2011-08-03 22:30:22 +04:00
# configure.ac
2011-07-27 00:27:22 +04:00
#
2017-10-23 01:58:35 +03:00
# Copyright (C) 2006-2017 wolfSSL Inc.
2011-07-27 00:27:22 +04:00
#
2014-12-31 23:04:03 +03:00
# This file is part of wolfSSL. (formerly known as CyaSSL)
2011-07-27 00:27:22 +04:00
#
#
2019-03-14 23:41:36 +03:00
AC_COPYRIGHT([Copyright (C) 2006-2019 wolfSSL Inc.])
2018-06-08 20:47:14 +03:00
AC_PREREQ([2.63])
2019-10-22 01:32:41 +03:00
AC_INIT([wolfssl],[4.2.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
2012-10-19 08:30:21 +04:00
AC_CONFIG_AUX_DIR([build-aux])
2011-08-25 02:54:58 +04:00
2018-03-27 20:23:44 +03:00
# The following sets CFLAGS and CXXFLAGS to empty if unset on command line.
2018-06-08 20:47:14 +03:00
# We do not want the default "-g -O2" that AC_PROG_CC sets automatically.
2015-09-18 02:36:53 +03:00
: ${CFLAGS=""}
2018-05-16 16:55:16 +03:00
# Test ar for the "U" option. Should be checked before the libtool macros.
2019-03-05 20:26:30 +03:00
xxx_ar_flags=$(ar --help 2>&1)
2018-05-16 16:55:16 +03:00
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
2018-06-08 20:47:14 +03:00
AC_PROG_CC
AM_PROG_CC_C_O
2011-08-25 02:54:58 +04:00
AC_CANONICAL_HOST
2018-06-08 20:47:14 +03:00
AC_CONFIG_MACRO_DIR([m4])
2011-08-25 02:54:58 +04:00
2013-09-15 11:13:30 +04:00
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
2018-06-08 20:47:14 +03:00
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
2011-08-25 02:54:58 +04:00
2013-09-15 11:13:30 +04:00
AC_ARG_PROGRAM
2011-08-25 02:54:58 +04:00
2018-06-08 20:47:14 +03:00
AC_CONFIG_HEADERS([config.h:config.in])
2011-08-25 02:54:58 +04:00
2018-06-08 20:47:14 +03:00
LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll])
2011-02-05 22:14:47 +03:00
2011-04-30 00:08:05 +04:00
#shared library versioning
2019-10-22 01:32:41 +03:00
WOLFSSL_LIBRARY_VERSION=23:0:0
2018-05-31 03:11:38 +03:00
# | | |
# +------+ | +---+
# | | |
# current:revision:age
# | | |
# | | +- increment if interfaces have been added
# | | set to zero if interfaces have been removed
# | | or changed
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
2014-12-30 02:30:26 +03:00
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
2011-04-30 00:08:05 +04:00
2012-10-24 23:01:11 +04:00
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell
USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
2015-09-24 02:27:48 +03:00
USER_CFLAGS="$CFLAGS"
2012-10-24 23:01:11 +04:00
2011-08-25 02:54:58 +04:00
gl_VISIBILITY
2012-10-21 05:24:28 +04:00
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
])
2011-08-25 02:54:58 +04:00
2016-12-07 03:15:45 +03:00
# Moved these size of and type checks before the library checks.
# The library checks add the library to subsequent test compiles
# and in some rare cases, the networking check causes these sizeof
# checks to fail.
2018-06-08 20:47:14 +03:00
AC_CHECK_SIZEOF([long long])
AC_CHECK_SIZEOF([long])
2018-11-13 02:02:33 +03:00
AC_CHECK_SIZEOF([time_t])
2018-06-08 20:47:14 +03:00
AC_CHECK_TYPES([__uint128_t])
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket])
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h])
AC_CHECK_LIB([network],[socket])
2011-08-25 02:54:58 +04:00
AC_C_BIGENDIAN
2011-02-05 22:14:47 +03:00
AC_PROG_INSTALL
2011-08-25 02:54:58 +04:00
AC_TYPE_SIZE_T
AC_TYPE_UINT8_T
AM_PROG_AS
LT_LIB_M
2011-04-27 02:41:16 +04:00
2011-02-05 22:14:47 +03:00
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
2013-04-12 20:29:31 +04:00
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
2013-09-04 00:13:13 +04:00
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
2014-12-31 23:04:03 +03:00
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
2015-09-28 19:06:30 +03:00
LIB_ADD=
LIB_STATIC_ADD=
2011-02-05 22:14:47 +03:00
2013-11-12 05:00:35 +04:00
# Thread local storage
2018-06-08 20:47:14 +03:00
AX_TLS([thread_ls_on=yes],[thread_ls_on=no])
AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
2011-02-05 22:14:47 +03:00
# DEBUG
2012-10-19 08:30:21 +04:00
AX_DEBUG
2012-10-24 22:53:33 +04:00
AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
2011-02-05 22:14:47 +03:00
2016-08-22 19:00:37 +03:00
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
2016-08-22 19:00:37 +03:00
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
2017-05-18 20:57:28 +03:00
enable_all=yes
fi
# ALL FEATURES
AC_ARG_ENABLE([all],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
2017-05-18 20:57:28 +03:00
[ ENABLED_ALL=$enableval ],
[ ENABLED_ALL=no ]
)
if test "$ENABLED_ALL" = "yes"
then
2016-08-22 19:00:37 +03:00
enable_dtls=yes
2016-11-23 18:31:07 +03:00
enable_tls13=yes
2016-08-22 19:00:37 +03:00
enable_openssh=yes
enable_opensslextra=yes
2018-04-10 19:55:03 +03:00
enable_opensslall=yes
2016-08-22 19:00:37 +03:00
enable_savesession=yes
enable_savecert=yes
enable_atomicuser=yes
enable_pkcallbacks=yes
enable_aesgcm=yes
enable_aesccm=yes
2016-12-04 17:23:51 +03:00
enable_aesctr=yes
2018-01-12 21:05:43 +03:00
enable_aescfb=yes
2016-08-22 19:00:37 +03:00
enable_camellia=yes
enable_ripemd=yes
enable_sha512=yes
2017-04-10 21:45:26 +03:00
enable_sha224=yes
2017-05-23 06:50:49 +03:00
enable_sha3=yes
2016-08-22 19:00:37 +03:00
enable_sessioncerts=yes
enable_keygen=yes
enable_certgen=yes
enable_certreq=yes
enable_certext=yes
enable_sep=yes
enable_hkdf=yes
enable_dsa=yes
enable_ecccustcurves=yes
enable_compkey=yes
enable_curve25519=yes
enable_ed25519=yes
enable_fpecc=yes
enable_eccencrypt=yes
enable_psk=yes
enable_idea=yes
enable_cmac=yes
2017-08-31 02:50:15 +03:00
enable_xts=yes
2016-08-22 19:00:37 +03:00
enable_webserver=yes
enable_hc128=yes
enable_rabbit=yes
enable_ocsp=yes
enable_ocspstapling=yes
enable_ocspstapling2=yes
enable_crl=yes
enable_crl_monitor=yes
enable_sni=yes
enable_maxfragment=yes
enable_alpn=yes
enable_truncatedhmac=yes
2018-09-28 19:05:59 +03:00
enable_trusted_ca=yes
2016-08-22 19:00:37 +03:00
enable_supportedcurves=yes
enable_session_ticket=yes
enable_tlsx=yes
enable_pkcs7=yes
2017-10-05 01:24:22 +03:00
enable_ssh=yes
2016-08-22 19:00:37 +03:00
enable_scep=yes
enable_srp=yes
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
2017-03-28 14:28:36 +03:00
enable_haproxy=yes
2016-08-22 19:00:37 +03:00
enable_stunnel=yes
2016-12-22 05:53:29 +03:00
enable_nginx=yes
2018-07-02 19:48:02 +03:00
enable_asio=yes
2019-10-21 21:03:18 +03:00
enable_libwebsockets=yes
2016-08-22 19:00:37 +03:00
enable_pwdbased=yes
2017-04-10 21:45:26 +03:00
enable_aeskeywrap=yes
enable_x963kdf=yes
enable_scrypt=yes
2018-02-19 06:40:18 +03:00
enable_indef=yes
2018-03-31 01:48:15 +03:00
enable_enckeys=yes
2019-08-27 23:28:33 +03:00
enable_hashflags=yes
2017-08-11 22:42:33 +03:00
2018-04-10 18:38:14 +03:00
# Enable AES Decrypt, AES ECB, Alt Names, DER Load, Keep Certs, CRL IO with Timeout
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
2019-03-14 03:56:45 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192"
2019-05-09 19:08:11 +03:00
# Enable multiple attribute additions such as DC
AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
2016-08-22 19:00:37 +03:00
fi
2017-11-07 01:37:34 +03:00
# Support for forcing 32-bit mode
2018-12-24 02:59:57 +03:00
# To force 32-bit instructions use:
# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make
# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement.
2017-11-07 01:37:34 +03:00
AC_ARG_ENABLE([32bit],
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
[ ENABLED_32BIT=$enableval ],
[ ENABLED_32BIT=no ]
)
2019-03-02 02:54:08 +03:00
# 16-bit compiler support
AC_ARG_ENABLE([16bit],
[AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])],
[ ENABLED_16BIT=$enableval ],
[ ENABLED_16BIT=no ]
)
if test "$ENABLED_16BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU"
fi
2017-11-07 01:37:34 +03:00
# Support for disabling all ASM
AC_ARG_ENABLE([asm],
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
[ ENABLED_ASM=$enableval ],
[ ENABLED_ASM=yes ]
)
if test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
fi
2011-02-05 22:14:47 +03:00
# SINGLE THREADED
2013-03-13 23:58:50 +04:00
AC_ARG_ENABLE([singlethreaded],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_SINGLETHREADED=$enableval ],
2012-10-20 07:09:17 +04:00
[ ENABLED_SINGLETHREADED=no ])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
AX_PTHREAD([
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
2018-05-11 20:21:47 +03:00
# If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
# versions of clang don't need the -Q flag when using pthreads.
AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
2013-04-02 02:50:13 +04:00
AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS"
LIBS="$LIBS $PTHREAD_LIBS"
2012-10-20 07:09:17 +04:00
],[
ENABLED_SINGLETHREADED=yes
])
2018-06-08 20:47:14 +03:00
])
2012-10-20 07:09:17 +04:00
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
2011-02-05 22:14:47 +03:00
# DTLS
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([dtls],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ]
)
if test "$ENABLED_DTLS" = "yes"
then
2014-12-31 23:04:03 +03:00
AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
2011-02-05 22:14:47 +03:00
fi
2017-06-22 05:40:41 +03:00
# TLS v1.3 Draft 18
AC_ARG_ENABLE([tls13-draft18],
[AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
[ ENABLED_TLS13_DRAFT18=$enableval ],
[ ENABLED_TLS13_DRAFT18=no ]
)
if test "$ENABLED_TLS13_DRAFT18" = "yes"
then
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
2017-06-22 05:40:41 +03:00
fi
2018-02-09 03:42:15 +03:00
# TLS v1.3 Draft 22
AC_ARG_ENABLE([tls13-draft22],
[AS_HELP_STRING([--enable-tls13-draft22],[Enable wolfSSL TLS v1.3 Draft 22 (default: disabled)])],
[ ENABLED_TLS13_DRAFT22=$enableval ],
[ ENABLED_TLS13_DRAFT22=no ]
)
if test "$ENABLED_TLS13_DRAFT22" = "yes"
then
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS"
2018-02-09 03:42:15 +03:00
fi
2018-03-07 10:05:53 +03:00
# TLS v1.3 Draft 23
AC_ARG_ENABLE([tls13-draft23],
[AS_HELP_STRING([--enable-tls13-draft23],[Enable wolfSSL TLS v1.3 Draft 23 (default: disabled)])],
[ ENABLED_TLS13_DRAFT23=$enableval ],
[ ENABLED_TLS13_DRAFT23=no ]
)
if test "$ENABLED_TLS13_DRAFT23" = "yes"
then
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
2018-03-07 10:05:53 +03:00
fi
2018-05-01 08:19:18 +03:00
# TLS v1.3 Draft 26
AC_ARG_ENABLE([tls13-draft26],
[AS_HELP_STRING([--enable-tls13-draft26],[Enable wolfSSL TLS v1.3 Draft 26 (default: disabled)])],
[ ENABLED_TLS13_DRAFT26=$enableval ],
[ ENABLED_TLS13_DRAFT26=no ]
)
if test "$ENABLED_TLS13_DRAFT26" = "yes"
then
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
fi
# TLS v1.3 Draft 28
AC_ARG_ENABLE([tls13-draft28],
[AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])],
[ ENABLED_TLS13_DRAFT28=$enableval ],
[ ENABLED_TLS13_DRAFT28=no ]
)
if test "$ENABLED_TLS13_DRAFT28" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS"
2018-05-01 08:19:18 +03:00
fi
2016-11-23 18:31:07 +03:00
# TLS v1.3
AC_ARG_ENABLE([tls13],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: disabled)])],
2016-11-23 18:31:07 +03:00
[ ENABLED_TLS13=$enableval ],
[ ENABLED_TLS13=no ]
)
2017-06-22 05:40:41 +03:00
2018-08-20 07:17:38 +03:00
if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes"
2017-06-22 05:40:41 +03:00
then
ENABLED_TLS13="yes"
fi
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes"
then
2017-10-20 04:24:20 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES $AM_CFLAGS"
2016-11-23 18:31:07 +03:00
fi
2017-06-22 05:40:41 +03:00
# Post-handshake Authentication
AC_ARG_ENABLE([postauth],
[AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])],
[ ENABLED_TLS13_POST_AUTH=$enableval ],
[ ENABLED_TLS13_POST_AUTH=no ]
)
if test "$ENABLED_TLS13_POST_AUTH" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable postauth without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_POST_HANDSHAKE_AUTH $AM_CFLAGS"
fi
2017-11-20 04:07:32 +03:00
# Hello Retry Request Cookie
2017-06-27 01:52:53 +03:00
AC_ARG_ENABLE([hrrcookie],
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
[ ENABLED_SEND_HRR_COOKIE=no ]
)
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable hrrcookie without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
fi
2019-06-20 21:43:29 +03:00
# RNG
2016-11-01 19:21:29 +03:00
AC_ARG_ENABLE([rng],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
2016-11-01 19:21:29 +03:00
[ ENABLED_RNG=$enableval ],
[ ENABLED_RNG=yes ]
2016-11-01 01:51:02 +03:00
)
2016-11-01 19:21:29 +03:00
if test "$ENABLED_RNG" = "no"
2016-11-01 01:51:02 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
fi
2016-08-01 17:51:42 +03:00
# DTLS-SCTP
AC_ARG_ENABLE([sctp],
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
[ENABLED_SCTP=$enableval],
[ENABLED_SCTP=no])
2016-08-30 01:15:59 +03:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AC_MSG_CHECKING([for SCTP])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <sys/socket.h>
#include <arpa/inet.h>
]],
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
])
2016-08-01 17:51:42 +03:00
2016-12-07 01:08:52 +03:00
# DTLS-MULTICAST
AC_ARG_ENABLE([mcast],
[AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
[ENABLED_MCAST=$enableval],
[ENABLED_MCAST=no])
2018-04-10 19:55:03 +03:00
# List of open source project defines using our openssl compatibility layer:
# openssh (--enable-openssh)
# nginix (--enable-nginx) WOLFSSL_NGINX
# haproxy (--enable-haproxy) WOLFSSL_HAPROXY
# wpa_supplicant (--enable-wpas) WOLFSSL_WPAS
# ssl fortress (--enable-fortress) FORTRESS
# ssl bump (--enable-bump)
# signal (--enable-signal)
# lighty (--enable-lighty) HAVE_LIGHTY
# stunnel (--enable-stunnel) HAVE_STUNNEL
2018-07-02 19:48:02 +03:00
# asio (--enable-asio) WOLFSSL_ASIO
2019-10-21 21:03:18 +03:00
# libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS
2018-04-10 19:55:03 +03:00
# HAVE_POCO_LIB
# WOLFSSL_MYSQL_COMPATIBLE
# web server (--enable-webserver) HAVE_WEBSERVER
2015-07-17 19:14:58 +03:00
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
[ENABLED_OPENSSH=$enableval],
[ENABLED_OPENSSH=no])
2016-12-22 05:53:29 +03:00
# nginx compatibility build
AC_ARG_ENABLE([nginx],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])],
2016-12-22 05:53:29 +03:00
[ ENABLED_NGINX=$enableval ],
[ ENABLED_NGINX=no ]
)
2015-07-17 19:14:58 +03:00
2017-04-11 15:18:41 +03:00
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])],
2017-04-11 15:18:41 +03:00
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
2018-02-08 08:50:17 +03:00
# wpa_supplicant support
AC_ARG_ENABLE([wpas],
[AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])],
[ ENABLED_WPAS=$enableval ],
[ ENABLED_WPAS=no ]
)
# Fortress build
AC_ARG_ENABLE([fortress],
[AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])],
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
)
2019-10-21 21:03:18 +03:00
# libwebsockets Support
AC_ARG_ENABLE([libwebsockets],
[AS_HELP_STRING([--enable-libwebsockets],[Enable libwebsockets (default: disabled)])],
[ ENABLED_LIBWEBSOCKETS=$enableval ],
[ ENABLED_LIBWEBSOCKETS=no ]
)
if test "$ENABLED_LIBWEBSOCKETS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LIBWEBSOCKETS -DOPENSSL_NO_EC"
fi
2018-02-08 08:50:17 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_FORTRESS="yes"
fi
# ssl bump build
AC_ARG_ENABLE([bump],
[AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])],
[ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ]
)
# SNIFFER
AC_ARG_ENABLE([sniffer],
[AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
[ ENABLED_SNIFFER=$enableval ],
[ ENABLED_SNIFFER=no ]
)
2017-11-13 12:12:18 +03:00
# signal compatibility build
AC_ARG_ENABLE([signal],
[AS_HELP_STRING([--enable-signal],[Enable signal (default: disabled)])],
[ ENABLED_SIGNAL=$enableval ],
[ ENABLED_SIGNAL=no ]
)
2017-04-11 15:18:41 +03:00
2019-10-24 01:51:19 +03:00
# OpenSSL Coexist
2017-09-26 04:47:36 +03:00
AC_ARG_ENABLE([opensslcoexist],
[AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])],
[ ENABLED_OPENSSLCOEXIST=$enableval ],
[ ENABLED_OPENSSLCOEXIST=no ]
)
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"
then
# make sure old names are disabled
enable_oldnames=no
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST"
fi
2018-04-10 19:55:03 +03:00
# OPENSSL Compatibility ALL
AC_ARG_ENABLE([opensslall],
[AS_HELP_STRING([--enable-opensslall],[Enable all OpenSSL API, size++ (default: disabled)])],
[ ENABLED_OPENSSLALL=$enableval ],
[ ENABLED_OPENSSLALL=no ]
)
2019-10-21 21:03:18 +03:00
if test "$ENABLED_LIBWEBSOCKETS" = "yes"
then
ENABLED_OPENSSLALL="yes"
fi
2018-04-10 19:55:03 +03:00
if test "$ENABLED_OPENSSLALL" = "yes"
then
AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS"
fi
2011-02-05 22:14:47 +03:00
# OPENSSL Extra Compatibility
2013-03-13 23:58:50 +04:00
AC_ARG_ENABLE([opensslextra],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
2019-10-21 21:03:18 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_LIBWEBSOCKETS" = "yes"
2015-07-17 19:14:58 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
fi
2017-09-26 04:47:36 +03:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2011-02-05 22:14:47 +03:00
then
2018-01-19 04:26:32 +03:00
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
2019-06-28 04:46:52 +03:00
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS"
2011-02-05 22:14:47 +03:00
fi
2011-06-07 20:02:36 +04:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
2018-02-13 23:46:44 +03:00
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
2011-06-07 20:02:36 +04:00
fi
2018-02-13 23:46:44 +03:00
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
then
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
2018-02-23 20:46:26 +03:00
AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
2018-02-13 23:46:44 +03:00
fi
2011-02-05 22:14:47 +03:00
2015-04-01 21:55:49 +03:00
# High Strength Build
AC_ARG_ENABLE([maxstrength],
2018-04-10 18:38:14 +03:00
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strength build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
2015-04-01 21:55:49 +03:00
[ENABLED_MAXSTRENGTH=$enableval],
[ENABLED_MAXSTRENGTH=no])
2016-07-25 23:24:36 +03:00
# Harden, enable Timing Resistance and Blinding by default
AC_ARG_ENABLE([harden],
[AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
[ENABLED_HARDEN=$enableval],
[ENABLED_HARDEN=yes])
if test "$ENABLED_HARDEN" = "yes"
then
2018-09-15 00:09:27 +03:00
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
if test "$ENABLED_RNG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
fi
2017-07-11 00:40:07 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
2016-07-25 23:24:36 +03:00
fi
2011-02-05 22:14:47 +03:00
# IPv6 Test Apps
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([ipv6],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ]
)
if test "$ENABLED_IPV6" = "yes"
then
2017-03-15 21:25:24 +03:00
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
2011-02-05 22:14:47 +03:00
fi
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
2017-03-17 03:52:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
2017-03-30 04:53:35 +03:00
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER -DHAVE_EX_DATA -DWOLFSSL_KEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
2017-09-15 03:49:07 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
2018-03-19 02:55:45 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DWOLFSSL_DES_ECB"
2017-02-10 01:45:10 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
2011-10-27 04:10:44 +04:00
if test "$ENABLED_FORTRESS" = "yes"
then
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
2011-10-27 04:10:44 +04:00
fi
2011-10-04 23:29:59 +04:00
if test "$ENABLED_BUMP" = "yes"
then
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
2011-10-04 23:29:59 +04:00
fi
2012-11-03 03:49:31 +04:00
ENABLED_SLOWMATH="yes"
2012-10-30 02:39:42 +04:00
2015-08-13 11:20:47 +03:00
# lean psk build
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([leanpsk],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
2012-10-30 02:39:42 +04:00
[ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ]
)
if test "$ENABLED_LEANPSK" = "yes"
then
2017-11-09 22:05:28 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
2012-11-03 03:49:31 +04:00
ENABLED_SLOWMATH="no"
2012-12-01 03:45:43 +04:00
ENABLED_SINGLETHREADED="yes"
2017-11-09 22:05:28 +03:00
enable_lowresource=yes
2012-10-30 02:39:42 +04:00
fi
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
AC_ARG_ENABLE([leantls],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])],
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
[ ENABLED_LEANTLS=$enableval ],
[ ENABLED_LEANTLS=no ]
)
if test "$ENABLED_LEANTLS" = "yes"
then
2017-11-09 22:05:28 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY"
enable_lowresource=yes
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
fi
2017-11-09 22:05:28 +03:00
# low resource options to reduce flash and memory use
AC_ARG_ENABLE([lowresource],
[AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])],
[ ENABLED_LOWRESOURCE=$enableval ],
[ ENABLED_LOWRESOURCE=no ]
)
if test "$ENABLED_LOWRESOURCE" = "yes"
then
# low memory / flash flags
2018-08-30 07:46:43 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DALT_ECC_SIZE -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY"
2017-11-09 22:05:28 +03:00
# low flash flags
AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
fi
2019-07-16 21:21:08 +03:00
# TITAN cache
AC_ARG_ENABLE([titancache],
[AS_HELP_STRING([--enable-titancache],[Enable titan session cache (default: disabled)])],
[ ENABLED_TITANCACHE=$enableval ],
[ ENABLED_TITANCACHE=no ]
2011-02-05 22:14:47 +03:00
)
2019-07-16 21:21:08 +03:00
if test "$ENABLED_TITANCACHE" = "yes"
2011-02-05 22:14:47 +03:00
then
2019-07-16 21:21:08 +03:00
AM_CFLAGS="$AM_CFLAGS -DTITAN_SESSION_CACHE"
2011-02-05 22:14:47 +03:00
fi
# HUGE cache
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([hugecache],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ]
)
if test "$ENABLED_HUGECACHE" = "yes"
then
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
2011-02-05 22:14:47 +03:00
fi
2019-07-16 21:21:08 +03:00
# big cache
AC_ARG_ENABLE([bigcache],
[AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
[ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ]
)
if test "$ENABLED_BIGCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
fi
2011-09-07 03:23:25 +04:00
# SMALL cache
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([smallcache],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])],
2011-09-07 03:23:25 +04:00
[ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ]
)
if test "$ENABLED_SMALLCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
fi
2015-08-13 11:20:47 +03:00
# Persistent session cache
2013-04-24 22:10:23 +04:00
AC_ARG_ENABLE([savesession],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])],
2013-04-24 22:10:23 +04:00
[ ENABLED_SAVESESSION=$enableval ],
[ ENABLED_SAVESESSION=no ]
)
if test "$ENABLED_SAVESESSION" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
2015-08-13 11:20:47 +03:00
# Persistent cert cache
2013-05-02 22:34:26 +04:00
AC_ARG_ENABLE([savecert],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])],
2013-05-02 22:34:26 +04:00
[ ENABLED_SAVECERT=$enableval ],
[ ENABLED_SAVECERT=no ]
)
if test "$ENABLED_SAVECERT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
2017-03-21 01:08:34 +03:00
# Write duplicate WOLFSSL object
AC_ARG_ENABLE([writedup],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])],
2017-03-21 01:08:34 +03:00
[ ENABLED_WRITEDUP=$enableval ],
[ ENABLED_WRITEDUP=no ]
)
if test "$ENABLED_WRITEDUP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
fi
2015-08-13 11:20:47 +03:00
# Atomic User Record Layer
2013-08-10 04:27:15 +04:00
AC_ARG_ENABLE([atomicuser],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])],
2013-08-10 04:27:15 +04:00
[ ENABLED_ATOMICUSER=$enableval ],
[ ENABLED_ATOMICUSER=no ]
)
if test "$ENABLED_ATOMICUSER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
2015-08-13 11:20:47 +03:00
# Public Key Callbacks
2013-08-23 05:19:39 +04:00
AC_ARG_ENABLE([pkcallbacks],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])],
2013-08-23 05:19:39 +04:00
[ ENABLED_PKCALLBACKS=$enableval ],
[ ENABLED_PKCALLBACKS=no ]
)
if test "$ENABLED_PKCALLBACKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
2018-09-27 00:16:32 +03:00
# Microchip/Atmel CryptoAuthLib
ENABLED_CRYPTOAUTHLIB="no"
trylibatcadir=""
AC_ARG_WITH([cryptoauthlib],
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
[
AC_MSG_CHECKING([for cryptoauthlib])
CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
LIBS="$LIBS -lcryptoauth"
2018-09-12 01:46:46 +03:00
2018-09-27 00:16:32 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
2019-03-02 02:54:08 +03:00
if test "x$libatca_linked" = "xno" ; then
2018-09-27 00:16:32 +03:00
if test "x$withval" != "xno" ; then
trylibatcadir=$withval
fi
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
2018-09-27 00:16:32 +03:00
trylibatcadir="/usr"
fi
2018-09-12 01:46:46 +03:00
2018-09-27 00:16:32 +03:00
LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
2019-03-02 02:54:08 +03:00
if test "x$libatca_linked" = "xno" ; then
2018-09-27 00:16:32 +03:00
AC_MSG_ERROR([cryptoauthlib isn't found.
If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
fi
2018-09-28 01:41:58 +03:00
AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib"
AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib"
2018-09-27 00:16:32 +03:00
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
2018-09-28 01:41:58 +03:00
2018-09-27 00:16:32 +03:00
ENABLED_CRYPTOAUTHLIB="yes"
2018-09-28 01:41:58 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
2018-09-27 00:16:32 +03:00
]
)
2018-09-12 01:46:46 +03:00
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# sniffer doesn't work in maxstrength mode
2015-04-01 22:30:46 +03:00
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
then
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
fi
2015-03-12 22:07:48 +03:00
ENABLED_SNIFFTEST=no
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
[
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER"
2015-03-12 22:07:48 +03:00
AC_CHECK_HEADERS([pcap/pcap.h],
[ ENABLED_SNIFFTEST=yes ],
[ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
)
])
2012-10-20 06:00:17 +04:00
2017-11-09 22:05:28 +03:00
2018-07-25 04:22:48 +03:00
# AES-CBC
AC_ARG_ENABLE([aescbc],
[AS_HELP_STRING([--enable-aescbc],[Enable wolfSSL AES-CBC support (default: enabled)])],
[ ENABLED_AESCBC=$enableval ],
[ ENABLED_AESCBC=yes ]
)
if test "$ENABLED_AESCBC" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
fi
# leanpsk and leantls don't need gcm
2012-06-14 08:31:32 +04:00
# AES-GCM
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([aesgcm],
2015-04-01 02:23:28 +03:00
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
2012-06-14 08:31:32 +04:00
[ ENABLED_AESGCM=$enableval ],
2015-03-27 21:12:42 +03:00
[ ENABLED_AESGCM=yes ]
2012-06-14 08:31:32 +04:00
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need gcm
2017-07-26 03:43:36 +03:00
if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" &&
test "$ENABLED_TLS13" = "no")
2015-03-29 21:30:05 +03:00
then
ENABLED_AESGCM=no
fi
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" != "no"
2012-07-20 01:44:08 +04:00
then
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "word32"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
ENABLED_AESGCM=yes
fi
2012-07-20 01:44:08 +04:00
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
ENABLED_AESGCM=yes
fi
2012-07-20 01:44:08 +04:00
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "table"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
ENABLED_AESGCM=yes
fi
2012-07-20 01:44:08 +04:00
2013-04-02 01:25:20 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
2012-06-14 08:31:32 +04:00
fi
2013-01-11 04:46:47 +04:00
# AES-CCM
AC_ARG_ENABLE([aesccm],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])],
2013-01-11 04:46:47 +04:00
[ ENABLED_AESCCM=$enableval ],
[ ENABLED_AESCCM=no ]
)
if test "$ENABLED_AESCCM" = "yes"
then
2013-04-02 01:25:20 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
2013-01-11 04:46:47 +04:00
fi
2016-12-04 17:23:51 +03:00
# AES-CTR
AC_ARG_ENABLE([aesctr],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
2016-12-04 17:23:51 +03:00
[ ENABLED_AESCTR=$enableval ],
[ ENABLED_AESCTR=no ]
)
if test "$ENABLED_AESCTR" = "yes"
then
if test "x$ENABLED_FORTRESS" != "xyes"
then
# This is already implied by fortress build
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
fi
2018-01-12 21:05:43 +03:00
# AES-CFB
AC_ARG_ENABLE([aescfb],
[AS_HELP_STRING([--enable-aescfb],[Enable wolfSSL AES-CFB support (default: disabled)])],
[ ENABLED_AESCFB=$enableval ],
[ ENABLED_AESCFB=no ]
)
if test "$ENABLED_AESCFB" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
fi
2016-07-22 18:49:15 +03:00
# AES-ARM
AC_ARG_ENABLE([armasm],
2016-09-28 19:22:27 +03:00
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])],
2016-07-22 18:49:15 +03:00
[ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ]
)
2017-11-07 01:37:34 +03:00
if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes"
2016-07-22 18:49:15 +03:00
then
2019-07-23 02:56:18 +03:00
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM"
2018-06-13 01:45:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW"
2016-09-28 19:22:27 +03:00
#Check if mcpu and mfpu values already set if not use default
case $CPPFLAGS in
*mcpu* | *mfpu*)
break;; #Do not override user set values
*)
case $host_cpu in
*aarch64*)
2018-12-18 03:12:14 +03:00
# +crypto needed for hardware acceleration
2016-09-28 19:22:27 +03:00
AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
2018-12-18 03:12:14 +03:00
# Check for and set -mstrict-align compiler flag
# Used to set assumption that Aarch64 systems will not handle
# unaligned memory references. The flag -mstrict-align is needed
# on some compiler versions to avoid an invalid addressing mode
# error with "m" constraint variables in the inline assembly AES
# code. Even though unaligned load/store access is permitted on
# normal memory with Cortex-A series boards with the exception
# being exclusive and ordered access.
case $CPPFLAGS in
*mstrict-align*)
break;; # already set by user
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mstrict-align"
AC_MSG_NOTICE([64bit ARMv8, setting -mstrict-align]);;
esac
2016-09-28 19:22:27 +03:00
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]);;
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8"
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]);;
esac
esac
2016-07-22 18:49:15 +03:00
fi
2017-06-07 20:37:21 +03:00
# Xilinx hardened crypto
AC_ARG_ENABLE([xilinx],
[AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
[ ENABLED_XILINX=$enableval ],
[ ENABLED_XILINX=no ]
)
if test "$ENABLED_XILINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XILINX -DWOLFSSL_XILINX_CRYPT"
fi
2017-03-17 23:29:03 +03:00
# INTEL AES-NI
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([aesni],
2015-03-29 00:34:39 +03:00
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ]
)
2015-03-29 00:34:39 +03:00
# INTEL ASM
AC_ARG_ENABLE([intelasm],
[AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
[ ENABLED_INTELASM=$enableval ],
[ ENABLED_INTELASM=no ]
)
2017-11-07 01:37:34 +03:00
if test "$ENABLED_ASM" = "yes"
2017-07-18 03:14:17 +03:00
then
2017-11-07 01:37:34 +03:00
if test "$ENABLED_AESNI" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
ENABLED_AESNI=yes
fi
2017-03-17 23:29:03 +03:00
2017-11-07 01:37:34 +03:00
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
2011-02-05 22:14:47 +03:00
then
2017-11-07 01:37:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
if test "$GCC" = "yes"
2014-07-10 21:18:49 +04:00
then
2017-11-07 01:37:34 +03:00
# GCC needs these flags, icc doesn't
# opt levels greater than 2 may cause problems on systems w/o aesni
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
fi
2014-07-10 21:18:49 +04:00
fi
2017-11-07 01:37:34 +03:00
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
2011-02-05 22:14:47 +03:00
fi
2017-11-07 01:37:34 +03:00
if test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes
fi
2015-03-29 00:34:39 +03:00
fi
2017-03-17 23:29:03 +03:00
# INTEL RDRAND
AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
[ ENABLED_INTELRDRAND=$enableval ],
[ ENABLED_INTELRDRAND=no ]
)
if test "$ENABLED_INTELRDRAND" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
fi
2011-02-05 22:14:47 +03:00
2019-10-24 01:51:19 +03:00
# Linux af_alg
2018-07-19 02:26:25 +03:00
AC_ARG_ENABLE([afalg],
[AS_HELP_STRING([--enable-afalg],[Enable Linux af_alg use for crypto (default: disabled)])],
[ ENABLED_AFALG=$enableval ],
[ ENABLED_AFALG=no ]
)
if test "$ENABLED_AFALG" = "yes"
then
2019-08-31 01:15:48 +03:00
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
2018-07-19 02:26:25 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
fi
2018-08-24 19:24:53 +03:00
if test "$ENABLED_AFALG" = "xilinx"
2019-01-19 02:08:23 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3 -DWOLFSSL_AFALG_XILINX_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
if test "$ENABLED_AFALG" = "xilinx-aes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
if test "$ENABLED_AFALG" = "xilinx-sha3"
2018-08-24 19:24:53 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
2019-01-19 02:08:23 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3"
2018-08-24 19:24:53 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
2019-01-19 02:08:23 +03:00
if test "$ENABLED_AFALG" = "xilinx-rsa"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_RSA"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
2018-07-19 02:26:25 +03:00
2018-08-17 18:46:16 +03:00
# Support for Linux dev/crypto calls
AC_ARG_ENABLE([devcrypto],
[AS_HELP_STRING([--enable-devcrypto],[Enable Linux dev crypto calls: all | aes (all aes support) | hash (all hash algos) | cbc (aes-cbc only) (default: disabled)])],
[ ENABLED_DEVCRYPTO=$enableval ],
[ ENABLED_DEVCRYPTO=no ]
)
if test "$ENABLED_DEVCRYPTO" = "yes" || test "$ENABLED_DEVCRYPTO" = "all"
then
#enable all devcrypto supported algorithms
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
2019-08-13 23:12:45 +03:00
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
2018-08-17 18:46:16 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "aes"
then
#enable only AES-CBC algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
2019-08-13 23:12:45 +03:00
if test "$ENABLED_AESCCM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
fi
2018-08-17 18:46:16 +03:00
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "cbc"
then
#enable only AES-CBC algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "hash"
then
#enable only hash algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
ENABLED_DEVCRYPTO=yes
fi
2013-01-18 09:52:31 +04:00
# Camellia
AC_ARG_ENABLE([camellia],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])],
2013-01-18 09:52:31 +04:00
[ ENABLED_CAMELLIA=$enableval ],
[ ENABLED_CAMELLIA=no ]
)
if test "$ENABLED_CAMELLIA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
fi
2012-07-28 01:01:02 +04:00
# MD2
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([md2],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])],
2012-07-28 01:01:02 +04:00
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
2012-07-28 01:01:02 +04:00
fi
2015-08-13 11:20:47 +03:00
# NULL CIPHER
2013-03-13 05:49:59 +04:00
AC_ARG_ENABLE([nullcipher],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])],
2013-03-13 05:49:59 +04:00
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_NULL_CIPHER="yes"
fi
2013-03-13 05:49:59 +04:00
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
fi
2011-02-05 22:14:47 +03:00
# RIPEMD
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([ripemd],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ]
)
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_RIPEMD="yes"
fi
2011-02-05 22:14:47 +03:00
if test "$ENABLED_RIPEMD" = "yes"
then
2014-12-19 01:40:09 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
2011-02-05 22:14:47 +03:00
fi
2013-01-01 01:10:47 +04:00
# BLAKE2
AC_ARG_ENABLE([blake2],
2019-05-24 06:47:42 +03:00
[AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])],
2013-01-01 01:10:47 +04:00
[ ENABLED_BLAKE2=$enableval ],
[ ENABLED_BLAKE2=no ]
)
if test "$ENABLED_BLAKE2" = "yes"
then
2019-05-24 06:47:42 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2 -DHAVE_BLAKE2B"
2013-01-01 01:10:47 +04:00
fi
2019-05-24 06:47:42 +03:00
AC_ARG_ENABLE([blake2s],
[AS_HELP_STRING([--enable-blake2s],[Enable wolfSSL BLAKE2s support (default: disabled)])],
[ ENABLED_BLAKE2S=$enableval ],
[ ENABLED_BLAKE2S=Sno ]
)
if test "$ENABLED_BLAKE2S" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S"
ENABLED_BLAKE2="yes"
fi
2013-01-01 01:10:47 +04:00
2011-02-05 22:14:47 +03:00
# SHA512
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([sha512],
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_SHA512=$enableval ],
2018-03-07 20:41:07 +03:00
[ ENABLED_SHA512=yes ]
2011-02-05 22:14:47 +03:00
)
2017-11-07 01:37:34 +03:00
# options that don't require sha512
2019-03-02 02:54:08 +03:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
2015-04-01 01:55:39 +03:00
then
2019-03-02 02:54:08 +03:00
ENABLED_SHA512="no"
2015-04-01 01:55:39 +03:00
fi
2017-11-07 01:37:34 +03:00
# options that require sha512
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
2015-07-17 19:14:58 +03:00
then
ENABLED_SHA512="yes"
2018-07-20 02:42:01 +03:00
ENABLED_SHA384="yes"
2015-07-17 19:14:58 +03:00
fi
2019-03-02 02:54:08 +03:00
if test "$ENABLED_SHA512" = "yes"
2011-02-05 22:14:47 +03:00
then
2018-07-20 02:42:01 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512"
2011-02-05 22:14:47 +03:00
fi
2018-07-20 02:42:01 +03:00
# SHA384
AC_ARG_ENABLE([sha384],
[AS_HELP_STRING([--enable-sha384],[Enable wolfSSL SHA-384 support (default: enabled)])],
[ ENABLED_SHA384=$enableval ],
[ ENABLED_SHA384=yes ]
)
2019-03-02 02:54:08 +03:00
# options that don't require sha384
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
2018-07-20 02:42:01 +03:00
then
2019-03-02 02:54:08 +03:00
ENABLED_SHA384="no"
2018-07-20 02:42:01 +03:00
fi
# options that require sha384
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
then
ENABLED_SHA384="yes"
fi
2019-03-02 02:54:08 +03:00
if test "$ENABLED_SHA384" = "yes"
2018-07-20 02:42:01 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384"
fi
2011-02-05 22:14:47 +03:00
# SESSION CERTS
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([sessioncerts],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ]
)
2016-12-22 05:53:29 +03:00
if test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_SESSIONCERTS=yes
fi
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
then
ENABLED_SESSIONCERTS=yes
fi
2016-12-22 05:53:29 +03:00
2011-02-05 22:14:47 +03:00
if test "$ENABLED_SESSIONCERTS" = "yes"
then
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
2011-02-05 22:14:47 +03:00
fi
# KEY GENERATION
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([keygen],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ]
)
if test "$ENABLED_KEYGEN" = "yes"
then
2014-12-30 21:00:18 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
2011-02-05 22:14:47 +03:00
fi
# CERT GENERATION
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([certgen],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])],
2011-02-05 22:14:47 +03:00
[ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ]
)
if test "$ENABLED_CERTGEN" = "yes"
then
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
2011-02-05 22:14:47 +03:00
fi
2014-01-10 23:50:55 +04:00
# CERT REQUEST GENERATION
AC_ARG_ENABLE([certreq],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])],
2014-01-10 23:50:55 +04:00
[ ENABLED_CERTREQ=$enableval ],
[ ENABLED_CERTREQ=no ]
)
if test "$ENABLED_CERTREQ" = "yes"
then
if test "$ENABLED_CERTGEN" = "no"
then
AC_MSG_ERROR([cannot enable certreq without enabling certgen.])
fi
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
2014-01-10 23:50:55 +04:00
fi
2015-09-07 10:51:21 +03:00
# CERT REQUEST EXTENSION
AC_ARG_ENABLE([certext],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])],
2015-09-07 10:51:21 +03:00
[ ENABLED_CERTEXT=$enableval ],
[ ENABLED_CERTEXT=no ]
)
if test "$ENABLED_CERTEXT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
2019-03-01 00:07:38 +03:00
# DECODED CERT CACHE
AC_ARG_ENABLE([certgencache],
[AS_HELP_STRING([--enable-certgencache],[Enable decoded cert caching (default: disabled)])],
[ ENABLED_certgencache=$enableval ],
[ ENABLED_certgencache=no ]
)
if test "$ENABLED_certgencache" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN_CACHE"
fi
2013-06-26 03:26:53 +04:00
# SEP
AC_ARG_ENABLE([sep],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])],
2013-06-26 03:26:53 +04:00
[ ENABLED_SEP=$enableval ],
[ ENABLED_SEP=no ]
)
if test "$ENABLED_SEP" = "yes"
then
2014-12-31 23:04:03 +03:00
AM_CFLAGS="-DWOLFSSL_SEP -DKEEP_PEER_CERT $AM_CFLAGS"
2013-06-26 03:26:53 +04:00
fi
2015-08-13 11:20:47 +03:00
# HKDF
2013-11-01 05:03:00 +04:00
AC_ARG_ENABLE([hkdf],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])],
2013-11-01 05:03:00 +04:00
[ ENABLED_HKDF=$enableval ],
[ ENABLED_HKDF=no ]
)
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_HKDF="yes"
fi
2013-11-01 05:03:00 +04:00
if test "$ENABLED_HKDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
fi
2016-12-08 06:09:54 +03:00
# X9.63 KDF
AC_ARG_ENABLE([x963kdf],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])],
2016-12-08 06:09:54 +03:00
[ ENABLED_X963KDF=$enableval ],
[ ENABLED_X963KDF=no ]
)
if test "$ENABLED_X963KDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
2013-03-13 00:03:42 +04:00
# DSA
AC_ARG_ENABLE([dsa],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])],
2013-03-13 00:03:42 +04:00
[ ENABLED_DSA=$enableval ],
[ ENABLED_DSA=no ]
)
2017-02-10 01:45:10 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes"
2015-07-17 19:14:58 +03:00
then
ENABLED_DSA="yes"
fi
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
fi
2015-03-31 23:28:49 +03:00
2016-05-05 09:14:30 +03:00
# ECC Shamir
2016-05-05 22:24:08 +03:00
AC_ARG_ENABLE([eccshamir],
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled)])],
2016-05-05 09:14:30 +03:00
[ ENABLED_ECC_SHAMIR=$enableval ],
2018-03-07 20:41:07 +03:00
[ ENABLED_ECC_SHAMIR=yes ]
2016-05-05 09:14:30 +03:00
)
2015-03-31 23:28:49 +03:00
# ECC
2013-03-13 00:03:42 +04:00
AC_ARG_ENABLE([ecc],
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled)])],
2013-03-13 00:03:42 +04:00
[ ENABLED_ECC=$enableval ],
2018-03-07 20:41:07 +03:00
[ ENABLED_ECC=yes ]
2013-03-13 00:03:42 +04:00
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# lean psk doesn't need ecc
2015-04-01 19:37:41 +03:00
if test "$ENABLED_LEANPSK" = "yes"
2015-04-01 01:55:39 +03:00
then
ENABLED_ECC=no
fi
2017-11-13 12:12:18 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes"
2015-07-17 19:14:58 +03:00
then
ENABLED_ECC="yes"
fi
2013-03-13 00:03:42 +04:00
if test "$ENABLED_ECC" = "yes"
then
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2019-02-22 10:14:19 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes" && test "$ENABLED_LOWRESOURCE" = "no"
2016-05-05 09:14:30 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2013-03-13 00:03:42 +04:00
fi
2019-04-11 07:06:17 +03:00
2016-06-16 20:09:41 +03:00
# ECC Custom Curves
AC_ARG_ENABLE([ecccustcurves],
[AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
[ ENABLED_ECCCUSTCURVES=$enableval ],
[ ENABLED_ECCCUSTCURVES=no ]
)
2019-03-14 19:56:03 +03:00
if test "$ENABLED_ECCCUSTCURVES" != "no"
2016-06-16 20:09:41 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
2017-04-10 21:45:26 +03:00
2019-04-11 07:06:17 +03:00
# For distro, all or ecccustcurves=all builds, enable all curve types
2019-03-14 19:56:03 +03:00
if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all"
2017-04-10 21:45:26 +03:00
then
2019-03-14 19:56:03 +03:00
# Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves
2017-04-10 21:45:26 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
2019-03-14 19:56:03 +03:00
# Enable ECC Cofactor support
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH"
2019-04-11 07:06:17 +03:00
# If fastmath enabled and on x86 use speedups
if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521"
fi
2017-04-10 21:45:26 +03:00
fi
2016-06-16 20:09:41 +03:00
fi
2013-03-13 00:03:42 +04:00
2016-06-22 00:06:02 +03:00
# Compressed Key
AC_ARG_ENABLE([compkey],
[AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
[ ENABLED_COMPKEY=$enableval ],
[ ENABLED_COMPKEY=no ]
)
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_COMPKEY=yes
fi
2016-06-22 00:06:02 +03:00
if test "$ENABLED_COMPKEY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
fi
2015-06-06 00:39:37 +03:00
# for using memory optimization setting on both curve25519 and ed25519
2017-06-16 19:41:10 +03:00
ENABLED_CURVE25519_SMALL=no
ENABLED_ED25519_SMALL=no
2015-06-06 00:39:37 +03:00
2015-03-24 21:56:40 +03:00
# CURVE25519
AC_ARG_ENABLE([curve25519],
[AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
[ ENABLED_CURVE25519=$enableval ],
[ ENABLED_CURVE25519=no ]
2015-02-19 20:59:05 +03:00
)
2015-06-06 00:39:37 +03:00
2015-08-01 19:28:18 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_CURVE25519="yes"
fi
2017-11-09 22:05:28 +03:00
if test "$ENABLED_CURVE25519" != "no"
2015-06-06 00:39:37 +03:00
then
2017-11-09 22:05:28 +03:00
if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
ENABLED_CURVE25519_SMALL=yes
ENABLED_CURVE25519=yes
fi
2015-06-06 00:39:37 +03:00
2018-12-24 02:59:57 +03:00
if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes"
2017-11-09 22:05:28 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
ENABLED_CURVE25519=yes
fi
2017-07-14 20:39:30 +03:00
2015-03-24 21:56:40 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
2015-06-06 00:39:37 +03:00
ENABLED_FEMATH=yes
2015-02-19 20:59:05 +03:00
fi
2015-03-19 20:40:41 +03:00
# ED25519
AC_ARG_ENABLE([ed25519],
2015-03-19 22:48:32 +03:00
[AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
2015-03-19 20:40:41 +03:00
[ ENABLED_ED25519=$enableval ],
[ ENABLED_ED25519=no ]
)
2015-08-01 19:28:18 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_ED25519="yes"
fi
2017-11-09 22:05:28 +03:00
if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no"
2015-06-06 00:39:37 +03:00
then
2017-11-09 22:05:28 +03:00
if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"
ENABLED_ED25519_SMALL=yes
2018-01-17 02:59:01 +03:00
ENABLED_CURVE25519_SMALL=yes
2017-11-09 22:05:28 +03:00
ENABLED_ED25519=yes
fi
2015-06-06 00:39:37 +03:00
2015-03-19 20:40:41 +03:00
if test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])
fi
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
fi
# FP ECC, Fixed Point cache ECC
2013-09-07 01:24:31 +04:00
AC_ARG_ENABLE([fpecc],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
2013-09-07 01:24:31 +04:00
[ ENABLED_FPECC=$enableval ],
[ ENABLED_FPECC=no ]
)
if test "$ENABLED_FPECC" = "yes"
then
2013-11-08 03:59:31 +04:00
if test "$ENABLED_ECC" = "no"
then
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
2013-11-08 03:59:31 +04:00
fi
2013-09-07 01:24:31 +04:00
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
2013-11-08 03:59:31 +04:00
# ECC encrypt
AC_ARG_ENABLE([eccencrypt],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled)])],
2013-11-08 03:59:31 +04:00
[ ENABLED_ECC_ENCRYPT=$enableval ],
[ ENABLED_ECC_ENCRYPT=no ]
)
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
2013-11-08 03:59:31 +04:00
fi
if test "$ENABLED_HKDF" = "no"
then
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
2013-11-08 03:59:31 +04:00
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
fi
2015-08-13 11:20:47 +03:00
# PSK
2013-03-12 23:48:41 +04:00
AC_ARG_ENABLE([psk],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])],
2013-03-12 23:48:41 +04:00
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
2019-05-17 01:01:40 +03:00
# Single PSK identity
AC_ARG_ENABLE([psk-one-id],
[AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
[ ENABLED_PSK_ONE_ID=$enableval ],
[ ENABLED_PSK_ONE_ID=no ]
)
if test "$ENABLED_PSK_ONE_ID" = "yes"
then
if test "$ENABLED_PSK" = "no"
then
ENABLED_PSK="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSK_ONE_ID"
fi
2013-03-12 23:48:41 +04:00
2013-03-13 22:27:14 +04:00
# ERROR STRINGS
AC_ARG_ENABLE([errorstrings],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])],
2013-03-13 22:27:14 +04:00
[ ENABLED_ERROR_STRINGS=$enableval ],
[ ENABLED_ERROR_STRINGS=yes ]
)
if test "$ENABLED_ERROR_STRINGS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off error strings if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-13 22:27:14 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no
fi
fi
2015-08-13 11:20:47 +03:00
# OLD TLS
2013-03-13 22:49:11 +04:00
AC_ARG_ENABLE([oldtls],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: enabled)])],
2013-03-13 22:49:11 +04:00
[ ENABLED_OLD_TLS=$enableval ],
[ ENABLED_OLD_TLS=yes ]
)
if test "$ENABLED_OLD_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off old if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-13 22:49:11 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no
fi
fi
2018-05-17 02:08:03 +03:00
# TLSv1.2
AC_ARG_ENABLE([tlsv12],
[AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])],
[ ENABLED_TLSV12=$enableval ],
[ ENABLED_TLSV12=yes ]
)
if test "$ENABLED_TLSV12" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS"
fi
2017-11-15 00:55:48 +03:00
# TLSv1.0
AC_ARG_ENABLE([tlsv10],
[AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])],
[ ENABLED_TLSV10=$enableval ],
[ ENABLED_TLSV10=no ]
)
if test "$ENABLED_TLSV10" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10"
fi
2015-08-13 11:20:47 +03:00
# SSLv3
AC_ARG_ENABLE([sslv3],
2015-08-20 14:22:30 +03:00
[AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
2015-08-13 11:20:47 +03:00
[ ENABLED_SSLV3=$enableval ],
[ ENABLED_SSLV3=no]
)
2018-07-26 22:53:21 +03:00
if test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SSLV3="yes"
fi
2015-08-13 11:20:47 +03:00
if test "$ENABLED_SSLV3" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
fi
# STACK SIZE info for examples
2013-03-28 22:28:38 +04:00
AC_ARG_ENABLE([stacksize],
2017-05-19 01:46:56 +03:00
[AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],
2013-03-28 22:28:38 +04:00
[ ENABLED_STACKSIZE=$enableval ],
[ ENABLED_STACKSIZE=no ]
)
if test "$ENABLED_STACKSIZE" = "yes"
then
AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
2013-06-20 00:04:43 +04:00
AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
2018-12-11 03:51:54 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE"
2013-03-28 22:28:38 +04:00
fi
2015-08-13 11:20:47 +03:00
# MEMORY
2013-03-13 00:31:14 +04:00
AC_ARG_ENABLE([memory],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])],
2013-03-13 00:31:14 +04:00
[ ENABLED_MEMORY=$enableval ],
[ ENABLED_MEMORY=yes ]
)
if test "$ENABLED_MEMORY" = "no"
then
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
2013-03-13 00:31:14 +04:00
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off memory cb if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-13 00:31:14 +04:00
then
2014-12-31 23:04:03 +03:00
# but don't turn on NO_WOLFSSL_MEMORY because using own
2013-03-13 00:31:14 +04:00
ENABLED_MEMORY=no
fi
fi
2017-05-20 00:24:38 +03:00
# MEMORY SIZE info
AC_ARG_ENABLE([trackmemory],
[AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])],
[ ENABLED_TRACKMEMORY=$enableval ],
[ ENABLED_TRACKMEMORY=no ]
)
if test "$ENABLED_TRACKMEMORY" = "yes"
then
if test "$ENABLED_MEMORY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY"
else
AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).])
fi
fi
2018-08-21 02:03:11 +03:00
# MEMORY usage logging
AC_ARG_ENABLE([memorylog],
[AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])],
[ ENABLED_MEMORYLOG=$enableval ],
[ ENABLED_MEMORYLOG=no ]
)
if test "$ENABLED_MEMORYLOG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG"
fi
2018-08-29 03:16:51 +03:00
# STACK usage logging
AC_ARG_ENABLE([stacklog],
[AS_HELP_STRING([--enable-stacklog],[Enable stack logging (default: disabled)])],
[ ENABLED_STACKLOG=$enableval ],
[ ENABLED_STACKLOG=no ]
)
if test "$ENABLED_STACKLOG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STACK_LOG -finstrument-functions"
fi
2017-05-20 00:24:38 +03:00
2015-08-13 11:20:47 +03:00
# RSA
2013-03-11 23:49:59 +04:00
AC_ARG_ENABLE([rsa],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled)])],
2013-03-11 23:49:59 +04:00
[ ENABLED_RSA=$enableval ],
[ ENABLED_RSA=yes ]
)
if test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off RSA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-11 23:49:59 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no
fi
fi
2018-12-06 10:27:10 +03:00
AC_ARG_ENABLE([oaep],
[AS_HELP_STRING([--enable-oaep],[Enable RSA OAEP (default: enabled)])],
[ ENABLED_OAEP=$enableval ],
[ ENABLED_OAEP=yes ]
)
if test "$ENABLED_OAEP" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RSA_OAEP"
fi
AC_ARG_ENABLE([rsapub],
[AS_HELP_STRING([--enable-rsapub],[Enable RSA Public Only (default: disabled)])],
[ ENABLED_RSAPUB=$enableval ],
[ ENABLED_RSAPUB=no ]
)
if test "$ENABLED_RSAPUB" = "yes"
then
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSA="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY"
fi
AC_ARG_ENABLE([rsavfy],
[AS_HELP_STRING([--enable-rsavfy],[Enable RSA Verify Inline Only (default: disabled)])],
[ ENABLED_RSAVFY=$enableval ],
[ ENABLED_RSAVFY=no ]
)
if test "$ENABLED_RSAVFY" = "yes"
then
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSA="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_ONLY"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_VERIFY_INLINE -DNO_SIG_WRAPPER"
fi
2013-03-11 23:49:59 +04:00
2017-05-18 08:32:06 +03:00
# RSA-PSS
AC_ARG_ENABLE([rsapss],
[ --enable-rsapss Enable RSA-PSS (default: disabled)],
[ ENABLED_RSAPSS=$enableval ],
[ ENABLED_RSAPSS=no ]
)
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSAPSS="no"
else
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_RSAPSS="yes"
fi
fi
if test "$ENABLED_RSAPSS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"
fi
2013-03-13 00:03:42 +04:00
# DH
AC_ARG_ENABLE([dh],
2015-04-01 02:23:28 +03:00
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
2013-03-13 00:03:42 +04:00
[ ENABLED_DH=$enableval ],
2015-03-27 20:23:15 +03:00
[ ENABLED_DH=yes ]
2013-03-13 00:03:42 +04:00
)
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_DH="yes"
fi
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off DH if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-13 00:03:42 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no
fi
fi
2014-12-01 22:44:32 +03:00
# Anonymous
AC_ARG_ENABLE([anon],
[AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
[ ENABLED_ANON=$enableval ],
[ ENABLED_ANON=no ]
)
2017-02-10 01:45:10 +03:00
if test "x$ENABLED_WPAS" = "xyes"
then
ENABLED_ANON=yes
fi
2014-12-01 22:44:32 +03:00
if test "x$ENABLED_ANON" = "xyes"
then
if test "x$ENABLED_DH" != "xyes"
then
AC_MSG_ERROR([Anonymous suite requires DH.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
fi
2013-03-12 23:48:41 +04:00
# ASN
2015-03-28 00:28:05 +03:00
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
# and no big int (unless dh is on)
2013-03-12 23:48:41 +04:00
AC_ARG_ENABLE([asn],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
2013-03-12 23:48:41 +04:00
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "no"
then
2015-03-28 00:28:05 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
2019-03-02 02:54:08 +03:00
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
2015-03-28 00:28:05 +03:00
then
2016-02-11 00:03:53 +03:00
# DH and ECC need bigint
2015-03-28 00:28:05 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
fi
2013-03-12 23:48:41 +04:00
else
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
2013-03-13 02:14:03 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
2013-03-12 23:48:41 +04:00
ENABLED_ASN=no
2018-09-25 22:16:59 +03:00
else
if test "$ENABLED_ASN" = "nocrypt"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
2018-09-26 23:56:10 +03:00
enable_pwdbased=no
2018-09-25 22:16:59 +03:00
fi
2013-03-12 23:48:41 +04:00
fi
fi
2018-12-06 10:27:10 +03:00
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && test "$ENABLED_ASN" = "no"
2013-03-12 23:48:41 +04:00
then
AC_MSG_ERROR([please disable rsa if disabling asn.])
fi
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
2016-02-11 00:03:53 +03:00
# DH and ECC need bigint
2018-12-06 10:27:10 +03:00
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
2013-03-13 02:14:03 +04:00
then
ENABLED_FASTMATH=no
ENABLED_SLOWMATH=no
fi
2013-03-12 23:48:41 +04:00
2013-03-12 04:07:37 +04:00
# AES
AC_ARG_ENABLE([aes],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])],
2013-03-12 04:07:37 +04:00
[ ENABLED_AES=$enableval ],
[ ENABLED_AES=yes ]
)
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
2015-07-17 18:30:25 +03:00
if test "$ENABLED_FORTRESS" = "yes"
then
AC_MSG_ERROR([fortress requires aes])
fi
2015-07-17 00:31:36 +03:00
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
fi
2015-03-28 07:30:27 +03:00
if test "$ENABLED_AESGCM" = "yes"
then
AC_MSG_ERROR([AESGCM requires AES.])
fi
if test "$ENABLED_AESCCM" = "yes"
then
AC_MSG_ERROR([AESCCM requires AES.])
fi
2016-12-04 17:23:51 +03:00
if test "$ENABLED_AESCTR" = "yes"
then
AC_MSG_ERROR([AESCTR requires AES.])
fi
2013-03-12 04:07:37 +04:00
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
ENABLED_AES=no
fi
fi
2013-03-13 00:12:10 +04:00
# CODING
AC_ARG_ENABLE([coding],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
2013-03-13 00:12:10 +04:00
[ ENABLED_CODING=$enableval ],
[ ENABLED_CODING=yes ]
)
if test "$ENABLED_CODING" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else
# turn off CODING if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no
fi
fi
2016-06-10 02:26:39 +03:00
# Base64 Encode
BASE64ENCODE_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
BASE64ENCODE_DEFAULT=yes
fi
AC_ARG_ENABLE([base64encode],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64)])],
2016-06-10 02:26:39 +03:00
[ ENABLED_BASE64ENCODE=$enableval ],
[ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
)
if test "$ENABLED_BASE64ENCODE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
fi
2018-03-22 20:36:56 +03:00
# Base16
AC_ARG_ENABLE([base16],
[AS_HELP_STRING([--enable-base16],[Enable Base16 encoding/decoding (default: disabled)])],
[ ENABLED_BASE16=$enableval ],
[ ENABLED_BASE16=no ]
)
if test "$ENABLED_BASE16" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE16"
fi
2013-03-12 20:46:15 +04:00
# DES3
AC_ARG_ENABLE([des3],
2016-09-15 21:17:30 +03:00
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
2013-03-12 20:46:15 +04:00
[ ENABLED_DES3=$enableval ],
2016-09-15 21:17:30 +03:00
[ ENABLED_DES3=no ]
2013-03-12 20:46:15 +04:00
)
2018-07-16 19:49:23 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
2018-07-16 23:09:45 +03:00
ENABLED_DES3="yes"
2018-07-16 19:49:23 +03:00
fi
2013-03-12 20:46:15 +04:00
2015-09-23 17:16:39 +03:00
# IDEA
AC_ARG_ENABLE([idea],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-idea],[Enable IDEA Cipher (default: disabled)])],
[ ENABLED_IDEA=$enableval ],
[ ENABLED_IDEA=no ]
)
2015-09-23 17:16:39 +03:00
if test "x$ENABLED_IDEA" = "xyes"
then
2017-05-19 20:54:13 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_IDEA"
2015-09-23 17:16:39 +03:00
fi
2015-08-13 11:20:47 +03:00
# ARC4
2013-03-12 04:13:24 +04:00
AC_ARG_ENABLE([arc4],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
2013-03-12 04:13:24 +04:00
[ ENABLED_ARC4=$enableval ],
2015-03-27 20:17:22 +03:00
[ ENABLED_ARC4=no ]
2013-03-12 04:13:24 +04:00
)
2017-02-10 01:45:10 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
2015-07-17 19:14:58 +03:00
then
ENABLED_ARC4="yes"
fi
2013-03-12 04:13:24 +04:00
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off ARC4 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-12 04:13:24 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no
fi
fi
2015-08-13 11:20:47 +03:00
# MD5
2013-03-12 04:37:08 +04:00
AC_ARG_ENABLE([md5],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])],
2013-03-12 04:37:08 +04:00
[ ENABLED_MD5=$enableval ],
[ ENABLED_MD5=yes ]
)
if test "$ENABLED_MD5" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off MD5 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-12 04:37:08 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
ENABLED_MD5=no
fi
fi
2015-08-13 11:20:47 +03:00
# SHA
2013-03-12 04:53:38 +04:00
AC_ARG_ENABLE([sha],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])],
2013-03-12 04:53:38 +04:00
[ ENABLED_SHA=$enableval ],
[ ENABLED_SHA=yes ]
)
if test "$ENABLED_SHA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off SHA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2013-03-12 04:53:38 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no
fi
fi
2016-05-24 03:50:36 +03:00
# CMAC
AC_ARG_ENABLE([cmac],
[AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
[ ENABLED_CMAC=$enableval ],
[ ENABLED_CMAC=no ]
)
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_CMAC=yes
fi
2016-05-24 03:50:36 +03:00
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
2017-08-31 02:50:15 +03:00
# AES-XTS
AC_ARG_ENABLE([xts],
[AS_HELP_STRING([--enable-xts],[Enable XTS (default: disabled)])],
[ ENABLED_XTS=$enableval ],
[ ENABLED_XTS=no ]
)
AS_IF([test "x$ENABLED_XTS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
2015-08-13 11:20:47 +03:00
# Web Server Build
2014-03-04 00:18:26 +04:00
AC_ARG_ENABLE([webserver],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
2014-03-04 00:18:26 +04:00
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
2018-04-10 18:38:14 +03:00
# Web Client Build (HTTP Client)
AC_ARG_ENABLE([webclient],
[AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])],
[ ENABLED_WEBCLIENT=$enableval ],
[ ENABLED_WEBCLIENT=no ]
)
if test "$ENABLED_WEBCLIENT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT"
fi
2014-03-04 00:18:26 +04:00
2013-03-12 04:01:05 +04:00
2015-08-13 11:20:47 +03:00
# HC128
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([hc128],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hc128],[Enable HC-128 (default: disabled)])],
2011-08-25 04:39:23 +04:00
[ ENABLED_HC128=$enableval ],
[ ENABLED_HC128=no ]
)
if test "$ENABLED_HC128" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
2011-09-29 00:19:05 +04:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
2011-08-25 04:39:23 +04:00
fi
2011-02-05 22:14:47 +03:00
2012-10-23 04:28:46 +04:00
# RABBIT
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([rabbit],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rabbit],[Enable RABBIT (default: disabled)])],
2012-10-23 04:28:46 +04:00
[ ENABLED_RABBIT=$enableval ],
[ ENABLED_RABBIT=no ]
)
if test "$ENABLED_RABBIT" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
fi
2015-03-06 20:15:33 +03:00
# FIPS
2014-03-19 20:43:57 +04:00
AC_ARG_ENABLE([fips],
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
2019-06-22 01:30:22 +03:00
[ENABLED_FIPS=$enableval],
[ENABLED_FIPS="no"])
2014-03-19 20:43:57 +04:00
2019-06-22 01:30:22 +03:00
AS_CASE([$ENABLED_FIPS],
2019-06-25 01:40:05 +03:00
["v2"],[FIPS_VERSION="v2"
ENABLED_FIPS=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
ENABLED_KEYGEN="yes"
ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
[ENABLED_AESCCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
[ENABLED_RSAPSS="yes"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
AS_IF([test "x$ENABLED_ECC" != "xyes"],
[ENABLED_ECC="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
[ENABLED_CMAC="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
[ENABLED_HKDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
],
["rand"],[
ENABLED_FIPS="yes"
FIPS_VERSION="rand"
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=2"
],
["no"],[FIPS_VERSION="none"],
[
ENABLED_FIPS="yes"
FIPS_VERSION="v1"
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
])
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
[AC_MSG_ERROR([FIPS requires Thread Local Storage])])
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" != "xrand"],
2019-06-22 01:30:22 +03:00
[
2019-06-25 01:40:05 +03:00
# Force enable the prerequisites.
2019-06-22 01:30:22 +03:00
AS_IF([test "x$ENABLED_SHA512" = "xno"],
[ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
2019-06-25 01:40:05 +03:00
AS_IF([test "x$ENABLED_AESGCM" = "xno"],
2019-06-22 01:30:22 +03:00
[ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
],
[
AS_IF([test "x$ENABLED_FORTRESS" = "xyes"],[ENABLED_DES3="yes"])
])
2014-03-19 20:43:57 +04:00
2018-02-23 02:17:08 +03:00
# SELFTEST
AC_ARG_ENABLE([selftest],
[AS_HELP_STRING([--enable-selftest],[Enable selftest, Will NOT work w/o CAVP selftest license (default: disabled)])],
[ ENABLED_SELFTEST=$enableval ],
[ ENABLED_SELFTEST=no ]
)
2019-03-02 02:54:08 +03:00
if test "x$ENABLED_SELFTEST" = "xyes"
2018-02-23 02:17:08 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST"
fi
2014-03-19 20:43:57 +04:00
2016-11-11 09:29:34 +03:00
# set sha224 default
SHA224_DEFAULT=no
2018-03-07 20:41:07 +03:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
2016-11-11 09:29:34 +03:00
then
2018-08-17 18:46:16 +03:00
if test "x$ENABLED_AFALG" = "xno" && test "x$ENABLED_DEVCRYPTO" = "xno" && ( test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2" )
2016-11-11 09:38:28 +03:00
then
SHA224_DEFAULT=yes
fi
2016-11-11 09:29:34 +03:00
fi
# SHA224
AC_ARG_ENABLE([sha224],
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)])],
2016-11-11 09:29:34 +03:00
[ ENABLED_SHA224=$enableval ],
[ ENABLED_SHA224=$SHA224_DEFAULT ]
)
if test "$ENABLED_SHA224" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
fi
2017-05-23 06:50:49 +03:00
# set sha3 default
SHA3_DEFAULT=no
2018-03-07 20:41:07 +03:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
2017-05-23 06:50:49 +03:00
then
2017-12-27 22:07:42 +03:00
if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2"
2017-05-23 06:50:49 +03:00
then
SHA3_DEFAULT=yes
fi
fi
# SHA3
AC_ARG_ENABLE([sha3],
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)])],
2017-05-23 06:50:49 +03:00
[ ENABLED_SHA3=$enableval ],
[ ENABLED_SHA3=$SHA3_DEFAULT ]
)
if test "$ENABLED_SHA3" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL"
ENABLED_SHA3="yes"
fi
2017-11-07 01:37:34 +03:00
if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
2017-05-23 06:50:49 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
fi
2015-04-12 21:01:16 +03:00
# set POLY1305 default
POLY1305_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
POLY1305_DEFAULT=no
fi
# POLY1305
AC_ARG_ENABLE([poly1305],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
[ ENABLED_POLY1305=$enableval ],
[ ENABLED_POLY1305=$POLY1305_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need poly1305
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2015-04-12 21:01:16 +03:00
then
ENABLED_POLY1305=no
fi
2018-12-24 02:59:57 +03:00
if test "$ENABLED_POLY1305" = "yes"
2015-04-12 21:01:16 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
fi
# set CHACHA default
CHACHA_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
CHACHA_DEFAULT=no
fi
# CHACHA
AC_ARG_ENABLE([chacha],
2017-11-07 01:37:34 +03:00
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
2015-04-12 21:01:16 +03:00
[ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need chacha
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
2015-04-12 21:01:16 +03:00
then
ENABLED_CHACHA=no
fi
2017-11-07 01:37:34 +03:00
if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
fi
2015-04-12 21:01:16 +03:00
if test "$ENABLED_CHACHA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
fi
2014-05-07 22:54:12 +04:00
# Hash DRBG
AC_ARG_ENABLE([hashdrbg],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])],
2014-05-07 22:54:12 +04:00
[ ENABLED_HASHDRBG=$enableval ],
2014-12-01 20:12:26 +03:00
[ ENABLED_HASHDRBG=yes ]
2014-05-07 22:54:12 +04:00
)
if test "x$ENABLED_HASHDRBG" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
else
2017-03-17 23:44:53 +03:00
# turn on Hash DRBG if FIPS is on
2017-03-17 23:29:03 +03:00
if test "x$ENABLED_FIPS" = "xyes"
2014-05-07 22:54:12 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
ENABLED_HASHDRBG=yes
2017-03-17 23:44:53 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
2014-05-07 22:54:12 +04:00
fi
fi
2015-08-13 11:20:47 +03:00
# Filesystem Build
2013-03-13 23:14:05 +04:00
AC_ARG_ENABLE([filesystem],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])],
2013-03-13 23:14:05 +04:00
[ ENABLED_FILESYSTEM=$enableval ],
[ ENABLED_FILESYSTEM=yes ]
2011-06-30 21:07:49 +04:00
)
2013-03-13 23:14:05 +04:00
if test "$ENABLED_FILESYSTEM" = "no"
2011-06-30 21:07:49 +04:00
then
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
2013-03-13 23:14:05 +04:00
else
# turn off filesystem if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no
fi
2011-06-30 21:07:49 +04:00
fi
2015-08-13 11:20:47 +03:00
# inline Build
2013-03-13 23:25:34 +04:00
AC_ARG_ENABLE([inline],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
2013-03-13 23:25:34 +04:00
[ ENABLED_INLINE=$enableval ],
[ ENABLED_INLINE=yes ]
2011-08-03 21:59:08 +04:00
)
2013-03-13 23:25:34 +04:00
if test "$ENABLED_INLINE" = "no"
2011-08-03 21:59:08 +04:00
then
2011-08-25 22:41:14 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
2011-08-03 21:59:08 +04:00
fi
2011-06-07 20:02:36 +04:00
2016-02-23 20:13:52 +03:00
# OCSP
AC_ARG_ENABLE([ocsp],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
2016-02-23 20:13:52 +03:00
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
)
2018-04-10 19:55:03 +03:00
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes"
2016-12-22 05:53:29 +03:00
then
ENABLED_OCSP=yes
fi
2016-02-23 20:13:52 +03:00
if test "$ENABLED_OCSP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
if test "$ENABLED_OCSP" = "yes"
then
# check openssl command tool for testing ocsp
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
if test "$HAVE_OPENSSL_CMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
else
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
fi
fi
2015-12-30 23:10:25 +03:00
# Certificate Status Request : a.k.a. OCSP Stapling
AC_ARG_ENABLE([ocspstapling],
[AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
2016-12-22 05:53:29 +03:00
then
2017-04-11 15:18:41 +03:00
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
2016-12-22 05:53:29 +03:00
fi
2015-12-30 23:10:25 +03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
2016-02-23 20:13:52 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
2015-12-30 23:10:25 +03:00
fi
# Certificate Status Request v2 : a.k.a. OCSP stapling v2
AC_ARG_ENABLE([ocspstapling2],
[AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
2016-12-22 05:53:29 +03:00
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
2015-12-30 23:10:25 +03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
2016-02-23 20:13:52 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
2015-12-30 23:10:25 +03:00
then
2016-02-23 20:13:52 +03:00
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
2015-12-30 23:10:25 +03:00
fi
fi
2015-07-21 22:56:47 +03:00
# CRL
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([crl],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crl],[Enable CRL (default: disabled)])],
2012-05-11 23:22:16 +04:00
[ ENABLED_CRL=$enableval ],
[ ENABLED_CRL=no ],
)
2016-12-22 05:53:29 +03:00
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
2016-12-22 05:53:29 +03:00
then
ENABLED_CRL=yes
fi
2012-05-11 23:22:16 +04:00
if test "$ENABLED_CRL" = "yes"
then
2012-06-05 22:31:00 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
2012-05-11 23:22:16 +04:00
fi
2012-06-05 22:31:00 +04:00
# CRL Monitor
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([crl-monitor],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])],
2012-06-05 22:31:00 +04:00
[ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ],
)
if test "$ENABLED_CRL_MONITOR" = "yes"
then
2012-11-16 22:47:13 +04:00
case $host_os in
2012-11-17 01:25:45 +04:00
*linux* | *darwin* | *freebsd*)
2012-11-16 22:47:13 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
*)
2016-12-07 18:07:27 +03:00
if test "x$ENABLED_DISTRO" = "xyes" ; then
ENABLED_CRL_MONITOR="no"
else
AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
fi
break;;
2012-11-16 22:47:13 +04:00
esac
2012-06-05 22:31:00 +04:00
fi
2015-09-28 19:06:30 +03:00
# USER CRYPTO
ENABLED_USER_CRYPTO="no"
ENABLED_USER_RSA="no"
AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
trycryptodir=""
AC_ARG_WITH([user-crypto],
[AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
[
CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
LIBS="$LIBS -lusercrypto"
if test "x$withval" != "xno" ; then
trycryptodir=$withval
fi
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
2015-09-28 19:06:30 +03:00
trycryptodir="/usr/local"
fi
LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
#Look for RSA Init function in usercrypto lib
AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
2019-03-02 02:54:08 +03:00
if test "x$user_rsa_linked" = "xyes" ; then
2015-09-28 19:06:30 +03:00
AC_MSG_NOTICE([User user_rsa.h being used])
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
ENABLED_USER_RSA=yes
ENABLED_USER_CRYPTO=yes
fi
#Display check and find result of link attempts
AC_MSG_CHECKING([for USER_CRYPTO])
2019-03-02 02:54:08 +03:00
if test "x$ENABLED_USER_CRYPTO" = "xno" ; then
2015-09-28 19:06:30 +03:00
AC_MSG_RESULT([no])
AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
Specify its path using --with-user-crypto=/dir/])
else
AC_MSG_RESULT([yes])
# Check if .la is available if not then rely on exported path
AC_CHECK_FILE($trycryptodir/lib/libusercrypto.la, [LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"], [LIB_ADD="-lusercrypto $LIB_ADD"])
AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
fi
]
)
if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
then
AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
fi
2011-02-05 22:14:47 +03:00
# NTRU
2014-07-10 21:18:49 +04:00
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
2015-09-28 19:06:30 +03:00
[AS_HELP_STRING([--with-ntru=PATH],[Path to NTRU install (default /usr/)])],
2014-07-10 21:18:49 +04:00
[
AC_MSG_CHECKING([for NTRU])
2017-08-16 23:19:38 +03:00
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS"
2015-07-16 22:43:50 +03:00
LIBS="$LIBS -lntruencrypt"
2011-02-05 22:14:47 +03:00
2015-07-16 22:43:50 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
2014-07-10 21:18:49 +04:00
2019-03-02 02:54:08 +03:00
if test "x$ntru_linked" = "xno" ; then
2014-07-10 21:18:49 +04:00
if test "x$withval" != "xno" ; then
tryntrudir=$withval
fi
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
2014-07-10 21:18:49 +04:00
tryntrudir="/usr"
fi
2015-09-28 19:06:30 +03:00
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryntrudir/lib"
2014-07-10 21:18:49 +04:00
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
2015-07-16 22:43:50 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
2014-07-10 21:18:49 +04:00
2019-03-02 02:54:08 +03:00
if test "x$ntru_linked" = "xno" ; then
2014-07-10 21:18:49 +04:00
AC_MSG_ERROR([NTRU isn't found.
If it's already installed, specify its path using --with-ntru=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
else
AC_MSG_RESULT([yes])
fi
2017-08-16 23:19:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS"
2014-07-10 21:18:49 +04:00
ENABLED_NTRU="yes"
]
)
2011-02-05 22:14:47 +03:00
2011-06-07 20:02:36 +04:00
2017-08-16 23:19:38 +03:00
# QSH
AC_ARG_ENABLE([qsh],
[AS_HELP_STRING([--enable-qsh],[Enable QSH (default: disabled)])],
[ ENABLED_QSH=$enableval ],
[ ENABLED_QSH=no ]
)
if test "x$ENABLED_QSH" = "xyes"
then
if test "x$ENABLED_NTRU" = "xno"
then
AC_MSG_ERROR([cannot enable qsh without NTRU])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_QSH"
fi
2016-05-06 00:31:25 +03:00
# Whitewood netRandom client library
ENABLED_WNR="no"
trywnrdir=""
AC_ARG_WITH([wnr],
[AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
[
AC_MSG_CHECKING([for Whitewood netRandom])
CPPFLAGS="$CPPFLAGS -DHAVE_WNR"
LIBS="$LIBS -lwnr"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
2019-03-02 02:54:08 +03:00
if test "x$wnr_linked" = "xno" ; then
2016-05-06 00:31:25 +03:00
if test "x$withval" != "xno" ; then
trywnrdir=$withval
fi
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
2016-05-06 00:31:25 +03:00
trywnrdir="/usr/local"
fi
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
CPPFLAGS="$CPPFLAGS -I$trywnrdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
2019-03-02 02:54:08 +03:00
if test "x$wnr_linked" = "xno" ; then
2016-05-06 00:31:25 +03:00
AC_MSG_ERROR([Whitewood netRandom isn't found.
If it's already installed, specify its path using --with-wnr=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
ENABLED_WNR="yes"
]
)
2013-05-22 01:37:50 +04:00
# SNI
AC_ARG_ENABLE([sni],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sni],[Enable SNI (default: disabled)])],
2013-05-22 01:37:50 +04:00
[ ENABLED_SNI=$enableval ],
[ ENABLED_SNI=no ]
)
if test "x$ENABLED_SNI" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
fi
2013-06-19 22:45:06 +04:00
# Maximum Fragment Length
AC_ARG_ENABLE([maxfragment],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])],
2013-06-19 22:45:06 +04:00
[ ENABLED_MAX_FRAGMENT=$enableval ],
[ ENABLED_MAX_FRAGMENT=no ]
)
2015-10-14 01:00:53 +03:00
# ALPN
AC_ARG_ENABLE([alpn],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])],
2015-10-14 01:00:53 +03:00
[ ENABLED_ALPN=$enableval ],
[ ENABLED_ALPN=no ]
)
if test "x$ENABLED_ALPN" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
# Maximum Fragment Length
2013-06-19 22:45:06 +04:00
if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
fi
2018-09-28 19:05:59 +03:00
# Trusted CA Indication Extension
AC_ARG_ENABLE([trustedca],
[AS_HELP_STRING([--enable-trustedca],[Enable Trusted CA Indication (default: disabled)])],
[ ENABLED_TRUSTED_CA=$enableval ],[ ENABLED_TRUSTED_CA=no ])
AS_IF([test "x$ENABLED_TRUSTED_CA" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUSTED_CA"])
2013-07-23 22:42:43 +04:00
# Truncated HMAC
AC_ARG_ENABLE([truncatedhmac],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])],
2013-07-23 22:42:43 +04:00
[ ENABLED_TRUNCATED_HMAC=$enableval ],
[ ENABLED_TRUNCATED_HMAC=no ]
)
if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
fi
2014-09-17 03:33:17 +04:00
# Renegotiation Indication - (FAKE Secure Renegotiation)
2014-01-21 18:36:06 +04:00
AC_ARG_ENABLE([renegotiation-indication],
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])],
2014-01-21 18:36:06 +04:00
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
[ ENABLED_RENEGOTIATION_INDICATION=no ]
)
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
2014-09-06 01:29:18 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
2014-01-21 18:36:06 +04:00
fi
2014-09-17 03:33:17 +04:00
# Secure Renegotiation
AC_ARG_ENABLE([secure-renegotiation],
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
2014-09-17 03:33:17 +04:00
[ ENABLED_SECURE_RENEGOTIATION=$enableval ],
[ ENABLED_SECURE_RENEGOTIATION=no ]
)
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
then
2014-10-02 21:18:11 +04:00
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
fi
2018-11-28 04:33:49 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
2014-09-17 03:33:17 +04:00
fi
2019-06-28 08:30:35 +03:00
# Fallback SCSV
AC_ARG_ENABLE([fallback-scsv],
[AS_HELP_STRING([--enable-fallback-scsv],[Enable Fallback SCSV (default: disabled)])],
[ ENABLED_FALLBACK_SCSV=$enableval ],
[ ENABLED_FALLBACK_SCSV=no ]
)
if test "x$ENABLED_FALLBACK_SCSV" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FALLBACK_SCSV"
fi
2014-02-03 23:11:57 +04:00
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
2016-09-16 23:26:56 +03:00
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
[ENABLED_SUPPORTED_CURVES=$enableval],
2018-03-07 20:41:07 +03:00
[ENABLED_SUPPORTED_CURVES=yes])
2013-08-26 19:44:50 +04:00
2014-02-03 23:11:57 +04:00
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
2013-08-26 19:44:50 +04:00
then
2018-07-23 03:20:18 +03:00
AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno"],
2016-09-16 23:26:56 +03:00
[ENABLED_SUPPORTED_CURVES=no],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
2013-08-26 19:44:50 +04:00
fi
2019-02-18 03:57:12 +03:00
# Diffie-Hellman
if test "$ENABLED_DH" = "yes"
then
if test "$ENABLED_TLS13" = "yes" || test "$ENABLED_SUPPORTED_CURVES" = "yes"
then
AM_CFLAGS="-DHAVE_FFDHE_2048 $AM_CFLAGS"
fi
fi
# FFDHE parameters only
AC_ARG_ENABLE([ffdhe-only],
[AS_HELP_STRING([--enable-ffdhe-only],[Enable using only FFDHE in client (default: disabled)])],
[ ENABLED_FFDHE_ONLY=$enableval ],
[ ENABLED_FFDHE_ONLY=no ]
)
if test "x$ENABLED_FFDHE_ONLY" = "xyes"
then
if test "$ENABLED_DH" = "no"
then
AC_MSG_ERROR([FFDHE only support requires DH support])
fi
if test "$ENABLED_SUPPORTED_CURVES" = "no"
then
AC_MSG_ERROR([FFDHE only support requires Supported Curves extension])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
fi
2014-09-29 23:43:28 +04:00
# Session Ticket Extension
AC_ARG_ENABLE([session-ticket],
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
2014-09-29 23:43:28 +04:00
[ ENABLED_SESSION_TICKET=$enableval ],
[ ENABLED_SESSION_TICKET=no ]
)
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
2016-12-22 05:53:29 +03:00
then
ENABLED_SESSION_TICKET=yes
fi
2014-09-29 23:43:28 +04:00
if test "x$ENABLED_SESSION_TICKET" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
2016-09-02 00:12:54 +03:00
# Extended Master Secret Extension
AC_ARG_ENABLE([extended-master],
2016-09-10 09:16:52 +03:00
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
2016-09-02 00:12:54 +03:00
[ ENABLED_EXTENDED_MASTER=$enableval ],
2016-09-10 09:16:52 +03:00
[ ENABLED_EXTENDED_MASTER=yes ]
2016-09-02 00:12:54 +03:00
)
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
then
2016-09-10 09:16:52 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
2016-09-02 00:12:54 +03:00
fi
2013-06-19 22:45:06 +04:00
# TLS Extensions
AC_ARG_ENABLE([tlsx],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])],
2013-06-19 22:45:06 +04:00
[ ENABLED_TLSX=$enableval ],
[ ENABLED_TLSX=no ]
)
2017-11-13 12:12:18 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes"
2016-12-22 05:53:29 +03:00
then
ENABLED_TLSX=yes
fi
2013-06-19 22:45:06 +04:00
if test "x$ENABLED_TLSX" = "xyes"
then
2016-09-16 23:26:56 +03:00
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_ALPN=yes
2018-09-28 19:05:59 +03:00
ENABLED_TRUSTED_CA=yes
2019-08-22 02:33:38 +03:00
ENABLED_ENCRYPT_THEN_MAC=yes
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-20 03:11:10 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
2016-09-16 23:26:56 +03:00
# Check the ECC supported curves prereq
2018-07-23 03:20:18 +03:00
AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes"],
2016-09-16 23:26:56 +03:00
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
2013-06-19 22:45:06 +04:00
fi
2011-02-05 22:14:47 +03:00
2017-06-19 04:37:10 +03:00
# Early Data handshake in TLS v1.3 and above
AC_ARG_ENABLE([earlydata],
[AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])],
2017-06-22 05:40:41 +03:00
[ ENABLED_TLS13_EARLY_DATA=$enableval ],
[ ENABLED_TLS13_EARLY_DATA=no ]
2017-06-19 04:37:10 +03:00
)
2018-09-03 01:48:28 +03:00
if test "$ENABLED_TLS13_EARLY_DATA" = "group"
then
ENABLED_TLS13_EARLY_DATA="yes"
# Group EarlyData with ClientHello
AM_CFLAGS="-DWOLFSSL_EARLY_DATA_GROUP $AM_CFLAGS"
fi
2017-06-22 05:40:41 +03:00
if test "$ENABLED_TLS13_EARLY_DATA" = "yes"
2017-06-19 04:37:10 +03:00
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling tls13.])
fi
if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
fi
AM_CFLAGS="-DWOLFSSL_EARLY_DATA $AM_CFLAGS"
fi
2018-08-28 08:37:15 +03:00
if test "$ENABLED_TLSV12" = "no" && test "$ENABLED_TLS13" = "yes" && test "x$ENABLED_SESSION_TICKET" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE"
fi
2017-06-19 04:37:10 +03:00
2018-09-03 01:48:28 +03:00
2014-01-11 03:11:17 +04:00
# PKCS7
2014-01-11 02:17:03 +04:00
AC_ARG_ENABLE([pkcs7],
2016-09-15 21:17:30 +03:00
[AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
2014-01-11 02:17:03 +04:00
[ ENABLED_PKCS7=$enableval ],
2014-01-11 03:11:17 +04:00
[ ENABLED_PKCS7=no ],
2014-01-11 02:17:03 +04:00
)
2014-01-27 23:35:43 +04:00
2017-10-05 01:24:22 +03:00
# wolfSSH Options
AC_ARG_ENABLE([ssh],
[AS_HELP_STRING([--enable-ssh],[Enable wolfSSH options (default: disabled)])],
[ ENABLED_WOLFSSH=$enableval ],
[ ENABLED_WOLFSSH=no ]
)
2014-01-27 23:35:43 +04:00
# Simple Certificate Enrollment Protocol (SCEP)
AC_ARG_ENABLE([scep],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])],
2014-01-27 23:35:43 +04:00
[ ENABLED_WOLFSCEP=$enableval ],
[ ENABLED_WOLFSCEP=no ]
)
2015-08-13 11:20:47 +03:00
# Secure Remote Password
AC_ARG_ENABLE([srp],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])],
2015-08-13 11:20:47 +03:00
[ ENABLED_SRP=$enableval ],
[ ENABLED_SRP=no ]
)
if test "x$ENABLED_SRP" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
2018-02-19 06:40:18 +03:00
# Indefinite length encoded BER message support
AC_ARG_ENABLE([indef],
[AS_HELP_STRING([--enable-indef],[Enable parsing of indefinite length encoded msgs (default: disabled)])],
[ ENABLED_BER_INDEF=$enableval ],
[ ENABLED_BER_INDEF=no ]
)
if test "x$ENABLED_BER_INDEF" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER"
fi
2015-08-13 11:20:47 +03:00
2018-07-17 02:36:49 +03:00
# Small Stack - Cache on object
AC_ARG_ENABLE([smallstackcache],
[AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])],
[ ENABLED_SMALL_STACK_CACHE=$enableval ],
[ ENABLED_SMALL_STACK_CACHE=no ]
)
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK_CACHE"
fi
2014-04-15 19:46:43 +04:00
# Small Stack
AC_ARG_ENABLE([smallstack],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])],
2014-04-15 19:46:43 +04:00
[ ENABLED_SMALL_STACK=$enableval ],
2014-05-12 15:34:19 +04:00
[ ENABLED_SMALL_STACK=no ]
2014-04-15 19:46:43 +04:00
)
2018-07-17 02:36:49 +03:00
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
then
ENABLED_SMALL_STACK=yes
fi
2014-04-16 20:25:51 +04:00
if test "x$ENABLED_SMALL_STACK" = "xyes"
2014-04-15 19:46:43 +04:00
then
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
2014-04-15 19:46:43 +04:00
fi
2012-12-05 09:28:18 +04:00
#valgrind
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([valgrind],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])],
2012-12-05 09:28:18 +04:00
[ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ]
)
if test "$ENABLED_VALGRIND" = "yes"
then
2012-12-13 02:33:21 +04:00
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
2012-12-05 09:28:18 +04:00
2013-05-17 03:20:51 +04:00
if test "$HAVE_VALGRIND" = "no"
then
2012-12-05 09:28:18 +04:00
AC_MSG_ERROR([Valgrind not found.])
fi
enable_shared=no
2013-03-28 02:17:21 +04:00
enable_static=yes
2013-01-05 03:52:46 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
2012-12-05 09:28:18 +04:00
fi
2015-08-13 11:20:47 +03:00
# Test certs, use internal cert functions for extra testing
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([testcert],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])],
2011-06-04 00:01:45 +04:00
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
)
if test "$ENABLED_TESTCERT" = "yes"
then
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
2011-06-04 00:01:45 +04:00
fi
2014-03-14 05:54:51 +04:00
# I/O Pool, an example to show user how to override memory handler and use
# a pool for the input/output buffer requests
AC_ARG_ENABLE([iopool],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])],
2014-03-14 05:54:51 +04:00
[ ENABLED_IOPOOL=$enableval ],
[ ENABLED_IOPOOL=no ]
)
if test "$ENABLED_IOPOOL" = "yes"
then
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
fi
2015-08-13 11:20:47 +03:00
# Certificate Service Support
2014-02-12 01:08:12 +04:00
AC_ARG_ENABLE([certservice],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
2014-02-12 01:08:12 +04:00
[ ENABLED_CERT_SERVICE=$enableval ],
[ ENABLED_CERT_SERVICE=no ]
)
if test "$ENABLED_CERT_SERVICE" = "yes"
then
2014-02-13 20:53:12 +04:00
# Requires ecc,certgen, and opensslextra make sure on
2014-02-12 01:08:12 +04:00
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
2014-02-12 01:08:12 +04:00
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2016-11-22 22:25:40 +03:00
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2014-02-12 01:08:12 +04:00
fi
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2014-02-13 20:53:12 +04:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
2014-02-12 01:08:12 +04:00
fi
2015-10-15 22:27:43 +03:00
# wolfSSL JNI
AC_ARG_ENABLE([jni],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])],
2015-10-15 22:27:43 +03:00
[ ENABLED_JNI=$enableval ],
[ ENABLED_JNI=no ]
)
if test "$ENABLED_JNI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
# Enable prereqs if not already enabled
if test "x$ENABLED_DTLS" = "xno"
then
ENABLED_DTLS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
2016-12-07 18:07:27 +03:00
if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
2015-10-15 22:27:43 +03:00
then
ENABLED_CRL_MONITOR="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
fi
if test "x$ENABLED_SAVESESSION" = "xno"
then
ENABLED_SAVESESSION="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
if test "x$ENABLED_SAVECERT" = "xno"
then
ENABLED_SAVECERT="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
if test "x$ENABLED_ATOMICUSER" = "xno"
then
ENABLED_ATOMICUSER="yes"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2016-11-22 22:25:40 +03:00
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2015-10-15 22:27:43 +03:00
fi
if test "x$ENABLED_PKCALLBACKS" = "xno"
then
ENABLED_PKCALLBACKS="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
if test "x$ENABLED_DH" = "xno"
then
ENABLED_DH="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
fi
if test "x$ENABLED_PSK" = "xno"
then
ENABLED_PSK="yes"
fi
2019-03-06 23:28:53 +03:00
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
2015-10-15 22:27:43 +03:00
fi
2015-07-09 18:14:33 +03:00
# lighty Support
AC_ARG_ENABLE([lighty],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
2015-07-09 18:14:33 +03:00
[ ENABLED_LIGHTY=$enableval ],
[ ENABLED_LIGHTY=no ]
)
if test "$ENABLED_LIGHTY" = "yes"
then
# Requires opensslextra make sure on
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2015-07-09 18:14:33 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
fi
2016-12-22 05:53:29 +03:00
if test "$ENABLED_NGINX" = "yes"
then
2018-06-25 08:24:40 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX -DWOLFSSL_SIGNER_DER_CERT"
2016-12-22 05:53:29 +03:00
fi
2017-03-28 14:28:36 +03:00
if test "$ENABLED_HAPROXY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
# Requires opensslextra make sure on
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2017-03-28 14:28:36 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
2017-11-13 12:12:18 +03:00
if test "$ENABLED_SIGNAL" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL"
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
2018-09-26 01:14:57 +03:00
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
2017-04-11 15:18:41 +03:00
then
2016-12-22 05:53:29 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
2017-02-09 09:28:32 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
2016-12-22 05:53:29 +03:00
fi
2018-07-02 19:48:02 +03:00
# Asio Support
AC_ARG_ENABLE([asio],
[AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])],
[ ENABLED_ASIO=$enableval ],
[ ENABLED_ASIO=no ]
)
if test "$ENABLED_ASIO" = "yes"
then
2018-08-02 05:45:09 +03:00
# Requires opensslextra and opensslall
2018-07-02 19:48:02 +03:00
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
2018-08-02 05:45:09 +03:00
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS"
2018-07-02 19:48:02 +03:00
fi
2018-07-18 21:09:12 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN"
2018-08-02 05:45:09 +03:00
AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA"
2018-07-12 20:59:58 +03:00
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2 -DSSL_TXT_TLSV1_1"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3"
if test "$ENABLED_TLSV10" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1"
fi
2018-07-02 19:48:02 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
fi
2016-12-22 05:53:29 +03:00
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-20 03:11:10 +03:00
# Apache HTTPD
AC_ARG_ENABLE([apachehttpd],
[AS_HELP_STRING([--enable-apachehttpd],[Enable Apache httpd (default: disabled)])],
[ ENABLED_APACHE_HTTPD=$enableval ],
[ ENABLED_APACHE_HTTPD=no ]
)
if test "$ENABLED_APACHE_HTTPD" = "yes"
then
# Requires opensslextra and opensslall
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APACHE_HTTPD"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
# Requires ALPN
if test "x$ENABLED_ALPN" = "xno"
then
ENABLED_ALPN="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
# Requires CRL
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
fi
# Requires Certificate Generation, Request and Extensions
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
# Requires Secure Renegotiation
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
fi
fi
# Encrypt-Then-Mac
AC_ARG_ENABLE([enc-then-mac],
[AS_HELP_STRING([--enable-enc-then-mac],[Enable Encryptr-Then-Mac extension (default: enabled)])],
[ ENABLED_ENCRYPT_THEN_MAC=$enableval ],
[ ENABLED_ENCRYPT_THEN_MAC=yes ]
)
if test "x$ENABLED_APACHE_HTTPD" = "xyes"
then
ENABLED_ENCRYPT_THEN_MAC=no
fi
if test "x$ENABLED_TLSX" = "xyes"
then
ENABLED_ENCRYPT_THEN_MAC=yes
fi
2019-10-01 23:00:55 +03:00
AS_IF([test "x$ENABLED_SNIFFER" == "xyes"],[ENABLED_ENCRYPT_THEN_MAC="no"])
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-20 03:11:10 +03:00
if test "x$ENABLED_ENCRYPT_THEN_MAC" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ENCRYPT_THEN_MAC"
fi
2015-07-14 23:56:26 +03:00
# stunnel Support
AC_ARG_ENABLE([stunnel],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])],
2015-07-14 23:56:26 +03:00
[ ENABLED_STUNNEL=$enableval ],
[ ENABLED_STUNNEL=no ]
)
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_STUNNEL="yes"
fi
2015-07-14 23:56:26 +03:00
if test "$ENABLED_STUNNEL" = "yes"
then
# Requires opensslextra make sure on
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
2015-07-14 23:56:26 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
2015-08-12 19:10:30 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
2015-07-14 23:56:26 +03:00
# Requires coding make sure on
if test "x$ENABLED_CODING" = "xno"
then
ENABLED_CODING="yes"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
2015-07-17 02:46:37 +03:00
# Requires crls, make sure on
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
2015-08-13 05:38:51 +03:00
2016-10-05 22:17:26 +03:00
# Requires DES3, make sure on
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
2015-08-13 05:38:51 +03:00
# Requires tlsx, make sure on
if test "x$ENABLED_TLSX" = "xno"
then
ENABLED_TLSX="yes"
2017-06-13 19:44:14 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
# Check the ECC supported curves prereq
2018-07-23 03:20:18 +03:00
AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes"],
2017-06-13 19:44:14 +03:00
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
2015-08-13 05:38:51 +03:00
fi
2015-08-28 02:44:55 +03:00
# Requires ecc make sure on
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
2015-10-12 18:25:54 +03:00
ENABLED_ECC="yes"
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
2016-11-22 22:25:40 +03:00
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
2015-08-28 02:44:55 +03:00
fi
2019-10-24 01:51:19 +03:00
2019-08-22 02:06:33 +03:00
# Requires wolfSSL_OBJ_txt2nid
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
2019-10-24 01:51:19 +03:00
2019-08-22 02:06:33 +03:00
# Requires certgen
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
2015-08-28 02:44:55 +03:00
2015-08-12 19:10:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
2016-12-22 05:53:29 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
2019-08-22 02:06:33 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
2015-07-14 23:56:26 +03:00
fi
2015-08-27 20:05:29 +03:00
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
&& test "x$ENABLED_STUNNEL" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
if test "$ENABLED_PSK" = "no" && \
(test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
then
ENABLED_PSK=yes
fi
2015-07-14 23:56:26 +03:00
# MD4
AC_ARG_ENABLE([md4],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
2015-07-14 23:56:26 +03:00
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes"
then
ENABLED_MD4="yes"
else
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
fi
2015-07-09 18:14:33 +03:00
2018-03-31 01:48:15 +03:00
# Encrypted keys
AC_ARG_ENABLE([enckeys],
[AS_HELP_STRING([--enable-enckeys],[Enable PEM encrypted private key support (default: disabled)])],
[ ENABLED_ENCKEYS=$enableval ],
[ ENABLED_ENCKEYS=no ]
)
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
then
ENABLED_ENCKEYS=yes
fi
if test "$ENABLED_ENCKEYS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ENCRYPTED_KEYS"
fi
2015-02-16 20:54:55 +03:00
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
AC_ARG_ENABLE([pwdbased],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
2015-02-16 20:54:55 +03:00
[ ENABLED_PWDBASED=$enableval ],
[ ENABLED_PWDBASED=no ]
)
if test "$ENABLED_PWDBASED" = "no"
then
2018-07-02 19:48:02 +03:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes"
2015-02-16 20:54:55 +03:00
then
2018-07-02 19:48:02 +03:00
# opensslextra, opensslall, webserver, and enckeys needs pwdbased
2015-02-16 20:54:55 +03:00
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
fi
fi
2016-12-14 09:47:54 +03:00
AC_ARG_ENABLE([scrypt],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])],
2016-12-14 09:47:54 +03:00
[ ENABLED_SCRYPT=$enableval ],
[ ENABLED_SCRYPT=no ]
)
if test "$ENABLED_SCRYPT" = "yes"
then
if test "$ENABLED_PWDBASED" = "no"
then
AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
fi
2015-09-11 02:24:25 +03:00
# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])
2019-06-25 01:40:05 +03:00
AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
2015-09-11 02:24:25 +03:00
if test "$ENABLED_CRYPTONLY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
fi
2016-02-11 00:03:53 +03:00
if test "x$ENABLED_CRYPTONLY" = "xno"
then
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
if test "x$ENABLED_ECC" = "xyes" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
2018-07-19 02:26:25 +03:00
if test "$ENABLED_AFALG" = "yes"
then
# for TLS connections the intermediate hash needs to store buffer
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH_KEEP"
fi
2018-08-17 18:46:16 +03:00
if test "$ENABLED_DEVCRYPTO" = "yes"
then
# for TLS connections the intermediate hash needs to store buffer
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH_KEEP"
fi
2016-02-11 00:03:53 +03:00
fi
2013-07-01 23:10:59 +04:00
# set fastmath default
FASTMATH_DEFAULT=no
2018-03-07 20:41:07 +03:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
2013-07-01 23:10:59 +04:00
then
2015-07-18 00:05:04 +03:00
FASTMATH_DEFAULT=yes
2013-07-01 23:10:59 +04:00
fi
2018-12-06 10:27:10 +03:00
if test "$ENABLED_SP_MATH" = "yes"
then
FASTMATH_DEFAULT=no
fi
2013-07-01 23:10:59 +04:00
2013-03-13 02:14:03 +04:00
# fastmath
AC_ARG_ENABLE([fastmath],
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: enabled on x86_64/aarch64)])],
2013-03-13 02:14:03 +04:00
[ ENABLED_FASTMATH=$enableval ],
2013-07-01 23:10:59 +04:00
[ ENABLED_FASTMATH=$FASTMATH_DEFAULT]
2013-03-13 02:14:03 +04:00
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
2016-02-11 00:03:53 +03:00
# turn off fastmth if leanpsk on or asn off (w/o DH and ECC)
2013-03-19 02:32:04 +04:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
then
2018-12-06 10:27:10 +03:00
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
2015-03-28 00:28:05 +03:00
then
ENABLED_FASTMATH=no
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
2013-03-19 02:32:04 +04:00
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
2015-03-31 23:28:49 +03:00
if test "$host_cpu" = "x86_64"
then
# Have settings.h set FP_MAX_BITS higher if user didn't set directly
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
fi
2013-03-13 02:14:03 +04:00
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
2013-03-13 02:14:03 +04:00
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
2012-11-29 23:31:57 +04:00
# Enable Examples, used to disable examples
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([examples],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
2012-11-29 23:31:57 +04:00
[ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ]
)
2013-03-13 23:14:05 +04:00
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
2013-03-13 23:25:34 +04:00
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
2015-09-11 02:24:25 +03:00
AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
2019-06-20 23:37:53 +03:00
2012-11-29 23:31:57 +04:00
2016-02-04 23:06:24 +03:00
# Enable wolfCrypt test and benchmark
AC_ARG_ENABLE([crypttests],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])],
2016-02-04 23:06:24 +03:00
[ ENABLED_CRYPT_TESTS=$enableval ],
[ ENABLED_CRYPT_TESTS=yes ]
)
2013-01-30 04:22:49 +04:00
2011-02-05 22:14:47 +03:00
# LIBZ
2013-03-21 01:37:05 +04:00
ENABLED_LIBZ="no"
2011-02-05 22:14:47 +03:00
trylibzdir=""
2012-12-13 02:33:21 +04:00
AC_ARG_WITH([libz],
2011-02-05 22:14:47 +03:00
[ --with-libz=PATH PATH to libz install (default /usr/) ],
[
AC_MSG_CHECKING([for libz])
CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
LIBS="$LIBS -lz"
2011-08-25 02:54:58 +04:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
2011-02-05 22:14:47 +03:00
2019-03-02 02:54:08 +03:00
if test "x$libz_linked" = "xno" ; then
2011-02-05 22:14:47 +03:00
if test "x$withval" != "xno" ; then
trylibzdir=$withval
fi
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
2011-02-05 22:14:47 +03:00
trylibzdir="/usr"
fi
2018-09-27 00:16:32 +03:00
LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
2011-02-05 22:14:47 +03:00
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
2011-08-25 02:54:58 +04:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
2011-02-05 22:14:47 +03:00
2019-03-02 02:54:08 +03:00
if test "x$libz_linked" = "xno" ; then
2011-02-05 22:14:47 +03:00
AC_MSG_ERROR([libz isn't found.
If it's already installed, specify its path using --with-libz=/dir/])
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
2013-03-20 03:25:58 +04:00
ENABLED_LIBZ="yes"
2011-02-05 22:14:47 +03:00
]
)
2018-09-12 01:56:59 +03:00
# PKCS#11
AC_ARG_ENABLE([pkcs11],
[AS_HELP_STRING([--enable-pkcs11],[Enable pkcs11 access (default: disabled)])],
[ ENABLED_PKCS11=$enableval ],
[ ENABLED_PKCS11=no ]
)
if test "x$ENABLED_PKCS11" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11 -DHAVE_WOLF_BIGINT"
LIBS="$LIBS -ldl"
fi
2019-07-02 19:35:46 +03:00
# PKCS#12
AC_ARG_ENABLE([pkcs12],
[AS_HELP_STRING([--enable-pkcs12],[Enable pkcs12 (default: enabled)])],
[ ENABLED_PKCS12=$enableval ],
[ ENABLED_PKCS12=yes ]
)
if test "x$ENABLED_PKCS12" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PKCS12"
fi
AM_CONDITIONAL([BUILD_PKCS12], [test "x$ENABLED_PKCS12" = "xyes"])
2015-08-13 11:20:47 +03:00
# cavium
2013-01-30 04:22:49 +04:00
trycaviumdir=""
AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
LIB_ADD="-lrt $LIB_ADD"
2013-01-30 04:22:49 +04:00
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
2016-08-15 22:59:41 +03:00
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
2013-01-30 04:22:49 +04:00
2016-08-15 22:59:41 +03:00
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
2013-01-30 04:22:49 +04:00
2016-08-15 22:59:41 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
2013-01-30 04:22:49 +04:00
2019-03-02 02:54:08 +03:00
if test "x$cavium_linked" = "xno" ; then
2016-08-15 22:59:41 +03:00
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM"
2016-08-15 22:59:41 +03:00
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
],
[ ENABLED_CAVIUM=no ]
)
# cavium V
trycaviumdir=""
AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
2018-04-03 19:14:20 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt -lcrypto $LIB_ADD"
2016-08-15 22:59:41 +03:00
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
2016-08-15 22:59:41 +03:00
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
2018-04-03 19:14:20 +03:00
AC_CHECK_FILES([$trycaviumdir/lib/libnitrox.a], [AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS"], [ENABLED_CAVIUM_V=no])
LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD"
2016-08-15 22:59:41 +03:00
2018-04-03 19:14:20 +03:00
if test "$ENABLED_CAVIUM_V" = "no"; then
AC_MSG_ERROR([Could not find Nitrox library])
2016-08-15 22:59:41 +03:00
fi
enable_shared=no
enable_static=yes
2018-04-03 19:14:20 +03:00
enable_opensslextra=yes
2016-08-15 22:59:41 +03:00
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
[
ENABLED_CAVIUM_=no
ENABLED_CAVIUM_V=no
2013-01-30 04:22:49 +04:00
]
)
2019-10-04 21:21:56 +03:00
# Cavium Octeon
OCTEON_ROOT=""
2019-10-23 02:26:35 +03:00
: ${OCTEON_OBJ="obj-octeon2"}
2019-10-04 21:21:56 +03:00
AC_ARG_WITH([octeon-sync],
[AS_HELP_STRING([--with-octeon-sync=PATH],[PATH to Cavium Octeon SDK dir (sync)])],
[
AC_MSG_CHECKING([for octeon])
if test "x$withval" = "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-octeon])
fi
if test "x$withval" != "xno" ; then
OCTEON_ROOT=$withval
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM_OCTEON_SYNC"
AM_CFLAGS="$AM_CFLAGS -DOCTEON_MODEL=$OCTEON_MODEL -DCVMX_BUILD_FOR_LINUX_HOST"
AM_CFLAGS="$AM_CFLAGS -I$OCTEON_ROOT/executive"
#-I$OCTEON_ROOT/target/include
2019-10-24 01:01:41 +03:00
AM_LDFLAGS="$AM_LDFLAGS -lrt -Xlinker -T -Xlinker $OCTEON_ROOT/executive/cvmx-shared-linux.ld"
AM_LDFLAGS="$AM_LDFLAGS -L$OCTEON_ROOT/executive/$OCTEON_OBJ -lcvmx -lfdt"
2019-10-04 21:21:56 +03:00
enable_shared=no
enable_static=yes
ENABLED_OCTEON_SYNC=yes
AC_MSG_RESULT([yes])
],
[ENABLED_OCTEON_SYNC=no]
)
2018-12-04 23:54:11 +03:00
# Intel QuickAssist
QAT_DIR=""
BUILD_INTEL_QAT_VERSION=2
2019-10-02 20:08:46 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
AC_ARG_WITH([intelqa],
2019-10-02 20:08:46 +03:00
[AS_HELP_STRING([--with-intelqa=PATH],[PATH to Intel QuickAssist (QAT) driver dir])],
[ENABLED_INTEL_QA=yes; QAT_DIR=$withval],
[ENABLED_INTEL_QA=no])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
2019-10-02 20:08:46 +03:00
AC_ARG_WITH([intelqa-sync],
[AS_HELP_STRING([--with-intelqa-sync=PATH],[PATH to Intel QuickAssist (QAT) driver dir (sync)])],
[ENABLED_INTEL_QA_SYNC=yes; QAT_DIR=$withval],
[ENABLED_INTEL_QA_SYNC=no])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
2019-10-02 20:08:46 +03:00
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" && test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
[AC_MSG_ERROR([Both Intel QA Async and Sync are selected, only select one.])])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
2019-10-02 20:08:46 +03:00
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
[AC_MSG_CHECKING([for intelqa])
AS_IF([test "x$ENABLED_INTEL_QA" = "xyes"],
[AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"; intelqa_opt=""],
[AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA_SYNC -DQAT_USE_POLLING_THREAD -DO_CRYPTO -DUSER_SPACE"; intelqa_opt="-sync"])
OLD_LIBS="$LIBS"
OLD_CPPFLAGS="$CPPFLAGS"
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
2019-10-02 20:08:46 +03:00
AS_IF([test "x$QAT_DIR" = "xyes"],[AC_MSG_ERROR([need a PATH for --with-intelqa$intelqa_opt])])
2018-12-04 23:54:11 +03:00
2019-10-02 20:08:46 +03:00
AM_CPPFLAGS="$AM_CPPFLAGS -I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \
-I$QAT_DIR/quickassist/utilities/osal/src/linux/user_space/include -I$QAT_DIR/quickassist/lookaside/access_layer/include \
-I$QAT_DIR/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel \
-I$QAT_DIR/quickassist/utilities/libusdm_drv"
CPPFLAGS="$AM_CPPFLAGS"
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
2019-10-02 20:08:46 +03:00
LDFLAGS="$LDFLAGS -L$QAT_DIR/build"
LIBS="$LIBS -lqat_s -lusdm_drv_s"
2018-12-04 23:54:11 +03:00
2019-10-02 20:08:46 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
AS_IF([test "x$intelqa_linked" = "xno"],
[# Try old QAT driver libraries
LIBS="$OLD_LIBS -licp_qa_al_s"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
AS_IF([test "x$intelqa_linked" = "xno"],
[AC_MSG_ERROR([Intel QuickAssist not found. If it's already installed, specify its path using --with-intelqa$intelqa_opt=/dir/])],
[BUILD_INTEL_QAT_VERSION=1])
])
AC_MSG_RESULT([yes])
AS_IF([test "x$BUILD_INTEL_QAT_VERSION" == "x1"],
[LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"],
[LIB_ADD="-losal -lrt $LIB_ADD"])
CPPFLAGS="$OLD_CPPFLAGS"
])
2019-06-20 23:37:53 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
2019-01-25 05:03:08 +03:00
# Single Precision maths implementation
AC_ARG_ENABLE([sp],
[AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
[ ENABLED_SP=$enableval ],
[ ENABLED_SP=no ],
)
ENABLED_SP_RSA=no
ENABLED_SP_DH=no
ENABLED_SP_ECC=no
for v in `echo $ENABLED_SP | tr "," " "`
do
case $v in
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
yes)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
no)
;;
smallec256 | smallp256 | small256)
ENABLED_SP_ECC=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
;;
ec256 | p256 | 256)
ENABLED_SP_ECC=yes
;;
small2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
2048)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
smallrsa2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
rsa2048)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
small3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
3072)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
smallrsa3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
rsa3072)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
*)
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.])
break;;
esac
done
ENABLED_SP=no
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_RSA"
fi
if test "$ENABLED_DH" = "yes" && test "$ENABLED_SP_DH" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_DH"
fi
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SP_ECC" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_ECC"
fi
AC_ARG_ENABLE([sp-asm],
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
[ ENABLED_SP_ASM=$enableval ],
[ ENABLED_SP_ASM=no ],
)
if test "$ENABLED_SP_ASM" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
fi
if test "$ENABLED_ASM" = "no"; then
AC_MSG_ERROR([Assembly code turned off])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ASM"
case $host_cpu in
*aarch64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM"
ENABLED_SP_ARM64_ASM=yes
;;
*arm*)
if test $host_alias = "thumb"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM -mthumb -march=armv6"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
ENABLED_SP_ARM_THUMB_ASM=yes
else
if test $host_alias = "cortex"; then
2019-04-08 02:03:50 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM -mcpu=cortex-m4"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
2019-01-25 05:03:08 +03:00
ENABLED_SP_ARM_CORTEX_ASM=yes
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
ENABLED_SP_ARM32_ASM=yes
fi
fi
;;
*x86_64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM"
ENABLED_SP_X86_64_ASM=yes
;;
*)
AC_MSG_ERROR([ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm])
;;
esac
fi
AC_ARG_ENABLE([sp-math],
[AS_HELP_STRING([--enable-sp-math],[Enable Single Precision math implementation only (default: disabled)])],
[ ENABLED_SP_MATH=$enableval ],
[ ENABLED_SP_MATH=no ],
)
if test "$ENABLED_SP_MATH" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
fi
if test "$ENABLED_ECCCUSTCURVES" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and custom curves])
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and OpenSSL extra])
fi
if test "$ENABLED_DSA" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and DSA])
fi
if test "$ENABLED_SRP" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and SRP])
fi
if test "$ENABLED_SP_RSA" = "no" && test "$ENABLED_RSA" = "yes"; then
AC_MSG_ERROR([Cannot use P256 single precision only math and RSA])
fi
if test "$ENABLED_SP_DH" = "no" && test "$ENABLED_DH" = "yes"; then
AC_MSG_ERROR([Cannot use P256 single precision only math and DH])
fi
2019-09-19 02:08:15 +03:00
ENABLED_FASTMATH="no"
ENABLED_SLOWMATH="no"
2019-01-25 05:03:08 +03:00
fi
if test "$ENABLED_SP_MATH" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH"
fi
2015-09-28 19:06:30 +03:00
# Fast RSA using Intel IPP
ippdir="${srcdir}/IPP"
2015-11-30 09:34:58 +03:00
ipplib="lib" # if autoconf guesses 32bit system changes lib directory
fastRSA_found=no
abs_path=`pwd`
2015-09-28 19:06:30 +03:00
# set up variables used
IPPLIBS=
IPPHEADERS=
IPPLINK=
AC_ARG_ENABLE([fast-rsa],
[AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
[ ENABLED_FAST_RSA=$enableval ],
[ ENABLED_FAST_RSA=no ],
)
if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected
fi
2015-11-30 09:34:58 +03:00
# Use static IPP Libraries
if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
2015-09-28 19:06:30 +03:00
case $host_os in
*darwin*)
ipplib="$ipplib/mac_static"
AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
Dynamic IPP libraries supported on Mac])
break;;
*linux*)
ipplib="$ipplib/linux_static"
break;;
*)
ENABLED_FAST_RSA=no
esac
AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no])
AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
2015-11-30 09:34:58 +03:00
LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
2015-10-26 22:11:11 +03:00
if test "$ENABLED_FAST_RSA" = "no"; then
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
2015-09-28 19:06:30 +03:00
else
2015-11-30 09:34:58 +03:00
# Check for and use bundled IPP libraries
2015-09-28 19:06:30 +03:00
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_NOTICE([Using local IPP crypto library])
2015-11-30 09:34:58 +03:00
AC_CHECK_FILES([$abs_path/IPP/include/ippcp.h],
[
# build and default locations on linux and mac
STORE_LDFLAGS=${LDFLAGS}
STORE_CPPFLAGS=${CPPFLAGS}
# using LDFLAGS instead of AM_ temporarily to test link to library
LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
CPPFLAGS="-I$ippdir/include"
AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
2015-09-28 19:06:30 +03:00
name="$ippdir/$ipplib/libippcp"
2015-11-30 09:34:58 +03:00
case $host_os in
*darwin*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.dylib], [
IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
], [fastRSA_found=no])
break;;
*linux*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.so.9.0], [
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
else
IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
fi
], [fastRSA_found=no])
break;;
*)
fastRSA_found=no
esac
if test "$fastRSA_found" = "yes"; then
# was succesfull so add tested LDFLAGS to AM_ flags
AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
IPPHEADERS="${srcdir}/IPP/include/*.h"
2015-09-28 19:06:30 +03:00
fi
2015-11-30 09:34:58 +03:00
# restore LDFLAGS to user set
LDFLAGS=${STORE_LDFLAGS}
CPPFLAGS=${STORE_CPPFLAGS}
], [fastRSA_found=no])
fi
# Don't cache the result so it can be checked
AS_UNSET([ac_cv_header_ippcp_h])
AS_UNSET([ac_cv_header_ipp_h])
AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
# Check link and see if user has pre-existing IPP Libraries if not using local
if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
AC_MSG_NOTICE([Checking if IPP crypto library installed])
AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
[
fastRSA_found=yes
AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
], [ fastRSA_found=no])
], [fastRSA_found=no])
2015-10-26 22:11:11 +03:00
# Error out on not finding libraries
2015-11-30 09:34:58 +03:00
if test "$fastRSA_found" = "no"; then
2015-10-26 22:11:11 +03:00
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
2015-09-28 19:06:30 +03:00
fi
fi # end of if for shared library
else # if user rsa is set than do not use fast rsa option
2015-10-26 22:11:11 +03:00
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
fi
2015-11-30 09:34:58 +03:00
fi # end of if for user rsa crypto or fips
2015-09-28 19:06:30 +03:00
2015-11-30 09:34:58 +03:00
# End result of checking for IPP Libraries
2015-09-28 19:06:30 +03:00
AC_MSG_CHECKING([for fast RSA])
if test "$ENABLED_FAST_RSA" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
# add in user crypto header that uses Intel IPP
AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
if test "$enable_shared" = "yes"; then
2015-11-30 09:34:58 +03:00
LIBS="$LIBS -lippcore -lippcp"
2015-09-28 19:06:30 +03:00
LIB_ADD="-lippcp -lippcore $LIB_ADD"
else
LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
AC_SUBST([IPPLIBS])
AC_SUBST([IPPHEADERS])
AC_SUBST([IPPLINK])
2016-03-23 19:21:26 +03:00
# static memory use
AC_ARG_ENABLE([staticmemory],
[AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
[ ENABLED_STATICMEMORY=$enableval ],
[ ENABLED_STATICMEMORY=no ]
)
if test "x$ENABLED_STATICMEMORY" = "xyes"
then
2016-06-09 20:36:31 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
if test "x$ENABLED_FASTMATH" = "xno"
then
AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
fi
2019-02-22 10:14:19 +03:00
if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_SMALL"
fi
2016-03-23 19:21:26 +03:00
fi
2013-03-21 01:37:05 +04:00
# microchip api
AC_ARG_ENABLE([mcapi],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])],
2013-03-21 01:37:05 +04:00
[ ENABLED_MCAPI=$enableval ],
[ ENABLED_MCAPI=no ]
)
if test "$ENABLED_MCAPI" = "yes"
then
2016-12-04 17:23:51 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
if test "x$ENABLED_AESCTR" != "xyes"
then
# These flags are already implied by --enable-aesctr
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
2013-03-21 01:37:05 +04:00
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
fi
2013-03-22 00:20:23 +04:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
fi
2013-03-21 01:37:05 +04:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
then
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
fi
2016-03-04 21:05:22 +03:00
# Asynchronous Crypto
AC_ARG_ENABLE([asynccrypt],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])],
2016-03-04 21:05:22 +03:00
[ ENABLED_ASYNCCRYPT=$enableval ],
[ ENABLED_ASYNCCRYPT=no ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
2018-12-15 02:13:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT -DWOLFSSL_NO_HASH_RAW"
2016-11-22 22:25:40 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# if no async hardware then use simulator for testing
if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno"
2016-03-04 21:05:22 +03:00
then
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# Async threading is Linux specific
2016-03-04 21:05:22 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
fi
fi
2016-08-15 22:59:41 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# check for async if using Intel QuckAssist or Cavium
if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
2019-10-02 20:08:46 +03:00
AC_MSG_ERROR([Please enable asynchronous support using --enable-asynccrypt])
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
fi
fi
# Asynchronous threading
AC_ARG_ENABLE([asyncthreads],
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])],
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
[ ENABLED_ASYNCTHREADS=$enableval ],
[ ENABLED_ASYNCTHREADS=yes ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
then
AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
else
ENABLED_ASYNCTHREADS=no
fi
if test "$ENABLED_ASYNCTHREADS" = "yes"
then
LIB_ADD="-lpthread $LIB_ADD"
AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
fi
2016-08-15 22:59:41 +03:00
2016-03-04 21:05:22 +03:00
2019-03-20 21:01:24 +03:00
# cryptodev is old name, replaced with cryptocb
AC_ARG_ENABLE([cryptodev],
[AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])],
[ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ])
2019-01-17 22:01:14 +03:00
# Support for crypto callbacks
AC_ARG_ENABLE([cryptocb],
[AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])],
[ ENABLED_CRYPTOCB=$enableval ],
[ ENABLED_CRYPTOCB=no ]
2018-05-21 23:03:49 +03:00
)
2018-09-12 01:56:59 +03:00
if test "x$ENABLED_PKCS11" = "xyes"
then
2019-01-17 22:01:14 +03:00
ENABLED_CRYPTOCB=yes
2018-09-12 01:56:59 +03:00
fi
2019-01-17 22:01:14 +03:00
if test "$ENABLED_CRYPTOCB" = "yes"
2018-05-21 23:03:49 +03:00
then
2019-01-17 22:01:14 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB"
2018-05-21 23:03:49 +03:00
fi
2016-05-10 22:27:45 +03:00
# Session Export
AC_ARG_ENABLE([sessionexport],
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
[ ENABLED_SESSIONEXPORT=$enableval ],
[ ENABLED_SESSIONEXPORT=no ]
)
2019-07-26 23:54:44 +03:00
if test "$ENABLED_SESSIONEXPORT" = "yes" ||
test "$ENABLED_SESSIONEXPORT" = "nopeer"
2016-05-10 22:27:45 +03:00
then
if test "$ENABLED_DTLS" = "no"
then
AC_MSG_ERROR([Only DTLS supported with session export])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
2019-07-26 23:54:44 +03:00
if test "$ENABLED_SESSIONEXPORT" = "nopeer"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT_NOPEER"
fi
2016-05-10 22:27:45 +03:00
fi
2016-12-06 01:38:42 +03:00
# AES key wrap
AC_ARG_ENABLE([aeskeywrap],
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
[ ENABLED_AESKEYWRAP=$enableval ],
[ ENABLED_AESKEYWRAP=no ]
)
2017-03-30 04:53:35 +03:00
if test "$ENABLED_WPAS" = "yes" && test "$ENABLED_FIPS" = "no"
2017-02-10 01:45:10 +03:00
then
ENABLED_AESKEYWRAP="yes"
fi
2016-12-06 01:38:42 +03:00
if test "$ENABLED_AESKEYWRAP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
2017-09-26 04:47:36 +03:00
# Old name support for backwards compatibility
AC_ARG_ENABLE([oldnames],
[AS_HELP_STRING([--enable-oldnames],[Keep backwards compat with old names (default: enabled)])],
[ ENABLED_OLDNAMES=$enableval ],
[ ENABLED_OLDNAMES=yes ]
)
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
2018-05-31 01:10:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES"
2017-09-26 04:47:36 +03:00
fi
2018-07-27 20:16:14 +03:00
# Memory Tests
AC_ARG_ENABLE([memtest],
[AS_HELP_STRING([--enable-memtest],[Memory testing option, for internal use (default: disabled)])],
[ ENABLED_MEMTEST=$enableval ],
[ ENABLED_MEMTEST=no ]
)
if test "x$ENABLED_MEMTEST" != "xno"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_FORCE_MALLOC_FAIL_TEST"
fi
2019-08-27 23:28:33 +03:00
# Enable hash flags support
# Hash flags are useful for runtime options such as SHA3 KECCAK256 selection
AC_ARG_ENABLE([hashflags],
[AS_HELP_STRING([--enable-hashflags],[Enable support for hash flags (default: disabled)])],
[ ENABLED_HASHFLAGS=$enableval ],
[ ENABLED_HASHFLAGS=no ]
)
if test "x$ENABLED_HASHFLAGS" != "xno"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HASH_FLAGS"
fi
2019-04-30 21:45:48 +03:00
# User Settings
AC_ARG_ENABLE([usersettings],
[AS_HELP_STRING([--enable-usersettings],[Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)])],
[ ENABLED_USERSETTINGS=$enableval ],
[ ENABLED_USERSETTINGS=no ]
)
2018-03-28 23:17:25 +03:00
# Default optimization CFLAGS enable
AC_ARG_ENABLE([optflags],
[AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])],
[ ENABLED_OPTFLAGS=$enableval ],
[ ENABLED_OPTFLAGS=yes ]
2018-03-28 02:41:39 +03:00
)
2016-03-02 02:35:32 +03:00
# check if should run the trusted peer certs test
2016-03-12 19:37:32 +03:00
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
2016-03-02 02:35:32 +03:00
case $C_EXTRA_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
2016-03-12 19:37:32 +03:00
if test "$have_tp" = "no"; then
case $C_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
fi
2016-03-02 02:35:32 +03:00
2017-10-20 02:17:51 +03:00
# dertermine if we have key validation mechanism
if test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_RSA" = "xyes"
then
if test "x$ENABLED_ASN" = "xyes"
then
ENABLED_PKI="yes"
fi
fi
2019-08-16 19:33:41 +03:00
# When building for wolfRand, strip out all options to disable everything.
AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" = "xrand"],
[NEW_AM_CFLAGS="-DNO_AES -DNO_DH -DNO_ASN -DNO_RSA -DNO_SHA -DNO_MD5 -DNO_BIG_INT"
for v in $AM_CFLAGS
do
case $v in
-DHAVE_FFDHE_2048 | -DTFM_TIMING_RESISTANT | -DECC_TIMING_RESISTANT | \
-DWC_RSA_BLINDING | -DHAVE_AESGCM | -DWOLFSSL_SHA512 | -DWOLFSSL_SHA384 | \
-DHAVE_ECC | -DTFM_ECC256 | -DECC_SHAMIR | -DHAVE_TLS_EXTENSIONS | \
-DHAVE_SUPPORTED_CURVES | -DHAVE_EXTENDED_MASTER | -DUSE_FAST_MATH)
AS_ECHO(["ignoring $v"])
;;
*)
NEW_AM_CFLAGS="$NEW_AM_CFLAGS $v"
;;
esac
done
AM_CFLAGS=$NEW_AM_CFLAGS])
2016-02-23 21:19:04 +03:00
################################################################################
# Check for build-type conflicts #
################################################################################
2015-04-01 21:55:49 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_LEANPSK" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
2016-02-24 22:45:07 +03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_ASN" = "xno"],
2016-02-23 21:19:04 +03:00
[AC_MSG_ERROR([please enable asn if enabling ocsp.])])
2016-02-25 00:57:16 +03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
2019-10-04 21:21:56 +03:00
# Sync Intel QA and Sync Cavium Octeon require the crypto callback
AS_IF([test "x$ENABLED_INTEL_QA_SYNC" = "xyes" || test "x$ENABLED_OCTEON_SYNC" = "xyes"],
[AS_IF([test "x$ENABLED_CRYPTOCB" = "xno"],
[AC_MSG_ERROR([please enable the crypto callback support using --enable-cryptocb])])])
2019-10-02 20:08:46 +03:00
2016-04-06 18:25:53 +03:00
# checks for pkcs7 needed enables
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
2018-04-03 19:26:57 +03:00
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
2016-04-06 18:25:53 +03:00
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_SHA" = "xno"],
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
2017-11-20 23:16:44 +03:00
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
2016-04-06 18:25:53 +03:00
AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc if enabling leantls.])])
AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
2016-09-15 21:17:30 +03:00
# Lean TLS forces off prereqs of SCEP.
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
test "x$ENABLED_LEANTLS" = "xyes"],
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
2016-05-24 03:50:36 +03:00
# CMAC currently requires AES.
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
test "x$ENABLED_AES" = "xno"],
[AC_MSG_ERROR([cannot use CMAC without AES.])])
2016-02-23 21:19:04 +03:00
################################################################################
# Update CFLAGS based on options #
################################################################################
2015-04-01 21:55:49 +03:00
2016-09-16 00:53:28 +03:00
AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
[AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
2016-09-15 21:17:30 +03:00
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
2019-09-19 02:08:15 +03:00
#if test "$ENABLED_SP_MATH" = "yes" && test "$ENABLED_KEYGEN" = "yes"; then
# AC_MSG_ERROR([Cannot use single precision math and key generation])
#fi
2016-09-15 21:17:30 +03:00
if test "x$ENABLED_PKCS7" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
# Enable prereqs if not already enabled
2016-12-10 03:22:09 +03:00
if test "x$ENABLED_AESKEYWRAP" = "xno"
then
ENABLED_AESKEYWRAP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
2018-03-19 19:08:46 +03:00
if test "x$ENABLED_X963KDF" = "xno" && test "$ENABLED_ECC" = "yes"
2016-12-10 03:22:09 +03:00
then
ENABLED_X963KDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
2016-09-15 21:17:30 +03:00
fi
if test "x$ENABLED_DES3" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
2015-04-01 21:55:49 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_OLD_TLS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no])
2015-08-13 11:20:47 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_SSLV3" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
2016-08-24 23:17:38 +03:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
2016-12-07 01:08:52 +03:00
AS_IF([test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_MULTICAST $AM_CFLAGS"])
2018-07-19 02:26:25 +03:00
# WOLFSSL_AFALG does not support SHA224 yet
AS_IF([(test "x$ENABLED_AFALG" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")],
[AC_MSG_ERROR([--enable-sha224 with --enable-afalg not yet supported])])
2018-08-17 18:46:16 +03:00
# WOLFSSL_DEVCRYPTO does not support SHA224 yet
AS_IF([(test "x$ENABLED_DEVCRYPTO" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")],
[AC_MSG_ERROR([--enable-sha224 with --enable-devcrypto not yet supported])])
2016-12-07 01:08:52 +03:00
# SCTP and Multicast require DTLS
AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
(test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")],
2016-08-01 17:51:42 +03:00
[AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
ENABLED_DTLS=yes])
2016-12-15 22:43:15 +03:00
# Multicast requires the null cipher
AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \
test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DHAVE_NULL_CIPHER $AM_CFLAGS"
ENABLED_NULL_CIPHER=yes])
2017-10-05 01:24:22 +03:00
# wolfSSH and WPA Supplicant both need Public MP, only enable once.
# This will let you know if you enabled wolfSSH but have any of the prereqs
# disabled. Some of these options, disabling them adds things to the FLAGS and
# you need to check and add items in two places depending on the option.
AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],
[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="-DWOLFSSL_PUBLIC_MP $AM_CFLAGS"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with AES-GCM disabled])])
AS_IF([test "x$ENABLED_ECC" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with ECC disabled])])
AS_IF([test "x$ENABLED_SHA" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with SHA-1 disabled])])
AS_IF([test "x$ENABLED_SHA512" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with SHA-512/384 disabled])])
])
2019-10-24 01:51:19 +03:00
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
if test "x$ENABLED_OPENSSLALL" = "xyes"; then
AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall])
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xyes"; then
AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
fi
fi
2016-02-23 21:19:04 +03:00
################################################################################
2013-03-21 01:37:05 +04:00
2019-04-30 21:45:48 +03:00
# USER SETTINGS
if test "x$ENABLED_USERSETTINGS" = "xyes"
then
# Replace all options and just use WOLFSSL_USER_SETTINGS
AM_CFLAGS="-DWOLFSSL_USER_SETTINGS"
fi
2011-02-05 22:14:47 +03:00
# OPTIMIZE FLAGS
2016-11-22 22:25:40 +03:00
# For distro disable custom build options that interfere with symbol generation
if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
2011-02-05 22:14:47 +03:00
then
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
2012-10-22 22:37:46 +04:00
if test "$ax_enable_debug" = "no"
2011-02-05 22:14:47 +03:00
then
2018-03-28 23:17:25 +03:00
AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
2011-02-05 22:14:47 +03:00
if test "$ENABLED_FASTMATH" = "yes"
then
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
2011-02-05 22:14:47 +03:00
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
2011-02-05 22:14:47 +03:00
fi
else
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
2011-02-05 22:14:47 +03:00
fi
2018-03-28 02:41:39 +03:00
])
2011-02-05 22:14:47 +03:00
fi
fi
2014-07-10 21:18:49 +04:00
# ICC command line warning for non supported warning flags
if test "$CC" = "icc"
then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
2015-08-13 11:20:47 +03:00
# Expose HAVE___UINT128_T to options flags"
if test "$ac_cv_type___uint128_t" = "yes"
then
2019-04-30 21:45:48 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1"
2015-08-13 11:20:47 +03:00
fi
2014-07-10 21:18:49 +04:00
2011-02-05 22:14:47 +03:00
LIB_SOCKET_NSL
2014-02-18 03:33:07 +04:00
AX_HARDEN_CC_COMPILER_FLAGS
2011-02-05 22:14:47 +03:00
2016-04-02 01:45:53 +03:00
# if mingw then link to ws2_32 for sockets
2013-05-02 00:17:11 +04:00
case $host_os in
2016-04-02 01:45:53 +03:00
mingw*)
2016-04-16 01:04:15 +03:00
LDFLAGS="$LDFLAGS -lws2_32"
if test "$enable_shared" = "yes"
then
AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
if test "$enable_static" = "yes"
then
MINGW_LIB_WARNING="yes"
fi
fi ;;
2013-05-02 00:17:11 +04:00
esac
2017-05-12 00:32:21 +03:00
2012-10-24 23:01:11 +04:00
# add user C_EXTRA_FLAGS back
2016-11-22 22:25:40 +03:00
# For distro disable custom build options that interfere with symbol generation
if test "$ENABLED_DISTRO" = "no"
then
CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
fi
2019-10-02 20:08:46 +03:00
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS"
2012-10-24 23:01:11 +04:00
2017-05-12 00:32:21 +03:00
2019-06-20 23:37:53 +03:00
# The following AM_CONDITIONAL statements set flags for use in the Makefiles.
# Some of these affect build targets and objects, some trigger different
# test scripts for make check.
AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes"])
AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes"])
AM_CONDITIONAL([BUILD_SCTP],[test "x$ENABLED_SCTP" = "xyes"])
AM_CONDITIONAL([BUILD_MCAST],[test "x$ENABLED_MCAST" = "xyes"])
AM_CONDITIONAL([BUILD_IPV6],[test "x$ENABLED_IPV6" = "xyes"])
AM_CONDITIONAL([BUILD_LEANPSK],[test "x$ENABLED_LEANPSK" = "xyes"])
AM_CONDITIONAL([BUILD_LEANTLS],[test "x$ENABLED_LEANTLS" = "xyes"])
AM_CONDITIONAL([BUILD_LOWMEM],[test "x$ENABLED_LOWRESOURCE" = "xyes"])
AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes" ])
AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB],[test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes" ])
AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes"])
AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes"])
AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
AM_CONDITIONAL([BUILD_AFALG],[test "x$ENABLED_AFALG" = "xyes"])
AM_CONDITIONAL([BUILD_DEVCRYPTO],[test "x$ENABLED_DEVCRYPTO" = "xyes"])
AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes"])
AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes"])
AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes"])
AM_CONDITIONAL([BUILD_BLAKE2],[test "x$ENABLED_BLAKE2" = "xyes"])
AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes"])
AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes"])
AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes"])
AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" = "xyes"])
AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes"])
AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes"])
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes"])
AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes"])
AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes"])
AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" = "xyes"])
AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno"])
AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes"])
AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes"])
AM_CONDITIONAL([BUILD_IDEA],[test "x$ENABLED_IDEA" = "xyes"])
AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes"])
AM_CONDITIONAL([BUILD_MD5],[test "x$ENABLED_MD5" = "xyes"])
AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes"])
AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes"])
AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
2019-06-22 01:30:22 +03:00
AM_CONDITIONAL([BUILD_FIPS_V1],[test "x$FIPS_VERSION" = "xv1"])
2019-06-20 23:37:53 +03:00
AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
2019-06-22 01:30:22 +03:00
AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"])
2019-06-20 23:37:53 +03:00
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes"])
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes"])
AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" = "xyes"])
AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes"])
AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes"])
AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes"])
AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" = "xyes"])
AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] )
AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"])
AM_CONDITIONAL([BUILD_NTRU],[test "x$ENABLED_NTRU" = "xyes"])
AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes"])
AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes"])
AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes"])
AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes"])
2019-10-12 01:40:08 +03:00
AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes" && test "x$ENABLED_OPENSSLEXTRA" = "xno"])
2019-06-20 23:37:53 +03:00
AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH],[test "x$ENABLED_SLOWMATH" = "xyes"])
AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
AM_CONDITIONAL([BUILD_LIBZ],[test "x$ENABLED_LIBZ" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS11],[test "x$ENABLED_PKCS11" = "xyes"])
AM_CONDITIONAL([BUILD_CAVIUM],[test "x$ENABLED_CAVIUM" = "xyes"])
AM_CONDITIONAL([BUILD_CAVIUM_V],[test "x$ENABLED_CAVIUM_V" = "xyes"])
2019-10-04 21:21:56 +03:00
AM_CONDITIONAL([BUILD_OCTEON_SYNC],[test "x$ENABLED_OCTEON_SYNC" = "xyes"])
2019-06-20 23:37:53 +03:00
AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"])
2019-10-02 20:08:46 +03:00
AM_CONDITIONAL([BUILD_INTEL_QA_SYNC],[test "x$ENABLED_INTEL_QA_SYNC" = "xyes"])
2019-06-20 23:37:53 +03:00
AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes"])
AM_CONDITIONAL([BUILD_SP_C],[test "x$ENABLED_SP" = "xyes" && test "x$ENABLED_SP_ASM" = "xno" ])
AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_ARM_CORTEX],[test "x$ENABLED_SP_ARM_CORTEX_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_X86_64],[test "x$ENABLED_SP_X86_64_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" ])
AM_CONDITIONAL([BUILD_FAST_RSA],[test "x$ENABLED_FAST_RSA" = "xyes"])
AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_CRYPTOCB],[test "x$ENABLED_CRYPTOCB" = "xyes"])
AM_CONDITIONAL([BUILD_PSK],[test "x$ENABLED_PSK" = "xyes"])
AM_CONDITIONAL([BUILD_TRUST_PEER_CERT],[test "x$have_tp" = "xyes"])
AM_CONDITIONAL([BUILD_PKI],[test "x$ENABLED_PKI" = "xyes"])
AM_CONDITIONAL([BUILD_DES3],[test "x$ENABLED_DES3" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes"])
2019-08-27 23:28:33 +03:00
AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"])
2019-06-20 23:37:53 +03:00
2011-08-25 02:54:58 +04:00
CREATE_HEX_VERSION
2012-10-24 22:53:33 +04:00
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_CFLAGS])
AC_SUBST([AM_LDFLAGS])
2015-10-31 02:03:26 +03:00
AC_SUBST([AM_CCASFLAGS])
2015-09-28 19:06:30 +03:00
AC_SUBST([LIB_ADD])
AC_SUBST([LIB_STATIC_ADD])
2011-02-05 22:14:47 +03:00
# FINAL
2011-08-25 02:54:58 +04:00
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
2018-06-08 20:47:14 +03:00
AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
2011-08-25 02:54:58 +04:00
2012-10-26 10:06:06 +04:00
AX_CREATE_GENERIC_CONFIG
2012-10-27 02:38:37 +04:00
AX_AM_JOBSERVER([yes])
2012-10-26 08:35:52 +04:00
2011-02-05 22:14:47 +03:00
AC_OUTPUT
2013-04-12 22:21:38 +04:00
# force make clean
2012-11-29 23:31:57 +04:00
echo "---"
echo "Running make clean..."
2012-11-30 00:05:34 +04:00
make clean >/dev/null 2>&1
2012-11-29 23:31:57 +04:00
2015-08-13 11:20:47 +03:00
# generate user options header
2013-04-12 22:21:38 +04:00
echo "---"
echo "Generating user options header..."
2015-01-01 00:06:01 +03:00
2015-01-06 02:58:28 +03:00
OPTION_FILE="wolfssl/options.h"
2015-01-06 20:16:56 +03:00
#if
#OPTION_FILE+="cyassl/options.h"
#fi
2013-04-12 22:21:38 +04:00
rm -f $OPTION_FILE
2015-08-13 11:20:47 +03:00
echo "/* wolfssl options.h" > $OPTION_FILE
2013-04-13 03:50:16 +04:00
echo " * generated from configure options" >> $OPTION_FILE
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
2015-01-08 19:39:04 +03:00
echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
2014-12-31 23:04:03 +03:00
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
echo " */" >> $OPTION_FILE
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
2015-12-17 23:19:17 +03:00
echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2013-04-12 22:21:38 +04:00
for option in $OPTION_FLAGS; do
2018-06-20 22:04:53 +03:00
defonly=`echo $option | sed 's/^-D//'`
2013-04-12 22:21:38 +04:00
if test "$defonly" != "$option"
then
2013-05-30 02:03:27 +04:00
noequalsign=`echo $defonly | sed 's/=/ /'`
2015-04-13 22:01:21 +03:00
if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
then
2016-04-02 01:45:53 +03:00
echo "not outputting (N)DEBUG to $OPTION_FILE"
2015-04-13 22:01:21 +03:00
continue
fi
2018-07-11 03:30:47 +03:00
# allow user to ignore system options
2018-07-21 01:14:03 +03:00
ignoresys=$(echo "$noequalsign" | grep '^_.*')
if test -n "$ignoresys"
2015-04-17 19:23:43 +03:00
then
echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
fi
2015-04-16 20:36:51 +03:00
noarg=`echo $defonly | sed 's/=.*//'`
2015-04-17 19:23:43 +03:00
echo "#undef $noarg" >> $OPTION_FILE
echo "#define $noequalsign" >> $OPTION_FILE
2018-07-21 01:14:03 +03:00
if test -n "$ignoresys"
2015-04-17 19:23:43 +03:00
then
echo "#endif" >> $OPTION_FILE
fi
echo "" >> $OPTION_FILE
2013-04-12 22:21:38 +04:00
else
echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
fi
done
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "}" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2015-12-17 23:19:17 +03:00
echo "" >> $OPTION_FILE
echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
2013-04-12 22:21:38 +04:00
echo
2017-03-15 21:25:24 +03:00
#backwards compatibility for those who have included options or version
2015-01-08 00:30:02 +03:00
touch cyassl/options.h
echo "/* cyassl options.h" > cyassl/options.h
echo " * generated from wolfssl/options.h" >> cyassl/options.h
2015-02-12 00:10:06 +03:00
echo " */" >> cyassl/options.h
echo ""
2015-01-08 00:30:02 +03:00
while read -r line
do
echo "$line" >> cyassl/options.h
done < $OPTION_FILE
2015-12-17 23:19:17 +03:00
# switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak
sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h
2016-04-02 01:45:53 +03:00
# workaround for mingw sed that may get "Permission denied" trying to preserver permissions
case $host_os in
mingw*)
chmod u+w cyassl/options.h ;;
esac
2015-12-17 23:19:17 +03:00
rm cyassl/options.h.bak
2016-04-02 01:45:53 +03:00
2013-04-12 22:21:38 +04:00
# output config summary
2012-09-20 10:38:41 +04:00
echo "---"
echo "Configuration summary for $PACKAGE_NAME version $VERSION"
echo ""
2015-11-02 21:51:01 +03:00
echo " * Installation prefix: $prefix"
echo " * System type: $host_vendor-$host_os"
echo " * Host CPU: $host_cpu"
echo " * C Compiler: $CC"
echo " * C Flags: $CFLAGS"
echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS"
echo " * CCAS Flags: $CCASFLAGS"
echo " * LIB Flags: $LIB"
echo " * Debug enabled: $ax_enable_debug"
2017-08-10 10:27:22 +03:00
echo " * Coverage enabled: $ax_enable_coverage"
2015-11-02 21:51:01 +03:00
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout"
2015-08-13 11:20:47 +03:00
echo
2012-10-20 06:00:17 +04:00
echo " Features "
2015-11-02 21:51:01 +03:00
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
2017-09-26 04:47:36 +03:00
echo " * OpenSSL Coexist: $ENABLED_OPENSSLCOEXIST"
echo " * Old Names: $ENABLED_OLDNAMES"
2015-11-02 21:51:01 +03:00
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
2016-08-22 19:00:37 +03:00
echo " * Distro Build: $ENABLED_DISTRO"
2015-11-02 21:51:01 +03:00
echo " * fastmath: $ENABLED_FASTMATH"
2017-11-07 01:37:34 +03:00
echo " * Assembly Allowed: $ENABLED_ASM"
2015-11-02 21:51:01 +03:00
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"
echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
2018-07-25 04:22:48 +03:00
echo " * AES-CBC: $ENABLED_AESCBC"
2015-11-02 21:51:01 +03:00
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
2016-12-04 17:23:51 +03:00
echo " * AES-CTR: $ENABLED_AESCTR"
2015-11-02 21:51:01 +03:00
echo " * DES3: $ENABLED_DES3"
echo " * IDEA: $ENABLED_IDEA"
echo " * Camellia: $ENABLED_CAMELLIA"
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
echo " * MD5: $ENABLED_MD5"
echo " * RIPEMD: $ENABLED_RIPEMD"
echo " * SHA: $ENABLED_SHA"
2016-11-10 08:52:26 +03:00
echo " * SHA-224: $ENABLED_SHA224"
2018-07-20 02:42:01 +03:00
echo " * SHA-384: $ENABLED_SHA384"
2015-11-02 21:51:01 +03:00
echo " * SHA-512: $ENABLED_SHA512"
2017-05-23 06:50:49 +03:00
echo " * SHA3: $ENABLED_SHA3"
2015-11-02 21:51:01 +03:00
echo " * BLAKE2: $ENABLED_BLAKE2"
2016-05-24 03:50:36 +03:00
echo " * CMAC: $ENABLED_CMAC"
2015-11-02 21:51:01 +03:00
echo " * keygen: $ENABLED_KEYGEN"
echo " * certgen: $ENABLED_CERTGEN"
echo " * certreq: $ENABLED_CERTREQ"
echo " * certext: $ENABLED_CERTEXT"
2019-03-01 00:07:38 +03:00
echo " * certgencache: $ENABLED_certgencache"
2015-11-02 21:51:01 +03:00
echo " * HC-128: $ENABLED_HC128"
echo " * RABBIT: $ENABLED_RABBIT"
echo " * CHACHA: $ENABLED_CHACHA"
echo " * Hash DRBG: $ENABLED_HASHDRBG"
echo " * PWDBASED: $ENABLED_PWDBASED"
2016-12-14 09:47:54 +03:00
echo " * scrypt: $ENABLED_SCRYPT"
2015-11-02 21:51:01 +03:00
echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
echo " * HKDF: $ENABLED_HKDF"
2016-12-08 06:09:54 +03:00
echo " * X9.63 KDF: $ENABLED_X963KDF"
2015-11-02 21:51:01 +03:00
echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK"
echo " * Poly1305: $ENABLED_POLY1305"
echo " * LEANPSK: $ENABLED_LEANPSK"
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
echo " * LEANTLS: $ENABLED_LEANTLS"
2015-11-02 21:51:01 +03:00
echo " * RSA: $ENABLED_RSA"
2017-05-18 08:32:06 +03:00
echo " * RSA-PSS: $ENABLED_RSAPSS"
2015-11-02 21:51:01 +03:00
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
2019-03-14 19:56:03 +03:00
echo " * ECC Custom Curves $ENABLED_ECCCUSTCURVES"
2015-11-02 21:51:01 +03:00
echo " * CURVE25519: $ENABLED_CURVE25519"
echo " * ED25519: $ENABLED_ED25519"
echo " * FPECC: $ENABLED_FPECC"
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
echo " * ASN: $ENABLED_ASN"
echo " * Anonymous cipher: $ENABLED_ANON"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * LIGHTY: $ENABLED_LIGHTY"
2017-03-28 14:28:36 +03:00
echo " * HAPROXY: $ENABLED_HAPROXY"
2015-11-02 21:51:01 +03:00
echo " * STUNNEL: $ENABLED_STUNNEL"
Add Apache HTTP Server compatibility and --enable-apachehttpd option (#2466)
* Added Apache httpd support `--enable-apachehttpd`.
* Added `SSL_CIPHER_get_version`, `BIO_new_fp`, `SSL_SESSION_print` and `SSL_in_connect_init` compatibility API's.
* Fix to expose `ASN1_UTCTIME_print` stub.
* Pulled in `wolfSSL_X509_get_ext_count` from QT.
* Added `X509_get_ext_count`, `BIO_set_callback`, `BIO_set_callback_arg` and `BIO_get_callback_arg`.
* Added `wolfSSL_ERR_print_errors`.
* Added `BIO_set_nbio` template.
* Fixes for building with Apache httpd.
* Added DH prime functions required for Apache httpd.
* Fix and move the BN DH prime macros.
* Fix for `SSL_CTX_set_tlsext_servername_arg` to have return code.
* Only add the `BN_get_rfc*_prime_*` macro's if older than 1.1.0.
* Added `ERR_GET_FUNC`, `SSL_CTX_clear_extra_chain_certs` prototypes.
* Added `wolfSSL_CTX_set_client_cert_cb` template and `OPENSSL_load_builtin_modules` stub macro.
* Added `X509_INFO` templates (`X509_INFO_new`, `X509_INFO_free`, `sk_X509_INFO_new_null`, `sk_X509_INFO_num`, `sk_X509_INFO_value`, `sk_X509_INFO_free`). Added `sk_X509_shift`.
* Added BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg
* add BIO_set_nbio, ERR_print_errors and tests
* add X509 INFO stack push function
* Add ASN1_UTCTIME_print and unit test
* Add X509_get_ext_count unit test
* initial commit of wolfSSL_PEM_X509_INFO_read_bio
* Added `sk_X509_NAME_new`, `sk_X509_NAME_push`, `sk_X509_NAME_find`, `sk_X509_NAME_set_cmp_func` and `sk_X509_NAME_free`. Grouped `sk_X509_NAME_*` functions.
* Cleanup sk X509 NAME/INFO pop free template.
* Advance openssl compatibility to v1.1.0 for Apache httpd. Added TLS version macros. Implemented sk X509 NAME/INFO pop and pop_free.
* Added `TLS_client_method` support.
* Added `SSL_get_server_tmp_key` and `EC_curve_nid2nist`.
* Added `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version`. Fix for `BN_get_rfc*_prime_*` with the v1.1.0 change.
* add test cases for PEM_X509_INFO_read_bio
* Fixes for `BN_get_rfc*_prime_*` macros. Added template for `SSL_DH_set0_pqg`. Fix for `SSL_OP_NO_` to use Macro's (as is done in openssl). Added `SSL_set_verify_result`. Added stub for `OPENSSL_malloc_init`.
* Apache httpd compatibility functions. BIO setter/getters.
* implement ASN1_TIME_check and add test case
* add SSL_get_client_CA_list
* add initial implementation of wolfSSL_DH_set0_pqg
* Add apache support to OBJ_txt2nid and unit test, add stub for OBJ_create
* add X509_STORE_CTX_get1_chain, sk_free, sk_X509_dup
* Add sk_SSL_COMP_num and SSL_COMP struct
* implement and test of SSL_SESSION_print
* add SSL_CTX_set_client_cert_cb
* expand BIO_printf and add test case
* Added `OCSP_CERTID_dup`. Added `ASN1_TYPE`.
* add implementation for wolfSSL_get_server_tmp_key
* add wolfSSL_BIO_puts and test case
* Add X509_EXTENSION_get_object and X509_EXTENSION_get_data
* add helper for bio flag set and null x509 stack
* add test adn implementation for wolfSSL_i2d_PrivateKey
* Added `ASN1_OTHERNAME`, `ACCESS_DESCRIPTION` and `GENERAL_NAME`. Added `sk_ACCESS_DESCRIPTION_pop_free` and `ACCESS_DESCRIPTION_free` stubs.
* add wolfSSL_PEM_read_bio_ECPKParameters
* add BIO_vfree
* add X509_up_ref
* add X509_STORE_CTX_set_ex_data
* add _GNU_SOURCE macro and wolfSSL_EVP_read_pw_string
* add wolfSSL_EVP_PKEY_ref_up function
* X509_get_ext, X509V3_EXT_print, and d2i_DISPLAYTEXT stubs
* add X509_set_issuer_name
* add wolfSSL_sk_SSL_CIPHER_* functions and tests
* add prototype for sk_X509_EXTENSION and ACCESS_DESCRIPTION
* fix casting to avoid clang warning
* adjust test_wolfSSL_X509_STORE_CTX test case
* Added `OpenSSL_version`
* renegotiate functions and additional stack functions
* add aditional stub functions
* Add Apache httpd requirements for ALPN, CRL, Cert Gen/Req/Ext and SecRen. Fix for `sk_X509_INFO_new_null`.
* add ocsp stub functions
* Proper fix for `sk_X509_INFO_new_null`. Added templates for `X509_get_ext_by_NID` and `X509_add_ext`. Added templates for `ASN1_TIME_diff` and `ASN1_TIME_set`.
* x509 extension stack additions
* Fixed template for `OCSP_id_get0_info`.
* add X509 stub functions
* add X509_STORE_CTX_get0_store() and unit test
* Added `EVP_PKEY_CTX_new_id`, `EVP_PKEY_CTX_set_rsa_keygen_bits`, `EVP_PKEY_keygen_init`, `EVP_PKEY_keygen` and `BN_to_ASN1_INTEGER`.
* x509v3 stubs and req add extensions
* Add OBJ_txt2obj and unit test; add long name to wolfssl_object_info table for use by OBJ_* functions
* wolfSSL_set_alpn_protos implementation
* Added `EVP_SignInit_ex` and `TLS_server_method` implementation. Added stubs for `RSA_get0_key` and `i2d_OCSP_REQUEST_bio`. Fix typo on `OCSP_response_create`. Fix warning in `wolfSSL_set_alpn_protos`.
* Added `X509_EXTENSION_free` stub. Fixed a few macro typos/adding missing.
* add X509_STORE_CTX_get0_current_issuer and unit test
* add OBJ_cmp and unit test
* add RSA_get0_key and unit test
* add OCSP_check_nonce
* Implement X509_set_notAfter/notBefore/serialNumber/version,X509_STORE_CTX_set_depth,X509V3_set_ctx.
* Modify wolfSSL_X509_set_notAfter/notBefore and add tests for each.
* Add test_wolfSSL_X509_set_version w/ fixes to _set_version and fix _set_notBefore/notAfter tests
* add OCSP_id_get0_info and unit test, move WOLFSSL_ASN1_INTEGER to asn_public.h from ssl.h
* inital implementation of wolfSSL_X509_sign
* add debugging messages and set data for BIO's
* Add i2d_OCSP_REQUEST_bio.
* implementation of some WOLFSSL_BIO_METHOD custom functions
* fix for ASN time structure and remove log node
* initial eNULL support and sanity checks
* fixes after rebasing code
* adjust test cases and ASN1_TIME print
* Various fixes for memory leaks
* Apache compatibility in CTX_set_client_CA_list for X509_NAME use; add X509_NAME_dup as supporting function
* Add initial X509_STORE_load_locations stub for Apache
* Updates to X509_get_ext_d2i to return GENERAL_NAME struct instead of ASN1_OBJECT for alternative names and add supporting GENERAL_NAME functions
* Add X509_STORE_load_locations implementation; add wolfSSL_CertManagerLoadCRL_ex; initial renegotiation fixes/updates
* Fix for freeing peer cert in wolfSSL_Rehandshake instead of FreeHandShakeResources during secure renegotiation
* Add X509_ALGOR and X509_PUBKEY structs for X509_PUBKEY_get0_param and X509_get_X509_PUBKEY implementation
* Initial implementation of wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Add implementation for X509_get0_tbs_sigalg and X509_ALGOR_get0
* Add OBJ_nid2ln implementation
* Fix compile errors in tests/api.c for some build options
* Updates to X509_STORE_load_locations for non-CRL types; Add additional DETECT_CERT_TYPE enum and logic for detecting certificate type in ProcessFile
* Add X509_STORE_load_locations unit test and minor error handling fixes
* Add unit test for X509_sign
* Set correct alert type for revoked certificates; add/fix a few WOLFSSL_ENTER messages
* Add X509_ALGOR member to X509 struct; refactoring and unit tests for wolfSSL_X509_ALGOR_get0 and wolfSSL_X509_get0_tbs_sigalg
* Add X509_PUBKEY member to X509 struct; refactoring and unit tests for wolfSSL_X509_get_X509_PUBKEY and wolfSSL_X509_PUBKEY_get0_param
* Stack fixes after rebase
* Secure renegotiation refactoring: add ACCEPT_BEGIN_RENEG to AcceptState for use in wolfSSL_SSL_in_connect_init; free old peer cert when receiving new cert to fix memory leak
* Move enc-then-mac enable option in configure.ac for apache httpd compatibility
* Simplify wolfSSL_SSL_in_connect_init logic
* Remove unneeded wolfSSL_CertManagerLoadCRL_ex
* Fixes for jenkins test failures
* SSL_get_secure_renegotiation_support for print statement in Apache
2019-09-20 03:11:10 +03:00
echo " * Apache httpd: $ENABLED_APACHE_HTTPD"
2016-12-22 05:53:29 +03:00
echo " * NGINX: $ENABLED_NGINX"
2018-07-02 19:48:02 +03:00
echo " * ASIO: $ENABLED_ASIO"
2019-10-21 21:03:18 +03:00
echo " * LIBWEBSOCKETS: $ENABLED_LIBWEBSOCKETS"
2017-11-13 12:12:18 +03:00
echo " * SIGNAL: $ENABLED_SIGNAL"
2015-11-02 21:51:01 +03:00
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
2016-08-01 17:51:42 +03:00
echo " * SCTP: $ENABLED_SCTP"
2018-02-19 06:40:18 +03:00
echo " * Indefinite Length: $ENABLED_BER_INDEF"
2016-12-07 01:08:52 +03:00
echo " * Multicast: $ENABLED_MCAST"
2015-11-02 21:51:01 +03:00
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * SSL version 3.0: $ENABLED_SSLV3"
2017-11-15 00:55:48 +03:00
echo " * TLS v1.0: $ENABLED_TLSV10"
2016-11-23 18:31:07 +03:00
echo " * TLS v1.3: $ENABLED_TLS13"
2017-06-22 05:40:41 +03:00
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
2018-03-07 10:05:53 +03:00
echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22"
echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23"
2018-05-01 08:19:18 +03:00
echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26"
2018-08-20 07:17:38 +03:00
echo " * TLS v1.3 Draft 28: $ENABLED_TLS13_DRAFT28"
2017-06-22 05:40:41 +03:00
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
2017-06-27 01:52:53 +03:00
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
2015-11-02 21:51:01 +03:00
echo " * OCSP: $ENABLED_OCSP"
2015-12-30 23:10:25 +03:00
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
2015-11-02 21:51:01 +03:00
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * NTRU: $ENABLED_NTRU"
2017-08-16 23:19:38 +03:00
echo " * QSH: $ENABLED_QSH"
2016-05-06 00:31:25 +03:00
echo " * Whitewood netRandom: $ENABLED_WNR"
2015-11-02 21:51:01 +03:00
echo " * Server Name Indication: $ENABLED_SNI"
echo " * ALPN: $ENABLED_ALPN"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
2018-09-28 19:05:59 +03:00
echo " * Trusted CA Indication: $ENABLED_TRUSTED_CA"
2015-11-02 21:51:01 +03:00
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
2019-02-18 03:57:12 +03:00
echo " * FFDHE only in client: $ENABLED_FFDHE_ONLY"
2015-11-02 21:51:01 +03:00
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
2016-09-02 00:12:54 +03:00
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
2015-11-02 21:51:01 +03:00
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
2019-06-28 08:30:35 +03:00
echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV"
2015-11-02 21:51:01 +03:00
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
2017-10-05 01:24:22 +03:00
echo " * wolfSSH $ENABLED_WOLFSSH"
2015-11-02 21:51:01 +03:00
echo " * wolfSCEP $ENABLED_WOLFSCEP"
echo " * Secure Remote Password $ENABLED_SRP"
echo " * Small Stack: $ENABLED_SMALL_STACK"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
2017-08-10 10:27:22 +03:00
echo " * Single Precision: $ENABLED_SP"
2016-03-04 21:05:22 +03:00
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
2018-09-12 01:56:59 +03:00
echo " * PKCS#11: $ENABLED_PKCS11"
2019-07-02 19:35:46 +03:00
echo " * PKCS#12: $ENABLED_PKCS12"
2019-10-04 21:21:56 +03:00
echo " * Cavium Nitox: $ENABLED_CAVIUM"
echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC"
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
2016-07-22 18:49:15 +03:00
echo " * ARM ASM: $ENABLED_ARMASM"
2016-12-06 01:38:42 +03:00
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
2017-03-21 01:08:34 +03:00
echo " * Write duplicate: $ENABLED_WRITEDUP"
2017-06-07 20:37:21 +03:00
echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
2018-01-18 00:20:49 +03:00
echo " * Inline Code: $ENABLED_INLINE"
2018-07-19 02:26:25 +03:00
echo " * Linux AF_ALG: $ENABLED_AFALG"
2019-03-20 21:01:24 +03:00
echo " * Linux devcrypto: $ENABLED_DEVCRYPTO"
2019-10-04 21:21:56 +03:00
echo " * Crypto callbacks: $ENABLED_CRYPTOCB"
2012-09-20 10:38:41 +04:00
echo ""
echo "---"
2016-03-31 01:15:38 +03:00
2016-04-16 01:04:15 +03:00
################################################################################
2016-03-31 01:15:38 +03:00
# Show warnings at bottom so they are noticed
2016-04-16 01:04:15 +03:00
################################################################################
2016-03-31 01:15:38 +03:00
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
fi
2016-04-16 01:04:15 +03:00
# MinGW static vs shared library
2016-04-18 21:14:47 +03:00
# Reference URL from libtool for MinGW is located at
2016-04-16 01:04:15 +03:00
# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
# this allows for not even having dllimport/dllexport on functions
# with recent libtools, only requiring it with global variables.
2016-04-18 21:14:47 +03:00
#
# The following warning is displayed here because if not using "contemporary GNU
2016-04-16 01:04:15 +03:00
# tools" there is the possibility of export/import issues.
2016-04-18 21:14:47 +03:00
# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
# case where both static and shared libraries are built.
2016-04-16 01:04:15 +03:00
#
# More can be found about the MinGW linker at
# https://sourceware.org/binutils/docs/ld/WIN32.html
if test "$MINGW_LIB_WARNING" = "yes"
then
AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
fi