1930 lines
50 KiB
Plaintext
1930 lines
50 KiB
Plaintext
# configure.ac
|
|
#
|
|
# Copyright (C) 2006-2014 wolfSSL Inc.
|
|
#
|
|
# This file is part of wolfSSL. (formerly known as CyaSSL)
|
|
#
|
|
#
|
|
|
|
AC_INIT([wolfssl],[3.3.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
|
|
|
|
AC_CONFIG_AUX_DIR([build-aux])
|
|
|
|
AC_CANONICAL_HOST
|
|
AC_CANONICAL_BUILD
|
|
|
|
AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
|
|
AC_PREREQ([2.63])
|
|
|
|
AC_ARG_PROGRAM
|
|
AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS],
|
|
[AX_SAVE_FLAGS
|
|
AC_LANG_PUSH([C])
|
|
AC_USE_SYSTEM_EXTENSIONS
|
|
AC_LANG_POP([C])
|
|
AX_RESTORE_FLAGS
|
|
])
|
|
#PROTECT_AC_USE_SYSTEM_EXTENSIONS
|
|
|
|
AC_CONFIG_MACRO_DIR([m4])
|
|
|
|
AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
|
|
|
|
#shared library versioning
|
|
WOLFSSL_LIBRARY_VERSION=6:0:1
|
|
# | | |
|
|
# +------+ | +---+
|
|
# | | |
|
|
# current:revision:age
|
|
# | | |
|
|
# | | +- increment if interfaces have been added
|
|
# | | set to zero if interfaces have been removed
|
|
# | | or changed
|
|
# | +- increment if source code has changed
|
|
# | set to zero if current is incremented
|
|
# +- increment if interfaces have been added, removed or changed
|
|
AC_SUBST([WOLFSSL_LIBRARY_VERSION])
|
|
|
|
# capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
|
|
# if user doesn't override, no way to tell
|
|
USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
|
|
|
|
LT_PREREQ([2.2])
|
|
LT_INIT([disable-static],[win32-dll])
|
|
LT_LANG([C++])
|
|
LT_LANG([C])
|
|
|
|
gl_VISIBILITY
|
|
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
|
|
AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
|
|
CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
|
|
])
|
|
|
|
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
|
|
|
|
AC_CHECK_FUNCS([gethostbyname])
|
|
AC_CHECK_FUNCS([getaddrinfo])
|
|
AC_CHECK_FUNCS([gettimeofday])
|
|
AC_CHECK_FUNCS([inet_ntoa])
|
|
AC_CHECK_FUNCS([memset])
|
|
AC_CHECK_FUNCS([socket])
|
|
AC_CHECK_HEADERS([arpa/inet.h])
|
|
AC_CHECK_HEADERS([fcntl.h])
|
|
AC_CHECK_HEADERS([limits.h])
|
|
AC_CHECK_HEADERS([netdb.h])
|
|
AC_CHECK_HEADERS([netinet/in.h])
|
|
AC_CHECK_HEADERS([stddef.h])
|
|
AC_CHECK_HEADERS([sys/ioctl.h])
|
|
AC_CHECK_HEADERS([sys/socket.h])
|
|
AC_CHECK_HEADERS([sys/time.h])
|
|
AC_CHECK_HEADERS([errno.h])
|
|
AC_CHECK_LIB(network,socket)
|
|
AC_CHECK_SIZEOF(long long, 8)
|
|
AC_CHECK_SIZEOF(long, 4)
|
|
AC_CHECK_TYPES(__uint128_t)
|
|
AC_C_BIGENDIAN
|
|
# mktime check takes forever on some systems, if time supported it would be
|
|
# highly unusual for mktime to be missing
|
|
#AC_FUNC_MKTIME
|
|
|
|
AC_PROG_CC
|
|
AC_PROG_CC_C_O
|
|
AC_PROG_CXX
|
|
AC_PROG_INSTALL
|
|
AC_TYPE_SIZE_T
|
|
AC_TYPE_UINT8_T
|
|
AM_PROG_AS
|
|
AM_PROG_CC_C_O
|
|
LT_LIB_M
|
|
|
|
OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
|
|
OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
|
|
OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
|
|
DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
|
|
|
|
thread_ls_on=no
|
|
# Thread local storage
|
|
AX_TLS([
|
|
[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]
|
|
[thread_ls_on=yes]
|
|
] , [:])
|
|
|
|
|
|
# DEBUG
|
|
AX_DEBUG
|
|
AS_IF([test "$ax_enable_debug" = "yes"],
|
|
[AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
|
|
[AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
|
|
|
|
|
|
# SINGLE THREADED
|
|
AC_ARG_ENABLE([singlethreaded],
|
|
[ --enable-singlethreaded Enable wolfSSL single threaded (default: disabled)],
|
|
[ ENABLED_SINGLETHREADED=$enableval ],
|
|
[ ENABLED_SINGLETHREADED=no ])
|
|
|
|
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
|
|
AX_PTHREAD([
|
|
AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
|
|
AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS"
|
|
LIBS="$LIBS $PTHREAD_LIBS"
|
|
],[
|
|
ENABLED_SINGLETHREADED=yes
|
|
])
|
|
])
|
|
|
|
AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
|
|
|
|
|
|
# DTLS
|
|
AC_ARG_ENABLE([dtls],
|
|
[ --enable-dtls Enable wolfSSL DTLS (default: disabled)],
|
|
[ ENABLED_DTLS=$enableval ],
|
|
[ ENABLED_DTLS=no ]
|
|
)
|
|
if test "$ENABLED_DTLS" = "yes"
|
|
then
|
|
AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
|
|
fi
|
|
|
|
|
|
# OPENSSL Extra Compatibility
|
|
AC_ARG_ENABLE([opensslextra],
|
|
[ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
|
|
[ ENABLED_OPENSSLEXTRA=$enableval ],
|
|
[ ENABLED_OPENSSLEXTRA=no ]
|
|
)
|
|
if test "$ENABLED_OPENSSLEXTRA" = "yes"
|
|
then
|
|
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
|
|
fi
|
|
|
|
if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
|
|
then
|
|
AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
|
|
fi
|
|
|
|
|
|
# IPv6 Test Apps
|
|
AC_ARG_ENABLE([ipv6],
|
|
[ --enable-ipv6 Enable testing of IPV6 (default: disabled)],
|
|
[ ENABLED_IPV6=$enableval ],
|
|
[ ENABLED_IPV6=no ]
|
|
)
|
|
|
|
if test "$ENABLED_IPV6" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6"
|
|
fi
|
|
|
|
|
|
# Fortress build
|
|
AC_ARG_ENABLE([fortress],
|
|
[ --enable-fortress Enable SSL fortress build (default: disabled)],
|
|
[ ENABLED_FORTRESS=$enableval ],
|
|
[ ENABLED_FORTRESS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_FORTRESS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
|
|
|
|
# ssl bump build
|
|
AC_ARG_ENABLE([bump],
|
|
[ --enable-bump Enable SSL Bump build (default: disabled)],
|
|
[ ENABLED_BUMP=$enableval ],
|
|
[ ENABLED_BUMP=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BUMP" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
|
|
fi
|
|
|
|
ENABLED_SLOWMATH="yes"
|
|
|
|
# lean psk build
|
|
AC_ARG_ENABLE([leanpsk],
|
|
[ --enable-leanpsk Enable Lean PSK build (default: disabled)],
|
|
[ ENABLED_LEANPSK=$enableval ],
|
|
[ ENABLED_LEANPSK=no ]
|
|
)
|
|
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_DES3 -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
|
|
ENABLED_SLOWMATH="no"
|
|
ENABLED_SINGLETHREADED="yes"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
|
|
|
|
|
|
# big cache
|
|
AC_ARG_ENABLE([bigcache],
|
|
[ --enable-bigcache Enable big session cache (default: disabled)],
|
|
[ ENABLED_BIGCACHE=$enableval ],
|
|
[ ENABLED_BIGCACHE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BIGCACHE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# HUGE cache
|
|
AC_ARG_ENABLE([hugecache],
|
|
[ --enable-hugecache Enable huge session cache (default: disabled)],
|
|
[ ENABLED_HUGECACHE=$enableval ],
|
|
[ ENABLED_HUGECACHE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_HUGECACHE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# SMALL cache
|
|
AC_ARG_ENABLE([smallcache],
|
|
[ --enable-smallcache Enable small session cache (default: disabled)],
|
|
[ ENABLED_SMALLCACHE=$enableval ],
|
|
[ ENABLED_SMALLCACHE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SMALLCACHE" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# Persistent session cache
|
|
AC_ARG_ENABLE([savesession],
|
|
[ --enable-savesession Enable persistent session cache (default: disabled)],
|
|
[ ENABLED_SAVESESSION=$enableval ],
|
|
[ ENABLED_SAVESESSION=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SAVESESSION" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
|
|
fi
|
|
|
|
|
|
# Persistent cert cache
|
|
AC_ARG_ENABLE([savecert],
|
|
[ --enable-savecert Enable persistent cert cache (default: disabled)],
|
|
[ ENABLED_SAVECERT=$enableval ],
|
|
[ ENABLED_SAVECERT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SAVECERT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
|
|
fi
|
|
|
|
|
|
# Atomic User Record Layer
|
|
AC_ARG_ENABLE([atomicuser],
|
|
[ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)],
|
|
[ ENABLED_ATOMICUSER=$enableval ],
|
|
[ ENABLED_ATOMICUSER=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ATOMICUSER" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
|
|
fi
|
|
|
|
|
|
# Public Key Callbacks
|
|
AC_ARG_ENABLE([pkcallbacks],
|
|
[ --enable-pkcallbacks Enable Public Key Callbacks (default: disabled)],
|
|
[ ENABLED_PKCALLBACKS=$enableval ],
|
|
[ ENABLED_PKCALLBACKS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_PKCALLBACKS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
|
|
fi
|
|
|
|
|
|
# SNIFFER
|
|
ENABLED_SNIFFTEST=no
|
|
AC_ARG_ENABLE([sniffer],
|
|
[AS_HELP_STRING([--enable-sniffer],[ Enable wolfSSL sniffer support (default: disabled) ])],[
|
|
ENABLED_SNIFFER=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DOPENSSL_EXTRA"
|
|
AS_IF([ test "x$enableval" = "xyes" ],[ AC_CHECK_HEADERS([pcap/pcap.h],[
|
|
ENABLED_SNIFFTEST=yes
|
|
],[ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]) ])
|
|
],[
|
|
ENABLED_SNIFFER=no
|
|
])
|
|
|
|
AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
|
|
AM_CONDITIONAL([BUILD_SNIFFTEST], [ test "x$ENABLED_SNIFFTEST" = "xyes" ])
|
|
|
|
# AES-GCM
|
|
AC_ARG_ENABLE([aesgcm],
|
|
[ --enable-aesgcm Enable wolfSSL AES-GCM support (default: disabled)],
|
|
[ ENABLED_AESGCM=$enableval ],
|
|
[ ENABLED_AESGCM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESGCM" = "word32"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "small"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "table"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
|
|
ENABLED_AESGCM=yes
|
|
fi
|
|
|
|
if test "$ENABLED_AESGCM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
|
|
|
|
|
|
# AES-CCM
|
|
AC_ARG_ENABLE([aesccm],
|
|
[ --enable-aesccm Enable wolfSSL AES-CCM support (default: disabled)],
|
|
[ ENABLED_AESCCM=$enableval ],
|
|
[ ENABLED_AESCCM=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESCCM" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
|
|
|
|
|
|
# AES-NI
|
|
AC_ARG_ENABLE([aesni],
|
|
[ --enable-aesni Enable wolfSSL AES-NI support (default: disabled)],
|
|
[ ENABLED_AESNI=$enableval ],
|
|
[ ENABLED_AESNI=no ]
|
|
)
|
|
|
|
if test "$ENABLED_AESNI" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
|
|
if test "$GCC" = "yes"
|
|
then
|
|
# GCC needs these flags, icc doesn't
|
|
# opt levels greater than 2 may cause problems on systems w/o aesni
|
|
if test "$CC" != "icc"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -maes -msse4"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
|
|
|
|
|
|
# POLY1305
|
|
AC_ARG_ENABLE([poly1305],
|
|
[ --enable-poly1305 Enable wolfSSL POLY1305 support (default: disabled)],
|
|
[ ENABLED_POLY1305=$enableval ],
|
|
[ ENABLED_POLY1305=no ]
|
|
)
|
|
|
|
if test "$ENABLED_POLY1305" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
|
|
|
|
|
|
# Camellia
|
|
AC_ARG_ENABLE([camellia],
|
|
[ --enable-camellia Enable wolfSSL Camellia support (default: disabled)],
|
|
[ ENABLED_CAMELLIA=$enableval ],
|
|
[ ENABLED_CAMELLIA=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CAMELLIA" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_CAMELLIA], [test "x$ENABLED_CAMELLIA" = "xyes"])
|
|
|
|
|
|
# MD2
|
|
AC_ARG_ENABLE([md2],
|
|
[ --enable-md2 Enable wolfSSL MD2 support (default: disabled)],
|
|
[ ENABLED_MD2=$enableval ],
|
|
[ ENABLED_MD2=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BUMP" = "yes"
|
|
then
|
|
ENABLED_MD2="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_MD2" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
|
|
|
|
|
|
# NULL CIPHER
|
|
AC_ARG_ENABLE([nullcipher],
|
|
[ --enable-nullcipher Enable wolfSSL NULL cipher support (default: disabled)],
|
|
[ ENABLED_NULL_CIPHER=$enableval ],
|
|
[ ENABLED_NULL_CIPHER=no ]
|
|
)
|
|
|
|
if test "$ENABLED_NULL_CIPHER" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
|
|
fi
|
|
|
|
# RIPEMD
|
|
AC_ARG_ENABLE([ripemd],
|
|
[ --enable-ripemd Enable wolfSSL RIPEMD-160 support (default: disabled)],
|
|
[ ENABLED_RIPEMD=$enableval ],
|
|
[ ENABLED_RIPEMD=no ]
|
|
)
|
|
|
|
if test "$ENABLED_RIPEMD" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
|
|
|
|
|
|
# BLAKE2
|
|
AC_ARG_ENABLE([blake2],
|
|
[ --enable-blake2 Enable wolfSSL BLAKE2 support (default: disabled)],
|
|
[ ENABLED_BLAKE2=$enableval ],
|
|
[ ENABLED_BLAKE2=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BLAKE2" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_BLAKE2], [test "x$ENABLED_BLAKE2" = "xyes"])
|
|
|
|
|
|
# SHA512
|
|
AC_ARG_ENABLE([sha512],
|
|
[ --enable-sha512 Enable wolfSSL SHA-512 support (default: disabled)],
|
|
[ ENABLED_SHA512=$enableval ],
|
|
[ ENABLED_SHA512=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SHA512" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
|
|
fi
|
|
|
|
if test "$ENABLED_FORTRESS" = "yes"
|
|
then
|
|
ENABLED_SHA512="yes"
|
|
fi
|
|
|
|
|
|
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
|
|
|
|
|
|
# SESSION CERTS
|
|
AC_ARG_ENABLE([sessioncerts],
|
|
[ --enable-sessioncerts Enable session cert storing (default: disabled)],
|
|
[ ENABLED_SESSIONCERTS=$enableval ],
|
|
[ ENABLED_SESSIONCERTS=no ]
|
|
)
|
|
|
|
if test "$ENABLED_SESSIONCERTS" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
|
|
fi
|
|
|
|
|
|
# KEY GENERATION
|
|
AC_ARG_ENABLE([keygen],
|
|
[ --enable-keygen Enable key generation (default: disabled)],
|
|
[ ENABLED_KEYGEN=$enableval ],
|
|
[ ENABLED_KEYGEN=no ]
|
|
)
|
|
|
|
if test "$ENABLED_KEYGEN" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
|
|
|
|
# CERT GENERATION
|
|
AC_ARG_ENABLE([certgen],
|
|
[ --enable-certgen Enable cert generation (default: disabled)],
|
|
[ ENABLED_CERTGEN=$enableval ],
|
|
[ ENABLED_CERTGEN=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CERTGEN" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
|
|
|
|
# CERT REQUEST GENERATION
|
|
AC_ARG_ENABLE([certreq],
|
|
[ --enable-certreq Enable cert request generation (default: disabled)],
|
|
[ ENABLED_CERTREQ=$enableval ],
|
|
[ ENABLED_CERTREQ=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CERTREQ" = "yes"
|
|
then
|
|
if test "$ENABLED_CERTGEN" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable certreq without enabling certgen.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
|
|
|
|
# SEP
|
|
AC_ARG_ENABLE([sep],
|
|
[ --enable-sep Enable sep extensions (default: disabled)],
|
|
[ ENABLED_SEP=$enableval ],
|
|
[ ENABLED_SEP=no ]
|
|
)
|
|
if test "$ENABLED_SEP" = "yes"
|
|
then
|
|
AM_CFLAGS="-DWOLFSSL_SEP -DKEEP_PEER_CERT $AM_CFLAGS"
|
|
fi
|
|
|
|
|
|
# HKDF
|
|
AC_ARG_ENABLE([hkdf],
|
|
[ --enable-hkdf Enable HKDF (HMAC-KDF) support (default: disabled)],
|
|
[ ENABLED_HKDF=$enableval ],
|
|
[ ENABLED_HKDF=no ]
|
|
)
|
|
if test "$ENABLED_HKDF" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
|
|
fi
|
|
|
|
|
|
# DSA
|
|
AC_ARG_ENABLE([dsa],
|
|
[ --enable-dsa Enable DSA (default: disabled)],
|
|
[ ENABLED_DSA=$enableval ],
|
|
[ ENABLED_DSA=no ]
|
|
)
|
|
|
|
if test "$ENABLED_DSA" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"])
|
|
|
|
|
|
# ECC
|
|
AC_ARG_ENABLE([ecc],
|
|
[ --enable-ecc Enable ECC (default: disabled)],
|
|
[ ENABLED_ECC=$enableval ],
|
|
[ ENABLED_ECC=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ECC" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
|
|
|
|
|
|
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_SMALL" = "yes"
|
|
then
|
|
AC_MSG_ERROR([cannot enable ecc and small, ecc requires TLS which small turns off.])
|
|
fi
|
|
|
|
|
|
# FP ECC, Fixed Point cache ECC
|
|
AC_ARG_ENABLE([fpecc],
|
|
[ --enable-fpecc Enable Fixed Point cache ECC (default: disabled)],
|
|
[ ENABLED_FPECC=$enableval ],
|
|
[ ENABLED_FPECC=no ]
|
|
)
|
|
|
|
if test "$ENABLED_FPECC" = "yes"
|
|
then
|
|
if test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
|
|
fi
|
|
|
|
|
|
# ECC encrypt
|
|
AC_ARG_ENABLE([eccencrypt],
|
|
[ --enable-eccencrypt Enable ECC encrypt (default: disabled)],
|
|
[ ENABLED_ECC_ENCRYPT=$enableval ],
|
|
[ ENABLED_ECC_ENCRYPT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_ECC_ENCRYPT" = "yes"
|
|
then
|
|
if test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
|
|
fi
|
|
if test "$ENABLED_HKDF" = "no"
|
|
then
|
|
AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
|
|
fi
|
|
|
|
|
|
# PSK
|
|
AC_ARG_ENABLE([psk],
|
|
[ --enable-psk Enable PSK (default: disabled)],
|
|
[ ENABLED_PSK=$enableval ],
|
|
[ ENABLED_PSK=no ]
|
|
)
|
|
|
|
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
|
|
fi
|
|
|
|
if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
ENABLED_PSK=yes
|
|
fi
|
|
|
|
|
|
# ERROR STRINGS
|
|
AC_ARG_ENABLE([errorstrings],
|
|
[ --enable-errorstrings Enable error strings table (default: enabled)],
|
|
[ ENABLED_ERROR_STRINGS=$enableval ],
|
|
[ ENABLED_ERROR_STRINGS=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_ERROR_STRINGS" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
|
|
else
|
|
# turn off error strings if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
|
|
ENABLED_ERROR_STRINGS=no
|
|
fi
|
|
fi
|
|
|
|
|
|
# OLD TLS
|
|
AC_ARG_ENABLE([oldtls],
|
|
[ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)],
|
|
[ ENABLED_OLD_TLS=$enableval ],
|
|
[ ENABLED_OLD_TLS=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_OLD_TLS" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
|
|
else
|
|
# turn off old if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
|
|
ENABLED_OLD_TLS=no
|
|
fi
|
|
fi
|
|
|
|
|
|
# STACK SIZE info for examples
|
|
AC_ARG_ENABLE([stacksize],
|
|
[ --enable-stacksize Enable stack size info on examples (default: disabled)],
|
|
[ ENABLED_STACKSIZE=$enableval ],
|
|
[ ENABLED_STACKSIZE=no ]
|
|
)
|
|
|
|
if test "$ENABLED_STACKSIZE" = "yes"
|
|
then
|
|
AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
|
|
AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE -DWOLFSSL_LOW_MEMORY"
|
|
fi
|
|
|
|
|
|
# MEMORY
|
|
AC_ARG_ENABLE([memory],
|
|
[ --enable-memory Enable memory callbacks (default: enabled)],
|
|
[ ENABLED_MEMORY=$enableval ],
|
|
[ ENABLED_MEMORY=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_MEMORY" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
|
|
else
|
|
# turn off memory cb if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
# but don't turn on NO_WOLFSSL_MEMORY because using own
|
|
ENABLED_MEMORY=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
|
|
|
|
|
|
# RSA
|
|
AC_ARG_ENABLE([rsa],
|
|
[ --enable-rsa Enable RSA (default: enabled)],
|
|
[ ENABLED_RSA=$enableval ],
|
|
[ ENABLED_RSA=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_RSA" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
|
|
else
|
|
# turn off RSA if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
|
|
ENABLED_RSA=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
|
|
|
|
|
|
# DH
|
|
AC_ARG_ENABLE([dh],
|
|
[ --enable-dh Enable DH (default: disabled)],
|
|
[ ENABLED_DH=$enableval ],
|
|
[ ENABLED_DH=no ]
|
|
)
|
|
|
|
if test "$ENABLED_DH" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
|
|
else
|
|
# turn off DH if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DH"
|
|
ENABLED_DH=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_DH], [test "x$ENABLED_DH" = "xyes"])
|
|
|
|
|
|
# Anonymous
|
|
AC_ARG_ENABLE([anon],
|
|
[AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
|
|
[ ENABLED_ANON=$enableval ],
|
|
[ ENABLED_ANON=no ]
|
|
)
|
|
|
|
|
|
if test "x$ENABLED_ANON" = "xyes"
|
|
then
|
|
if test "x$ENABLED_DH" != "xyes"
|
|
then
|
|
AC_MSG_ERROR([Anonymous suite requires DH.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
|
|
fi
|
|
|
|
|
|
# ASN
|
|
# turn off asn, which means no certs, no rsa, no dh, no dsa, no ecc,
|
|
# and no big int, use this to disable all public key stuff
|
|
AC_ARG_ENABLE([asn],
|
|
[ --enable-asn Enable ASN (default: enabled)],
|
|
[ ENABLED_ASN=$enableval ],
|
|
[ ENABLED_ASN=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_ASN" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
|
|
else
|
|
# turn off ASN if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
|
|
ENABLED_ASN=no
|
|
fi
|
|
fi
|
|
|
|
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
|
|
then
|
|
AC_MSG_ERROR([please disable rsa if disabling asn.])
|
|
fi
|
|
|
|
if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
|
|
then
|
|
AC_MSG_ERROR([please disable dsa if disabling asn.])
|
|
fi
|
|
|
|
if test "$ENABLED_DH" = "yes" && test "$ENABLED_ASN" = "no"
|
|
then
|
|
AC_MSG_ERROR([please disable dh if disabling asn.])
|
|
fi
|
|
|
|
if test "$ENABLED_ECC" = "yes" && test "$ENABLED_ASN" = "no"
|
|
then
|
|
AC_MSG_ERROR([please disable ecc if disabling asn.])
|
|
fi
|
|
|
|
if test "$ENABLED_PSK" = "no" && test "$ENABLED_ASN" = "no"
|
|
then
|
|
AC_MSG_ERROR([please enable psk if disabling asn.])
|
|
fi
|
|
|
|
if test "$ENABLED_ASN" = "no"
|
|
then
|
|
ENABLED_FASTMATH=no
|
|
ENABLED_SLOWMATH=no
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
|
|
|
|
|
|
# AES
|
|
AC_ARG_ENABLE([aes],
|
|
[ --enable-aes Enable AES (default: enabled)],
|
|
[ ENABLED_AES=$enableval ],
|
|
[ ENABLED_AES=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_AES" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
|
|
else
|
|
# turn off AES if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_AES"
|
|
ENABLED_AES=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_AES], [test "x$ENABLED_AES" = "xyes"])
|
|
|
|
|
|
# CODING
|
|
AC_ARG_ENABLE([coding],
|
|
[ --enable-coding Enable Coding base 16/64 (default: enabled)],
|
|
[ ENABLED_CODING=$enableval ],
|
|
[ ENABLED_CODING=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_CODING" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
|
|
else
|
|
# turn off CODING if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
|
|
ENABLED_CODING=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_CODING], [test "x$ENABLED_CODING" = "xyes"])
|
|
|
|
|
|
# DES3
|
|
AC_ARG_ENABLE([des3],
|
|
[ --enable-des3 Enable DES3 (default: enabled)],
|
|
[ ENABLED_DES3=$enableval ],
|
|
[ ENABLED_DES3=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_DES3" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
|
|
else
|
|
# turn off DES3 if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
|
|
ENABLED_DES3=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
|
|
|
|
|
|
# ARC4
|
|
AC_ARG_ENABLE([arc4],
|
|
[ --enable-arc4 Enable ARC4 (default: enabled)],
|
|
[ ENABLED_ARC4=$enableval ],
|
|
[ ENABLED_ARC4=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_ARC4" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
|
else
|
|
# turn off ARC4 if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
|
|
ENABLED_ARC4=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
|
|
|
|
|
|
# MD5
|
|
AC_ARG_ENABLE([md5],
|
|
[ --enable-md5 Enable MD5 (default: enabled)],
|
|
[ ENABLED_MD5=$enableval ],
|
|
[ ENABLED_MD5=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_MD5" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
|
|
else
|
|
# turn off MD5 if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
|
|
ENABLED_MD5=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
|
|
|
|
|
|
# SHA
|
|
AC_ARG_ENABLE([sha],
|
|
[ --enable-sha Enable SHA (default: enabled)],
|
|
[ ENABLED_SHA=$enableval ],
|
|
[ ENABLED_SHA=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_SHA" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
|
|
else
|
|
# turn off SHA if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
|
|
ENABLED_SHA=no
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
|
|
|
|
|
|
# MD4
|
|
AC_ARG_ENABLE([md4],
|
|
[ --enable-md4 Enable MD4 (default: disabled)],
|
|
[ ENABLED_MD4=$enableval ],
|
|
[ ENABLED_MD4=no ]
|
|
)
|
|
|
|
if test "$ENABLED_MD4" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
|
|
|
|
|
|
# Web Server Build
|
|
AC_ARG_ENABLE([webserver],
|
|
[ --enable-webserver Enable Web Server (default: disabled)],
|
|
[ ENABLED_WEBSERVER=$enableval ],
|
|
[ ENABLED_WEBSERVER=no ]
|
|
)
|
|
|
|
if test "$ENABLED_WEBSERVER" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
|
|
fi
|
|
|
|
|
|
# PWDBASED
|
|
AC_ARG_ENABLE([pwdbased],
|
|
[ --enable-pwdbased Enable PWDBASED (default: disabled)],
|
|
[ ENABLED_PWDBASED=$enableval ],
|
|
[ ENABLED_PWDBASED=no ]
|
|
)
|
|
|
|
if test "$ENABLED_PWDBASED" = "no"
|
|
then
|
|
if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
|
|
then
|
|
# opensslextra and webserver needs pwdbased
|
|
ENABLED_PWDBASED=yes
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
|
|
fi
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"])
|
|
|
|
|
|
# HC128
|
|
AC_ARG_ENABLE([hc128],
|
|
[ --enable-hc128 Enable HC-128 (default: disabled)],
|
|
[ ENABLED_HC128=$enableval ],
|
|
[ ENABLED_HC128=no ]
|
|
)
|
|
|
|
if test "$ENABLED_HC128" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
|
|
|
|
|
|
# RABBIT
|
|
AC_ARG_ENABLE([rabbit],
|
|
[ --enable-rabbit Enable RABBIT (default: disabled)],
|
|
[ ENABLED_RABBIT=$enableval ],
|
|
[ ENABLED_RABBIT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_RABBIT" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
|
|
|
|
|
|
# CHACHA
|
|
AC_ARG_ENABLE([chacha],
|
|
[ --enable-chacha Enable CHACHA (default: disabled)],
|
|
[ ENABLED_CHACHA=$enableval ],
|
|
[ ENABLED_CHACHA=no ]
|
|
)
|
|
|
|
if test "$ENABLED_CHACHA" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
|
|
|
|
|
|
# FIPS
|
|
AC_ARG_ENABLE([fips],
|
|
[ --enable-fips Enable FIPS 140-2 (default: disabled)],
|
|
[ ENABLED_FIPS=$enableval ],
|
|
[ ENABLED_FIPS=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_FIPS" = "xyes"
|
|
then
|
|
# requires thread local storage
|
|
if test "$thread_ls_on" = "no"
|
|
then
|
|
AC_MSG_ERROR([FIPS requires Thread Local Storage])
|
|
fi
|
|
# requires SHA512
|
|
if test "x$ENABLED_SHA512" = "xno"
|
|
then
|
|
ENABLED_SHA512="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
|
|
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
|
|
fi
|
|
# requires AESGCM
|
|
if test "x$ENABLED_AESGCM" != "xyes"
|
|
then
|
|
ENABLED_AESGCM="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
|
|
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
|
|
|
|
|
|
# Hash DRBG
|
|
AC_ARG_ENABLE([hashdrbg],
|
|
[ --enable-hashdrbg Enable Hash DRBG support (default: enabled)],
|
|
[ ENABLED_HASHDRBG=$enableval ],
|
|
[ ENABLED_HASHDRBG=yes ]
|
|
)
|
|
|
|
if test "x$ENABLED_HASHDRBG" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
|
|
else
|
|
# turn on Hash DRBG if FIPS is on or ARC4 is off
|
|
if test "x$ENABLED_FIPS" = "xyes" || test "x$ENABLED_ARC4" = "xno"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
|
|
ENABLED_HASHDRBG=yes
|
|
fi
|
|
fi
|
|
|
|
|
|
# Filesystem Build
|
|
AC_ARG_ENABLE([filesystem],
|
|
[ --enable-filesystem Enable Filesystem support (default: enabled)],
|
|
[ ENABLED_FILESYSTEM=$enableval ],
|
|
[ ENABLED_FILESYSTEM=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_FILESYSTEM" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
|
|
else
|
|
# turn off filesystem if leanpsk on
|
|
if test "$ENABLED_LEANPSK" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
|
|
ENABLED_FILESYSTEM=no
|
|
fi
|
|
fi
|
|
|
|
|
|
# inline Build
|
|
AC_ARG_ENABLE([inline],
|
|
[ --enable-inline Enable inline functions (default: enabled)],
|
|
[ ENABLED_INLINE=$enableval ],
|
|
[ ENABLED_INLINE=yes ]
|
|
)
|
|
|
|
if test "$ENABLED_INLINE" = "no"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"])
|
|
|
|
|
|
# OCSP
|
|
AC_ARG_ENABLE([ocsp],
|
|
[ --enable-ocsp Enable OCSP (default: disabled)],
|
|
[ ENABLED_OCSP=$enableval ],
|
|
[ ENABLED_OCSP=no ],
|
|
)
|
|
|
|
if test "$ENABLED_OCSP" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
|
|
|
|
|
|
if test "$ENABLED_OCSP" = "yes"
|
|
then
|
|
# check openssl command tool for testing ocsp
|
|
AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
|
|
|
|
if test "$HAVE_OPENSSL_CMD" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
|
|
else
|
|
AC_MSG_WARN([openssl command line tool not available for testing ocsp])
|
|
fi
|
|
fi
|
|
|
|
|
|
# CRL
|
|
AC_ARG_ENABLE([crl],
|
|
[ --enable-crl Enable CRL (default: disabled)],
|
|
[ ENABLED_CRL=$enableval ],
|
|
[ ENABLED_CRL=no ],
|
|
)
|
|
|
|
if test "$ENABLED_CRL" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
|
|
|
|
|
|
# CRL Monitor
|
|
AC_ARG_ENABLE([crl-monitor],
|
|
[ --enable-crl-monitor Enable CRL Monitor (default: disabled)],
|
|
[ ENABLED_CRL_MONITOR=$enableval ],
|
|
[ ENABLED_CRL_MONITOR=no ],
|
|
)
|
|
|
|
if test "$ENABLED_CRL_MONITOR" = "yes"
|
|
then
|
|
case $host_os in
|
|
*linux* | *darwin* | *freebsd*)
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
|
|
*)
|
|
AC_MSG_ERROR([crl monitor only allowed on linux, OS X, or freebsd]) ;;
|
|
esac
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
|
|
|
|
|
|
# NTRU
|
|
ENABLED_NTRU="no"
|
|
tryntrudir=""
|
|
AC_ARG_WITH([ntru],
|
|
[ --with-ntru=PATH Path to NTRU install (default /usr/) ],
|
|
[
|
|
AC_MSG_CHECKING([for NTRU])
|
|
CPPFLAGS="$CPPFLAGS -DHAVE_NTRU"
|
|
LIBS="$LIBS -lNTRUEncrypt"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
|
|
|
|
if test "x$ntru_linked" == "xno" ; then
|
|
if test "x$withval" != "xno" ; then
|
|
tryntrudir=$withval
|
|
fi
|
|
if test "x$withval" == "xyes" ; then
|
|
tryntrudir="/usr"
|
|
fi
|
|
|
|
LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
|
|
CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
|
|
|
|
if test "x$ntru_linked" == "xno" ; then
|
|
AC_MSG_ERROR([NTRU isn't found.
|
|
If it's already installed, specify its path using --with-ntru=/dir/])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
|
|
else
|
|
AC_MSG_RESULT([yes])
|
|
fi
|
|
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU"
|
|
ENABLED_NTRU="yes"
|
|
]
|
|
)
|
|
|
|
AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
|
|
|
|
if test "$ENABLED_NTRU" = "yes" && test "$ENABLED_SMALL" = "yes"
|
|
then
|
|
AC_MSG_ERROR([cannot enable ntru and small, ntru requires TLS which small turns off.])
|
|
fi
|
|
|
|
# SNI
|
|
AC_ARG_ENABLE([sni],
|
|
[ --enable-sni Enable SNI (default: disabled)],
|
|
[ ENABLED_SNI=$enableval ],
|
|
[ ENABLED_SNI=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SNI" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
|
|
fi
|
|
|
|
# Maximum Fragment Length
|
|
AC_ARG_ENABLE([maxfragment],
|
|
[ --enable-maxfragment Enable Maximum Fragment Length (default: disabled)],
|
|
[ ENABLED_MAX_FRAGMENT=$enableval ],
|
|
[ ENABLED_MAX_FRAGMENT=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
|
|
fi
|
|
|
|
# Truncated HMAC
|
|
AC_ARG_ENABLE([truncatedhmac],
|
|
[ --enable-truncatedhmac Enable Truncated HMAC (default: disabled)],
|
|
[ ENABLED_TRUNCATED_HMAC=$enableval ],
|
|
[ ENABLED_TRUNCATED_HMAC=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
|
|
fi
|
|
|
|
# Renegotiation Indication - (FAKE Secure Renegotiation)
|
|
AC_ARG_ENABLE([renegotiation-indication],
|
|
[ --enable-renegotiation-indication Enable Renegotiation Indication (default: disabled)],
|
|
[ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
|
|
[ ENABLED_RENEGOTIATION_INDICATION=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
|
|
fi
|
|
|
|
# Secure Renegotiation
|
|
AC_ARG_ENABLE([secure-renegotiation],
|
|
[ --enable-secure-renegotiation Enable Secure Renegotiation (default: disabled)],
|
|
[ ENABLED_SECURE_RENEGOTIATION=$enableval ],
|
|
[ ENABLED_SECURE_RENEGOTIATION=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
|
|
then
|
|
if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
|
|
then
|
|
AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION"
|
|
fi
|
|
|
|
# Supported Elliptic Curves Extensions
|
|
AC_ARG_ENABLE([supportedcurves],
|
|
[ --enable-supportedcurves Enable Supported Elliptic Curves (default: disabled)],
|
|
[ ENABLED_SUPPORTED_CURVES=$enableval ],
|
|
[ ENABLED_SUPPORTED_CURVES=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"
|
|
fi
|
|
|
|
# Session Ticket Extension
|
|
AC_ARG_ENABLE([session-ticket],
|
|
[ --enable-session-ticket Enable Session Ticket (default: disabled)],
|
|
[ ENABLED_SESSION_TICKET=$enableval ],
|
|
[ ENABLED_SESSION_TICKET=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SESSION_TICKET" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
|
|
fi
|
|
|
|
# TLS Extensions
|
|
AC_ARG_ENABLE([tlsx],
|
|
[ --enable-tlsx Enable all TLS Extensions (default: disabled)],
|
|
[ ENABLED_TLSX=$enableval ],
|
|
[ ENABLED_TLSX=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_TLSX" = "xyes"
|
|
then
|
|
ENABLED_SNI=yes
|
|
ENABLED_MAX_FRAGMENT=yes
|
|
ENABLED_TRUNCATED_HMAC=yes
|
|
ENABLED_SUPPORTED_CURVES=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_SUPPORTED_CURVES"
|
|
fi
|
|
|
|
# PKCS7
|
|
AC_ARG_ENABLE([pkcs7],
|
|
[ --enable-pkcs7 Enable PKCS7 (default: disabled)],
|
|
[ ENABLED_PKCS7=$enableval ],
|
|
[ ENABLED_PKCS7=no ],
|
|
)
|
|
|
|
if test "$ENABLED_PKCS7" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
|
|
|
|
|
|
# Simple Certificate Enrollment Protocol (SCEP)
|
|
AC_ARG_ENABLE([scep],
|
|
[ --enable-scep Enable wolfSCEP (default: disabled)],
|
|
[ ENABLED_WOLFSCEP=$enableval ],
|
|
[ ENABLED_WOLFSCEP=no ]
|
|
)
|
|
if test "$ENABLED_WOLFSCEP" = "yes"
|
|
then
|
|
# Enable prereqs if not already enabled
|
|
if test "x$ENABLED_KEYGEN" = "xno"
|
|
then
|
|
ENABLED_KEYGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
if test "x$ENABLED_CERTREQ" = "xno"
|
|
then
|
|
ENABLED_CERTREQ="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
|
|
fi
|
|
if test "x$ENABLED_PKCS7" = "xno"
|
|
then
|
|
ENABLED_PKCS7="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
|
|
AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
|
|
fi
|
|
|
|
|
|
# Small Stack
|
|
AC_ARG_ENABLE([smallstack],
|
|
[ --enable-smallstack Enable Small Stack Usage (default: disabled)],
|
|
[ ENABLED_SMALL_STACK=$enableval ],
|
|
[ ENABLED_SMALL_STACK=no ]
|
|
)
|
|
|
|
if test "x$ENABLED_SMALL_STACK" = "xyes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
|
|
fi
|
|
|
|
|
|
#valgrind
|
|
AC_ARG_ENABLE([valgrind],
|
|
[ --enable-valgrind Enable valgrind for unit tests (default: disabled)],
|
|
[ ENABLED_VALGRIND=$enableval ],
|
|
[ ENABLED_VALGRIND=no ]
|
|
)
|
|
|
|
if test "$ENABLED_VALGRIND" = "yes"
|
|
then
|
|
AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
|
|
|
|
if test "$HAVE_VALGRIND" = "no"
|
|
then
|
|
AC_MSG_ERROR([Valgrind not found.])
|
|
fi
|
|
enable_shared=no
|
|
enable_static=yes
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
|
|
fi
|
|
|
|
AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
|
|
|
|
|
|
# Test certs, use internal cert functions for extra testing
|
|
AC_ARG_ENABLE([testcert],
|
|
[ --enable-testcert Enable Test Cert (default: disabled)],
|
|
[ ENABLED_TESTCERT=$enableval ],
|
|
[ ENABLED_TESTCERT=no ]
|
|
)
|
|
|
|
if test "$ENABLED_TESTCERT" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
|
|
fi
|
|
|
|
|
|
# I/O Pool, an example to show user how to override memory handler and use
|
|
# a pool for the input/output buffer requests
|
|
AC_ARG_ENABLE([iopool],
|
|
[ --enable-iopool Enable I/O Pool example (default: disabled)],
|
|
[ ENABLED_IOPOOL=$enableval ],
|
|
[ ENABLED_IOPOOL=no ]
|
|
)
|
|
|
|
if test "$ENABLED_IOPOOL" = "yes"
|
|
then
|
|
if test "$thread_ls_on" = "no"
|
|
then
|
|
AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
|
|
fi
|
|
|
|
|
|
# Certificate Service Support
|
|
AC_ARG_ENABLE([certservice],
|
|
[ --enable-certservice Enable cert service (default: disabled)],
|
|
[ ENABLED_CERT_SERVICE=$enableval ],
|
|
[ ENABLED_CERT_SERVICE=no ]
|
|
)
|
|
if test "$ENABLED_CERT_SERVICE" = "yes"
|
|
then
|
|
# Requires ecc,certgen, and opensslextra make sure on
|
|
if test "x$ENABLED_CERTGEN" = "xno"
|
|
then
|
|
ENABLED_CERTGEN="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
|
|
fi
|
|
if test "x$ENABLED_ECC" = "xno"
|
|
then
|
|
ENABLED_ECC="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR"
|
|
AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
|
|
fi
|
|
if test "x$ENABLED_OPENSSLEXTRA" = "xno"
|
|
then
|
|
ENABLED_OPENSSLEXTRA="yes"
|
|
AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
|
|
fi
|
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
|
|
fi
|
|
|
|
|
|
# set fastmath default
|
|
FASTMATH_DEFAULT=no
|
|
|
|
if test "$host_cpu" = "x86_64"
|
|
then
|
|
FASTMATH_DEFAULT=yes
|
|
fi
|
|
|
|
# fastmath
|
|
AC_ARG_ENABLE([fastmath],
|
|
[ --enable-fastmath Enable fast math ops (default: enabled on x86_64)],
|
|
[ ENABLED_FASTMATH=$enableval ],
|
|
[ ENABLED_FASTMATH=$FASTMATH_DEFAULT]
|
|
)
|
|
|
|
if test "x$ENABLED_FASTMATH" = "xyes"
|
|
then
|
|
# turn off fastmth if leanpsk on or asn off
|
|
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
|
|
then
|
|
ENABLED_FASTMATH=no
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
|
|
ENABLED_SLOWMATH="no"
|
|
fi
|
|
fi
|
|
|
|
|
|
# fast HUGE math
|
|
AC_ARG_ENABLE([fasthugemath],
|
|
[ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
|
|
[ ENABLED_FASTHUGEMATH=$enableval ],
|
|
[ ENABLED_FASTHUGEMATH=no ]
|
|
)
|
|
|
|
if test "$ENABLED_BUMP" = "yes"
|
|
then
|
|
ENABLED_FASTHUGEMATH="yes"
|
|
fi
|
|
|
|
if test "$ENABLED_FASTHUGEMATH" = "yes"
|
|
then
|
|
ENABLED_FASTMATH="yes"
|
|
AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
|
|
ENABLED_SLOWMATH="no"
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
|
|
AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
|
|
|
|
|
|
# Enable Examples, used to disable examples
|
|
AC_ARG_ENABLE([examples],
|
|
[ --enable-examples Enable Examples (default: enabled)],
|
|
[ ENABLED_EXAMPLES=$enableval ],
|
|
[ ENABLED_EXAMPLES=yes ]
|
|
)
|
|
|
|
AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
|
|
AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
|
|
# certs still have sha signatures for now
|
|
AS_IF([test "x$ENABLED_SHA" = "xno"], [ENABLED_EXAMPLES="no"])
|
|
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
|
|
|
|
|
|
# LIBZ
|
|
ENABLED_LIBZ="no"
|
|
trylibzdir=""
|
|
AC_ARG_WITH([libz],
|
|
[ --with-libz=PATH PATH to libz install (default /usr/) ],
|
|
[
|
|
AC_MSG_CHECKING([for libz])
|
|
CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
|
|
LIBS="$LIBS -lz"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
|
|
|
|
if test "x$libz_linked" == "xno" ; then
|
|
if test "x$withval" != "xno" ; then
|
|
trylibzdir=$withval
|
|
fi
|
|
if test "x$withval" == "xyes" ; then
|
|
trylibzdir="/usr"
|
|
fi
|
|
|
|
AM_LDFLAGS="$AM_LDFLAGS -L$trylibzdir/lib"
|
|
CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
|
|
|
|
if test "x$libz_linked" == "xno" ; then
|
|
AC_MSG_ERROR([libz isn't found.
|
|
If it's already installed, specify its path using --with-libz=/dir/])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
else
|
|
AC_MSG_RESULT([yes])
|
|
fi
|
|
ENABLED_LIBZ="yes"
|
|
]
|
|
)
|
|
AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
|
|
|
|
|
|
# cavium
|
|
trycaviumdir=""
|
|
AC_ARG_WITH([cavium],
|
|
[ --with-cavium=PATH PATH to cavium/software dir ],
|
|
[
|
|
AC_MSG_CHECKING([for cavium])
|
|
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
|
|
|
|
if test "x$withval" == "xyes" ; then
|
|
AC_MSG_ERROR([need a PATH for --with-cavium])
|
|
fi
|
|
if test "x$withval" != "xno" ; then
|
|
trycaviumdir=$withval
|
|
fi
|
|
|
|
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
|
|
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
|
|
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
|
|
|
|
if test "x$cavium_linked" == "xno" ; then
|
|
AC_MSG_ERROR([cavium isn't found.
|
|
If it's already installed, specify its path using --with-cavium=/dir/])
|
|
fi
|
|
AC_MSG_RESULT([yes])
|
|
enable_shared=no
|
|
enable_static=yes
|
|
]
|
|
)
|
|
|
|
|
|
# microchip api
|
|
AC_ARG_ENABLE([mcapi],
|
|
[ --enable-mcapi Enable Microchip API (default: disabled)],
|
|
[ ENABLED_MCAPI=$enableval ],
|
|
[ ENABLED_MCAPI=no ]
|
|
)
|
|
|
|
if test "$ENABLED_MCAPI" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
|
|
fi
|
|
|
|
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
|
|
then
|
|
AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
|
|
fi
|
|
|
|
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
|
|
then
|
|
AC_MSG_ERROR([please enable ecc if enabling mcapi.])
|
|
fi
|
|
|
|
if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
|
|
then
|
|
AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
|
|
fi
|
|
|
|
AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
|
|
|
|
|
|
|
|
# OPTIMIZE FLAGS
|
|
if test "$GCC" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
|
|
if test "$ax_enable_debug" = "no"
|
|
then
|
|
if test "$ENABLED_FASTMATH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
|
|
if test "$ENABLED_FASTHUGEMATH" = "yes"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
|
|
fi
|
|
else
|
|
AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# ICC command line warning for non supported warning flags
|
|
if test "$CC" = "icc"
|
|
then
|
|
AM_CFLAGS="$AM_CFLAGS -wd10006"
|
|
fi
|
|
|
|
|
|
LIB_SOCKET_NSL
|
|
AX_HARDEN_CC_COMPILER_FLAGS
|
|
|
|
# link to ws2_32 if on mingw
|
|
case $host_os in
|
|
*mingw32)
|
|
LDFLAGS="$LDFLAGS -lws2_32" ;;
|
|
esac
|
|
|
|
# add user C_EXTRA_FLAGS back
|
|
CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
|
|
OPTION_FLAGS="$USER_C_EXTRA_FLAGS $AM_CFLAGS"
|
|
|
|
CREATE_HEX_VERSION
|
|
AC_SUBST([AM_CPPFLAGS])
|
|
AC_SUBST([AM_CFLAGS])
|
|
AC_SUBST([AM_LDFLAGS])
|
|
|
|
# FINAL
|
|
AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
|
|
AC_CONFIG_FILES([Makefile])
|
|
AC_CONFIG_FILES([wolfssl/version.h])
|
|
AC_CONFIG_FILES([wolfssl/options.h])
|
|
AC_CONFIG_FILES([support/wolfssl.pc])
|
|
AC_CONFIG_FILES([rpm/spec])
|
|
|
|
AX_CREATE_GENERIC_CONFIG
|
|
AX_AM_JOBSERVER([yes])
|
|
|
|
AC_OUTPUT
|
|
|
|
|
|
# force make clean
|
|
echo "---"
|
|
echo "Running make clean..."
|
|
make clean >/dev/null 2>&1
|
|
# Touch files that may not be in repository
|
|
echo "Touching File..."
|
|
touch ctaocrypt/src/fips.c
|
|
touch ctaocrypt/src/fips_test.c
|
|
echo
|
|
|
|
# generate user options header
|
|
echo "---"
|
|
echo "Generating user options header..."
|
|
|
|
OPTION_FILE="wolfssl/options.h"
|
|
rm -f $OPTION_FILE
|
|
|
|
echo "/* wolfssl options.h" > $OPTION_FILE
|
|
echo " * generated from configure options" >> $OPTION_FILE
|
|
echo " *" >> $OPTION_FILE
|
|
echo " * Copyright (C) 2006-2014 wolfSSL Inc." >> $OPTION_FILE
|
|
echo " *" >> $OPTION_FILE
|
|
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
|
|
echo " *" >> $OPTION_FILE
|
|
echo " */" >> $OPTION_FILE
|
|
|
|
echo "" >> $OPTION_FILE
|
|
echo "#pragma once" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
echo "#ifdef __cplusplus" >> $OPTION_FILE
|
|
echo "extern \"C\" {" >> $OPTION_FILE
|
|
echo "#endif" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
|
|
for option in $OPTION_FLAGS; do
|
|
defonly=`echo $option | sed 's/-D//'`
|
|
if test "$defonly" != "$option"
|
|
then
|
|
noequalsign=`echo $defonly | sed 's/=/ /'`
|
|
echo "#undef $noequalsign" >> $OPTION_FILE
|
|
echo "#define $noequalsign" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
else
|
|
echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
|
|
fi
|
|
done
|
|
|
|
echo "" >> $OPTION_FILE
|
|
echo "#ifdef __cplusplus" >> $OPTION_FILE
|
|
echo "}" >> $OPTION_FILE
|
|
echo "#endif" >> $OPTION_FILE
|
|
echo "" >> $OPTION_FILE
|
|
echo
|
|
|
|
# output config summary
|
|
echo "---"
|
|
echo "Configuration summary for $PACKAGE_NAME version $VERSION"
|
|
echo ""
|
|
echo " * Installation prefix: $prefix"
|
|
echo " * System type: $host_vendor-$host_os"
|
|
echo " * Host CPU: $host_cpu"
|
|
echo " * C Compiler: $CC"
|
|
echo " * C Flags: $CFLAGS"
|
|
echo " * C++ Compiler: $CXX"
|
|
echo " * C++ Flags: $CXXFLAGS"
|
|
echo " * CPP Flags: $CPPFLAGS"
|
|
echo " * LIB Flags: $LIB"
|
|
echo " * Debug enabled: $ax_enable_debug"
|
|
echo " * Warnings as failure: $ac_cv_warnings_as_errors"
|
|
echo " * make -j: $enable_jobserver"
|
|
echo " * VCS checkout: $ac_cv_vcs_checkout"
|
|
echo
|
|
echo " Features "
|
|
echo " * Single threaded: $ENABLED_SINGLETHREADED"
|
|
echo " * Filesystem: $ENABLED_FILESYSTEM"
|
|
echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
|
|
echo " * fastmath: $ENABLED_FASTMATH"
|
|
echo " * sniffer: $ENABLED_SNIFFER"
|
|
echo " * snifftest: $ENABLED_SNIFFTEST"
|
|
echo " * ARC4: $ENABLED_ARC4"
|
|
echo " * AES: $ENABLED_AES"
|
|
echo " * AES-NI: $ENABLED_AESNI"
|
|
echo " * AES-GCM: $ENABLED_AESGCM"
|
|
echo " * AES-CCM: $ENABLED_AESCCM"
|
|
echo " * DES3: $ENABLED_DES3"
|
|
echo " * Camellia: $ENABLED_CAMELLIA"
|
|
echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
|
|
echo " * MD5: $ENABLED_MD5"
|
|
echo " * RIPEMD: $ENABLED_RIPEMD"
|
|
echo " * SHA: $ENABLED_SHA"
|
|
echo " * SHA-512: $ENABLED_SHA512"
|
|
echo " * BLAKE2: $ENABLED_BLAKE2"
|
|
echo " * keygen: $ENABLED_KEYGEN"
|
|
echo " * certgen: $ENABLED_CERTGEN"
|
|
echo " * certreq: $ENABLED_CERTREQ"
|
|
echo " * HC-128: $ENABLED_HC128"
|
|
echo " * RABBIT: $ENABLED_RABBIT"
|
|
echo " * CHACHA: $ENABLED_CHACHA"
|
|
echo " * Hash DRBG: $ENABLED_HASHDRBG"
|
|
echo " * PWDBASED: $ENABLED_PWDBASED"
|
|
echo " * HKDF: $ENABLED_HKDF"
|
|
echo " * MD4: $ENABLED_MD4"
|
|
echo " * PSK: $ENABLED_PSK"
|
|
echo " * Poly1305: $ENABLED_POLY1305"
|
|
echo " * LEANPSK: $ENABLED_LEANPSK"
|
|
echo " * RSA: $ENABLED_RSA"
|
|
echo " * DSA: $ENABLED_DSA"
|
|
echo " * DH: $ENABLED_DH"
|
|
echo " * ECC: $ENABLED_ECC"
|
|
echo " * FPECC: $ENABLED_FPECC"
|
|
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
|
|
echo " * ASN: $ENABLED_ASN"
|
|
echo " * Anonymous cipher: $ENABLED_ANON"
|
|
echo " * CODING: $ENABLED_CODING"
|
|
echo " * MEMORY: $ENABLED_MEMORY"
|
|
echo " * I/O POOL: $ENABLED_IOPOOL"
|
|
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
|
|
echo " * DTLS: $ENABLED_DTLS"
|
|
echo " * Old TLS Versions: $ENABLED_OLD_TLS"
|
|
echo " * OCSP: $ENABLED_OCSP"
|
|
echo " * CRL: $ENABLED_CRL"
|
|
echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
|
|
echo " * Persistent session cache: $ENABLED_SAVESESSION"
|
|
echo " * Persistent cert cache: $ENABLED_SAVECERT"
|
|
echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
|
|
echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
|
|
echo " * NTRU: $ENABLED_NTRU"
|
|
echo " * SNI: $ENABLED_SNI"
|
|
echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
|
|
echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
|
|
echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
|
|
echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
|
|
echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
|
|
echo " * Session Ticket: $ENABLED_SESSION_TICKET"
|
|
echo " * All TLS Extensions: $ENABLED_TLSX"
|
|
echo " * PKCS#7 $ENABLED_PKCS7"
|
|
echo " * wolfSCEP $ENABLED_WOLFSCEP"
|
|
echo " * Small Stack: $ENABLED_SMALL_STACK"
|
|
echo " * valgrind unit tests: $ENABLED_VALGRIND"
|
|
echo " * LIBZ: $ENABLED_LIBZ"
|
|
echo " * Examples: $ENABLED_EXAMPLES"
|
|
echo ""
|
|
echo "---"
|
|
|