mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f51a8fffde
wolfssl/configure.ac

5018 lines
150 KiB
Plaintext
Raw Normal View History

update configure.ac name
2011-08-03 22:30:22 +04:00
# configure.ac
Add headers to examples and .i files
2011-07-27 00:27:22 +04:00
#
Release v3.12.2 (lib 14.0.0). Updated copywright.
2017-10-23 01:58:35 +03:00
# Copyright (C) 2006-2017 wolfSSL Inc.
Add headers to examples and .i files
2011-07-27 00:27:22 +04:00
#
configure.ac updates
2014-12-31 23:04:03 +03:00
# This file is part of wolfSSL. (formerly known as CyaSSL)
Add headers to examples and .i files
2011-07-27 00:27:22 +04:00
#
#
Updates for v4.0.0 Bump the version number in configure.ac and updated the version.h. The library version wasn't updated between v3.15.7-stable and the snapshot v3.15.8, so I bumped it for this release.
2019-03-14 23:41:36 +03:00
AC_COPYRIGHT([Copyright (C) 2006-2019 wolfSSL Inc.])
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AC_PREREQ([2.63])
Updates for v4.0.0 Bump the version number in configure.ac and updated the version.h. The library version wasn't updated between v3.15.7-stable and the snapshot v3.15.8, so I bumped it for this release.
2019-03-14 23:41:36 +03:00
AC_INIT([wolfssl],[4.0.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
This should fix the issue around compiling cyassl with a C++ compiler.
2012-10-19 08:30:21 +04:00
AC_CONFIG_AUX_DIR([build-aux])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Configure Update 1. Initialize CXXFLAGS (C++ compiler flags) the same way we do CFLAGS. 2. Add CPPFLAGS (C preprocessor flags) to the options.h file with the other CFLAGS.
2018-03-27 20:23:44 +03:00
# The following sets CFLAGS and CXXFLAGS to empty if unset on command line.
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
# We do not want the default "-g -O2" that AC_PROG_CC sets automatically.
initialize CFLAGS in configure as empty, remove erasing it when hardening CFLAGS
2015-09-18 02:36:53 +03:00
: ${CFLAGS=""}
Hush ar warning At some point, ar on Ubuntu started throwing the following warning: ar: `u' modifier ignored since `D' is the default (see `U') Add the "U" option to the ar flags if the version of ar supports it. (The version used by macOS does not support the flag, for example.) The AR_FLAGS set in configure will later be used by libtool.
2018-05-16 16:55:16 +03:00
# Test ar for the "U" option. Should be checked before the libtool macros.
AR flags configure update In at least one environment the check for particular AR options was failing due to a bash script bug. Deleted an extra pair of parenthesis triggering an arithmetic statement when redundant grouping was desired.
2019-03-05 20:26:30 +03:00
xxx_ar_flags=$(ar --help 2>&1)
Hush ar warning At some point, ar on Ubuntu started throwing the following warning: ar: `u' modifier ignored since `D' is the default (see `U') Add the "U" option to the ar flags if the version of ar supports it. (The version used by macOS does not support the flag, for example.) The AR_FLAGS set in configure will later be used by libtool.
2018-05-16 16:55:16 +03:00
AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}])
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AC_PROG_CC
AM_PROG_CC_C_O
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CANONICAL_HOST
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AC_CONFIG_MACRO_DIR([m4])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Update autoconf rules. Fixes bug url to point to github issues.
2013-09-15 11:13:30 +04:00
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Update autoconf rules. Fixes bug url to point to github issues.
2013-09-15 11:13:30 +04:00
AC_ARG_PROGRAM
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AC_CONFIG_HEADERS([config.h:config.in])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
LT_PREREQ([2.2])
LT_INIT([disable-static win32-dll])
1.8.8 init
2011-02-05 22:14:47 +03:00
2.0.0 rc1 versioning
2011-04-30 00:08:05 +04:00
#shared library versioning
Updates for v4.0.0 Bump the version number in configure.ac and updated the version.h. The library version wasn't updated between v3.15.7-stable and the snapshot v3.15.8, so I bumped it for this release.
2019-03-14 23:41:36 +03:00
WOLFSSL_LIBRARY_VERSION=21:0:2
Release v3.15.0 1. Update configure.ac for new version. 2. Update the version header. 3. Update the README files with the new changelog. 4. Moved all previous change logs from README files to NEWS files.
2018-05-31 03:11:38 +03:00
# | | |
# +------+ | +---+
# | | |
# current:revision:age
# | | |
# | | +- increment if interfaces have been added
# | | set to zero if interfaces have been removed
# | | or changed
# | +- increment if source code has changed
# | set to zero if current is incremented
# +- increment if interfaces have been added, removed or changed
examples not seeing WOLFSSL_API
2014-12-30 02:30:26 +03:00
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
2.0.0 rc1 versioning
2011-04-30 00:08:05 +04:00
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
# if user doesn't override, no way to tell
USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
make sure options.h captures user CFLAGS now too
2015-09-24 02:27:48 +03:00
USER_CFLAGS="$CFLAGS"
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
gl_VISIBILITY
Remove version (it is a generated file), also updated how visibility is done.
2012-10-21 05:24:28 +04:00
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
Moved the check for the size of long, long long, and __m128 to before the checks for libraries. In some combination of autotools, making a 32-bit build, the autoconf test code can't link libnetwork and crashes, leaving those sizes all set to 0.
2016-12-07 03:15:45 +03:00
# Moved these size of and type checks before the library checks.
# The library checks add the library to subsequent test compiles
# and in some rare cases, the networking check causes these sizeof
# checks to fail.
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AC_CHECK_SIZEOF([long long])
AC_CHECK_SIZEOF([long])
cast to resolve warning, check size of time_t, and check for null test case
2018-11-13 02:02:33 +03:00
AC_CHECK_SIZEOF([time_t])
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AC_CHECK_TYPES([__uint128_t])
AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket])
AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h])
AC_CHECK_LIB([network],[socket])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_C_BIGENDIAN
1.8.8 init
2011-02-05 22:14:47 +03:00
AC_PROG_INSTALL
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_TYPE_SIZE_T
AC_TYPE_UINT8_T
AM_PROG_AS
LT_LIB_M
add compiler visibility detection, default hide, add external API linkage and internal LOCAL linkage
2011-04-27 02:41:16 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
change fastmath opt to 2 instead of 3, causes potential confilicts with aesni on non-aesni systems with gcc 4.6.3
2013-04-12 20:29:31 +04:00
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
break up huge math into individual parts so can add piece by piece, e.g., ECC256
2013-09-04 00:13:13 +04:00
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
configure.ac updates
2014-12-31 23:04:03 +03:00
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
LIB_ADD=
LIB_STATIC_ADD=
1.8.8 init
2011-02-05 22:14:47 +03:00
add thread local storage to ecc fp cache, no locking required but cache is per thread, higher conncurrent performance but more memory needed
2013-11-12 05:00:35 +04:00
# Thread local storage
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AX_TLS([thread_ls_on=yes],[thread_ls_on=no])
AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
1.8.8 init
2011-02-05 22:14:47 +03:00
# DEBUG
This should fix the issue around compiling cyassl with a C++ compiler.
2012-10-19 08:30:21 +04:00
AX_DEBUG
Brian changes
2012-10-24 22:53:33 +04:00
AS_IF([test "$ax_enable_debug" = "yes"],
[AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
1.8.8 init
2011-02-05 22:14:47 +03:00
add distro build option
2016-08-22 19:00:37 +03:00
# Distro build feature subset (Debian, Ubuntu, etc.)
AC_ARG_ENABLE([distro],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
add distro build option
2016-08-22 19:00:37 +03:00
[ ENABLED_DISTRO=$enableval ],
[ ENABLED_DISTRO=no ]
)
if test "$ENABLED_DISTRO" = "yes"
then
enable_shared=yes
enable_static=yes
Added new `./configure --enable-all` option to enable all features. Allows building all features without using the `--enable-distro` option, which only allows shared build and does not generate an options.h file.
2017-05-18 20:57:28 +03:00
enable_all=yes
fi
# ALL FEATURES
AC_ARG_ENABLE([all],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
Added new `./configure --enable-all` option to enable all features. Allows building all features without using the `--enable-distro` option, which only allows shared build and does not generate an options.h file.
2017-05-18 20:57:28 +03:00
[ ENABLED_ALL=$enableval ],
[ ENABLED_ALL=no ]
)
if test "$ENABLED_ALL" = "yes"
then
add distro build option
2016-08-22 19:00:37 +03:00
enable_dtls=yes
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
enable_tls13=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_openssh=yes
enable_opensslextra=yes
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-10 19:55:03 +03:00
enable_opensslall=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_savesession=yes
enable_savecert=yes
enable_atomicuser=yes
enable_pkcallbacks=yes
enable_aesgcm=yes
enable_aesccm=yes
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
enable_aesctr=yes
add --enable-aescfb, add comments, include of stdio with snprintf
2018-01-12 21:05:43 +03:00
enable_aescfb=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_camellia=yes
enable_ripemd=yes
enable_sha512=yes
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
enable_sha224=yes
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
enable_sha3=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_sessioncerts=yes
enable_keygen=yes
enable_certgen=yes
enable_certreq=yes
enable_certext=yes
enable_sep=yes
enable_hkdf=yes
enable_dsa=yes
enable_ecccustcurves=yes
enable_compkey=yes
enable_curve25519=yes
enable_ed25519=yes
enable_fpecc=yes
enable_eccencrypt=yes
enable_psk=yes
enable_idea=yes
enable_cmac=yes
add AES-XTS mode --enable-xts
2017-08-31 02:50:15 +03:00
enable_xts=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_webserver=yes
enable_hc128=yes
enable_rabbit=yes
enable_ocsp=yes
enable_ocspstapling=yes
enable_ocspstapling2=yes
enable_crl=yes
enable_crl_monitor=yes
enable_sni=yes
enable_maxfragment=yes
enable_alpn=yes
enable_truncatedhmac=yes
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 19:05:59 +03:00
enable_trusted_ca=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_supportedcurves=yes
enable_session_ticket=yes
enable_tlsx=yes
enable_pkcs7=yes
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
enable_ssh=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_scep=yes
enable_srp=yes
enable_certservice=yes
enable_jni=yes
enable_lighty=yes
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
enable_haproxy=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_stunnel=yes
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
enable_nginx=yes
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
enable_asio=yes
add distro build option
2016-08-22 19:00:37 +03:00
enable_pwdbased=yes
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
enable_aeskeywrap=yes
enable_x963kdf=yes
enable_scrypt=yes
Support indefinite length BER encodings in PKCS #7
2018-02-19 06:40:18 +03:00
enable_indef=yes
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-03-31 01:48:15 +03:00
enable_enckeys=yes
Fixes to better handle threading with async. Fix `wc_CamelliaCbcEncrypt` return code checking. Fix to ensure cycles per byte shows on same line. Refactor of async event state. Refactor to initalize event prior to operation (in case it finishes before adding to queue). Add `HAVE_AES_DECRYPT` to --enable-all option. Cleanup benchmark error display.
2017-08-11 22:42:33 +03:00
Added some more features to the `--enable-all`. Added new `--enable-webclient` option.
2018-04-10 18:38:14 +03:00
# Enable AES Decrypt, AES ECB, Alt Names, DER Load, Keep Certs, CRL IO with Timeout
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
# Enable DH const table speedups (eliminates `-lm` math lib dependency)
Configure Fixes One of the external sites contacted for the OCSP stapling test increased the size of one of their intermediate certificates. The test failed silently as the certificate was ignored. Increased the FP_MAX_BITS so that the test can pass with the enable-all option. That option was setting the FP_MAX_BITS for 3072-bit certificates, and the site in question is using a 4096-bit certificate.
2019-03-14 03:56:45 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192"
add sanity check on buffer index and regression tests macro guards on use case and adjustment for memory size gcc-8 warning fix adjustement to default memory bucket sizes
2019-05-09 19:08:11 +03:00
# Enable multiple attribute additions such as DC
AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
add distro build option
2016-08-22 19:00:37 +03:00
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# Support for forcing 32-bit mode
Removes the forced 32-bit instruction (via `-m32`) from `--enable-32bit` option and replaces with comment. Some compilers do not support the `-m32` option, plus to work properly it must be used with configure directly like `./configure CFLAGS="-m32" LDFLAGS="-m32"`. Removes the `NO_64BIT` option to allow building corect on x86_64 and aarch64 (math libs detect platform properly). Fixes #1985.
2018-12-24 02:59:57 +03:00
# To force 32-bit instructions use:
# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make
# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement.
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
AC_ARG_ENABLE([32bit],
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
[ ENABLED_32BIT=$enableval ],
[ ENABLED_32BIT=no ]
)
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
# 16-bit compiler support
AC_ARG_ENABLE([16bit],
[AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])],
[ ENABLED_16BIT=$enableval ],
[ ENABLED_16BIT=no ]
)
if test "$ENABLED_16BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU"
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# Support for disabling all ASM
AC_ARG_ENABLE([asm],
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
[ ENABLED_ASM=$enableval ],
[ ENABLED_ASM=yes ]
)
if test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# SINGLE THREADED
switch enable names to no uppercase to match others
2013-03-13 23:58:50 +04:00
AC_ARG_ENABLE([singlethreaded],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_SINGLETHREADED=$enableval ],
Fix rules around pthread usage to fix clang warning.
2012-10-20 07:09:17 +04:00
[ ENABLED_SINGLETHREADED=no ])
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
AX_PTHREAD([
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
Update ax_pthread.m4 1. Updated to the most recent copy of ax_pthread.m4. 2. Removed the darwin-clang check m4. 3. Added a check to see if AX_PTHREAD added the flag `-Qunused-arguments` for clang and if so prepend `-Xcompiler` so libtool will use it. Otherwise when building on Sierra's clang you get "soft" warnings on the build of the dylib.
2018-05-11 20:21:47 +03:00
# If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
# versions of clang don't need the -Q flag when using pthreads.
AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
move pthread flags/libs to autoconf defines so available to library proper and external tests/examples
2013-04-02 02:50:13 +04:00
AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS"
LIBS="$LIBS $PTHREAD_LIBS"
Fix rules around pthread usage to fix clang warning.
2012-10-20 07:09:17 +04:00
],[
ENABLED_SINGLETHREADED=yes
])
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
])
Fix rules around pthread usage to fix clang warning.
2012-10-20 07:09:17 +04:00
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
1.8.8 init
2011-02-05 22:14:47 +03:00
# DTLS
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([dtls],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_DTLS=$enableval ],
[ ENABLED_DTLS=no ]
)
if test "$ENABLED_DTLS" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Updates from code review
2017-06-22 05:40:41 +03:00
# TLS v1.3 Draft 18
AC_ARG_ENABLE([tls13-draft18],
[AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
[ ENABLED_TLS13_DRAFT18=$enableval ],
[ ENABLED_TLS13_DRAFT18=no ]
)
if test "$ENABLED_TLS13_DRAFT18" = "yes"
then
Use final TLS 1.3 version value by default.
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
Updates from code review
2017-06-22 05:40:41 +03:00
fi
Support TLS v1.3 Draft 23 Change KeyShare number. Support SignatureAlgorithmsCert extension - nothing done with information as only one chain supported on server. Compiling for Draft 22 supported: --enable-tls-draft22 Compiling for Draft 18 still supported.
2018-02-09 03:42:15 +03:00
# TLS v1.3 Draft 22
AC_ARG_ENABLE([tls13-draft22],
[AS_HELP_STRING([--enable-tls13-draft22],[Enable wolfSSL TLS v1.3 Draft 22 (default: disabled)])],
[ ENABLED_TLS13_DRAFT22=$enableval ],
[ ENABLED_TLS13_DRAFT22=no ]
)
if test "$ENABLED_TLS13_DRAFT22" = "yes"
then
Use final TLS 1.3 version value by default.
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS"
Support TLS v1.3 Draft 23 Change KeyShare number. Support SignatureAlgorithmsCert extension - nothing done with information as only one chain supported on server. Compiling for Draft 22 supported: --enable-tls-draft22 Compiling for Draft 18 still supported.
2018-02-09 03:42:15 +03:00
fi
TLS v1.3 support for Draft 23 and Draft 27 Draft 24: Second ClientHello usees version 0x0303 - no change. Draft 25: The record layer header is now additional authentication data to encryption. Draft 26: Disallow SupportedVersion being used in ServerHello for negotiating below TLS v1.3. Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in SupportedVersion - no change.
2018-03-07 10:05:53 +03:00
# TLS v1.3 Draft 23
AC_ARG_ENABLE([tls13-draft23],
[AS_HELP_STRING([--enable-tls13-draft23],[Enable wolfSSL TLS v1.3 Draft 23 (default: disabled)])],
[ ENABLED_TLS13_DRAFT23=$enableval ],
[ ENABLED_TLS13_DRAFT23=no ]
)
if test "$ENABLED_TLS13_DRAFT23" = "yes"
then
Use final TLS 1.3 version value by default.
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
TLS v1.3 support for Draft 23 and Draft 27 Draft 24: Second ClientHello usees version 0x0303 - no change. Draft 25: The record layer header is now additional authentication data to encryption. Draft 26: Disallow SupportedVersion being used in ServerHello for negotiating below TLS v1.3. Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in SupportedVersion - no change.
2018-03-07 10:05:53 +03:00
fi
Allow building TLS 1.3 at draft 26
2018-05-01 08:19:18 +03:00
# TLS v1.3 Draft 26
AC_ARG_ENABLE([tls13-draft26],
[AS_HELP_STRING([--enable-tls13-draft26],[Enable wolfSSL TLS v1.3 Draft 26 (default: disabled)])],
[ ENABLED_TLS13_DRAFT26=$enableval ],
[ ENABLED_TLS13_DRAFT26=no ]
)
if test "$ENABLED_TLS13_DRAFT26" = "yes"
then
Use final TLS 1.3 version value by default.
2018-08-20 07:17:38 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
fi
# TLS v1.3 Draft 28
AC_ARG_ENABLE([tls13-draft28],
[AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])],
[ ENABLED_TLS13_DRAFT28=$enableval ],
[ ENABLED_TLS13_DRAFT28=no ]
)
if test "$ENABLED_TLS13_DRAFT28" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS"
Allow building TLS 1.3 at draft 26
2018-05-01 08:19:18 +03:00
fi
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
# TLS v1.3
AC_ARG_ENABLE([tls13],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: disabled)])],
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
[ ENABLED_TLS13=$enableval ],
[ ENABLED_TLS13=no ]
)
Updates from code review
2017-06-22 05:40:41 +03:00
Use final TLS 1.3 version value by default.
2018-08-20 07:17:38 +03:00
if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes"
Updates from code review
2017-06-22 05:40:41 +03:00
then
ENABLED_TLS13="yes"
fi
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes"
then
Fix no ECC builds with TLS13 code. Fix tests so that having ECC disabled works as well. Fix define protection for Draft 18 and HRR Cookie.
2017-10-20 04:24:20 +03:00
AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES $AM_CFLAGS"
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
fi
Updates from code review
2017-06-22 05:40:41 +03:00
# Post-handshake Authentication
AC_ARG_ENABLE([postauth],
[AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])],
[ ENABLED_TLS13_POST_AUTH=$enableval ],
[ ENABLED_TLS13_POST_AUTH=no ]
)
if test "$ENABLED_TLS13_POST_AUTH" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable postauth without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_POST_HANDSHAKE_AUTH $AM_CFLAGS"
fi
Changes for TLS v1.3 Draft 22 Middlebox compatibility available too.
2017-11-20 04:07:32 +03:00
# Hello Retry Request Cookie
Code review fixes Also put in configuration option for sending HRR Cookie extension with state.
2017-06-27 01:52:53 +03:00
AC_ARG_ENABLE([hrrcookie],
[AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
[ ENABLED_SEND_HRR_COOKIE=$enableval ],
[ ENABLED_SEND_HRR_COOKIE=no ]
)
if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable hrrcookie without enabling tls13.])
fi
AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS"
fi
Random Cleanup 1. Remove redundant calls to the generate function when instantiating and reseeding the DRBG. 2. Added note to the apparently redundant extra call to the generate function when running the self test. This extra call is there to make sure the internal state is updating correctly as a part of the KAT. 3. Removed duplicate enable argument clause for rng from configure.ac.
2019-06-20 21:43:29 +03:00
# RNG
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 19:21:29 +03:00
AC_ARG_ENABLE([rng],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 19:21:29 +03:00
[ ENABLED_RNG=$enableval ],
[ ENABLED_RNG=yes ]
RNG : option to not use RNG
2016-11-01 01:51:02 +03:00
)
RNG : change to --disable-rng, non-autoconf scenario, help msg
2016-11-01 19:21:29 +03:00
if test "$ENABLED_RNG" = "no"
RNG : option to not use RNG
2016-11-01 01:51:02 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
fi
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
# DTLS-SCTP
AC_ARG_ENABLE([sctp],
[AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
[ENABLED_SCTP=$enableval],
[ENABLED_SCTP=no])
DTLS-SCTP Tests 1. Added a check to configure for SCTP availablility. 2. Added DTLS-SCTP to the cipher suite test.
2016-08-30 01:15:59 +03:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AC_MSG_CHECKING([for SCTP])
AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
[[
#include <sys/socket.h>
#include <arpa/inet.h>
]],
[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
])
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs.
2016-12-07 01:08:52 +03:00
# DTLS-MULTICAST
AC_ARG_ENABLE([mcast],
[AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
[ENABLED_MCAST=$enableval],
[ENABLED_MCAST=no])
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-10 19:55:03 +03:00
# List of open source project defines using our openssl compatibility layer:
# openssh (--enable-openssh)
# nginix (--enable-nginx) WOLFSSL_NGINX
# haproxy (--enable-haproxy) WOLFSSL_HAPROXY
# wpa_supplicant (--enable-wpas) WOLFSSL_WPAS
# ssl fortress (--enable-fortress) FORTRESS
# ssl bump (--enable-bump)
# signal (--enable-signal)
# lighty (--enable-lighty) HAVE_LIGHTY
# stunnel (--enable-stunnel) HAVE_STUNNEL
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
# asio (--enable-asio) WOLFSSL_ASIO
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-10 19:55:03 +03:00
# HAVE_POCO_LIB
# WOLFSSL_MYSQL_COMPATIBLE
# web server (--enable-webserver) HAVE_WEBSERVER
add openssh ./configure build
2015-07-17 19:14:58 +03:00
# OpenSSH compatibility Build
AC_ARG_ENABLE([openssh],
[AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
[ENABLED_OPENSSH=$enableval],
[ENABLED_OPENSSH=no])
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
# nginx compatibility build
AC_ARG_ENABLE([nginx],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])],
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
[ ENABLED_NGINX=$enableval ],
[ ENABLED_NGINX=no ]
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
# haproxy compatibility build
AC_ARG_ENABLE([haproxy],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])],
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
[ ENABLED_HAPROXY=$enableval ],
[ ENABLED_HAPROXY=no ]
)
Minimal implementation of MP when using SP. --enable-sp-math to include minimal implementation of MP (only with --enable-sp.) Add futher functionality for ECC (conditionally compiled): - check key - is point on curve - API to add and double projective points - API to map from project to affine - Uncompress point (including sqrt) Some configuration options will not work with SP math - configure.ac detects this and errors out. Change test code to better support SP sizes only.
2018-02-08 08:50:17 +03:00
# wpa_supplicant support
AC_ARG_ENABLE([wpas],
[AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])],
[ ENABLED_WPAS=$enableval ],
[ ENABLED_WPAS=no ]
)
# Fortress build
AC_ARG_ENABLE([fortress],
[AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])],
[ ENABLED_FORTRESS=$enableval ],
[ ENABLED_FORTRESS=no ]
)
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_FORTRESS="yes"
fi
# ssl bump build
AC_ARG_ENABLE([bump],
[AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])],
[ ENABLED_BUMP=$enableval ],
[ ENABLED_BUMP=no ]
)
# SNIFFER
AC_ARG_ENABLE([sniffer],
[AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
[ ENABLED_SNIFFER=$enableval ],
[ ENABLED_SNIFFER=no ]
)
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
# signal compatibility build
AC_ARG_ENABLE([signal],
[AS_HELP_STRING([--enable-signal],[Enable signal (default: disabled)])],
[ ENABLED_SIGNAL=$enableval ],
[ ENABLED_SIGNAL=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
# OpenSSL Coexist
AC_ARG_ENABLE([opensslcoexist],
[AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])],
[ ENABLED_OPENSSLCOEXIST=$enableval ],
[ ENABLED_OPENSSLCOEXIST=no ]
)
if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"
then
# make sure old names are disabled
enable_oldnames=no
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST"
fi
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-10 19:55:03 +03:00
# OPENSSL Compatibility ALL
AC_ARG_ENABLE([opensslall],
[AS_HELP_STRING([--enable-opensslall],[Enable all OpenSSL API, size++ (default: disabled)])],
[ ENABLED_OPENSSLALL=$enableval ],
[ ENABLED_OPENSSLALL=no ]
)
if test "$ENABLED_OPENSSLALL" = "yes"
then
AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# OPENSSL Extra Compatibility
switch enable names to no uppercase to match others
2013-03-13 23:58:50 +04:00
AC_ARG_ENABLE([opensslextra],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_OPENSSLEXTRA=$enableval ],
[ ENABLED_OPENSSLEXTRA=no ]
)
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-10 19:55:03 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
fi
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
add WOLFSSL_VERIFY_CB_ALL_CERTS macro
2018-01-19 04:26:32 +03:00
AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS $AM_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
then
add opensslextra=x509small build option
2018-02-13 23:46:44 +03:00
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
fi
add opensslextra=x509small build option
2018-02-13 23:46:44 +03:00
if test "$ENABLED_OPENSSLEXTRA" = "x509small"
then
AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
2018-02-23 20:46:26 +03:00
AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS"
AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS"
add opensslextra=x509small build option
2018-02-13 23:46:44 +03:00
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
# High Strength Build
AC_ARG_ENABLE([maxstrength],
Added some more features to the `--enable-all`. Added new `--enable-webclient` option.
2018-04-10 18:38:14 +03:00
[AS_HELP_STRING([--enable-maxstrength],[Enable Max Strength build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
[ENABLED_MAXSTRENGTH=$enableval],
[ENABLED_MAXSTRENGTH=no])
add --enable-harden swtich for timing resistance and blinding, on by default
2016-07-25 23:24:36 +03:00
# Harden, enable Timing Resistance and Blinding by default
AC_ARG_ENABLE([harden],
[AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
[ENABLED_HARDEN=$enableval],
[ENABLED_HARDEN=yes])
if test "$ENABLED_HARDEN" = "yes"
then
Fixes and improvements for handling the `--disable-rng` case. Valid make check tests requires wolfCrypt only and no asymmetric crypto (`./configure --disable-rng --enable-cryptonly --disable-dh --disable-rsa --disable-ecc`).
2018-09-15 00:09:27 +03:00
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
if test "$ENABLED_RNG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
fi
Fix up for building without `./configure` to warn if hardening options are not enabled. Currently `./configure` defaults to `--enable-harden`, but if building sources directly and using `settings.h` or `user_settings.h` the hardening defines will not be set by default. If a user wants to use without hardening they can suppress the warning by defining `WC_NO_HARDEN`.
2017-07-11 00:40:07 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
add --enable-harden swtich for timing resistance and blinding, on by default
2016-07-25 23:24:36 +03:00
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# IPv6 Test Apps
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([ipv6],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_IPV6=$enableval ],
[ ENABLED_IPV6=no ]
)
if test "$ENABLED_IPV6" = "yes"
then
Fixes for building with IPV6. Added new WOLFSSL_IPV6 define to indicate IPV6 support. Fix to not include connect() and socket() calls unless HAVE_HTTP_CLIENT, HAVE_OCSP or HAVE_CRL_IO defined. Typo fixes.
2017-03-15 21:25:24 +03:00
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK -DWOLFSSL_STATIC_RSA"
Only expose ECC APIs on config define
2017-03-17 03:52:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
FIPS changes and fixups Enable ex data explicitly. Keep the peer cert for verification callback. External session cache for hostapd. Enable DES_ECB when not FIPS. Don't send the peer cert if it is not received from peer. Initialize the peer cert after free as will be freed on tear down of SSL. Allow a server to become a client.
2017-03-30 04:53:35 +03:00
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER -DHAVE_EX_DATA -DWOLFSSL_KEEP_PEER_CERT"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
Minimal implementation of MP when using SP. --enable-sp-math to include minimal implementation of MP (only with --enable-sp.) Add futher functionality for ECC (conditionally compiled): - check key - is point on curve - API to add and double projective points - API to map from project to affine - Uncompress point (including sqrt) Some configuration options will not work with SP math - configure.ac detects this and errors out. Change test code to better support SP sizes only.
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
Fix WPAS config to not use FORTRESS config
2017-09-15 03:49:07 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
Fixes for wpa_supplicant
2018-03-19 02:55:45 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DWOLFSSL_DES_ECB"
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi
add direct AES one block access and ECB DES for compatibility
2011-10-27 04:10:44 +04:00
if test "$ENABLED_FORTRESS" = "yes"
then
Minimal implementation of MP when using SP. --enable-sp-math to include minimal implementation of MP (only with --enable-sp.) Add futher functionality for ECC (conditionally compiled): - check key - is point on curve - API to add and double projective points - API to map from project to affine - Uncompress point (including sqrt) Some configuration options will not work with SP math - configure.ac detects this and errors out. Change test code to better support SP sizes only.
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
add direct AES one block access and ECB DES for compatibility
2011-10-27 04:10:44 +04:00
fi
add fastmath to bump, add fastmath FP_MAX_BITS runtime check
2011-10-04 23:29:59 +04:00
if test "$ENABLED_BUMP" = "yes"
then
Minimal implementation of MP when using SP. --enable-sp-math to include minimal implementation of MP (only with --enable-sp.) Add futher functionality for ECC (conditionally compiled): - check key - is point on curve - API to add and double projective points - API to map from project to affine - Uncompress point (including sqrt) Some configuration options will not work with SP math - configure.ac detects this and errors out. Change test code to better support SP sizes only.
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
add fastmath to bump, add fastmath FP_MAX_BITS runtime check
2011-10-04 23:29:59 +04:00
fi
for lean-psk build: remove big int math, MD4, error strings
2012-11-03 03:49:31 +04:00
ENABLED_SLOWMATH="yes"
added build option for leanPSK
2012-10-30 02:39:42 +04:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# lean psk build
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([leanpsk],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
added build option for leanPSK
2012-10-30 02:39:42 +04:00
[ ENABLED_LEANPSK=$enableval ],
[ ENABLED_LEANPSK=no ]
)
if test "$ENABLED_LEANPSK" = "yes"
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
for lean-psk build: remove big int math, MD4, error strings
2012-11-03 03:49:31 +04:00
ENABLED_SLOWMATH="no"
Lean PSK trimming 1. leave out memory and io callback functions, expect user supplied 2. leave out cert and DTLS related functions 3. SHA-1 compile option to use slower, rolled-up transform
2012-12-01 03:45:43 +04:00
ENABLED_SINGLETHREADED="yes"
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
enable_lowresource=yes
added build option for leanPSK
2012-10-30 02:39:42 +04:00
fi
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
AC_ARG_ENABLE([leantls],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])],
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
[ ENABLED_LEANTLS=$enableval ],
[ ENABLED_LEANTLS=no ]
)
if test "$ENABLED_LEANTLS" = "yes"
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY"
enable_lowresource=yes
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
fi
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
# low resource options to reduce flash and memory use
AC_ARG_ENABLE([lowresource],
[AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])],
[ ENABLED_LOWRESOURCE=$enableval ],
[ ENABLED_LOWRESOURCE=no ]
)
if test "$ENABLED_LOWRESOURCE" = "yes"
then
# low memory / flash flags
Smaller dynamic memory usage in TLS Code doesn't require a DecodedCert which saves on dynamic memory usage. WOLFSSL_SMALL_CERT_VERIFY: Don't have a DecodedCert allocated and verify certificate signature in ProcessPeerCerts as this is maximum dynamic memory usage. WOLFSSL_SMALL_CERT_VERIFY is enabled with 'lowresource' configuration option. Fix sp_clear to work with NULL parameter. Define a new function HashId that maps to the hashing function available. Set MAX_CERT_VERIFY_SZ to be the maximum based on what algorithms are compiled in. Fix usage of MAX_CERT_VERIFY_SZ in functions sending certificate verify messages.
2018-08-30 07:46:43 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DALT_ECC_SIZE -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY"
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
# low flash flags
AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# big cache
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([bigcache],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_BIGCACHE=$enableval ],
[ ENABLED_BIGCACHE=no ]
)
if test "$ENABLED_BIGCACHE" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
# HUGE cache
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([hugecache],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_HUGECACHE=$enableval ],
[ ENABLED_HUGECACHE=no ]
)
if test "$ENABLED_HUGECACHE" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
add SMALL_SESSION_CACHE define and configure option
2011-09-07 03:23:25 +04:00
# SMALL cache
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([smallcache],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])],
add SMALL_SESSION_CACHE define and configure option
2011-09-07 03:23:25 +04:00
[ ENABLED_SMALLCACHE=$enableval ],
[ ENABLED_SMALLCACHE=no ]
)
if test "$ENABLED_SMALLCACHE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Persistent session cache
add persistent session cache, ssn9
2013-04-24 22:10:23 +04:00
AC_ARG_ENABLE([savesession],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])],
add persistent session cache, ssn9
2013-04-24 22:10:23 +04:00
[ ENABLED_SAVESESSION=$enableval ],
[ ENABLED_SAVESESSION=no ]
)
if test "$ENABLED_SAVESESSION" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Persistent cert cache
add cert cache persistence
2013-05-02 22:34:26 +04:00
AC_ARG_ENABLE([savecert],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])],
add cert cache persistence
2013-05-02 22:34:26 +04:00
[ ENABLED_SAVECERT=$enableval ],
[ ENABLED_SAVECERT=no ]
)
if test "$ENABLED_SAVECERT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-21 01:08:34 +03:00
# Write duplicate WOLFSSL object
AC_ARG_ENABLE([writedup],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])],
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-21 01:08:34 +03:00
[ ENABLED_WRITEDUP=$enableval ],
[ ENABLED_WRITEDUP=no ]
)
if test "$ENABLED_WRITEDUP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Atomic User Record Layer
add atomic user macencrypt cb
2013-08-10 04:27:15 +04:00
AC_ARG_ENABLE([atomicuser],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])],
add atomic user macencrypt cb
2013-08-10 04:27:15 +04:00
[ ENABLED_ATOMICUSER=$enableval ],
[ ENABLED_ATOMICUSER=no ]
)
if test "$ENABLED_ATOMICUSER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Public Key Callbacks
add public key callbacks for ecc sign/verify, examples
2013-08-23 05:19:39 +04:00
AC_ARG_ENABLE([pkcallbacks],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])],
add public key callbacks for ecc sign/verify, examples
2013-08-23 05:19:39 +04:00
[ ENABLED_PKCALLBACKS=$enableval ],
[ ENABLED_PKCALLBACKS=no ]
)
if test "$ENABLED_PKCALLBACKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
# Microchip/Atmel CryptoAuthLib
ENABLED_CRYPTOAUTHLIB="no"
trylibatcadir=""
AC_ARG_WITH([cryptoauthlib],
[AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
[
AC_MSG_CHECKING([for cryptoauthlib])
CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
LIBS="$LIBS -lcryptoauth"
Added new build option for Microchip CryptoAuthLib (--enable-cryptoauthlib). Build fixes with WOLFSSL_ATECC508A enabled.
2018-09-12 01:46:46 +03:00
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$libatca_linked" = "xno" ; then
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
if test "x$withval" != "xno" ; then
trylibatcadir=$withval
fi
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
trylibatcadir="/usr"
fi
Added new build option for Microchip CryptoAuthLib (--enable-cryptoauthlib). Build fixes with WOLFSSL_ATECC508A enabled.
2018-09-12 01:46:46 +03:00
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$libatca_linked" = "xno" ; then
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
AC_MSG_ERROR([cryptoauthlib isn't found.
If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
fi
Updates to the atmel.c code to allow easier customization of the hardware interface.
2018-09-28 01:41:58 +03:00
AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib"
AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib"
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
Updates to the atmel.c code to allow easier customization of the hardware interface.
2018-09-28 01:41:58 +03:00
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
ENABLED_CRYPTOAUTHLIB="yes"
Updates to the atmel.c code to allow easier customization of the hardware interface.
2018-09-28 01:41:58 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
]
)
Added new build option for Microchip CryptoAuthLib (--enable-cryptoauthlib). Build fixes with WOLFSSL_ATECC508A enabled.
2018-09-12 01:46:46 +03:00
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# sniffer doesn't work in maxstrength mode
have ./configure error out on maxstrength + sniffer
2015-04-01 22:30:46 +03:00
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
then
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
fi
fix enable-sniffer option in configure.ac
2015-03-12 22:07:48 +03:00
ENABLED_SNIFFTEST=no
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
[
Minimal implementation of MP when using SP. --enable-sp-math to include minimal implementation of MP (only with --enable-sp.) Add futher functionality for ECC (conditionally compiled): - check key - is point on curve - API to add and double projective points - API to map from project to affine - Uncompress point (including sqrt) Some configuration options will not work with SP math - configure.ac detects this and errors out. Change test code to better support SP sizes only.
2018-02-08 08:50:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER"
fix enable-sniffer option in configure.ac
2015-03-12 22:07:48 +03:00
AC_CHECK_HEADERS([pcap/pcap.h],
[ ENABLED_SNIFFTEST=yes ],
[ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
)
])
Fixes for hardening flags. Additional fixes for using C++ compiler to compile. Include file pcap.h now gates sniffer for build.
2012-10-20 06:00:17 +04:00
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
Config option to disable AES-CBC AEAD only detection and removeal of code. Also in single threaded builds, reference the ctx suites in ssl object if it exists.
2018-07-25 04:22:48 +03:00
# AES-CBC
AC_ARG_ENABLE([aescbc],
[AS_HELP_STRING([--enable-aescbc],[Enable wolfSSL AES-CBC support (default: enabled)])],
[ ENABLED_AESCBC=$enableval ],
[ ENABLED_AESCBC=yes ]
)
if test "$ENABLED_AESCBC" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
fi
# leanpsk and leantls don't need gcm
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
# AES-GCM
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([aesgcm],
update configure help strings for AESGCM and DH
2015-04-01 02:23:28 +03:00
[AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
[ ENABLED_AESGCM=$enableval ],
enable gcm by default
2015-03-27 21:12:42 +03:00
[ ENABLED_AESGCM=yes ]
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need gcm
Fixes for LEANTLS and TLS13 builds
2017-07-26 03:43:36 +03:00
if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" &&
test "$ENABLED_TLS13" = "no")
leanpsk doesn't need new gcm, poly, chacah defaults
2015-03-29 21:30:05 +03:00
then
ENABLED_AESGCM=no
fi
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" != "no"
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "word32"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
ENABLED_AESGCM=yes
fi
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
ENABLED_AESGCM=yes
fi
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_AESGCM" = "table"
then
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
ENABLED_AESGCM=yes
fi
added 64-bit (default), 32-bit version, and 8-bit table based AES-GCM for faster operation. Selection made at configure.
2012-07-20 01:44:08 +04:00
AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks
2013-04-02 01:25:20 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
added stubs for AES-GCM processing and build option
2012-06-14 08:31:32 +04:00
fi
added AES-CCM as a configure option
2013-01-11 04:46:47 +04:00
# AES-CCM
AC_ARG_ENABLE([aesccm],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])],
added AES-CCM as a configure option
2013-01-11 04:46:47 +04:00
[ ENABLED_AESCCM=$enableval ],
[ ENABLED_AESCCM=no ]
)
if test "$ENABLED_AESCCM" = "yes"
then
AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks
2013-04-02 01:25:20 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
added AES-CCM as a configure option
2013-01-11 04:46:47 +04:00
fi
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
# AES-CTR
AC_ARG_ENABLE([aesctr],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
[ ENABLED_AESCTR=$enableval ],
[ ENABLED_AESCTR=no ]
)
if test "$ENABLED_AESCTR" = "yes"
then
if test "x$ENABLED_FORTRESS" != "xyes"
then
# This is already implied by fortress build
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
fi
add --enable-aescfb, add comments, include of stdio with snprintf
2018-01-12 21:05:43 +03:00
# AES-CFB
AC_ARG_ENABLE([aescfb],
[AS_HELP_STRING([--enable-aescfb],[Enable wolfSSL AES-CFB support (default: disabled)])],
[ ENABLED_AESCFB=$enableval ],
[ ENABLED_AESCFB=no ]
)
if test "$ENABLED_AESCFB" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
fi
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
# AES-ARM
AC_ARG_ENABLE([armasm],
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 19:22:27 +03:00
[AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled)])],
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
[ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ]
)
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes"
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
then
RAW hash function APIs not supported with ARMv8 build
2018-06-13 01:45:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW"
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 19:22:27 +03:00
#Check if mcpu and mfpu values already set if not use default
case $CPPFLAGS in
*mcpu* | *mfpu*)
break;; #Do not override user set values
*)
case $host_cpu in
*aarch64*)
add -mstrict-align flag with armasm
2018-12-18 03:12:14 +03:00
# +crypto needed for hardware acceleration
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 19:22:27 +03:00
AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
add -mstrict-align flag with armasm
2018-12-18 03:12:14 +03:00
# Check for and set -mstrict-align compiler flag
# Used to set assumption that Aarch64 systems will not handle
# unaligned memory references. The flag -mstrict-align is needed
# on some compiler versions to avoid an invalid addressing mode
# error with "m" constraint variables in the inline assembly AES
# code. Even though unaligned load/store access is permitted on
# normal memory with Cortex-A series boards with the exception
# being exclusive and ordered access.
case $CPPFLAGS in
*mstrict-align*)
break;; # already set by user
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mstrict-align"
AC_MSG_NOTICE([64bit ARMv8, setting -mstrict-align]);;
esac
ARMv8 : Aarch32 support, SHA256 speedup
2016-09-28 19:22:27 +03:00
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]);;
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8"
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]);;
esac
esac
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
fi
Xilinx port
2017-06-07 20:37:21 +03:00
# Xilinx hardened crypto
AC_ARG_ENABLE([xilinx],
[AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
[ ENABLED_XILINX=$enableval ],
[ ENABLED_XILINX=no ]
)
if test "$ENABLED_XILINX" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XILINX -DWOLFSSL_XILINX_CRYPT"
fi
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
# INTEL AES-NI
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([aesni],
add intelasm ./configure option
2015-03-29 00:34:39 +03:00
[AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_AESNI=$enableval ],
[ ENABLED_AESNI=no ]
)
add intelasm ./configure option
2015-03-29 00:34:39 +03:00
# INTEL ASM
AC_ARG_ENABLE([intelasm],
[AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
[ ENABLED_INTELASM=$enableval ],
[ ENABLED_INTELASM=no ]
)
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_ASM" = "yes"
Assembly optimization for AES-NI, and AVX1 and AVX2 Unroll the loop for 8. Use new optimized maths. Fix SHA-384 to use SHA-512 assembly code. Only perform CPU id check in one place.
2017-07-18 03:14:17 +03:00
then
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_AESNI" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
ENABLED_AESNI=yes
fi
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
if test "$GCC" = "yes"
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
then
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# GCC needs these flags, icc doesn't
# opt levels greater than 2 may cause problems on systems w/o aesni
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
fi
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes
fi
add intelasm ./configure option
2015-03-29 00:34:39 +03:00
fi
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
# INTEL RDRAND
AC_ARG_ENABLE([intelrand],
[AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
[ ENABLED_INTELRDRAND=$enableval ],
[ ENABLED_INTELRDRAND=no ]
)
if test "$ENABLED_INTELRDRAND" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
inital AES-CBC with af_alg progress on AES-GCM with AF_ALG and add SHA256 add aes-gcm test cases and finish logic of aes-gcm with AF_ALG formating of tabs and white space add files to dist adding ecb and ctr mode with af_alg make length of buffers for ctr be AES_BLOCK_SIZE formating and add support for sha256 copy/gethash sanity checks on arguments cast return values and valgrind tests make it easier to use sha256 with af_alg remove hard tabs add endif for after rebase
2018-07-19 02:26:25 +03:00
# Linux af_alg
AC_ARG_ENABLE([afalg],
[AS_HELP_STRING([--enable-afalg],[Enable Linux af_alg use for crypto (default: disabled)])],
[ ENABLED_AFALG=$enableval ],
[ ENABLED_AFALG=no ]
)
if test "$ENABLED_AFALG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
fi
af_alg sha3 addition hardware acceleration with RSA add AES-GCM hardware acceleration refactor setting RSA IV flag check and set AF_ALG flags fix for default AF_ALG use set buffer alignment with Xilinx RSA macro guard after rebase use ALIGN64 clean up test cases
2018-08-24 19:24:53 +03:00
if test "$ENABLED_AFALG" = "xilinx"
make build more modular
2019-01-19 02:08:23 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3 -DWOLFSSL_AFALG_XILINX_RSA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
if test "$ENABLED_AFALG" = "xilinx-aes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
if test "$ENABLED_AFALG" = "xilinx-sha3"
af_alg sha3 addition hardware acceleration with RSA add AES-GCM hardware acceleration refactor setting RSA IV flag check and set AF_ALG flags fix for default AF_ALG use set buffer alignment with Xilinx RSA macro guard after rebase use ALIGN64 clean up test cases
2018-08-24 19:24:53 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
make build more modular
2019-01-19 02:08:23 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3"
af_alg sha3 addition hardware acceleration with RSA add AES-GCM hardware acceleration refactor setting RSA IV flag check and set AF_ALG flags fix for default AF_ALG use set buffer alignment with Xilinx RSA macro guard after rebase use ALIGN64 clean up test cases
2018-08-24 19:24:53 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
make build more modular
2019-01-19 02:08:23 +03:00
if test "$ENABLED_AFALG" = "xilinx-rsa"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_RSA"
ENABLED_AFALG="yes"
ENABLED_XILINX="yes"
fi
inital AES-CBC with af_alg progress on AES-GCM with AF_ALG and add SHA256 add aes-gcm test cases and finish logic of aes-gcm with AF_ALG formating of tabs and white space add files to dist adding ecb and ctr mode with af_alg make length of buffers for ctr be AES_BLOCK_SIZE formating and add support for sha256 copy/gethash sanity checks on arguments cast return values and valgrind tests make it easier to use sha256 with af_alg remove hard tabs add endif for after rebase
2018-07-19 02:26:25 +03:00
crypto only sha256 cryptodev formating and refactoring update configure for devcrypto add AES algorithms to cyrptodev port increase structure size for compatibility AES with cryptodev add wc_devcrypto.h to install path
2018-08-17 18:46:16 +03:00
# Support for Linux dev/crypto calls
AC_ARG_ENABLE([devcrypto],
[AS_HELP_STRING([--enable-devcrypto],[Enable Linux dev crypto calls: all | aes (all aes support) | hash (all hash algos) | cbc (aes-cbc only) (default: disabled)])],
[ ENABLED_DEVCRYPTO=$enableval ],
[ ENABLED_DEVCRYPTO=no ]
)
if test "$ENABLED_DEVCRYPTO" = "yes" || test "$ENABLED_DEVCRYPTO" = "all"
then
#enable all devcrypto supported algorithms
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "aes"
then
#enable only AES-CBC algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "cbc"
then
#enable only AES-CBC algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
ENABLED_DEVCRYPTO=yes
fi
if test "$ENABLED_DEVCRYPTO" = "hash"
then
#enable only hash algorithm support
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
ENABLED_DEVCRYPTO=yes
fi
added stubs, tests, and benchmark for Camellia to ctaocrypt
2013-01-18 09:52:31 +04:00
# Camellia
AC_ARG_ENABLE([camellia],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])],
added stubs, tests, and benchmark for Camellia to ctaocrypt
2013-01-18 09:52:31 +04:00
[ ENABLED_CAMELLIA=$enableval ],
[ ENABLED_CAMELLIA=no ]
)
if test "$ENABLED_CAMELLIA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
fi
add md2 signature hash support
2012-07-28 01:01:02 +04:00
# MD2
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([md2],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])],
add md2 signature hash support
2012-07-28 01:01:02 +04:00
[ ENABLED_MD2=$enableval ],
[ ENABLED_MD2=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_MD2="yes"
fi
if test "$ENABLED_MD2" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
add md2 signature hash support
2012-07-28 01:01:02 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# NULL CIPHER
add --enable-null
2013-03-13 05:49:59 +04:00
AC_ARG_ENABLE([nullcipher],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])],
add --enable-null
2013-03-13 05:49:59 +04:00
[ ENABLED_NULL_CIPHER=$enableval ],
[ ENABLED_NULL_CIPHER=no ]
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_NULL_CIPHER="yes"
fi
add --enable-null
2013-03-13 05:49:59 +04:00
if test "$ENABLED_NULL_CIPHER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# RIPEMD
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([ripemd],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_RIPEMD=$enableval ],
[ ENABLED_RIPEMD=no ]
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_RIPEMD="yes"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "$ENABLED_RIPEMD" = "yes"
then
close to build test with --disable-examples option
2014-12-19 01:40:09 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
init blake2
2013-01-01 01:10:47 +04:00
# BLAKE2
AC_ARG_ENABLE([blake2],
Adds Blake2s support (--enable-blake2s), which provides 32-bit Blake2 support.
2019-05-24 06:47:42 +03:00
[AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])],
init blake2
2013-01-01 01:10:47 +04:00
[ ENABLED_BLAKE2=$enableval ],
[ ENABLED_BLAKE2=no ]
)
if test "$ENABLED_BLAKE2" = "yes"
then
Adds Blake2s support (--enable-blake2s), which provides 32-bit Blake2 support.
2019-05-24 06:47:42 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2 -DHAVE_BLAKE2B"
init blake2
2013-01-01 01:10:47 +04:00
fi
Adds Blake2s support (--enable-blake2s), which provides 32-bit Blake2 support.
2019-05-24 06:47:42 +03:00
AC_ARG_ENABLE([blake2s],
[AS_HELP_STRING([--enable-blake2s],[Enable wolfSSL BLAKE2s support (default: disabled)])],
[ ENABLED_BLAKE2S=$enableval ],
[ ENABLED_BLAKE2S=Sno ]
)
if test "$ENABLED_BLAKE2S" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S"
ENABLED_BLAKE2="yes"
fi
init blake2
2013-01-01 01:10:47 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
# SHA512
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([sha512],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_SHA512=$enableval ],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[ ENABLED_SHA512=yes ]
1.8.8 init
2011-02-05 22:14:47 +03:00
)
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# options that don't require sha512
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
fix leanpsk w/ new defaults
2015-04-01 01:55:39 +03:00
then
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
ENABLED_SHA512="no"
fix leanpsk w/ new defaults
2015-04-01 01:55:39 +03:00
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
# options that require sha512
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_SHA512="yes"
Allow SHA384 to be compiled in without SHA512
2018-07-20 02:42:01 +03:00
ENABLED_SHA384="yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
fi
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "$ENABLED_SHA512" = "yes"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
Allow SHA384 to be compiled in without SHA512
2018-07-20 02:42:01 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Allow SHA384 to be compiled in without SHA512
2018-07-20 02:42:01 +03:00
# SHA384
AC_ARG_ENABLE([sha384],
[AS_HELP_STRING([--enable-sha384],[Enable wolfSSL SHA-384 support (default: enabled)])],
[ ENABLED_SHA384=$enableval ],
[ ENABLED_SHA384=yes ]
)
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
# options that don't require sha384
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
Allow SHA384 to be compiled in without SHA512
2018-07-20 02:42:01 +03:00
then
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
ENABLED_SHA384="no"
Allow SHA384 to be compiled in without SHA512
2018-07-20 02:42:01 +03:00
fi
# options that require sha384
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
then
ENABLED_SHA384="yes"
fi
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "$ENABLED_SHA384" = "yes"
Allow SHA384 to be compiled in without SHA512
2018-07-20 02:42:01 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# SESSION CERTS
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([sessioncerts],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_SESSIONCERTS=$enableval ],
[ ENABLED_SESSIONCERTS=no ]
)
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
if test "x$ENABLED_NGINX" = "xyes"
then
ENABLED_SESSIONCERTS=yes
fi
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
then
ENABLED_SESSIONCERTS=yes
fi
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "$ENABLED_SESSIONCERTS" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
# KEY GENERATION
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([keygen],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_KEYGEN=$enableval ],
[ ENABLED_KEYGEN=no ]
)
if test "$ENABLED_KEYGEN" = "yes"
then
working on commit tests
2014-12-30 21:00:18 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
# CERT GENERATION
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([certgen],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ ENABLED_CERTGEN=$enableval ],
[ ENABLED_CERTGEN=no ]
)
if test "$ENABLED_CERTGEN" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Added enable-certgen to configure.ac.
2014-01-10 23:50:55 +04:00
# CERT REQUEST GENERATION
AC_ARG_ENABLE([certreq],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])],
Added enable-certgen to configure.ac.
2014-01-10 23:50:55 +04:00
[ ENABLED_CERTREQ=$enableval ],
[ ENABLED_CERTREQ=no ]
)
if test "$ENABLED_CERTREQ" = "yes"
then
if test "$ENABLED_CERTGEN" = "no"
then
AC_MSG_ERROR([cannot enable certreq without enabling certgen.])
fi
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
Added enable-certgen to configure.ac.
2014-01-10 23:50:55 +04:00
fi
Add support for : - PEM public key loading - set/get KeyUsage in CSR and X.509 - set/get SKID in CSR and X.509 - set/get AKID in X.509 - set/get two Certificate Policies OID in X.509
2015-09-07 10:51:21 +03:00
# CERT REQUEST EXTENSION
AC_ARG_ENABLE([certext],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])],
Add support for : - PEM public key loading - set/get KeyUsage in CSR and X.509 - set/get SKID in CSR and X.509 - set/get AKID in X.509 - set/get two Certificate Policies OID in X.509
2015-09-07 10:51:21 +03:00
[ ENABLED_CERTEXT=$enableval ],
[ ENABLED_CERTEXT=no ]
)
if test "$ENABLED_CERTEXT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
Decoded cert cache feature
2019-03-01 00:07:38 +03:00
# DECODED CERT CACHE
AC_ARG_ENABLE([certgencache],
[AS_HELP_STRING([--enable-certgencache],[Enable decoded cert caching (default: disabled)])],
[ ENABLED_certgencache=$enableval ],
[ ENABLED_certgencache=no ]
)
if test "$ENABLED_certgencache" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN_CACHE"
fi
SEP Extensions 1. Added configure option to enable SEP extensions. 2. Enabled KEEP_PEER_CERT for the SEP configuration. 3. Copy the Certificate Policy extension into the cert as the device type. 4. Copy an other type Alt Name extension into the cert as the hwType and hwSerialNumber, if the alt name has a hardwareModuleName OID.
2013-06-26 03:26:53 +04:00
# SEP
AC_ARG_ENABLE([sep],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])],
SEP Extensions 1. Added configure option to enable SEP extensions. 2. Enabled KEEP_PEER_CERT for the SEP configuration. 3. Copy the Certificate Policy extension into the cert as the device type. 4. Copy an other type Alt Name extension into the cert as the hwType and hwSerialNumber, if the alt name has a hardwareModuleName OID.
2013-06-26 03:26:53 +04:00
[ ENABLED_SEP=$enableval ],
[ ENABLED_SEP=no ]
)
if test "$ENABLED_SEP" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="-DWOLFSSL_SEP -DKEEP_PEER_CERT $AM_CFLAGS"
SEP Extensions 1. Added configure option to enable SEP extensions. 2. Enabled KEEP_PEER_CERT for the SEP configuration. 3. Copy the Certificate Policy extension into the cert as the device type. 4. Copy an other type Alt Name extension into the cert as the hwType and hwSerialNumber, if the alt name has a hardwareModuleName OID.
2013-06-26 03:26:53 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# HKDF
add HMAC-KDF
2013-11-01 05:03:00 +04:00
AC_ARG_ENABLE([hkdf],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])],
add HMAC-KDF
2013-11-01 05:03:00 +04:00
[ ENABLED_HKDF=$enableval ],
[ ENABLED_HKDF=no ]
)
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_HKDF="yes"
fi
add HMAC-KDF
2013-11-01 05:03:00 +04:00
if test "$ENABLED_HKDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
fi
add ANSI-X9.63-KDF support [SEC1]
2016-12-08 06:09:54 +03:00
# X9.63 KDF
AC_ARG_ENABLE([x963kdf],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])],
add ANSI-X9.63-KDF support [SEC1]
2016-12-08 06:09:54 +03:00
[ ENABLED_X963KDF=$enableval ],
[ ENABLED_X963KDF=no ]
)
if test "$ENABLED_X963KDF" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
# DSA
AC_ARG_ENABLE([dsa],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])],
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
[ ENABLED_DSA=$enableval ],
[ ENABLED_DSA=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_DSA="yes"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
fi
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
# ECC Shamir
Fixed typo with new "eccshamir" configure option.
2016-05-05 22:24:08 +03:00
AC_ARG_ENABLE([eccshamir],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled)])],
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
[ ENABLED_ECC_SHAMIR=$enableval ],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[ ENABLED_ECC_SHAMIR=yes ]
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
)
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
# ECC
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
AC_ARG_ENABLE([ecc],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled)])],
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
[ ENABLED_ECC=$enableval ],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[ ENABLED_ECC=yes ]
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# lean psk doesn't need ecc
fix leanpsk default changes
2015-04-01 19:37:41 +03:00
if test "$ENABLED_LEANPSK" = "yes"
fix leanpsk w/ new defaults
2015-04-01 01:55:39 +03:00
then
ENABLED_ECC=no
fi
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_ECC="yes"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_ECC" = "yes"
then
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
Various improvements for testing Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE. Increase size of replyin client.c so all HTTP reply is displayed. Fix api.c to support only Ed25519 (not RSA and ECC) Fix suites.c to detect when CA for client won't work (Ed25519 only) For Static Memory add debugging and small profile. Also allow realloc to be called with NULL. Add more Ed25519 certs and keys. Fix names of Ed25519 filenames for client and server. Do NOT turn on ECC_SHAMIR by default with lowresource. Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 10:14:19 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes" && test "$ENABLED_LOWRESOURCE" = "no"
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
fi
Enable the TFM speedups when used with `--enable-ecccustcurves=all` and fastmath and x86.
2019-04-11 07:06:17 +03:00
Added ECC API's for using custom curves that are not in the "ecc_sets" list. Added wolfCrypt test to validate/demonstrate custom curve using BRAINPOOL256R1. Exposed "wc_ecc_make_key_ex" and added "wc_ecc_import_x963_ex" / "wc_ecc_import_raw_ex" API's that accept "const ecc_set_type*" for custom curve. Internally use "ECC_CUSTOM_IDX" (-1) to define custom curve is used. Added "--enable-ecccustcurves" option to configure.ac.
2016-06-16 20:09:41 +03:00
# ECC Custom Curves
AC_ARG_ENABLE([ecccustcurves],
[AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
[ ENABLED_ECCCUSTCURVES=$enableval ],
[ ENABLED_ECCCUSTCURVES=no ]
)
Added `--enable-ecccustcurves=all` option.
2019-03-14 19:56:03 +03:00
if test "$ENABLED_ECCCUSTCURVES" != "no"
Added ECC API's for using custom curves that are not in the "ecc_sets" list. Added wolfCrypt test to validate/demonstrate custom curve using BRAINPOOL256R1. Exposed "wc_ecc_make_key_ex" and added "wc_ecc_import_x963_ex" / "wc_ecc_import_raw_ex" API's that accept "const ecc_set_type*" for custom curve. Internally use "ECC_CUSTOM_IDX" (-1) to define custom curve is used. Added "--enable-ecccustcurves" option to configure.ac.
2016-06-16 20:09:41 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
Enable the TFM speedups when used with `--enable-ecccustcurves=all` and fastmath and x86.
2019-04-11 07:06:17 +03:00
# For distro, all or ecccustcurves=all builds, enable all curve types
Added `--enable-ecccustcurves=all` option.
2019-03-14 19:56:03 +03:00
if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all"
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
then
Added `--enable-ecccustcurves=all` option.
2019-03-14 19:56:03 +03:00
# Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
Added `--enable-ecccustcurves=all` option.
2019-03-14 19:56:03 +03:00
# Enable ECC Cofactor support
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH"
Enable the TFM speedups when used with `--enable-ecccustcurves=all` and fastmath and x86.
2019-04-11 07:06:17 +03:00
# If fastmath enabled and on x86 use speedups
if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521"
fi
Distro fix to enable SHA224 by default. Was causing Debian build error since SHA224 is enabled by default only for the x86_64 architecture. Updated --enable-distro option to include new features for aeskeywrap, x963kdf and scrypt. Changed the ECC custom curve option to enable all curve types when used with distro.
2017-04-10 21:45:26 +03:00
fi
Added ECC API's for using custom curves that are not in the "ecc_sets" list. Added wolfCrypt test to validate/demonstrate custom curve using BRAINPOOL256R1. Exposed "wc_ecc_make_key_ex" and added "wc_ecc_import_x963_ex" / "wc_ecc_import_raw_ex" API's that accept "const ecc_set_type*" for custom curve. Internally use "ECC_CUSTOM_IDX" (-1) to define custom curve is used. Added "--enable-ecccustcurves" option to configure.ac.
2016-06-16 20:09:41 +03:00
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
Fixes for compressed keys. Fix to fast math "mp_cnt_lsb" to return proper value, which fixes "mp_jacobi", which fixes "mp_sqrtmod_prime", which fixes compressed keys for 224-bit key. Removed workarounds for compressed keys. Added new configure option "--enable-compkey". Fixed issue with normal math and custom curves where "t2" could be free'd and used. Fixed issue with mp_dump in integer.c, with not allocating correctly sized buffer for toradix.
2016-06-22 00:06:02 +03:00
# Compressed Key
AC_ARG_ENABLE([compkey],
[AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
[ ENABLED_COMPKEY=$enableval ],
[ ENABLED_COMPKEY=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_COMPKEY=yes
fi
Fixes for compressed keys. Fix to fast math "mp_cnt_lsb" to return proper value, which fixes "mp_jacobi", which fixes "mp_sqrtmod_prime", which fixes compressed keys for 224-bit key. Removed workarounds for compressed keys. Added new configure option "--enable-compkey". Fixed issue with normal math and custom curves where "t2" could be free'd and used. Fixed issue with mp_dump in integer.c, with not allocating correctly sized buffer for toradix.
2016-06-22 00:06:02 +03:00
if test "$ENABLED_COMPKEY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
fi
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
# for using memory optimization setting on both curve25519 and ed25519
Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with `CURVED25519_SMALL` define. Adds new defines `CURVE25519_SMALL` and `ED25519_SMALL` to allow individual enabling of math library choice (`_low_mem` or `_operations`). Example: `./configure --enable-ed25519=small --enable-curve25519`.
2017-06-16 19:41:10 +03:00
ENABLED_CURVE25519_SMALL=no
ENABLED_ED25519_SMALL=no
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
rename ecc25519 to curve25519, less confusing with ed25519 now in play too
2015-03-24 21:56:40 +03:00
# CURVE25519
AC_ARG_ENABLE([curve25519],
[AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
[ ENABLED_CURVE25519=$enableval ],
[ ENABLED_CURVE25519=no ]
added in curve25519 crypto
2015-02-19 20:59:05 +03:00
)
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
add support for curve 25519 and Ed25519 in OpenSSH refactor curve25519 and Ed25519 code fix warning in PEM_xxx_mem_xxx functions
2015-08-01 19:28:18 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_CURVE25519="yes"
fi
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_CURVE25519" != "no"
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
ENABLED_CURVE25519_SMALL=yes
ENABLED_CURVE25519=yes
fi
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
Removes the forced 32-bit instruction (via `-m32`) from `--enable-32bit` option and replaces with comment. Some compilers do not support the `-m32` option, plus to work properly it must be used with configure directly like `./configure CFLAGS="-m32" LDFLAGS="-m32"`. Removes the `NO_64BIT` option to allow building corect on x86_64 and aarch64 (math libs detect platform properly). Fixes #1985.
2018-12-24 02:59:57 +03:00
if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes"
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
ENABLED_CURVE25519=yes
fi
Fix issue with ARMv8 not performing 128-bit math against constants correctly in debug builds. Fix was to use the `__int128_t` as const for integers. Also added `./configure --enable-curve25519=no128bit` option to force FE to not use the `int128_t` math.
2017-07-14 20:39:30 +03:00
rename ecc25519 to curve25519, less confusing with ed25519 now in play too
2015-03-24 21:56:40 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
ENABLED_FEMATH=yes
added in curve25519 crypto
2015-02-19 20:59:05 +03:00
fi
initial ed25519 implementation
2015-03-19 20:40:41 +03:00
# ED25519
AC_ARG_ENABLE([ed25519],
adjust ./configure format, change ed sign/verify to msg from hash
2015-03-19 22:48:32 +03:00
[AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
initial ed25519 implementation
2015-03-19 20:40:41 +03:00
[ ENABLED_ED25519=$enableval ],
[ ENABLED_ED25519=no ]
)
add support for curve 25519 and Ed25519 in OpenSSH refactor curve25519 and Ed25519 code fix warning in PEM_xxx_mem_xxx functions
2015-08-01 19:28:18 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_ED25519="yes"
fi
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no"
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
then
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"
ENABLED_ED25519_SMALL=yes
Fix fe_init implementation to appear for small Ed25519
2018-01-17 02:59:01 +03:00
ENABLED_CURVE25519_SMALL=yes
Add `USE_SLOW_SHA256` and `USE_SLOW_SHA512` options for reduced code size of SHA. Existing `USE_SLOW_SHA2` applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new `./configure --lowresource` option, which defines the memory reduction defines. Fix for `make check` resume.test scipt with `NO_SESSION_CACHE` defined.
2017-11-09 22:05:28 +03:00
ENABLED_ED25519=yes
fi
curve25519 and ed25519 low memory
2015-06-06 00:39:37 +03:00
initial ed25519 implementation
2015-03-19 20:40:41 +03:00
if test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])
fi
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
fi
# FP ECC, Fixed Point cache ECC
add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next
2013-09-07 01:24:31 +04:00
AC_ARG_ENABLE([fpecc],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next
2013-09-07 01:24:31 +04:00
[ ENABLED_FPECC=$enableval ],
[ ENABLED_FPECC=no ]
)
if test "$ENABLED_FPECC" = "yes"
then
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
if test "$ENABLED_ECC" = "no"
then
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
fi
add fixed point ecc cache, --enable-fpecc, add locking down to crypt level next
2013-09-07 01:24:31 +04:00
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
fi
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
# ECC encrypt
AC_ARG_ENABLE([eccencrypt],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled)])],
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
[ ENABLED_ECC_ENCRYPT=$enableval ],
[ ENABLED_ECC_ENCRYPT=no ]
)
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
if test "$ENABLED_ECC" = "no"
then
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
fi
if test "$ENABLED_HKDF" = "no"
then
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
add basic ecc encrypt/decrypt
2013-11-08 03:59:31 +04:00
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# PSK
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
AC_ARG_ENABLE([psk],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])],
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
[ ENABLED_PSK=$enableval ],
[ ENABLED_PSK=no ]
)
Use TLS v1.3 PSK callback in extension allow for one call in client New compile time option WOLFSSL_PSK_ONE_ID. Indicates one identity available. No need for client to call callback when generating binder - already cached.
2019-05-17 01:01:40 +03:00
# Single PSK identity
AC_ARG_ENABLE([psk-one-id],
[AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
[ ENABLED_PSK_ONE_ID=$enableval ],
[ ENABLED_PSK_ONE_ID=no ]
)
if test "$ENABLED_PSK_ONE_ID" = "yes"
then
if test "$ENABLED_PSK" = "no"
then
ENABLED_PSK="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSK_ONE_ID"
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
add --enable-errorstrings and build check
2013-03-13 22:27:14 +04:00
# ERROR STRINGS
AC_ARG_ENABLE([errorstrings],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])],
add --enable-errorstrings and build check
2013-03-13 22:27:14 +04:00
[ ENABLED_ERROR_STRINGS=$enableval ],
[ ENABLED_ERROR_STRINGS=yes ]
)
if test "$ENABLED_ERROR_STRINGS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off error strings if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-errorstrings and build check
2013-03-13 22:27:14 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
ENABLED_ERROR_STRINGS=no
fi
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# OLD TLS
add --enable-oldtls, build and leanpsk check
2013-03-13 22:49:11 +04:00
AC_ARG_ENABLE([oldtls],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: enabled)])],
add --enable-oldtls, build and leanpsk check
2013-03-13 22:49:11 +04:00
[ ENABLED_OLD_TLS=$enableval ],
[ ENABLED_OLD_TLS=yes ]
)
if test "$ENABLED_OLD_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off old if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-oldtls, build and leanpsk check
2013-03-13 22:49:11 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no
fi
fi
Allow TLS 1.2 to be compiled out.
2018-05-17 02:08:03 +03:00
# TLSv1.2
AC_ARG_ENABLE([tlsv12],
[AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])],
[ ENABLED_TLSV12=$enableval ],
[ ENABLED_TLSV12=yes ]
)
if test "$ENABLED_TLSV12" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS"
fi
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-15 00:55:48 +03:00
# TLSv1.0
AC_ARG_ENABLE([tlsv10],
[AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])],
[ ENABLED_TLSV10=$enableval ],
[ ENABLED_TLSV10=no ]
)
if test "$ENABLED_TLSV10" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# SSLv3
AC_ARG_ENABLE([sslv3],
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-20 14:22:30 +03:00
[AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
[ ENABLED_SSLV3=$enableval ],
[ ENABLED_SSLV3=no]
)
Define functions required by HAProxy and enable SSLV3 dependency
2018-07-26 22:53:21 +03:00
if test "x$ENABLED_HAPROXY" = "xyes"
then
ENABLED_SSLV3="yes"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
if test "$ENABLED_SSLV3" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
fi
# STACK SIZE info for examples
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 22:28:38 +04:00
AC_ARG_ENABLE([stacksize],
add trackmemory enable option
2017-05-19 01:46:56 +03:00
[AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 22:28:38 +04:00
[ ENABLED_STACKSIZE=$enableval ],
[ ENABLED_STACKSIZE=no ]
)
if test "$ENABLED_STACKSIZE" = "yes"
then
AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
Merge branch 'master' of https://github.com/cyassl/cyassl
2013-06-20 00:04:43 +04:00
AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
Added support for QAT RSA Key Generation.
2018-12-11 03:51:54 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE"
add --enable-stacksize to print out stack use info with pthreads for example client/server
2013-03-28 22:28:38 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# MEMORY
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
AC_ARG_ENABLE([memory],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])],
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
[ ENABLED_MEMORY=$enableval ],
[ ENABLED_MEMORY=yes ]
)
if test "$ENABLED_MEMORY" = "no"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off memory cb if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
then
configure.ac updates
2014-12-31 23:04:03 +03:00
# but don't turn on NO_WOLFSSL_MEMORY because using own
add --enable-memory, build, disable runtime memory cbs, check leanpsk
2013-03-13 00:31:14 +04:00
ENABLED_MEMORY=no
fi
fi
require using wolfSSL memory when enabling trackmemory
2017-05-20 00:24:38 +03:00
# MEMORY SIZE info
AC_ARG_ENABLE([trackmemory],
[AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])],
[ ENABLED_TRACKMEMORY=$enableval ],
[ ENABLED_TRACKMEMORY=no ]
)
if test "$ENABLED_TRACKMEMORY" = "yes"
then
if test "$ENABLED_MEMORY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY"
else
AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).])
fi
fi
More changes to minimize dynamic memory usage. Change define to WOLFSSL_MEMORY_LOG. Fix for ED25519 server certificate - single cert to allow comparison with ECC dynamic memory usage. Free memory earlier to reduce maximum memory usage in a connection. Make MAX_ENCODED_SIG_SZ only as big as necessary. Change memory allocation type in sha256 from RNG to DIGEST. If we know the key type use it in decoding private key
2018-08-21 02:03:11 +03:00
# MEMORY usage logging
AC_ARG_ENABLE([memorylog],
[AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])],
[ ENABLED_MEMORYLOG=$enableval ],
[ ENABLED_MEMORYLOG=no ]
)
if test "$ENABLED_MEMORYLOG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG"
fi
Small stack usage fixes Stack pointer logging added.
2018-08-29 03:16:51 +03:00
# STACK usage logging
AC_ARG_ENABLE([stacklog],
[AS_HELP_STRING([--enable-stacklog],[Enable stack logging (default: disabled)])],
[ ENABLED_STACKLOG=$enableval ],
[ ENABLED_STACKLOG=no ]
)
if test "$ENABLED_STACKLOG" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STACK_LOG -finstrument-functions"
fi
require using wolfSSL memory when enabling trackmemory
2017-05-20 00:24:38 +03:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# RSA
add --disable-rsa, bump dev version
2013-03-11 23:49:59 +04:00
AC_ARG_ENABLE([rsa],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled)])],
add --disable-rsa, bump dev version
2013-03-11 23:49:59 +04:00
[ ENABLED_RSA=$enableval ],
[ ENABLED_RSA=yes ]
)
if test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off RSA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --disable-rsa, bump dev version
2013-03-11 23:49:59 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
ENABLED_RSA=no
fi
fi
Allow a very small build based on SHA-256 and RSA verify
2018-12-06 10:27:10 +03:00
AC_ARG_ENABLE([oaep],
[AS_HELP_STRING([--enable-oaep],[Enable RSA OAEP (default: enabled)])],
[ ENABLED_OAEP=$enableval ],
[ ENABLED_OAEP=yes ]
)
if test "$ENABLED_OAEP" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWC_NO_RSA_OAEP"
fi
AC_ARG_ENABLE([rsapub],
[AS_HELP_STRING([--enable-rsapub],[Enable RSA Public Only (default: disabled)])],
[ ENABLED_RSAPUB=$enableval ],
[ ENABLED_RSAPUB=no ]
)
if test "$ENABLED_RSAPUB" = "yes"
then
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSA="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY"
fi
AC_ARG_ENABLE([rsavfy],
[AS_HELP_STRING([--enable-rsavfy],[Enable RSA Verify Inline Only (default: disabled)])],
[ ENABLED_RSAVFY=$enableval ],
[ ENABLED_RSAVFY=no ]
)
if test "$ENABLED_RSAVFY" = "yes"
then
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSA="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_ONLY"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_VERIFY_INLINE -DNO_SIG_WRAPPER"
fi
add --disable-rsa, bump dev version
2013-03-11 23:49:59 +04:00
TLS v1.2 and PSS Cleanup the TLS v1.3 PSS code as well. Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer a simple memcmp with the digest.
2017-05-18 08:32:06 +03:00
# RSA-PSS
AC_ARG_ENABLE([rsapss],
[ --enable-rsapss Enable RSA-PSS (default: disabled)],
[ ENABLED_RSAPSS=$enableval ],
[ ENABLED_RSAPSS=no ]
)
if test "$ENABLED_RSA" = "no"
then
ENABLED_RSAPSS="no"
else
if test "$ENABLED_TLS13" = "yes"
then
ENABLED_RSAPSS="yes"
fi
fi
if test "$ENABLED_RSAPSS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
# DH
AC_ARG_ENABLE([dh],
update configure help strings for AESGCM and DH
2015-04-01 02:23:28 +03:00
[AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
[ ENABLED_DH=$enableval ],
enable dh by default
2015-03-27 20:23:15 +03:00
[ ENABLED_DH=yes ]
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
)
add openssh ./configure build
2015-07-17 19:14:58 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_DH="yes"
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off DH if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
ENABLED_DH=no
fi
fi
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 22:44:32 +03:00
# Anonymous
AC_ARG_ENABLE([anon],
[AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
[ ENABLED_ANON=$enableval ],
[ ENABLED_ANON=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "x$ENABLED_WPAS" = "xyes"
then
ENABLED_ANON=yes
fi
Merge in the ADH-AES128-SHA changes and add a check for it during the packet order sanity checking.
2014-12-01 22:44:32 +03:00
if test "x$ENABLED_ANON" = "xyes"
then
if test "x$ENABLED_DH" != "xyes"
then
AC_MSG_ERROR([Anonymous suite requires DH.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
# ASN
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
# turn off asn, which means no certs, no rsa, no dsa, no ecc,
# and no big int (unless dh is on)
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
AC_ARG_ENABLE([asn],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
[ ENABLED_ASN=$enableval ],
[ ENABLED_ASN=yes ]
)
if test "$ENABLED_ASN" = "no"
then
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
then
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
# DH and ECC need bigint
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
else
# turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
ENABLED_ASN=no
Added support for building with certificate parsing only. `./configure --enable-asn=nocrypt`. Added new API for parsing PIV format certificates `wc_ParseCertPIV` with `WOLFSSL_CERT_PIV` build option. Added `wc_DeCompress_ex` with ability to decompress GZIP. Moved the ZLIB error codes into wolfCrypt.
2018-09-25 22:16:59 +03:00
else
if test "$ENABLED_ASN" = "nocrypt"
then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
Fixes for building with `./configure --enable-asn=nocrypt`. Added wolfCrypt test template for `certpiv_test`, pending test PIV certs to use.
2018-09-26 23:56:10 +03:00
enable_pwdbased=no
Added support for building with certificate parsing only. `./configure --enable-asn=nocrypt`. Added new API for parsing PIV format certificates `wc_ParseCertPIV` with `WOLFSSL_CERT_PIV` build option. Added `wc_DeCompress_ex` with ability to decompress GZIP. Moved the ZLIB error codes into wolfCrypt.
2018-09-25 22:16:59 +03:00
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
fi
fi
Allow a very small build based on SHA-256 and RSA verify
2018-12-06 10:27:10 +03:00
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && test "$ENABLED_ASN" = "no"
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
then
AC_MSG_ERROR([please disable rsa if disabling asn.])
fi
add --enable-dh, build, checks w/o asn
2013-03-13 00:03:42 +04:00
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
then
AC_MSG_ERROR([please disable dsa if disabling asn.])
fi
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
# DH and ECC need bigint
Allow a very small build based on SHA-256 and RSA verify
2018-12-06 10:27:10 +03:00
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
then
ENABLED_FASTMATH=no
ENABLED_SLOWMATH=no
fi
add --enable-asn, build, and checks for rsa / psk w/o asn
2013-03-12 23:48:41 +04:00
add --enable-aes and build
2013-03-12 04:07:37 +04:00
# AES
AC_ARG_ENABLE([aes],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])],
add --enable-aes and build
2013-03-12 04:07:37 +04:00
[ ENABLED_AES=$enableval ],
[ ENABLED_AES=yes ]
)
if test "$ENABLED_AES" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
fortress relies on aes disallowed pair
2015-07-17 18:30:25 +03:00
if test "$ENABLED_FORTRESS" = "yes"
then
AC_MSG_ERROR([fortress requires aes])
fi
ecc_encrypt + hkdf requires aes
2015-07-17 00:31:36 +03:00
if test "$ENABLED_ECC_ENCRYPT" = "yes"
then
AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
fi
aes gcm/ccm require aes, duh
2015-03-28 07:30:27 +03:00
if test "$ENABLED_AESGCM" = "yes"
then
AC_MSG_ERROR([AESGCM requires AES.])
fi
if test "$ENABLED_AESCCM" = "yes"
then
AC_MSG_ERROR([AESCCM requires AES.])
fi
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
if test "$ENABLED_AESCTR" = "yes"
then
AC_MSG_ERROR([AESCTR requires AES.])
fi
add --enable-aes and build
2013-03-12 04:07:37 +04:00
else
# turn off AES if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
ENABLED_AES=no
fi
fi
add --enable-coding, build, leanpsk check
2013-03-13 00:12:10 +04:00
# CODING
AC_ARG_ENABLE([coding],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
add --enable-coding, build, leanpsk check
2013-03-13 00:12:10 +04:00
[ ENABLED_CODING=$enableval ],
[ ENABLED_CODING=yes ]
)
if test "$ENABLED_CODING" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
else
# turn off CODING if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
ENABLED_CODING=no
fi
fi
Added new public "wc_GetTime" API for getting seconds from the asn.c XTIME. Added new "./configure --enable-base64encode" to enable Base64 encoding (now enabled by default for "x86_64").
2016-06-10 02:26:39 +03:00
# Base64 Encode
BASE64ENCODE_DEFAULT=no
if test "$host_cpu" = "x86_64"
then
BASE64ENCODE_DEFAULT=yes
fi
AC_ARG_ENABLE([base64encode],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64)])],
Added new public "wc_GetTime" API for getting seconds from the asn.c XTIME. Added new "./configure --enable-base64encode" to enable Base64 encoding (now enabled by default for "x86_64").
2016-06-10 02:26:39 +03:00
[ ENABLED_BASE64ENCODE=$enableval ],
[ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
)
if test "$ENABLED_BASE64ENCODE" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
fi
Base16/64 improvements: * Add define `WOLFSSL_BASE16` to explicitly expose base16 support. * Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally). * Added base16 tests in test.c `base16_test`. * Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
2018-03-22 20:36:56 +03:00
# Base16
AC_ARG_ENABLE([base16],
[AS_HELP_STRING([--enable-base16],[Enable Base16 encoding/decoding (default: disabled)])],
[ ENABLED_BASE16=$enableval ],
[ ENABLED_BASE16=no ]
)
if test "$ENABLED_BASE16" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE16"
fi
add --enable-des3 and build, no strnstr in tests
2013-03-12 20:46:15 +04:00
# DES3
AC_ARG_ENABLE([des3],
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
[AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
add --enable-des3 and build, no strnstr in tests
2013-03-12 20:46:15 +04:00
[ ENABLED_DES3=$enableval ],
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
[ ENABLED_DES3=no ]
add --enable-des3 and build, no strnstr in tests
2013-03-12 20:46:15 +04:00
)
Update configure to enable des3 when building OpenSSH
2018-07-16 19:49:23 +03:00
if test "$ENABLED_OPENSSH" = "yes"
then
Fix tab indentation
2018-07-16 23:09:45 +03:00
ENABLED_DES3="yes"
Update configure to enable des3 when building OpenSSH
2018-07-16 19:49:23 +03:00
fi
add --enable-des3 and build, no strnstr in tests
2013-03-12 20:46:15 +04:00
add IDEA cipher (ECB and CBC mode) add support of SSL_RSA_WITH_IDEA_CBC_SHA cipher suite (SSLv3, TLS v1.0 and TLSv1.1)
2015-09-23 17:16:39 +03:00
# IDEA
AC_ARG_ENABLE([idea],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-idea],[Enable IDEA Cipher (default: disabled)])],
[ ENABLED_IDEA=$enableval ],
[ ENABLED_IDEA=no ]
)
add IDEA cipher (ECB and CBC mode) add support of SSL_RSA_WITH_IDEA_CBC_SHA cipher suite (SSLv3, TLS v1.0 and TLSv1.1)
2015-09-23 17:16:39 +03:00
if test "x$ENABLED_IDEA" = "xyes"
then
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_IDEA"
add IDEA cipher (ECB and CBC mode) add support of SSL_RSA_WITH_IDEA_CBC_SHA cipher suite (SSLv3, TLS v1.0 and TLSv1.1)
2015-09-23 17:16:39 +03:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# ARC4
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
AC_ARG_ENABLE([arc4],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
[ ENABLED_ARC4=$enableval ],
remove rc4 from default build
2015-03-27 20:17:22 +03:00
[ ENABLED_ARC4=no ]
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes"
add openssh ./configure build
2015-07-17 19:14:58 +03:00
then
ENABLED_ARC4="yes"
fi
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
if test "$ENABLED_ARC4" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off ARC4 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-arc4 and build
2013-03-12 04:13:24 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
ENABLED_ARC4=no
fi
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# MD5
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
2013-03-12 04:37:08 +04:00
AC_ARG_ENABLE([md5],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])],
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
2013-03-12 04:37:08 +04:00
[ ENABLED_MD5=$enableval ],
[ ENABLED_MD5=yes ]
)
if test "$ENABLED_MD5" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off MD5 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
2013-03-12 04:37:08 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
ENABLED_MD5=no
fi
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# SHA
add --enable-sha and build, disables examples for now since certs still use sha, when add --disable-certs add more thorough check
2013-03-12 04:53:38 +04:00
AC_ARG_ENABLE([sha],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])],
add --enable-sha and build, disables examples for now since certs still use sha, when add --disable-certs add more thorough check
2013-03-12 04:53:38 +04:00
[ ENABLED_SHA=$enableval ],
[ ENABLED_SHA=yes ]
)
if test "$ENABLED_SHA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
else
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# turn off SHA if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
add --enable-sha and build, disables examples for now since certs still use sha, when add --disable-certs add more thorough check
2013-03-12 04:53:38 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
ENABLED_SHA=no
fi
fi
add AES-CMAC
2016-05-24 03:50:36 +03:00
# CMAC
AC_ARG_ENABLE([cmac],
[AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
[ ENABLED_CMAC=$enableval ],
[ ENABLED_CMAC=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_CMAC=yes
fi
add AES-CMAC
2016-05-24 03:50:36 +03:00
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
add AES-XTS mode --enable-xts
2017-08-31 02:50:15 +03:00
# AES-XTS
AC_ARG_ENABLE([xts],
[AS_HELP_STRING([--enable-xts],[Enable XTS (default: disabled)])],
[ ENABLED_XTS=$enableval ],
[ ENABLED_XTS=no ]
)
AS_IF([test "x$ENABLED_XTS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Web Server Build
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-04 00:18:26 +04:00
AC_ARG_ENABLE([webserver],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-04 00:18:26 +04:00
[ ENABLED_WEBSERVER=$enableval ],
[ ENABLED_WEBSERVER=no ]
)
if test "$ENABLED_WEBSERVER" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
fi
Added some more features to the `--enable-all`. Added new `--enable-webclient` option.
2018-04-10 18:38:14 +03:00
# Web Client Build (HTTP Client)
AC_ARG_ENABLE([webclient],
[AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])],
[ ENABLED_WEBCLIENT=$enableval ],
[ ENABLED_WEBCLIENT=no ]
)
if test "$ENABLED_WEBCLIENT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT"
fi
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-04 00:18:26 +04:00
add --enable-pwdbased and build, opensslextra needs
2013-03-12 04:01:05 +04:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# HC128
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([hc128],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hc128],[Enable HC-128 (default: disabled)])],
fix sniffer and hc128 builds
2011-08-25 04:39:23 +04:00
[ ENABLED_HC128=$enableval ],
[ ENABLED_HC128=no ]
)
if test "$ENABLED_HC128" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
lots o warning fixes for rc3
2011-09-29 00:19:05 +04:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
fix sniffer and hc128 builds
2011-08-25 04:39:23 +04:00
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
make rabbit optional with configure option
2012-10-23 04:28:46 +04:00
# RABBIT
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([rabbit],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-rabbit],[Enable RABBIT (default: disabled)])],
make rabbit optional with configure option
2012-10-23 04:28:46 +04:00
[ ENABLED_RABBIT=$enableval ],
[ ENABLED_RABBIT=no ]
)
if test "$ENABLED_RABBIT" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
fi
fix github issue #27, better help on fips not working w/o license
2015-03-06 20:15:33 +03:00
# FIPS
add fips enable switch
2014-03-19 20:43:57 +04:00
AC_ARG_ENABLE([fips],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
add fips enable switch
2014-03-19 20:43:57 +04:00
[ ENABLED_FIPS=$enableval ],
[ ENABLED_FIPS=no ]
)
RSA Update 1. Fix issue with new key gen options and using old FIPS releases. 2. Modify the FIPS configure option to handle an option for the updated FIPS.
2017-11-03 02:56:49 +03:00
if test "x$ENABLED_FIPS" != "xno"
add fips enable switch
2014-03-19 20:43:57 +04:00
then
RSA Update 1. Fix issue with new key gen options and using old FIPS releases. 2. Modify the FIPS configure option to handle an option for the updated FIPS.
2017-11-03 02:56:49 +03:00
FIPS_VERSION=$ENABLED_FIPS
ENABLED_FIPS=yes
SHA512 fips mode
2014-03-28 01:03:12 +04:00
# requires thread local storage
require thread local storage for power on self thread check
2014-03-19 21:19:08 +04:00
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([FIPS requires Thread Local Storage])
fi
SHA512 fips mode
2014-03-28 01:03:12 +04:00
# requires SHA512
if test "x$ENABLED_SHA512" = "xno"
then
ENABLED_SHA512="yes"
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
SHA512 fips mode
2014-03-28 01:03:12 +04:00
fi
allow aes gcm fips wrappers, no void returns
2014-10-28 01:52:22 +03:00
# requires AESGCM
if test "x$ENABLED_AESGCM" != "xyes"
then
ENABLED_AESGCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
fi
1. Add DES3 enable to full commit test. 2. Added DES3 to the list of FIPS prereqs.
2016-09-15 22:19:32 +03:00
# requires DES3
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
add fips enable switch
2014-03-19 20:43:57 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
RSA Update 1. Fix issue with new key gen options and using old FIPS releases. 2. Modify the FIPS configure option to handle an option for the updated FIPS.
2017-11-03 02:56:49 +03:00
# Add the FIPS flag.
AS_IF([test "x$FIPS_VERSION" = "xv2"],
For the FIPSv2 build, remove the define for FP_MAX_BITS from the CFLAGS. Default value was appropriate.
2018-06-13 19:35:42 +03:00
[AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q"
FIPS Update 1. When configuring FIPSv2, force enable RSA-PSS and ECC. 2. Add more checks for FIPSv2 around the code.
2018-01-10 20:26:22 +03:00
ENABLED_KEYGEN="yes"
FIPS Revalidation 1. Enable SHA-224 by default if building for FIPSv2.
2018-02-06 04:25:23 +03:00
ENABLED_SHA224="yes"
AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
[ENABLED_AESCCM="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
FIPS Update 1. When configuring FIPSv2, force enable RSA-PSS and ECC. 2. Add more checks for FIPSv2 around the code.
2018-01-10 20:26:22 +03:00
AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
FIPS Revalidation 1. Enable SHA-224 by default if building for FIPSv2.
2018-02-06 04:25:23 +03:00
[ENABLED_RSAPSS="yes"
AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
FIPS Update 1. When configuring FIPSv2, force enable RSA-PSS and ECC. 2. Add more checks for FIPSv2 around the code.
2018-01-10 20:26:22 +03:00
AS_IF([test "x$ENABLED_ECC" != "xyes"],
FIPS Revalidation 1. Enable SHA-224 by default if building for FIPSv2.
2018-02-06 04:25:23 +03:00
[ENABLED_ECC="yes"
FIPS Revalidation 1. ForceZero the odd block when using RDSEED to seed the DRBG. 2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag. 3. Annotate the ecc key pair checking code with NIST process references. 4. Add function to pair-wise check the DH key. 5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919. 6. Enabled the ECC key checks by default for FIPS. 7. Added DH private key check function. 8. Enabled the DH key checks by default for FIPS.
2018-05-09 03:02:59 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
FIPS Update 1. When configuring FIPSv2, force enable RSA-PSS and ECC. 2. Add more checks for FIPSv2 around the code.
2018-01-10 20:26:22 +03:00
AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
FIPS Revalidation (acceptance fixes) 1. Add a couple of missing options to user_settings.h for Win10 and configure.ac. 2. Clear the execute flag from the ecc.h.
2018-06-07 20:50:39 +03:00
[AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
FIPS Revalidation 1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds. 2. Move the aes-ni asm file into the boundary if enabled. 3. Enable AES-ECB by default.
2018-02-09 20:54:34 +03:00
AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
[ENABLED_AESCTR="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
FIPS Revalidation 1. Added CMAC to the boundary. 2. Added DHE to the boundary.
2018-02-01 22:20:57 +03:00
AS_IF([test "x$ENABLED_CMAC" != "xyes"],
[ENABLED_CMAC="yes"
FIPS Revalidation 1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds. 2. Move the aes-ni asm file into the boundary if enabled. 3. Enable AES-ECB by default.
2018-02-09 20:54:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
FIPS Revalidation 1. Change to configure.ac to automatically enable HKDF in FIPSv2 builds.
2018-02-13 01:31:22 +03:00
AS_IF([test "x$ENABLED_HKDF" != "xyes"],
[ENABLED_HKDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
FIPS Revalidation 1. ForceZero the odd block when using RDSEED to seed the DRBG. 2. When using FIPSv2 and Intel_ASM speedups, force RDSEED failure flag. 3. Annotate the ecc key pair checking code with NIST process references. 4. Add function to pair-wise check the DH key. 5. Add optional "Q" values for the FFDHE canned parameters from RFC 7919. 6. Enabled the ECC key checks by default for FIPS. 7. Added DH private key check function. 8. Enabled the DH key checks by default for FIPS.
2018-05-09 03:02:59 +03:00
AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
FIPS Revalidation 1. Enable SHA-224 by default if building for FIPSv2.
2018-02-06 04:25:23 +03:00
])
FIPS changes and fixups Enable ex data explicitly. Keep the peer cert for verification callback. External session cache for hostapd. Enable DES_ECB when not FIPS. Don't send the peer cert if it is not received from peer. Initialize the peer cert after free as will be freed on tear down of SSL. Allow a server to become a client.
2017-03-30 04:53:35 +03:00
else
if test "x$ENABLED_FORTRESS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
fi
add fips enable switch
2014-03-19 20:43:57 +04:00
fi
add CAVP selftest option for special build
2018-02-23 02:17:08 +03:00
# SELFTEST
AC_ARG_ENABLE([selftest],
[AS_HELP_STRING([--enable-selftest],[Enable selftest, Will NOT work w/o CAVP selftest license (default: disabled)])],
[ ENABLED_SELFTEST=$enableval ],
[ ENABLED_SELFTEST=no ]
)
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$ENABLED_SELFTEST" = "xyes"
add CAVP selftest option for special build
2018-02-23 02:17:08 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST"
fi
add fips enable switch
2014-03-19 20:43:57 +04:00
Disable SHA-224 in FIPS
2016-11-11 09:29:34 +03:00
# set sha224 default
SHA224_DEFAULT=no
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
Disable SHA-224 in FIPS
2016-11-11 09:29:34 +03:00
then
crypto only sha256 cryptodev formating and refactoring update configure for devcrypto add AES algorithms to cyrptodev port increase structure size for compatibility AES with cryptodev add wc_devcrypto.h to install path
2018-08-17 18:46:16 +03:00
if test "x$ENABLED_AFALG" = "xno" && test "x$ENABLED_DEVCRYPTO" = "xno" && ( test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2" )
Fix logic
2016-11-11 09:38:28 +03:00
then
SHA224_DEFAULT=yes
fi
Disable SHA-224 in FIPS
2016-11-11 09:29:34 +03:00
fi
# SHA224
AC_ARG_ENABLE([sha224],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)])],
Disable SHA-224 in FIPS
2016-11-11 09:29:34 +03:00
[ ENABLED_SHA224=$enableval ],
[ ENABLED_SHA224=$SHA224_DEFAULT ]
)
if test "$ENABLED_SHA224" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
fi
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
# set sha3 default
SHA3_DEFAULT=no
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
then
FIPS Update 1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2. 2. Tweak the SHA-3 header to follow the new FIPS pattern.
2017-12-27 22:07:42 +03:00
if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2"
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
then
SHA3_DEFAULT=yes
fi
fi
# SHA3
AC_ARG_ENABLE([sha3],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)])],
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
[ ENABLED_SHA3=$enableval ],
[ ENABLED_SHA3=$SHA3_DEFAULT ]
)
if test "$ENABLED_SHA3" = "small"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL"
ENABLED_SHA3="yes"
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
fi
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
# set POLY1305 default
POLY1305_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
POLY1305_DEFAULT=no
fi
# POLY1305
AC_ARG_ENABLE([poly1305],
[AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
[ ENABLED_POLY1305=$enableval ],
[ ENABLED_POLY1305=$POLY1305_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need poly1305
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
then
ENABLED_POLY1305=no
fi
Removes the forced 32-bit instruction (via `-m32`) from `--enable-32bit` option and replaces with comment. Some compilers do not support the `-m32` option, plus to work properly it must be used with configure directly like `./configure CFLAGS="-m32" LDFLAGS="-m32"`. Removes the `NO_64BIT` option to allow building corect on x86_64 and aarch64 (math libs detect platform properly). Fixes #1985.
2018-12-24 02:59:57 +03:00
if test "$ENABLED_POLY1305" = "yes"
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
fi
# set CHACHA default
CHACHA_DEFAULT=yes
if test "x$ENABLED_FIPS" = "xyes"
then
CHACHA_DEFAULT=no
fi
# CHACHA
AC_ARG_ENABLE([chacha],
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
[ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=$CHACHA_DEFAULT]
)
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
# leanpsk and leantls don't need chacha
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
then
ENABLED_CHACHA=no
fi
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
fi
remove poly/chacha from fips build
2015-04-12 21:01:16 +03:00
if test "$ENABLED_CHACHA" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
fi
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
# Hash DRBG
AC_ARG_ENABLE([hashdrbg],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])],
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
[ ENABLED_HASHDRBG=$enableval ],
make HASH-DRBG default RNG w/ autoconf
2014-12-01 20:12:26 +03:00
[ ENABLED_HASHDRBG=yes ]
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
)
if test "x$ENABLED_HASHDRBG" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
else
Retain existing HAVE_HASHDRBG functionality and only disable if ./configure --disable-hashdrbg or WC_NO_HASHDRBG defined. Fix use of warning with VS. Fix to only use rng seed as source if no DRBG.
2017-03-17 23:44:53 +03:00
# turn on Hash DRBG if FIPS is on
Fix RNG issue with Intel RDRAND and RDSEED accelerations not being used because HAVE_HASHDRBG was always being defined if !WOLFSSL_FORCE_RC4_DRBG. Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source (if RDRAND not supported by CPU then HASHDRBG will be used). The --enable-intelasm option enables the RDSEED support for seeding HASHDRBG if CPU supports it. Allow use of seed as RNG source if --disable-hashdbrg (shows build warning). Cleanup to remove old ARC4 RNG support. Fixed random_test return code with !HAVE_HASHDRBG. Cleanup of ./configure --help alignment.
2017-03-17 23:29:03 +03:00
if test "x$ENABLED_FIPS" = "xyes"
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
ENABLED_HASHDRBG=yes
Retain existing HAVE_HASHDRBG functionality and only disable if ./configure --disable-hashdrbg or WC_NO_HASHDRBG defined. Fix use of warning with VS. Fix to only use rng seed as source if no DRBG.
2017-03-17 23:44:53 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
added Hash DRBG as configure option
2014-05-07 22:54:12 +04:00
fi
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Filesystem Build
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
AC_ARG_ENABLE([filesystem],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])],
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
[ ENABLED_FILESYSTEM=$enableval ],
[ ENABLED_FILESYSTEM=yes ]
move ProcessChainBufer out of filesystem only, add configure option for noFilesystem
2011-06-30 21:07:49 +04:00
)
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
if test "$ENABLED_FILESYSTEM" = "no"
move ProcessChainBufer out of filesystem only, add configure option for noFilesystem
2011-06-30 21:07:49 +04:00
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
else
# turn off filesystem if leanpsk on
if test "$ENABLED_LEANPSK" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
ENABLED_FILESYSTEM=no
fi
move ProcessChainBufer out of filesystem only, add configure option for noFilesystem
2011-06-30 21:07:49 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# inline Build
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
AC_ARG_ENABLE([inline],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
[ ENABLED_INLINE=$enableval ],
[ ENABLED_INLINE=yes ]
add --enable-noInline option for easier testing of it
2011-08-03 21:59:08 +04:00
)
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
if test "$ENABLED_INLINE" = "no"
add --enable-noInline option for easier testing of it
2011-08-03 21:59:08 +04:00
then
add ssl bump configure option
2011-08-25 22:41:14 +04:00
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
add --enable-noInline option for easier testing of it
2011-08-03 21:59:08 +04:00
fi
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
# OCSP
AC_ARG_ENABLE([ocsp],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
[ ENABLED_OCSP=$enableval ],
[ ENABLED_OCSP=no ],
)
Added a new `--enable-opensslall` option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build.
2018-04-10 19:55:03 +03:00
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_OCSP=yes
fi
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
if test "$ENABLED_OCSP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
if test "$ENABLED_OCSP" = "yes"
then
# check openssl command tool for testing ocsp
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
if test "$HAVE_OPENSSL_CMD" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
else
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
fi
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
# Certificate Status Request : a.k.a. OCSP Stapling
AC_ARG_ENABLE([ocspstapling],
[AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
fi
# Certificate Status Request v2 : a.k.a. OCSP stapling v2
AC_ARG_ENABLE([ocspstapling2],
[AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
[ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
fi
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
then
Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969.
2016-02-23 20:13:52 +03:00
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
fi
fi
crl script initialize
2015-07-21 22:56:47 +03:00
# CRL
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([crl],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crl],[Enable CRL (default: disabled)])],
init crl
2012-05-11 23:22:16 +04:00
[ ENABLED_CRL=$enableval ],
[ ENABLED_CRL=no ],
)
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_CRL=yes
fi
init crl
2012-05-11 23:22:16 +04:00
if test "$ENABLED_CRL" = "yes"
then
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
init crl
2012-05-11 23:22:16 +04:00
fi
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
# CRL Monitor
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([crl-monitor],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])],
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
[ ENABLED_CRL_MONITOR=$enableval ],
[ ENABLED_CRL_MONITOR=no ],
)
if test "$ENABLED_CRL_MONITOR" = "yes"
then
fix ipv6 unused warning, add os check for crl monitor
2012-11-16 22:47:13 +04:00
case $host_os in
add freebsd crl-monitor support
2012-11-17 01:25:45 +04:00
*linux* | *darwin* | *freebsd*)
fix ipv6 unused warning, add os check for crl monitor
2012-11-16 22:47:13 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
*)
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2016-12-07 18:07:27 +03:00
if test "x$ENABLED_DISTRO" = "xyes" ; then
ENABLED_CRL_MONITOR="no"
else
AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
fi
break;;
fix ipv6 unused warning, add os check for crl monitor
2012-11-16 22:47:13 +04:00
esac
have separate --enable-crl-monitor
2012-06-05 22:31:00 +04:00
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
# USER CRYPTO
ENABLED_USER_CRYPTO="no"
ENABLED_USER_RSA="no"
AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
trycryptodir=""
AC_ARG_WITH([user-crypto],
[AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
[
CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
LIBS="$LIBS -lusercrypto"
if test "x$withval" != "xno" ; then
trycryptodir=$withval
fi
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
trycryptodir="/usr/local"
fi
LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
#Look for RSA Init function in usercrypto lib
AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$user_rsa_linked" = "xyes" ; then
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
AC_MSG_NOTICE([User user_rsa.h being used])
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
ENABLED_USER_RSA=yes
ENABLED_USER_CRYPTO=yes
fi
#Display check and find result of link attempts
AC_MSG_CHECKING([for USER_CRYPTO])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$ENABLED_USER_CRYPTO" = "xno" ; then
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
AC_MSG_RESULT([no])
AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
Specify its path using --with-user-crypto=/dir/])
else
AC_MSG_RESULT([yes])
# Check if .la is available if not then rely on exported path
AC_CHECK_FILE($trycryptodir/lib/libusercrypto.la, [LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"], [LIB_ADD="-lusercrypto $LIB_ADD"])
AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
fi
]
)
if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
then
AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# NTRU
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
ENABLED_NTRU="no"
tryntrudir=""
AC_ARG_WITH([ntru],
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
[AS_HELP_STRING([--with-ntru=PATH],[Path to NTRU install (default /usr/)])],
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
[
AC_MSG_CHECKING([for NTRU])
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS"
Use ntru functions from stable libntruencrypt api ntru_crypto_external_drbg_instantiate has been renamed to ntru_crypto_drbg_external_instantiate in the 1.0.0 release of libntruencrypt. Made various other small changes to build against libntruencrypt.
2015-07-16 22:43:50 +03:00
LIBS="$LIBS -lntruencrypt"
1.8.8 init
2011-02-05 22:14:47 +03:00
Use ntru functions from stable libntruencrypt api ntru_crypto_external_drbg_instantiate has been renamed to ntru_crypto_drbg_external_instantiate in the 1.0.0 release of libntruencrypt. Made various other small changes to build against libntruencrypt.
2015-07-16 22:43:50 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$ntru_linked" = "xno" ; then
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
if test "x$withval" != "xno" ; then
tryntrudir=$withval
fi
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
tryntrudir="/usr"
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryntrudir/lib"
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
Use ntru functions from stable libntruencrypt api ntru_crypto_external_drbg_instantiate has been renamed to ntru_crypto_drbg_external_instantiate in the 1.0.0 release of libntruencrypt. Made various other small changes to build against libntruencrypt.
2015-07-16 22:43:50 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$ntru_linked" = "xno" ; then
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
AC_MSG_ERROR([NTRU isn't found.
If it's already installed, specify its path using --with-ntru=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
else
AC_MSG_RESULT([yes])
fi
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS"
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
ENABLED_NTRU="yes"
]
)
1.8.8 init
2011-02-05 22:14:47 +03:00
detect configure time build mismatches
2011-06-07 20:02:36 +04:00
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
# QSH
AC_ARG_ENABLE([qsh],
[AS_HELP_STRING([--enable-qsh],[Enable QSH (default: disabled)])],
[ ENABLED_QSH=$enableval ],
[ ENABLED_QSH=no ]
)
if test "x$ENABLED_QSH" = "xyes"
then
if test "x$ENABLED_NTRU" = "xno"
then
AC_MSG_ERROR([cannot enable qsh without NTRU])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_QSH"
fi
add Whitewood netRandom client library support
2016-05-06 00:31:25 +03:00
# Whitewood netRandom client library
ENABLED_WNR="no"
trywnrdir=""
AC_ARG_WITH([wnr],
[AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
[
AC_MSG_CHECKING([for Whitewood netRandom])
CPPFLAGS="$CPPFLAGS -DHAVE_WNR"
LIBS="$LIBS -lwnr"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$wnr_linked" = "xno" ; then
add Whitewood netRandom client library support
2016-05-06 00:31:25 +03:00
if test "x$withval" != "xno" ; then
trywnrdir=$withval
fi
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
add Whitewood netRandom client library support
2016-05-06 00:31:25 +03:00
trywnrdir="/usr/local"
fi
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
CPPFLAGS="$CPPFLAGS -I$trywnrdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$wnr_linked" = "xno" ; then
add Whitewood netRandom client library support
2016-05-06 00:31:25 +03:00
AC_MSG_ERROR([Whitewood netRandom isn't found.
If it's already installed, specify its path using --with-wnr=/dir/])
fi
AC_MSG_RESULT([yes])
AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
else
AC_MSG_RESULT([yes])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
ENABLED_WNR="yes"
]
)
merge in sni
2013-05-22 01:37:50 +04:00
# SNI
AC_ARG_ENABLE([sni],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-sni],[Enable SNI (default: disabled)])],
merge in sni
2013-05-22 01:37:50 +04:00
[ ENABLED_SNI=$enableval ],
[ ENABLED_SNI=no ]
)
if test "x$ENABLED_SNI" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
fi
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
# Maximum Fragment Length
AC_ARG_ENABLE([maxfragment],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])],
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
[ ENABLED_MAX_FRAGMENT=$enableval ],
[ ENABLED_MAX_FRAGMENT=no ]
)
fix alpn example client merge command options
2015-10-14 01:00:53 +03:00
# ALPN
AC_ARG_ENABLE([alpn],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])],
fix alpn example client merge command options
2015-10-14 01:00:53 +03:00
[ ENABLED_ALPN=$enableval ],
[ ENABLED_ALPN=no ]
)
if test "x$ENABLED_ALPN" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
fi
# Maximum Fragment Length
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
fi
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 19:05:59 +03:00
# Trusted CA Indication Extension
AC_ARG_ENABLE([trustedca],
[AS_HELP_STRING([--enable-trustedca],[Enable Trusted CA Indication (default: disabled)])],
[ ENABLED_TRUSTED_CA=$enableval ],[ ENABLED_TRUSTED_CA=no ])
AS_IF([test "x$ENABLED_TRUSTED_CA" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUSTED_CA"])
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 22:42:43 +04:00
# Truncated HMAC
AC_ARG_ENABLE([truncatedhmac],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])],
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 22:42:43 +04:00
[ ENABLED_TRUNCATED_HMAC=$enableval ],
[ ENABLED_TRUNCATED_HMAC=no ]
)
if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
fi
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
# Renegotiation Indication - (FAKE Secure Renegotiation)
added renegotiation indication SCSV sending on client hello.
2014-01-21 18:36:06 +04:00
AC_ARG_ENABLE([renegotiation-indication],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])],
added renegotiation indication SCSV sending on client hello.
2014-01-21 18:36:06 +04:00
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
[ ENABLED_RENEGOTIATION_INDICATION=no ]
)
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
fix hello_request processing w/ mac-verify at upper layer
2014-09-06 01:29:18 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
added renegotiation indication SCSV sending on client hello.
2014-01-21 18:36:06 +04:00
fi
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
# Secure Renegotiation
AC_ARG_ENABLE([secure-renegotiation],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
[ ENABLED_SECURE_RENEGOTIATION=$enableval ],
[ ENABLED_SECURE_RENEGOTIATION=no ]
)
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
then
don't allow scr and fake indication together
2014-10-02 21:18:11 +04:00
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
then
AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
fi
Server Side Secure Renegotiation 1. Add the server side renegotiation flag to the secure renegotiation option. 2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled. 3. Fix the server's reaction to the client sending the SCR extension.
2018-11-28 04:33:49 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions. Adds SecureRenegotiation functions
2014-09-17 03:33:17 +04:00
fi
Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion.
2014-02-03 23:11:57 +04:00
# Supported Elliptic Curves Extensions
AC_ARG_ENABLE([supportedcurves],
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
[AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
[ENABLED_SUPPORTED_CURVES=$enableval],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[ENABLED_SUPPORTED_CURVES=yes])
added Elliptic Curves Extensions implementation and configuration.
2013-08-26 19:44:50 +04:00
Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion.
2014-02-03 23:11:57 +04:00
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
added Elliptic Curves Extensions implementation and configuration.
2013-08-26 19:44:50 +04:00
then
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 03:20:18 +03:00
AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno"],
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
[ENABLED_SUPPORTED_CURVES=no],
[AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
added Elliptic Curves Extensions implementation and configuration.
2013-08-26 19:44:50 +04:00
fi
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support. Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS 1.3 already. On by default - no checking of prime required. Add option to require client to see FFDHE parameters from server as per 'may' requirements in RFC 7919. Change TLS 1.3 ClientHello and ServerHello parsing to find the SupportedVersions extension first and process it. Then it can handle other extensions knowing which protocol we are using.
2019-02-18 03:57:12 +03:00
# Diffie-Hellman
if test "$ENABLED_DH" = "yes"
then
if test "$ENABLED_TLS13" = "yes" || test "$ENABLED_SUPPORTED_CURVES" = "yes"
then
AM_CFLAGS="-DHAVE_FFDHE_2048 $AM_CFLAGS"
fi
fi
# FFDHE parameters only
AC_ARG_ENABLE([ffdhe-only],
[AS_HELP_STRING([--enable-ffdhe-only],[Enable using only FFDHE in client (default: disabled)])],
[ ENABLED_FFDHE_ONLY=$enableval ],
[ ENABLED_FFDHE_ONLY=no ]
)
if test "x$ENABLED_FFDHE_ONLY" = "xyes"
then
if test "$ENABLED_DH" = "no"
then
AC_MSG_ERROR([FFDHE only support requires DH support])
fi
if test "$ENABLED_SUPPORTED_CURVES" = "no"
then
AC_MSG_ERROR([FFDHE only support requires Supported Curves extension])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
fi
fix TURN_ON mask adds --enable-session-ticket configure option
2014-09-29 23:43:28 +04:00
# Session Ticket Extension
AC_ARG_ENABLE([session-ticket],
cleanup some configure help text
2015-03-12 22:25:39 +03:00
[AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
fix TURN_ON mask adds --enable-session-ticket configure option
2014-09-29 23:43:28 +04:00
[ ENABLED_SESSION_TICKET=$enableval ],
[ ENABLED_SESSION_TICKET=no ]
)
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_SESSION_TICKET=yes
fi
fix TURN_ON mask adds --enable-session-ticket configure option
2014-09-29 23:43:28 +04:00
if test "x$ENABLED_SESSION_TICKET" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
fi
initial extended master secret support
2016-09-02 00:12:54 +03:00
# Extended Master Secret Extension
AC_ARG_ENABLE([extended-master],
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-10 09:16:52 +03:00
[AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
initial extended master secret support
2016-09-02 00:12:54 +03:00
[ ENABLED_EXTENDED_MASTER=$enableval ],
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-10 09:16:52 +03:00
[ ENABLED_EXTENDED_MASTER=yes ]
initial extended master secret support
2016-09-02 00:12:54 +03:00
)
if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
then
Revising the Extended Master Secret support. Removing the dynamic TLSX support for the extention and treating it like the Signature and Hash algorithms extension. It is to be enabled by default and the user can turn it off at run time or build time.
2016-09-10 09:16:52 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
initial extended master secret support
2016-09-02 00:12:54 +03:00
fi
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
# TLS Extensions
AC_ARG_ENABLE([tlsx],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])],
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
[ ENABLED_TLSX=$enableval ],
[ ENABLED_TLSX=no ]
)
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
then
ENABLED_TLSX=yes
fi
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
if test "x$ENABLED_TLSX" = "xyes"
then
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
ENABLED_SNI=yes
ENABLED_MAX_FRAGMENT=yes
ENABLED_TRUNCATED_HMAC=yes
ENABLED_ALPN=yes
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 19:05:59 +03:00
ENABLED_TRUSTED_CA=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
# Check the ECC supported curves prereq
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 03:20:18 +03:00
AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes"],
1. Enable the extension ECC Supported Curves by default. 2. Force the extention disabled if ECC is disabled.
2016-09-16 23:26:56 +03:00
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
added: - max fragment length extension; - CyaSSL_SNI_GetRequest() to get client's request at server side; - Automated tests for SNI;
2013-06-19 22:45:06 +04:00
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
TLS v1.3 0-RTT
2017-06-19 04:37:10 +03:00
# Early Data handshake in TLS v1.3 and above
AC_ARG_ENABLE([earlydata],
[AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])],
Updates from code review
2017-06-22 05:40:41 +03:00
[ ENABLED_TLS13_EARLY_DATA=$enableval ],
[ ENABLED_TLS13_EARLY_DATA=no ]
TLS v1.3 0-RTT
2017-06-19 04:37:10 +03:00
)
Make grouping EarlyData and ClientHello a configuration option
2018-09-03 01:48:28 +03:00
if test "$ENABLED_TLS13_EARLY_DATA" = "group"
then
ENABLED_TLS13_EARLY_DATA="yes"
# Group EarlyData with ClientHello
AM_CFLAGS="-DWOLFSSL_EARLY_DATA_GROUP $AM_CFLAGS"
fi
Updates from code review
2017-06-22 05:40:41 +03:00
if test "$ENABLED_TLS13_EARLY_DATA" = "yes"
TLS v1.3 0-RTT
2017-06-19 04:37:10 +03:00
then
if test "x$ENABLED_TLS13" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling tls13.])
fi
if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno"
then
AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
fi
AM_CFLAGS="-DWOLFSSL_EARLY_DATA $AM_CFLAGS"
fi
Fixes to work when compiled with TLS 1.3 only TLS 1.3 Early Data can be used with PSK and not session tickets. If only TLS 1.3 and no session tickets then no resumption. External sites don't support TLS 1.3 yet.
2018-08-28 08:37:15 +03:00
if test "$ENABLED_TLSV12" = "no" && test "$ENABLED_TLS13" = "yes" && test "x$ENABLED_SESSION_TICKET" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE"
fi
TLS v1.3 0-RTT
2017-06-19 04:37:10 +03:00
Make grouping EarlyData and ClientHello a configuration option
2018-09-03 01:48:28 +03:00
fix --enable-pkcs7 configure.ac
2014-01-11 03:11:17 +04:00
# PKCS7
initial PKCS#7 stubs, tie into ./configure
2014-01-11 02:17:03 +04:00
AC_ARG_ENABLE([pkcs7],
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
[AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
initial PKCS#7 stubs, tie into ./configure
2014-01-11 02:17:03 +04:00
[ ENABLED_PKCS7=$enableval ],
fix --enable-pkcs7 configure.ac
2014-01-11 03:11:17 +04:00
[ ENABLED_PKCS7=no ],
initial PKCS#7 stubs, tie into ./configure
2014-01-11 02:17:03 +04:00
)
1. Bumped release version in configure.ac. 2. Added enable option for SCEP. Enables prereqs. 3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 23:35:43 +04:00
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
# wolfSSH Options
AC_ARG_ENABLE([ssh],
[AS_HELP_STRING([--enable-ssh],[Enable wolfSSH options (default: disabled)])],
[ ENABLED_WOLFSSH=$enableval ],
[ ENABLED_WOLFSSH=no ]
)
1. Bumped release version in configure.ac. 2. Added enable option for SCEP. Enables prereqs. 3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 23:35:43 +04:00
# Simple Certificate Enrollment Protocol (SCEP)
AC_ARG_ENABLE([scep],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])],
1. Bumped release version in configure.ac. 2. Added enable option for SCEP. Enables prereqs. 3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 23:35:43 +04:00
[ ENABLED_WOLFSCEP=$enableval ],
[ ENABLED_WOLFSCEP=no ]
)
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Secure Remote Password
AC_ARG_ENABLE([srp],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])],
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
[ ENABLED_SRP=$enableval ],
[ ENABLED_SRP=no ]
)
if test "x$ENABLED_SRP" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
Support indefinite length BER encodings in PKCS #7
2018-02-19 06:40:18 +03:00
# Indefinite length encoded BER message support
AC_ARG_ENABLE([indef],
[AS_HELP_STRING([--enable-indef],[Enable parsing of indefinite length encoded msgs (default: disabled)])],
[ ENABLED_BER_INDEF=$enableval ],
[ ENABLED_BER_INDEF=no ]
)
if test "x$ENABLED_BER_INDEF" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
Add configure option to cache when using small stack
2018-07-17 02:36:49 +03:00
# Small Stack - Cache on object
AC_ARG_ENABLE([smallstackcache],
[AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])],
[ ENABLED_SMALL_STACK_CACHE=$enableval ],
[ ENABLED_SMALL_STACK_CACHE=no ]
)
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK_CACHE"
fi
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
# Small Stack
AC_ARG_ENABLE([smallstack],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])],
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
[ ENABLED_SMALL_STACK=$enableval ],
Making small stack usage disabled by default
2014-05-12 15:34:19 +04:00
[ ENABLED_SMALL_STACK=no ]
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
)
Add configure option to cache when using small stack
2018-07-17 02:36:49 +03:00
if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
then
ENABLED_SMALL_STACK=yes
fi
CYASSL_SMALL_STACK build option (default enabled)
2014-04-16 20:25:51 +04:00
if test "x$ENABLED_SMALL_STACK" = "xyes"
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
blake2b: blake2b_init_key and blake2b_compress refactory to reduce stack usage: (384 bytes - pointer sizes) moved to the heap. --- block variable moved to the heap; (128 bytes) --- m and w variables moved to the heap; (256 bytes) --- chain of dependency updated to propagate the error.
2014-04-15 19:46:43 +04:00
fi
add enable-valgrind
2012-12-05 09:28:18 +04:00
#valgrind
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([valgrind],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])],
add enable-valgrind
2012-12-05 09:28:18 +04:00
[ ENABLED_VALGRIND=$enableval ],
[ ENABLED_VALGRIND=no ]
)
if test "$ENABLED_VALGRIND" = "yes"
then
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
add enable-valgrind
2012-12-05 09:28:18 +04:00
fix valgrind prog check, catch more failures
2013-05-17 03:20:51 +04:00
if test "$HAVE_VALGRIND" = "no"
then
add enable-valgrind
2012-12-05 09:28:18 +04:00
AC_MSG_ERROR([Valgrind not found.])
fi
enable_shared=no
configure switch to enable_static on if shared off when hardsetting for valgrind or cavium
2013-03-28 02:17:21 +04:00
enable_static=yes
don't output debug messages in testsuite if valgrind on
2013-01-05 03:52:46 +04:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
add enable-valgrind
2012-12-05 09:28:18 +04:00
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Test certs, use internal cert functions for extra testing
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([testcert],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])],
fix asn public interface, some potential collisions
2011-06-04 00:01:45 +04:00
[ ENABLED_TESTCERT=$enableval ],
[ ENABLED_TESTCERT=no ]
)
if test "$ENABLED_TESTCERT" = "yes"
then
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
fix asn public interface, some potential collisions
2011-06-04 00:01:45 +04:00
fi
add enable-iopool , simple I/O pool example using memory overrides
2014-03-14 05:54:51 +04:00
# I/O Pool, an example to show user how to override memory handler and use
# a pool for the input/output buffer requests
AC_ARG_ENABLE([iopool],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])],
add enable-iopool , simple I/O pool example using memory overrides
2014-03-14 05:54:51 +04:00
[ ENABLED_IOPOOL=$enableval ],
[ ENABLED_IOPOOL=no ]
)
if test "$ENABLED_IOPOOL" = "yes"
then
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Certificate Service Support
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
AC_ARG_ENABLE([certservice],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
[ ENABLED_CERT_SERVICE=$enableval ],
[ ENABLED_CERT_SERVICE=no ]
)
if test "$ENABLED_CERT_SERVICE" = "yes"
then
add to certservice requirements
2014-02-13 20:53:12 +04:00
# Requires ecc,certgen, and opensslextra make sure on
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
fi
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
add to certservice requirements
2014-02-13 20:53:12 +04:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
configure.ac updates
2014-12-31 23:04:03 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
add enable-certservice, ease of use
2014-02-12 01:08:12 +04:00
fi
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
# wolfSSL JNI
AC_ARG_ENABLE([jni],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])],
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
[ ENABLED_JNI=$enableval ],
[ ENABLED_JNI=no ]
)
if test "$ENABLED_JNI" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
# Enable prereqs if not already enabled
if test "x$ENABLED_DTLS" = "xno"
then
ENABLED_DTLS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
fi
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
fi
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
Fixes for building with CRL monitor when not linux, OS X or FreeBSD and --enable-distro set. Cleanup of the crl.c HAVE_CRL_MONITOR checks for OS and make sure if StopMonitor preprocessor is defined the function will also be defined.
2016-12-07 18:07:27 +03:00
if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
then
ENABLED_CRL_MONITOR="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
fi
if test "x$ENABLED_SAVESESSION" = "xno"
then
ENABLED_SAVESESSION="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
fi
if test "x$ENABLED_SAVECERT" = "xno"
then
ENABLED_SAVECERT="yes"
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
fi
if test "x$ENABLED_ATOMICUSER" = "xno"
then
ENABLED_ATOMICUSER="yes"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
fi
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_ECC="yes"
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
fi
if test "x$ENABLED_PKCALLBACKS" = "xno"
then
ENABLED_PKCALLBACKS="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
fi
if test "x$ENABLED_DH" = "xno"
then
ENABLED_DH="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
fi
if test "x$ENABLED_PSK" = "xno"
then
ENABLED_PSK="yes"
fi
add certgen and certext to jni, add get timeout function
2019-03-06 23:28:53 +03:00
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
Update --enable-jni to enable PSK, define WOLFSSL_JNI
2015-10-15 22:27:43 +03:00
fi
add enable lighty
2015-07-09 18:14:33 +03:00
# lighty Support
AC_ARG_ENABLE([lighty],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
add enable lighty
2015-07-09 18:14:33 +03:00
[ ENABLED_LIGHTY=$enableval ],
[ ENABLED_LIGHTY=no ]
)
if test "$ENABLED_LIGHTY" = "yes"
then
# Requires opensslextra make sure on
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
add enable lighty
2015-07-09 18:14:33 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
fi
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
if test "$ENABLED_NGINX" = "yes"
then
Fix support for OCSP and Nginx Store DER copy of CA certificate with signer when WOLFSSL_SIGNER_DER_CERT is defined. Keep the bad issuer error for later when compiling for OpenSSL compatability. Authority Info string needs to be passed back with a nul terminator.
2018-06-25 08:24:40 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX -DWOLFSSL_SIGNER_DER_CERT"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
fi
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
if test "$ENABLED_HAPROXY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY"
# Requires opensslextra make sure on
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
if test "$ENABLED_SIGNAL" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL"
# Requires opensslextra make sure on
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
fi
Fix for Lighttpd 1.4.49, which requires `HAVE_EX_DATA`.
2018-09-26 01:14:57 +03:00
if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
Grouped HAPROXY compatibility into WOLFSSL_HAPROXY flag now haproxy compatible wolfssl builds with: ./configure --prefix=/usr --sysconfdir=/etc --disable-fastmath \ iam * ] 2:18 PM --disable-fasthugemath --disable-bump \ --enable-opensslextra \ --enable-keygen --enable-certgen \ --disable-ntru --disable-examples \ --enable-tlsx --enable-haproxy \ --enable-savecert --enable-savesession --enable-sessioncerts \ --enable-webserver --enable-sslv3 --enable-stunnel
2017-04-11 15:18:41 +03:00
then
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
Fixes required after logging changes to master.
2017-02-09 09:28:32 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
fi
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
# Asio Support
AC_ARG_ENABLE([asio],
[AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])],
[ ENABLED_ASIO=$enableval ],
[ ENABLED_ASIO=no ]
)
if test "$ENABLED_ASIO" = "yes"
then
Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable `shutdown`. Fix for the side size in Options struct to support `WOLFSSL_SIDE_NEITHER` (3). Fix to set the side on wolfSS_connect() or wolfSS_accept().
2018-08-02 05:45:09 +03:00
# Requires opensslextra and opensslall
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
ENABLED_OPENSSLALL="yes"
Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable `shutdown`. Fix for the side size in Options struct to support `WOLFSSL_SIDE_NEITHER` (3). Fix to set the side on wolfSS_connect() or wolfSS_accept().
2018-08-02 05:45:09 +03:00
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS"
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
fi
websocketpp compat. addition, add new define for asio
2018-07-18 21:09:12 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN"
Fixes for asio build options (so includes OPENSSL_EXTRA). Fix for bad named variable `shutdown`. Fix for the side size in Options struct to support `WOLFSSL_SIDE_NEITHER` (3). Fix to set the side on wolfSS_connect() or wolfSS_accept().
2018-08-02 05:45:09 +03:00
AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA"
Added different tls version support for asio
2018-07-12 20:59:58 +03:00
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2 -DSSL_TXT_TLSV1_1"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3"
if test "$ENABLED_TLSV10" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1"
fi
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
fi
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
# stunnel Support
AC_ARG_ENABLE([stunnel],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])],
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
[ ENABLED_STUNNEL=$enableval ],
[ ENABLED_STUNNEL=no ]
)
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
if test "$ENABLED_WPAS" = "yes"
then
ENABLED_STUNNEL="yes"
fi
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
if test "$ENABLED_STUNNEL" = "yes"
then
# Requires opensslextra make sure on
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
then
ENABLED_OPENSSLEXTRA="yes"
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
fi
Adding sni to mimic openssl functionality
2015-08-12 19:10:30 +03:00
# Requires OCSP make sure on
if test "x$ENABLED_OCSP" = "xno"
then
ENABLED_OCSP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
fi
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
# Requires coding make sure on
if test "x$ENABLED_CODING" = "xno"
then
ENABLED_CODING="yes"
fi
# Requires sessioncerts make sure on
if test "x$ENABLED_SESSIONCERTS" = "xno"
then
ENABLED_SESSIONCERTS="yes"
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
fi
merge pull request 96
2015-07-17 02:46:37 +03:00
# Requires crls, make sure on
if test "x$ENABLED_CRL" = "xno"
then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
Stunnel needs sni and tlsext
2015-08-13 05:38:51 +03:00
stunnel 5.36 requires des3. Enable by default
2016-10-05 22:17:26 +03:00
# Requires DES3, make sure on
if test "x$ENABLED_DES3" = "xno"
then
ENABLED_DES3="yes"
fi
Stunnel needs sni and tlsext
2015-08-13 05:38:51 +03:00
# Requires tlsx, make sure on
if test "x$ENABLED_TLSX" = "xno"
then
ENABLED_TLSX="yes"
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 19:44:14 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
# Check the ECC supported curves prereq
Changes to build with X25519 and Ed25519 only Allows configurations without RSA, DH and ECC but with Curve25519 algorithms to work with SSL/TLS using X25519 key exchange and Ed25519 certificates. Fix Ed25519 code to call wc_Sha512Free(). Add certificates to test.h and fix examples to use them.
2018-07-23 03:20:18 +03:00
AS_IF([test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_CURVE25519" = "xyes"],
Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX.
2017-06-13 19:44:14 +03:00
[ENABLED_SUPPORTED_CURVES=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
Stunnel needs sni and tlsext
2015-08-13 05:38:51 +03:00
fi
turn on ecc with Stunnel
2015-08-28 02:44:55 +03:00
# Requires ecc make sure on
if test "x$ENABLED_ECC" = "xno"
then
ENABLED_OPENSSLEXTRA="yes"
enable ecc with stunnel
2015-10-12 18:25:54 +03:00
ENABLED_ECC="yes"
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Added configure "--disable-eccshamir" option.
2016-05-05 09:14:30 +03:00
if test "$ENABLED_ECC_SHAMIR" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
fi
turn on ecc with Stunnel
2015-08-28 02:44:55 +03:00
fi
Adding sni to mimic openssl functionality
2015-08-12 19:10:30 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
fi
Turns on PSK when compiling for stunnel
2015-08-27 20:05:29 +03:00
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
&& test "x$ENABLED_STUNNEL" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
fi
if test "$ENABLED_PSK" = "no" && \
(test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
then
ENABLED_PSK=yes
fi
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
# MD4
AC_ARG_ENABLE([md4],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
Stunnel Base Commit
2015-07-14 23:56:26 +03:00
[ ENABLED_MD4=$enableval ],
[ ENABLED_MD4=no ]
)
if test "$ENABLED_MD4" = "no"
then
#turn on MD4 if using stunnel
if test "x$ENABLED_STUNNEL" = "xyes"
then
ENABLED_MD4="yes"
else
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
fi
fi
add enable lighty
2015-07-09 18:14:33 +03:00
Fixes for various build configurations. Added `--enable-enckeys` option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN `CryptKey` function to wc_encrypt.c as `wc_CryptKey`. Fixup some missing heap args on XMALLOC/XFREE in asn.c.
2018-03-31 01:48:15 +03:00
# Encrypted keys
AC_ARG_ENABLE([enckeys],
[AS_HELP_STRING([--enable-enckeys],[Enable PEM encrypted private key support (default: disabled)])],
[ ENABLED_ENCKEYS=$enableval ],
[ ENABLED_ENCKEYS=no ]
)
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
then
ENABLED_ENCKEYS=yes
fi
if test "$ENABLED_ENCKEYS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ENCRYPTED_KEYS"
fi
move pwdbased lower in config for openssl manual sets
2015-02-16 20:54:55 +03:00
# PWDBASED has to come after certservice since we want it on w/o explicit on
# PWDBASED
AC_ARG_ENABLE([pwdbased],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
move pwdbased lower in config for openssl manual sets
2015-02-16 20:54:55 +03:00
[ ENABLED_PWDBASED=$enableval ],
[ ENABLED_PWDBASED=no ]
)
if test "$ENABLED_PWDBASED" = "no"
then
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes"
move pwdbased lower in config for openssl manual sets
2015-02-16 20:54:55 +03:00
then
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
# opensslextra, opensslall, webserver, and enckeys needs pwdbased
move pwdbased lower in config for openssl manual sets
2015-02-16 20:54:55 +03:00
ENABLED_PWDBASED=yes
else
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
fi
fi
Implementation of scrypt Tests and benchmarking added. Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 09:47:54 +03:00
AC_ARG_ENABLE([scrypt],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])],
Implementation of scrypt Tests and benchmarking added. Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 09:47:54 +03:00
[ ENABLED_SCRYPT=$enableval ],
[ ENABLED_SCRYPT=no ]
)
if test "$ENABLED_SCRYPT" = "yes"
then
if test "$ENABLED_PWDBASED" = "no"
then
AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
fi
add --enable-cryptonly build option
2015-09-11 02:24:25 +03:00
# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])
if test "$ENABLED_CRYPTONLY" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
fi
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
if test "x$ENABLED_CRYPTONLY" = "xno"
then
if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please enable psk if disabling asn.])
fi
if test "x$ENABLED_ECC" = "xyes" && test "x$ENABLED_ASN" = "xno"
then
AC_MSG_ERROR([please disable ecc if disabling asn.])
fi
inital AES-CBC with af_alg progress on AES-GCM with AF_ALG and add SHA256 add aes-gcm test cases and finish logic of aes-gcm with AF_ALG formating of tabs and white space add files to dist adding ecb and ctr mode with af_alg make length of buffers for ctr be AES_BLOCK_SIZE formating and add support for sha256 copy/gethash sanity checks on arguments cast return values and valgrind tests make it easier to use sha256 with af_alg remove hard tabs add endif for after rebase
2018-07-19 02:26:25 +03:00
if test "$ENABLED_AFALG" = "yes"
then
# for TLS connections the intermediate hash needs to store buffer
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH_KEEP"
fi
crypto only sha256 cryptodev formating and refactoring update configure for devcrypto add AES algorithms to cyrptodev port increase structure size for compatibility AES with cryptodev add wc_devcrypto.h to install path
2018-08-17 18:46:16 +03:00
if test "$ENABLED_DEVCRYPTO" = "yes"
then
# for TLS connections the intermediate hash needs to store buffer
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH_KEEP"
fi
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
fi
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
# set fastmath default
FASTMATH_DEFAULT=no
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
then
Configure options to allow stunnel to use fastmath
2015-07-18 00:05:04 +03:00
FASTMATH_DEFAULT=yes
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
fi
Allow a very small build based on SHA-256 and RSA verify
2018-12-06 10:27:10 +03:00
if test "$ENABLED_SP_MATH" = "yes"
then
FASTMATH_DEFAULT=no
fi
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
# fastmath
AC_ARG_ENABLE([fastmath],
Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default.
2018-03-07 20:41:07 +03:00
[AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: enabled on x86_64/aarch64)])],
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
[ ENABLED_FASTMATH=$enableval ],
only have fastmath on by default on x86_64
2013-07-01 23:10:59 +04:00
[ ENABLED_FASTMATH=$FASTMATH_DEFAULT]
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
)
if test "x$ENABLED_FASTMATH" = "xyes"
then
Updated the configure.ac comments about big int being used for ECC and DH. Moved the checks for ecc/asn and psk/asn until after cryptonly value is set and fixed so those checks work for normal build and are excluded for crypt only builds.
2016-02-11 00:03:53 +03:00
# turn off fastmth if leanpsk on or asn off (w/o DH and ECC)
change autconf system to default to fastmath now
2013-03-19 02:32:04 +04:00
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
then
Allow a very small build based on SHA-256 and RSA verify
2018-12-06 10:27:10 +03:00
if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
allow dh to be used w/o certs and asn
2015-03-28 00:28:05 +03:00
then
ENABLED_FASTMATH=no
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
change autconf system to default to fastmath now
2013-03-19 02:32:04 +04:00
else
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
on x86_64 enable sha512, ecc, and increase max_bits by default
2015-03-31 23:28:49 +03:00
if test "$host_cpu" = "x86_64"
then
# Have settings.h set FP_MAX_BITS higher if user didn't set directly
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
fi
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
fi
# fast HUGE math
AC_ARG_ENABLE([fasthugemath],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
make sure no asn doesn't build big int
2013-03-13 02:14:03 +04:00
[ ENABLED_FASTHUGEMATH=$enableval ],
[ ENABLED_FASTHUGEMATH=no ]
)
if test "$ENABLED_BUMP" = "yes"
then
ENABLED_FASTHUGEMATH="yes"
fi
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
ENABLED_FASTMATH="yes"
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
ENABLED_SLOWMATH="no"
fi
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
# Enable Examples, used to disable examples
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_ENABLE([examples],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
[ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ]
)
switch --enable-noFilesystem to --enable-filesystem / --disable-filesystem to match others
2013-03-13 23:14:05 +04:00
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
switch --enable-noInline to enable/disable-inline to match all others
2013-03-13 23:25:34 +04:00
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
add --enable-cryptonly build option
2015-09-11 02:24:25 +03:00
AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
Autoconf Update Consolidate all the AM_CONDITIONAL statements in one place in the configure process. This replaces the set of repeat checks of enable flags to conditionally check the AM_CONDITIONAL.
2019-06-20 23:37:53 +03:00
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Also made sure use of both NO_CRYPT_BENCHMARK and NO_CRYPT_TEST in "./configure CFLAGS=-D" scenario work correctly.
2016-02-04 23:06:24 +03:00
# Enable wolfCrypt test and benchmark
AC_ARG_ENABLE([crypttests],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])],
Fixes for disabling the crypt test and benchmark. Added new "./configure --disable-crypttests" option. Also made sure use of both NO_CRYPT_BENCHMARK and NO_CRYPT_TEST in "./configure CFLAGS=-D" scenario work correctly.
2016-02-04 23:06:24 +03:00
[ ENABLED_CRYPT_TESTS=$enableval ],
[ ENABLED_CRYPT_TESTS=yes ]
)
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
# LIBZ
add macpi huffman
2013-03-21 01:37:05 +04:00
ENABLED_LIBZ="no"
1.8.8 init
2011-02-05 22:14:47 +03:00
trylibzdir=""
fix configure.ac quoting
2012-12-13 02:33:21 +04:00
AC_ARG_WITH([libz],
1.8.8 init
2011-02-05 22:14:47 +03:00
[ --with-libz=PATH PATH to libz install (default /usr/) ],
[
AC_MSG_CHECKING([for libz])
CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
LIBS="$LIBS -lz"
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
1.8.8 init
2011-02-05 22:14:47 +03:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$libz_linked" = "xno" ; then
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "x$withval" != "xno" ; then
trylibzdir=$withval
fi
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
1.8.8 init
2011-02-05 22:14:47 +03:00
trylibzdir="/usr"
fi
Fixes for building against latest CryptoAuthLib. Refactor to eliminate the atcatls function calls, since these have been removed from latest CryptoAuthLib. Cleanup of the slot assignment handling.
2018-09-27 00:16:32 +03:00
LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
1.8.8 init
2011-02-05 22:14:47 +03:00
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
1.8.8 init
2011-02-05 22:14:47 +03:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$libz_linked" = "xno" ; then
1.8.8 init
2011-02-05 22:14:47 +03:00
AC_MSG_ERROR([libz isn't found.
If it's already installed, specify its path using --with-libz=/dir/])
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([yes])
fi
added stubs and a test for ctaocrypt compress
2013-03-20 03:25:58 +04:00
ENABLED_LIBZ="yes"
1.8.8 init
2011-02-05 22:14:47 +03:00
]
)
Support for PKCS#11 Support for RSA, ECDSA and AES-GCM operations.
2018-09-12 01:56:59 +03:00
# PKCS#11
AC_ARG_ENABLE([pkcs11],
[AS_HELP_STRING([--enable-pkcs11],[Enable pkcs11 access (default: disabled)])],
[ ENABLED_PKCS11=$enableval ],
[ ENABLED_PKCS11=no ]
)
if test "x$ENABLED_PKCS11" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11 -DHAVE_WOLF_BIGINT"
LIBS="$LIBS -ldl"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# cavium
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
trycaviumdir=""
AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
LIB_ADD="-lrt $LIB_ADD"
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$cavium_linked" = "xno" ; then
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
fi
AC_MSG_RESULT([yes])
enable_shared=no
enable_static=yes
ENABLED_CAVIUM=yes
],
[ ENABLED_CAVIUM=no ]
)
# cavium V
trycaviumdir=""
AC_ARG_WITH([cavium-v],
[ --with-cavium-v=PATH PATH to Cavium V/software dir ],
[
AC_MSG_CHECKING([for cavium])
Nitrox V fixes and additions: * Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3). * Fixes for Nitrox V with TLS. * ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`. * ECC refactor for `e` and `signK` to use key based pointer for Nitrox V. * Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates. * Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3). * Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin. * Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c. * Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS. * New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 19:14:20 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
LIB_ADD="-lrt -lcrypto $LIB_ADD"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
AC_MSG_ERROR([need a PATH for --with-cavium])
fi
if test "x$withval" != "xno" ; then
trycaviumdir=$withval
fi
Nitrox V fixes and additions: * Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3). * Fixes for Nitrox V with TLS. * ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`. * ECC refactor for `e` and `signK` to use key based pointer for Nitrox V. * Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates. * Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3). * Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin. * Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c. * Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS. * New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 19:14:20 +03:00
AC_CHECK_FILES([$trycaviumdir/lib/libnitrox.a], [AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS"], [ENABLED_CAVIUM_V=no])
LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
Nitrox V fixes and additions: * Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3). * Fixes for Nitrox V with TLS. * ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`. * ECC refactor for `e` and `signK` to use key based pointer for Nitrox V. * Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates. * Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3). * Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin. * Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c. * Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS. * New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 19:14:20 +03:00
if test "$ENABLED_CAVIUM_V" = "no"; then
AC_MSG_ERROR([Could not find Nitrox library])
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
fi
enable_shared=no
enable_static=yes
Nitrox V fixes and additions: * Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3). * Fixes for Nitrox V with TLS. * ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`. * ECC refactor for `e` and `signK` to use key based pointer for Nitrox V. * Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates. * Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3). * Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin. * Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c. * Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS. * New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 19:14:20 +03:00
enable_opensslextra=yes
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
ENABLED_CAVIUM=yes
ENABLED_CAVIUM_V=yes
],
[
ENABLED_CAVIUM_=no
ENABLED_CAVIUM_V=no
initial cavium, crypto only, no rsa
2013-01-30 04:22:49 +04:00
]
)
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
# Intel QuickAssist
QAT_DIR=""
BUILD_INTEL_QAT_VERSION=2
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
AC_ARG_WITH([intelqa],
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
[ --with-intelqa=PATH PATH to Intel QuickAssist (QAT) driver dir ],
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
[
AC_MSG_CHECKING([for intelqa])
CPPFLAGS="$CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
OLD_LIBS="$LIBS"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$withval" = "xyes" ; then
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
AC_MSG_ERROR([need a PATH for --with-intelqa])
fi
if test "x$withval" != "xno" ; then
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
QAT_DIR=$withval
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
fi
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
CPPFLAGS="$CPPFLAGS -I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \
-I$QAT_DIR/quickassist/utilities/osal/src/linux/user_space/include -I$QAT_DIR/quickassist/lookaside/access_layer/include \
-I$QAT_DIR/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel \
-I$QAT_DIR/quickassist/utilities/libusdm_drv"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
Remove remnant debug `-Map` from `--with-intelqa` build option.
2019-03-28 19:55:12 +03:00
LDFLAGS="$LDFLAGS -L$QAT_DIR/build"
Fix for latest QAT v1.7 detection. The qat library requires usdm_drv.
2019-03-22 16:37:14 +03:00
LIBS="$LIBS -lqat_s -lusdm_drv_s"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]], [[ Cpa16U count = 0; cpaCyGetNumInstances(&count); ]])],
[ intelqa_linked=yes ],[ intelqa_linked=no ])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$intelqa_linked" = "xno" ; then
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
# Try old QAT driver libraries
LIBS="$OLD_LIBS -licp_qa_al_s"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]], [[ Cpa16U count = 0; cpaCyGetNumInstances(&count); ]])],
[ intelqa_linked=yes ],[ intelqa_linked=no ])
Fixes for data types, cast warnings and shift operations when using 16-bit platform. Added new `--enable-16bit` build option, which defines `WC_16BIT_CPU`. Fix build error when using `WOLFSSL_LEANPSK` and `NO_WOLFSSL_MEMORY`. Tested using `avr-gcc` version 8.3.0 with: `./configure --host=avr --enable-16bit --disable-filesystem --enable-singlethreaded CFLAGS="-DWOLFSSL_GENSEED_FORTEST -DWOLFSSL_USER_CURRTIME -DWOLFSSL_USER_IO -DWOLFSSL_NO_SOCK -DNO_WRITEV -DUSER_TICKS" --enable-tls13 --enable-compkey --enable-certgen --enable-certext --enable-keygen --enable-session-ticket --enable-maxfragment`. Also with `--enable-fastmath`.
2019-03-02 02:54:08 +03:00
if test "x$intelqa_linked" = "xno" ; then
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
AC_MSG_ERROR([Intel QuickAssist not found.
If it's already installed, specify its path using --with-intelqa=/dir/])
else
BUILD_INTEL_QAT_VERSION=1
fi
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"
fi
AC_MSG_RESULT([yes])
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
if test "x$BUILD_INTEL_QAT_VERSION" == "x1" ; then
LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"
else
Fix for latest QAT v1.7 detection. The qat library requires usdm_drv.
2019-03-22 16:37:14 +03:00
LIB_ADD="-losal -lrt $LIB_ADD"
Fixes for building with the latest QuickAssist v1.7 driver: * Updated `--with-intelqa=` to support detection of QAT driver version and use different .so libs. * Added include and lib reference for new libusdm. * Added `QAT_ENABLE_RNG` option. * Fix for dynamic type spelling error (`DYNAMIC_TYPE_SYMETRIC_KEY` -> `DYNAMIC_TYPE_SYMMETRIC_KEY`). * Fix benchmark output to use "took" not "tooks".
2018-12-04 23:54:11 +03:00
fi
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
ENABLED_INTEL_QA=yes
],
[
ENABLED_INTEL_QA=no
]
)
Autoconf Update Consolidate all the AM_CONDITIONAL statements in one place in the configure process. This replaces the set of repeat checks of enable flags to conditionally check the AM_CONDITIONAL.
2019-06-20 23:37:53 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
Pull out x86_64 ASM into separate files
2019-01-25 05:03:08 +03:00
# Single Precision maths implementation
AC_ARG_ENABLE([sp],
[AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
[ ENABLED_SP=$enableval ],
[ ENABLED_SP=no ],
)
ENABLED_SP_RSA=no
ENABLED_SP_DH=no
ENABLED_SP_ECC=no
for v in `echo $ENABLED_SP | tr "," " "`
do
case $v in
small)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
yes)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
ENABLED_SP_ECC=yes
;;
no)
;;
smallec256 | smallp256 | small256)
ENABLED_SP_ECC=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
;;
ec256 | p256 | 256)
ENABLED_SP_ECC=yes
;;
small2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
2048)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
smallrsa2048)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
rsa2048)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
;;
small3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
3072)
ENABLED_SP_RSA=yes
ENABLED_SP_DH=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
smallrsa3072)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
rsa3072)
ENABLED_SP_RSA=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
;;
*)
AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.])
break;;
esac
done
ENABLED_SP=no
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_RSA"
fi
if test "$ENABLED_DH" = "yes" && test "$ENABLED_SP_DH" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_DH"
fi
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SP_ECC" = "yes"; then
ENABLED_SP=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_ECC"
fi
AC_ARG_ENABLE([sp-asm],
[AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
[ ENABLED_SP_ASM=$enableval ],
[ ENABLED_SP_ASM=no ],
)
if test "$ENABLED_SP_ASM" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
fi
if test "$ENABLED_ASM" = "no"; then
AC_MSG_ERROR([Assembly code turned off])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ASM"
case $host_cpu in
*aarch64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM"
ENABLED_SP_ARM64_ASM=yes
;;
*arm*)
if test $host_alias = "thumb"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM -mthumb -march=armv6"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
ENABLED_SP_ARM_THUMB_ASM=yes
else
if test $host_alias = "cortex"; then
Cortex-M code changed to support IAR compiler
2019-04-08 02:03:50 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM -mcpu=cortex-m4"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
Pull out x86_64 ASM into separate files
2019-01-25 05:03:08 +03:00
ENABLED_SP_ARM_CORTEX_ASM=yes
else
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
ENABLED_SP_ARM32_ASM=yes
fi
fi
;;
*x86_64*)
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM"
AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM"
ENABLED_SP_X86_64_ASM=yes
;;
*)
AC_MSG_ERROR([ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm])
;;
esac
fi
AC_ARG_ENABLE([sp-math],
[AS_HELP_STRING([--enable-sp-math],[Enable Single Precision math implementation only (default: disabled)])],
[ ENABLED_SP_MATH=$enableval ],
[ ENABLED_SP_MATH=no ],
)
if test "$ENABLED_SP_MATH" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled: --enable-sp])
fi
if test "$ENABLED_ECCCUSTCURVES" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and custom curves])
fi
if test "$ENABLED_OPENSSLEXTRA" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and OpenSSL extra])
fi
if test "$ENABLED_DSA" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and DSA])
fi
if test "$ENABLED_SRP" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and SRP])
fi
if test "$ENABLED_SP_RSA" = "no" && test "$ENABLED_RSA" = "yes"; then
AC_MSG_ERROR([Cannot use P256 single precision only math and RSA])
fi
if test "$ENABLED_SP_DH" = "no" && test "$ENABLED_DH" = "yes"; then
AC_MSG_ERROR([Cannot use P256 single precision only math and DH])
fi
fi
if test "$ENABLED_SP_MATH" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH"
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
# Fast RSA using Intel IPP
ippdir="${srcdir}/IPP"
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
ipplib="lib" # if autoconf guesses 32bit system changes lib directory
fastRSA_found=no
abs_path=`pwd`
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
# set up variables used
IPPLIBS=
IPPHEADERS=
IPPLINK=
AC_ARG_ENABLE([fast-rsa],
[AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
[ ENABLED_FAST_RSA=$enableval ],
[ ENABLED_FAST_RSA=no ],
)
if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
ipplib="lib_32" # 32 bit OS detected
fi
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# Use static IPP Libraries
if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
case $host_os in
*darwin*)
ipplib="$ipplib/mac_static"
AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
Dynamic IPP libraries supported on Mac])
break;;
*linux*)
ipplib="$ipplib/linux_static"
break;;
*)
ENABLED_FAST_RSA=no
esac
AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no])
AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
if test "$ENABLED_FAST_RSA" = "no"; then
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
else
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# Check for and use bundled IPP libraries
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_NOTICE([Using local IPP crypto library])
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
AC_CHECK_FILES([$abs_path/IPP/include/ippcp.h],
[
# build and default locations on linux and mac
STORE_LDFLAGS=${LDFLAGS}
STORE_CPPFLAGS=${CPPFLAGS}
# using LDFLAGS instead of AM_ temporarily to test link to library
LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
CPPFLAGS="-I$ippdir/include"
AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
name="$ippdir/$ipplib/libippcp"
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
case $host_os in
*darwin*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.dylib], [
IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
], [fastRSA_found=no])
break;;
*linux*)
# check file existence and conditionally set variables
AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.so.9.0], [
if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
else
IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
fi
], [fastRSA_found=no])
break;;
*)
fastRSA_found=no
esac
if test "$fastRSA_found" = "yes"; then
# was succesfull so add tested LDFLAGS to AM_ flags
AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
IPPHEADERS="${srcdir}/IPP/include/*.h"
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
fi
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# restore LDFLAGS to user set
LDFLAGS=${STORE_LDFLAGS}
CPPFLAGS=${STORE_CPPFLAGS}
], [fastRSA_found=no])
fi
# Don't cache the result so it can be checked
AS_UNSET([ac_cv_header_ippcp_h])
AS_UNSET([ac_cv_header_ipp_h])
AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
# Check link and see if user has pre-existing IPP Libraries if not using local
if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
AC_MSG_NOTICE([Checking if IPP crypto library installed])
AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
[
fastRSA_found=yes
AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
], [ fastRSA_found=no])
], [fastRSA_found=no])
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
# Error out on not finding libraries
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
if test "$fastRSA_found" = "no"; then
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
AC_MSG_ERROR([Could not find fast rsa libraries])
fi
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
fi
fi # end of if for shared library
else # if user rsa is set than do not use fast rsa option
configure error out when not finding libraries with fast-rsa
2015-10-26 22:11:11 +03:00
if test "$ENABLED_FAST_RSA" = "yes"; then
AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
fi
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
fi # end of if for user rsa crypto or fips
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
# End result of checking for IPP Libraries
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
AC_MSG_CHECKING([for fast RSA])
if test "$ENABLED_FAST_RSA" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
# add in user crypto header that uses Intel IPP
AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
if test "$enable_shared" = "yes"; then
perfer local IPP libraries, memory usage and casting
2015-11-30 09:34:58 +03:00
LIBS="$LIBS -lippcore -lippcp"
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
LIB_ADD="-lippcp -lippcore $LIB_ADD"
else
LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
fi
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
AC_SUBST([IPPLIBS])
AC_SUBST([IPPHEADERS])
AC_SUBST([IPPLINK])
add staticmemory feature
2016-03-23 19:21:26 +03:00
# static memory use
AC_ARG_ENABLE([staticmemory],
[AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
[ ENABLED_STATICMEMORY=$enableval ],
[ ENABLED_STATICMEMORY=no ]
)
if test "x$ENABLED_STATICMEMORY" = "xyes"
then
static method func / ocsp callbacks / heap test / alpn free func / remove timing resistant constraint
2016-06-09 20:36:31 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
if test "x$ENABLED_FASTMATH" = "xno"
then
AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
fi
Various improvements for testing Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE. Increase size of replyin client.c so all HTTP reply is displayed. Fix api.c to support only Ed25519 (not RSA and ECC) Fix suites.c to detect when CA for client won't work (Ed25519 only) For Static Memory add debugging and small profile. Also allow realloc to be called with NULL. Add more Ed25519 certs and keys. Fix names of Ed25519 filenames for client and server. Do NOT turn on ECC_SHAMIR by default with lowresource. Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
2019-02-22 10:14:19 +03:00
if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_SMALL"
fi
add staticmemory feature
2016-03-23 19:21:26 +03:00
fi
add macpi huffman
2013-03-21 01:37:05 +04:00
# microchip api
AC_ARG_ENABLE([mcapi],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])],
add macpi huffman
2013-03-21 01:37:05 +04:00
[ ENABLED_MCAPI=$enableval ],
[ ENABLED_MCAPI=no ]
)
if test "$ENABLED_MCAPI" = "yes"
then
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
if test "x$ENABLED_AESCTR" != "xyes"
then
# These flags are already implied by --enable-aesctr
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
fi
add macpi huffman
2013-03-21 01:37:05 +04:00
fi
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
fi
add mcapi ecc with tests
2013-03-22 00:20:23 +04:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
then
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
fi
add macpi huffman
2013-03-21 01:37:05 +04:00
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
then
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
fi
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
# Asynchronous Crypto
AC_ARG_ENABLE([asynccrypt],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])],
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
[ ENABLED_ASYNCCRYPT=$enableval ],
[ ENABLED_ASYNCCRYPT=no ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
Fix to disable the raw `Hmac_UpdateFinal_CT` HMAC calculation for async crypt. Resolves issue using `-v 2 -l ECDHE-RSA-AES128-SHA` with QAT.
2018-12-15 02:13:17 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT -DWOLFSSL_NO_HASH_RAW"
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# if no async hardware then use simulator for testing
if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno"
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
then
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# Async threading is Linux specific
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
fi
fi
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
# check for async if using Intel QuckAssist or Cavium
if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
AC_MSG_ERROR([Please enable enable asynchronous support using --enable-asynccrypt])
fi
fi
# Asynchronous threading
AC_ARG_ENABLE([asyncthreads],
Refactor of the ./configure help to use AS_HELP_STRING.
2017-05-19 20:54:13 +03:00
[AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])],
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
[ ENABLED_ASYNCTHREADS=$enableval ],
[ ENABLED_ASYNCTHREADS=yes ]
)
if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
then
AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
else
ENABLED_ASYNCTHREADS=no
fi
if test "$ENABLED_ASYNCTHREADS" = "yes"
then
LIB_ADD="-lpthread $LIB_ADD"
AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
fi
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
Release Fixes 1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test. 2. Fix the content length in the sample HTTP used by the example server. 3. Disable OCSP stapling in the example server if RSA is disabled. 4. Fix a variable in asn.c that was declared in the middle of its scope. 5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
2019-03-20 21:01:24 +03:00
# cryptodev is old name, replaced with cryptocb
AC_ARG_ENABLE([cryptodev],
[AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])],
[ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ])
Refactor and rename of cryptodev to cryptocb. Refactor API names from `wc_CryptoDev` to use `wc_CryptoCb`. Backwards compatibility is retained for anyone using old `WOLF_CRYPTO_DEV` name. Added comment about fall-through case when CryptoCb return `NOT_COMPILED_IN`.
2019-01-17 22:01:14 +03:00
# Support for crypto callbacks
AC_ARG_ENABLE([cryptocb],
[AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])],
[ ENABLED_CRYPTOCB=$enableval ],
[ ENABLED_CRYPTOCB=no ]
Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option `./configure --enable-cryptodev` or `#define WOLF_CRYPTO_DEV`. Added devId support to PKCS7.
2018-05-21 23:03:49 +03:00
)
Support for PKCS#11 Support for RSA, ECDSA and AES-GCM operations.
2018-09-12 01:56:59 +03:00
if test "x$ENABLED_PKCS11" = "xyes"
then
Refactor and rename of cryptodev to cryptocb. Refactor API names from `wc_CryptoDev` to use `wc_CryptoCb`. Backwards compatibility is retained for anyone using old `WOLF_CRYPTO_DEV` name. Added comment about fall-through case when CryptoCb return `NOT_COMPILED_IN`.
2019-01-17 22:01:14 +03:00
ENABLED_CRYPTOCB=yes
Support for PKCS#11 Support for RSA, ECDSA and AES-GCM operations.
2018-09-12 01:56:59 +03:00
fi
Refactor and rename of cryptodev to cryptocb. Refactor API names from `wc_CryptoDev` to use `wc_CryptoCb`. Backwards compatibility is retained for anyone using old `WOLF_CRYPTO_DEV` name. Added comment about fall-through case when CryptoCb return `NOT_COMPILED_IN`.
2019-01-17 22:01:14 +03:00
if test "$ENABLED_CRYPTOCB" = "yes"
Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option `./configure --enable-cryptodev` or `#define WOLF_CRYPTO_DEV`. Added devId support to PKCS7.
2018-05-21 23:03:49 +03:00
then
Refactor and rename of cryptodev to cryptocb. Refactor API names from `wc_CryptoDev` to use `wc_CryptoCb`. Backwards compatibility is retained for anyone using old `WOLF_CRYPTO_DEV` name. Added comment about fall-through case when CryptoCb return `NOT_COMPILED_IN`.
2019-01-17 22:01:14 +03:00
AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB"
Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option `./configure --enable-cryptodev` or `#define WOLF_CRYPTO_DEV`. Added devId support to PKCS7.
2018-05-21 23:03:49 +03:00
fi
add DTLS session export option
2016-05-10 22:27:45 +03:00
# Session Export
AC_ARG_ENABLE([sessionexport],
[AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
[ ENABLED_SESSIONEXPORT=$enableval ],
[ ENABLED_SESSIONEXPORT=no ]
)
if test "$ENABLED_SESSIONEXPORT" = "yes"
then
if test "$ENABLED_DTLS" = "no"
then
AC_MSG_ERROR([Only DTLS supported with session export])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
fi
add AES key wrap support, RFC 3394
2016-12-06 01:38:42 +03:00
# AES key wrap
AC_ARG_ENABLE([aeskeywrap],
[AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
[ ENABLED_AESKEYWRAP=$enableval ],
[ ENABLED_AESKEYWRAP=no ]
)
FIPS changes and fixups Enable ex data explicitly. Keep the peer cert for verification callback. External session cache for hostapd. Enable DES_ECB when not FIPS. Don't send the peer cert if it is not received from peer. Initialize the peer cert after free as will be freed on tear down of SSL. Allow a server to become a client.
2017-03-30 04:53:35 +03:00
if test "$ENABLED_WPAS" = "yes" && test "$ENABLED_FIPS" = "no"
Changes for WPA Supplicant
2017-02-10 01:45:10 +03:00
then
ENABLED_AESKEYWRAP="yes"
fi
add AES key wrap support, RFC 3394
2016-12-06 01:38:42 +03:00
if test "$ENABLED_AESKEYWRAP" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
# Old name support for backwards compatibility
AC_ARG_ENABLE([oldnames],
[AS_HELP_STRING([--enable-oldnames],[Keep backwards compat with old names (default: enabled)])],
[ ENABLED_OLDNAMES=$enableval ],
[ ENABLED_OLDNAMES=yes ]
)
if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
add NO_OLD_SHA_NAMES macro and add back SHA512, SHA384
2018-05-31 01:10:34 +03:00
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES"
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
fi
Added new build option `--enable-memtest` or `WOLFSSL_FORCE_MALLOC_FAIL_TEST` which enables random malloc failures for testing. This test supresses the `abort()` calls to detect seg faults. A new script `./scripts/memtest.sh` starts the test. If an issue is found it can be reviewed with the `./scripts/memtest.txt` log and reproduced using the seed printed at top of unit test as `--- RNG MALLOC FAIL AT 295---` and rerun using `./tests/unit.test 295`.
2018-07-27 20:16:14 +03:00
# Memory Tests
AC_ARG_ENABLE([memtest],
[AS_HELP_STRING([--enable-memtest],[Memory testing option, for internal use (default: disabled)])],
[ ENABLED_MEMTEST=$enableval ],
[ ENABLED_MEMTEST=no ]
)
if test "x$ENABLED_MEMTEST" != "xno"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DWOLFSSL_FORCE_MALLOC_FAIL_TEST"
fi
Fixes for know wolfSSL build issues in the following cases: * Fixes for building wolfSSL from GitHub sources download, where .git does exist. The autogen.sh still needs to "touch" files for the build to work. * Fix for FIPS case where `wc_RsaSetRNG` is not available. * Added new `./configure --enable-usersettings` option to not populate the Makefile with build options and instead define `WOLFSSL_USER_SETTINGS` and expect a user provided `user_settings.h` file. * Fix for `HAVE___UINT128_T` to match config.h generated value to eliminate warning.
2019-04-30 21:45:48 +03:00
# User Settings
AC_ARG_ENABLE([usersettings],
[AS_HELP_STRING([--enable-usersettings],[Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)])],
[ ENABLED_USERSETTINGS=$enableval ],
[ ENABLED_USERSETTINGS=no ]
)
Configure Update Revise default compiler optimization flags enable name to something more descriptive.
2018-03-28 23:17:25 +03:00
# Default optimization CFLAGS enable
AC_ARG_ENABLE([optflags],
[AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])],
[ ENABLED_OPTFLAGS=$enableval ],
[ ENABLED_OPTFLAGS=yes ]
Configure Update Add a disable option to turn off the default optimization options so the user may set their own in a CFLAGS.
2018-03-28 02:41:39 +03:00
)
automated test for trusted peer certs
2016-03-02 02:35:32 +03:00
# check if should run the trusted peer certs test
update test script, fall back to cert name search, fix der free
2016-03-12 19:37:32 +03:00
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
automated test for trusted peer certs
2016-03-02 02:35:32 +03:00
case $C_EXTRA_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
update test script, fall back to cert name search, fix der free
2016-03-12 19:37:32 +03:00
if test "$have_tp" = "no"; then
case $C_FLAGS in
*WOLFSSL_TRUST_PEER_CERT*)
have_tp=yes
break;;
*)
have_tp=no ;;
esac
fi
automated test for trusted peer certs
2016-03-02 02:35:32 +03:00
Testing improvements for cert gen and TLS cert validation: * Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled. * Added new ECC CA for 384-bit tests. * Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem) * Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL. * Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`. * Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function. * Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack). * Cleanup to combine all certificate subject information into global `certDefaultName`. * Updated cert request info to use wolfSSL instead of Yassl. * Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`. * Re-number error codes in rsa_test. * Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-20 02:17:51 +03:00
# dertermine if we have key validation mechanism
if test "x$ENABLED_ECC" = "xyes" || test "x$ENABLED_RSA" = "xyes"
then
if test "x$ENABLED_ASN" = "xyes"
then
ENABLED_PKI="yes"
fi
fi
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
################################################################################
# Check for build-type conflicts #
################################################################################
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_LEANPSK" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
adds missing ENABLED_OCSP test
2016-02-24 22:45:07 +03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_ASN" = "xno"],
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
[AC_MSG_ERROR([please enable asn if enabling ocsp.])])
adds check for missing rsa and ecc at the same time
2016-02-25 00:57:16 +03:00
AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
autoconf checks on some builds that break, macro for no server, and user rsa
2016-04-06 18:25:53 +03:00
# checks for pkcs7 needed enables
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
Added support for building and using PKCS7 without RSA (assuming ECC is enabled).
2018-04-03 19:26:57 +03:00
test "x$ENABLED_RSA" = "xno" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
autoconf checks on some builds that break, macro for no server, and user rsa
2016-04-06 18:25:53 +03:00
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_SHA" = "xno"],
[AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
PKCS7 and SCEP need either AES or 3DES enabled, error out if not
2017-11-20 23:16:44 +03:00
AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
test "x$ENABLED_AES" = "xno" && \
test "x$ENABLED_DES3" = "xno"],
[AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
autoconf checks on some builds that break, macro for no server, and user rsa
2016-04-06 18:25:53 +03:00
AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
test "x$ENABLED_ECC" = "xno"],
[AC_MSG_ERROR([please enable ecc if enabling leantls.])])
AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
test "x$ENABLED_RSA" = "xno"],
[AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
# Lean TLS forces off prereqs of SCEP.
AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
test "x$ENABLED_LEANTLS" = "xyes"],
[AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
add AES-CMAC
2016-05-24 03:50:36 +03:00
# CMAC currently requires AES.
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
test "x$ENABLED_AES" = "xno"],
[AC_MSG_ERROR([cannot use CMAC without AES.])])
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
################################################################################
# Update CFLAGS based on options #
################################################################################
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
1. Updated sniffer to allow DES3 to be disabled. 2. Fixed an unused variable in OpenSSL Extras when DES3 is disabled. 3. Force DES3 enabled when enabling MCAPI.
2016-09-16 00:53:28 +03:00
AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
[AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
if test "$ENABLED_WOLFSCEP" = "yes"
then
# Enable prereqs if not already enabled
if test "x$ENABLED_KEYGEN" = "xno"
then
ENABLED_KEYGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
fi
if test "x$ENABLED_CERTGEN" = "xno"
then
ENABLED_CERTGEN="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
fi
if test "x$ENABLED_CERTREQ" = "xno"
then
ENABLED_CERTREQ="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
fi
if test "x$ENABLED_CERTEXT" = "xno"
then
ENABLED_CERTEXT="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
fi
if test "x$ENABLED_PKCS7" = "xno"
then
ENABLED_PKCS7="yes"
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
fi
Minimal implementation of MP when using SP. --enable-sp-math to include minimal implementation of MP (only with --enable-sp.) Add futher functionality for ECC (conditionally compiled): - check key - is point on curve - API to add and double projective points - API to map from project to affine - Uncompress point (including sqrt) Some configuration options will not work with SP math - configure.ac detects this and errors out. Change test code to better support SP sizes only.
2018-02-08 08:50:17 +03:00
if test "$ENABLED_SP_MATH" = "yes" && test "$ENABLED_KEYGEN" = "yes"; then
AC_MSG_ERROR([Cannot use single precision math and key generation])
fi
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
if test "x$ENABLED_PKCS7" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
# Enable prereqs if not already enabled
add EnvelopedData ECC support, refactor pkcs7
2016-12-10 03:22:09 +03:00
if test "x$ENABLED_AESKEYWRAP" = "xno"
then
ENABLED_AESKEYWRAP="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
fi
remove pkcs7 requirement of x963kdf when ecc is disabled
2018-03-19 19:08:46 +03:00
if test "x$ENABLED_X963KDF" = "xno" && test "$ENABLED_ECC" = "yes"
add EnvelopedData ECC support, refactor pkcs7
2016-12-10 03:22:09 +03:00
then
ENABLED_X963KDF="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
fi
Disable DES3 by default. Force it enabled when it is a prereq for another option. (SCEP and PKCS7)
2016-09-15 21:17:30 +03:00
fi
if test "x$ENABLED_DES3" = "xno"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
else
# turn off DES3 if leanpsk or leantls on
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
ENABLED_DES3=no
fi
fi
Added --enable-maxstrength configure build to only allow TLSv1.2, PFS, and AEAD ciphers.
2015-04-01 21:55:49 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_OLD_TLS" = "xyes"],
[AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
ENABLED_OLD_TLS=no])
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
test "x$ENABLED_SSLV3" = "xyes"],
[AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
1. Added missing -DWOLFSSL_SCTP to configure.ac. 2. Don't do hello verify requests in SCTP mode. 3. Implemented the SCTP MTU size changes. 4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
2016-08-24 23:17:38 +03:00
AS_IF([test "x$ENABLED_SCTP" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs.
2016-12-07 01:08:52 +03:00
AS_IF([test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DWOLFSSL_MULTICAST $AM_CFLAGS"])
inital AES-CBC with af_alg progress on AES-GCM with AF_ALG and add SHA256 add aes-gcm test cases and finish logic of aes-gcm with AF_ALG formating of tabs and white space add files to dist adding ecb and ctr mode with af_alg make length of buffers for ctr be AES_BLOCK_SIZE formating and add support for sha256 copy/gethash sanity checks on arguments cast return values and valgrind tests make it easier to use sha256 with af_alg remove hard tabs add endif for after rebase
2018-07-19 02:26:25 +03:00
# WOLFSSL_AFALG does not support SHA224 yet
AS_IF([(test "x$ENABLED_AFALG" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")],
[AC_MSG_ERROR([--enable-sha224 with --enable-afalg not yet supported])])
crypto only sha256 cryptodev formating and refactoring update configure for devcrypto add AES algorithms to cyrptodev port increase structure size for compatibility AES with cryptodev add wc_devcrypto.h to install path
2018-08-17 18:46:16 +03:00
# WOLFSSL_DEVCRYPTO does not support SHA224 yet
AS_IF([(test "x$ENABLED_DEVCRYPTO" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")],
[AC_MSG_ERROR([--enable-sha224 with --enable-devcrypto not yet supported])])
Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs.
2016-12-07 01:08:52 +03:00
# SCTP and Multicast require DTLS
AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
(test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")],
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
[AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
ENABLED_DTLS=yes])
Multicast 1. Since multicast's only cipher suite uses null cipher automatically enable it. 2. Add options to example client and server to start testing multicast API. (Uses TLS over TCP.) 3. Updates to use the forced secrets set by API.
2016-12-15 22:43:15 +03:00
# Multicast requires the null cipher
AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \
test "x$ENABLED_MCAST" = "xyes"],
[AM_CFLAGS="-DHAVE_NULL_CIPHER $AM_CFLAGS"
ENABLED_NULL_CIPHER=yes])
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
# wolfSSH and WPA Supplicant both need Public MP, only enable once.
# This will let you know if you enabled wolfSSH but have any of the prereqs
# disabled. Some of these options, disabling them adds things to the FLAGS and
# you need to check and add items in two places depending on the option.
AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],
[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="-DWOLFSSL_PUBLIC_MP $AM_CFLAGS"])
AS_IF([test "x$ENABLED_AESGCM" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with AES-GCM disabled])])
AS_IF([test "x$ENABLED_ECC" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with ECC disabled])])
AS_IF([test "x$ENABLED_SHA" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with SHA-1 disabled])])
AS_IF([test "x$ENABLED_SHA512" = "xno"],[AC_MSG_ERROR([cannot enable wolfSSH with SHA-512/384 disabled])])
])
adds build dependency check for OCSP
2016-02-23 21:19:04 +03:00
################################################################################
add macpi huffman
2013-03-21 01:37:05 +04:00
Fixes for know wolfSSL build issues in the following cases: * Fixes for building wolfSSL from GitHub sources download, where .git does exist. The autogen.sh still needs to "touch" files for the build to work. * Fix for FIPS case where `wc_RsaSetRNG` is not available. * Added new `./configure --enable-usersettings` option to not populate the Makefile with build options and instead define `WOLFSSL_USER_SETTINGS` and expect a user provided `user_settings.h` file. * Fix for `HAVE___UINT128_T` to match config.h generated value to eliminate warning.
2019-04-30 21:45:48 +03:00
# USER SETTINGS
if test "x$ENABLED_USERSETTINGS" = "xyes"
then
# Replace all options and just use WOLFSSL_USER_SETTINGS
AM_CFLAGS="-DWOLFSSL_USER_SETTINGS"
fi
1.8.8 init
2011-02-05 22:14:47 +03:00
# OPTIMIZE FLAGS
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
# For distro disable custom build options that interfere with symbol generation
if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
Brian's c++/clang fixes, minor adjustments
2012-10-22 22:37:46 +04:00
if test "$ax_enable_debug" = "no"
1.8.8 init
2011-02-05 22:14:47 +03:00
then
Configure Update Revise default compiler optimization flags enable name to something more descriptive.
2018-03-28 23:17:25 +03:00
AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "$ENABLED_FASTMATH" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
if test "$ENABLED_FASTHUGEMATH" = "yes"
then
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
else
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
Configure Update Add a disable option to turn off the default optimization options so the user may set their own in a CFLAGS.
2018-03-28 02:41:39 +03:00
])
1.8.8 init
2011-02-05 22:14:47 +03:00
fi
fi
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
# ICC command line warning for non supported warning flags
if test "$CC" = "icc"
then
AM_CFLAGS="$AM_CFLAGS -wd10006"
fi
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# Expose HAVE___UINT128_T to options flags"
if test "$ac_cv_type___uint128_t" = "yes"
then
Fixes for know wolfSSL build issues in the following cases: * Fixes for building wolfSSL from GitHub sources download, where .git does exist. The autogen.sh still needs to "touch" files for the build to work. * Fix for FIPS case where `wc_RsaSetRNG` is not available. * Added new `./configure --enable-usersettings` option to not populate the Makefile with build options and instead define `WOLFSSL_USER_SETTINGS` and expect a user provided `user_settings.h` file. * Fix for `HAVE___UINT128_T` to match config.h generated value to eliminate warning.
2019-04-30 21:45:48 +03:00
AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1"
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
fi
uses most recent version of cyassl
2014-07-10 21:18:49 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
LIB_SOCKET_NSL
Update autoconf scripts 1. Add patch to AX_TLS to let it work with AC v2.63. 2. AX_TLS() call needs a no-op in the false case. 3. Move AX_HARDEN call back to its original position. 4. Print CC rather than CC_VERSION in configuration summary.
2014-02-18 03:33:07 +04:00
AX_HARDEN_CC_COMPILER_FLAGS
1.8.8 init
2011-02-05 22:14:47 +03:00
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
# if mingw then link to ws2_32 for sockets
Cygwin/Mingw64 fixes
2013-05-02 00:17:11 +04:00
case $host_os in
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
mingw*)
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
LDFLAGS="$LDFLAGS -lws2_32"
if test "$enable_shared" = "yes"
then
AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
if test "$enable_static" = "yes"
then
MINGW_LIB_WARNING="yes"
fi
fi ;;
Cygwin/Mingw64 fixes
2013-05-02 00:17:11 +04:00
esac
Fixes to address build warnings for GCC 7. Used `-Wimplicit-fallthrough=0` to suppress all switch fall-through warnings.
2017-05-12 00:32:21 +03:00
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
# add user C_EXTRA_FLAGS back
Pulled in patches from Debian package.
2016-11-22 22:25:40 +03:00
# For distro disable custom build options that interfere with symbol generation
if test "$ENABLED_DISTRO" = "no"
then
CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
fi
Configure Update 1. Initialize CXXFLAGS (C++ compiler flags) the same way we do CFLAGS. 2. Add CPPFLAGS (C preprocessor flags) to the options.h file with the other CFLAGS.
2018-03-27 20:23:44 +03:00
OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS"
change to C_EXTRA_FLAGS for user addtions to CFLAGS since CFLAGS may contain -g -O2 even if user doesn't override, no way to tell
2012-10-24 23:01:11 +04:00
Fixes to address build warnings for GCC 7. Used `-Wimplicit-fallthrough=0` to suppress all switch fall-through warnings.
2017-05-12 00:32:21 +03:00
Autoconf Update Consolidate all the AM_CONDITIONAL statements in one place in the configure process. This replaces the set of repeat checks of enable flags to conditionally check the AM_CONDITIONAL.
2019-06-20 23:37:53 +03:00
# The following AM_CONDITIONAL statements set flags for use in the Makefiles.
# Some of these affect build targets and objects, some trigger different
# test scripts for make check.
AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes"])
AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes"])
AM_CONDITIONAL([BUILD_SCTP],[test "x$ENABLED_SCTP" = "xyes"])
AM_CONDITIONAL([BUILD_MCAST],[test "x$ENABLED_MCAST" = "xyes"])
AM_CONDITIONAL([BUILD_IPV6],[test "x$ENABLED_IPV6" = "xyes"])
AM_CONDITIONAL([BUILD_LEANPSK],[test "x$ENABLED_LEANPSK" = "xyes"])
AM_CONDITIONAL([BUILD_LEANTLS],[test "x$ENABLED_LEANTLS" = "xyes"])
AM_CONDITIONAL([BUILD_LOWMEM],[test "x$ENABLED_LOWRESOURCE" = "xyes"])
AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes" ])
AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB],[test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes" ])
AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes"])
AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes"])
AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
AM_CONDITIONAL([BUILD_AFALG],[test "x$ENABLED_AFALG" = "xyes"])
AM_CONDITIONAL([BUILD_DEVCRYPTO],[test "x$ENABLED_DEVCRYPTO" = "xyes"])
AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes"])
AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes"])
AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes"])
AM_CONDITIONAL([BUILD_BLAKE2],[test "x$ENABLED_BLAKE2" = "xyes"])
AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes"])
AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes"])
AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes"])
AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" = "xyes"])
AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes"])
AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes"])
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes"])
AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes"])
AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes"])
AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes"])
AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" = "xyes"])
AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno"])
AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes"])
AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes"])
AM_CONDITIONAL([BUILD_IDEA],[test "x$ENABLED_IDEA" = "xyes"])
AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes"])
AM_CONDITIONAL([BUILD_MD5],[test "x$ENABLED_MD5" = "xyes"])
AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes"])
AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes"])
AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
AM_CONDITIONAL([BUILD_FIPS_V2],[test "x$FIPS_VERSION" = "xv2"])
AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes"])
AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes"])
AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" = "xyes"])
AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes"])
AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes"])
AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes"])
AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" = "xyes"])
AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] )
AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"])
AM_CONDITIONAL([BUILD_NTRU],[test "x$ENABLED_NTRU" = "xyes"])
AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes"])
AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes"])
AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes"])
AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes"])
AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes"])
AM_CONDITIONAL([BUILD_SLOWMATH],[test "x$ENABLED_SLOWMATH" = "xyes"])
AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
AM_CONDITIONAL([BUILD_LIBZ],[test "x$ENABLED_LIBZ" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS11],[test "x$ENABLED_PKCS11" = "xyes"])
AM_CONDITIONAL([BUILD_CAVIUM],[test "x$ENABLED_CAVIUM" = "xyes"])
AM_CONDITIONAL([BUILD_CAVIUM_V],[test "x$ENABLED_CAVIUM_V" = "xyes"])
AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"])
AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes"])
AM_CONDITIONAL([BUILD_SP_C],[test "x$ENABLED_SP" = "xyes" && test "x$ENABLED_SP_ASM" = "xno" ])
AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_ARM_CORTEX],[test "x$ENABLED_SP_ARM_CORTEX_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_X86_64],[test "x$ENABLED_SP_X86_64_ASM" = "xyes" ])
AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" ])
AM_CONDITIONAL([BUILD_FAST_RSA],[test "x$ENABLED_FAST_RSA" = "xyes"])
AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
AM_CONDITIONAL([BUILD_CRYPTOCB],[test "x$ENABLED_CRYPTOCB" = "xyes"])
AM_CONDITIONAL([BUILD_PSK],[test "x$ENABLED_PSK" = "xyes"])
AM_CONDITIONAL([BUILD_TRUST_PEER_CERT],[test "x$have_tp" = "xyes"])
AM_CONDITIONAL([BUILD_PKI],[test "x$ENABLED_PKI" = "xyes"])
AM_CONDITIONAL([BUILD_DES3],[test "x$ENABLED_DES3" = "xyes"])
AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes"])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
CREATE_HEX_VERSION
Brian changes
2012-10-24 22:53:33 +04:00
AC_SUBST([AM_CPPFLAGS])
AC_SUBST([AM_CFLAGS])
AC_SUBST([AM_LDFLAGS])
1. Add C NI-intrinsic AES-GCM encrypt and decrypt. 2. Fix error string for wolfcrypt test of GMAC. 3. Add AES-GCM Decrypt to benchmark.
2015-10-31 02:03:26 +03:00
AC_SUBST([AM_CCASFLAGS])
Add Intel IPP crypto for RSA add user-crypto makefile update README for IPP crypto place user crypto in wolfcrypt and use autotools adjust distributed files move openssl compatibility consumption auto use IPP RSA -- IPP directory containing shared libraries local return value of wolfSSL_BN and formating of debug openssh testing make sure IPP not built when fips is ipp init to select correct optimizations -- static libraries on linux -- fast-rsa disabled by default try to only set library once only use static IPP if fast rsa is enabled make print out for user crypto more pretty
2015-09-28 19:06:30 +03:00
AC_SUBST([LIB_ADD])
AC_SUBST([LIB_STATIC_ADD])
1.8.8 init
2011-02-05 22:14:47 +03:00
# FINAL
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything.
2018-06-08 20:47:14 +03:00
AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec])
Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout
2011-08-25 02:54:58 +04:00
This add the generic structure required to have pkgconfig work. I also fixed autogen.sh to do some magic on warnings/errors based on whether code comes from github or not.
2012-10-26 10:06:06 +04:00
AX_CREATE_GENERIC_CONFIG
turn jobserver back on
2012-10-27 02:38:37 +04:00
AX_AM_JOBSERVER([yes])
This dramatically speeds up the time taken to compile cyassl (assuming you have multiple cores...).
2012-10-26 08:35:52 +04:00
1.8.8 init
2011-02-05 22:14:47 +03:00
AC_OUTPUT
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
# force make clean
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
echo "---"
echo "Running make clean..."
hide make clean output
2012-11-30 00:05:34 +04:00
make clean >/dev/null 2>&1
added configure option --disable-examples to remove example code build, configure runs make clean at the end, sniffer test isn't built if sniffer disabled
2012-11-29 23:31:57 +04:00
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
# generate user options header
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
echo "---"
echo "Generating user options header..."
autoconf, libversioning, .gitignore updated
2015-01-01 00:06:01 +03:00
distribution fix
2015-01-06 02:58:28 +03:00
OPTION_FILE="wolfssl/options.h"
blake2 debug and settings refactor
2015-01-06 20:16:56 +03:00
#if
#OPTION_FILE+="cyassl/options.h"
#fi
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
rm -f $OPTION_FILE
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "/* wolfssl options.h" > $OPTION_FILE
make clear where options.h came from
2013-04-13 03:50:16 +04:00
echo " * generated from configure options" >> $OPTION_FILE
add wolfSSL header to configure generated options.h
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
Copyright (C) updates
2015-01-08 19:39:04 +03:00
echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
add wolfSSL header to configure generated options.h
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
configure.ac updates
2014-12-31 23:04:03 +03:00
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
add wolfSSL header to configure generated options.h
2013-04-12 23:56:44 +04:00
echo " *" >> $OPTION_FILE
echo " */" >> $OPTION_FILE
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
echo "" >> $OPTION_FILE
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
for option in $OPTION_FLAGS; do
RPM Fixes 1. Fixed a few parsing checks in the dates in the RPM changelog. 2. Moved some file names between sections in the include.am and spec.in files. 3. Added the match-start-of-line to the regex for finding the -D items for the options file.
2018-06-20 22:04:53 +03:00
defonly=`echo $option | sed 's/^-D//'`
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
if test "$defonly" != "$option"
then
change = to space for user options defines with = value
2013-05-30 02:03:27 +04:00
noequalsign=`echo $defonly | sed 's/=/ /'`
fix github issue #65, don't output (N)DEBUG to options.h
2015-04-13 22:01:21 +03:00
if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
then
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
echo "not outputting (N)DEBUG to $OPTION_FILE"
fix github issue #65, don't output (N)DEBUG to options.h
2015-04-13 22:01:21 +03:00
continue
fi
Configure Update 1. Fix typo. 2. Change the parsing of the -D options to be more POSIX friendly. Removed the "==" and replaced the multi escaped [] with a test command.
2018-07-11 03:30:47 +03:00
# allow user to ignore system options
Configure Fix 1. The check for options that start with an underscore to wrap them with another check was broken. Replaced with a use of grep. The old original version breaks on some shells.
2018-07-21 01:14:03 +03:00
ignoresys=$(echo "$noequalsign" | grep '^_.*')
if test -n "$ignoresys"
fix github issue #65, ignore sys options
2015-04-17 19:23:43 +03:00
then
echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
fi
fix github issue #65, don't undef with arg to options.h
2015-04-16 20:36:51 +03:00
noarg=`echo $defonly | sed 's/=.*//'`
fix github issue #65, ignore sys options
2015-04-17 19:23:43 +03:00
echo "#undef $noarg" >> $OPTION_FILE
echo "#define $noequalsign" >> $OPTION_FILE
Configure Fix 1. The check for options that start with an underscore to wrap them with another check was broken. Replaced with a use of grep. The old original version breaks on some shells.
2018-07-21 01:14:03 +03:00
if test -n "$ignoresys"
fix github issue #65, ignore sys options
2015-04-17 19:23:43 +03:00
then
echo "#endif" >> $OPTION_FILE
fi
echo "" >> $OPTION_FILE
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
else
echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
fi
done
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo "" >> $OPTION_FILE
echo "#ifdef __cplusplus" >> $OPTION_FILE
echo "}" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
echo "" >> $OPTION_FILE
echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
echo "" >> $OPTION_FILE
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
echo
Fixes for building with IPV6. Added new WOLFSSL_IPV6 define to indicate IPV6 support. Fix to not include connect() and socket() calls unless HAVE_HTTP_CLIENT, HAVE_OCSP or HAVE_CRL_IO defined. Typo fixes.
2017-03-15 21:25:24 +03:00
#backwards compatibility for those who have included options or version
cyassl/options.h backwards compatibile
2015-01-08 00:30:02 +03:00
touch cyassl/options.h
echo "/* cyassl options.h" > cyassl/options.h
echo " * generated from wolfssl/options.h" >> cyassl/options.h
return line options.h being read literally by debian, fixed
2015-02-12 00:10:06 +03:00
echo " */" >> cyassl/options.h
echo ""
cyassl/options.h backwards compatibile
2015-01-08 00:30:02 +03:00
while read -r line
do
echo "$line" >> cyassl/options.h
done < $OPTION_FILE
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
# switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak
sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
# workaround for mingw sed that may get "Permission denied" trying to preserver permissions
case $host_os in
mingw*)
chmod u+w cyassl/options.h ;;
esac
switch pragma once uses, causes warnings on some compilers
2015-12-17 23:19:17 +03:00
rm cyassl/options.h.bak
MinGW fixes, server port assigning cleanup and ping test cleanup. Fixes issue with visibility detection with MinGW. The visibility.m4 script was not actually trying to call the hidden function, which caused MinGW to detect improperly that visibility was supported. Fix for bogusFile on Windows build. Fixes to build warnings for unused variable 'res' and signed/unsigned comparison for sizeof min(). Cleanup of the server side port assignment to allow use with Windows/MinGW/Cygwin. If Windows uses new GetRandomPort() function in test.h to get port in in the 49152 - 65535 range. If *nix then uses the tcp_listen returned port. Otherwise uses the default wolfSSLPort. Refactor of the ping test code to use common file and properly handle ping count differences (Windows "-c" vs. *Nix style "-n"). Workaround for MinGW and cyassl/options.h getting file permissions error. Added non-fatal compile warning if using MinGW that "strtok_s" might be missing along with a link to public domain source that can be used.
2016-04-02 01:45:53 +03:00
generate cyassl/options.h based on ./configure flags/settings for user app use
2013-04-12 22:21:38 +04:00
# output config summary
This adds more compiler hardening flags (and fixes all of the issues found in the process).
2012-09-20 10:38:41 +04:00
echo "---"
echo "Configuration summary for $PACKAGE_NAME version $VERSION"
echo ""
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Installation prefix: $prefix"
echo " * System type: $host_vendor-$host_os"
echo " * Host CPU: $host_cpu"
echo " * C Compiler: $CC"
echo " * C Flags: $CFLAGS"
echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS"
echo " * CCAS Flags: $CCASFLAGS"
echo " * LIB Flags: $LIB"
echo " * Debug enabled: $ax_enable_debug"
Single Precision maths for RSA (and DH) Single Precision ECC implementation
2017-08-10 10:27:22 +03:00
echo " * Coverage enabled: $ax_enable_coverage"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
echo " * make -j: $enable_jobserver"
echo " * VCS checkout: $ac_cv_vcs_checkout"
Merge branch 'master' of https://github.com/wolfSSL/wolfssl
2015-08-13 11:20:47 +03:00
echo
Fixes for hardening flags. Additional fixes for using C++ compiler to compile. Include file pcap.h now gates sniffer for build.
2012-10-20 06:00:17 +04:00
echo " Features "
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Single threaded: $ENABLED_SINGLETHREADED"
echo " * Filesystem: $ENABLED_FILESYSTEM"
echo " * OpenSSH Build: $ENABLED_OPENSSH"
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add `--enable-opensslcoexist` which makes sure `oldnames` is disabled. Refactor of `SSL_` to `WOLF_SSL_`. Refactor of `SHA`, `MD5`, `SHA224`, `SHA256`, `SHA512` and `SHA384` to `WC_` naming.
2017-09-26 04:47:36 +03:00
echo " * OpenSSL Coexist: $ENABLED_OPENSSLCOEXIST"
echo " * Old Names: $ENABLED_OLDNAMES"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
add distro build option
2016-08-22 19:00:37 +03:00
echo " * Distro Build: $ENABLED_DISTRO"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * fastmath: $ENABLED_FASTMATH"
Added ability to force 32-bit mode using `--enable-32bit`. Added ability to disable all inline asembly using `--disable-asm`. Added check for `__EMSCRIPTEN__` define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.
2017-11-07 01:37:34 +03:00
echo " * Assembly Allowed: $ENABLED_ASM"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST"
echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI"
Config option to disable AES-CBC AEAD only detection and removeal of code. Also in single threaded builds, reference the ctx suites in ssl object if it exists.
2018-07-25 04:22:48 +03:00
echo " * AES-CBC: $ENABLED_AESCBC"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM"
Adds an --enable-aesctr flag to the configure script to explicitly compile with -DWOLFSSL_AES_COUNTER and -DWOLFSSL_AES_DIRECT If --enable-fortress or --enable-mcapi are used they effectively force --enable-aesctr
2016-12-04 17:23:51 +03:00
echo " * AES-CTR: $ENABLED_AESCTR"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * DES3: $ENABLED_DES3"
echo " * IDEA: $ENABLED_IDEA"
echo " * Camellia: $ENABLED_CAMELLIA"
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
echo " * MD5: $ENABLED_MD5"
echo " * RIPEMD: $ENABLED_RIPEMD"
echo " * SHA: $ENABLED_SHA"
SHA224 implementation added Added SHA24 implementation and tetss. Added HMAC-SHA224 implementation and tests. Added RSA-SHA224 and ECDSA-SHA224. Added MGF1-SHA224 Added OpenSSL APIs for SHA224 Configuration option to enable SHA224 and it is on by default for x86_64
2016-11-10 08:52:26 +03:00
echo " * SHA-224: $ENABLED_SHA224"
Allow SHA384 to be compiled in without SHA512
2018-07-20 02:42:01 +03:00
echo " * SHA-384: $ENABLED_SHA384"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * SHA-512: $ENABLED_SHA512"
Initial revision of SHA-3
2017-05-23 06:50:49 +03:00
echo " * SHA3: $ENABLED_SHA3"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * BLAKE2: $ENABLED_BLAKE2"
add AES-CMAC
2016-05-24 03:50:36 +03:00
echo " * CMAC: $ENABLED_CMAC"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * keygen: $ENABLED_KEYGEN"
echo " * certgen: $ENABLED_CERTGEN"
echo " * certreq: $ENABLED_CERTREQ"
echo " * certext: $ENABLED_CERTEXT"
Decoded cert cache feature
2019-03-01 00:07:38 +03:00
echo " * certgencache: $ENABLED_certgencache"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * HC-128: $ENABLED_HC128"
echo " * RABBIT: $ENABLED_RABBIT"
echo " * CHACHA: $ENABLED_CHACHA"
echo " * Hash DRBG: $ENABLED_HASHDRBG"
echo " * PWDBASED: $ENABLED_PWDBASED"
Implementation of scrypt Tests and benchmarking added. Configure with --enable-scrypt and requires --enable-pwdbased
2016-12-14 09:47:54 +03:00
echo " * scrypt: $ENABLED_SCRYPT"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
echo " * HKDF: $ENABLED_HKDF"
add ANSI-X9.63-KDF support [SEC1]
2016-12-08 06:09:54 +03:00
echo " * X9.63 KDF: $ENABLED_X963KDF"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * MD4: $ENABLED_MD4"
echo " * PSK: $ENABLED_PSK"
echo " * Poly1305: $ENABLED_POLY1305"
echo " * LEANPSK: $ENABLED_LEANPSK"
LeanTLS: Fixed issue with GetCA, GetCAByName and PickHashSigAlgo with HAVE_ECC, NO_RSA and NO_CERTS defined. Added new "--enable-leantls" option, which enables TLS 1.2 client only with ECC256, AES128 and SHA256 (no RSA, DH, DSA, MD4, MD5, SHA, PSK, PWD, CERTS, DES3, Error Strings, ARC4, Coding, Memory or File System).
2016-02-13 01:30:26 +03:00
echo " * LEANTLS: $ENABLED_LEANTLS"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * RSA: $ENABLED_RSA"
TLS v1.2 and PSS Cleanup the TLS v1.3 PSS code as well. Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer a simple memcmp with the digest.
2017-05-18 08:32:06 +03:00
echo " * RSA-PSS: $ENABLED_RSAPSS"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
Added `--enable-ecccustcurves=all` option.
2019-03-14 19:56:03 +03:00
echo " * ECC Custom Curves $ENABLED_ECCCUSTCURVES"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * CURVE25519: $ENABLED_CURVE25519"
echo " * ED25519: $ENABLED_ED25519"
echo " * FPECC: $ENABLED_FPECC"
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
echo " * ASN: $ENABLED_ASN"
echo " * Anonymous cipher: $ENABLED_ANON"
echo " * CODING: $ENABLED_CODING"
echo " * MEMORY: $ENABLED_MEMORY"
echo " * I/O POOL: $ENABLED_IOPOOL"
echo " * LIGHTY: $ENABLED_LIGHTY"
Introduce HAPROXY config flag + get/set app_data
2017-03-28 14:28:36 +03:00
echo " * HAPROXY: $ENABLED_HAPROXY"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * STUNNEL: $ENABLED_STUNNEL"
Get Nginx working with wolfSSL
2016-12-22 05:53:29 +03:00
echo " * NGINX: $ENABLED_NGINX"
Added wolfSSl compatability for Asio C++ library
2018-07-02 19:48:02 +03:00
echo " * ASIO: $ENABLED_ASIO"
Modification for compliling application with libsignal-protocol-c.
2017-11-13 12:12:18 +03:00
echo " * SIGNAL: $ENABLED_SIGNAL"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS"
added SCTP to configure.ac
2016-08-01 17:51:42 +03:00
echo " * SCTP: $ENABLED_SCTP"
Support indefinite length BER encodings in PKCS #7
2018-02-19 06:40:18 +03:00
echo " * Indefinite Length: $ENABLED_BER_INDEF"
Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs.
2016-12-07 01:08:52 +03:00
echo " * Multicast: $ENABLED_MCAST"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
echo " * SSL version 3.0: $ENABLED_SSLV3"
Disable TLS v1.0 by default. Added new `--enable-tlsv10` option to force enable (only works if --enable-oldtls is set, which is on by default).
2017-11-15 00:55:48 +03:00
echo " * TLS v1.0: $ENABLED_TLSV10"
Add TLS v1.3 as an option
2016-11-23 18:31:07 +03:00
echo " * TLS v1.3: $ENABLED_TLS13"
Updates from code review
2017-06-22 05:40:41 +03:00
echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
TLS v1.3 support for Draft 23 and Draft 27 Draft 24: Second ClientHello usees version 0x0303 - no change. Draft 25: The record layer header is now additional authentication data to encryption. Draft 26: Disallow SupportedVersion being used in ServerHello for negotiating below TLS v1.3. Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in SupportedVersion - no change.
2018-03-07 10:05:53 +03:00
echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22"
echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23"
Allow building TLS 1.3 at draft 26
2018-05-01 08:19:18 +03:00
echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26"
Use final TLS 1.3 version value by default.
2018-08-20 07:17:38 +03:00
echo " * TLS v1.3 Draft 28: $ENABLED_TLS13_DRAFT28"
Updates from code review
2017-06-22 05:40:41 +03:00
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
Code review fixes Also put in configuration option for sending HRR Cookie extension with state.
2017-06-27 01:52:53 +03:00
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * OCSP: $ENABLED_OCSP"
cosmetic changes to OCSP Stapling options.
2015-12-30 23:10:25 +03:00
echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * CRL: $ENABLED_CRL"
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
echo " * Persistent session cache: $ENABLED_SAVESESSION"
echo " * Persistent cert cache: $ENABLED_SAVECERT"
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
echo " * NTRU: $ENABLED_NTRU"
seperate build of QSH from build of NTRU
2017-08-16 23:19:38 +03:00
echo " * QSH: $ENABLED_QSH"
add Whitewood netRandom client library support
2016-05-06 00:31:25 +03:00
echo " * Whitewood netRandom: $ENABLED_WNR"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Server Name Indication: $ENABLED_SNI"
echo " * ALPN: $ENABLED_ALPN"
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
Trusted CA Key Indication Extension Added an API for enabling the Trusted CA Key Indication extension from RFC6066 section 6. If the server doesn't have a match for the client, the client will abandon the session.
2018-09-28 19:05:59 +03:00
echo " * Trusted CA Indication: $ENABLED_TRUSTED_CA"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
Support FFDHE in TLS 1.2 and below. Better TLS 1.3 version support. Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS 1.3 already. On by default - no checking of prime required. Add option to require client to see FFDHE parameters from server as per 'may' requirements in RFC 7919. Change TLS 1.3 ClientHello and ServerHello parsing to find the SupportedVersions extension first and process it. Then it can handle other extensions knowing which protocol we are using.
2019-02-18 03:57:12 +03:00
echo " * FFDHE only in client: $ENABLED_FFDHE_ONLY"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
initial extended master secret support
2016-09-02 00:12:54 +03:00
echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7 $ENABLED_PKCS7"
wolfSSH Option Added a configure convenience option for building wolfSSL to work with wolfSSH.
2017-10-05 01:24:22 +03:00
echo " * wolfSSH $ENABLED_WOLFSSH"
Merge branch csr into 'master'
2015-11-02 21:51:01 +03:00
echo " * wolfSCEP $ENABLED_WOLFSCEP"
echo " * Secure Remote Password $ENABLED_SRP"
echo " * Small Stack: $ENABLED_SMALL_STACK"
echo " * valgrind unit tests: $ENABLED_VALGRIND"
echo " * LIBZ: $ENABLED_LIBZ"
echo " * Examples: $ENABLED_EXAMPLES"
echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
Single Precision maths for RSA (and DH) Single Precision ECC implementation
2017-08-10 10:27:22 +03:00
echo " * Single Precision: $ENABLED_SP"
Added "--enable-asynccrypt" option for enabling asynchronous crypto. This includes a refactor of SendServerKeyExchange and DoClientKeyExchange to support WC_PENDING_E on key generation, signing and verification. Currently uses async simulator (WOLFSSL_ASYNC_CRYPT_TEST) if cavium not enabled. All of the examples have been updated to support WC_PENDING_E on accept and connect. A generic WOLF_EVENT infrastructure has been added to support other types of future events and is enabled using "HAVE_WOLF_EVENT". Refactor the ASN OID type (ex: hashType/sigType) to use a more unique name. The real "async.c" and "async.h" files are in a private repo.
2016-03-04 21:05:22 +03:00
echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
Support for PKCS#11 Support for RSA, ECDSA and AES-GCM operations.
2018-09-12 01:56:59 +03:00
echo " * PKCS#11: $ENABLED_PKCS11"
Added asynchronous wolfCrypt RSA, TLS client and Cavium Nitrox V support. Asynchronous wolfSSL client support for "DoServerKeyExchange", "SendClientKeyExchange", "SendCertificateVerify" and "DoCertificateVerify". Fixes for async DTLS. Refactor of the wolf event and async handling for use in wolfCrypt. Refactor of the async device support so its hardware agnostic. Added Cavium Nitrox V support (Nitrox tested using SDK v0.2 CNN55XX-SDK with new configure "--with-cavium-v=/dir" option). Moved Nitrox specific functions to new port file "port/cavium/cavium_nitrox.c". RSA refactor to handle async with states. RSA optimization for using dpraw for private key decode. Use double linked list in wolf event for faster/cleaner code. Use typedef for wolf event flag. Cleanup of the async error codes. wolfCrypt test and benchmark support for async RSA. Asynchronous mode enabled using "./configure --enable-asynccrypt". If no async hardware is defined then the internal async simulator (WOLFSSL_ASYNC_CRYPT_TEST) is used. Note: Using async mode requires async.c/h files from wolfSSL. If interested in using asynchronous mode please send email to info@wolfssl.com.
2016-08-15 22:59:41 +03:00
echo " * Cavium: $ENABLED_CAVIUM"
initial ARMv8 instructions
2016-07-22 18:49:15 +03:00
echo " * ARM ASM: $ENABLED_ARMASM"
add AES key wrap support, RFC 3394
2016-12-06 01:38:42 +03:00
echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
add wolfSSL_write_dup(), creates write_only WOLFSSL to allow concurrent access
2017-03-21 01:08:34 +03:00
echo " * Write duplicate: $ENABLED_WRITEDUP"
Intel QuickAssist (QAT) support and async enhancements/fixes: * Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/). * Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. * wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify. * wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature. * wolfCrypt test and benchmark async support added for all HW acceleration. * wolfCrypt benchmark multi-threading support. * Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA. * Refactor to make sure “heap” is available for async dev init. * Added async support for all examples for connect, accept, read and write. * Added new WC_BIGINT (in wolfmath.c) for async hardware support. * Added async simulator tests for DES3 CBC, AES CBC/GCM. * Added QAT standalone build for unit testing. * Added int return code to SHA and MD5 functions. * Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer. * Combined duplicate code for async push/pop handling. * Refactor internal.c to add AllocKey / FreeKey. * Refactor of hash init/free in TLS to use InitHashes and FreeHashes. * Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*. * Suppress error message for WC_PENDING_E. * Implemented "wolfSSL_EVP_MD_CTX_init" to do memset. * Cleanup of the openssl compat CTX sizes when async is enabled. * Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability. * Cleanup of the OPAQUE_LEN. * Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret). * Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations) * Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding". * Updated RSA un-padding error message so its different than one above it for better debugging. * Added QAT async enables for each algorithm. * Refactor of the async init to use _ex. * Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing. * Reformatted the benchmark results: PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec" Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87 * Added min execution time for all benchmarks. * Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local. * Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark. * Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async. * Added NO_SW_BENCH option to only run HW bench. * Added support for PRNG to use hardware SHA256 if _wc devId provided. * Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size. * Added the wc_*GetHash calls to the wolfCrypt tests. * Added async hardware start/stop to wolfSSL init/cleanup. * Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos. * Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`. * Added arg checks on wc_*GetHash and wc_*Copy. * Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions. * Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator. * Added checks for all hashing to verify valid ->buffLen. * Fix for SHA512 scan-build warning about un-initialized “W_X”. * Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash. * Refactor of the benchmarking to use common function for start, check and finish of the stats. * Fixed issue with ECC cache loading in multi-threading. * Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned. * Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. * Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-08 01:46:32 +03:00
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
Xilinx port
2017-06-07 20:37:21 +03:00
echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
Add status of inline configure option to feature output
2018-01-18 00:20:49 +03:00
echo " * Inline Code: $ENABLED_INLINE"
inital AES-CBC with af_alg progress on AES-GCM with AF_ALG and add SHA256 add aes-gcm test cases and finish logic of aes-gcm with AF_ALG formating of tabs and white space add files to dist adding ecb and ctr mode with af_alg make length of buffers for ctr be AES_BLOCK_SIZE formating and add support for sha256 copy/gethash sanity checks on arguments cast return values and valgrind tests make it easier to use sha256 with af_alg remove hard tabs add endif for after rebase
2018-07-19 02:26:25 +03:00
echo " * Linux AF_ALG: $ENABLED_AFALG"
Release Fixes 1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test. 2. Fix the content length in the sample HTTP used by the example server. 3. Disable OCSP stapling in the example server if RSA is disabled. 4. Fix a variable in asn.c that was declared in the middle of its scope. 5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
2019-03-20 21:01:24 +03:00
echo " * Linux devcrypto: $ENABLED_DEVCRYPTO"
echo " * Crypto callback: $ENABLED_CRYPTOCB"
This adds more compiler hardening flags (and fixes all of the issues found in the process).
2012-09-20 10:38:41 +04:00
echo ""
echo "---"
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-31 01:15:38 +03:00
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
################################################################################
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-31 01:15:38 +03:00
# Show warnings at bottom so they are noticed
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
################################################################################
Added new "wolfSSL_poll" which filters event queue by ssl object pointer. Changed wolfSSL_CTX_poll to support using WOLF_POLL_FLAG_PEEK flag to peek at events and return count. Removed "wolfssl_CTX_poll_peek". Switched the examples (test.h AsyncCryptPoll) to use just the WOLFSSL object and call new wolfSSL_poll. Added warning when using the "--enable-asynccrypt" option to make sure users know they need real async.c/.h files.
2016-03-31 01:15:38 +03:00
if test "$ENABLED_ASYNCCRYPT" = "yes"
then
AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
fi
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
# MinGW static vs shared library
update comment about MinGW
2016-04-18 21:14:47 +03:00
# Reference URL from libtool for MinGW is located at
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
# this allows for not even having dllimport/dllexport on functions
# with recent libtools, only requiring it with global variables.
update comment about MinGW
2016-04-18 21:14:47 +03:00
#
# The following warning is displayed here because if not using "contemporary GNU
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
# tools" there is the possibility of export/import issues.
update comment about MinGW
2016-04-18 21:14:47 +03:00
# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
# case where both static and shared libraries are built.
static and shared library with MinGW
2016-04-16 01:04:15 +03:00
#
# More can be found about the MinGW linker at
# https://sourceware.org/binutils/docs/ld/WIN32.html
if test "$MINGW_LIB_WARNING" = "yes"
then
AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
fi
Reference in New Issue Copy Permalink