS="$AM_CCASFLAGS $EXTRA_CCASFLAGS"
|
|
AM_LDFLAGS="$AM_LDFLAGS $EXTRA_LDFLAGS"
|
|
|
|
CREATE_HEX_VERSION
|
|
AC_SUBST([AM_CPPFLAGS])
|
|
AC_SUBST([AM_CFLAGS])
|
|
AC_SUBST([AM_LDFLAGS])
|
|
AC_SUBST([AM_CCASFLAGS])
|
|
AC_SUBST([LIB_ADD])
|
|
AC_SUBST([LIB_STATIC_ADD])
|
|
AC_SUBST([LIBM])
|
|
AC_SUBST([PC_LIBS_PRIVATE])
|
|
AC_SUBST([WOLFSSL_HAVE_PTHREAD])
|
|
HAVE_PTHREAD=$WOLFSSL_HAVE_PTHREAD
|
|
AC_SUBST([HAVE_PTHREAD])
|
|
PACKAGE_INIT=''
|
|
AC_SUBST([PACKAGE_INIT])
|
|
WOLFSSL_PREFIX_ABS=$prefix
|
|
if test "x$WOLFSSL_PREFIX_ABS" = "xNONE"; then
|
|
WOLFSSL_PREFIX_ABS=$ac_default_prefix
|
|
fi
|
|
WOLFSSL_EXEC_PREFIX_ABS=$exec_prefix
|
|
if test "x$WOLFSSL_EXEC_PREFIX_ABS" = "xNONE"; then
|
|
WOLFSSL_EXEC_PREFIX_ABS=$WOLFSSL_PREFIX_ABS
|
|
fi
|
|
prefix=$WOLFSSL_PREFIX_ABS
|
|
exec_prefix=$WOLFSSL_EXEC_PREFIX_ABS
|
|
eval WOLFSSL_LIBDIR_ABS=\"$libdir\"
|
|
eval WOLFSSL_INCLUDEDIR_ABS=\"$includedir\"
|
|
AC_SUBST([WOLFSSL_PREFIX_ABS])
|
|
AC_SUBST([WOLFSSL_LIBDIR_ABS])
|
|
AC_SUBST([WOLFSSL_INCLUDEDIR_ABS])
|
|
|
|
# FINAL
|
|
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
|
|
AC_CONFIG_FILES([Makefile
|
|
wolfssl/version.h
|
|
wolfssl/options.h
|
|
support/wolfssl.pc
|
|
debian/control
|
|
debian/changelog
|
|
rpm/spec
|
|
wolfcrypt/test/test_paths.h
|
|
])
|
|
AS_IF([ test "x$ENABLED_CMAKE_INSTALL" = "xyes" ],[
|
|
AC_CONFIG_FILES([cmake/wolfssl-config.cmake:cmake/Config.cmake.in
|
|
cmake/wolfssl-config-version.cmake:cmake/wolfssl-config-version.cmake.in
|
|
cmake/wolfssl-targets.cmake:cmake/wolfssl-targets.cmake.in
|
|
])
|
|
])
|
|
AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test])
|
|
AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])
|
|
|
|
AX_CREATE_GENERIC_CONFIG
|
|
AX_AM_JOBSERVER([yes])
|
|
|
|
# See Automake 9.4.1 Built Sources Example
|
|
AC_DEFUN([AX_OUT_OF_TREE_FILE],[
|
|
AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && echo -n >> $srcdir/$1])
|
|
])
|
|
|
|
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/async.h])
|
|
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/fips.h])
|
|
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h])
|
|
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist.h])
|
|
AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist_mem.h])
|
|
|
|
AC_OUTPUT
|
|
|
|
|
|
if test "$ENABLED_MAKECLEAN" = "yes"
|
|
then
|
|
# force make clean
|
|
AC_MSG_NOTICE([---])
|
|
AC_MSG_NOTICE([Running make clean...])
|
|
if test -z "$MAKE"; then
|
|
MAKE="make"
|
|
fi
|
|
|
|
if test "$verbose" = "yes"; then
|
|
$MAKE clean
|
|
else
|
|
$MAKE clean >/dev/null
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
|
|
then
|
|
ESCAPED_ARGS=$(echo "$ac_configure_args" | sed 's/\\/\\\\/g;s/\"/\\\"/g')
|
|
ESCAPED_GLOBAL_CFLAGS=$(echo "$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS" | sed 's/\\/\\\\/g;s/\"/\\\"/g')
|
|
echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ESCAPED_ARGS\"" > "${output_objdir}/.build_params" &&
|
|
echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$ESCAPED_GLOBAL_CFLAGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> "${output_objdir}/.build_params" ||
|
|
AC_MSG_ERROR([Couldn't create ${output_objdir}/.build_params.])
|
|
else
|
|
rm -f "${output_objdir}/.build_params"
|
|
fi
|
|
|
|
# generate user options header
|
|
AC_MSG_NOTICE([---])
|
|
AC_MSG_NOTICE([Generating user options header...])
|
|
|
|
OPTION_FILE="wolfssl/options.h"
|
|
rm -f $OPTION_FILE
|
|
|
|
echo "/* wolfssl options.h" > $OPTION_FILE
|
|
echo " * generated from configure options" >> $OPTION_FILE
|
|
echo " *" >> $OPTION_FILE
|
|
echo " * Copyright (C) 2006-2026 wolfSSL Inc." >> $OPTION_FILE
|
|
echo " *" >> $OPTION_FILE
|
|
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
|
|
echo " *" >> $OPTION_FILE
|
|
echo " */" >> $OPTION_FILE
|
|
|
|
echo "" >> $OPTION_FILE
|
|
echo "#ifdef WOLFSSL_NO_OPTIONS_H" >> $OPTION_FILE
|
|
echo "/* options.h inhibited by configuration */" >> $OPTION_FILE
|
|
echo "#elif !defined(WOLFSSL_OPTIONS_H)" >> $OPTION_FILE
|
|
echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
echo "#ifdef __cplusplus" >> $OPTION_FILE
|
|
echo "extern \"C\" {" >> $OPTION_FILE
|
|
echo "#endif" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
|
|
# Check for supported command to trim option with.
|
|
# note: cut requires an argument to exit with success.
|
|
if colrm >/dev/null 2>&1 </dev/null; then
|
|
TRIM="colrm 3"
|
|
elif echo "" | cut -c1 >/dev/null 2>&1 </dev/null; then
|
|
TRIM="cut -c1-2"
|
|
else
|
|
AC_MSG_ERROR([Could not find colrm or cut to make options file])
|
|
fi
|
|
|
|
for option in $AM_CPPFLAGS $CPPFLAGS $AM_CFLAGS $CFLAGS; do
|
|
opt_type=$(echo $option | $TRIM )
|
|
case "$opt_type" in
|
|
-D)
|
|
option=$(echo "$option" | tr -d '\\')
|
|
RHS_only=$(echo "$option" | sed 's/^-D//')
|
|
noequalsign=$(echo "$RHS_only" | tr '=' ' ')
|
|
if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
|
|
then
|
|
if test "$verbose" = "yes"; then
|
|
AC_MSG_NOTICE([not outputting (N)DEBUG to $OPTION_FILE])
|
|
fi
|
|
continue
|
|
fi
|
|
|
|
# allow user to ignore system options
|
|
ignoresys=$(echo "$noequalsign" | grep '^_.*')
|
|
if test -n "$ignoresys"
|
|
then
|
|
echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
|
|
fi
|
|
|
|
# note need to use both autotools-style [] quoting and shell-style ''
|
|
# quoting for sed script with [] character set expression here.
|
|
noarg=$(echo "$RHS_only" | sed ['s/\(([^=)]*)\)\{0,1\}=.*//'])
|
|
echo "#undef $noarg" >> $OPTION_FILE
|
|
echo "#define $noequalsign" >> $OPTION_FILE
|
|
|
|
if test -n "$ignoresys"
|
|
then
|
|
echo "#endif" >> $OPTION_FILE
|
|
fi
|
|
|
|
echo "" >> $OPTION_FILE
|
|
;;
|
|
-U)
|
|
RHS_only=$(echo $option | sed 's/^-U//')
|
|
echo "#undef $RHS_only" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
;;
|
|
*)
|
|
if test "$verbose" = "yes"; then
|
|
AC_MSG_NOTICE([option "$option" is not a preprocessor directive -- not saving to $OPTION_FILE])
|
|
fi
|
|
;;
|
|
esac
|
|
done
|
|
|
|
echo "" >> $OPTION_FILE
|
|
echo "#ifdef __cplusplus" >> $OPTION_FILE
|
|
echo "}" >> $OPTION_FILE
|
|
echo "#endif" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
|
|
if test "$ENABLED_DEBUG_TRACE_ERRCODES" != "no"
|
|
then
|
|
support/gen-debug-trace-error-codes.sh || AC_MSG_ERROR([Header generation for debug-trace-errcodes failed.])
|
|
fi
|
|
|
|
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_LINUXKM" = "no"
|
|
then
|
|
SAVE_CFLAGS=$CFLAGS
|
|
CFLAGS="$CFLAGS $DEFS -I. -I$srcdir"
|
|
if test "$ENABLED_INTEL_QA" = "yes"
|
|
then
|
|
CFLAGS="$CFLAGS $QAT_FLAGS"
|
|
fi
|
|
build_pwd="$(pwd)"
|
|
cd "$srcdir"
|
|
openssl_headers=$(echo wolfssl/openssl/*.h)
|
|
cd "$build_pwd"
|
|
for header in $openssl_headers
|
|
do
|
|
AC_CHECK_HEADER([$header], [], [
|
|
AC_MSG_ERROR([Header file inconsistency detected -- error including ${header}.])
|
|
], [
|
|
#include <${OPTION_FILE}>
|
|
extern int dummy_int_to_make_compiler_happy;
|
|
])
|
|
done
|
|
CFLAGS=$SAVE_CFLAGS
|
|
fi
|
|
|
|
if test "$silent" != "yes"; then
|
|
|
|
# output config summary
|
|
echo "---"
|
|
echo "Configuration summary for $PACKAGE_NAME version $VERSION"
|
|
echo ""
|
|
echo " * Installation prefix: $prefix"
|
|
echo " * System type: $host_vendor-$host_os"
|
|
echo " * Host CPU: $host_cpu"
|
|
echo " * C Compiler: $CC"
|
|
echo " * C Flags: $CFLAGS"
|
|
echo " * C++ Compiler: $CXX"
|
|
echo " * C++ Flags: $CXXFLAGS"
|
|
echo " * CPP Flags: $CPPFLAGS"
|
|
echo " * CCAS Flags: $CCASFLAGS"
|
|
echo " * LD Flags: $LDFLAGS"
|
|
echo " * LIB Flags: $LIB"
|
|
echo " * Library Suffix: $LIBSUFFIX"
|
|
|
|
test "$HAVE_KERNEL_MODE" = "yes" && \
|
|
echo " * Kernel mode: $HAVE_KERNEL_MODE" && \
|
|
echo " * Kernel mode defaults: $KERNEL_MODE_DEFAULTS" && \
|
|
|
|
test "$ENABLED_LINUXKM" = "yes" && \
|
|
echo " * Linux Kernel Build Root: $KERNEL_ROOT" && \
|
|
echo " * Linux Kernel Build Arch: $KERNEL_ARCH" && \
|
|
echo " * fpu disable C flags: $CFLAGS_FPU_DISABLE" && \
|
|
echo " * fpu enable C flags: $CFLAGS_FPU_ENABLE" && \
|
|
echo " * SIMD disable C flags: $CFLAGS_SIMD_DISABLE" && \
|
|
echo " * SIMD enable C flags: $CFLAGS_SIMD_ENABLE" && \
|
|
echo " * No-auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_DISABLE" && \
|
|
echo " * Auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_ENABLE" && \
|
|
echo " * SIMD enable as flags: $ASFLAGS_FPU_DISABLE_SIMD_ENABLE" && \
|
|
echo " * FPU enable as flags: $ASFLAGS_FPU_ENABLE_SIMD_DISABLE" && \
|
|
echo " * SIMD+FPU disable as flags: $ASFLAGS_FPUSIMD_DISABLE" && \
|
|
echo " * SIMD+FPU enable as flags: $ASFLAGS_FPUSIMD_ENABLE" && \
|
|
echo " * Linux kernel module PIE: $ENABLED_LINUXKM_PIE"
|
|
|
|
test "$ENABLED_BSDKM" = "yes" && \
|
|
echo " * FreeBSD Kernel Build Root: $KERNEL_ROOT"
|
|
|
|
echo " * Debug enabled: $ax_enable_debug"
|
|
echo " * Coverage enabled: $ax_enable_coverage"
|
|
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
|
|
echo " * make -j: $enable_jobserver"
|
|
echo " * VCS checkout: $ac_cv_vcs_checkout"
|
|
echo
|
|
echo " Features "
|
|
if test "$ENABLED_EXPERIMENTAL" = "yes"
|
|
then
|
|
echo " * Experimental settings: Allowed"
|
|
else
|
|
echo " * Experimental settings: Forbidden"
|
|
fi
|
|
if test "$ENABLED_FIPS" = "yes"; then
|
|
echo " * FIPS: $FIPS_VERSION"
|
|
else
|
|
echo " * FIPS: $ENABLED_FIPS"
|
|
fi
|
|
echo " * Single threaded: $ENABLED_SINGLETHREADED"
|
|
echo " * Filesystem: $ENABLED_FILESYSTEM"
|
|
echo " * OpenSSH Build: $ENABLED_OPENSSH"
|
|
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
|
|
echo " * OpenSSL Coexist: $ENABLED_OPENSSLCOEXIST"
|
|
echo " * Old Names: $ENABLED_OLDNAMES"
|
|
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
|
|
echo " * Distro Build: $ENABLED_DISTRO"
|
|
echo " * Reproducible Build: $ENABLED_REPRODUCIBLE_BUILD"
|
|
echo " * Side-channel Hardening: $ENABLED_HARDEN"
|
|
|
|
echo " * Single Precision Math: $ENABLED_SP"
|
|
if test "$ENABLED_SP_MATH_ALL" != "no"
|
|
then
|
|
ENABLED_SP_MATH_DESC="all"
|
|
else
|
|
if test "$ENABLED_SP_MATH" = "yes"
|
|
then
|
|
ENABLED_SP_MATH_DESC="restricted"
|
|
else
|
|
ENABLED_SP_MATH_DESC="no"
|
|
fi
|
|
fi
|
|
echo " * SP implementation: $ENABLED_SP_MATH_DESC"
|
|
echo " * Fast Math: $ENABLED_FASTMATH"
|
|
echo " * Heap Math: $ENABLED_HEAPMATH"
|
|
echo " * Assembly Allowed: $ENABLED_ASM"
|
|
echo " * sniffer: $ENABLED_SNIFFER"
|
|
echo " * snifftest: $ENABLED_SNIFFTEST"
|
|
echo " * ARC4: $ENABLED_ARC4"
|
|
echo " * AES: $ENABLED_AES"
|
|
echo " * AES-NI: $ENABLED_AESNI"
|
|
echo " * AVX for AES: $ENABLED_AESNI_WITH_AVX"
|
|
echo " * AES-CBC: $ENABLED_AESCBC"
|
|
echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
|
|
echo " * AES-GCM: $ENABLED_AESGCM"
|
|
echo " * AES-GCM streaming: $ENABLED_AESGCM_STREAM"
|
|
echo " * AES-CCM: $ENABLED_AESCCM"
|
|
echo " * AES-CTR: $ENABLED_AESCTR"
|
|
echo " * AES-CFB: $ENABLED_AESCFB"
|
|
echo " * AES-OFB: $ENABLED_AESOFB"
|
|
echo " * AES-XTS: $ENABLED_AESXTS"
|
|
echo " * AES-XTS streaming: $ENABLED_AESXTS_STREAM"
|
|
echo " * AES-SIV: $ENABLED_AESSIV"
|
|
echo " * AES-EAX: $ENABLED_AESEAX"
|
|
echo " * AES Bitspliced: $ENABLED_AESBS"
|
|
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
|
|
echo " * ARIA: $ENABLED_ARIA"
|
|
echo " * ASCON: $ENABLED_ASCON"
|
|
echo " * DES3: $ENABLED_DES3"
|
|
echo " * DES3 TLS Suites: $ENABLED_DES3_TLS_SUITES"
|
|
echo " * Camellia: $ENABLED_CAMELLIA"
|
|
echo " * CUDA: $ENABLED_CUDA"
|
|
echo " * SM4-ECB: $ENABLED_SM4_ECB"
|
|
echo " * SM4-CBC: $ENABLED_SM4_CBC"
|
|
echo " * SM4-CTR: $ENABLED_SM4_CTR"
|
|
echo " * SM4-GCM: $ENABLED_SM4_GCM"
|
|
echo " * SM4-CCM: $ENABLED_SM4_CCM"
|
|
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
|
|
echo " * MD2: $ENABLED_MD2"
|
|
echo " * MD4: $ENABLED_MD4"
|
|
echo " * MD5: $ENABLED_MD5"
|
|
echo " * RIPEMD: $ENABLED_RIPEMD"
|
|
echo " * SHA: $ENABLED_SHA"
|
|
echo " * SHA-224: $ENABLED_SHA224"
|
|
echo " * SHA-256: $ENABLED_SHA256"
|
|
echo " * SHA-384: $ENABLED_SHA384"
|
|
echo " * SHA-512: $ENABLED_SHA512"
|
|
echo " * SHA3: $ENABLED_SHA3"
|
|
echo " * SHAKE128: $ENABLED_SHAKE128"
|
|
echo " * SHAKE256: $ENABLED_SHAKE256"
|
|
echo " * SM3: $ENABLED_SM3"
|
|
echo " * BLAKE2B: $ENABLED_BLAKE2B"
|
|
echo " * BLAKE2S: $ENABLED_BLAKE2S"
|
|
echo " * SipHash: $ENABLED_SIPHASH"
|
|
echo " * CMAC: $ENABLED_CMAC"
|
|
echo " * keygen: $ENABLED_KEYGEN"
|
|
echo " * acert: $ENABLED_ACERT"
|
|
echo " * certgen: $ENABLED_CERTGEN"
|
|
echo " * certreq: $ENABLED_CERTREQ"
|
|
echo " * certext: $ENABLED_CERTEXT"
|
|
echo " * certgencache: $ENABLED_certgencache"
|
|
echo " * CHACHA: $ENABLED_CHACHA"
|
|
echo " * XCHACHA: $ENABLED_XCHACHA"
|
|
echo " * Hash DRBG: $ENABLED_HASHDRBG"
|
|
echo " * SHA-256 Hash DRBG: $ENABLED_SHA256_DRBG"
|
|
echo " * SHA-512 Hash DRBG: $ENABLED_SHA512_DRBG"
|
|
echo " * MmemUse Entropy:"
|
|
echo " * (AKA: wolfEntropy): $ENABLED_ENTROPY_MEMUSE"
|
|
echo " * PWDBASED: $ENABLED_PWDBASED"
|
|
echo " * Encrypted keys: $ENABLED_ENCKEYS"
|
|
echo " * scrypt: $ENABLED_SCRYPT"
|
|
echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
|
|
echo " * HKDF: $ENABLED_HKDF"
|
|
echo " * HPKE: $ENABLED_HPKE"
|
|
echo " * X9.63 KDF: $ENABLED_X963KDF"
|
|
echo " * SRTP-KDF: $ENABLED_SRTP_KDF"
|
|
echo " * PSK: $ENABLED_PSK"
|
|
echo " * Poly1305: $ENABLED_POLY1305"
|
|
echo " * LEANPSK: $ENABLED_LEANPSK"
|
|
echo " * LEANTLS: $ENABLED_LEANTLS"
|
|
echo " * RSA: $ENABLED_RSA"
|
|
echo " * RSA-PSS: $ENABLED_RSAPSS"
|
|
echo " * DSA: $ENABLED_DSA"
|
|
echo " * DH: $ENABLED_DH"
|
|
echo " * DH Default Parameters: $ENABLED_DHDEFAULTPARAMS"
|
|
echo " * ECC: $ENABLED_ECC"
|
|
echo " * ECC Custom Curves: $ENABLED_ECCCUSTCURVES"
|
|
echo " * ECC Minimum Bits: $ENABLED_ECCMINSZ"
|
|
echo " * FPECC: $ENABLED_FPECC"
|
|
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
|
|
echo " * Brainpool: $ENABLED_BRAINPOOL"
|
|
echo " * SM2: $ENABLED_SM2"
|
|
echo " * CURVE25519: $ENABLED_CURVE25519"
|
|
echo " * ED25519: $ENABLED_ED25519"
|
|
echo " * ED25519 streaming: $ENABLED_ED25519_STREAM"
|
|
echo " * CURVE448: $ENABLED_CURVE448"
|
|
echo " * ED448: $ENABLED_ED448"
|
|
echo " * ED448 streaming: $ENABLED_ED448_STREAM"
|
|
echo " * LMS: $ENABLED_LMS"
|
|
echo " * XMSS: $ENABLED_XMSS"
|
|
echo " * SLH-DSA $ENABLED_SLHDSA"
|
|
echo " * MLKEM: $ENABLED_MLKEM"
|
|
echo " * ML-DSA: $ENABLED_MLDSA"
|
|
echo " * ECCSI $ENABLED_ECCSI"
|
|
echo " * SAKKE $ENABLED_SAKKE"
|
|
echo " * ASN: $ENABLED_ASN"
|
|
echo " * Anonymous cipher: $ENABLED_ANON"
|
|
echo " * CODING: $ENABLED_CODING"
|
|
echo " * MEMORY: $ENABLED_MEMORY"
|
|
echo " * I/O POOL: $ENABLED_IOPOOL"
|
|
echo " * wolfSentry: $ENABLED_WOLFSENTRY"
|
|
echo " * LIGHTY: $ENABLED_LIGHTY"
|
|
echo " * WPA Supplicant: $ENABLED_WPAS"
|
|
echo " * HAPROXY: $ENABLED_HAPROXY"
|
|
echo " * STUNNEL: $ENABLED_STUNNEL"
|
|
echo " * tcpdump: $ENABLED_TCPDUMP"
|
|
echo " * libssh2: $ENABLED_LIBSSH2"
|
|
echo " * ntp: $ENABLED_NTP"
|
|
echo " * rsyslog: $ENABLED_RSYSLOG"
|
|
echo " * Apache httpd: $ENABLED_APACHE_HTTPD"
|
|
echo " * NGINX: $ENABLED_NGINX"
|
|
echo " * OpenResty: $ENABLED_OPENRESTY"
|
|
echo " * ASIO: $ENABLED_ASIO"
|
|
echo " * LIBWEBSOCKETS: $ENABLED_LIBWEBSOCKETS"
|
|
echo " * Qt: $ENABLED_QT"
|
|
echo " * Qt Unit Testing: $ENABLED_QT_TEST"
|
|
echo " * SIGNAL: $ENABLED_SIGNAL"
|
|
echo " * chrony: $ENABLED_CHRONY"
|
|
echo " * strongSwan: $ENABLED_STRONGSWAN"
|
|
echo " * OpenLDAP: $ENABLED_OPENLDAP"
|
|
echo " * hitch: $ENABLED_HITCH"
|
|
echo " * memcached: $ENABLED_MEMCACHED"
|
|
echo " * Mosquitto $ENABLED_MOSQUITTO"
|
|
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
|
|
echo " * DTLS: $ENABLED_DTLS"
|
|
echo " * DTLS v1.3: $ENABLED_DTLS13"
|
|
echo " * SCTP: $ENABLED_SCTP"
|
|
echo " * SRTP: $ENABLED_SRTP"
|
|
echo " * Indefinite Length: $ENABLED_BER_INDEF"
|
|
echo " * Multicast: $ENABLED_MCAST"
|
|
echo " * SSL v3.0 (Old): $ENABLED_SSLV3"
|
|
echo " * TLS v1.0 (Old): $ENABLED_TLSV10"
|
|
echo " * TLS v1.1 (Old): $ENABLED_OLD_TLS"
|
|
echo " * TLS v1.2: $ENABLED_TLSV12"
|
|
echo " * TLS v1.3: $ENABLED_TLS13"
|
|
echo " * RPK: $ENABLED_RPK"
|
|
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
|
|
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
|
|
echo " * QUIC: $ENABLED_QUIC"
|
|
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
|
|
echo " * OCSP: $ENABLED_OCSP"
|
|
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
|
|
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
|
|
echo " * CRL: $ENABLED_CRL"
|
|
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
|
|
echo " * Persistent session cache: $ENABLED_SAVESESSION"
|
|
echo " * Persistent cert cache: $ENABLED_SAVECERT"
|
|
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
|
|
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
|
|
echo " * liboqs: $ENABLED_LIBOQS"
|
|
echo " * Falcon (via liboqs): $ENABLED_FALCON"
|
|
echo " * Whitewood netRandom: $ENABLED_WNR"
|
|
echo " * Server Name Indication: $ENABLED_SNI"
|
|
echo " * ALPN: $ENABLED_ALPN"
|
|
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
|
|
echo " * Trusted CA Indication: $ENABLED_TRUSTED_CA"
|
|
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
|
|
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
|
|
echo " * FFDHE only in client: $ENABLED_FFDHE_ONLY"
|
|
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
|
|
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
|
|
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
|
|
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
|
|
echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV"
|
|
echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL"
|
|
echo " * All TLS Extensions: $ENABLED_TLSX"
|
|
echo " * S/MIME: $ENABLED_SMIME"
|
|
echo " * PKCS#7: $ENABLED_PKCS7"
|
|
echo " * PKCS#8: $ENABLED_PKCS8"
|
|
echo " * PKCS#11: $ENABLED_PKCS11"
|
|
echo " * PKCS#12: $ENABLED_PKCS12"
|
|
echo " * wolfSSH: $ENABLED_WOLFSSH"
|
|
echo " * wolfEngine: $ENABLED_WOLFENGINE"
|
|
echo " * wolfTPM: $ENABLED_WOLFTPM"
|
|
echo " * wolfCLU: $ENABLED_WOLFCLU"
|
|
echo " * wolfSCEP: $ENABLED_WOLFSCEP"
|
|
echo " * Secure Remote Password: $ENABLED_SRP"
|
|
echo " * Small Stack: $ENABLED_SMALL_STACK"
|
|
echo " * Linux Kernel Module: $ENABLED_LINUXKM"
|
|
|
|
test "$ENABLED_LINUXKM" = "yes" && \
|
|
echo " * Linux kernel module bench: $ENABLED_KERNEL_BENCHMARKS" && \
|
|
echo " * Linux kernel alg register: $ENABLED_LINUXKM_LKCAPI_REGISTER"
|
|
|
|
echo " * valgrind unit tests: $ENABLED_VALGRIND"
|
|
echo " * LIBZ: $ENABLED_LIBZ"
|
|
echo " * Examples: $ENABLED_EXAMPLES"
|
|
echo " * Crypt tests: $ENABLED_CRYPT_TESTS"
|
|
echo " * Stack sizes in tests: $ENABLED_STACKSIZE"
|
|
echo " * Heap stats in tests: $ENABLED_TRACKMEMORY"
|
|
echo " * Asynchronous Crypto: $ENABLED_ASYNCCRYPT"
|
|
echo " * Asynchronous Crypto (sim): $ENABLED_ASYNCCRYPT_SW"
|
|
echo " * Cavium Nitrox: $ENABLED_CAVIUM"
|
|
echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC"
|
|
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
|
|
if test "$ENABLED_ARMASM_INLINE" = "yes"
|
|
then
|
|
ENABLED_ARMASM="inline C"
|
|
fi
|
|
echo " * ARM ASM: $ENABLED_ARMASM"
|
|
echo " * ARM ASM SHA512/SHA3 Crypto $ENABLED_ARMASM_SHA3"
|
|
echo " * ARM ASM SM3/SM4 Crypto $ENABLED_ARMASM_CRYPTO_SM4"
|
|
echo " * RISC-V ASM $ENABLED_RISCV_ASM"
|
|
if test "$ENABLED_PPC32_ASM_INLINE" = "yes"
|
|
then
|
|
ENABLED_PPC32_ASM="inline C"
|
|
fi
|
|
if test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes"
|
|
then
|
|
ENABLED_PPC32_ASM="inline C Reg"
|
|
fi
|
|
echo " * PPC32 ASM $ENABLED_PPC32_ASM"
|
|
echo " * Write duplicate: $ENABLED_WRITEDUP"
|
|
echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
|
|
echo " * C89: $ENABLED_C89"
|
|
echo " * Inline Code: $ENABLED_INLINE"
|
|
echo " * Linux AF_ALG: $ENABLED_AFALG"
|
|
echo " * Linux KCAPI: $ENABLED_KCAPI"
|
|
echo " * Linux devcrypto: $ENABLED_DEVCRYPTO"
|
|
echo " * PK callbacks: $ENABLED_PKCALLBACKS"
|
|
echo " * Crypto callbacks: $ENABLED_CRYPTOCB"
|
|
echo " * i.MX CAAM: $ENABLED_CAAM"
|
|
echo " * IoT-Safe: $ENABLED_IOTSAFE"
|
|
echo " * IoT-Safe HWRNG: $ENABLED_IOTSAFE_HWRNG"
|
|
echo " * NXP SE050: $ENABLED_SE050"
|
|
echo " * STMicro STSAFE: $ENABLED_STSAFE"
|
|
echo " * TROPIC01: $ENABLED_TROPIC01"
|
|
echo " * Maxim Integrated MAXQ10XX: $ENABLED_MAXQ10XX"
|
|
echo " * PSA: $ENABLED_PSA"
|
|
echo " * System CA certs: $ENABLED_SYS_CA_CERTS"
|
|
echo " * Dual alg cert support: $ENABLED_DUAL_ALG_CERTS"
|
|
echo " * ERR Queues per Thread: $ENABLED_ERRORQUEUEPERTHREAD"
|
|
echo " * rwlock: $ENABLED_RWLOCK"
|
|
echo " * keylog export: $ENABLED_KEYLOG_EXPORT"
|
|
echo " * AutoSAR : $ENABLED_AUTOSAR"
|
|
echo " * ML-KEM standalone: $ENABLED_MLKEM_STANDALONE"
|
|
echo " * PQ/T hybrids: $ENABLED_PQC_HYBRIDS"
|
|
echo " * Extra PQ/T hybrids: $ENABLED_EXTRA_PQC_HYBRIDS"
|
|
echo " * PUF: $ENABLED_PUF"
|
|
echo ""
|
|
echo "---"
|
|
|
|
echo "./configure flags: $(./config.status --config)"
|
|
|
|
fi # $silent != yes
|
|
|
|
################################################################################
|
|
# Show warnings at bottom so they are noticed
|
|
################################################################################
|
|
|
|
# MinGW static vs shared library
|
|
# Reference URL from libtool for MinGW is located at
|
|
# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
|
|
# this allows for not even having dllimport/dllexport on functions
|
|
# with recent libtools, only requiring it with global variables.
|
|
#
|
|
# The following warning is displayed here because if not using "contemporary GNU
|
|
# tools" there is the possibility of export/import issues.
|
|
# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
|
|
# case where both static and shared libraries are built.
|
|
#
|
|
# More can be found about the MinGW linker at
|
|
# https://sourceware.org/binutils/docs/ld/WIN32.html
|
|
if test "$MINGW_LIB_WARNING" = "yes"
|
|
then
|
|
AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
|
|
fi
|
|
|
|
if test -n "$WITH_MAX_ECC_BITS"; then
|
|
if test "$WITH_MAX_ECC_BITS" -lt "$ENABLED_ECCMINSZ"; then
|
|
AC_MSG_ERROR([--with-max-ecc-bits argument ($WITH_MAX_ECC_BITS) must be greater than --with-eccminsz argument ($ENABLED_ECCMINSZ)])
|
|
fi
|
|
fi
|
|
|
|
if test "$silent" != "yes"; then
|
|
|
|
echo "---"
|
|
echo "Note: Make sure your application includes \"wolfssl/options.h\" before any other wolfSSL headers."
|
|
echo " You can define \"WOLFSSL_USE_OPTIONS_H\" in your application to include this automatically."
|
|
|
|
fi
|