mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e8179b29ff
wolfssl/configure.ac

4241 lines
121 KiB
Plaintext
Raw Normal View History

update configure.ac name
2011-08-03 22:30:22 +04:00
# configure.ac
Add headers to examples and .i files
2011-07-27 00:27:22 +04:00
#
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-23 01:58:35 +03:00
# Copyright (C) 2006-2017 wolfSSL Inc.
Add headers to examples and .i files
2011-07-27 00:27:22 +04:00
#
configure.ac updates
2014-12-31 23:04:03 +03:00
# This file is part of wolfSSL. (formerly known as CyaSSL)
Add headers to examples and .i files
2011-07-27 00:27:22 +04:00
#
#
update library version for 3.13.0 in configure.ac/version.h
2017-12-21 19:54:19 +03:00
AC_INIT([wolfssl],[3.13.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
This should fix the issue around compiling cyassl with a C++ compiler.
2012-10-19 08:30:21 +04:00
AC_CONFIG_AUX_DIR([build-aux])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
initialize CFLAGS in configure as empty, remove erasing it when hardening CFLAGS
2015-09-18 02:36:53 +03:00
# The following sets CFLAGS to empty if unset on command line. We do not want
# the default "-g -O2" that AC_PROG_CC sets automatically.
: ${CFLAGS=""}
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CANONICAL_HOST
AC_CANONICAL_BUILD
Update autoconf rules. Fixes bug url to point to github issues.
2013-09-15 11:13:30 +04:00
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
remove serial-tests and downgrade automake/autoconf version requirements
2013-04-10 21:21:56 +04:00
AC_PREREQ([2.63])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Update autoconf rules. Fixes bug url to point to github issues.
2013-09-15 11:13:30 +04:00
AC_ARG_PROGRAM
AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS],
[AX_SAVE_FLAGS
AC_LANG_PUSH([C])
AC_USE_SYSTEM_EXTENSIONS
AC_LANG_POP([C])
AX_RESTORE_FLAGS
])
#PROTECT_AC_USE_SYSTEM_EXTENSIONS
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Update autoconf rules. Fixes bug url to point to github issues.
2013-09-15 11:13:30 +04:00
AC_CONFIG_MACRO_DIR([m4])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Update autoconf rules. Fixes bug url to point to github issues.
2013-09-15 11:13:30 +04:00
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
1.8.8 init
2011-02-05 22:14:47 +03:00
2.0.0 rc1 versioning
2011-04-30 00:08:05 +04:00
#shared library versioning
update library version for 3.13.0 in configure.ac/version.h
2017-12-21 19:54:19 +03:00
WOLFSSL_LIBRARY_VERSION=15:0:0
wolfssl is a new library, reset libtool version number to 0:0:0
2015-01-09 22:20:41 +03:00
# | | |
# +------+ | +---+
# | | |
# current:revision:age
# | | |
# | | +- increment if interfaces have been added
# | | set to zero if interfaces have been removed
# | | or changed
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
examples not seeing WOLFSSL_API
2014-12-30 02:30:26 +03:00
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
2.0.0 rc1 versioning
2011-04-30 00:08:05 +04:00
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell
USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
make sure options.h captures user CFLAGS now too
2015-09-24 02:27:48 +03:00
USER_CFLAGS="$CFLAGS"
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
only 1 LT_INIT in configure.ac, pass options there w/ prereq check
2013-03-23 23:15:02 +04:00
LT_PREREQ([2.2])
LT_INIT([disable-static],[win32-dll])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
LT_LANG([C++])
LT_LANG([C])
only 1 LT_INIT in configure.ac, pass options there w/ prereq check
2013-03-23 23:15:02 +04:00
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
gl_VISIBILITY
Remove version (it is a generated file), also updated how visibility is done.
2012-10-21 05:24:28 +04:00
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
Moved the check for the size of long, long long, and __m128 to before the checks for libraries. In some combination of autotools, making a 32-bit build, the autoconf test code can't link libnetwork and crashes, leaving those sizes all set to 0.
2016-12-07 03:15:45 +03:00
# Moved these size of and type checks before the library checks.
# The library checks add the library to subsequent test compiles
# and in some rare cases, the networking check causes these sizeof
# checks to fail.
AC_CHECK_SIZEOF(long long, 8)
AC_CHECK_SIZEOF(long, 4)
AC_CHECK_TYPES(__uint128_t)
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CHECK_FUNCS([gethostbyname])
change ipv6 tests to use getaddrinfo for better scope id % handling, inet_pton doesn't always work depending on system
2013-04-11 23:30:09 +04:00
AC_CHECK_FUNCS([getaddrinfo])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CHECK_FUNCS([gettimeofday])
use gmtime_r if there
2015-11-10 01:48:39 +03:00
AC_CHECK_FUNCS([gmtime_r])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CHECK_FUNCS([inet_ntoa])
AC_CHECK_FUNCS([memset])
AC_CHECK_FUNCS([socket])
AC_CHECK_HEADERS([arpa/inet.h])
AC_CHECK_HEADERS([fcntl.h])
AC_CHECK_HEADERS([limits.h])
AC_CHECK_HEADERS([netdb.h])
AC_CHECK_HEADERS([netinet/in.h])
AC_CHECK_HEADERS([stddef.h])
AC_CHECK_HEADERS([sys/ioctl.h])
AC_CHECK_HEADERS([sys/socket.h])
AC_CHECK_HEADERS([sys/time.h])
This should fix the issue around compiling cyassl with a C++ compiler.
2012-10-19 08:30:21 +04:00
AC_CHECK_HEADERS([errno.h])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CHECK_LIB(network,socket)
AC_C_BIGENDIAN
remove mktime check since takes forever on some systems
2012-10-24 23:09:53 +04:00
# mktime check takes forever on some systems, if time supported it would be
# highly unusual for mktime to be missing
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
#AC_FUNC_MKTIME
1.8.8 init
2011-02-05 22:14:47 +03:00
AC_PROG_CC
AC_PROG_CC_C_O
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_PROG_CXX
1.8.8 init
2011-02-05 22:14:47 +03:00
AC_PROG_INSTALL
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_TYPE_SIZE_T
AC_TYPE_UINT8_T
AM_PROG_AS
AM_PROG_CC_C_O
LT_LIB_M
add compiler visibility detection, default hide, add external API linkage and internal LOCAL linkage
2011-04-27 02:41:16 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
change fastmath opt to 2 instead of 3, causes potential confilicts with aesni on non-aesni systems with gcc 4.6.3
2013-04-12 20:29:31 +04:00
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
break up huge math into individual parts so can add piece by piece, e.g., ECC256
2013-09-04 00:13:13 +04:00
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
configure.ac updates
2014-12-31 23:04:03 +03:00
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
LIB_ADD=
LIB_STATIC_ADD=
1.8.8 init
2011-02-05 22:14:47 +03:00
add enable-iopool , simple I/O pool example using memory overrides
2014-03-14 05:54:51 +04:00
thread_ls_on=no
add thread local storage to ecc fp cache, no locking required but cache is per thread, higher conncurrent performance but more memory needed
2013-11-12 05:00:35 +04:00
# Thread local storage
add enable-iopool , simple I/O pool example using memory overrides
2014-03-14 05:54:51 +04:00
AX_TLS([
[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]
[thread_ls_on=yes]
] , [:])
1.8.8 init
2011-02-05 22:14:47 +03:00
# DEBUG
This should fix the issue around compiling cyassl with a C++ compiler.
2012-10-19 08:30:21 +04:00
AX_DEBUG
Brian changes
2012-10-24 22:53:33 +04:00
AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
1.8.8 init
2011-02-05 22:14:47 +03:00
Single Precision maths for RSA (and DH) Single Precision ECC implementation
2017-08-10 10:27:22 +03:00
add distro build option
2016-08-22 19:00:37 +03:00
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
add distro build option
2016-08-22 19:00:37 +03:00
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
Added new `./configure --enable-all` option to enable all features. Allows building all features without using the `--enable-distro` option, which only allows shared build and does not generate an options.h file.
2017-05-18 20:57:28 +03:00
enable_all=yes
fi
AM_CONDITIONAL([BUILD_DISTRO], [test "x$ENABLED_DISTRO" = "xyes"])
# ALL FEATURES
AC_ARG_ENABLE([all],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
Added new `./configure --enable-all` option to enable all features. Allows building all features without using the `--enable-distro` option, which only allows shared build and does not generate an options.h file.
2017-05-18 20:57:28 +03:00
[ ENABLED_ALL=$enableval ],
[ ENABLED_ALL=no ]
)
if test "$ENABLED_ALL" = "yes"
then
add distro build option
2016-08-22 19:00:37 +03:00
enable_dtls=yes
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
enable_tls13=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_openssh=yes
enable_opensslextra=yes
enable_savesession=yes
enable_savecert=yes
enable_atomicuser=yes
enable_pkcallbacks=yes
enable_aesgcm=yes
enable_aesccm=yes
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
enable_aesctr=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_camellia=yes
enable_ripemd=yes
enable_sha512=yes
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
enable_sha224=yes
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
enable_sha3=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_sessioncerts=yes
enable_keygen=yes
enable_certgen=yes
enable_certreq=yes
enable_certext=yes
enable_sep=yes
enable_hkdf=yes
enable_dsa=yes
enable_ecccustcurves=yes
enable_compkey=yes
enable_curve25519=yes
enable_ed25519=yes
enable_fpecc=yes
enable_eccencrypt=yes
enable_psk=yes
enable_idea=yes
enable_cmac=yes
add AES-XTS mode --enable-xts
2017-08-31 02:50:15 +03:00
enable_xts=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_webserver=yes
enable_hc128=yes
enable_rabbit=yes
enable_ocsp=yes
enable_ocspstapling=yes
enable_ocspstapling2=yes
enable_crl=yes
enable_crl_monitor=yes
enable_sni=yes
enable_maxfragment=yes
enable_alpn=yes
enable_truncatedhmac=yes
enable_supportedcurves=yes
enable_session_ticket=yes
enable_tlsx=yes
enable_pkcs7=yes
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
enable_ssh=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_scep=yes
enable_srp=yes
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
enable_haproxy=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_stunnel=yes
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
enable_nginx=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_pwdbased=yes
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
enable_aeskeywrap=yes
enable_x963kdf=yes
enable_scrypt=yes
Fixes to better handle threading with async. Fix `wc_CamelliaCbcEncrypt` return code checking. Fix to ensure cycles per byte shows on same line. Refactor of async event state. Refactor to initalize event prior to operation (in case it finishes before adding to queue). Add `HAVE_AES_DECRYPT` to --enable-all option. Cleanup benchmark error display.
2017-08-11 22:42:33 +03:00
AM_CFLAGS="-DHAVE_AES_DECRYPT $AM_CFLAGS"
add distro build option
2016-08-22 19:00:37 +03:00
fi
Added new `./configure --enable-all` option to enable all features. Allows building all features without using the `--enable-distro` option, which only allows shared build and does not generate an options.h file.
2017-05-18 20:57:28 +03:00
AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])
add distro build option
2016-08-22 19:00:37 +03:00
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# Support for forcing 32-bit mode
AC_ARG_ENABLE([32bit],
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
[ ENABLED_32BIT=$enableval ],
[ ENABLED_32BIT=no ]
)
if test "$ENABLED_32BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_64BIT -DNO_CURVED25519_128BIT -m32"
AM_LDFLAGS="$AM_LDFLAGS -m32"
fi
# Support for disabling all ASM
AC_ARG_ENABLE([asm],
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
[ ENABLED_ASM=$enableval ],
[ ENABLED_ASM=yes ]
)
if test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# SINGLE THREADED
switch enable names to no uppercase to match others
2013-03-13 23:58:50 +04:00
AC_ARG_ENABLE([singlethreaded],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_SINGLETHREADED=$enableval ],
Fix rules around pthread usage to fix clang warning.
2012-10-20 07:09:17 +04:00
[ ENABLED_SINGLETHREADED=no ])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
AX_PTHREAD([
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
move pthread flags/libs to autoconf defines so available to library proper and external tests/examples
2013-04-02 02:50:13 +04:00
AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS"
LIBS="$LIBS $PTHREAD_LIBS"
Fix rules around pthread usage to fix clang warning.
2012-10-20 07:09:17 +04:00
],[
ENABLED_SINGLETHREADED=yes
])
])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
1.8.8 init
2011-02-05 22:14:47 +03:00
# DTLS
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([dtls],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ]
)
if test "$ENABLED_DTLS" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Updates from code review
2017-06-22 05:40:41 +03:00
# TLS v1.3 Draft 18
AC_ARG_ENABLE([tls13-draft18],
[AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
[ ENABLED_TLS13_DRAFT18=$enableval ],
[ ENABLED_TLS13_DRAFT18=no ]
)
if test "$ENABLED_TLS13_DRAFT18" = "yes"
then
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 Changed the define in configure.ac to match the one used in the code. Fixed downgrading to disallow unless ssl->options.downgrade is set. TLS 1.3 client method does not have downgrade on anymore. Test changed to not expect downgrading to work. Test of TLS v1.3 client downgrade is actually upgrading on server. Fixed 80 character line problems.
2017-10-11 05:17:28 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
Updates from code review
2017-06-22 05:40:41 +03:00
fi
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
# TLS v1.3
AC_ARG_ENABLE([tls13],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: disabled)])],
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
[ ENABLED_TLS13=$enableval ],
[ ENABLED_TLS13=no ]
)
Updates from code review
2017-06-22 05:40:41 +03:00
if test "$ENABLED_TLS13_DRAFT18" = "yes"
then
ENABLED_TLS13="yes"
fi
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes"
then
Fix no ECC builds with TLS13 code. Fix tests so that having ECC disabled works as well. Fix define protection for Draft 18 and HRR Cookie.
2017-10-20 04:24:20 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES $AM_CFLAGS"
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
fi
# check if TLS v1.3 was enabled for conditionally running tls13.test script
AM_CONDITIONAL([BUILD_TLS13], [test "x$ENABLED_TLS13" = "xyes"])
Updates from code review
2017-06-22 05:40:41 +03:00
# Post-handshake Authentication
AC_ARG_ENABLE([postauth],
[AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])],
[ ENABLED_TLS13_POST_AUTH=$enableval ],
[ ENABLED_TLS13_POST_AUTH=no ]
)
if test "$ENABLED_TLS13_POST_AUTH" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable postauth without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_POST_HANDSHAKE_AUTH $AM_CFLAGS"
fi
Code review fixes Also put in configuration option for sending HRR Cookie extension with state.
2017-06-27 01:52:53 +03:00
# Post-handshake Authentication
AC_ARG_ENABLE([hrrcookie],
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
[ ENABLED_SEND_HRR_COOKIE=no ]
)
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable hrrcookie without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
fi
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 19:21:29 +03:00
AC_ARG_ENABLE([rng],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 19:21:29 +03:00
[ ENABLED_RNG=$enableval ],
[ ENABLED_RNG=yes ]
RNG : option to not use RNG
2016-11-01 01:51:02 +03:00
)
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 19:21:29 +03:00
if test "$ENABLED_RNG" = "no"
RNG : option to not use RNG
2016-11-01 01:51:02 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
fi
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 19:21:29 +03:00
AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"])
RNG : option to not use RNG
2016-11-01 01:51:02 +03:00
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
# DTLS-SCTP
AC_ARG_ENABLE([sctp],
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
[ENABLED_SCTP=$enableval],
[ENABLED_SCTP=no])
Add simple SCTP example tools
2016-08-19 03:02:54 +03:00
AM_CONDITIONAL([BUILD_SCTP], [test "x$ENABLED_SCTP" = "xyes"])
DTLS-SCTP Tests 1. Added a check to configure for SCTP availablility. 2. Added DTLS-SCTP to the cipher suite test.
2016-08-30 01:15:59 +03:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AC_MSG_CHECKING([for SCTP])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <sys/socket.h>
#include <arpa/inet.h>
]],
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
])
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs.
2016-12-07 01:08:52 +03:00
# DTLS-MULTICAST
AC_ARG_ENABLE([mcast],
[AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
[ENABLED_MCAST=$enableval],
[ENABLED_MCAST=no])
AM_CONDITIONAL([BUILD_MCAST], [test "x$ENABLED_MCAST" = "xyes"])
# RNG
AC_ARG_ENABLE([rng],
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
[ ENABLED_RNG=$enableval ],
[ ENABLED_RNG=yes ]
)
if test "$ENABLED_RNG" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
fi
AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"])
add openssh ./configure build
2015-07-17 19:14:58 +03:00
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
[ENABLED_OPENSSH=$enableval],
[ENABLED_OPENSSH=no])
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
# nginx compatibility build
AC_ARG_ENABLE([nginx],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])],
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
[ ENABLED_NGINX=$enableval ],
[ ENABLED_NGINX=no ]
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])],
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
# signal compatibility build
AC_ARG_ENABLE([signal],
[AS_HELP_STRING([--enable-signal],[Enable signal (default: disabled)])],
[ ENABLED_SIGNAL=$enableval ],
[ ENABLED_SIGNAL=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
# OpenSSL Coexist
AC_ARG_ENABLE([opensslcoexist],
[AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])],
[ ENABLED_OPENSSLCOEXIST=$enableval ],
[ ENABLED_OPENSSLCOEXIST=no ]
)
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"
then
# make sure old names are disabled
enable_oldnames=no
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# OPENSSL Extra Compatibility
switch enable names to no uppercase to match others
2013-03-13 23:58:50 +04:00
AC_ARG_ENABLE([opensslextra],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
fi
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
switch enable names to no uppercase to match others
2013-03-13 23:58:50 +04:00
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
# High Strength Build
AC_ARG_ENABLE([maxstrength],
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strengh build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
[ENABLED_MAXSTRENGTH=$enableval],
[ENABLED_MAXSTRENGTH=no])
add --enable-harden swtich for timing resistance and blinding, on by default
2016-07-25 23:24:36 +03:00
# Harden, enable Timing Resistance and Blinding by default
AC_ARG_ENABLE([harden],
[AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
[ENABLED_HARDEN=$enableval],
[ENABLED_HARDEN=yes])
if test "$ENABLED_HARDEN" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING"
Fix up for building without `./configure` to warn if hardening options are not enabled. Currently `./configure` defaults to `--enable-harden`, but if building sources directly and using `settings.h` or `user_settings.h` the hardening defines will not be set by default. If a user wants to use without hardening they can suppress the warning by defining `WC_NO_HARDEN`.
2017-07-11 00:40:07 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
add --enable-harden swtich for timing resistance and blinding, on by default
2016-07-25 23:24:36 +03:00
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# IPv6 Test Apps
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([ipv6],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ]
)
if test "$ENABLED_IPV6" = "yes"
then
Fixes for building with IPV6. Added new WOLFSSL_IPV6 define to indicate IPV6 support. Fix to not include connect() and socket() calls unless HAVE_HTTP_CLIENT, HAVE_OCSP or HAVE_CRL_IO defined. Typo fixes.
2017-03-15 21:25:24 +03:00
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
fix ipv6 external test case
2015-05-07 22:15:58 +03:00
AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
1.8.8 init
2011-02-05 22:14:47 +03:00
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
# wpa_supplicant support
AC_ARG_ENABLE([wpas],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])],
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
[ ENABLED_WPAS=$enableval ],
[ ENABLED_WPAS=no ]
)
if test "$ENABLED_WPAS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
Only expose ECC APIs on config define
2017-03-17 03:52:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
FIPS changes and fixups Enable ex data explicitly. Keep the peer cert for verification callback. External session cache for hostapd. Enable DES_ECB when not FIPS. Don't send the peer cert if it is not received from peer. Initialize the peer cert after free as will be freed on tear down of SSL. Allow a server to become a client.
2017-03-30 04:53:35 +03:00
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER -DHAVE_EX_DATA -DWOLFSSL_KEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
Fix WPAS config to not use FORTRESS config
2017-09-15 03:49:07 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Fortress build
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([fortress],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])],
add direct AES one block access and ECB DES for compatibility
2011-10-27 04:10:44 +04:00
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
)
Fix WPAS config to not use FORTRESS config
2017-09-15 03:49:07 +03:00
if test "$ENABLED_OPENSSH" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_FORTRESS="yes"
fi
add direct AES one block access and ECB DES for compatibility
2011-10-27 04:10:44 +04:00
if test "$ENABLED_FORTRESS" = "yes"
then
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
add direct AES one block access and ECB DES for compatibility
2011-10-27 04:10:44 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# ssl bump build
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([bump],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])],
add fastmath to bump, add fastmath FP_MAX_BITS runtime check
2011-10-04 23:29:59 +04:00
[ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
remove CERT_EXT from enable-bump cortex test are only done if openssl extra is set
2015-09-14 19:45:14 +03:00
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
add fastmath to bump, add fastmath FP_MAX_BITS runtime check
2011-10-04 23:29:59 +04:00
fi
for lean-psk build: remove big int math, MD4, error strings
2012-11-03 03:49:31 +04:00
ENABLED_SLOWMATH="yes"
added build option for leanPSK
2012-10-30 02:39:42 +04:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# lean psk build
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([leanpsk],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
added build option for leanPSK
2012-10-30 02:39:42 +04:00
[ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ]
)
if test "$ENABLED_LEANPSK" = "yes"
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
for lean-psk build: remove big int math, MD4, error strings
2012-11-03 03:49:31 +04:00
ENABLED_SLOWMATH="no"
Lean PSK trimming 1. leave out memory and io callback functions, expect user supplied 2. leave out cert and DTLS related functions 3. SHA-1 compile option to use slower, rolled-up transform
2012-12-01 03:45:43 +04:00
ENABLED_SINGLETHREADED="yes"
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
enable_lowresource=yes
added build option for leanPSK
2012-10-30 02:39:42 +04:00
fi
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
AC_ARG_ENABLE([leantls],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])],
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
[ ENABLED_LEANTLS=$enableval ],
[ ENABLED_LEANTLS=no ]
)
if test "$ENABLED_LEANTLS" = "yes"
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY"
enable_lowresource=yes
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
fi
AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
# low resource options to reduce flash and memory use
AC_ARG_ENABLE([lowresource],
[AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])],
[ ENABLED_LOWRESOURCE=$enableval ],
[ ENABLED_LOWRESOURCE=no ]
)
if test "$ENABLED_LOWRESOURCE" = "yes"
then
# low memory / flash flags
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL"
# low flash flags
AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
fi
AM_CONDITIONAL([BUILD_LOWMEM], [test "x$ENABLED_LOWRESOURCE" = "xyes"])
1.8.8 init
2011-02-05 22:14:47 +03:00
# big cache
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([bigcache],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ]
)
if test "$ENABLED_BIGCACHE" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
# HUGE cache
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([hugecache],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ]
)
if test "$ENABLED_HUGECACHE" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
add SMALL_SESSION_CACHE define and configure option
2011-09-07 03:23:25 +04:00
# SMALL cache
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([smallcache],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])],
add SMALL_SESSION_CACHE define and configure option
2011-09-07 03:23:25 +04:00
[ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ]
)
if test "$ENABLED_SMALLCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Persistent session cache
add persistent session cache, ssn9
2013-04-24 22:10:23 +04:00
AC_ARG_ENABLE([savesession],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])],
add persistent session cache, ssn9
2013-04-24 22:10:23 +04:00
[ ENABLED_SAVESESSION=$enableval ],
[ ENABLED_SAVESESSION=no ]
)
if test "$ENABLED_SAVESESSION" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Persistent cert cache
add cert cache persistence
2013-05-02 22:34:26 +04:00
AC_ARG_ENABLE([savecert],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])],
add cert cache persistence
2013-05-02 22:34:26 +04:00
[ ENABLED_SAVECERT=$enableval ],
[ ENABLED_SAVECERT=no ]
)
if test "$ENABLED_SAVECERT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-21 01:08:34 +03:00
# Write duplicate WOLFSSL object
AC_ARG_ENABLE([writedup],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])],
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-21 01:08:34 +03:00
[ ENABLED_WRITEDUP=$enableval ],
[ ENABLED_WRITEDUP=no ]
)
if test "$ENABLED_WRITEDUP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Atomic User Record Layer
add atomic user macencrypt cb
2013-08-10 04:27:15 +04:00
AC_ARG_ENABLE([atomicuser],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])],
add atomic user macencrypt cb
2013-08-10 04:27:15 +04:00
[ ENABLED_ATOMICUSER=$enableval ],
[ ENABLED_ATOMICUSER=no ]
)
if test "$ENABLED_ATOMICUSER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Public Key Callbacks
add public key callbacks for ecc sign/verify, examples
2013-08-23 05:19:39 +04:00
AC_ARG_ENABLE([pkcallbacks],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])],
add public key callbacks for ecc sign/verify, examples
2013-08-23 05:19:39 +04:00
[ ENABLED_PKCALLBACKS=$enableval ],
[ ENABLED_PKCALLBACKS=no ]
)
if test "$ENABLED_PKCALLBACKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
add pkcallbacks script test
2016-12-06 22:27:05 +03:00
AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes" ])
add public key callbacks for ecc sign/verify, examples
2013-08-23 05:19:39 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
# SNIFFER
Fixes for hardening flags. Additional fixes for using C++ compiler to compile. Include file pcap.h now gates sniffer for build.
2012-10-20 06:00:17 +04:00
AC_ARG_ENABLE([sniffer],
fix enable-sniffer option in configure.ac
2015-03-12 22:07:48 +03:00
[AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
[ ENABLED_SNIFFER=$enableval ],
[ ENABLED_SNIFFER=no ]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# sniffer doesn't work in maxstrength mode
have ./configure error out on maxstrength + sniffer
2015-04-01 22:30:46 +03:00
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
then
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
fi
fix enable-sniffer option in configure.ac
2015-03-12 22:07:48 +03:00
ENABLED_SNIFFTEST=no
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
[
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DOPENSSL_EXTRA"
AC_CHECK_HEADERS([pcap/pcap.h],
[ ENABLED_SNIFFTEST=yes ],
[ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
)
])
Fixes for hardening flags. Additional fixes for using C++ compiler to compile. Include file pcap.h now gates sniffer for build.
2012-10-20 06:00:17 +04:00
separate sniffer / snifftest ./configure build
2013-12-13 02:20:56 +04:00
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
AM_CONDITIONAL([BUILD_SNIFFTEST], [ test "x$ENABLED_SNIFFTEST" = "xyes" ])
1.8.8 init
2011-02-05 22:14:47 +03:00
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
# AES-GCM
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([aesgcm],
update configure help strings for AESGCM and DH
2015-04-01 02:23:28 +03:00
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
[ ENABLED_AESGCM=$enableval ],
enable gcm by default
2015-03-27 21:12:42 +03:00
[ ENABLED_AESGCM=yes ]
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need gcm
Fixes for LEANTLS and TLS13 builds
2017-07-26 03:43:36 +03:00
if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" &&
test "$ENABLED_TLS13" = "no")
leanpsk doesn't need new gcm, poly, chacah defaults
2015-03-29 21:30:05 +03:00
then
ENABLED_AESGCM=no
fi
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" != "no"
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "word32"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
ENABLED_AESGCM=yes
fi
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
ENABLED_AESGCM=yes
fi
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "table"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
ENABLED_AESGCM=yes
fi
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks
2013-04-02 01:25:20 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
fi
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
added AES-CCM as a configure option
2013-01-11 04:46:47 +04:00
# AES-CCM
AC_ARG_ENABLE([aesccm],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])],
added AES-CCM as a configure option
2013-01-11 04:46:47 +04:00
[ ENABLED_AESCCM=$enableval ],
[ ENABLED_AESCCM=no ]
)
if test "$ENABLED_AESCCM" = "yes"
then
AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks
2013-04-02 01:25:20 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
added AES-CCM as a configure option
2013-01-11 04:46:47 +04:00
fi
added TLS support for AES-CCM-8
2013-01-16 03:20:30 +04:00
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
added AES-CCM as a configure option
2013-01-11 04:46:47 +04:00
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
# AES-CTR
AC_ARG_ENABLE([aesctr],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
[ ENABLED_AESCTR=$enableval ],
[ ENABLED_AESCTR=no ]
)
if test "$ENABLED_AESCTR" = "yes"
then
if test "x$ENABLED_FORTRESS" != "xyes"
then
# This is already implied by fortress build
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
fi
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
# AES-ARM
AC_ARG_ENABLE([armasm],
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 19:22:27 +03:00
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])],
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
[ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ]
)
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes"
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 19:22:27 +03:00
#Check if mcpu and mfpu values already set if not use default
case $CPPFLAGS in
*mcpu* | *mfpu*)
break;; #Do not override user set values
*)
case $host_cpu in
*aarch64*)
#+crypto needed for hardware acceleration
AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]);;
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8"
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]);;
esac
esac
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
fi
AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
Xilinx port
2017-06-07 20:37:21 +03:00
# Xilinx hardened crypto
AC_ARG_ENABLE([xilinx],
[AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
[ ENABLED_XILINX=$enableval ],
[ ENABLED_XILINX=no ]
)
if test "$ENABLED_XILINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XILINX -DWOLFSSL_XILINX_CRYPT"
fi
AM_CONDITIONAL([BUILD_XILINX], [test "x$ENABLED_XILINX" = "xyes"])
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
# INTEL AES-NI
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([aesni],
add intelasm ./configure option
2015-03-29 00:34:39 +03:00
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ]
)
add intelasm ./configure option
2015-03-29 00:34:39 +03:00
# INTEL ASM
AC_ARG_ENABLE([intelasm],
[AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
[ ENABLED_INTELASM=$enableval ],
[ ENABLED_INTELASM=no ]
)
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_ASM" = "yes"
Assembly optimization for AES-NI, and AVX1 and AVX2 Unroll the loop for 8. Use new optimized maths. Fix SHA-384 to use SHA-512 assembly code. Only perform CPU id check in one place.
2017-07-18 03:14:17 +03:00
then
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_AESNI" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
ENABLED_AESNI=yes
fi
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
if test "$GCC" = "yes"
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
then
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# GCC needs these flags, icc doesn't
# opt levels greater than 2 may cause problems on systems w/o aesni
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
fi
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes
fi
add intelasm ./configure option
2015-03-29 00:34:39 +03:00
fi
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
# INTEL RDRAND
AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
[ ENABLED_INTELRDRAND=$enableval ],
[ ENABLED_INTELRDRAND=no ]
)
if test "$ENABLED_INTELRDRAND" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
added stubs, tests, and benchmark for Camellia to ctaocrypt
2013-01-18 09:52:31 +04:00
# Camellia
AC_ARG_ENABLE([camellia],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])],
added stubs, tests, and benchmark for Camellia to ctaocrypt
2013-01-18 09:52:31 +04:00
[ ENABLED_CAMELLIA=$enableval ],
[ ENABLED_CAMELLIA=no ]
)
if test "$ENABLED_CAMELLIA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
fi
AM_CONDITIONAL([BUILD_CAMELLIA], [test "x$ENABLED_CAMELLIA" = "xyes"])
add md2 signature hash support
2012-07-28 01:01:02 +04:00
# MD2
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([md2],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])],
add md2 signature hash support
2012-07-28 01:01:02 +04:00
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
add md2 signature hash support
2012-07-28 01:01:02 +04:00
fi
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# NULL CIPHER
add --enable-null
2013-03-13 05:49:59 +04:00
AC_ARG_ENABLE([nullcipher],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])],
add --enable-null
2013-03-13 05:49:59 +04:00
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_NULL_CIPHER="yes"
fi
add --enable-null
2013-03-13 05:49:59 +04:00
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# RIPEMD
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([ripemd],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ]
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_RIPEMD="yes"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "$ENABLED_RIPEMD" = "yes"
then
close to build test with --disable-examples option
2014-12-19 01:40:09 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
init blake2
2013-01-01 01:10:47 +04:00
# BLAKE2
AC_ARG_ENABLE([blake2],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2 support (default: disabled)])],
init blake2
2013-01-01 01:10:47 +04:00
[ ENABLED_BLAKE2=$enableval ],
[ ENABLED_BLAKE2=no ]
)
if test "$ENABLED_BLAKE2" = "yes"
then
blake2 ctc api, test vecs
2013-03-23 00:30:44 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2"
init blake2
2013-01-01 01:10:47 +04:00
fi
AM_CONDITIONAL([BUILD_BLAKE2], [test "x$ENABLED_BLAKE2" = "xyes"])
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
# set sha512 default
SHA512_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
SHA512_DEFAULT=yes
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# SHA512
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([sha512],
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled on x86_64)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_SHA512=$enableval ],
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
[ ENABLED_SHA512=$SHA512_DEFAULT ]
1.8.8 init
2011-02-05 22:14:47 +03:00
)
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# options that don't require sha512
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
fix leanpsk w/ new defaults
2015-04-01 01:55:39 +03:00
then
ENABLED_SHA512=no
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# options that require sha512
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_SHA512="yes"
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_SHA512" = "yes" && test "$ENABLED_32BIT" = "no"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
# SESSION CERTS
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([sessioncerts],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ]
)
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
if test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_SESSIONCERTS=yes
fi
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
then
ENABLED_SESSIONCERTS=yes
fi
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "$ENABLED_SESSIONCERTS" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
# KEY GENERATION
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([keygen],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ]
)
if test "$ENABLED_KEYGEN" = "yes"
then
working on commit tests
2014-12-30 21:00:18 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
# CERT GENERATION
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([certgen],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ]
)
if test "$ENABLED_CERTGEN" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Added enable-certgen to configure.ac.
2014-01-10 23:50:55 +04:00
# CERT REQUEST GENERATION
AC_ARG_ENABLE([certreq],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])],
Added enable-certgen to configure.ac.
2014-01-10 23:50:55 +04:00
[ ENABLED_CERTREQ=$enableval ],
[ ENABLED_CERTREQ=no ]
)
if test "$ENABLED_CERTREQ" = "yes"
then
if test "$ENABLED_CERTGEN" = "no"
then
AC_MSG_ERROR([cannot enable certreq without enabling certgen.])
fi
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
Added enable-certgen to configure.ac.
2014-01-10 23:50:55 +04:00
fi
Add support for : - PEM public key loading - set/get KeyUsage in CSR and X.509 - set/get SKID in CSR and X.509 - set/get AKID in X.509 - set/get two Certificate Policies OID in X.509
2015-09-07 10:51:21 +03:00
# CERT REQUEST EXTENSION
AC_ARG_ENABLE([certext],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])],
Add support for : - PEM public key loading - set/get KeyUsage in CSR and X.509 - set/get SKID in CSR and X.509 - set/get AKID in X.509 - set/get two Certificate Policies OID in X.509
2015-09-07 10:51:21 +03:00
[ ENABLED_CERTEXT=$enableval ],
[ ENABLED_CERTEXT=no ]
)
if test "$ENABLED_CERTEXT" = "yes"
then
allow cert_ext to work w/o openssl extra
2015-09-09 02:44:13 +03:00
if test "$ENABLED_CERTGEN" = "no"
Add support for : - PEM public key loading - set/get KeyUsage in CSR and X.509 - set/get SKID in CSR and X.509 - set/get AKID in X.509 - set/get two Certificate Policies OID in X.509
2015-09-07 10:51:21 +03:00
then
AC_MSG_ERROR([cannot enable certext without enabling certgen.])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
SEP Extensions 1. Added configure option to enable SEP extensions. 2. Enabled KEEP_PEER_CERT for the SEP configuration. 3. Copy the Certificate Policy extension into the cert as the device type. 4. Copy an other type Alt Name extension into the cert as the hwType and hwSerialNumber, if the alt name has a hardwareModuleName OID.
2013-06-26 03:26:53 +04:00
# SEP
AC_ARG_ENABLE([sep],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])],
SEP Extensions 1. Added configure option to enable SEP extensions. 2. Enabled KEEP_PEER_CERT for the SEP configuration. 3. Copy the Certificate Policy extension into the cert as the device type. 4. Copy an other type Alt Name extension into the cert as the hwType and hwSerialNumber, if the alt name has a hardwareModuleName OID.
2013-06-26 03:26:53 +04:00
[ ENABLED_SEP=$enableval ],
[ ENABLED_SEP=no ]
)
if test "$ENABLED_SEP" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="-DWOLFSSL_SEP -DKEEP_PEER_CERT $AM_CFLAGS"
SEP Extensions 1. Added configure option to enable SEP extensions. 2. Enabled KEEP_PEER_CERT for the SEP configuration. 3. Copy the Certificate Policy extension into the cert as the device type. 4. Copy an other type Alt Name extension into the cert as the hwType and hwSerialNumber, if the alt name has a hardwareModuleName OID.
2013-06-26 03:26:53 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# HKDF
add HMAC-KDF
2013-11-01 05:03:00 +04:00
AC_ARG_ENABLE([hkdf],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])],
add HMAC-KDF
2013-11-01 05:03:00 +04:00
[ ENABLED_HKDF=$enableval ],
[ ENABLED_HKDF=no ]
)
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_HKDF="yes"
fi
add HMAC-KDF
2013-11-01 05:03:00 +04:00
if test "$ENABLED_HKDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
fi
add ANSI-X9.63-KDF support [SEC1]
2016-12-08 06:09:54 +03:00
# X9.63 KDF
AC_ARG_ENABLE([x963kdf],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])],
add ANSI-X9.63-KDF support [SEC1]
2016-12-08 06:09:54 +03:00
[ ENABLED_X963KDF=$enableval ],
[ ENABLED_X963KDF=no ]
)
if test "$ENABLED_X963KDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
# DSA
AC_ARG_ENABLE([dsa],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])],
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
[ ENABLED_DSA=$enableval ],
[ ENABLED_DSA=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_DSA="yes"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
fi
AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"])
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
# set ecc default
ECC_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
ECC_DEFAULT=yes
fi
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
# ECC Shamir
Fixed typo with new "eccshamir" configure option.
2016-05-05 22:24:08 +03:00
AC_ARG_ENABLE([eccshamir],
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
[AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled on x86_64)])],
[ ENABLED_ECC_SHAMIR=$enableval ],
[ ENABLED_ECC_SHAMIR=$ECC_DEFAULT ]
)
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
# ECC
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
AC_ARG_ENABLE([ecc],
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
[AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled on x86_64)])],
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
[ ENABLED_ECC=$enableval ],
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
[ ENABLED_ECC=$ECC_DEFAULT ]
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# lean psk doesn't need ecc
fix leanpsk default changes
2015-04-01 19:37:41 +03:00
if test "$ENABLED_LEANPSK" = "yes"
fix leanpsk w/ new defaults
2015-04-01 01:55:39 +03:00
then
ENABLED_ECC=no
fi
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_ECC="yes"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_ECC" = "yes"
then
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
fi
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
Added ECC API's for using custom curves that are not in the "ecc_sets" list. Added wolfCrypt test to validate/demonstrate custom curve using BRAINPOOL256R1. Exposed "wc_ecc_make_key_ex" and added "wc_ecc_import_x963_ex" / "wc_ecc_import_raw_ex" API's that accept "const ecc_set_type*" for custom curve. Internally use "ECC_CUSTOM_IDX" (-1) to define custom curve is used. Added "--enable-ecccustcurves" option to configure.ac.
2016-06-16 20:09:41 +03:00
# ECC Custom Curves
AC_ARG_ENABLE([ecccustcurves],
[AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
[ ENABLED_ECCCUSTCURVES=$enableval ],
[ ENABLED_ECCCUSTCURVES=no ]
)
if test "$ENABLED_ECCCUSTCURVES" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
Added new `./configure --enable-all` option to enable all features. Allows building all features without using the `--enable-distro` option, which only allows shared build and does not generate an options.h file.
2017-05-18 20:57:28 +03:00
# For distro or all builds, enable all curve types
if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes"
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
fi
Added ECC API's for using custom curves that are not in the "ecc_sets" list. Added wolfCrypt test to validate/demonstrate custom curve using BRAINPOOL256R1. Exposed "wc_ecc_make_key_ex" and added "wc_ecc_import_x963_ex" / "wc_ecc_import_raw_ex" API's that accept "const ecc_set_type*" for custom curve. Internally use "ECC_CUSTOM_IDX" (-1) to define custom curve is used. Added "--enable-ecccustcurves" option to configure.ac.
2016-06-16 20:09:41 +03:00
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
Fixes for compressed keys. Fix to fast math "mp_cnt_lsb" to return proper value, which fixes "mp_jacobi", which fixes "mp_sqrtmod_prime", which fixes compressed keys for 224-bit key. Removed workarounds for compressed keys. Added new configure option "--enable-compkey". Fixed issue with normal math and custom curves where "t2" could be free'd and used. Fixed issue with mp_dump in integer.c, with not allocating correctly sized buffer for toradix.
2016-06-22 00:06:02 +03:00
# Compressed Key
AC_ARG_ENABLE([compkey],
[AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
[ ENABLED_COMPKEY=$enableval ],
[ ENABLED_COMPKEY=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_COMPKEY=yes
fi
Fixes for compressed keys. Fix to fast math "mp_cnt_lsb" to return proper value, which fixes "mp_jacobi", which fixes "mp_sqrtmod_prime", which fixes compressed keys for 224-bit key. Removed workarounds for compressed keys. Added new configure option "--enable-compkey". Fixed issue with normal math and custom curves where "t2" could be free'd and used. Fixed issue with mp_dump in integer.c, with not allocating correctly sized buffer for toradix.
2016-06-22 00:06:02 +03:00
if test "$ENABLED_COMPKEY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
fi
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
# for using memory optimization setting on both curve25519 and ed25519
Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with `CURVED25519_SMALL` define. Adds new defines `CURVE25519_SMALL` and `ED25519_SMALL` to allow individual enabling of math library choice (`_low_mem` or `_operations`). Example: `./configure --enable-ed25519=small --enable-curve25519`.
2017-06-16 19:41:10 +03:00
ENABLED_CURVE25519_SMALL=no
ENABLED_ED25519_SMALL=no
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
rename ecc25519 to curve25519, less confusing with ed25519 now in play too
2015-03-24 21:56:40 +03:00
# CURVE25519
AC_ARG_ENABLE([curve25519],
[AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
[ ENABLED_CURVE25519=$enableval ],
[ ENABLED_CURVE25519=no ]
added in curve25519 crypto
2015-02-19 20:59:05 +03:00
)
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
add support for curve 25519 and Ed25519 in OpenSSH refactor curve25519 and Ed25519 code fix warning in PEM_xxx_mem_xxx functions
2015-08-01 19:28:18 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_CURVE25519="yes"
fi
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_CURVE25519" != "no"
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
ENABLED_CURVE25519_SMALL=yes
ENABLED_CURVE25519=yes
fi
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_CURVE25519" = "no128bit"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
ENABLED_CURVE25519=yes
fi
Fix issue with ARMv8 not performing 128-bit math against constants correctly in debug builds. Fix was to use the `__int128_t` as const for integers. Also added `./configure --enable-curve25519=no128bit` option to force FE to not use the `int128_t` math.
2017-07-14 20:39:30 +03:00
rename ecc25519 to curve25519, less confusing with ed25519 now in play too
2015-03-24 21:56:40 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
ENABLED_FEMATH=yes
added in curve25519 crypto
2015-02-19 20:59:05 +03:00
fi
rename ecc25519 to curve25519, less confusing with ed25519 now in play too
2015-03-24 21:56:40 +03:00
AM_CONDITIONAL([BUILD_CURVE25519], [test "x$ENABLED_CURVE25519" = "xyes"])
Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with `CURVED25519_SMALL` define. Adds new defines `CURVE25519_SMALL` and `ED25519_SMALL` to allow individual enabling of math library choice (`_low_mem` or `_operations`). Example: `./configure --enable-ed25519=small --enable-curve25519`.
2017-06-16 19:41:10 +03:00
AM_CONDITIONAL([BUILD_CURVE25519_SMALL], [test "x$ENABLED_CURVE25519_SMALL" = "xyes"])
added in curve25519 crypto
2015-02-19 20:59:05 +03:00
initial ed25519 implementation
2015-03-19 20:40:41 +03:00
# ED25519
AC_ARG_ENABLE([ed25519],
adjust ./configure format, change ed sign/verify to msg from hash
2015-03-19 22:48:32 +03:00
[AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
initial ed25519 implementation
2015-03-19 20:40:41 +03:00
[ ENABLED_ED25519=$enableval ],
[ ENABLED_ED25519=no ]
)
add support for curve 25519 and Ed25519 in OpenSSH refactor curve25519 and Ed25519 code fix warning in PEM_xxx_mem_xxx functions
2015-08-01 19:28:18 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_ED25519="yes"
fi
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no"
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"
ENABLED_ED25519_SMALL=yes
ENABLED_ED25519=yes
fi
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
initial ed25519 implementation
2015-03-19 20:40:41 +03:00
if test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])
fi
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
fi
AM_CONDITIONAL([BUILD_ED25519], [test "x$ENABLED_ED25519" = "xyes"])
Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with `CURVED25519_SMALL` define. Adds new defines `CURVE25519_SMALL` and `ED25519_SMALL` to allow individual enabling of math library choice (`_low_mem` or `_operations`). Example: `./configure --enable-ed25519=small --enable-curve25519`.
2017-06-16 19:41:10 +03:00
AM_CONDITIONAL([BUILD_ED25519_SMALL], [test "x$ENABLED_ED25519_SMALL" = "xyes"])
initial ed25519 implementation
2015-03-19 20:40:41 +03:00
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"])
# FP ECC, Fixed Point cache ECC
add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next
2013-09-07 01:24:31 +04:00
AC_ARG_ENABLE([fpecc],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next
2013-09-07 01:24:31 +04:00
[ ENABLED_FPECC=$enableval ],
[ ENABLED_FPECC=no ]
)
if test "$ENABLED_FPECC" = "yes"
then
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
if test "$ENABLED_ECC" = "no"
then
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
fi
add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next
2013-09-07 01:24:31 +04:00
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
# ECC encrypt
AC_ARG_ENABLE([eccencrypt],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled)])],
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
[ ENABLED_ECC_ENCRYPT=$enableval ],
[ ENABLED_ECC_ENCRYPT=no ]
)
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
fi
if test "$ENABLED_HKDF" = "no"
then
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# PSK
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
AC_ARG_ENABLE([psk],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])],
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
add --enable-errorstrings and build check
2013-03-13 22:27:14 +04:00
# ERROR STRINGS
AC_ARG_ENABLE([errorstrings],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])],
add --enable-errorstrings and build check
2013-03-13 22:27:14 +04:00
[ ENABLED_ERROR_STRINGS=$enableval ],
[ ENABLED_ERROR_STRINGS=yes ]
)
if test "$ENABLED_ERROR_STRINGS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off error strings if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-errorstrings and build check
2013-03-13 22:27:14 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no
fi
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# OLD TLS
add --enable-oldtls, build and leanpsk check
2013-03-13 22:49:11 +04:00
AC_ARG_ENABLE([oldtls],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: enabled)])],
add --enable-oldtls, build and leanpsk check
2013-03-13 22:49:11 +04:00
[ ENABLED_OLD_TLS=$enableval ],
[ ENABLED_OLD_TLS=yes ]
)
if test "$ENABLED_OLD_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off old if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-oldtls, build and leanpsk check
2013-03-13 22:49:11 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no
fi
fi
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-15 00:55:48 +03:00
# TLSv1.0
AC_ARG_ENABLE([tlsv10],
[AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])],
[ ENABLED_TLSV10=$enableval ],
[ ENABLED_TLSV10=no ]
)
if test "$ENABLED_TLSV10" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# SSLv3
AC_ARG_ENABLE([sslv3],
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-20 14:22:30 +03:00
[AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
[ ENABLED_SSLV3=$enableval ],
[ ENABLED_SSLV3=no]
)
if test "$ENABLED_SSLV3" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
fi
# STACK SIZE info for examples
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 22:28:38 +04:00
AC_ARG_ENABLE([stacksize],
add trackmemory enable option
2017-05-19 01:46:56 +03:00
[AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 22:28:38 +04:00
[ ENABLED_STACKSIZE=$enableval ],
[ ENABLED_STACKSIZE=no ]
)
if test "$ENABLED_STACKSIZE" = "yes"
then
AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
Merge branch 'master' of https://github.com/cyassl/cyassl
2013-06-20 00:04:43 +04:00
AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE -DWOLFSSL_LOW_MEMORY"
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 22:28:38 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# MEMORY
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
AC_ARG_ENABLE([memory],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])],
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
[ ENABLED_MEMORY=$enableval ],
[ ENABLED_MEMORY=yes ]
)
if test "$ENABLED_MEMORY" = "no"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off memory cb if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
then
configure.ac updates
2014-12-31 23:04:03 +03:00
# but don't turn on NO_WOLFSSL_MEMORY because using own
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
ENABLED_MEMORY=no
fi
fi
AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
require using wolfSSL memory when enabling trackmemory
2017-05-20 00:24:38 +03:00
# MEMORY SIZE info
AC_ARG_ENABLE([trackmemory],
[AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])],
[ ENABLED_TRACKMEMORY=$enableval ],
[ ENABLED_TRACKMEMORY=no ]
)
if test "$ENABLED_TRACKMEMORY" = "yes"
then
if test "$ENABLED_MEMORY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY"
else
AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).])
fi
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# RSA
add --disable-rsa, bump dev version
2013-03-11 23:49:59 +04:00
AC_ARG_ENABLE([rsa],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled)])],
add --disable-rsa, bump dev version
2013-03-11 23:49:59 +04:00
[ ENABLED_RSA=$enableval ],
[ ENABLED_RSA=yes ]
)
if test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off RSA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --disable-rsa, bump dev version
2013-03-11 23:49:59 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no
fi
fi
AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
TLS v1.2 and PSS Cleanup the TLS v1.3 PSS code as well. Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer a simple memcmp with the digest.
2017-05-18 08:32:06 +03:00
# RSA-PSS
AC_ARG_ENABLE([rsapss],
[ --enable-rsapss Enable RSA-PSS (default: disabled)],
[ ENABLED_RSAPSS=$enableval ],
[ ENABLED_RSAPSS=no ]
)
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSAPSS="no"
else
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_RSAPSS="yes"
fi
fi
if test "$ENABLED_RSAPSS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
# DH
AC_ARG_ENABLE([dh],
update configure help strings for AESGCM and DH
2015-04-01 02:23:28 +03:00
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
[ ENABLED_DH=$enableval ],
enable dh by default
2015-03-27 20:23:15 +03:00
[ ENABLED_DH=yes ]
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_DH="yes"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off DH if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no
fi
fi
Fix no ECC builds with TLS13 code. Fix tests so that having ECC disabled works as well. Fix define protection for Draft 18 and HRR Cookie.
2017-10-20 04:24:20 +03:00
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_DH" = "yes"
then
AM_CFLAGS="-DHAVE_FFDHE_2048 $AM_CFLAGS"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
AM_CONDITIONAL([BUILD_DH], [test "x$ENABLED_DH" = "xyes"])
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 22:44:32 +03:00
# Anonymous
AC_ARG_ENABLE([anon],
[AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
[ ENABLED_ANON=$enableval ],
[ ENABLED_ANON=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "x$ENABLED_WPAS" = "xyes"
then
ENABLED_ANON=yes
fi
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 22:44:32 +03:00
if test "x$ENABLED_ANON" = "xyes"
then
if test "x$ENABLED_DH" != "xyes"
then
AC_MSG_ERROR([Anonymous suite requires DH.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
# ASN
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
# and no big int (unless dh is on)
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
AC_ARG_ENABLE([asn],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "no"
then
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
Fixes so ECC only build works. Fixes so ECC enabled with ASN disabled works and will prevent ECC sign/verify.
2016-02-10 19:53:09 +03:00
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" == "no"
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
then
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
# DH and ECC need bigint
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
else
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
ENABLED_ASN=no
fi
fi
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable rsa if disabling asn.])
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
# DH and ECC need bigint
Fixes so ECC only build works. Fixes so ECC enabled with ASN disabled works and will prevent ECC sign/verify.
2016-02-10 19:53:09 +03:00
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
then
ENABLED_FASTMATH=no
ENABLED_SLOWMATH=no
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
add --enable-aes and build
2013-03-12 04:07:37 +04:00
# AES
AC_ARG_ENABLE([aes],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])],
add --enable-aes and build
2013-03-12 04:07:37 +04:00
[ ENABLED_AES=$enableval ],
[ ENABLED_AES=yes ]
)
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
fortress relies on aes disallowed pair
2015-07-17 18:30:25 +03:00
if test "$ENABLED_FORTRESS" = "yes"
then
AC_MSG_ERROR([fortress requires aes])
fi
ecc_encrypt + hkdf requires aes
2015-07-17 00:31:36 +03:00
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
fi
aes gcm/ccm require aes, duh
2015-03-28 07:30:27 +03:00
if test "$ENABLED_AESGCM" = "yes"
then
AC_MSG_ERROR([AESGCM requires AES.])
fi
if test "$ENABLED_AESCCM" = "yes"
then
AC_MSG_ERROR([AESCCM requires AES.])
fi
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
if test "$ENABLED_AESCTR" = "yes"
then
AC_MSG_ERROR([AESCTR requires AES.])
fi
add --enable-aes and build
2013-03-12 04:07:37 +04:00
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
ENABLED_AES=no
fi
fi
AM_CONDITIONAL([BUILD_AES], [test "x$ENABLED_AES" = "xyes"])
add --enable-coding, build, leanpsk check
2013-03-13 00:12:10 +04:00
# CODING
AC_ARG_ENABLE([coding],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
add --enable-coding, build, leanpsk check
2013-03-13 00:12:10 +04:00
[ ENABLED_CODING=$enableval ],
[ ENABLED_CODING=yes ]
)
if test "$ENABLED_CODING" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else
# turn off CODING if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no
fi
fi
AM_CONDITIONAL([BUILD_CODING], [test "x$ENABLED_CODING" = "xyes"])
Added new public "wc_GetTime" API for getting seconds from the asn.c XTIME. Added new "./configure --enable-base64encode" to enable Base64 encoding (now enabled by default for "x86_64").
2016-06-10 02:26:39 +03:00
# Base64 Encode
BASE64ENCODE_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
BASE64ENCODE_DEFAULT=yes
fi
AC_ARG_ENABLE([base64encode],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64)])],
Added new public "wc_GetTime" API for getting seconds from the asn.c XTIME. Added new "./configure --enable-base64encode" to enable Base64 encoding (now enabled by default for "x86_64").
2016-06-10 02:26:39 +03:00
[ ENABLED_BASE64ENCODE=$enableval ],
[ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
)
if test "$ENABLED_BASE64ENCODE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
fi
add --enable-des3 and build, no strnstr in tests
2013-03-12 20:46:15 +04:00
# DES3
AC_ARG_ENABLE([des3],
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
add --enable-des3 and build, no strnstr in tests
2013-03-12 20:46:15 +04:00
[ ENABLED_DES3=$enableval ],
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
[ ENABLED_DES3=no ]
add --enable-des3 and build, no strnstr in tests
2013-03-12 20:46:15 +04:00
)
add IDEA cipher (ECB and CBC mode) add support of SSL_RSA_WITH_IDEA_CBC_SHA cipher suite (SSLv3, TLS v1.0 and TLSv1.1)
2015-09-23 17:16:39 +03:00
# IDEA
AC_ARG_ENABLE([idea],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-idea],[Enable IDEA Cipher (default: disabled)])],
[ ENABLED_IDEA=$enableval ],
[ ENABLED_IDEA=no ]
)
add IDEA cipher (ECB and CBC mode) add support of SSL_RSA_WITH_IDEA_CBC_SHA cipher suite (SSLv3, TLS v1.0 and TLSv1.1)
2015-09-23 17:16:39 +03:00
if test "x$ENABLED_IDEA" = "xyes"
then
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_IDEA"
add IDEA cipher (ECB and CBC mode) add support of SSL_RSA_WITH_IDEA_CBC_SHA cipher suite (SSLv3, TLS v1.0 and TLSv1.1)
2015-09-23 17:16:39 +03:00
fi
AM_CONDITIONAL([BUILD_IDEA], [test "x$ENABLED_IDEA" = "xyes"])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# ARC4
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
AC_ARG_ENABLE([arc4],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
[ ENABLED_ARC4=$enableval ],
remove rc4 from default build
2015-03-27 20:17:22 +03:00
[ ENABLED_ARC4=no ]
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_ARC4="yes"
fi
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off ARC4 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no
fi
fi
AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# MD5
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
2013-03-12 04:37:08 +04:00
AC_ARG_ENABLE([md5],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])],
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
2013-03-12 04:37:08 +04:00
[ ENABLED_MD5=$enableval ],
[ ENABLED_MD5=yes ]
)
if test "$ENABLED_MD5" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off MD5 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
2013-03-12 04:37:08 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
ENABLED_MD5=no
fi
fi
AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# SHA
add --enable-sha and build, disables examples for now since certs still use sha, when add --disable-certs add more thorough check
2013-03-12 04:53:38 +04:00
AC_ARG_ENABLE([sha],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])],
add --enable-sha and build, disables examples for now since certs still use sha, when add --disable-certs add more thorough check
2013-03-12 04:53:38 +04:00
[ ENABLED_SHA=$enableval ],
[ ENABLED_SHA=yes ]
)
if test "$ENABLED_SHA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off SHA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-sha and build, disables examples for now since certs still use sha, when add --disable-certs add more thorough check
2013-03-12 04:53:38 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no
fi
fi
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
add AES-CMAC
2016-05-24 03:50:36 +03:00
# CMAC
AC_ARG_ENABLE([cmac],
[AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
[ ENABLED_CMAC=$enableval ],
[ ENABLED_CMAC=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_CMAC=yes
fi
add AES-CMAC
2016-05-24 03:50:36 +03:00
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
AM_CONDITIONAL([BUILD_CMAC], [test "x$ENABLED_CMAC" = "xyes"])
add AES-XTS mode --enable-xts
2017-08-31 02:50:15 +03:00
# AES-XTS
AC_ARG_ENABLE([xts],
[AS_HELP_STRING([--enable-xts],[Enable XTS (default: disabled)])],
[ ENABLED_XTS=$enableval ],
[ ENABLED_XTS=no ]
)
AS_IF([test "x$ENABLED_XTS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Web Server Build
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-04 00:18:26 +04:00
AC_ARG_ENABLE([webserver],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-04 00:18:26 +04:00
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
add --enable-pwdbased and build, opensslextra needs
2013-03-12 04:01:05 +04:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# HC128
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([hc128],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hc128],[Enable HC-128 (default: disabled)])],
fix sniffer and hc128 builds
2011-08-25 04:39:23 +04:00
[ ENABLED_HC128=$enableval ],
[ ENABLED_HC128=no ]
)
if test "$ENABLED_HC128" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
lots o warning fixes for rc3
2011-09-29 00:19:05 +04:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
fix sniffer and hc128 builds
2011-08-25 04:39:23 +04:00
fi
AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
1.8.8 init
2011-02-05 22:14:47 +03:00
make rabbit optional with configure option
2012-10-23 04:28:46 +04:00
# RABBIT
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([rabbit],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rabbit],[Enable RABBIT (default: disabled)])],
make rabbit optional with configure option
2012-10-23 04:28:46 +04:00
[ ENABLED_RABBIT=$enableval ],
[ ENABLED_RABBIT=no ]
)
if test "$ENABLED_RABBIT" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
fix github issue #27, better help on fips not working w/o license
2015-03-06 20:15:33 +03:00
# FIPS
add fips enable switch
2014-03-19 20:43:57 +04:00
AC_ARG_ENABLE([fips],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
add fips enable switch
2014-03-19 20:43:57 +04:00
[ ENABLED_FIPS=$enableval ],
[ ENABLED_FIPS=no ]
)
if test "x$ENABLED_FIPS" = "xyes"
then
SHA512 fips mode
2014-03-28 01:03:12 +04:00
# requires thread local storage
require thread local storage for power on self thread check
2014-03-19 21:19:08 +04:00
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([FIPS requires Thread Local Storage])
fi
SHA512 fips mode
2014-03-28 01:03:12 +04:00
# requires SHA512
if test "x$ENABLED_SHA512" = "xno"
then
ENABLED_SHA512="yes"
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
SHA512 fips mode
2014-03-28 01:03:12 +04:00
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
fi
allow aes gcm fips wrappers, no void returns
2014-10-28 01:52:22 +03:00
# requires AESGCM
if test "x$ENABLED_AESGCM" != "xyes"
then
ENABLED_AESGCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
fi
1. Add DES3 enable to full commit test. 2. Added DES3 to the list of FIPS prereqs.
2016-09-15 22:19:32 +03:00
# requires DES3
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
add fips enable switch
2014-03-19 20:43:57 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
FIPS changes and fixups Enable ex data explicitly. Keep the peer cert for verification callback. External session cache for hostapd. Enable DES_ECB when not FIPS. Don't send the peer cert if it is not received from peer. Initialize the peer cert after free as will be freed on tear down of SSL. Allow a server to become a client.
2017-03-30 04:53:35 +03:00
else
if test "x$ENABLED_FORTRESS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
fi
add fips enable switch
2014-03-19 20:43:57 +04:00
fi
AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
Disable SHA-224 in FIPS
2016-11-11 09:29:34 +03:00
# set sha224 default
SHA224_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
Fix logic
2016-11-11 09:38:28 +03:00
if test "x$ENABLED_FIPS" = "xno"
then
SHA224_DEFAULT=yes
fi
Disable SHA-224 in FIPS
2016-11-11 09:29:34 +03:00
fi
# SHA224
AC_ARG_ENABLE([sha224],
[AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64)])],
[ ENABLED_SHA224=$enableval ],
[ ENABLED_SHA224=$SHA224_DEFAULT ]
)
if test "$ENABLED_SHA224" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
fi
AM_CONDITIONAL([BUILD_SHA224], [test "x$ENABLED_SHA224" = "xyes"])
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
# set sha3 default
SHA3_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
if test "x$ENABLED_FIPS" = "xno"
then
SHA3_DEFAULT=yes
fi
fi
# SHA3
AC_ARG_ENABLE([sha3],
[AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64)])],
[ ENABLED_SHA3=$enableval ],
[ ENABLED_SHA3=$SHA3_DEFAULT ]
)
if test "$ENABLED_SHA3" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL"
ENABLED_SHA3="yes"
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
fi
AM_CONDITIONAL([BUILD_SHA3], [test "x$ENABLED_SHA3" = "xyes"])
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
# set POLY1305 default
POLY1305_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
POLY1305_DEFAULT=no
fi
# POLY1305
AC_ARG_ENABLE([poly1305],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
[ ENABLED_POLY1305=$enableval ],
[ ENABLED_POLY1305=$POLY1305_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need poly1305
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
then
ENABLED_POLY1305=no
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_POLY1305" = "yes" && test "$ENABLED_32BIT" = "no"
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
fi
AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
# set CHACHA default
CHACHA_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
CHACHA_DEFAULT=no
fi
# CHACHA
AC_ARG_ENABLE([chacha],
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
[ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need chacha
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
then
ENABLED_CHACHA=no
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
fi
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
if test "$ENABLED_CHACHA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
fi
AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
# Hash DRBG
AC_ARG_ENABLE([hashdrbg],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])],
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
[ ENABLED_HASHDRBG=$enableval ],
make HASH-DRBG default RNG w/ autoconf
2014-12-01 20:12:26 +03:00
[ ENABLED_HASHDRBG=yes ]
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
)
if test "x$ENABLED_HASHDRBG" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
else
Retain existing HAVE_HASHDRBG functionality and only disable if ./configure --disable-hashdrbg or WC_NO_HASHDRBG defined. Fix use of warning with VS. Fix to only use rng seed as source if no DRBG.
2017-03-17 23:44:53 +03:00
# turn on Hash DRBG if FIPS is on
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
if test "x$ENABLED_FIPS" = "xyes"
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
ENABLED_HASHDRBG=yes
Retain existing HAVE_HASHDRBG functionality and only disable if ./configure --disable-hashdrbg or WC_NO_HASHDRBG defined. Fix use of warning with VS. Fix to only use rng seed as source if no DRBG.
2017-03-17 23:44:53 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
fi
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Filesystem Build
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
AC_ARG_ENABLE([filesystem],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])],
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
[ ENABLED_FILESYSTEM=$enableval ],
[ ENABLED_FILESYSTEM=yes ]
move ProcessChainBufer out of filesystem only, add configure option for noFilesystem
2011-06-30 21:07:49 +04:00
)
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
if test "$ENABLED_FILESYSTEM" = "no"
move ProcessChainBufer out of filesystem only, add configure option for noFilesystem
2011-06-30 21:07:49 +04:00
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
else
# turn off filesystem if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no
fi
move ProcessChainBufer out of filesystem only, add configure option for noFilesystem
2011-06-30 21:07:49 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# inline Build
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
AC_ARG_ENABLE([inline],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
[ ENABLED_INLINE=$enableval ],
[ ENABLED_INLINE=yes ]
add --enable-noInline option for easier testing of it
2011-08-03 21:59:08 +04:00
)
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
if test "$ENABLED_INLINE" = "no"
add --enable-noInline option for easier testing of it
2011-08-03 21:59:08 +04:00
then
add ssl bump configure option
2011-08-25 22:41:14 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
add --enable-noInline option for easier testing of it
2011-08-03 21:59:08 +04:00
fi
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"])
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
# OCSP
AC_ARG_ENABLE([ocsp],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
)
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
if test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_OCSP=yes
fi
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
if test "$ENABLED_OCSP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
if test "$ENABLED_OCSP" = "yes"
then
# check openssl command tool for testing ocsp
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
if test "$HAVE_OPENSSL_CMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
else
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
fi
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
# Certificate Status Request : a.k.a. OCSP Stapling
AC_ARG_ENABLE([ocspstapling],
[AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
echo "ELLO"
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
fi
AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
# Certificate Status Request v2 : a.k.a. OCSP stapling v2
AC_ARG_ENABLE([ocspstapling2],
[AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
then
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
fi
fi
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
crl script initialize
2015-07-21 22:56:47 +03:00
# CRL
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([crl],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crl],[Enable CRL (default: disabled)])],
init crl
2012-05-11 23:22:16 +04:00
[ ENABLED_CRL=$enableval ],
[ ENABLED_CRL=no ],
)
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_CRL=yes
fi
init crl
2012-05-11 23:22:16 +04:00
if test "$ENABLED_CRL" = "yes"
then
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
init crl
2012-05-11 23:22:16 +04:00
fi
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
# CRL Monitor
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([crl-monitor],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])],
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
[ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ],
)
if test "$ENABLED_CRL_MONITOR" = "yes"
then
fix ipv6 unused warning, add os check for crl monitor
2012-11-16 22:47:13 +04:00
case $host_os in
add freebsd crl-monitor support
2012-11-17 01:25:45 +04:00
*linux* | *darwin* | *freebsd*)
fix ipv6 unused warning, add os check for crl monitor
2012-11-16 22:47:13 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
*)
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2016-12-07 18:07:27 +03:00
if test "x$ENABLED_DISTRO" = "xyes" ; then
ENABLED_CRL_MONITOR="no"
else
AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
fi
break;;
fix ipv6 unused warning, add os check for crl monitor
2012-11-16 22:47:13 +04:00
esac
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
fi
AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
# USER CRYPTO
ENABLED_USER_CRYPTO="no"
ENABLED_USER_RSA="no"
AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
trycryptodir=""
AC_ARG_WITH([user-crypto],
[AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
[
CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
LIBS="$LIBS -lusercrypto"
if test "x$withval" != "xno" ; then
trycryptodir=$withval
fi
if test "x$withval" == "xyes" ; then
trycryptodir="/usr/local"
fi
LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
#Look for RSA Init function in usercrypto lib
AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
if test "x$user_rsa_linked" == "xyes" ; then
AC_MSG_NOTICE([User user_rsa.h being used])
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
ENABLED_USER_RSA=yes
ENABLED_USER_CRYPTO=yes
fi
#Display check and find result of link attempts
AC_MSG_CHECKING([for USER_CRYPTO])
if test "x$ENABLED_USER_CRYPTO" == "xno" ; then
AC_MSG_RESULT([no])
AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
Specify its path using --with-user-crypto=/dir/])
else
AC_MSG_RESULT([yes])
# Check if .la is available if not then rely on exported path
AC_CHECK_FILE($trycryptodir/lib/libusercrypto.la, [LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"], [LIB_ADD="-lusercrypto $LIB_ADD"])
AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
fi
]
)
AM_CONDITIONAL([BUILD_USER_RSA], [test "x$ENABLED_USER_RSA" == "xyes"] )
AM_CONDITIONAL([BUILD_USER_CRYPTO], [test "x$ENABLED_USER_CRYPTO" = "xyes"])
if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
then
AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# NTRU
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
[AS_HELP_STRING([--with-ntru=PATH],[Path to NTRU install (default /usr/)])],
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
[
AC_MSG_CHECKING([for NTRU])
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS"
Use ntru functions from stable libntruencrypt api ntru_crypto_external_drbg_instantiate has been renamed to ntru_crypto_drbg_external_instantiate in the 1.0.0 release of libntruencrypt. Made various other small changes to build against libntruencrypt.
2015-07-16 22:43:50 +03:00
LIBS="$LIBS -lntruencrypt"
1.8.8 init
2011-02-05 22:14:47 +03:00
Use ntru functions from stable libntruencrypt api ntru_crypto_external_drbg_instantiate has been renamed to ntru_crypto_drbg_external_instantiate in the 1.0.0 release of libntruencrypt. Made various other small changes to build against libntruencrypt.
2015-07-16 22:43:50 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
if test "x$ntru_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
tryntrudir=$withval
fi
if test "x$withval" == "xyes" ; then
tryntrudir="/usr"
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryntrudir/lib"
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
Use ntru functions from stable libntruencrypt api ntru_crypto_external_drbg_instantiate has been renamed to ntru_crypto_drbg_external_instantiate in the 1.0.0 release of libntruencrypt. Made various other small changes to build against libntruencrypt.
2015-07-16 22:43:50 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
if test "x$ntru_linked" == "xno" ; then
AC_MSG_ERROR([NTRU isn't found.
If it's already installed, specify its path using --with-ntru=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
else
AC_MSG_RESULT([yes])
fi
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS"
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
ENABLED_NTRU="yes"
]
)
1.8.8 init
2011-02-05 22:14:47 +03:00
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
# QSH
AC_ARG_ENABLE([qsh],
[AS_HELP_STRING([--enable-qsh],[Enable QSH (default: disabled)])],
[ ENABLED_QSH=$enableval ],
[ ENABLED_QSH=no ]
)
if test "x$ENABLED_QSH" = "xyes"
then
if test "x$ENABLED_NTRU" = "xno"
then
AC_MSG_ERROR([cannot enable qsh without NTRU])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_QSH"
fi
add Whitewood netRandom client library support
2016-05-06 00:31:25 +03:00
# Whitewood netRandom client library
ENABLED_WNR="no"
trywnrdir=""
AC_ARG_WITH([wnr],
[AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
[
AC_MSG_CHECKING([for Whitewood netRandom])
CPPFLAGS="$CPPFLAGS -DHAVE_WNR"
LIBS="$LIBS -lwnr"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
if test "x$wnr_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
trywnrdir=$withval
fi
if test "x$withval" == "xyes" ; then
trywnrdir="/usr/local"
fi
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
CPPFLAGS="$CPPFLAGS -I$trywnrdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
if test "x$wnr_linked" == "xno" ; then
AC_MSG_ERROR([Whitewood netRandom isn't found.
If it's already installed, specify its path using --with-wnr=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
ENABLED_WNR="yes"
]
)
AM_CONDITIONAL([BUILD_WNR], [test "x$ENABLED_WNR" = "xyes"])
merge in sni
2013-05-22 01:37:50 +04:00
# SNI
AC_ARG_ENABLE([sni],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sni],[Enable SNI (default: disabled)])],
merge in sni
2013-05-22 01:37:50 +04:00
[ ENABLED_SNI=$enableval ],
[ ENABLED_SNI=no ]
)
if test "x$ENABLED_SNI" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
fi
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
# Maximum Fragment Length
AC_ARG_ENABLE([maxfragment],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])],
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
[ ENABLED_MAX_FRAGMENT=$enableval ],
[ ENABLED_MAX_FRAGMENT=no ]
)
fix alpn example client merge command options
2015-10-14 01:00:53 +03:00
# ALPN
AC_ARG_ENABLE([alpn],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])],
fix alpn example client merge command options
2015-10-14 01:00:53 +03:00
[ ENABLED_ALPN=$enableval ],
[ ENABLED_ALPN=no ]
)
if test "x$ENABLED_ALPN" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
# Maximum Fragment Length
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
fi
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 22:42:43 +04:00
# Truncated HMAC
AC_ARG_ENABLE([truncatedhmac],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])],
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 22:42:43 +04:00
[ ENABLED_TRUNCATED_HMAC=$enableval ],
[ ENABLED_TRUNCATED_HMAC=no ]
)
if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
fi
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
# Renegotiation Indication - (FAKE Secure Renegotiation)
added renegotiation indication SCSV sending on client hello.
2014-01-21 18:36:06 +04:00
AC_ARG_ENABLE([renegotiation-indication],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])],
added renegotiation indication SCSV sending on client hello.
2014-01-21 18:36:06 +04:00
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
[ ENABLED_RENEGOTIATION_INDICATION=no ]
)
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
fix hello_request processing w/ mac-verify at upper layer
2014-09-06 01:29:18 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
added renegotiation indication SCSV sending on client hello.
2014-01-21 18:36:06 +04:00
fi
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
# Secure Renegotiation
AC_ARG_ENABLE([secure-renegotiation],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
[ ENABLED_SECURE_RENEGOTIATION=$enableval ],
[ ENABLED_SECURE_RENEGOTIATION=no ]
)
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
then
don't allow scr and fake indication together
2014-10-02 21:18:11 +04:00
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
fi
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION"
fi
Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion.
2014-02-03 23:11:57 +04:00
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
[ENABLED_SUPPORTED_CURVES=$enableval],
[ENABLED_SUPPORTED_CURVES=$ECC_DEFAULT])
added Elliptic Curves Extensions implementation and configuration.
2013-08-26 19:44:50 +04:00
Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion.
2014-02-03 23:11:57 +04:00
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
added Elliptic Curves Extensions implementation and configuration.
2013-08-26 19:44:50 +04:00
then
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
AS_IF([test "x$ENABLED_ECC" = "xno"],
[ENABLED_SUPPORTED_CURVES=no],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
added Elliptic Curves Extensions implementation and configuration.
2013-08-26 19:44:50 +04:00
fi
fix TURN_ON mask adds --enable-session-ticket configure option
2014-09-29 23:43:28 +04:00
# Session Ticket Extension
AC_ARG_ENABLE([session-ticket],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
fix TURN_ON mask adds --enable-session-ticket configure option
2014-09-29 23:43:28 +04:00
[ ENABLED_SESSION_TICKET=$enableval ],
[ ENABLED_SESSION_TICKET=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_SESSION_TICKET=yes
fi
fix TURN_ON mask adds --enable-session-ticket configure option
2014-09-29 23:43:28 +04:00
if test "x$ENABLED_SESSION_TICKET" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
initial extended master secret support
2016-09-02 00:12:54 +03:00
# Extended Master Secret Extension
AC_ARG_ENABLE([extended-master],
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-10 09:16:52 +03:00
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
initial extended master secret support
2016-09-02 00:12:54 +03:00
[ ENABLED_EXTENDED_MASTER=$enableval ],
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-10 09:16:52 +03:00
[ ENABLED_EXTENDED_MASTER=yes ]
initial extended master secret support
2016-09-02 00:12:54 +03:00
)
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
then
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-10 09:16:52 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
initial extended master secret support
2016-09-02 00:12:54 +03:00
fi
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
# TLS Extensions
AC_ARG_ENABLE([tlsx],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])],
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
[ ENABLED_TLSX=$enableval ],
[ ENABLED_TLSX=no ]
)
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_TLSX=yes
fi
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
if test "x$ENABLED_TLSX" = "xyes"
then
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_ALPN=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN"
# Check the ECC supported curves prereq
AS_IF([test "x$ENABLED_ECC" = "xyes"],
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
TLS v1.3 0-RTT
2017-06-19 04:37:10 +03:00
# Early Data handshake in TLS v1.3 and above
AC_ARG_ENABLE([earlydata],
[AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])],
Updates from code review
2017-06-22 05:40:41 +03:00
[ ENABLED_TLS13_EARLY_DATA=$enableval ],
[ ENABLED_TLS13_EARLY_DATA=no ]
TLS v1.3 0-RTT
2017-06-19 04:37:10 +03:00
)
Updates from code review
2017-06-22 05:40:41 +03:00
if test "$ENABLED_TLS13_EARLY_DATA" = "yes"
TLS v1.3 0-RTT
2017-06-19 04:37:10 +03:00
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling tls13.])
fi
if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
fi
AM_CFLAGS="-DWOLFSSL_EARLY_DATA $AM_CFLAGS"
fi
fix --enable-pkcs7 configure.ac
2014-01-11 03:11:17 +04:00
# PKCS7
initial PKCS#7 stubs, tie into ./configure
2014-01-11 02:17:03 +04:00
AC_ARG_ENABLE([pkcs7],
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
[AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
initial PKCS#7 stubs, tie into ./configure
2014-01-11 02:17:03 +04:00
[ ENABLED_PKCS7=$enableval ],
fix --enable-pkcs7 configure.ac
2014-01-11 03:11:17 +04:00
[ ENABLED_PKCS7=no ],
initial PKCS#7 stubs, tie into ./configure
2014-01-11 02:17:03 +04:00
)
1. Bumped release version in configure.ac. 2. Added enable option for SCEP. Enables prereqs. 3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 23:35:43 +04:00
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
# wolfSSH Options
AC_ARG_ENABLE([ssh],
[AS_HELP_STRING([--enable-ssh],[Enable wolfSSH options (default: disabled)])],
[ ENABLED_WOLFSSH=$enableval ],
[ ENABLED_WOLFSSH=no ]
)
1. Bumped release version in configure.ac. 2. Added enable option for SCEP. Enables prereqs. 3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 23:35:43 +04:00
# Simple Certificate Enrollment Protocol (SCEP)
AC_ARG_ENABLE([scep],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])],
1. Bumped release version in configure.ac. 2. Added enable option for SCEP. Enables prereqs. 3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 23:35:43 +04:00
[ ENABLED_WOLFSCEP=$enableval ],
[ ENABLED_WOLFSCEP=no ]
)
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Secure Remote Password
AC_ARG_ENABLE([srp],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])],
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
[ ENABLED_SRP=$enableval ],
[ ENABLED_SRP=no ]
)
if test "x$ENABLED_SRP" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"])
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
# Small Stack
AC_ARG_ENABLE([smallstack],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])],
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
[ ENABLED_SMALL_STACK=$enableval ],
Making small stack usage disabled by default
2014-05-12 15:34:19 +04:00
[ ENABLED_SMALL_STACK=no ]
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
)
CYASSL_SMALL_STACK build option (default enabled)
2014-04-16 20:25:51 +04:00
if test "x$ENABLED_SMALL_STACK" = "xyes"
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
fi
add enable-valgrind
2012-12-05 09:28:18 +04:00
#valgrind
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([valgrind],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])],
add enable-valgrind
2012-12-05 09:28:18 +04:00
[ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ]
)
if test "$ENABLED_VALGRIND" = "yes"
then
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
add enable-valgrind
2012-12-05 09:28:18 +04:00
fix valgrind prog check, catch more failures
2013-05-17 03:20:51 +04:00
if test "$HAVE_VALGRIND" = "no"
then
add enable-valgrind
2012-12-05 09:28:18 +04:00
AC_MSG_ERROR([Valgrind not found.])
fi
enable_shared=no
configure switch to enable_static on if shared off when hardsetting for valgrind or cavium
2013-03-28 02:17:21 +04:00
enable_static=yes
don't output debug messages in testsuite if valgrind on
2013-01-05 03:52:46 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
add enable-valgrind
2012-12-05 09:28:18 +04:00
fi
AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Test certs, use internal cert functions for extra testing
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([testcert],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])],
fix asn public interface, some potential collisions
2011-06-04 00:01:45 +04:00
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
)
if test "$ENABLED_TESTCERT" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
fix asn public interface, some potential collisions
2011-06-04 00:01:45 +04:00
fi
add enable-iopool , simple I/O pool example using memory overrides
2014-03-14 05:54:51 +04:00
# I/O Pool, an example to show user how to override memory handler and use
# a pool for the input/output buffer requests
AC_ARG_ENABLE([iopool],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])],
add enable-iopool , simple I/O pool example using memory overrides
2014-03-14 05:54:51 +04:00
[ ENABLED_IOPOOL=$enableval ],
[ ENABLED_IOPOOL=no ]
)
if test "$ENABLED_IOPOOL" = "yes"
then
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Certificate Service Support
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
AC_ARG_ENABLE([certservice],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
[ ENABLED_CERT_SERVICE=$enableval ],
[ ENABLED_CERT_SERVICE=no ]
)
if test "$ENABLED_CERT_SERVICE" = "yes"
then
add to certservice requirements
2014-02-13 20:53:12 +04:00
# Requires ecc,certgen, and opensslextra make sure on
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
fi
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
add to certservice requirements
2014-02-13 20:53:12 +04:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
fi
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
# wolfSSL JNI
AC_ARG_ENABLE([jni],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])],
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
[ ENABLED_JNI=$enableval ],
[ ENABLED_JNI=no ]
)
if test "$ENABLED_JNI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
# Enable prereqs if not already enabled
if test "x$ENABLED_DTLS" = "xno"
then
ENABLED_DTLS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
fi
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2016-12-07 18:07:27 +03:00
if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
then
ENABLED_CRL_MONITOR="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
fi
if test "x$ENABLED_SAVESESSION" = "xno"
then
ENABLED_SAVESESSION="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
if test "x$ENABLED_SAVECERT" = "xno"
then
ENABLED_SAVECERT="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
if test "x$ENABLED_ATOMICUSER" = "xno"
then
ENABLED_ATOMICUSER="yes"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
fix jni build enabling ecc on non 64 bit platforms
2015-11-14 02:58:05 +03:00
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
fi
if test "x$ENABLED_PKCALLBACKS" = "xno"
then
ENABLED_PKCALLBACKS="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
if test "x$ENABLED_DH" = "xno"
then
ENABLED_DH="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
fi
if test "x$ENABLED_PSK" = "xno"
then
ENABLED_PSK="yes"
fi
fi
add enable lighty
2015-07-09 18:14:33 +03:00
# lighty Support
AC_ARG_ENABLE([lighty],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
add enable lighty
2015-07-09 18:14:33 +03:00
[ ENABLED_LIGHTY=$enableval ],
[ ENABLED_LIGHTY=no ]
)
if test "$ENABLED_LIGHTY" = "yes"
then
# Requires opensslextra make sure on
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
add enable lighty
2015-07-09 18:14:33 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
fi
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
if test "$ENABLED_NGINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX"
fi
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
if test "$ENABLED_HAPROXY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
# Requires opensslextra make sure on
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
if test "$ENABLED_SIGNAL" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL"
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes"
then
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
Fixes required after logging changes to master.
2017-02-09 09:28:32 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
fi
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
# stunnel Support
AC_ARG_ENABLE([stunnel],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])],
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
[ ENABLED_STUNNEL=$enableval ],
[ ENABLED_STUNNEL=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_STUNNEL="yes"
fi
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
if test "$ENABLED_STUNNEL" = "yes"
then
# Requires opensslextra make sure on
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
Adding sni to mimic openssl functionality
2015-08-12 19:10:30 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
fi
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
# Requires coding make sure on
if test "x$ENABLED_CODING" = "xno"
then
ENABLED_CODING="yes"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
merge pull request 96
2015-07-17 02:46:37 +03:00
# Requires crls, make sure on
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
fi
Stunnel needs sni and tlsext
2015-08-13 05:38:51 +03:00
stunnel 5.36 requires des3. Enable by default
2016-10-05 22:17:26 +03:00
# Requires DES3, make sure on
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
Stunnel needs sni and tlsext
2015-08-13 05:38:51 +03:00
# Requires tlsx, make sure on
if test "x$ENABLED_TLSX" = "xno"
then
ENABLED_TLSX="yes"
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 19:44:14 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
# Check the ECC supported curves prereq
AS_IF([test "x$ENABLED_ECC" = "xyes"],
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
Stunnel needs sni and tlsext
2015-08-13 05:38:51 +03:00
fi
turn on ecc with Stunnel
2015-08-28 02:44:55 +03:00
# Requires ecc make sure on
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
enable ecc with stunnel
2015-10-12 18:25:54 +03:00
ENABLED_ECC="yes"
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
turn on ecc with Stunnel
2015-08-28 02:44:55 +03:00
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
turn on ecc with Stunnel
2015-08-28 02:44:55 +03:00
fi
Adding sni to mimic openssl functionality
2015-08-12 19:10:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
fi
Turns on PSK when compiling for stunnel
2015-08-27 20:05:29 +03:00
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
&& test "x$ENABLED_STUNNEL" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
if test "$ENABLED_PSK" = "no" && \
(test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
then
ENABLED_PSK=yes
fi
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
# MD4
AC_ARG_ENABLE([md4],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes"
then
ENABLED_MD4="yes"
else
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
fi
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
add enable lighty
2015-07-09 18:14:33 +03:00
move pwdbased lower in config for openssl manual sets
2015-02-16 20:54:55 +03:00
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
AC_ARG_ENABLE([pwdbased],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
move pwdbased lower in config for openssl manual sets
2015-02-16 20:54:55 +03:00
[ ENABLED_PWDBASED=$enableval ],
[ ENABLED_PWDBASED=no ]
)
if test "$ENABLED_PWDBASED" = "no"
then
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
then
# opensslextra and webserver needs pwdbased
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
fi
fi
AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"])
Implementation of scrypt Tests and benchmarking added. Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 09:47:54 +03:00
AC_ARG_ENABLE([scrypt],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])],
Implementation of scrypt Tests and benchmarking added. Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 09:47:54 +03:00
[ ENABLED_SCRYPT=$enableval ],
[ ENABLED_SCRYPT=no ]
)
if test "$ENABLED_SCRYPT" = "yes"
then
if test "$ENABLED_PWDBASED" = "no"
then
AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
fi
AM_CONDITIONAL([BUILD_SCRYPT], [test "x$ENABLED_SCRYPT" = "xyes"])
add --enable-cryptonly build option
2015-09-11 02:24:25 +03:00
# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])
if test "$ENABLED_CRYPTONLY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
fi
AM_CONDITIONAL([BUILD_CRYPTONLY], [test "x$ENABLED_CRYPTONLY" = "xyes"])
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
if test "x$ENABLED_CRYPTONLY" = "xno"
then
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
if test "x$ENABLED_ECC" = "xyes" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
fi
add --enable-cryptonly build option
2015-09-11 02:24:25 +03:00
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
# set fastmath default
FASTMATH_DEFAULT=no
use host_cpu instead of target_cpu to determine cpu to run on, target is now only for cross compilation tools
2014-02-13 21:33:30 +04:00
if test "$host_cpu" = "x86_64"
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
then
Configure options to allow stunnel to use fastmath
2015-07-18 00:05:04 +03:00
FASTMATH_DEFAULT=yes
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
fi
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
# fastmath
AC_ARG_ENABLE([fastmath],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: enabled on x86_64)])],
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
[ ENABLED_FASTMATH=$enableval ],
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
[ ENABLED_FASTMATH=$FASTMATH_DEFAULT]
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
# turn off fastmth if leanpsk on or asn off (w/o DH and ECC)
change autconf system to default to fastmath now
2013-03-19 02:32:04 +04:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
then
Fixes so ECC only build works. Fixes so ECC enabled with ASN disabled works and will prevent ECC sign/verify.
2016-02-10 19:53:09 +03:00
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
then
ENABLED_FASTMATH=no
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
change autconf system to default to fastmath now
2013-03-19 02:32:04 +04:00
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
if test "$host_cpu" = "x86_64"
then
# Have settings.h set FP_MAX_BITS higher if user didn't set directly
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
fi
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
# Enable Examples, used to disable examples
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([examples],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
[ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ]
)
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
add --enable-cryptonly build option
2015-09-11 02:24:25 +03:00
AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option.
2016-02-26 17:30:11 +03:00
AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS], [test "x$ENABLED_EXAMPLES" = "xyes"])
AM_CONDITIONAL([BUILD_TESTS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Also made sure use of both NO_CRYPT_BENCHMARK and NO_CRYPT_TEST in "./configure CFLAGS=-D" scenario work correctly.
2016-02-04 23:06:24 +03:00
# Enable wolfCrypt test and benchmark
AC_ARG_ENABLE([crypttests],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])],
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Also made sure use of both NO_CRYPT_BENCHMARK and NO_CRYPT_TEST in "./configure CFLAGS=-D" scenario work correctly.
2016-02-04 23:06:24 +03:00
[ ENABLED_CRYPT_TESTS=$enableval ],
[ ENABLED_CRYPT_TESTS=yes ]
)
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS], [test "x$ENABLED_CRYPT_TESTS" = "xyes"])
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
# LIBZ
add macpi huffman
2013-03-21 01:37:05 +04:00
ENABLED_LIBZ="no"
1.8.8 init
2011-02-05 22:14:47 +03:00
trylibzdir=""
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_WITH([libz],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ --with-libz=PATH PATH to libz install (default /usr/) ],
[
AC_MSG_CHECKING([for libz])
CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
LIBS="$LIBS -lz"
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "x$libz_linked" == "xno" ; then
if test "x$withval" != "xno" ; then
trylibzdir=$withval
fi
if test "x$withval" == "xyes" ; then
trylibzdir="/usr"
fi
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_LDFLAGS="$AM_LDFLAGS -L$trylibzdir/lib"
1.8.8 init
2011-02-05 22:14:47 +03:00
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "x$libz_linked" == "xno" ; then
AC_MSG_ERROR([libz isn't found.
If it's already installed, specify its path using --with-libz=/dir/])
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
added stubs and a test for ctaocrypt compress
2013-03-20 03:25:58 +04:00
ENABLED_LIBZ="yes"
1.8.8 init
2011-02-05 22:14:47 +03:00
]
)
added stubs and a test for ctaocrypt compress
2013-03-20 03:25:58 +04:00
AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
1.8.8 init
2011-02-05 22:14:47 +03:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# cavium
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
trycaviumdir=""
AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
LIB_ADD="-lrt $LIB_ADD"
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
],
[ ENABLED_CAVIUM=no ]
)
# cavium V
trycaviumdir=""
AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
LIB_ADD="-lrt $LIB_ADD"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/obj/cavium_common.o $trycaviumdir/api/obj/cavium_sym_crypto.o $trycaviumdir/api/obj/cavium_asym_crypto.o"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
#AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
if test "x$cavium_linked" == "xno" ; then
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium-v=/dir/])
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
[
ENABLED_CAVIUM_=no
ENABLED_CAVIUM_V=no
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
]
)
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# Intel Quick Assist
tryqatdir=""
AC_ARG_WITH([intelqa],
[ --with-intelqa=PATH PATH to Intel QuickAssit (QAT) driver dir ],
[
AC_MSG_CHECKING([for intelqa])
CPPFLAGS="$CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
if test "x$withval" == "xyes" ; then
AC_MSG_ERROR([need a PATH for --with-intelqa])
fi
if test "x$withval" != "xno" ; then
tryqatdir=$withval
fi
CPPFLAGS="$CPPFLAGS -I$tryqatdir/quickassist/include -I$tryqatdir/quickassist/include/lac -I$tryqatdir/quickassist/utilities/osal/include -I$tryqatdir/quickassist/utilities/osal/src/linux/user_space/include -I$tryqatdir/quickassist/lookaside/access_layer/include -I$tryqatdir/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel"
LDFLAGS="$LDFLAGS -L$tryqatdir/build -Wl,-Map=output.map"
LIBS="$LIBS -licp_qa_al_s"
LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]], [[ Cpa16U count = 0; cpaCyGetNumInstances(&count); ]])],[ intelqa_linked=yes ],[ intelqa_linked=no ])
if test "x$intelqa_linked" == "xno" ; then
AC_MSG_ERROR([Intel QuickAssist not found.
If it's already installed, specify its path using --with-intelqa=/dir/])
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
fi
AC_MSG_RESULT([yes])
ENABLED_INTEL_QA=yes
],
[
ENABLED_INTEL_QA=no
]
)
AM_CONDITIONAL([BUILD_INTEL_QA], [test "x$ENABLED_INTEL_QA" = "xyes"])
Single Precision maths for RSA (and DH) Single Precision ECC implementation
2017-08-10 10:27:22 +03:00
# Single Precision maths implementation
AC_ARG_ENABLE([sp],
[AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
[ ENABLED_SP=$enableval ],
Turn off SP by default
2017-10-17 02:32:24 +03:00
[ ENABLED_SP=no ],
Single Precision maths for RSA (and DH) Single Precision ECC implementation
2017-08-10 10:27:22 +03:00
)
for v in `echo $ENABLED_SP | tr "," " "`
do
case $v in
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
yes)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
no)
;;
smallec256 | smallp256 | small256)
ENABLED_SP_ECC=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
;;
ec256 | p256 | 256)
ENABLED_SP_ECC=yes
;;
small2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
2048)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
smallrsa2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
rsa2048)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
;;
small3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
3072)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
smallrsa3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
rsa3072)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
;;
*)
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.])
break;;
esac
done
ENABLED_SP=no
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA"
fi
if test "$ENABLED_DH" = "yes" && test "$ENABLED_SP_DH" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH"
fi
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SP_ECC" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC"
fi
AM_CONDITIONAL([BUILD_SP], [test "x$ENABLED_SP" = "xyes"])
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
# Fast RSA using Intel IPP
ippdir="${srcdir}/IPP"
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
ipplib="lib" # if autoconf guesses 32bit system changes lib directory
fastRSA_found=no
abs_path=`pwd`
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
# set up variables used
IPPLIBS=
IPPHEADERS=
IPPLINK=
AC_ARG_ENABLE([fast-rsa],
[AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
[ ENABLED_FAST_RSA=$enableval ],
[ ENABLED_FAST_RSA=no ],
)
if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected
fi
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# Use static IPP Libraries
if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
case $host_os in
*darwin*)
ipplib="$ipplib/mac_static"
AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
Dynamic IPP libraries supported on Mac])
break;;
*linux*)
ipplib="$ipplib/linux_static"
break;;
*)
ENABLED_FAST_RSA=no
esac
AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no])
AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
if test "$ENABLED_FAST_RSA" = "no"; then
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
else
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# Check for and use bundled IPP libraries
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_NOTICE([Using local IPP crypto library])
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
AC_CHECK_FILES([$abs_path/IPP/include/ippcp.h],
[
# build and default locations on linux and mac
STORE_LDFLAGS=${LDFLAGS}
STORE_CPPFLAGS=${CPPFLAGS}
# using LDFLAGS instead of AM_ temporarily to test link to library
LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
CPPFLAGS="-I$ippdir/include"
AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
name="$ippdir/$ipplib/libippcp"
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
case $host_os in
*darwin*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.dylib], [
IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
], [fastRSA_found=no])
break;;
*linux*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.so.9.0], [
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
else
IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
fi
], [fastRSA_found=no])
break;;
*)
fastRSA_found=no
esac
if test "$fastRSA_found" = "yes"; then
# was succesfull so add tested LDFLAGS to AM_ flags
AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
IPPHEADERS="${srcdir}/IPP/include/*.h"
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
fi
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# restore LDFLAGS to user set
LDFLAGS=${STORE_LDFLAGS}
CPPFLAGS=${STORE_CPPFLAGS}
], [fastRSA_found=no])
fi
# Don't cache the result so it can be checked
AS_UNSET([ac_cv_header_ippcp_h])
AS_UNSET([ac_cv_header_ipp_h])
AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
# Check link and see if user has pre-existing IPP Libraries if not using local
if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
AC_MSG_NOTICE([Checking if IPP crypto library installed])
AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
[
fastRSA_found=yes
AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
], [ fastRSA_found=no])
], [fastRSA_found=no])
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
# Error out on not finding libraries
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
if test "$fastRSA_found" = "no"; then
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
fi
fi # end of if for shared library
else # if user rsa is set than do not use fast rsa option
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
fi
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
fi # end of if for user rsa crypto or fips
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# End result of checking for IPP Libraries
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
AC_MSG_CHECKING([for fast RSA])
if test "$ENABLED_FAST_RSA" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
# add in user crypto header that uses Intel IPP
AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
if test "$enable_shared" = "yes"; then
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
LIBS="$LIBS -lippcore -lippcp"
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
LIB_ADD="-lippcp -lippcore $LIB_ADD"
else
LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
AC_SUBST([IPPLIBS])
AC_SUBST([IPPHEADERS])
AC_SUBST([IPPLINK])
AM_CONDITIONAL([BUILD_FAST_RSA], [test "x$ENABLED_FAST_RSA" = "xyes"])
add staticmemory feature
2016-03-23 19:21:26 +03:00
# static memory use
AC_ARG_ENABLE([staticmemory],
[AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
[ ENABLED_STATICMEMORY=$enableval ],
[ ENABLED_STATICMEMORY=no ]
)
if test "x$ENABLED_STATICMEMORY" = "xyes"
then
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 20:36:31 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
if test "x$ENABLED_FASTMATH" = "xno"
then
AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
fi
add staticmemory feature
2016-03-23 19:21:26 +03:00
fi
add macpi huffman
2013-03-21 01:37:05 +04:00
# microchip api
AC_ARG_ENABLE([mcapi],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])],
add macpi huffman
2013-03-21 01:37:05 +04:00
[ ENABLED_MCAPI=$enableval ],
[ ENABLED_MCAPI=no ]
)
if test "$ENABLED_MCAPI" = "yes"
then
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
if test "x$ENABLED_AESCTR" != "xyes"
then
# These flags are already implied by --enable-aesctr
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
add macpi huffman
2013-03-21 01:37:05 +04:00
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
fi
add mcapi ecc with tests
2013-03-22 00:20:23 +04:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
fi
add macpi huffman
2013-03-21 01:37:05 +04:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
then
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
fi
AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
# Asynchronous Crypto
AC_ARG_ENABLE([asynccrypt],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])],
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
[ ENABLED_ASYNCCRYPT=$enableval ],
[ ENABLED_ASYNCCRYPT=no ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT"
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# if no async hardware then use simulator for testing
if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno"
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
then
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# Async threading is Linux specific
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
fi
fi
AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
AM_CONDITIONAL([BUILD_WOLFEVENT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# check for async if using Intel QuckAssist or Cavium
if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
AC_MSG_ERROR([Please enable enable asynchronous support using --enable-asynccrypt])
fi
fi
# Asynchronous threading
AC_ARG_ENABLE([asyncthreads],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])],
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
[ ENABLED_ASYNCTHREADS=$enableval ],
[ ENABLED_ASYNCTHREADS=yes ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
then
AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
else
ENABLED_ASYNCTHREADS=no
fi
if test "$ENABLED_ASYNCTHREADS" = "yes"
then
LIB_ADD="-lpthread $LIB_ADD"
AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
fi
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
add DTLS session export option
2016-05-10 22:27:45 +03:00
# Session Export
AC_ARG_ENABLE([sessionexport],
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
[ ENABLED_SESSIONEXPORT=$enableval ],
[ ENABLED_SESSIONEXPORT=no ]
)
if test "$ENABLED_SESSIONEXPORT" = "yes"
then
if test "$ENABLED_DTLS" = "no"
then
AC_MSG_ERROR([Only DTLS supported with session export])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
fi
add AES key wrap support, RFC 3394
2016-12-06 01:38:42 +03:00
# AES key wrap
AC_ARG_ENABLE([aeskeywrap],
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
[ ENABLED_AESKEYWRAP=$enableval ],
[ ENABLED_AESKEYWRAP=no ]
)
FIPS changes and fixups Enable ex data explicitly. Keep the peer cert for verification callback. External session cache for hostapd. Enable DES_ECB when not FIPS. Don't send the peer cert if it is not received from peer. Initialize the peer cert after free as will be freed on tear down of SSL. Allow a server to become a client.
2017-03-30 04:53:35 +03:00
if test "$ENABLED_WPAS" = "yes" && test "$ENABLED_FIPS" = "no"
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
then
ENABLED_AESKEYWRAP="yes"
fi
add AES key wrap support, RFC 3394
2016-12-06 01:38:42 +03:00
if test "$ENABLED_AESKEYWRAP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
# Old name support for backwards compatibility
AC_ARG_ENABLE([oldnames],
[AS_HELP_STRING([--enable-oldnames],[Keep backwards compat with old names (default: enabled)])],
[ ENABLED_OLDNAMES=$enableval ],
[ ENABLED_OLDNAMES=yes ]
)
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
fi
add psk.test script for testing
2016-02-11 10:12:48 +03:00
# check if PSK was enabled for conditionally running psk.test script
AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
automated test for trusted peer certs
2016-03-02 02:35:32 +03:00
# check if should run the trusted peer certs test
update test script, fall back to cert name search, fix der free
2016-03-12 19:37:32 +03:00
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
automated test for trusted peer certs
2016-03-02 02:35:32 +03:00
case $C_EXTRA_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
update test script, fall back to cert name search, fix der free
2016-03-12 19:37:32 +03:00
if test "$have_tp" = "no"; then
case $C_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
fi
automated test for trusted peer certs
2016-03-02 02:35:32 +03:00
AM_CONDITIONAL([BUILD_TRUST_PEER_CERT], [test "x$have_tp" = "xyes"])
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-20 02:17:51 +03:00
# dertermine if we have key validation mechanism
if test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_RSA" = "xyes"
then
if test "x$ENABLED_ASN" = "xyes"
then
ENABLED_PKI="yes"
fi
fi
AM_CONDITIONAL([BUILD_PKI], [test "x$ENABLED_PKI" = "xyes"])
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
################################################################################
# Check for build-type conflicts #
################################################################################
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_LEANPSK" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
adds missing ENABLED_OCSP test
2016-02-24 22:45:07 +03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_ASN" = "xno"],
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
[AC_MSG_ERROR([please enable asn if enabling ocsp.])])
adds check for missing rsa and ecc at the same time
2016-02-25 00:57:16 +03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
autoconf checks on some builds that break, macro for no server, and user rsa
2016-04-06 18:25:53 +03:00
# checks for pkcs7 needed enables
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling pkcs7.])])
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_SHA" = "xno"],
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
PKCS7 and SCEP need either AES or 3DES enabled, error out if not
2017-11-20 23:16:44 +03:00
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
autoconf checks on some builds that break, macro for no server, and user rsa
2016-04-06 18:25:53 +03:00
AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc if enabling leantls.])])
AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
# Lean TLS forces off prereqs of SCEP.
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
test "x$ENABLED_LEANTLS" = "xyes"],
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
add AES-CMAC
2016-05-24 03:50:36 +03:00
# CMAC currently requires AES.
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
test "x$ENABLED_AES" = "xno"],
[AC_MSG_ERROR([cannot use CMAC without AES.])])
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
################################################################################
# Update CFLAGS based on options #
################################################################################
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
1. Updated sniffer to allow DES3 to be disabled. 2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled. 3. Force DES3 enabled when enabling MCAPI.
2016-09-16 00:53:28 +03:00
AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
[AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
if test "x$ENABLED_PKCS7" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
# Enable prereqs if not already enabled
add EnvelopedData ECC support, refactor pkcs7
2016-12-10 03:22:09 +03:00
if test "x$ENABLED_AESKEYWRAP" = "xno"
then
ENABLED_AESKEYWRAP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
if test "x$ENABLED_X963KDF" = "xno"
then
ENABLED_X963KDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
fi
if test "x$ENABLED_DES3" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_OLD_TLS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_SSLV3" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
1. Added missing -DWOLFSSL_SCTP to configure.ac. 2. Don't do hello verify requests in SCTP mode. 3. Implemented the SCTP MTU size changes. 4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
2016-08-24 23:17:38 +03:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs.
2016-12-07 01:08:52 +03:00
AS_IF([test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_MULTICAST $AM_CFLAGS"])
# SCTP and Multicast require DTLS
AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
(test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")],
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
[AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
ENABLED_DTLS=yes])
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 22:43:15 +03:00
# Multicast requires the null cipher
AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \
test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DHAVE_NULL_CIPHER $AM_CFLAGS"
ENABLED_NULL_CIPHER=yes])
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
# wolfSSH and WPA Supplicant both need Public MP, only enable once.
# This will let you know if you enabled wolfSSH but have any of the prereqs
# disabled. Some of these options, disabling them adds things to the FLAGS and
# you need to check and add items in two places depending on the option.
AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],
[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="-DWOLFSSL_PUBLIC_MP $AM_CFLAGS"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with AES-GCM disabled])])
AS_IF([test "x$ENABLED_ECC" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with ECC disabled])])
AS_IF([test "x$ENABLED_SHA" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with SHA-1 disabled])])
AS_IF([test "x$ENABLED_SHA512" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with SHA-512/384 disabled])])
])
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
################################################################################
add macpi huffman
2013-03-21 01:37:05 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
# OPTIMIZE FLAGS
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
# For distro disable custom build options that interfere with symbol generation
if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
Brian's c++/clang fixes, minor adjustments
2012-10-22 22:37:46 +04:00
if test "$ax_enable_debug" = "no"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
if test "$ENABLED_FASTMATH" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
else
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
fi
fi
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
# ICC command line warning for non supported warning flags
if test "$CC" = "icc"
then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Expose HAVE___UINT128_T to options flags"
if test "$ac_cv_type___uint128_t" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T"
fi
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
LIB_SOCKET_NSL
Update autoconf scripts 1. Add patch to AX_TLS to let it work with AC v2.63. 2. AX_TLS() call needs a no-op in the false case. 3. Move AX_HARDEN call back to its original position. 4. Print CC rather than CC_VERSION in configuration summary.
2014-02-18 03:33:07 +04:00
AX_HARDEN_CC_COMPILER_FLAGS
1.8.8 init
2011-02-05 22:14:47 +03:00
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
# if mingw then link to ws2_32 for sockets
Cygwin/Mingw64 fixes
2013-05-02 00:17:11 +04:00
case $host_os in
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
mingw*)
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
LDFLAGS="$LDFLAGS -lws2_32"
if test "$enable_shared" = "yes"
then
AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
if test "$enable_static" = "yes"
then
MINGW_LIB_WARNING="yes"
fi
fi ;;
Cygwin/Mingw64 fixes
2013-05-02 00:17:11 +04:00
esac
Fixes to address build warnings for GCC 7. Used `-Wimplicit-fallthrough=0` to suppress all switch fall-through warnings.
2017-05-12 00:32:21 +03:00
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
# add user C_EXTRA_FLAGS back
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
# For distro disable custom build options that interfere with symbol generation
if test "$ENABLED_DISTRO" = "no"
then
CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
fi
make sure options.h captures user CFLAGS now too
2015-09-24 02:27:48 +03:00
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS"
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
Fixes to address build warnings for GCC 7. Used `-Wimplicit-fallthrough=0` to suppress all switch fall-through warnings.
2017-05-12 00:32:21 +03:00
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
CREATE_HEX_VERSION
Brian changes
2012-10-24 22:53:33 +04:00
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_CFLAGS])
AC_SUBST([AM_LDFLAGS])
1. Add C NI-intrinsic AES-GCM encrypt and decrypt. 2. Fix error string for wolfcrypt test of GMAC. 3. Add AES-GCM Decrypt to benchmark.
2015-10-31 02:03:26 +03:00
AC_SUBST([AM_CCASFLAGS])
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
AC_SUBST([LIB_ADD])
AC_SUBST([LIB_STATIC_ADD])
1.8.8 init
2011-02-05 22:14:47 +03:00
# FINAL
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
put config gen files in config/
2011-04-27 23:36:39 +04:00
AC_CONFIG_FILES([Makefile])
distribution fix
2015-01-06 02:58:28 +03:00
AC_CONFIG_FILES([wolfssl/version.h])
AC_CONFIG_FILES([wolfssl/options.h])
blake2 debug and settings refactor
2015-01-06 20:16:56 +03:00
#have options.h and version.h for autoconf fips tag and build
cyassl/options.h backwards compatibile
2015-01-08 00:30:02 +03:00
#if test "x$ENABLED_FIPS" = "xyes"
#then
# AC_CONFIG_FILES([cyassl/version.h])
# AC_CONFIG_FILES([cyassl/options.h])
#fi
autoconf, libversioning, .gitignore updated
2015-01-01 00:06:01 +03:00
AC_CONFIG_FILES([support/wolfssl.pc])
This adds support for "make rpm"
2012-10-20 12:42:34 +04:00
AC_CONFIG_FILES([rpm/spec])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
This add the generic structure required to have pkgconfig work. I also fixed autogen.sh to do some magic on warnings/errors based on whether code comes from github or not.
2012-10-26 10:06:06 +04:00
AX_CREATE_GENERIC_CONFIG
turn jobserver back on
2012-10-27 02:38:37 +04:00
AX_AM_JOBSERVER([yes])
This dramatically speeds up the time taken to compile cyassl (assuming you have multiple cores...).
2012-10-26 08:35:52 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
AC_OUTPUT
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
# force make clean
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
echo "---"
echo "Running make clean..."
hide make clean output
2012-11-30 00:05:34 +04:00
make clean >/dev/null 2>&1
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# generate user options header
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
echo "---"
echo "Generating user options header..."
autoconf, libversioning, .gitignore updated
2015-01-01 00:06:01 +03:00
distribution fix
2015-01-06 02:58:28 +03:00
OPTION_FILE="wolfssl/options.h"
blake2 debug and settings refactor
2015-01-06 20:16:56 +03:00
#if
#OPTION_FILE+="cyassl/options.h"
#fi
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
rm -f $OPTION_FILE
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "/* wolfssl options.h" > $OPTION_FILE
make clear where options.h came from
2013-04-13 03:50:16 +04:00
echo " * generated from configure options" >> $OPTION_FILE
add wolfSSL header to configure generated options.h
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
Copyright (C) updates
2015-01-08 19:39:04 +03:00
echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
add wolfSSL header to configure generated options.h
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
configure.ac updates
2014-12-31 23:04:03 +03:00
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
add wolfSSL header to configure generated options.h
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
echo " */" >> $OPTION_FILE
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "" >> $OPTION_FILE
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
for option in $OPTION_FLAGS; do
defonly=`echo $option | sed 's/-D//'`
if test "$defonly" != "$option"
then
change = to space for user options defines with = value
2013-05-30 02:03:27 +04:00
noequalsign=`echo $defonly | sed 's/=/ /'`
fix github issue #65, don't output (N)DEBUG to options.h
2015-04-13 22:01:21 +03:00
if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
then
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
echo "not outputting (N)DEBUG to $OPTION_FILE"
fix github issue #65, don't output (N)DEBUG to options.h
2015-04-13 22:01:21 +03:00
continue
fi
fix github issue #65, ignore sys options
2015-04-17 19:23:43 +03:00
# allow user to igonore system options
ignoresys=no
if [[[ $noequalsign == _* ]]] ;
then
ignoresys=yes
echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
fi
fix github issue #65, don't undef with arg to options.h
2015-04-16 20:36:51 +03:00
noarg=`echo $defonly | sed 's/=.*//'`
fix github issue #65, ignore sys options
2015-04-17 19:23:43 +03:00
echo "#undef $noarg" >> $OPTION_FILE
echo "#define $noequalsign" >> $OPTION_FILE
if test "$ignoresys" = "yes"
then
echo "#endif" >> $OPTION_FILE
fi
echo "" >> $OPTION_FILE
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
else
echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
fi
done
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "}" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
echo "" >> $OPTION_FILE
echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
echo
Fixes for building with IPV6. Added new WOLFSSL_IPV6 define to indicate IPV6 support. Fix to not include connect() and socket() calls unless HAVE_HTTP_CLIENT, HAVE_OCSP or HAVE_CRL_IO defined. Typo fixes.
2017-03-15 21:25:24 +03:00
#backwards compatibility for those who have included options or version
cyassl/options.h backwards compatibile
2015-01-08 00:30:02 +03:00
touch cyassl/options.h
echo "/* cyassl options.h" > cyassl/options.h
echo " * generated from wolfssl/options.h" >> cyassl/options.h
return line options.h being read literally by debian, fixed
2015-02-12 00:10:06 +03:00
echo " */" >> cyassl/options.h
echo ""
cyassl/options.h backwards compatibile
2015-01-08 00:30:02 +03:00
while read -r line
do
echo "$line" >> cyassl/options.h
done < $OPTION_FILE
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
# switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak
sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
# workaround for mingw sed that may get "Permission denied" trying to preserver permissions
case $host_os in
mingw*)
chmod u+w cyassl/options.h ;;
esac
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
rm cyassl/options.h.bak
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
# output config summary
This adds more compiler hardening flags (and fixes all of the issues found in the process).
2012-09-20 10:38:41 +04:00
echo "---"
echo "Configuration summary for $PACKAGE_NAME version $VERSION"
echo ""
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Installation prefix: $prefix"
echo " * System type: $host_vendor-$host_os"
echo " * Host CPU: $host_cpu"
echo " * C Compiler: $CC"
echo " * C Flags: $CFLAGS"
echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS"
echo " * CCAS Flags: $CCASFLAGS"
echo " * LIB Flags: $LIB"
echo " * Debug enabled: $ax_enable_debug"
Single Precision maths for RSA (and DH) Single Precision ECC implementation
2017-08-10 10:27:22 +03:00
echo " * Coverage enabled: $ax_enable_coverage"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout"
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo
Fixes for hardening flags. Additional fixes for using C++ compiler to compile. Include file pcap.h now gates sniffer for build.
2012-10-20 06:00:17 +04:00
echo " Features "
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
echo " * OpenSSL Coexist: $ENABLED_OPENSSLCOEXIST"
echo " * Old Names: $ENABLED_OLDNAMES"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
add distro build option
2016-08-22 19:00:37 +03:00
echo " * Distro Build: $ENABLED_DISTRO"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * fastmath: $ENABLED_FASTMATH"
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
echo " * Assembly Allowed: $ENABLED_ASM"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"
echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
echo " * AES-CTR: $ENABLED_AESCTR"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * DES3: $ENABLED_DES3"
echo " * IDEA: $ENABLED_IDEA"
echo " * Camellia: $ENABLED_CAMELLIA"
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
echo " * MD5: $ENABLED_MD5"
echo " * RIPEMD: $ENABLED_RIPEMD"
echo " * SHA: $ENABLED_SHA"
SHA224 implementation added Added SHA24 implementation and tetss. Added HMAC-SHA224 implementation and tests. Added RSA-SHA224 and ECDSA-SHA224. Added MGF1-SHA224 Added OpenSSL APIs for SHA224 Configuration option to enable SHA224 and it is on by default for x86_64
2016-11-10 08:52:26 +03:00
echo " * SHA-224: $ENABLED_SHA224"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * SHA-512: $ENABLED_SHA512"
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
echo " * SHA3: $ENABLED_SHA3"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * BLAKE2: $ENABLED_BLAKE2"
add AES-CMAC
2016-05-24 03:50:36 +03:00
echo " * CMAC: $ENABLED_CMAC"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * keygen: $ENABLED_KEYGEN"
echo " * certgen: $ENABLED_CERTGEN"
echo " * certreq: $ENABLED_CERTREQ"
echo " * certext: $ENABLED_CERTEXT"
echo " * HC-128: $ENABLED_HC128"
echo " * RABBIT: $ENABLED_RABBIT"
echo " * CHACHA: $ENABLED_CHACHA"
echo " * Hash DRBG: $ENABLED_HASHDRBG"
echo " * PWDBASED: $ENABLED_PWDBASED"
Implementation of scrypt Tests and benchmarking added. Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 09:47:54 +03:00
echo " * scrypt: $ENABLED_SCRYPT"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
echo " * HKDF: $ENABLED_HKDF"
add ANSI-X9.63-KDF support [SEC1]
2016-12-08 06:09:54 +03:00
echo " * X9.63 KDF: $ENABLED_X963KDF"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK"
echo " * Poly1305: $ENABLED_POLY1305"
echo " * LEANPSK: $ENABLED_LEANPSK"
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
echo " * LEANTLS: $ENABLED_LEANTLS"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * RSA: $ENABLED_RSA"
TLS v1.2 and PSS Cleanup the TLS v1.3 PSS code as well. Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer a simple memcmp with the digest.
2017-05-18 08:32:06 +03:00
echo " * RSA-PSS: $ENABLED_RSAPSS"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
echo " * CURVE25519: $ENABLED_CURVE25519"
echo " * ED25519: $ENABLED_ED25519"
echo " * FPECC: $ENABLED_FPECC"
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
echo " * ASN: $ENABLED_ASN"
echo " * Anonymous cipher: $ENABLED_ANON"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * LIGHTY: $ENABLED_LIGHTY"
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
echo " * HAPROXY: $ENABLED_HAPROXY"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * STUNNEL: $ENABLED_STUNNEL"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
echo " * NGINX: $ENABLED_NGINX"
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
echo " * SIGNAL: $ENABLED_SIGNAL"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
echo " * SCTP: $ENABLED_SCTP"
Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs.
2016-12-07 01:08:52 +03:00
echo " * Multicast: $ENABLED_MCAST"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * SSL version 3.0: $ENABLED_SSLV3"
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-15 00:55:48 +03:00
echo " * TLS v1.0: $ENABLED_TLSV10"
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
echo " * TLS v1.3: $ENABLED_TLS13"
Updates from code review
2017-06-22 05:40:41 +03:00
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
Code review fixes Also put in configuration option for sending HRR Cookie extension with state.
2017-06-27 01:52:53 +03:00
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * OCSP: $ENABLED_OCSP"
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * NTRU: $ENABLED_NTRU"
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
echo " * QSH: $ENABLED_QSH"
add Whitewood netRandom client library support
2016-05-06 00:31:25 +03:00
echo " * Whitewood netRandom: $ENABLED_WNR"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Server Name Indication: $ENABLED_SNI"
echo " * ALPN: $ENABLED_ALPN"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
initial extended master secret support
2016-09-02 00:12:54 +03:00
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
echo " * wolfSSH $ENABLED_WOLFSSH"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * wolfSCEP $ENABLED_WOLFSCEP"
echo " * Secure Remote Password $ENABLED_SRP"
echo " * Small Stack: $ENABLED_SMALL_STACK"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
Single Precision maths for RSA (and DH) Single Precision ECC implementation
2017-08-10 10:27:22 +03:00
echo " * Single Precision: $ENABLED_SP"
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
echo " * Cavium: $ENABLED_CAVIUM"
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
echo " * ARM ASM: $ENABLED_ARMASM"
add AES key wrap support, RFC 3394
2016-12-06 01:38:42 +03:00
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-21 01:08:34 +03:00
echo " * Write duplicate: $ENABLED_WRITEDUP"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
Xilinx port
2017-06-07 20:37:21 +03:00
echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
This adds more compiler hardening flags (and fixes all of the issues found in the process).
2012-09-20 10:38:41 +04:00
echo ""
echo "---"
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-31 01:15:38 +03:00
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
################################################################################
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-31 01:15:38 +03:00
# Show warnings at bottom so they are noticed
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
################################################################################
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-31 01:15:38 +03:00
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
fi
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
# MinGW static vs shared library
update comment about MinGW
2016-04-18 21:14:47 +03:00
# Reference URL from libtool for MinGW is located at
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
# this allows for not even having dllimport/dllexport on functions
# with recent libtools, only requiring it with global variables.
update comment about MinGW
2016-04-18 21:14:47 +03:00
#
# The following warning is displayed here because if not using "contemporary GNU
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
# tools" there is the possibility of export/import issues.
update comment about MinGW
2016-04-18 21:14:47 +03:00
# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
# case where both static and shared libraries are built.
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
#
# More can be found about the MinGW linker at
# https://sourceware.org/binutils/docs/ld/WIN32.html
if test "$MINGW_LIB_WARNING" = "yes"
then
AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
fi
Reference in New Issue Copy Permalink