1# configure.ac 2# 3# Copyright (C) 2006-2021 wolfSSL Inc. 4# 5# This file is part of wolfSSL. (formerly known as CyaSSL) 6# 7# 8AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.]) 9AC_PREREQ([2.69]) 10AC_INIT([wolfssl],[5.1.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) 11AC_CONFIG_AUX_DIR([build-aux]) 12 13# The following sets CFLAGS to empty if unset on command line. We do not 14# want the default "-g -O2" that AC_PROG_CC sets automatically. 15: ${CFLAGS=""} 16 17# Capture user C_EXTRA_FLAGS from configure line. 18# Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone 19# might still be using it. 20CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS" 21 22AC_PROG_CC 23AM_PROG_CC_C_O 24AC_CANONICAL_HOST 25AC_CANONICAL_TARGET 26AC_CONFIG_MACRO_DIR([m4]) 27 28AM_INIT_AUTOMAKE([1.14.1 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) 29m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) 30 31AC_ARG_PROGRAM 32 33AC_CONFIG_HEADERS([config.h:config.in]) 34 35LT_PREREQ([2.4.2]) 36LT_INIT([disable-static win32-dll]) 37 38AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list. Can also supply directly to make.]) 39 40#shared library versioning 41WOLFSSL_LIBRARY_VERSION=31:1:1 42# | | | 43# +------+ | +---+ 44# | | | 45# current:revision:age 46# | | | 47# | | +- increment if interfaces have been added 48# | | set to zero if interfaces have been removed 49# | | or changed 50# | +- increment if source code has changed 51# | set to zero if current is incremented 52# +- increment if interfaces have been added, removed or changed 53AC_SUBST([WOLFSSL_LIBRARY_VERSION]) 54 55gl_VISIBILITY 56AS_IF([ test -n "$CFLAG_VISIBILITY" ], [ 57 AM_CFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY" 58 ]) 59 60 61# Moved these size of and type checks before the library checks. 62# The library checks add the library to subsequent test compiles 63# and in some rare cases, the networking check causes these sizeof 64# checks to fail. 65AC_CHECK_SIZEOF([long long]) 66AC_CHECK_SIZEOF([long]) 67AC_CHECK_SIZEOF([time_t]) 68AC_CHECK_TYPES([__uint128_t]) 69 70 71# Distro build feature subset (Debian, Ubuntu, etc.) 72AC_ARG_ENABLE([distro], 73 [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])], 74 [ ENABLED_DISTRO=$enableval ], 75 [ ENABLED_DISTRO=no ] 76 ) 77if test "$ENABLED_DISTRO" = "yes" 78then 79 enable_shared=yes 80 enable_static=yes 81 enable_all=yes 82 REPRODUCIBLE_BUILD_DEFAULT=yes 83else 84 REPRODUCIBLE_BUILD_DEFAULT=no 85fi 86 87 88AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h]) 89AC_CHECK_LIB([network],[socket]) 90AC_C_BIGENDIAN 91 92# check if functions of interest are linkable, but also check if 93# they're declared by the expected headers, and if not, supersede the 94# unusable positive from AC_CHECK_FUNCS(). 95AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket strftime atexit]) 96AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, inet_ntoa, memset, socket, strftime], [], [ 97if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes" 98then 99 echo " note: earlier check for $(eval 'echo ${as_decl_name}') superseded." 100 eval "$(eval 'echo ac_cv_func_${as_decl_name}=no')" 101 _mask_varname=HAVE_`eval "echo '${as_decl_name}'" | tr 'a-z' 'A-Z'` 102 echo "g/#define $_mask_varname 1/s//\/* #undef $_mask_varname *\// 103wq 104." | ed -s confdefs.h 105fi 106], [[ 107#ifdef HAVE_SYS_SOCKET_H 108 #include <sys/socket.h> 109#endif 110#ifdef HAVE_STRING_H 111 #include <string.h> 112#endif 113#ifdef HAVE_NETDB_H 114 #include <netdb.h> 115#endif 116#ifdef HAVE_ARPA_INET_H 117 #include <arpa/inet.h> 118#endif 119#ifdef HAVE_SYS_TIME_H 120 #include <sys/time.h> 121#endif 122#ifdef HAVE_TIME_H 123 #include <time.h> 124#endif 125]]) 126 127AC_PROG_INSTALL 128AC_TYPE_SIZE_T 129AC_TYPE_UINT8_T 130AC_TYPE_UINTPTR_T 131AM_PROG_AS 132LT_LIB_M 133 134OPTIMIZE_CFLAGS="-Os" 135OPTIMIZE_FAST_CFLAGS="-O2" 136OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET" 137DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL" 138LIB_ADD= 139LIB_STATIC_ADD= 140 141if test "$output_objdir" = "" 142then 143 output_objdir=. 144fi 145 146# Thread local storage 147AX_TLS([thread_ls_on=yes],[thread_ls_on=no]) 148AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]) 149 150# DEBUG 151AX_DEBUG 152AS_IF([test "$ax_enable_debug" = "yes"], 153 [AM_CFLAGS="$AM_CFLAGS $DEBUG_CFLAGS"], 154 [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) 155AS_IF([test "$ax_enable_debug" = "yes"], 156 [AM_CCASFLAGS="$DEBUG_CFLAGS $AM_CCASFLAGS"], 157 [AM_CCASFLAGS="$AM_CCASFLAGS -DNDEBUG"]) 158 159 160# Start without certificates enabled and enable if a certificate algorithm is 161# enabled 162ENABLED_CERTS="no" 163 164 165# Support for forcing 32-bit mode 166# To force 32-bit instructions use: 167# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make 168# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement. 169AC_ARG_ENABLE([32bit], 170 [AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])], 171 [ ENABLED_32BIT=$enableval ], 172 [ ENABLED_32BIT=no ] 173 ) 174 175# 16-bit compiler support 176AC_ARG_ENABLE([16bit], 177 [AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])], 178 [ ENABLED_16BIT=$enableval ], 179 [ ENABLED_16BIT=no ] 180 ) 181if test "$ENABLED_16BIT" = "yes" 182then 183 AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU" 184fi 185 186 187 188# Support for disabling all ASM 189AC_ARG_ENABLE([asm], 190 [AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])], 191 [ ENABLED_ASM=$enableval ], 192 [ ENABLED_ASM=yes ] 193 ) 194 195if test "$ENABLED_ASM" = "no" 196then 197 AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM" 198fi 199AC_SUBST([ENABLED_ASM]) 200 201 202# FIPS 140 203AC_ARG_ENABLE([fips], 204 [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])], 205 [ENABLED_FIPS=$enableval], 206 [ENABLED_FIPS="no"]) 207 208# The FIPS options are: 209# no - FIPS build disabled, FIPS sources forbidden in build tree 210# disabled - FIPS build disabled, FIPS sources ignored in build tree 211# v1 - FIPS 140-2 Cert 2425 212# default - same as v1 213# v2 - FIPS 140-2 Cert 3389 214# cert3389 - alias for v2 215# rand - wolfRand 216# v5-RC8 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC8) 217# v5-RC9 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC9) 218# v5-RC10 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC10 219# v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11 220# v5-RC12 - FIPS 140-3, wolfCrypt/fips WCv5.0-RC12 221# v5 - currently, alias for v5-RC12 222# v5-ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked 223# v5-dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable 224# ready - currently, same as v5-ready 225# dev - currently, same as v5-dev 226AS_CASE([$ENABLED_FIPS], 227 [no],[ 228 FIPS_VERSION="none" 229 ENABLED_FIPS="no" 230 ], 231 [disabled],[ 232 FIPS_VERSION="disabled" 233 ENABLED_FIPS="no" 234 ], 235 [v1|yes|cert2425],[ 236 FIPS_VERSION="v1" 237 HAVE_FIPS_VERSION=1 238 ENABLED_FIPS="yes" 239 ], 240 [v2|cert3389],[ 241 FIPS_VERSION="v2" 242 HAVE_FIPS_VERSION=2 243 ENABLED_FIPS="yes" 244 ], 245 [rand],[ 246 FIPS_VERSION="rand" 247 HAVE_FIPS_VERSION=3 248 ENABLED_FIPS="yes" 249 ], 250 [v5-RC8],[ 251 FIPS_VERSION="v5-RC8" 252 HAVE_FIPS_VERSION=5 253 HAVE_FIPS_VERSION_MINOR=0 254 ENABLED_FIPS="yes" 255 ], 256 [v5-RC9],[ 257 FIPS_VERSION="v5-RC9" 258 HAVE_FIPS_VERSION=5 259 HAVE_FIPS_VERSION_MINOR=1 260 ENABLED_FIPS="yes" 261 ], 262 [v5-RC10],[ 263 FIPS_VERSION="v5-RC10" 264 HAVE_FIPS_VERSION=5 265 HAVE_FIPS_VERSION_MINOR=2 266 ENABLED_FIPS="yes" 267 ], 268 [v5-RC11],[ 269 FIPS_VERSION="v5-RC11" 270 HAVE_FIPS_VERSION=5 271 HAVE_FIPS_VERSION_MINOR=2 272 ENABLED_FIPS="yes" 273 ], 274 [v5|v5-RC12],[ 275 FIPS_VERSION="v5-RC12" 276 HAVE_FIPS_VERSION=5 277 HAVE_FIPS_VERSION_MINOR=2 278 ENABLED_FIPS="yes" 279 ], 280 [ready|v5-ready],[ 281 FIPS_VERSION="v5-ready" 282 HAVE_FIPS_VERSION=5 283 HAVE_FIPS_VERSION_MINOR=2 284 ENABLED_FIPS="yes" 285 ], 286 [dev|v5-dev],[ 287 FIPS_VERSION="v5-dev" 288 HAVE_FIPS_VERSION=5 289 HAVE_FIPS_VERSION_MINOR=2 290 ENABLED_FIPS="yes" 291 ], 292 [ 293 AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (main options: v1, v2, v5, ready, dev, rand, no, disabled)]) 294 ]) 295 296if test -z "$HAVE_FIPS_VERSION_MINOR" 297then 298 HAVE_FIPS_VERSION_MINOR=0 299fi 300if test -z "$HAVE_FIPS_VERSION" 301then 302 HAVE_FIPS_VERSION=0 303fi 304 305if test "$ENABLED_FIPS" != "no" 306then 307 REPRODUCIBLE_BUILD_DEFAULT=yes 308fi 309 310AS_CASE([$FIPS_VERSION], 311 [none], 312 [ 313 AS_IF([ test -s $srcdir/wolfcrypt/src/fips.c -o -s $srcdir/ctaocrypt/src/fips.c ], 314 [AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])]) 315 ], 316 [disabled], 317 [], 318 [v1], 319 [ 320 AS_IF([ ! test -s $srcdir/ctaocrypt/src/fips.c], 321 [AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])]) 322 ], 323 [ 324 AS_IF([ ! test -s $srcdir/wolfcrypt/src/fips.c], 325 [AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])]) 326 ] 327) 328 329 330# For reproducible build, gate out from the build anything that might 331# introduce semantically frivolous jitter, maximizing chance of 332# identical object files. 333AC_ARG_ENABLE([reproducible-build], 334 [AS_HELP_STRING([--enable-reproducible-build],[Enable maximally reproducible build (default: disabled)])], 335 [ ENABLED_REPRODUCIBLE_BUILD=$enableval ], 336 [ ENABLED_REPRODUCIBLE_BUILD=$REPRODUCIBLE_BUILD_DEFAULT ] 337 ) 338 339if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes" 340then 341 # Test ar for the "D" option. Should be checked before the libtool macros. 342 if test -z "$AR"; then 343 AR=ar 344 fi 345 xxx_ar_flags=$(${AR} --help 2>&1) 346 if test -z "$RANLIB"; then 347 RANLIB=ranlib 348 fi 349 xxx_ranlib_flags=$(${RANLIB} --help 2>&1) 350 AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD" 351 AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr"]) 352 AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="${RANLIB} -D"]) 353fi 354 355 356AC_ARG_ENABLE([benchmark], 357 [AS_HELP_STRING([--enable-benchmark],[Build benchmark when building crypttests (default: enabled)])], 358 [ENABLED_BENCHMARK=$enableval], 359 [ENABLED_BENCHMARK=yes] 360 ) 361 362 363# Linux Kernel Module 364AC_ARG_ENABLE([linuxkm], 365 [AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])], 366 [ENABLED_LINUXKM=$enableval], 367 [ENABLED_LINUXKM=no] 368 ) 369 370AC_ARG_ENABLE([linuxkm-defaults], 371 [AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])], 372 [ENABLED_LINUXKM_DEFAULTS=$enableval], 373 [ENABLED_LINUXKM_DEFAULTS=$ENABLED_LINUXKM] 374 ) 375 376AC_ARG_ENABLE([linuxkm-pie], 377 [AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])], 378 [ENABLED_LINUXKM_PIE=$enableval], 379 [ENABLED_LINUXKM_PIE=$ENABLED_FIPS] 380 ) 381if test "$ENABLED_LINUXKM_PIE" = "yes" 382then 383 AM_CFLAGS="$AM_CFLAGS -DHAVE_LINUXKM_PIE_SUPPORT" 384elif test "$ENABLED_FIPS" = yes 385then 386 AC_MSG_ERROR([FIPS requires linuxkm-pie.]) 387fi 388AC_SUBST([ENABLED_LINUXKM_PIE]) 389 390 391if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" 392then 393 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_OLD_PRIME_CHECK -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWOLFSSL_TEST_SUBROUTINE=static" 394fi 395 396AC_ARG_WITH([linux-source], 397 [AS_HELP_STRING([--with-linux-source=PATH],[PATH to root of Linux kernel build tree])], 398 [KERNEL_ROOT=$withval], 399 [KERNEL_ROOT=""]) 400 401AC_ARG_WITH([linux-arch], 402 [AS_HELP_STRING([--with-linux-arch=arch],[built arch (SRCARCH) of Linux kernel build tree])], 403 [KERNEL_ARCH=$withval], 404 [KERNEL_ARCH=""]) 405 406if test "x$ENABLED_LINUXKM" = "xyes" 407then 408 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM" 409 ENABLED_NO_LIBRARY=yes 410 ENABLED_BENCHMARK=no 411 output_objdir="$(realpath "$output_objdir")/linuxkm" 412 413 if test "$KERNEL_ROOT" = ""; then 414 AC_PATH_DEFAULT_KERNEL_SOURCE 415 KERNEL_ROOT="$DEFAULT_KERNEL_ROOT" 416 fi 417 AC_SUBST([KERNEL_ROOT]) 418 419 if test "$KERNEL_ARCH" = ""; then 420 AC_DEFAULT_KERNEL_ARCH 421 KERNEL_ARCH="$DEFAULT_KERNEL_ARCH" 422 fi 423 AC_SUBST([KERNEL_ARCH]) 424 425 if test "${KERNEL_ROOT}" = ""; then 426 AC_MSG_ERROR([Linux kernel source root not found -- supply with --with-linux-source=PATH.]) 427 fi 428 if test "${KERNEL_ARCH}" = ""; then 429 AC_MSG_ERROR([Linux kernel target architecture for build tree ${KERNEL_ROOT} could not be determined. Is target kernel configured?]) 430 fi 431 432 AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO" 433fi 434 435 436# Single Precision maths implementation 437if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" 438then 439 ENABLED_SP_DEFAULT=yes 440 ENABLED_SP_MATH_ALL_DEFAULT=yes 441else 442 ENABLED_SP_DEFAULT=no 443 ENABLED_SP_MATH_ALL_DEFAULT=no 444fi 445 446AC_ARG_ENABLE([sp], 447 [AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])], 448 [ ENABLED_SP=$enableval ], 449 [ ENABLED_SP=$ENABLED_SP_DEFAULT ], 450 ) 451 452AC_ARG_ENABLE([sp-math-all], 453 [AS_HELP_STRING([--enable-sp-math-all],[Enable Single Precision math implementation for full algorithm suite (default: disabled)])], 454 [ ENABLED_SP_MATH_ALL=$enableval ], 455 [ ENABLED_SP_MATH_ALL=$ENABLED_SP_MATH_ALL_DEFAULT ], 456 ) 457 458# Single Precision maths exclusively (no fastmath) 459if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" && test "$ENABLED_SP" != "no" && test "$ENABLED_SP_MATH_ALL" = "no" 460then 461 ENABLED_SP_MATH_DEFAULT=yes 462else 463 ENABLED_SP_MATH_DEFAULT=no 464fi 465AC_ARG_ENABLE([sp-math], 466 [AS_HELP_STRING([--enable-sp-math],[Enable Single Precision math implementation with restricted algorithm suite (default: disabled)])], 467 [ ENABLED_SP_MATH=$enableval ], 468 [ ENABLED_SP_MATH=$ENABLED_SP_MATH_DEFAULT ], 469 ) 470 471 472AC_ARG_ENABLE([sp-asm], 473 [AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])], 474 [ ENABLED_SP_ASM=$enableval ], 475 [ ENABLED_SP_ASM=no ], 476 ) 477 478# ALL FEATURES 479AC_ARG_ENABLE([all], 480 [AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])], 481 [ ENABLED_ALL=$enableval ], 482 [ ENABLED_ALL=no ] 483 ) 484if test "$ENABLED_ALL" = "yes" 485then 486 test "$enable_dtls" = "" && enable_dtls=yes 487 if test "x$FIPS_VERSION" != "xv1" 488 then 489 test "$enable_tls13" = "" && enable_tls13=yes 490 test "$enable_rsapss" = "" && enable_rsapss=yes 491 fi 492 493 # this set is also enabled by enable-all-crypto: 494 test "$enable_atomicuser" = "" && enable_atomicuser=yes 495 test "$enable_aesgcm" = "" && enable_aesgcm=yes 496 test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes 497 test "$enable_aesccm" = "" && enable_aesccm=yes 498 test "$enable_aesctr" = "" && enable_aesctr=yes 499 test "$enable_aesofb" = "" && enable_aesofb=yes 500 test "$enable_aescfb" = "" && enable_aescfb=yes 501 test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes 502 test "$enable_camellia" = "" && enable_camellia=yes 503 test "$enable_ripemd" = "" && enable_ripemd=yes 504 test "$enable_sha224" = "" && enable_sha224=yes 505 test "$enable_sessioncerts" = "" && enable_sessioncerts=yes 506 test "$enable_keygen" = "" && enable_keygen=yes 507 test "$enable_certgen" = "" && enable_certgen=yes 508 test "$enable_certreq" = "" && enable_certreq=yes 509 test "$enable_certext" = "" && enable_certext=yes 510 test "$enable_sep" = "" && enable_sep=yes 511 test "$enable_hkdf" = "" && enable_hkdf=yes 512 test "$enable_curve25519" = "" && enable_curve25519=yes 513 test "$enable_curve448" = "" && enable_curve448=yes 514 test "$enable_fpecc" = "" && enable_fpecc=yes 515 test "$enable_eccencrypt" = "" && enable_eccencrypt=yes 516 test "$enable_psk" = "" && enable_psk=yes 517 test "$enable_idea" = "" && enable_idea=yes 518 test "$enable_cmac" = "" && enable_cmac=yes 519 test "$enable_xts" = "" && enable_xts=yes 520 test "$enable_hc128" = "" && enable_hc128=yes 521 test "$enable_rabbit" = "" && enable_rabbit=yes 522 test "$enable_ocsp" = "" && enable_ocsp=yes 523 test "$enable_ocspstapling" = "" && enable_ocspstapling=yes 524 test "$enable_ocspstapling2" = "" && enable_ocspstapling2=yes 525 test "$enable_crl" = "" && enable_crl=yes 526 test "$enable_supportedcurves" = "" && enable_supportedcurves=yes 527 test "$enable_tlsx" = "" && enable_tlsx=yes 528 test "$enable_pwdbased" = "" && enable_pwdbased=yes 529 test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes 530 test "$enable_x963kdf" = "" && enable_x963kdf=yes 531 test "$enable_scrypt" = "" && enable_scrypt=yes 532 test "$enable_indef" = "" && enable_indef=yes 533 test "$enable_enckeys" = "" && enable_enckeys=yes 534 test "$enable_hashflags" = "" && enable_hashflags=yes 535 test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes 536 test "$enable_base64encode" = "" && enable_base64encode=yes 537 test "$enable_base16" = "" && enable_base16=yes 538 test "$enable_arc4" = "" && enable_arc4=yes 539 test "$enable_des3" = "" && enable_des3=yes 540 test "$enable_nullcipher" = "" && enable_nullcipher=yes 541 test "$enable_blake2" = "" && enable_blake2=yes 542 test "$enable_blake2s" = "" && enable_blake2s=yes 543 test "$enable_md2" = "" && enable_md2=yes 544 test "$enable_md4" = "" && enable_md4=yes 545 test "$enable_cryptocb" = "" && enable_cryptocb=yes 546 test "$enable_anon" = "" && enable_anon=yes 547 test "$enable_ssh" = "" && enable_ssh=yes 548 549 test "$enable_savesession" = "" && enable_savesession=yes 550 test "$enable_savecert" = "" && enable_savecert=yes 551 test "$enable_postauth" = "" && enable_postauth=yes 552 test "$enable_hrrcookie" = "" && enable_hrrcookie=yes 553 test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes 554 test "$enable_mcast" = "" && enable_mcast=yes 555 test "$enable_webserver" = "" && enable_webserver=yes 556 test "$enable_crl_monitor" = "" && enable_crl_monitor=yes 557 test "$enable_sni" = "" && enable_sni=yes 558 test "$enable_maxfragment" = "" && enable_maxfragment=yes 559 test "$enable_alpn" = "" && enable_alpn=yes 560 test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes 561 test "$enable_trusted_ca" = "" && enable_trusted_ca=yes 562 test "$enable_session_ticket" = "" && enable_session_ticket=yes 563 564 if test "$ENABLED_32BIT" != "yes" 565 then 566 test "$enable_sha512" = "" && enable_sha512=yes 567 test "$enable_sha3" = "" && enable_sha3=yes 568 fi 569 570 if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" 571 then 572 test "$enable_compkey" = "" && enable_compkey=yes 573 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT" 574 fi 575 576 # sp-math is incompatible with opensslextra, ECC custom curves, and DSA. 577 if test "$ENABLED_SP_MATH" = "no" 578 then 579 test "$enable_dsa" = "" && enable_dsa=yes 580 test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes 581 test "$enable_srp" = "" && enable_srp=yes 582 # linuxkm is incompatible with opensslextra and its dependents. 583 if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" 584 then 585 if test "$ENABLED_FIPS" = "no" 586 then 587 if test "$ENABLED_32BIT" != "yes" 588 then 589 test "$enable_openssh" = "" && enable_openssh=yes 590 fi 591 # S/MIME support requires PKCS7, which requires no FIPS. 592 test "$enable_smime" = "" && enable_smime=yes 593 fi 594 test "$enable_opensslextra" = "" && enable_opensslextra=yes 595 test "$enable_opensslall" = "" && enable_opensslall=yes 596 test "$enable_certservice" = "" && enable_certservice=yes 597 test "$enable_lighty" = "" && enable_lighty=yes 598 test "$enable_nginx" = "" && enable_nginx=yes 599 test "$enable_openvpn" = "" && enable_openvpn=yes 600 test "$enable_asio" = "" && enable_asio=yes 601 test "$enable_libwebsockets" = "" && enable_libwebsockets=yes 602 test "$enable_qt" = "" && enable_qt=yes 603 fi 604 fi 605 606 if test "$ENABLED_FIPS" = "no" 607 then 608 test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes 609 test "$enable_xchacha" = "" && enable_xchacha=yes 610 test "$enable_scep" = "" && enable_scep=yes 611 test "$enable_pkcs7" = "" && enable_pkcs7=yes 612 if test "$ENABLED_32BIT" != "yes" 613 then 614 test "$enable_ed25519" = "" && enable_ed25519=yes 615 test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes 616 test "$enable_ed448" = "" && enable_ed448=yes 617 test "$enable_ed448_stream" = "" && enable_ed448_stream=yes 618 fi 619 620 if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" 621 then 622# these use DES3: 623 test "$enable_stunnel" = "" && enable_stunnel=yes 624 test "$enable_tcpdump" = "" && enable_tcpdump=yes 625 626 test "$enable_eccsi" = "" && enable_eccsi=yes 627 test "$enable_sakke" = "" && enable_sakke=yes 628 fi 629 fi 630 631 # Enable DH const table speedups (eliminates `-lm` math lib dependency) 632 AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072" 633 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 634 635 # Enable multiple attribute additions such as DC 636 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB" 637 638 # Enable AES Decrypt, AES ECB 639 AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB" 640 641 # Enable Alt Names, DER Load, Keep Certs, CRL IO with Timeout 642 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT" 643 644 # Enable DH Extra 645 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA" 646 647 # Enable deterministic ECC signing API with variant 648 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT" 649fi 650 651 652# ALL CRYPTO FEATURES 653AC_ARG_ENABLE([all-crypto], 654 [AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])], 655 [ ENABLED_ALL_CRYPT=$enableval ], 656 [ ENABLED_ALL_CRYPT=no ] 657 ) 658if test "$ENABLED_ALL_CRYPT" = "yes" 659then 660 test "$enable_atomicuser" = "" && enable_atomicuser=yes 661 test "$enable_aesgcm" = "" && enable_aesgcm=yes 662 test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes 663 test "$enable_aesccm" = "" && enable_aesccm=yes 664 test "$enable_aesctr" = "" && enable_aesctr=yes 665 test "$enable_aesofb" = "" && enable_aesofb=yes 666 test "$enable_aescfb" = "" && enable_aescfb=yes 667 test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes 668 test "$enable_camellia" = "" && enable_camellia=yes 669 test "$enable_ripemd" = "" && enable_ripemd=yes 670 test "$enable_sha224" = "" && enable_sha224=yes 671 test "$enable_sessioncerts" = "" && enable_sessioncerts=yes 672 test "$enable_keygen" = "" && enable_keygen=yes 673 test "$enable_certgen" = "" && enable_certgen=yes 674 test "$enable_certreq" = "" && enable_certreq=yes 675 test "$enable_certext" = "" && enable_certext=yes 676 test "$enable_sep" = "" && enable_sep=yes 677 test "$enable_hkdf" = "" && enable_hkdf=yes 678 test "$enable_curve25519" = "" && enable_curve25519=yes 679 test "$enable_curve448" = "" && enable_curve448=yes 680 test "$enable_fpecc" = "" && enable_fpecc=yes 681 test "$enable_eccencrypt" = "" && enable_eccencrypt=yes 682 test "$enable_psk" = "" && enable_psk=yes 683 test "$enable_idea" = "" && enable_idea=yes 684 test "$enable_cmac" = "" && enable_cmac=yes 685 test "$enable_xts" = "" && enable_xts=yes 686 test "$enable_hc128" = "" && enable_hc128=yes 687 test "$enable_rabbit" = "" && enable_rabbit=yes 688 test "$enable_ocsp" = "" && enable_ocsp=yes 689 test "$enable_ocspstapling" = "" && enable_ocspstapling=yes 690 test "$enable_ocspstapling2" = "" && enable_ocspstapling2=yes 691 test "$enable_crl" = "" && enable_crl=yes 692 test "$enable_supportedcurves" = "" && enable_supportedcurves=yes 693 test "$enable_tlsx" = "" && enable_tlsx=yes 694 test "$enable_pwdbased" = "" && enable_pwdbased=yes 695 test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes 696 test "$enable_x963kdf" = "" && enable_x963kdf=yes 697 test "$enable_scrypt" = "" && enable_scrypt=yes 698 test "$enable_indef" = "" && enable_indef=yes 699 test "$enable_enckeys" = "" && enable_enckeys=yes 700 test "$enable_hashflags" = "" && enable_hashflags=yes 701 test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes 702 test "$enable_base64encode" = "" && enable_base64encode=yes 703 test "$enable_base16" = "" && enable_base16=yes 704 test "$enable_arc4" = "" && enable_arc4=yes 705 test "$enable_des3" = "" && enable_des3=yes 706 test "$enable_nullcipher" = "" && enable_nullcipher=yes 707 test "$enable_blake2" = "" && enable_blake2=yes 708 test "$enable_blake2s" = "" && enable_blake2s=yes 709 test "$enable_md2" = "" && enable_md2=yes 710 test "$enable_md4" = "" && enable_md4=yes 711 test "$enable_cryptocb" = "" && enable_cryptocb=yes 712 test "$enable_anon" = "" && enable_anon=yes 713 test "$enable_ssh" = "" && enable_ssh=yes 714 715 if test "$ENABLED_32BIT" != "yes" 716 then 717 test "$enable_sha512" = "" && enable_sha512=yes 718 test "$enable_sha3" = "" && enable_sha3=yes 719 fi 720 721 if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" 722 then 723 test "$enable_compkey" = "" && enable_compkey=yes 724 fi 725 726 if test "$ENABLED_SP_MATH" = "no" 727 then 728 test "$enable_dsa" = "" && enable_dsa=yes 729 test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes 730 test "$enable_srp" = "" && enable_srp=yes 731 fi 732 733 if test "$ENABLED_FIPS" = "no" 734 then 735 test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes 736 test "$enable_xchacha" = "" && enable_xchacha=yes 737 test "$enable_pkcs7" = "" && enable_pkcs7=yes 738 if test "$ENABLED_32BIT" != "yes" 739 then 740 test "$enable_ed25519" = "" && enable_ed25519=yes 741 test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes 742 test "$enable_ed448" = "" && enable_ed448=yes 743 test "$enable_ed448_stream" = "" && enable_ed448_stream=yes 744 fi 745 746 if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" 747 then 748 test "$enable_eccsi" = "" && enable_eccsi=yes 749 test "$enable_sakke" = "" && enable_sakke=yes 750 fi 751 fi 752 753 # Enable AES Decrypt, AES ECB, Alt Names, DER Load 754 AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD" 755 756 # Enable DH const table speedups (eliminates `-lm` math lib dependency) 757 AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072" 758 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 759 760 # Enable multiple attribute additions such as DC 761 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB" 762fi 763 764 765# SINGLE THREADED 766AC_ARG_ENABLE([singlethreaded], 767 [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])], 768 [ ENABLED_SINGLETHREADED=$enableval ], 769 [ ENABLED_SINGLETHREADED=no ]) 770 771AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ 772 AX_PTHREAD([ 773 AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.]) 774 # If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer 775 # versions of clang don't need the -Q flag when using pthreads. 776 AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) 777 AM_CFLAGS="$AM_CFLAGS -D_POSIX_THREADS $PTHREAD_CFLAGS" 778 LIBS="$LIBS $PTHREAD_LIBS" 779 ],[ 780 ENABLED_SINGLETHREADED=yes 781 ]) 782 ]) 783 784AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" ]) 785 786 787# DTLS 788# DTLS is a prereq for the options mcast, sctp, and jni. Enabling any of those 789# without DTLS will also enable DTLS. 790AC_ARG_ENABLE([dtls], 791 [AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])], 792 [ ENABLED_DTLS=$enableval ], 793 [ ENABLED_DTLS=no ] 794 ) 795if test "$ENABLED_DTLS" = "yes" 796then 797 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS" 798fi 799 800# DTLS change MTU 801AC_ARG_ENABLE([dtls-mtu], 802 [AS_HELP_STRING([--enable-dtls-mtu],[Enable setting the MTU size for wolfSSL DTLS (default: disabled)])], 803 [ ENABLED_DTLS_MTU=$enableval ], 804 [ ENABLED_DTLS_MTU=no ] 805 ) 806if test "$ENABLED_DTLS_MTU" = "yes" 807then 808 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU" 809fi 810 811 812# TLS v1.3 Draft 18 (Note: only final TLS v1.3 supported, here for backwards build compatibility) 813AC_ARG_ENABLE([tls13-draft18], 814 [AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])], 815 [ ENABLED_TLS13_DRAFT18=$enableval ], 816 [ ENABLED_TLS13_DRAFT18=no ] 817 ) 818 819# TLS v1.3 820AC_ARG_ENABLE([tls13], 821 [AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: enabled)])], 822 [ ENABLED_TLS13=$enableval ], 823 [ ENABLED_TLS13=yes ] 824 ) 825if test "x$FIPS_VERSION" = "xv1" 826then 827 ENABLED_TLS13="no" 828fi 829 830# Post-handshake Authentication 831AC_ARG_ENABLE([postauth], 832 [AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])], 833 [ ENABLED_TLS13_POST_AUTH=$enableval ], 834 [ ENABLED_TLS13_POST_AUTH=no ] 835 ) 836if test "$ENABLED_TLS13_POST_AUTH" = "yes" 837then 838 if test "x$ENABLED_TLS13" = "xno" 839 then 840 AC_MSG_NOTICE([TLS 1.3 is disabled - disabling Post-handshake Authentication]) 841 ENABLED_TLS13_POST_AUTH="no" 842 else 843 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_POST_HANDSHAKE_AUTH" 844 fi 845fi 846 847 848# Hello Retry Request Cookie 849AC_ARG_ENABLE([hrrcookie], 850 [AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])], 851 [ ENABLED_SEND_HRR_COOKIE=$enableval ], 852 [ ENABLED_SEND_HRR_COOKIE=no ] 853 ) 854if test "$ENABLED_SEND_HRR_COOKIE" = "yes" 855then 856 if test "x$ENABLED_TLS13" = "xno" 857 then 858 AC_MSG_NOTICE([TLS 1.3 is disabled - disabling HRR Cookie]) 859 ENABLED_SEND_HRR_COOKIE="no" 860 else 861 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE" 862 fi 863fi 864 865 866# RNG 867AC_ARG_ENABLE([rng], 868 [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])], 869 [ ENABLED_RNG=$enableval ], 870 [ ENABLED_RNG=yes ] 871 ) 872 873if test "$ENABLED_RNG" = "no" 874then 875 AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG" 876fi 877 878 879# DTLS-SCTP 880AC_ARG_ENABLE([sctp], 881 [AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])], 882 [ENABLED_SCTP=$enableval], 883 [ENABLED_SCTP=no]) 884 885AS_IF([test "x$ENABLED_SCTP" = "xyes"], 886 [AC_MSG_CHECKING([for SCTP]) 887 AC_RUN_IFELSE( 888 [AC_LANG_PROGRAM( 889[[ 890#include <sys/socket.h> 891#include <arpa/inet.h> 892]], 893[[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])], 894[AC_MSG_RESULT(yes)], 895[AC_MSG_RESULT(no) 896 AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])], 897: , 898: , 899: )]) 900 901 902# DTLS-MULTICAST 903AC_ARG_ENABLE([mcast], 904 [AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])], 905 [ENABLED_MCAST=$enableval], 906 [ENABLED_MCAST=no]) 907 908 909# List of open source project defines using our openssl compatibility layer: 910# bind dns (--enable-bind) WOLFSSL_BIND 911# libssh2 (--enable-libssh2) 912# openssh (--enable-openssh) WOLFSSL_OPENSSH 913# openvpn (--enable-openvpn) WOLFSSL_OPENVPN 914# nginx (--enable-nginx) WOLFSSL_NGINX 915# ntp (--enable-ntp) 916# openresty (--enable-openresty) 917# haproxy (--enable-haproxy) WOLFSSL_HAPROXY 918# wpa_supplicant (--enable-wpas) WOLFSSL_WPAS 919# ssl fortress (--enable-fortress) FORTRESS 920# ssl bump (--enable-bump) 921# signal (--enable-signal) 922# lighty (--enable-lighty) HAVE_LIGHTY 923# rsyslog (--enable-rsyslog) 924# stunnel (--enable-stunnel) HAVE_STUNNEL 925# libest (--enable-libest) HAVE_LIBEST 926# asio (--enable-asio) WOLFSSL_ASIO 927# libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS 928# qt (--enable-qt) WOLFSSL_QT 929# qt test (--enable-qt-test) WOLFSSL_QT_TEST 930# HAVE_POCO_LIB 931# WOLFSSL_MYSQL_COMPATIBLE 932# web server (--enable-webserver) HAVE_WEBSERVER 933# net-snmp (--enable-net-snmp) 934# krb (--enable-krb) WOLFSSL_KRB 935 936 937# Bind DNS compatibility Build 938AC_ARG_ENABLE([bind], 939 [AS_HELP_STRING([--enable-bind],[Enable Bind DNS compatibility build (default: disabled)])], 940 [ENABLED_BIND=$enableval], 941 [ENABLED_BIND=no]) 942 943AC_ARG_ENABLE([libssh2], 944 [AS_HELP_STRING([--enable-libssh2],[Enable libssh2 compatibility build (default: disabled)])], 945 [ENABLED_LIBSSH2=$enableval], 946 [ENABLED_LIBSSH2=no]) 947 948# OpenSSH compatibility Build 949AC_ARG_ENABLE([openssh], 950 [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])], 951 [ENABLED_OPENSSH=$enableval], 952 [ENABLED_OPENSSH=no]) 953 954# OpenVPN compatibility Build 955AC_ARG_ENABLE([openvpn], 956 [AS_HELP_STRING([--enable-openvpn],[Enable OpenVPN compatibility build (default: disabled)])], 957 [ENABLED_OPENVPN=$enableval], 958 [ENABLED_OPENVPN=no]) 959 960# openresty compatibility build 961AC_ARG_ENABLE([openresty], 962 [AS_HELP_STRING([--enable-openresty],[Enable openresty (default: disabled)])], 963 [ ENABLED_OPENRESTY=$enableval ], 964 [ ENABLED_OPENRESTY=no ] 965 ) 966 967# nginx compatibility build 968AC_ARG_ENABLE([nginx], 969 [AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])], 970 [ ENABLED_NGINX=$enableval ], 971 [ ENABLED_NGINX=no ] 972 ) 973 974if test "$ENABLED_OPENRESTY" = "yes" 975then 976 ENABLED_NGINX="yes" 977fi 978 979# lighty Support 980AC_ARG_ENABLE([lighty], 981 [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])], 982 [ ENABLED_LIGHTY=$enableval ], 983 [ ENABLED_LIGHTY=no ] 984 ) 985# rsyslog Support 986AC_ARG_ENABLE([rsyslog], 987 [AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])], 988 [ ENABLED_RSYSLOG=$enableval ], 989 [ ENABLED_RSYSLOG=no ] 990 ) 991 992# haproxy compatibility build 993AC_ARG_ENABLE([haproxy], 994 [AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])], 995 [ ENABLED_HAPROXY=$enableval ], 996 [ ENABLED_HAPROXY=no ] 997 ) 998 999# wpa_supplicant support 1000AC_ARG_ENABLE([wpas], 1001 [AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])], 1002 [ ENABLED_WPAS=$enableval ], 1003 [ ENABLED_WPAS=no ] 1004 ) 1005 1006# wpa_supplicant support 1007AC_ARG_ENABLE([wpas-dpp], 1008 [AS_HELP_STRING([--enable-wpas-dpp],[Enable wpa_supplicant support with dpp (default: disabled)])], 1009 [ ENABLED_WPAS_DPP=$enableval ], 1010 [ ENABLED_WPAS_DPP=no ] 1011 ) 1012 1013# ntp support 1014AC_ARG_ENABLE([ntp], 1015 [AS_HELP_STRING([--enable-ntp],[Enable ntp support (default: disabled)])], 1016 [ ENABLED_NTP=$enableval ], 1017 [ ENABLED_NTP=no ] 1018 ) 1019 1020if test "$ENABLED_WPAS_DPP" = "yes" 1021then 1022 ENABLED_WPAS="yes" 1023fi 1024 1025# Fortress build 1026AC_ARG_ENABLE([fortress], 1027 [AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])], 1028 [ ENABLED_FORTRESS=$enableval ], 1029 [ ENABLED_FORTRESS=no ] 1030 ) 1031 1032# libwebsockets Support 1033AC_ARG_ENABLE([libwebsockets], 1034 [AS_HELP_STRING([--enable-libwebsockets],[Enable libwebsockets (default: disabled)])], 1035 [ ENABLED_LIBWEBSOCKETS=$enableval ], 1036 [ ENABLED_LIBWEBSOCKETS=no ] 1037 ) 1038if test "$ENABLED_LIBWEBSOCKETS" = "yes" 1039then 1040 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_NO_EC" 1041fi 1042 1043 1044if test "$ENABLED_OPENSSH" = "yes" 1045then 1046 ENABLED_FORTRESS="yes" 1047 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH -DHAVE_EX_DATA -DWOLFSSL_BASE16" 1048fi 1049 1050# net-snmp Build 1051AC_ARG_ENABLE([net-snmp], 1052 [AS_HELP_STRING([--enable-net-snmp],[Enable net-snmp (default: disabled)])], 1053 [ ENABLED_NETSNMP=$enableval ], 1054 [ ENABLED_NETSNMP=no ] 1055 ) 1056 1057# kerberos 5 Build 1058AC_ARG_ENABLE([krb], 1059 [AS_HELP_STRING([--enable-krb],[Enable kerberos 5 support (default: disabled)])], 1060 [ ENABLED_KRB=$enableval ], 1061 [ ENABLED_KRB=no ] 1062 ) 1063 1064 1065#IP alternative name Support 1066AC_ARG_ENABLE([ip-alt-name], 1067 [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])], 1068 [ ENABLE_IP_ALT_NAME=$enableval ], 1069 [ ENABLE_IP_ALT_NAME=no ] 1070 ) 1071 1072if test "$ENABLE_IP_ALT_NAME" = "yes" 1073then 1074 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME" 1075fi 1076 1077#Qt Support 1078AC_ARG_ENABLE([qt], 1079 [AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])], 1080 [ ENABLED_QT=$enableval ], 1081 [ ENABLED_QT=no ] 1082 ) 1083 1084# ssl bump build 1085AC_ARG_ENABLE([bump], 1086 [AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])], 1087 [ ENABLED_BUMP=$enableval ], 1088 [ ENABLED_BUMP=no ] 1089 ) 1090 1091# SNIFFER 1092AC_ARG_ENABLE([sniffer], 1093 [AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])], 1094 [ ENABLED_SNIFFER=$enableval ], 1095 [ ENABLED_SNIFFER=no ] 1096 ) 1097 1098# signal compatibility build 1099AC_ARG_ENABLE([signal], 1100 [AS_HELP_STRING([--enable-signal],[Enable signal (default: disabled)])], 1101 [ ENABLED_SIGNAL=$enableval ], 1102 [ ENABLED_SIGNAL=no ] 1103 ) 1104 1105# OpenSSL Coexist 1106AC_ARG_ENABLE([opensslcoexist], 1107 [AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])], 1108 [ ENABLED_OPENSSLCOEXIST=$enableval ], 1109 [ ENABLED_OPENSSLCOEXIST=no ] 1110 ) 1111if test "x$ENABLED_OPENSSLCOEXIST" = "xyes" 1112then 1113 # make sure old names are disabled 1114 enable_oldnames=no 1115 1116 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST" 1117fi 1118 1119# S/MIME 1120AC_ARG_ENABLE([smime], 1121 [AS_HELP_STRING([--enable-smime],[Enable S/MIME (default: disabled)])], 1122 [ ENABLED_SMIME=$enableval ], 1123 [ ENABLED_SMIME=no ] 1124 ) 1125 1126# OPENSSL Compatibility ALL 1127AC_ARG_ENABLE([opensslall], 1128[AS_HELP_STRING([--enable-opensslall],[Enable all OpenSSL API, size++ (default: disabled)])], 1129[ ENABLED_OPENSSLALL=$enableval ], 1130[ ENABLED_OPENSSLALL=no ] 1131) 1132if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \ 1133 test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \ 1134 test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \ 1135 test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \ 1136 test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \ 1137 test "$ENABLED_KRB" = "yes" 1138then 1139 ENABLED_OPENSSLALL="yes" 1140fi 1141 1142# OPENSSL Extra Compatibility 1143AC_ARG_ENABLE([opensslextra], 1144 [AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])], 1145 [ ENABLED_OPENSSLEXTRA=$enableval ], 1146 [ ENABLED_OPENSSLEXTRA=no ] 1147 ) 1148 1149# One Error Queue per Thread 1150AC_ARG_ENABLE([error-queue-per-thread], 1151[AS_HELP_STRING([--enable-error-queue-per-thread],[Enable one error queue per thread. Requires thread local storage. (default: disabled)])], 1152[ ENABLED_ERRORQUEUEPERTHREAD=$enableval ], 1153[ ENABLED_ERRORQUEUEPERTHREAD=no ] 1154) 1155 1156if test "$ENABLED_ERRORQUEUEPERTHREAD" = "yes" 1157then 1158 AM_CFLAGS="$AM_CFLAGS -DERROR_QUEUE_PER_THREAD" 1159fi 1160 1161# High Strength Build 1162AC_ARG_ENABLE([maxstrength], 1163 [AS_HELP_STRING([--enable-maxstrength],[Enable Max Strength build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])], 1164 [ENABLED_MAXSTRENGTH=$enableval], 1165 [ENABLED_MAXSTRENGTH=no]) 1166 1167 1168# Harden, enable Timing Resistance and Blinding by default 1169AC_ARG_ENABLE([harden], 1170 [AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])], 1171 [ENABLED_HARDEN=$enableval], 1172 [ENABLED_HARDEN=yes]) 1173 1174if test "$ENABLED_HARDEN" = "yes" 1175then 1176 AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT" 1177 if test "$ENABLED_RNG" = "yes" 1178 then 1179 AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING" 1180 fi 1181else 1182 AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN" 1183fi 1184 1185 1186# IPv6 Test Apps 1187AC_ARG_ENABLE([ipv6], 1188 [AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])], 1189 [ ENABLED_IPV6=$enableval ], 1190 [ ENABLED_IPV6=no ] 1191 ) 1192 1193if test "$ENABLED_IPV6" = "yes" 1194then 1195 AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6" 1196fi 1197 1198if test "$ENABLED_WPAS" = "small" 1199then 1200 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL" 1201fi 1202if test "$ENABLED_WPAS" = "yes" 1203then 1204 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS" 1205 AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK" 1206 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_ECC_ADD_DBL" 1207fi 1208if test "$ENABLED_WPAS" != "no" 1209then 1210 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" 1211 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" 1212 AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" 1213 AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE" 1214 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE" 1215 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL" 1216 1217 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP" 1218 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD" 1219 AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER" 1220 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" 1221 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB" 1222 AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT" 1223 AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT" 1224 AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL" 1225fi 1226 1227if test "$ENABLED_FORTRESS" = "yes" 1228then 1229 AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN" 1230fi 1231 1232 1233if test "$ENABLED_BUMP" = "yes" 1234then 1235 AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT" 1236 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 1237fi 1238 1239ENABLED_SLOWMATH="yes" 1240 1241# lean psk build 1242AC_ARG_ENABLE([leanpsk], 1243 [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])], 1244 [ ENABLED_LEANPSK=$enableval ], 1245 [ ENABLED_LEANPSK=no ] 1246 ) 1247 1248if test "$ENABLED_LEANPSK" = "yes" 1249then 1250 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA" 1251 ENABLED_SLOWMATH="no" 1252 ENABLED_SINGLETHREADED="yes" 1253 enable_lowresource=yes 1254fi 1255 1256 1257# lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir) 1258AC_ARG_ENABLE([leantls], 1259 [AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])], 1260 [ ENABLED_LEANTLS=$enableval ], 1261 [ ENABLED_LEANTLS=no ] 1262 ) 1263 1264if test "$ENABLED_LEANTLS" = "yes" 1265then 1266 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY -DNO_WOLFSSL_CM_VERIFY" 1267 enable_lowresource=yes 1268fi 1269 1270 1271# low resource options to reduce flash and memory use 1272AC_ARG_ENABLE([lowresource], 1273 [AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])], 1274 [ ENABLED_LOWRESOURCE=$enableval ], 1275 [ ENABLED_LOWRESOURCE=no ] 1276 ) 1277 1278if test "$ENABLED_LOWRESOURCE" = "yes" 1279then 1280 # low memory / flash flags 1281 AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY" 1282 1283 # low flash flags 1284 AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512" 1285fi 1286 1287 1288# TITAN cache 1289AC_ARG_ENABLE([titancache], 1290 [AS_HELP_STRING([--enable-titancache],[Enable titan session cache (default: disabled)])], 1291 [ ENABLED_TITANCACHE=$enableval ], 1292 [ ENABLED_TITANCACHE=no ] 1293 ) 1294 1295if test "$ENABLED_TITANCACHE" = "yes" 1296then 1297 AM_CFLAGS="$AM_CFLAGS -DTITAN_SESSION_CACHE" 1298fi 1299 1300 1301# HUGE cache 1302AC_ARG_ENABLE([hugecache], 1303 [AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])], 1304 [ ENABLED_HUGECACHE=$enableval ], 1305 [ ENABLED_HUGECACHE=no ] 1306 ) 1307 1308if test "$ENABLED_HUGECACHE" = "yes" 1309then 1310 AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE" 1311fi 1312 1313 1314# big cache 1315AC_ARG_ENABLE([bigcache], 1316 [AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])], 1317 [ ENABLED_BIGCACHE=$enableval ], 1318 [ ENABLED_BIGCACHE=no ] 1319 ) 1320 1321if test "$ENABLED_BIGCACHE" = "yes" 1322then 1323 AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE" 1324fi 1325 1326 1327# SMALL cache 1328AC_ARG_ENABLE([smallcache], 1329 [AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])], 1330 [ ENABLED_SMALLCACHE=$enableval ], 1331 [ ENABLED_SMALLCACHE=no ] 1332 ) 1333 1334if test "$ENABLED_SMALLCACHE" = "yes" 1335then 1336 AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE" 1337fi 1338 1339 1340# Persistent session cache 1341AC_ARG_ENABLE([savesession], 1342 [AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])], 1343 [ ENABLED_SAVESESSION=$enableval ], 1344 [ ENABLED_SAVESESSION=no ] 1345 ) 1346 1347if test "$ENABLED_SAVESESSION" = "yes" 1348then 1349 AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE" 1350fi 1351 1352 1353# Persistent cert cache 1354AC_ARG_ENABLE([savecert], 1355 [AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])], 1356 [ ENABLED_SAVECERT=$enableval ], 1357 [ ENABLED_SAVECERT=no ] 1358 ) 1359 1360if test "$ENABLED_SAVECERT" = "yes" 1361then 1362 AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE" 1363fi 1364 1365 1366# Write duplicate WOLFSSL object 1367AC_ARG_ENABLE([writedup], 1368 [AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])], 1369 [ ENABLED_WRITEDUP=$enableval ], 1370 [ ENABLED_WRITEDUP=no ] 1371 ) 1372 1373if test "$ENABLED_WRITEDUP" = "yes" 1374then 1375 AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP" 1376fi 1377 1378 1379# Atomic User Record Layer 1380AC_ARG_ENABLE([atomicuser], 1381 [AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])], 1382 [ ENABLED_ATOMICUSER=$enableval ], 1383 [ ENABLED_ATOMICUSER=no ] 1384 ) 1385 1386if test "$ENABLED_ATOMICUSER" = "yes" 1387then 1388 AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER" 1389fi 1390 1391 1392# Public Key Callbacks 1393AC_ARG_ENABLE([pkcallbacks], 1394 [AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])], 1395 [ ENABLED_PKCALLBACKS=$enableval ], 1396 [ ENABLED_PKCALLBACKS=no ] 1397 ) 1398 1399if test "$ENABLED_PKCALLBACKS" = "yes" 1400then 1401 AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS" 1402fi 1403 1404 1405# Microchip/Atmel CryptoAuthLib 1406ENABLED_CRYPTOAUTHLIB="no" 1407trylibatcadir="" 1408AC_ARG_WITH([cryptoauthlib], 1409 [AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])], 1410 [ 1411 AC_MSG_CHECKING([for cryptoauthlib]) 1412 CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A" 1413 LIBS="$LIBS -lcryptoauth" 1414 1415 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ]) 1416 1417 if test "x$libatca_linked" = "xno" ; then 1418 if test "x$withval" != "xno" ; then 1419 trylibatcadir=$withval 1420 fi 1421 if test "x$withval" = "xyes" ; then 1422 trylibatcadir="/usr" 1423 fi 1424 1425 LDFLAGS="$LDFLAGS -L$trylibatcadir/lib" 1426 CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib" 1427 1428 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ]) 1429 1430 if test "x$libatca_linked" = "xno" ; then 1431 AC_MSG_ERROR([cryptoauthlib isn't found. 1432 If it's already installed, specify its path using --with-cryptoauthlib=/dir/]) 1433 fi 1434 1435 AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib" 1436 AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib" 1437 AC_MSG_RESULT([yes]) 1438 else 1439 AC_MSG_RESULT([yes]) 1440 fi 1441 1442 ENABLED_CRYPTOAUTHLIB="yes" 1443 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A" 1444 ] 1445) 1446 1447# NXP SE050 1448# Example: "./configure --with-se050=/home/pi/simw_top" 1449ENABLED_SE050="no" 1450trylibse050dir="" 1451AC_ARG_WITH([se050], 1452 [AS_HELP_STRING([--with-se050=PATH],[PATH to SE050 install (default /usr/local/lib/)])], 1453 [ 1454 AC_MSG_CHECKING([for SE050]) 1455 1456 LIBS="$LIBS -lSSS_APIs" 1457 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0);]])],[ libse050_linked=yes ],[ libse050_linked=no ]) 1458 1459 if test "x$libse050_linked" = "xno" ; then 1460 if test "x$withval" != "xno" ; then 1461 trylibse050dir=$withval 1462 fi 1463 if test "x$withval" = "xyes" ; then 1464 trylibse050dir="/usr/local/lib/" 1465 fi 1466 LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss" 1467 CPPFLAGS="$CPPFLAGS -I$trylibse050dir/build" 1468 CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc" 1469 CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/ex/inc" 1470 CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default" 1471 CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc" 1472 CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra" 1473 1474 if test -e "$trylibse050dir/build/sss/libSSS_APIs.a"; then 1475 SE050_STATIC=yes 1476 else 1477 SE050_STATIC=no 1478 fi 1479 if test "x$SE050_STATIC" = "xyes"; then 1480 LIB_STATIC_ADD="$trylibse050dir/build/sss/ex/src/libex_common.a \ 1481 $trylibse050dir/build/sss/libSSS_APIs.a \ 1482 $trylibse050dir/build/hostlib/hostLib/se05x/libse05x.a \ 1483 $trylibse050dir/build/hostlib/hostLib/liba7x_utils.a \ 1484 $trylibse050dir/build/hostlib/hostLib/libCommon/libsmCom.a $LIB_STATIC_ADD" 1485 else 1486 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ]) 1487 if test "x$libse050_linked" = "xno" ; then 1488 AC_MSG_ERROR([SE050 isn't found. 1489 If it's already installed, specify its path using --with-se050=/dir/]) 1490 fi 1491 fi 1492 1493 # Requires AES direct 1494 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" 1495 1496 # Does not support SHA2-512 224/256 1497 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" 1498 1499 AC_MSG_RESULT([yes]) 1500 else 1501 AC_MSG_RESULT([yes]) 1502 fi 1503 1504 ENABLED_SE050="yes" 1505 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050 -DSSS_USE_FTR_FILE" 1506 ] 1507) 1508 1509# sniffer doesn't work in maxstrength mode 1510if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes" 1511then 1512 AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.]) 1513fi 1514 1515ENABLED_SNIFFTEST=no 1516AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ], 1517 [ 1518 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DWOLFSSL_STATIC_EPHEMERAL" 1519 AC_CHECK_HEADERS([pcap/pcap.h], 1520 [ ENABLED_SNIFFTEST=yes ], 1521 [ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ] 1522 ) 1523 ]) 1524 1525 1526# AES-CBC 1527AC_ARG_ENABLE([aescbc], 1528 [AS_HELP_STRING([--enable-aescbc],[Enable wolfSSL AES-CBC support (default: enabled)])], 1529 [ ENABLED_AESCBC=$enableval ], 1530 [ ENABLED_AESCBC=yes ] 1531 ) 1532 1533if test "$ENABLED_AESCBC" = "no" 1534then 1535 AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC" 1536fi 1537 1538# AES-CBC length checks (checks that input lengths are multiples of block size) 1539AC_ARG_ENABLE([aescbc_length_checks], 1540 [AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])], 1541 [ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ], 1542 [ ENABLED_AESCBC_LENGTH_CHECKS=no ] 1543 ) 1544 1545if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes" 1546then 1547 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS" 1548fi 1549 1550# leanpsk and leantls don't need gcm 1551 1552# AES-GCM 1553AC_ARG_ENABLE([aesgcm], 1554 [AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])], 1555 [ ENABLED_AESGCM=$enableval ], 1556 [ ENABLED_AESGCM=yes ] 1557 ) 1558AC_ARG_ENABLE([aesgcm-stream], 1559 [AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: disabled)])], 1560 [ ENABLED_AESGCM_STREAM=$enableval ], 1561 [ ENABLED_AESGCM_STREAM=no ] 1562 ) 1563 1564# leanpsk and leantls don't need gcm 1565if test "$ENABLED_LEANPSK" = "yes" || ( test "$ENABLED_LEANTLS" = "yes" && 1566 test "$ENABLED_TLS13" = "no") 1567then 1568 ENABLED_AESGCM=no 1569fi 1570 1571if test "$ENABLED_AESGCM" = "yes" && test "$ac_cv_c_bigendian" != "yes" 1572then 1573 ENABLED_AESGCM="4bit" 1574fi 1575 1576 1577# AES-CCM 1578AC_ARG_ENABLE([aesccm], 1579 [AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])], 1580 [ ENABLED_AESCCM=$enableval ], 1581 [ ENABLED_AESCCM=no ] 1582 ) 1583 1584if test "$ENABLED_AESCCM" = "yes" 1585then 1586 AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM" 1587fi 1588 1589 1590# AES-CTR 1591AC_ARG_ENABLE([aesctr], 1592 [AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])], 1593 [ ENABLED_AESCTR=$enableval ], 1594 [ ENABLED_AESCTR=no ] 1595 ) 1596if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_LIBSSH2" = "yes" 1597then 1598 ENABLED_AESCTR=yes 1599fi 1600 1601# AES-OFB 1602AC_ARG_ENABLE([aesofb], 1603 [AS_HELP_STRING([--enable-aesofb],[Enable wolfSSL AES-OFB support (default: disabled)])], 1604 [ ENABLED_AESOFB=$enableval ], 1605 [ ENABLED_AESOFB=no ] 1606 ) 1607 1608if test "$ENABLED_AESOFB" = "yes" 1609then 1610 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB -DWOLFSSL_AES_DIRECT" 1611fi 1612 1613 1614# AES-CFB 1615AC_ARG_ENABLE([aescfb], 1616 [AS_HELP_STRING([--enable-aescfb],[Enable wolfSSL AES-CFB support (default: disabled)])], 1617 [ ENABLED_AESCFB=$enableval ], 1618 [ ENABLED_AESCFB=no ] 1619 ) 1620 1621if test "$ENABLED_AESCFB" = "yes" 1622then 1623 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB" 1624fi 1625 1626 1627# ARM Assembly 1628AC_ARG_ENABLE([armasm], 1629 [AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled). Set to sha512-crypto to use SHA512 instructions with Aarch64 CPU.])], 1630 [ ENABLED_ARMASM=$enableval ], 1631 [ ENABLED_ARMASM=no ] 1632 ) 1633if test "$ENABLED_ARMASM" != "no" && test "$ENABLED_ASM" = "yes" 1634then 1635 for v in `echo $ENABLED_ARMASM | tr "," " "` 1636 do 1637 case $v in 1638 yes) 1639 ;; 1640 sha512-crypto) 1641 case $host_cpu in 1642 *aarch64*) 1643 ;; 1644 *) 1645 AC_MSG_ERROR([SHA512 instructions only available on Aarch64 CPU.]) 1646 break;; 1647 esac 1648 ENABLED_ARMASM_SHA512=yes 1649 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512" 1650 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512" 1651 ;; 1652 *) 1653 AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, sha512-crypto): $ENABLED_ARMASM.]) 1654 break;; 1655 esac 1656 done 1657 ENABLED_ARMASM="yes" 1658 1659 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM" 1660 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW" 1661 #Check if mcpu and mfpu values already set if not use default 1662 case $CPPFLAGS in 1663 *mcpu* | *mfpu*) 1664 break;; #Do not override user set values 1665 *) 1666 case $host_cpu in 1667 *aarch64*) 1668 case $host_os in 1669 *darwin*) 1670 ;; 1671 *) 1672 # +crypto needed for hardware acceleration 1673 AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto" 1674 ;; 1675 esac 1676 # Include options.h 1677 AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN" 1678 1679 # Check for and set -mstrict-align compiler flag 1680 # Used to set assumption that Aarch64 systems will not handle 1681 # unaligned memory references. The flag -mstrict-align is needed 1682 # on some compiler versions to avoid an invalid addressing mode 1683 # error with "m" constraint variables in the inline assembly AES 1684 # code. Even though unaligned load/store access is permitted on 1685 # normal memory with Cortex-A series boards with the exception 1686 # being exclusive and ordered access. 1687 case $CPPFLAGS in 1688 *mstrict-align*) 1689 break;; # already set by user 1690 *) 1691 AM_CPPFLAGS="$AM_CPPFLAGS -mstrict-align" 1692 AC_MSG_NOTICE([64bit ARMv8, setting -mstrict-align]);; 1693 esac 1694 AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]);; 1695 *) 1696 AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8" 1697 # Include options.h 1698 AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN" 1699 AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]);; 1700 esac 1701 esac 1702fi 1703 1704# Xilinx hardened crypto 1705AC_ARG_ENABLE([xilinx], 1706 [AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])], 1707 [ ENABLED_XILINX=$enableval ], 1708 [ ENABLED_XILINX=no ] 1709 ) 1710if test "$ENABLED_XILINX" = "yes" 1711then 1712 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XILINX -DWOLFSSL_XILINX_CRYPT" 1713fi 1714 1715 1716# CAAM build 1717AC_ARG_ENABLE([caam], 1718 [AS_HELP_STRING([--enable-caam],[Enable wolfSSL support for CAAM (default: disabled)])], 1719 [ ENABLED_CAAM=$enableval ], 1720 [ ENABLED_CAAM=no ] 1721 ) 1722if test "$ENABLED_CAAM" = "yes" 1723then 1724 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6_CAAM" 1725fi 1726 1727if test "$ENABLED_CAAM" = "qnx" 1728then 1729 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IMX6_CAAM -DWOLFSSL_QNX_CAAM" 1730fi 1731 1732 1733# INTEL AES-NI 1734AC_ARG_ENABLE([aesni], 1735 [AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])], 1736 [ ENABLED_AESNI=$enableval ], 1737 [ ENABLED_AESNI=no ] 1738 ) 1739 1740# INTEL ASM 1741AC_ARG_ENABLE([intelasm], 1742 [AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])], 1743 [ ENABLED_INTELASM=$enableval ], 1744 [ ENABLED_INTELASM=no ] 1745 ) 1746 1747if test "$ENABLED_ASM" = "yes" 1748then 1749 if test "$ENABLED_AESNI" = "small" 1750 then 1751 AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL" 1752 ENABLED_AESNI=yes 1753 fi 1754 1755 if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes" 1756 then 1757 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI" 1758 if test "$GCC" = "yes" 1759 then 1760 # clang needs these flags 1761 if test "$CC" = "clang" 1762 then 1763 AM_CFLAGS="$AM_CFLAGS -maes -mpclmul" 1764 else 1765 # GCC needs these flags, icc doesn't 1766 # opt levels greater than 2 may cause problems on systems w/o 1767 # aesni 1768 if test "$CC" != "icc" 1769 then 1770 AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul" 1771 fi 1772 fi 1773 fi 1774 AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"]) 1775 fi 1776 1777 if test "$ENABLED_INTELASM" = "yes" 1778 then 1779 AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP" 1780 ENABLED_AESNI=yes 1781 fi 1782fi 1783 1784AC_ARG_ENABLE([aligndata], 1785 [AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])], 1786 [ ENABLED_ALIGN_DATA=$enableval ], 1787 [ ENABLED_ALIGN_DATA=yes ] 1788 ) 1789 1790if test "$ENABLED_ALIGN_DATA" = "yes" 1791then 1792 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN" 1793fi 1794 1795# INTEL RDRAND 1796AC_ARG_ENABLE([intelrand], 1797 [AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])], 1798 [ ENABLED_INTELRDRAND=$enableval ], 1799 [ ENABLED_INTELRDRAND=no ] 1800 ) 1801 1802if test "$ENABLED_INTELRDRAND" = "yes" 1803then 1804 AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND" 1805fi 1806 1807 1808# Linux af_alg 1809AC_ARG_ENABLE([afalg], 1810 [AS_HELP_STRING([--enable-afalg],[Enable Linux af_alg use for crypto (default: disabled)])], 1811 [ ENABLED_AFALG=$enableval ], 1812 [ ENABLED_AFALG=no ] 1813 ) 1814 1815if test "$ENABLED_AFALG" = "yes" 1816then 1817 if test "$ENABLED_AESCCM" = "yes" 1818 then 1819 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" 1820 fi 1821 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG" 1822 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH" 1823fi 1824 1825if test "$ENABLED_AFALG" = "xilinx" 1826then 1827 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES" 1828 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3 -DWOLFSSL_AFALG_XILINX_RSA" 1829 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512" 1830 ENABLED_AFALG="yes" 1831 ENABLED_XILINX="yes" 1832fi 1833 1834if test "$ENABLED_AFALG" = "xilinx-aes" 1835then 1836 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES" 1837 ENABLED_AFALG="yes" 1838 ENABLED_XILINX="yes" 1839fi 1840 1841if test "$ENABLED_AFALG" = "xilinx-sha3" 1842then 1843 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX" 1844 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3" 1845 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512" 1846 ENABLED_AFALG="yes" 1847 ENABLED_XILINX="yes" 1848fi 1849 1850if test "$ENABLED_AFALG" = "xilinx-rsa" 1851then 1852 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX" 1853 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_RSA" 1854 ENABLED_AFALG="yes" 1855 ENABLED_XILINX="yes" 1856fi 1857 1858 1859# libkcapi 1860 1861AC_ARG_ENABLE([kcapi-hash], 1862 [AS_HELP_STRING([--enable-kcapi-hash],[Enable libkcapi use for hashing (default: disabled)])], 1863 [ ENABLED_KCAPI_HASH=$enableval ], 1864 [ ENABLED_KCAPI_HASH=no ] 1865 ) 1866 1867AC_ARG_ENABLE([kcapi-hmac], 1868 [AS_HELP_STRING([--enable-kcapi-hmac],[Enable libkcapi use for HMAC (default: disabled)])], 1869 [ ENABLED_KCAPI_HMAC=$enableval ], 1870 [ ENABLED_KCAPI_HMAC=no ] 1871 ) 1872 1873AC_ARG_ENABLE([kcapi-aes], 1874 [AS_HELP_STRING([--enable-kcapi-aes],[Enable libkcapi use for AES (default: disabled)])], 1875 [ ENABLED_KCAPI_AES=$enableval ], 1876 [ ENABLED_KCAPI_AES=no ] 1877 ) 1878 1879AC_ARG_ENABLE([kcapi-rsa], 1880 [AS_HELP_STRING([--enable-kcapi-rsa],[Enable libkcapi use for RSA (default: disabled)])], 1881 [ ENABLED_KCAPI_RSA=$enableval ], 1882 [ ENABLED_KCAPI_RSA=no ] 1883 ) 1884 1885AC_ARG_ENABLE([kcapi-dh], 1886 [AS_HELP_STRING([--enable-kcapi-dh],[Enable libkcapi use for DH (default: disabled)])], 1887 [ ENABLED_KCAPI_DH=$enableval ], 1888 [ ENABLED_KCAPI_DH=no ] 1889 ) 1890 1891AC_ARG_ENABLE([kcapi-ecc], 1892 [AS_HELP_STRING([--enable-kcapi-ecc],[Enable libkcapi use for ECC (default: disabled)])], 1893 [ ENABLED_KCAPI_ECC=$enableval ], 1894 [ ENABLED_KCAPI_ECC=no ] 1895 ) 1896 1897AC_ARG_ENABLE([kcapi], 1898 [AS_HELP_STRING([--enable-kcapi],[Enable libkcapi use for crypto (default: disabled)])], 1899 [ ENABLED_KCAPI=$enableval ], 1900 [ ENABLED_KCAPI=no ] 1901 ) 1902 1903if test "$ENABLED_KCAPI" = "yes" 1904then 1905 AS_IF([test "$enable_kcapi_hash" != "no"], [ENABLED_KCAPI_HASH=yes]) 1906 AS_IF([test "$enable_kcapi_hmac" != "no"], [ENABLED_KCAPI_HMAC=yes]) 1907 AS_IF([test "$enable_kcapi_aes" != "no"], [ENABLED_KCAPI_AES=yes]) 1908# currently the PK alg KCAPI options run into build failures, so disabling here for now. 1909# AS_IF([test "$enable_kcapi_rsa" != "no"], [ENABLED_KCAPI_RSA=yes]) 1910# AS_IF([test "$enable_kcapi_dh" != "no"], [ENABLED_KCAPI_DH=yes]) 1911# AS_IF([test "$enable_kcapi_ecc" != "no"], [ENABLED_KCAPI_ECC=yes]) 1912fi 1913 1914AS_IF([test "$ENABLED_KCAPI_HASH" != "no" || 1915 test "$ENABLED_KCAPI_HMAC" != "no" || 1916 test "$ENABLED_KCAPI_AES" != "no" || 1917 test "$ENABLED_KCAPI_RSA" != "no" || 1918 test "$ENABLED_KCAPI_DH" != "no" || 1919 test "$ENABLED_KCAPI_ECC" != "no"], 1920 [LIBS="$LIBS -lkcapi"]) 1921 1922if test "$ENABLED_KCAPI_HASH" = "yes" 1923then 1924 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HASH -DWOLFSSL_KCAPI_HASH_KEEP" 1925 # Linux Kernel doesn't support truncated SHA512 algorithms 1926 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" 1927fi 1928 1929if test "$ENABLED_KCAPI_HMAC" = "yes" 1930then 1931 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HMAC" 1932fi 1933 1934if test "$ENABLED_KCAPI_AES" = "yes" 1935then 1936 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_AES" 1937 HAVE_AESGCM_PORT=yes 1938 if test "$ENABLED_AESCCM" = "yes" 1939 then 1940 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" 1941 fi 1942fi 1943 1944if test "$ENABLED_KCAPI_RSA" = "yes" 1945then 1946 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_RSA" 1947fi 1948 1949if test "$ENABLED_KCAPI_DH" = "yes" 1950then 1951 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_DH" 1952fi 1953 1954if test "$ENABLED_KCAPI_ECC" = "yes" 1955then 1956 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_ECC" 1957fi 1958 1959 1960# Support for Linux dev/crypto calls 1961AC_ARG_ENABLE([devcrypto], 1962 [AS_HELP_STRING([--enable-devcrypto],[Enable Linux dev crypto calls: all | aes (all aes support) | hash (all hash algos) | cbc (aes-cbc only) (default: disabled)])], 1963 [ ENABLED_DEVCRYPTO=$enableval ], 1964 [ ENABLED_DEVCRYPTO=no ] 1965 ) 1966 1967if test "$ENABLED_DEVCRYPTO" = "yes" || test "$ENABLED_DEVCRYPTO" = "all" 1968then 1969 #enable all devcrypto supported algorithms 1970 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO" 1971 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC" 1972 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES" 1973 if test "$ENABLED_AESCCM" = "yes" 1974 then 1975 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" 1976 fi 1977 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH" 1978 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW" 1979 ENABLED_DEVCRYPTO=yes 1980fi 1981if test "$ENABLED_DEVCRYPTO" = "aes" 1982then 1983 #enable only AES-CBC algorithm support 1984 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO" 1985 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES" 1986 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC" 1987 if test "$ENABLED_AESCCM" = "yes" 1988 then 1989 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" 1990 fi 1991 ENABLED_DEVCRYPTO=yes 1992fi 1993if test "$ENABLED_DEVCRYPTO" = "cbc" 1994then 1995 #enable only AES-CBC algorithm support 1996 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO" 1997 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC" 1998 ENABLED_DEVCRYPTO=yes 1999fi 2000if test "$ENABLED_DEVCRYPTO" = "hash" 2001then 2002 #enable only hash algorithm support 2003 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO" 2004 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH" 2005 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW" 2006 ENABLED_DEVCRYPTO=yes 2007fi 2008 2009 2010# Camellia 2011AC_ARG_ENABLE([camellia], 2012 [AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])], 2013 [ ENABLED_CAMELLIA=$enableval ], 2014 [ ENABLED_CAMELLIA=no ] 2015 ) 2016 2017if test "$ENABLED_CAMELLIA" = "yes" 2018then 2019 AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA" 2020fi 2021 2022 2023# MD2 2024AC_ARG_ENABLE([md2], 2025 [AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])], 2026 [ ENABLED_MD2=$enableval ], 2027 [ ENABLED_MD2=no ] 2028 ) 2029 2030if test "$ENABLED_BUMP" = "yes" 2031then 2032 ENABLED_MD2="yes" 2033fi 2034 2035if test "$ENABLED_MD2" = "yes" 2036then 2037 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2" 2038fi 2039 2040 2041# NULL CIPHER 2042AC_ARG_ENABLE([nullcipher], 2043 [AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])], 2044 [ ENABLED_NULL_CIPHER=$enableval ], 2045 [ ENABLED_NULL_CIPHER=no ] 2046 ) 2047 2048if test "$ENABLED_OPENSSH" = "yes" 2049then 2050 ENABLED_NULL_CIPHER="yes" 2051fi 2052 2053if test "$ENABLED_NULL_CIPHER" = "yes" 2054then 2055 AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER" 2056fi 2057 2058# RIPEMD 2059AC_ARG_ENABLE([ripemd], 2060 [AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])], 2061 [ ENABLED_RIPEMD=$enableval ], 2062 [ ENABLED_RIPEMD=no ] 2063 ) 2064 2065if test "$ENABLED_OPENSSH" = "yes" 2066then 2067 ENABLED_RIPEMD="yes" 2068fi 2069 2070if test "$ENABLED_RIPEMD" = "yes" 2071then 2072 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD" 2073fi 2074 2075 2076# BLAKE2 2077AC_ARG_ENABLE([blake2], 2078 [AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])], 2079 [ ENABLED_BLAKE2=$enableval ], 2080 [ ENABLED_BLAKE2=no ] 2081 ) 2082 2083if test "$ENABLED_BLAKE2" = "yes" 2084then 2085 AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2 -DHAVE_BLAKE2B" 2086fi 2087 2088 2089AC_ARG_ENABLE([blake2s], 2090 [AS_HELP_STRING([--enable-blake2s],[Enable wolfSSL BLAKE2s support (default: disabled)])], 2091 [ ENABLED_BLAKE2S=$enableval ], 2092 [ ENABLED_BLAKE2S=no ] 2093 ) 2094 2095if test "$ENABLED_BLAKE2S" = "yes" 2096then 2097 AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S" 2098 ENABLED_BLAKE2="yes" 2099fi 2100 2101 2102# set sha224 default 2103SHA224_DEFAULT=no 2104if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" 2105then 2106 if test "x$ENABLED_AFALG" = "xno" && test "x$ENABLED_DEVCRYPTO" = "xno" && ( test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" = 2 ) 2107 then 2108 SHA224_DEFAULT=yes 2109 fi 2110fi 2111 2112# SHA224 2113AC_ARG_ENABLE([sha224], 2114 [AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)])], 2115 [ ENABLED_SHA224=$enableval ], 2116 [ ENABLED_SHA224=$SHA224_DEFAULT ] 2117 ) 2118 2119if test "$ENABLED_SHA224" = "yes" 2120then 2121 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224" 2122fi 2123 2124 2125# set sha3 default 2126SHA3_DEFAULT=no 2127if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64") && test "$ENABLED_32BIT" = "no" 2128then 2129 if test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -ge 2 2130 then 2131 SHA3_DEFAULT=yes 2132 fi 2133fi 2134 2135# SHA3 2136AC_ARG_ENABLE([sha3], 2137 [AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)])], 2138 [ ENABLED_SHA3=$enableval ], 2139 [ ENABLED_SHA3=$SHA3_DEFAULT ] 2140 ) 2141 2142if test "$ENABLED_SHA3" = "small" 2143then 2144 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL" 2145 ENABLED_SHA3="yes" 2146fi 2147 2148# SHAKE256 2149AC_ARG_ENABLE([shake256], 2150 [AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])], 2151 [ ENABLED_SHAKE256=$enableval ] 2152 [ ENABLED_SHAKE256=no ] 2153 ) 2154 2155# SHA512 2156AC_ARG_ENABLE([sha512], 2157 [AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])], 2158 [ ENABLED_SHA512=$enableval ], 2159 [ ENABLED_SHA512=yes ] 2160 ) 2161 2162# options that don't require sha512 2163if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes" 2164then 2165 ENABLED_SHA512="no" 2166fi 2167 2168# options that require sha512 2169if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" 2170then 2171 ENABLED_SHA512="yes" 2172 ENABLED_SHA384="yes" 2173fi 2174 2175if test "$ENABLED_SHA512" = "yes" 2176then 2177 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512" 2178fi 2179 2180 2181# SHA384 2182AC_ARG_ENABLE([sha384], 2183 [AS_HELP_STRING([--enable-sha384],[Enable wolfSSL SHA-384 support (default: enabled)])], 2184 [ ENABLED_SHA384=$enableval ], 2185 [ ENABLED_SHA384=yes ] 2186 ) 2187 2188# options that don't require sha384 2189if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes" 2190then 2191 ENABLED_SHA384="no" 2192fi 2193 2194# options that require sha384 2195if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" 2196then 2197 ENABLED_SHA384="yes" 2198fi 2199if test "$ENABLED_SHA384" = "yes" 2200then 2201 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384" 2202fi 2203 2204 2205# SESSION CERTS 2206AC_ARG_ENABLE([sessioncerts], 2207 [AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])], 2208 [ ENABLED_SESSIONCERTS=$enableval ], 2209 [ ENABLED_SESSIONCERTS=no ] 2210 ) 2211 2212if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" 2213then 2214 ENABLED_SESSIONCERTS=yes 2215fi 2216if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes" 2217then 2218 ENABLED_SESSIONCERTS=yes 2219fi 2220 2221if test "$ENABLED_SESSIONCERTS" = "yes" 2222then 2223 AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" 2224fi 2225 2226 2227# KEY GENERATION 2228AC_ARG_ENABLE([keygen], 2229 [AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])], 2230 [ ENABLED_KEYGEN=$enableval ], 2231 [ ENABLED_KEYGEN=no ] 2232 ) 2233 2234if test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_NGINX" = "yes" 2235then 2236 ENABLED_KEYGEN=yes 2237fi 2238 2239 2240# CERT GENERATION 2241AC_ARG_ENABLE([certgen], 2242 [AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])], 2243 [ ENABLED_CERTGEN=$enableval ], 2244 [ ENABLED_CERTGEN=no ] 2245 ) 2246if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" 2247then 2248 ENABLED_CERTGEN=yes 2249fi 2250 2251# CERT REQUEST GENERATION 2252AC_ARG_ENABLE([certreq], 2253 [AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])], 2254 [ ENABLED_CERTREQ=$enableval ], 2255 [ ENABLED_CERTREQ=no ] 2256 ) 2257 2258 2259# CERT REQUEST EXTENSION 2260AC_ARG_ENABLE([certext], 2261 [AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])], 2262 [ ENABLED_CERTEXT=$enableval ], 2263 [ ENABLED_CERTEXT=no ] 2264 ) 2265if test "$ENABLED_OPENVPN" = "yes" 2266then 2267 ENABLED_CERTEXT=yes 2268fi 2269 2270 2271# DECODED CERT CACHE 2272AC_ARG_ENABLE([certgencache], 2273 [AS_HELP_STRING([--enable-certgencache],[Enable decoded cert caching (default: disabled)])], 2274 [ ENABLED_certgencache=$enableval ], 2275 [ ENABLED_certgencache=no ] 2276 ) 2277 2278if test "$ENABLED_certgencache" = "yes" 2279then 2280 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN_CACHE" 2281fi 2282 2283 2284# SEP 2285AC_ARG_ENABLE([sep], 2286 [AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])], 2287 [ ENABLED_SEP=$enableval ], 2288 [ ENABLED_SEP=no ] 2289 ) 2290if test "$ENABLED_SEP" = "yes" 2291then 2292 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEP -DKEEP_PEER_CERT" 2293fi 2294 2295 2296# HKDF 2297AC_ARG_ENABLE([hkdf], 2298 [AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])], 2299 [ ENABLED_HKDF=$enableval ], 2300 [ ENABLED_HKDF=no ] 2301 ) 2302if test "$ENABLED_TLS13" = "yes" 2303then 2304 ENABLED_HKDF="yes" 2305fi 2306if test "$ENABLED_HKDF" = "yes" 2307then 2308 AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF" 2309fi 2310 2311# X9.63 KDF 2312AC_ARG_ENABLE([x963kdf], 2313 [AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])], 2314 [ ENABLED_X963KDF=$enableval ], 2315 [ ENABLED_X963KDF=no ] 2316 ) 2317if test "$ENABLED_X963KDF" = "yes" 2318then 2319 AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF" 2320fi 2321 2322# DSA 2323AC_ARG_ENABLE([dsa], 2324 [AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])], 2325 [ ENABLED_DSA=$enableval ], 2326 [ ENABLED_DSA=no ] 2327 ) 2328 2329if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes" 2330then 2331 ENABLED_DSA="yes" 2332fi 2333 2334if test "$ENABLED_DSA" = "no" && test "$ENABLED_OPENSSH" = "no" 2335then 2336 AM_CFLAGS="$AM_CFLAGS -DNO_DSA" 2337else 2338 ENABLED_CERTS=yes 2339fi 2340 2341# ECC Shamir 2342AC_ARG_ENABLE([eccshamir], 2343 [AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled)])], 2344 [ ENABLED_ECC_SHAMIR=$enableval ], 2345 [ ENABLED_ECC_SHAMIR=yes ] 2346 ) 2347 2348 2349# ECC 2350AC_ARG_ENABLE([ecc], 2351 [AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled)])], 2352 [ ENABLED_ECC=$enableval ], 2353 [ ENABLED_ECC=yes ] 2354 ) 2355 2356# lean psk doesn't need ecc 2357if test "$ENABLED_LEANPSK" = "yes" 2358then 2359 ENABLED_ECC=no 2360fi 2361 2362if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" 2363then 2364 ENABLED_ECC="yes" 2365fi 2366 2367if test "$ENABLED_ECC" != "no" 2368then 2369 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" 2370 if test "$ENABLED_ECC_SHAMIR" = "yes" && test "$ENABLED_LOWRESOURCE" = "no" 2371 then 2372 AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" 2373 fi 2374 2375 if test "$ENABLED_ECC" = "nonblock" 2376 then 2377 AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK" 2378 fi 2379 2380 if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_FASTMATH" = "yes" 2381 then 2382 AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE" 2383 fi 2384 2385 ENABLED_CERTS=yes 2386fi 2387 2388 2389# ECC Custom Curves 2390AC_ARG_ENABLE([ecccustcurves], 2391 [AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])], 2392 [ ENABLED_ECCCUSTCURVES=$enableval ], 2393 [ ENABLED_ECCCUSTCURVES=no ] 2394 ) 2395 2396if test "$ENABLED_ECCCUSTCURVES" != "no" 2397then 2398 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES" 2399 2400 # For distro, all or ecccustcurves=all builds, enable all curve types 2401 if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all" 2402 then 2403 # Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves 2404 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ" 2405 2406 # Enable ECC Cofactor support 2407 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH" 2408 2409 # If fastmath enabled and on x86 use speedups 2410 if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64" 2411 then 2412 AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521" 2413 fi 2414 fi 2415fi 2416 2417 2418# ECC Minimum Key Size 2419ENABLED_ECCMINSZ=224 2420AC_ARG_WITH([eccminsz], 2421 [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])], 2422 [ 2423 ENABLED_ECCMINSZ=$withval 2424 AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$withval" 2425 ] 2426) 2427 2428# Compressed Key 2429AC_ARG_ENABLE([compkey], 2430 [AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])], 2431 [ ENABLED_COMPKEY=$enableval ], 2432 [ ENABLED_COMPKEY=no ] 2433 ) 2434 2435if test "$ENABLED_WPAS" = "yes" 2436then 2437 ENABLED_COMPKEY=yes 2438fi 2439if test "$ENABLED_COMPKEY" = "yes" 2440then 2441 AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY" 2442fi 2443 2444 2445# for using memory optimization setting on both curve25519 and ed25519 2446ENABLED_CURVE25519_SMALL=no 2447ENABLED_ED25519_SMALL=no 2448 2449# CURVE25519 2450AC_ARG_ENABLE([curve25519], 2451 [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])], 2452 [ ENABLED_CURVE25519=$enableval ], 2453 [ ENABLED_CURVE25519=no ] 2454 ) 2455 2456 2457if test "$ENABLED_OPENSSH" = "yes" 2458then 2459 ENABLED_CURVE25519="yes" 2460fi 2461 2462if test "$ENABLED_CURVE25519" != "no" 2463then 2464 if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" 2465 then 2466 AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL" 2467 ENABLED_CURVE25519_SMALL=yes 2468 ENABLED_CURVE25519=yes 2469 fi 2470 2471 if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes" 2472 then 2473 AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT" 2474 ENABLED_CURVE25519=yes 2475 fi 2476 2477 AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519" 2478 ENABLED_FEMATH=yes 2479fi 2480 2481 2482# ED25519 2483AC_ARG_ENABLE([ed25519], 2484 [AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])], 2485 [ ENABLED_ED25519=$enableval ], 2486 [ ENABLED_ED25519=no ] 2487 ) 2488AC_ARG_ENABLE([ed25519-stream], 2489 [AS_HELP_STRING([--enable-ed25519-stream],[Enable wolfSSL ED25519 support with streaming verify APIs (default: disabled)])], 2490 [ ENABLED_ED25519_STREAM=$enableval ], 2491 [ ENABLED_ED25519_STREAM=no ] 2492 ) 2493 2494 2495if test "$ENABLED_OPENSSH" = "yes" 2496then 2497 ENABLED_ED25519="yes" 2498fi 2499 2500# for using memory optimization setting on both curve448 and ed448 2501ENABLED_CURVE448_SMALL=no 2502ENABLED_ED448_SMALL=no 2503 2504# CURVE448 2505AC_ARG_ENABLE([curve448], 2506 [AS_HELP_STRING([--enable-curve448],[Enable Curve448 (default: disabled)])], 2507 [ ENABLED_CURVE448=$enableval ], 2508 [ ENABLED_CURVE448=no ] 2509 ) 2510 2511if test "$ENABLED_CURVE448" != "no" 2512then 2513 if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" 2514 then 2515 AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL" 2516 ENABLED_CURVE448_SMALL=yes 2517 ENABLED_CURVE448=yes 2518 fi 2519 2520 if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes" 2521 then 2522 AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT" 2523 ENABLED_CURVE448=yes 2524 fi 2525 2526 AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448" 2527 ENABLED_FE448=yes 2528fi 2529 2530# ED448 2531AC_ARG_ENABLE([ed448], 2532 [AS_HELP_STRING([--enable-ed448],[Enable ED448 (default: disabled)])], 2533 [ ENABLED_ED448=$enableval ], 2534 [ ENABLED_ED448=no ] 2535 ) 2536AC_ARG_ENABLE([ed448-stream], 2537 [AS_HELP_STRING([--enable-ed448-stream],[Enable wolfSSL ED448 support with streaming verify APIs (default: disabled)])], 2538 [ ENABLED_ED448_STREAM=$enableval ], 2539 [ ENABLED_ED448_STREAM=no ] 2540 ) 2541 2542if test "$ENABLED_ED448" != "no" && test "$ENABLED_32BIT" = "no" 2543then 2544 if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" 2545 then 2546 AM_CFLAGS="$AM_CFLAGS -DED448_SMALL" 2547 ENABLED_ED448_SMALL=yes 2548 ENABLED_CURVE448_SMALL=yes 2549 ENABLED_ED448=yes 2550 fi 2551 2552 if test "$ENABLED_SHA512" = "no" 2553 then 2554 AC_MSG_ERROR([cannot enable ed448 without enabling sha512.]) 2555 fi 2556 if test "$HAVE_FIPS_VERSION" = 2 2557 then 2558 AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode]) 2559 fi 2560 ENABLED_FE448=yes 2561 ENABLED_GE448=yes 2562 AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448" 2563 2564 # EdDSA448 requires SHAKE256 which requires SHA-3 2565 ENABLED_SHA3=yes 2566 ENABLED_SHAKE256=yes 2567 2568 ENABLED_CERTS=yes 2569fi 2570 2571if test "$ENABLED_ED448_STREAM" != "no" 2572then 2573 if test "$ENABLED_ED448" = "no" 2574 then 2575 AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled]) 2576 else 2577 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" 2578 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY" 2579 fi 2580fi 2581 2582 2583 2584# FP ECC, Fixed Point cache ECC 2585AC_ARG_ENABLE([fpecc], 2586 [AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])], 2587 [ ENABLED_FPECC=$enableval ], 2588 [ ENABLED_FPECC=no ] 2589 ) 2590 2591if test "$ENABLED_FPECC" = "yes" 2592then 2593 if test "$ENABLED_ECC" = "no" 2594 then 2595 AC_MSG_ERROR([cannot enable fpecc without enabling ecc.]) 2596 fi 2597 AM_CFLAGS="$AM_CFLAGS -DFP_ECC" 2598fi 2599 2600 2601# ECC encrypt 2602AC_ARG_ENABLE([eccencrypt], 2603 [AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled). yes = SEC1 standard, iso18033 = ISO 18033 standard, old = original wolfSSL algorithm])], 2604 [ ENABLED_ECC_ENCRYPT=$enableval ], 2605 [ ENABLED_ECC_ENCRYPT=no ] 2606 ) 2607 2608if test "$ENABLED_ECC_ENCRYPT" != "no" 2609then 2610 if test "$ENABLED_ECC" = "no" 2611 then 2612 AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.]) 2613 fi 2614 if test "$ENABLED_HKDF" = "no" 2615 then 2616 AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.]) 2617 fi 2618 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT" 2619 if test "$ENABLED_ECC_ENCRYPT" = "old" 2620 then 2621 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_OLD" 2622 fi 2623 if test "$ENABLED_ECC_ENCRYPT" = "iso18033" 2624 then 2625 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_ISO18033" 2626 fi 2627fi 2628 2629# Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI) 2630AC_ARG_ENABLE([eccsi], 2631 [AS_HELP_STRING([--enable-eccsi],[Enable ECCSI (default: disabled)])], 2632 [ ENABLED_ECCSI=$enableval ], 2633 [ ENABLED_ECCSI=no ] 2634 ) 2635 2636if test "x$ENABLED_ECCSI" = "xyes" 2637then 2638 AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_ECCSI -DWOLFSSL_PUBLIC_MP" 2639fi 2640 2641# Sakai-Kasahara Key Encryption (SAKKE) - pairing based crypto 2642AC_ARG_ENABLE([sakke], 2643 [AS_HELP_STRING([--enable-sakke],[Enable SAKKE - paring based crypto (default: disabled)])], 2644 [ ENABLED_SAKKE=$enableval ], 2645 [ ENABLED_SAKKE=no ] 2646 ) 2647 2648if test "x$ENABLED_SAKKE" = "xsmall" 2649then 2650 ENABLED_SAKKE="yes" 2651 ENABLED_SAKKE_SMALL="yes" 2652 AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_SAKKE_SMALL" 2653fi 2654if test "x$ENABLED_SAKKE" = "xyes" 2655then 2656 AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SAKKE" 2657fi 2658 2659 2660# PSK 2661AC_ARG_ENABLE([psk], 2662 [AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])], 2663 [ ENABLED_PSK=$enableval ], 2664 [ ENABLED_PSK=no ] 2665 ) 2666 2667# Single PSK identity 2668AC_ARG_ENABLE([psk-one-id], 2669 [AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])], 2670 [ ENABLED_PSK_ONE_ID=$enableval ], 2671 [ ENABLED_PSK_ONE_ID=no ] 2672 ) 2673if test "$ENABLED_PSK_ONE_ID" = "yes" 2674then 2675 if test "$ENABLED_PSK" = "no" 2676 then 2677 ENABLED_PSK="yes" 2678 fi 2679 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSK_ONE_ID" 2680fi 2681 2682# ERROR STRINGS 2683AC_ARG_ENABLE([errorstrings], 2684 [AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])], 2685 [ ENABLED_ERROR_STRINGS=$enableval ], 2686 [ ENABLED_ERROR_STRINGS=yes ] 2687 ) 2688 2689if test "$ENABLED_ERROR_STRINGS" = "no" 2690then 2691 AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" 2692else 2693 # turn off error strings if leanpsk or leantls on 2694 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 2695 then 2696 AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS" 2697 ENABLED_ERROR_STRINGS=no 2698 fi 2699fi 2700 2701 2702# ERROR QUEUE 2703AC_ARG_ENABLE([errorqueue], 2704 [AS_HELP_STRING([--disable-errorqueue],[Disables adding nodes to error queue when compiled with OPENSSL_EXTRA (default: enabled)])], 2705 [ ENABLED_ERROR_QUEUE=$enableval ], 2706 [ ENABLED_ERROR_QUEUE=yes ] 2707 ) 2708 2709# OLD TLS 2710AC_ARG_ENABLE([oldtls], 2711 [AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: enabled)])], 2712 [ ENABLED_OLD_TLS=$enableval ], 2713 [ ENABLED_OLD_TLS=yes ] 2714 ) 2715 2716if test "$ENABLED_OLD_TLS" = "no" 2717then 2718 AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" 2719else 2720 # turn off old if leanpsk or leantls on 2721 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 2722 then 2723 AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" 2724 ENABLED_OLD_TLS=no 2725 fi 2726fi 2727 2728 2729# TLSv1.2 2730AC_ARG_ENABLE([tlsv12], 2731 [AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])], 2732 [ ENABLED_TLSV12=$enableval ], 2733 [ ENABLED_TLSV12=yes ] 2734 ) 2735 2736if test "$ENABLED_TLSV12" = "no" 2737then 2738 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS" 2739fi 2740 2741 2742# TLSv1.0 2743AC_ARG_ENABLE([tlsv10], 2744 [AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])], 2745 [ ENABLED_TLSV10=$enableval ], 2746 [ ENABLED_TLSV10=no ] 2747 ) 2748 2749if test "$ENABLED_TLSV10" = "yes" 2750then 2751 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10" 2752fi 2753 2754 2755# SSLv3 2756AC_ARG_ENABLE([sslv3], 2757 [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])], 2758 [ ENABLED_SSLV3=$enableval ], 2759 [ ENABLED_SSLV3=no] 2760 ) 2761 2762if test "x$ENABLED_HAPROXY" = "xyes" && test "x$ENABLED_ALL" = "xno" 2763then 2764 ENABLED_SSLV3="yes" 2765fi 2766 2767if test "$ENABLED_SSLV3" = "yes" 2768then 2769 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3" 2770fi 2771 2772 2773# STACK SIZE info for testwolfcrypt and examples 2774AC_ARG_ENABLE([stacksize], 2775 [AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])], 2776 [ ENABLED_STACKSIZE=$enableval ], 2777 [ ENABLED_STACKSIZE=no ] 2778 ) 2779 2780if test "$ENABLED_STACKSIZE" != "no" 2781then 2782 AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)]) 2783 AC_CHECK_DECL([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)]) 2784 AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack])) 2785 AC_CHECK_DECL([pthread_attr_setstack], [], [AC_MSG_ERROR(stacksize needs pthread_attr_setstack)], [[#include <pthread.h>]]) 2786 AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE" 2787fi 2788 2789if test "$ENABLED_STACKSIZE" = "verbose" 2790then 2791 if test "$thread_ls_on" != "yes" 2792 then 2793 AC_MSG_ERROR(stacksize-verbose needs thread-local storage.) 2794 fi 2795 AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE_VERBOSE" 2796fi 2797 2798 2799# MEMORY 2800AC_ARG_ENABLE([memory], 2801 [AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])], 2802 [ ENABLED_MEMORY=$enableval ], 2803 [ ENABLED_MEMORY=yes ] 2804 ) 2805 2806if test "$ENABLED_MEMORY" = "no" 2807then 2808 AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY" 2809else 2810 # turn off memory cb if leanpsk or leantls on 2811 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 2812 then 2813 # but don't turn on NO_WOLFSSL_MEMORY because using own 2814 ENABLED_MEMORY=no 2815 fi 2816fi 2817 2818 2819# MEMORY SIZE info 2820AC_ARG_ENABLE([trackmemory], 2821 [AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])], 2822 [ ENABLED_TRACKMEMORY=$enableval ], 2823 [ ENABLED_TRACKMEMORY=no ] 2824 ) 2825 2826if test "$ENABLED_TRACKMEMORY" != "no" 2827then 2828 if test "$ENABLED_MEMORY" = "yes" 2829 then 2830 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY" 2831 else 2832 AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).]) 2833 fi 2834 if test "$ENABLED_TRACKMEMORY" = "verbose" 2835 then 2836 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY_VERBOSE" 2837 fi 2838fi 2839 2840# MEMORY usage logging 2841AC_ARG_ENABLE([memorylog], 2842 [AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])], 2843 [ ENABLED_MEMORYLOG=$enableval ], 2844 [ ENABLED_MEMORYLOG=no ] 2845 ) 2846 2847if test "$ENABLED_MEMORYLOG" = "yes" 2848then 2849 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG" 2850fi 2851 2852 2853# STACK usage logging 2854AC_ARG_ENABLE([stacklog], 2855 [AS_HELP_STRING([--enable-stacklog],[Enable stack logging (default: disabled)])], 2856 [ ENABLED_STACKLOG=$enableval ], 2857 [ ENABLED_STACKLOG=no ] 2858 ) 2859 2860if test "$ENABLED_STACKLOG" = "yes" 2861then 2862 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STACK_LOG -finstrument-functions" 2863fi 2864 2865 2866ENABLED_WOLFSENTRY=no 2867 2868AC_ARG_WITH([wolfsentry], 2869 [AS_HELP_STRING([--with-wolfsentry=PATH],[PATH to directory with wolfSentry installation])], 2870 [WOLFSENTRY_INSTALLDIR=$withval], 2871 [WOLFSENTRY_INSTALLDIR=""]) 2872 2873AC_ARG_WITH([wolfsentry-lib], 2874 [AS_HELP_STRING([--with-wolfsentry-lib=PATH],[PATH to directory with wolfSentry library])], 2875 [WOLFSENTRY_LIB=$withval], 2876 [WOLFSENTRY_LIB=""]) 2877 2878AC_ARG_WITH([wolfsentry-include], 2879 [AS_HELP_STRING([--with-wolfsentry-include=PATH],[PATH to directory with wolfSentry header files])], 2880 [WOLFSENTRY_INCLUDE=$withval], 2881 [WOLFSENTRY_INCLUDE=""]) 2882 2883if test -n "$WOLFSENTRY_INSTALLDIR" || test -n "$WOLFSENTRY_LIB" || test -n "$WOLFSENTRY_INCLUDE" 2884then 2885 ENABLED_WOLFSENTRY=yes 2886fi 2887 2888AC_ARG_ENABLE([wolfsentry], 2889 [AS_HELP_STRING([--enable-wolfsentry],[Enable wolfSentry hooks and plugins (default: disabled)])], 2890 [ ENABLED_WOLFSENTRY=$enableval ], 2891 [ ] 2892 ) 2893 2894if test "$WOLFSENTRY_LIB" = "" && test -n "$WOLFSENTRY_INSTALLDIR" 2895then 2896 WOLFSENTRY_LIB="${WOLFSENTRY_INSTALLDIR}/lib" 2897fi 2898 2899if test "$WOLFSENTRY_INCLUDE" = "" && test -n "$WOLFSENTRY_INSTALLDIR" 2900then 2901 WOLFSENTRY_INCLUDE="${WOLFSENTRY_INSTALLDIR}/include" 2902fi 2903 2904if test -n "$WOLFSENTRY_LIB" 2905then 2906 AC_MSG_CHECKING([for $WOLFSENTRY_LIB]) 2907 if ! test -d "$WOLFSENTRY_LIB" 2908 then 2909 AC_MSG_ERROR([wolfSentry lib dir $WOLFSENTRY_LIB not found.]) 2910 fi 2911 AC_MSG_RESULT([yes]) 2912 WOLFSENTRY_LIB="-L$WOLFSENTRY_LIB" 2913fi 2914 2915if test -n "$WOLFSENTRY_INCLUDE" 2916then 2917 AC_MSG_CHECKING([for $WOLFSENTRY_INCLUDE]) 2918 if ! test -d "$WOLFSENTRY_INCLUDE" 2919 then 2920 AC_MSG_ERROR([wolfSentry include dir $WOLFSENTRY_INCLUDE not found.]) 2921 fi 2922 AC_MSG_RESULT([yes]) 2923 WOLFSENTRY_INCLUDE="-I$WOLFSENTRY_INCLUDE" 2924fi 2925 2926if test "$ENABLED_WOLFSENTRY" = "yes" 2927then 2928 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS" 2929 WOLFSENTRY_LIB="$WOLFSENTRY_LIB -lwolfsentry" 2930fi 2931 2932AC_SUBST([WOLFSENTRY_LIB]) 2933AC_SUBST([WOLFSENTRY_INCLUDE]) 2934 2935 2936if test "$ENABLED_QT" = "yes" 2937then 2938 # Requires opensslextra and opensslall 2939 if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 2940 then 2941 ENABLED_OPENSSLALL="yes" 2942 ENABLED_OPENSSLEXTRA="yes" 2943 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL -DHAVE_EX_DATA" 2944 fi 2945 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QT -DSESSION_CERTS -DOPENSSL_NO_SSL2" 2946 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DHAVE_EX_DATA" 2947 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ" 2948 if test "x$ENABLED_ALL" = "xno"; then 2949 # Don't enable old SSL/TLS for --enable-all, which is used by distro 2950 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3 -DWOLFSSL_ALLOW_TLSV10" 2951 fi 2952 2953 # Requires OCSP make sure on 2954 if test "x$ENABLED_OCSP" = "xno" 2955 then 2956 ENABLED_OCSP="yes" 2957 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 2958 fi 2959 2960 # Requires PSK make sure on 2961 if test "x$ENABLED_PSK" = "xno" 2962 then 2963 ENABLED_PSK="yes" 2964 fi 2965 2966 # Requires RC4 make sure on (if not forcefully disabled with --disable-arc4) 2967 test "$enable_arc4" = "" && enable_arc4=yes 2968 2969 if test "x$ENABLED_CERTEXT" = "xno" 2970 then 2971 ENABLED_CERTEXT="yes" 2972 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" 2973 fi 2974 2975 if test "x$ENABLED_CERTGEN" = "xno" 2976 then 2977 ENABLED_CERTGEN="yes" 2978 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 2979 fi 2980 2981 # requires oldnames disabled 2982 enable_oldnames=no 2983fi 2984 2985AC_ARG_ENABLE([qt-test], 2986 [AS_HELP_STRING([--enable-qt-test],[Enable qt tests (default: disabled)])], 2987 [ ENABLED_QT_TEST=$enableval ], 2988 [ ENABLED_QT_TEST=no ] 2989 ) 2990 2991if test "$ENABLED_QT_TEST" = "yes" 2992then 2993 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3 -DWOLFSSL_STATIC_RSA" 2994 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_PSK" 2995fi 2996 2997# RSA 2998AC_ARG_ENABLE([rsa], 2999 [AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled)])], 3000 [ ENABLED_RSA=$enableval ], 3001 [ ENABLED_RSA=yes ] 3002 ) 3003 3004if test "$ENABLED_RSA" = "no" 3005then 3006 AM_CFLAGS="$AM_CFLAGS -DNO_RSA" 3007else 3008 # turn off RSA if leanpsk or leantls on 3009 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 3010 then 3011 AM_CFLAGS="$AM_CFLAGS -DNO_RSA" 3012 ENABLED_RSA=no 3013 else 3014 ENABLED_CERTS=yes 3015 fi 3016fi 3017 3018AC_ARG_ENABLE([oaep], 3019 [AS_HELP_STRING([--enable-oaep],[Enable RSA OAEP (default: enabled)])], 3020 [ ENABLED_OAEP=$enableval ], 3021 [ ENABLED_OAEP=yes ] 3022 ) 3023 3024if test "$ENABLED_OAEP" = "no" 3025then 3026 AM_CFLAGS="$AM_CFLAGS -DWC_NO_RSA_OAEP" 3027fi 3028 3029AC_ARG_ENABLE([rsapub], 3030 [AS_HELP_STRING([--enable-rsapub],[Enable RSA Public Only (default: disabled)])], 3031 [ ENABLED_RSAPUB=$enableval ], 3032 [ ENABLED_RSAPUB=no ] 3033 ) 3034 3035if test "$ENABLED_RSAPUB" = "yes" 3036then 3037 if test "$ENABLED_RSA" = "no" 3038 then 3039 ENABLED_RSA="yes" 3040 fi 3041 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY" 3042fi 3043 3044AC_ARG_ENABLE([rsavfy], 3045 [AS_HELP_STRING([--enable-rsavfy],[Enable RSA Verify Inline Only (default: disabled)])], 3046 [ ENABLED_RSAVFY=$enableval ], 3047 [ ENABLED_RSAVFY=no ] 3048 ) 3049 3050if test "$ENABLED_RSAVFY" = "yes" 3051then 3052 if test "$ENABLED_RSA" = "no" 3053 then 3054 ENABLED_RSA="yes" 3055 fi 3056 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_ONLY" 3057 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_VERIFY_INLINE -DNO_SIG_WRAPPER" 3058 AM_CFLAGS="$AM_CFLAGS -DNO_CHECK_PRIVATE_KEY" 3059fi 3060 3061 3062# RSA-PSS 3063AC_ARG_ENABLE([rsapss], 3064 [ --enable-rsapss Enable RSA-PSS (default: disabled)], 3065 [ ENABLED_RSAPSS=$enableval ], 3066 [ ENABLED_RSAPSS=no ] 3067 ) 3068 3069if test "$ENABLED_RSA" = "no" 3070then 3071 ENABLED_RSAPSS="no" 3072else 3073 if test "$ENABLED_TLS13" = "yes" 3074 then 3075 ENABLED_RSAPSS="yes" 3076 fi 3077fi 3078if test "$ENABLED_RSAPSS" = "yes" 3079then 3080 AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS" 3081fi 3082 3083 3084# DH 3085AC_ARG_ENABLE([dh], 3086 [AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])], 3087 [ ENABLED_DH=$enableval ], 3088 [ ENABLED_DH=yes ] 3089 ) 3090 3091if test "$ENABLED_OPENSSH" = "yes" 3092then 3093 ENABLED_DH="yes" 3094fi 3095 3096if test "$ENABLED_DH" = "no" 3097then 3098 AM_CFLAGS="$AM_CFLAGS -DNO_DH" 3099else 3100 # turn off DH if leanpsk or leantls on 3101 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 3102 then 3103 AM_CFLAGS="$AM_CFLAGS -DNO_DH" 3104 ENABLED_DH=no 3105 fi 3106fi 3107 3108if test "x$ENABLED_SNIFFER" = "xyes" && test "x$ENABLED_DH" = "xyes" 3109then 3110 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA" 3111fi 3112 3113 3114# Anonymous 3115AC_ARG_ENABLE([anon], 3116 [AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])], 3117 [ ENABLED_ANON=$enableval ], 3118 [ ENABLED_ANON=no ] 3119 ) 3120 3121if test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \ 3122 test "x$ENABLED_HAPROXY" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" 3123then 3124 ENABLED_ANON=yes 3125fi 3126if test "x$ENABLED_ANON" = "xyes" 3127then 3128 if test "x$ENABLED_DH" != "xyes" 3129 then 3130 AC_MSG_ERROR([Anonymous suite requires DH.]) 3131 fi 3132 AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON" 3133fi 3134 3135 3136# ASN 3137# turn off asn, which means no certs, no rsa, no dsa, no ecc, 3138# and no big int (unless dh is on) 3139AC_ARG_ENABLE([asn], 3140 [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])], 3141 [ ENABLED_ASN=$enableval ], 3142 [ ENABLED_ASN=yes ] 3143 ) 3144 3145if test "$ENABLED_ASN" = "template" 3146then 3147 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE" 3148 ENABLED_ASN=yes 3149fi 3150 3151if test "$ENABLED_ASN" = "no" 3152then 3153 AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" 3154 enable_pwdbased=no 3155 if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" 3156 then 3157 # DH and ECC need bigint 3158 AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT" 3159 fi 3160else 3161 # turn off ASN if leanpsk on 3162 if test "$ENABLED_LEANPSK" = "yes" 3163 then 3164 AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT" 3165 ENABLED_ASN=no 3166 else 3167 if test "$ENABLED_ASN" = "nocrypt" 3168 then 3169 AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT" 3170 enable_pwdbased=no 3171 fi 3172 fi 3173fi 3174 3175if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && test "$ENABLED_ASN" = "no" 3176then 3177 AC_MSG_ERROR([please disable rsa if disabling asn.]) 3178fi 3179 3180if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no" 3181then 3182 AC_MSG_ERROR([please disable dsa if disabling asn.]) 3183fi 3184 3185# DH and ECC need bigint 3186if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no" 3187then 3188 ENABLED_FASTMATH=no 3189 ENABLED_SLOWMATH=no 3190fi 3191 3192 3193# AES 3194AC_ARG_ENABLE([aes], 3195 [AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])], 3196 [ ENABLED_AES=$enableval ], 3197 [ ENABLED_AES=yes ] 3198 ) 3199 3200if test "$ENABLED_AES" = "no" 3201then 3202 AM_CFLAGS="$AM_CFLAGS -DNO_AES" 3203 if test "$ENABLED_FORTRESS" = "yes" 3204 then 3205 AC_MSG_ERROR([fortress requires aes]) 3206 fi 3207 if test "$ENABLED_ECC_ENCRYPT" = "yes" 3208 then 3209 AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.]) 3210 fi 3211 if test "$ENABLED_AESGCM" = "yes" 3212 then 3213 AC_MSG_ERROR([AESGCM requires AES.]) 3214 fi 3215 if test "$ENABLED_AESCCM" = "yes" 3216 then 3217 AC_MSG_ERROR([AESCCM requires AES.]) 3218 fi 3219 if test "$ENABLED_AESCTR" = "yes" 3220 then 3221 AC_MSG_ERROR([AESCTR requires AES.]) 3222 fi 3223else 3224 # turn off AES if leanpsk on 3225 if test "$ENABLED_LEANPSK" = "yes" 3226 then 3227 AM_CFLAGS="$AM_CFLAGS -DNO_AES" 3228 ENABLED_AES=no 3229 fi 3230fi 3231 3232 3233# CODING 3234AC_ARG_ENABLE([coding], 3235 [AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])], 3236 [ ENABLED_CODING=$enableval ], 3237 [ ENABLED_CODING=yes ] 3238 ) 3239 3240if test "$ENABLED_CODING" = "no" 3241then 3242 AM_CFLAGS="$AM_CFLAGS -DNO_CODING" 3243else 3244 # turn off CODING if leanpsk on 3245 if test "$ENABLED_LEANPSK" = "yes" 3246 then 3247 AM_CFLAGS="$AM_CFLAGS -DNO_CODING" 3248 ENABLED_CODING=no 3249 fi 3250fi 3251 3252 3253# Base64 Encode 3254BASE64ENCODE_DEFAULT=no 3255if test "$host_cpu" = "x86_64" 3256then 3257BASE64ENCODE_DEFAULT=yes 3258fi 3259AC_ARG_ENABLE([base64encode], 3260 [AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64)])], 3261 [ ENABLED_BASE64ENCODE=$enableval ], 3262 [ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ] 3263 ) 3264if test "$ENABLED_BASE64ENCODE" = "yes" 3265then 3266 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE" 3267fi 3268 3269 3270# Base16 3271AC_ARG_ENABLE([base16], 3272 [AS_HELP_STRING([--enable-base16],[Enable Base16 encoding/decoding (default: disabled)])], 3273 [ ENABLED_BASE16=$enableval ], 3274 [ ENABLED_BASE16=no ] 3275 ) 3276 3277if test "$ENABLED_CAAM" = "qnx" 3278then 3279 ENABLED_BASE16=yes 3280fi 3281 3282if test "$ENABLED_BASE16" = "yes" 3283then 3284 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE16" 3285fi 3286 3287 3288# DES3 3289AC_ARG_ENABLE([des3], 3290 [AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])], 3291 [ ENABLED_DES3=$enableval ], 3292 [ ENABLED_DES3=no ] 3293 ) 3294 3295if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_KRB" = "yes" 3296then 3297 ENABLED_DES3="yes" 3298fi 3299 3300# IDEA 3301AC_ARG_ENABLE([idea], 3302 [AS_HELP_STRING([--enable-idea],[Enable IDEA Cipher (default: disabled)])], 3303 [ ENABLED_IDEA=$enableval ], 3304 [ ENABLED_IDEA=no ] 3305 ) 3306 3307if test "x$ENABLED_IDEA" = "xyes" 3308then 3309 AM_CFLAGS="$AM_CFLAGS -DHAVE_IDEA" 3310fi 3311 3312# ARC4 3313if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes" 3314then 3315 # Requires RC4 make sure on (if not forcefully disabled with --disable-arc4) 3316 test "$enable_arc4" = "" && enable_arc4=yes 3317fi 3318 3319AC_ARG_ENABLE([arc4], 3320 [AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])], 3321 [ ENABLED_ARC4=$enableval ], 3322 [ ENABLED_ARC4=no ] 3323 ) 3324 3325# MD5 3326AC_ARG_ENABLE([md5], 3327 [AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])], 3328 [ ENABLED_MD5=$enableval ], 3329 [ ENABLED_MD5=yes ] 3330 ) 3331 3332 3333# SHA 3334AC_ARG_ENABLE([sha], 3335 [AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])], 3336 [ ENABLED_SHA=$enableval ], 3337 [ ENABLED_SHA=yes ] 3338 ) 3339 3340if test "$ENABLED_SHA" = "no" 3341then 3342 AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" 3343else 3344 # turn off SHA if leanpsk or leantls on 3345 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 3346 then 3347 AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS" 3348 ENABLED_SHA=no 3349 fi 3350fi 3351 3352 3353# CMAC 3354AC_ARG_ENABLE([cmac], 3355 [AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])], 3356 [ ENABLED_CMAC=$enableval ], 3357 [ ENABLED_CMAC=no ] 3358 ) 3359 3360if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" 3361then 3362 ENABLED_CMAC=yes 3363fi 3364 3365AS_IF([test "x$ENABLED_CMAC" = "xyes"], 3366 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"]) 3367 3368 3369# AES-XTS 3370AC_ARG_ENABLE([xts], 3371 [AS_HELP_STRING([--enable-xts],[Enable XTS (default: disabled)])], 3372 [ ENABLED_XTS=$enableval ], 3373 [ ENABLED_XTS=no ] 3374 ) 3375 3376AS_IF([test "x$ENABLED_XTS" = "xyes"], 3377 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"]) 3378 3379# Web Server Build 3380AC_ARG_ENABLE([webserver], 3381 [AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])], 3382 [ ENABLED_WEBSERVER=$enableval ], 3383 [ ENABLED_WEBSERVER=no ] 3384 ) 3385 3386if test "$ENABLED_WEBSERVER" = "yes" 3387then 3388 AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER" 3389fi 3390 3391# Web Client Build (HTTP Client) 3392AC_ARG_ENABLE([webclient], 3393 [AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])], 3394 [ ENABLED_WEBCLIENT=$enableval ], 3395 [ ENABLED_WEBCLIENT=no ] 3396 ) 3397 3398if test "$ENABLED_WEBCLIENT" = "yes" 3399then 3400 AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT" 3401fi 3402 3403 3404# HC128 3405AC_ARG_ENABLE([hc128], 3406 [AS_HELP_STRING([--enable-hc128],[Enable HC-128 (default: disabled)])], 3407 [ ENABLED_HC128=$enableval ], 3408 [ ENABLED_HC128=no ] 3409 ) 3410 3411if test "$ENABLED_HC128" = "no" 3412then 3413 AM_CFLAGS="$AM_CFLAGS -DNO_HC128" 3414else 3415 AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128" 3416fi 3417 3418 3419# RABBIT 3420AC_ARG_ENABLE([rabbit], 3421 [AS_HELP_STRING([--enable-rabbit],[Enable RABBIT (default: disabled)])], 3422 [ ENABLED_RABBIT=$enableval ], 3423 [ ENABLED_RABBIT=no ] 3424 ) 3425 3426if test "$ENABLED_RABBIT" = "no" 3427then 3428 AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT" 3429else 3430 AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT" 3431fi 3432 3433 3434# RC2 3435AC_ARG_ENABLE([rc2], 3436 [AS_HELP_STRING([--enable-rc2],[Enable RC2 encryption (default: disabled)])], 3437 [ ENABLED_RC2=$enableval ], 3438 [ ENABLED_RC2=no ] 3439 ) 3440 3441if test "$ENABLED_RC2" = "yes" 3442then 3443 AM_CFLAGS="$AM_CFLAGS -DWC_RC2" 3444fi 3445 3446 3447# FIPS feature and macro setup 3448AS_CASE([$FIPS_VERSION], 3449 [v5*], [ # FIPS 140-3 3450 3451 AM_CFLAGS="$AM_CFLAGS \ 3452 -DHAVE_FIPS \ 3453 -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \ 3454 -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ 3455 -DHAVE_ECC_CDH \ 3456 -DWC_RSA_NO_PADDING \ 3457 -DWOLFSSL_ECDSA_SET_K \ 3458 -DWOLFSSL_VALIDATE_ECC_IMPORT \ 3459 -DECC_USER_CURVES \ 3460 -DHAVE_ECC192 \ 3461 -DHAVE_ECC224 \ 3462 -DHAVE_ECC256 \ 3463 -DHAVE_ECC384 \ 3464 -DHAVE_ECC521 \ 3465 -DWOLFSSL_ECDSA_SET_K \ 3466 -DWC_RNG_SEED_CB \ 3467 -DWOLFSSL_VALIDATE_FFC_IMPORT \ 3468 -DHAVE_FFDHE_Q \ 3469 -DHAVE_FFDHE_3072 \ 3470 -DHAVE_FFDHE_4096 \ 3471 -DHAVE_FFDHE_6144 \ 3472 -DHAVE_FFDHE_8192" 3473 3474 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192 3475 3476 # DES3 is incompatible with FIPS 140-3 3477 AS_IF([test "$ENABLED_DES3" != "no"], 3478 [ENABLED_DES3="no"]) 3479 3480 # force various features to FIPS 140-3 defaults, unless overridden with v5-dev: 3481 3482 AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")], 3483 [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"]) 3484 3485 AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")], 3486 [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"]) 3487 3488 AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")], 3489 [enable_ssh="yes"]) 3490 3491 # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list 3492 AS_IF([test "$ENABLED_SHAKE256" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")], 3493 [ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"]) 3494 3495 # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list 3496 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" 3497 3498 AS_IF([test "$ENABLED_AESCCM" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")], 3499 [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) 3500 3501 AS_IF([test "$ENABLED_RSAPSS" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")], 3502 [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) 3503 3504 AS_IF([test "$ENABLED_ECC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")], 3505 [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" 3506 AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")], 3507 [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])], 3508 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT -DWOLFSSL_VALIDATE_ECC_KEYGEN"]) 3509 3510 AS_IF([test "$ENABLED_AESCTR" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")], 3511 [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) 3512 3513 AS_IF([test "$ENABLED_CMAC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")], 3514 [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"]) 3515 3516 AS_IF([test "$ENABLED_HKDF" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")], 3517 [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) 3518 3519 AS_IF([test "$ENABLED_INTELASM" = "yes"], 3520 [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) 3521 3522 AS_IF([test "$ENABLED_SHA512" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")], 3523 [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) 3524 3525 AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")], 3526 [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) 3527 3528 AS_IF([test "$ENABLED_MD5" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_md5" != "yes")], 3529 [ENABLED_MD5="no"; ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"]) 3530 3531 AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2], 3532 [AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")], 3533 [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])]) 3534 3535 AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") || 3536 (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") || 3537 (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") || 3538 (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")], 3539 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"]) 3540 ], 3541 3542 [v2],[ # FIPS 140-2, Cert 3389 3543 AM_CFLAGS="$AM_CFLAGS \ 3544 -DHAVE_FIPS \ 3545 -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \ 3546 -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \ 3547 -DWOLFSSL_KEY_GEN \ 3548 -DWOLFSSL_SHA224 \ 3549 -DWOLFSSL_AES_DIRECT \ 3550 -DHAVE_AES_ECB \ 3551 -DHAVE_ECC_CDH \ 3552 -DWC_RSA_NO_PADDING \ 3553 -DWOLFSSL_VALIDATE_FFC_IMPORT \ 3554 -DHAVE_FFDHE_Q \ 3555 -DHAVE_PUBLIC_FFDHE" 3556 3557 ENABLED_KEYGEN="yes" 3558 ENABLED_SHA224="yes" 3559 ENABLED_DES3="yes" 3560 # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list 3561 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256" 3562 ENABLED_SHAKE256=no 3563 # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list 3564 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256" 3565 AS_IF([test "x$ENABLED_AESCCM" != "xyes"], 3566 [ENABLED_AESCCM="yes" 3567 AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"]) 3568 AS_IF([test "x$ENABLED_RSAPSS" != "xyes"], 3569 [ENABLED_RSAPSS="yes" 3570 AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"]) 3571 AS_IF([test "x$ENABLED_ECC" != "xyes"], 3572 [ENABLED_ECC="yes" 3573 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT" 3574 AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], 3575 [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])], 3576 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"]) 3577 AS_IF([test "x$ENABLED_AESCTR" != "xyes"], 3578 [ENABLED_AESCTR="yes" 3579 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) 3580 AS_IF([test "x$ENABLED_CMAC" != "xyes"], 3581 [ENABLED_CMAC="yes" 3582 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"]) 3583 AS_IF([test "x$ENABLED_HKDF" != "xyes"], 3584 [ENABLED_HKDF="yes" 3585 AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"]) 3586 AS_IF([test "x$ENABLED_INTELASM" = "xyes"], 3587 [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"]) 3588 AS_IF([test "x$ENABLED_SHA512" = "xno"], 3589 [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) 3590 AS_IF([test "x$ENABLED_AESGCM" = "xno"], 3591 [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) 3592 ], 3593 3594 ["rand"],[ 3595 AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR" 3596 ], 3597 3598 ["v1"],[ # FIPS 140-2, Cert 2425 3599 AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" 3600 AS_IF([test "x$ENABLED_SHA512" = "xno"], 3601 [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"]) 3602 AS_IF([test "x$ENABLED_AESGCM" = "xno"], 3603 [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"]) 3604 AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"]) 3605 ]) 3606 3607AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"], 3608 [AC_MSG_ERROR([FIPS requires Thread Local Storage])]) 3609 3610 3611 3612# SELFTEST 3613AC_ARG_ENABLE([selftest], 3614 [AS_HELP_STRING([--enable-selftest],[Enable selftest, Will NOT work w/o CAVP selftest license (default: disabled)])], 3615 [ ENABLED_SELFTEST=$enableval ], 3616 [ ENABLED_SELFTEST="no" ] 3617 ) 3618 3619AS_CASE([$ENABLED_SELFTEST], 3620 ["v2"],[ 3621 # selftest v2 (wolfCrypt 4.1.0) 3622 ENABLED_SELFTEST="yes" 3623 SELFTEST_VERSION="v2" 3624 ], 3625 ["no"],[SELFTEST_VERSION="none"], 3626 [ 3627 # selftest v1 (wolfCrypt 3.14.2) 3628 ENABLED_SELFTEST="yes" 3629 SELFTEST_VERSION="v1" 3630 ]) 3631 3632AS_CASE([$SELFTEST_VERSION], 3633 ["v2"],[ 3634 AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_SELFTEST_VERSION=2 -DHAVE_PUBLIC_FFDHE" 3635 ], 3636 ["v1"],[ 3637 AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE" 3638 ]) 3639 3640 3641# Set SHA-3 and SHAKE256 flags 3642if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no" 3643then 3644 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3" 3645fi 3646AS_IF([test "x$ENABLED_FIPS" = "xyes"],[ENABLED_SHAKE256="no"]) 3647 3648if test "$ENABLED_SHAKE256" = "yes" || test "$ENABLED_SHAKE256" = "small" 3649then 3650 if test "$ENABLED_32BIT" = "no" 3651 then 3652 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256" 3653 if test "$ENABLED_SHA3" = "no" 3654 then 3655 AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3]) 3656 fi 3657 fi 3658fi 3659 3660# set POLY1305 default 3661POLY1305_DEFAULT=yes 3662 3663if test "x$ENABLED_FIPS" = "xyes" 3664then 3665POLY1305_DEFAULT=no 3666fi 3667 3668# POLY1305 3669AC_ARG_ENABLE([poly1305], 3670 [AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])], 3671 [ ENABLED_POLY1305=$enableval ], 3672 [ ENABLED_POLY1305=$POLY1305_DEFAULT] 3673 ) 3674 3675# leanpsk and leantls don't need poly1305 3676if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 3677then 3678 ENABLED_POLY1305=no 3679fi 3680 3681if test "$ENABLED_POLY1305" = "yes" 3682then 3683 AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH" 3684fi 3685 3686 3687# set CHACHA default 3688CHACHA_DEFAULT=yes 3689 3690if test "x$ENABLED_FIPS" = "xyes" 3691then 3692CHACHA_DEFAULT=no 3693fi 3694 3695# CHACHA 3696AC_ARG_ENABLE([chacha], 3697 [AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])], 3698 [ ENABLED_CHACHA=$enableval ], 3699 [ ENABLED_CHACHA=$CHACHA_DEFAULT] 3700 ) 3701 3702# leanpsk and leantls don't need chacha 3703if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 3704then 3705 ENABLED_CHACHA=no 3706fi 3707 3708if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no" 3709then 3710 AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM" 3711fi 3712 3713if test "$ENABLED_CHACHA" != "no" 3714then 3715 AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA" 3716fi 3717 3718 3719# XCHACHA 3720AC_ARG_ENABLE([xchacha], 3721 [AS_HELP_STRING([--enable-xchacha],[Enable XCHACHA (default: disabled).])], 3722 [ ENABLED_XCHACHA=$enableval ], 3723 [ ENABLED_XCHACHA=no] 3724 ) 3725 3726if test "$ENABLED_XCHACHA" = "yes" 3727then 3728 if test "$ENABLED_CHACHA" = "no" 3729 then 3730 AC_MSG_ERROR([XChaCha (--enable-xchacha) depends on ChaCha (--enable-chacha)]) 3731 fi 3732 AM_CFLAGS="$AM_CFLAGS -DHAVE_XCHACHA" 3733fi 3734 3735 3736# Hash DRBG 3737AC_ARG_ENABLE([hashdrbg], 3738 [AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])], 3739 [ ENABLED_HASHDRBG=$enableval ], 3740 [ ENABLED_HASHDRBG=yes ] 3741 ) 3742 3743if test "x$ENABLED_HASHDRBG" = "xyes" 3744then 3745 AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG" 3746else 3747 # turn on Hash DRBG if FIPS is on 3748 if test "x$ENABLED_FIPS" = "xyes" 3749 then 3750 AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG" 3751 ENABLED_HASHDRBG=yes 3752 else 3753 AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG" 3754 fi 3755fi 3756 3757 3758# Filesystem Build 3759if test "$ENABLED_LINUXKM" = "yes" 3760then 3761 ENABLED_FILESYSTEM_DEFAULT=no 3762else 3763 ENABLED_FILESYSTEM_DEFAULT=yes 3764fi 3765AC_ARG_ENABLE([filesystem], 3766 [AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])], 3767 [ ENABLED_FILESYSTEM=$enableval ], 3768 [ ENABLED_FILESYSTEM=$ENABLED_FILESYSTEM_DEFAULT ] 3769 ) 3770 3771if test "$ENABLED_FILESYSTEM" = "no" 3772then 3773 AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" 3774else 3775 # turn off filesystem if leanpsk on 3776 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LINUXKM" = "yes" 3777 then 3778 AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" 3779 ENABLED_FILESYSTEM=no 3780 fi 3781fi 3782 3783 3784# inline Build 3785AC_ARG_ENABLE([inline], 3786 [AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])], 3787 [ ENABLED_INLINE=$enableval ], 3788 [ ENABLED_INLINE=yes ] 3789 ) 3790 3791if test "$ENABLED_INLINE" = "no" 3792then 3793 AM_CFLAGS="$AM_CFLAGS -DNO_INLINE" 3794fi 3795 3796 3797# OCSP 3798if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" 3799then 3800 test "$enable_ocsp" = "" && enable_ocsp=yes 3801fi 3802 3803AC_ARG_ENABLE([ocsp], 3804 [AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])], 3805 [ ENABLED_OCSP=$enableval ], 3806 [ ENABLED_OCSP=no ] 3807 ) 3808if test "$ENABLED_OCSP" = "yes" 3809then 3810 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 3811fi 3812 3813 3814if test "$ENABLED_OCSP" = "yes" 3815then 3816 # check openssl command tool for testing ocsp 3817 AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) 3818 3819 if test "$HAVE_OPENSSL_CMD" = "yes" 3820 then 3821 AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" 3822 else 3823 AC_MSG_WARN([openssl command line tool not available for testing ocsp]) 3824 fi 3825fi 3826 3827 3828# Certificate Status Request : a.k.a. OCSP Stapling 3829AC_ARG_ENABLE([ocspstapling], 3830 [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])], 3831 [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ], 3832 [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] 3833 ) 3834 3835if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" 3836then 3837 ENABLED_CERTIFICATE_STATUS_REQUEST="yes" 3838fi 3839 3840if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" 3841then 3842 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST" 3843 3844 # Requires OCSP make sure on 3845 if test "x$ENABLED_OCSP" = "xno" 3846 then 3847 ENABLED_OCSP="yes" 3848 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 3849 fi 3850fi 3851 3852 3853# Certificate Status Request v2 : a.k.a. OCSP stapling v2 3854AC_ARG_ENABLE([ocspstapling2], 3855 [AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])], 3856 [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ], 3857 [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ] 3858 ) 3859 3860if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" 3861then 3862 ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes 3863fi 3864 3865if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes" 3866then 3867 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2" 3868 3869 # Requires OCSP make sure on 3870 if test "x$ENABLED_OCSP" = "xno" 3871 then 3872 ENABLED_OCSP="yes" 3873 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 3874 fi 3875fi 3876 3877 3878# CRL 3879AC_ARG_ENABLE([crl], 3880 [AS_HELP_STRING([--enable-crl],[Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)])], 3881 [ ENABLED_CRL=$enableval ], 3882 [ ENABLED_CRL=no ], 3883 ) 3884 3885if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \ 3886 test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \ 3887 test "x$ENABLED_KRB" = "xyes" 3888then 3889 ENABLED_CRL=yes 3890fi 3891 3892if test "$ENABLED_CRL" != "no" 3893then 3894 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" 3895fi 3896if test "$ENABLED_CRL" = "io" 3897then 3898 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO" 3899fi 3900 3901 3902# CRL Monitor 3903AC_ARG_ENABLE([crl-monitor], 3904 [AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])], 3905 [ ENABLED_CRL_MONITOR=$enableval ], 3906 [ ENABLED_CRL_MONITOR=no ], 3907 ) 3908 3909if test "$ENABLED_CRL_MONITOR" = "yes" 3910then 3911 case $host_os in 3912 *linux* | *darwin* | *freebsd*) 3913 if test "x$ENABLED_SINGLETHREADED" = "xno"; then 3914 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" 3915 else 3916 ENABLED_CRL_MONITOR="no" 3917 AC_MSG_ERROR([crl monitor requires threading / pthread]) 3918 fi 3919 ;; 3920 *) 3921 if test "x$ENABLED_DISTRO" = "xyes" ; then 3922 ENABLED_CRL_MONITOR="no" 3923 else 3924 AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd]) 3925 fi 3926 break;; 3927 esac 3928fi 3929 3930 3931# USER CRYPTO 3932ENABLED_USER_CRYPTO="no" 3933ENABLED_USER_RSA="no" 3934AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined]) 3935trycryptodir="" 3936AC_ARG_WITH([user-crypto], 3937 [AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])], 3938 [ 3939 CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO" 3940 LIBS="$LIBS -lusercrypto" 3941 3942 if test "x$withval" != "xno" ; then 3943 trycryptodir=$withval 3944 fi 3945 if test "x$withval" = "xyes" ; then 3946 trycryptodir="/usr/local" 3947 fi 3948 3949 LDFLAGS="$LDFLAGS -L$trycryptodir/lib" 3950 CPPFLAGS="$CPPFLAGS -I$trycryptodir/include" 3951 3952 #Look for RSA Init function in usercrypto lib 3953 AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no]) 3954 3955 if test "x$user_rsa_linked" = "xyes" ; then 3956 AC_MSG_NOTICE([User user_rsa.h being used]) 3957 AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA" 3958 ENABLED_USER_RSA=yes 3959 ENABLED_USER_CRYPTO=yes 3960 fi 3961 3962 3963 #Display check and find result of link attempts 3964 AC_MSG_CHECKING([for USER_CRYPTO]) 3965 if test "x$ENABLED_USER_CRYPTO" = "xno" ; then 3966 AC_MSG_RESULT([no]) 3967 AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or 3968 Specify its path using --with-user-crypto=/dir/]) 3969 else 3970 AC_MSG_RESULT([yes]) 3971 # Check if .la is available if not then rely on exported path 3972 if test -e $trycryptodir/lib/libusercrypto.la 3973 then 3974 LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD" 3975 else 3976 LIB_ADD="-lusercrypto $LIB_ADD" 3977 fi 3978 AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib" 3979 AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO" 3980 fi 3981 ] 3982) 3983 3984if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes" 3985then 3986 AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.]) 3987fi 3988 3989# liboqs 3990ENABLED_LIBOQS="no" 3991tryliboqsdir="" 3992AC_ARG_WITH([liboqs], 3993 [AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) EXPERIMENTAL!])], 3994 [ 3995 AC_MSG_CHECKING([for liboqs]) 3996 CPPFLAGS="$CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS" 3997 LIBS="$LIBS -loqs" 3998 3999 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ]) 4000 4001 if test "x$liboqs_linked" = "xno" ; then 4002 if test "x$withval" != "xno" ; then 4003 tryliboqsdir=$withval 4004 fi 4005 if test "x$withval" = "xyes" ; then 4006 tryliboqsdir="/usr/local" 4007 fi 4008 4009 LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib" 4010 CPPFLAGS="$CPPFLAGS -I$tryliboqsdir/include" 4011 4012 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ]) 4013 4014 if test "x$liboqs_linked" = "xno" ; then 4015 AC_MSG_ERROR([liboqs isn't found. 4016 If it's already installed, specify its path using --with-liboqs=/dir/]) 4017 fi 4018 AC_MSG_RESULT([yes]) 4019 AM_LDFLAGS="$AM_LDFLAGS -L$tryliboqsdir/lib" 4020 else 4021 AC_MSG_RESULT([yes]) 4022 fi 4023 4024 if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 4025 then 4026 ENABLED_OPENSSLEXTRA="yes" 4027 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 4028 fi 4029 4030 AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS" 4031 ENABLED_LIBOQS="yes" 4032 ] 4033) 4034 4035# Whitewood netRandom client library 4036ENABLED_WNR="no" 4037trywnrdir="" 4038AC_ARG_WITH([wnr], 4039 [AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])], 4040 [ 4041 AC_MSG_CHECKING([for Whitewood netRandom]) 4042 CPPFLAGS="$CPPFLAGS -DHAVE_WNR" 4043 LIBS="$LIBS -lwnr" 4044 4045 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ]) 4046 4047 if test "x$wnr_linked" = "xno" ; then 4048 if test "x$withval" != "xno" ; then 4049 trywnrdir=$withval 4050 fi 4051 if test "x$withval" = "xyes" ; then 4052 trywnrdir="/usr/local" 4053 fi 4054 4055 LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib" 4056 CPPFLAGS="$CPPFLAGS -I$trywnrdir/include" 4057 4058 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ]) 4059 4060 if test "x$wnr_linked" = "xno" ; then 4061 AC_MSG_ERROR([Whitewood netRandom isn't found. 4062 If it's already installed, specify its path using --with-wnr=/dir/]) 4063 fi 4064 AC_MSG_RESULT([yes]) 4065 AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib" 4066 else 4067 AC_MSG_RESULT([yes]) 4068 fi 4069 4070 AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR" 4071 ENABLED_WNR="yes" 4072 ] 4073) 4074 4075 4076# SNI 4077AC_ARG_ENABLE([sni], 4078 [AS_HELP_STRING([--enable-sni],[Enable SNI (default: disabled)])], 4079 [ ENABLED_SNI=$enableval ], 4080 [ ENABLED_SNI=no ] 4081 ) 4082if test "x$ENABLED_QT" = "xyes" 4083then 4084 ENABLED_SNI="yes" 4085fi 4086 4087if test "x$ENABLED_SNI" = "xyes" 4088then 4089 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI" 4090fi 4091 4092# Maximum Fragment Length 4093AC_ARG_ENABLE([maxfragment], 4094 [AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])], 4095 [ ENABLED_MAX_FRAGMENT=$enableval ], 4096 [ ENABLED_MAX_FRAGMENT=no ] 4097 ) 4098 4099# ALPN 4100AC_ARG_ENABLE([alpn], 4101 [AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])], 4102 [ ENABLED_ALPN=$enableval ], 4103 [ ENABLED_ALPN=no ] 4104 ) 4105 4106if test "x$ENABLED_ALPN" = "xyes" 4107then 4108 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN" 4109fi 4110 4111# Maximum Fragment Length 4112if test "x$ENABLED_MAX_FRAGMENT" = "xyes" 4113then 4114 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT" 4115fi 4116 4117# Trusted CA Indication Extension 4118AC_ARG_ENABLE([trustedca], 4119 [AS_HELP_STRING([--enable-trustedca],[Enable Trusted CA Indication (default: disabled)])], 4120 [ ENABLED_TRUSTED_CA=$enableval ],[ ENABLED_TRUSTED_CA=no ]) 4121 4122AS_IF([test "x$ENABLED_TRUSTED_CA" = "xyes"], 4123 [AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUSTED_CA"]) 4124 4125# Truncated HMAC 4126AC_ARG_ENABLE([truncatedhmac], 4127 [AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])], 4128 [ ENABLED_TRUNCATED_HMAC=$enableval ], 4129 [ ENABLED_TRUNCATED_HMAC=no ] 4130 ) 4131 4132if test "x$ENABLED_TRUNCATED_HMAC" = "xyes" 4133then 4134 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC" 4135fi 4136 4137# Renegotiation Indication - (FAKE Secure Renegotiation) 4138AC_ARG_ENABLE([renegotiation-indication], 4139 [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])], 4140 [ ENABLED_RENEGOTIATION_INDICATION=$enableval ], 4141 [ ENABLED_RENEGOTIATION_INDICATION=no ] 4142 ) 4143 4144if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes" 4145then 4146 AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION" 4147fi 4148 4149# Secure Renegotiation 4150AC_ARG_ENABLE([secure-renegotiation], 4151 [AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])], 4152 [ ENABLED_SECURE_RENEGOTIATION=$enableval ], 4153 [ ENABLED_SECURE_RENEGOTIATION=no ] 4154 ) 4155 4156if test "x$ENABLED_HAPROXY" = "xyes" 4157then 4158 ENABLED_SECURE_RENEGOTIATION=yes 4159fi 4160 4161if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes" 4162then 4163 if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes" 4164 then 4165 AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.]) 4166 fi 4167 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO" 4168fi 4169 4170# Fallback SCSV 4171AC_ARG_ENABLE([fallback-scsv], 4172 [AS_HELP_STRING([--enable-fallback-scsv],[Enable Fallback SCSV (default: disabled)])], 4173 [ ENABLED_FALLBACK_SCSV=$enableval ], 4174 [ ENABLED_FALLBACK_SCSV=no ] 4175 ) 4176 4177if test "x$ENABLED_FALLBACK_SCSV" = "xyes" 4178then 4179 AM_CFLAGS="$AM_CFLAGS -DHAVE_FALLBACK_SCSV" 4180fi 4181 4182# Exporting Keying Material 4183AC_ARG_ENABLE([keying-material], 4184 [AS_HELP_STRING([--enable-keying-material],[Enable Keying Material Exporters (default: disabled)])], 4185 [ ENABLED_KEYING_MATERIAL=$enableval ], 4186 [ ENABLED_KEYING_MATERIAL=no ] 4187 ) 4188 4189if test "x$ENABLED_KEYING_MATERIAL" = "xyes" 4190then 4191 AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL" 4192fi 4193 4194# Supported Elliptic Curves Extensions 4195AC_ARG_ENABLE([supportedcurves], 4196 [AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])], 4197 [ENABLED_SUPPORTED_CURVES=$enableval], 4198 [ENABLED_SUPPORTED_CURVES=yes]) 4199 4200if test "x$ENABLED_SUPPORTED_CURVES" = "xyes" 4201then 4202 AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno"], 4203 [ENABLED_SUPPORTED_CURVES=no], 4204 [AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"]) 4205fi 4206 4207# Diffie-Hellman 4208if test "$ENABLED_DH" = "yes" 4209then 4210 if test "$ENABLED_TLS13" = "yes" || test "$ENABLED_SUPPORTED_CURVES" = "yes" 4211 then 4212 AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048" 4213 fi 4214fi 4215 4216# FFDHE parameters only 4217AC_ARG_ENABLE([ffdhe-only], 4218 [AS_HELP_STRING([--enable-ffdhe-only],[Enable using only FFDHE in client (default: disabled)])], 4219 [ ENABLED_FFDHE_ONLY=$enableval ], 4220 [ ENABLED_FFDHE_ONLY=no ] 4221 ) 4222 4223if test "x$ENABLED_FFDHE_ONLY" = "xyes" 4224then 4225 if test "$ENABLED_DH" = "no" 4226 then 4227 AC_MSG_ERROR([FFDHE only support requires DH support]) 4228 fi 4229 if test "$ENABLED_SUPPORTED_CURVES" = "no" 4230 then 4231 AC_MSG_ERROR([FFDHE only support requires Supported Curves extension]) 4232 fi 4233 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE" 4234fi 4235 4236# TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448 or libOQS 4237if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ECC" = "xno" && \ 4238 (test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \ 4239 (test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \ 4240 (test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno") && \ 4241 test "x$ENABLED_LIBOQS" = "xno" 4242then 4243 # disable TLS 1.3 4244 ENABLED_TLS13=no 4245fi 4246if test "$ENABLED_TLS13" = "yes" && (test "x$ENABLED_ECC" = "xyes" || \ 4247 test "x$ENABLED_DH" = "xyes") 4248then 4249 AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES" 4250fi 4251if test "$ENABLED_TLS13" = "yes" 4252then 4253 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS" 4254fi 4255 4256 4257# Session Ticket Extension 4258AC_ARG_ENABLE([session-ticket], 4259 [AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])], 4260 [ ENABLED_SESSION_TICKET=$enableval ], 4261 [ ENABLED_SESSION_TICKET=no ] 4262 ) 4263 4264if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" 4265then 4266 ENABLED_SESSION_TICKET=yes 4267fi 4268 4269if test "x$ENABLED_SESSION_TICKET" = "xyes" 4270then 4271 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET" 4272fi 4273 4274# Extended Master Secret Extension 4275AC_ARG_ENABLE([extended-master], 4276 [AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])], 4277 [ ENABLED_EXTENDED_MASTER=$enableval ], 4278 [ ENABLED_EXTENDED_MASTER=yes ] 4279 ) 4280 4281if test "x$ENABLED_EXTENDED_MASTER" = "xyes" 4282then 4283 AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER" 4284fi 4285 4286# TLS Extensions 4287AC_ARG_ENABLE([tlsx], 4288 [AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])], 4289 [ ENABLED_TLSX=$enableval ], 4290 [ ENABLED_TLSX=no ] 4291 ) 4292 4293if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" 4294then 4295 ENABLED_TLSX=yes 4296fi 4297 4298if test "x$ENABLED_TLSX" = "xyes" 4299then 4300 ENABLED_SNI=yes 4301 ENABLED_MAX_FRAGMENT=yes 4302 ENABLED_TRUNCATED_HMAC=yes 4303 ENABLED_ALPN=yes 4304 ENABLED_TRUSTED_CA=yes 4305 ENABLED_ENCRYPT_THEN_MAC=yes 4306 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA" 4307 # Check the ECC supported curves prereq 4308 AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"], 4309 [ENABLED_SUPPORTED_CURVES=yes 4310 AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) 4311fi 4312 4313# Early Data handshake in TLS v1.3 and above 4314AC_ARG_ENABLE([earlydata], 4315 [AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])], 4316 [ ENABLED_TLS13_EARLY_DATA=$enableval ], 4317 [ ENABLED_TLS13_EARLY_DATA=no ] 4318 ) 4319 4320if test "$ENABLED_TLS13_EARLY_DATA" = "group" 4321then 4322 ENABLED_TLS13_EARLY_DATA="yes" 4323 # Group EarlyData with ClientHello 4324 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA_GROUP" 4325fi 4326if test "$ENABLED_TLS13_EARLY_DATA" = "yes" 4327then 4328 if test "x$ENABLED_TLS13" = "xno" 4329 then 4330 AC_MSG_ERROR([cannot enable earlydata without enabling tls13.]) 4331 fi 4332 if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno" 4333 then 4334 AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.]) 4335 fi 4336 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA" 4337fi 4338 4339if test "$ENABLED_TLSV12" = "no" && test "$ENABLED_TLS13" = "yes" && test "x$ENABLED_SESSION_TICKET" = "xno" 4340then 4341 AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE" 4342fi 4343 4344 4345# PKCS7 4346AC_ARG_ENABLE([pkcs7], 4347 [AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])], 4348 [ ENABLED_PKCS7=$enableval ], 4349 [ ENABLED_PKCS7=no ] 4350 ) 4351 4352# wolfSSH Options 4353AC_ARG_ENABLE([ssh], 4354 [AS_HELP_STRING([--enable-ssh],[Enable wolfSSH options (default: disabled)])], 4355 [ ENABLED_WOLFSSH=$enableval ], 4356 [ ENABLED_WOLFSSH=no ] 4357 ) 4358 4359# wolfTPM Options 4360AC_ARG_ENABLE([wolftpm], 4361 [AS_HELP_STRING([--enable-wolftpm],[Enable wolfTPM options (default: disabled)])], 4362 [ ENABLED_WOLFTPM=$enableval ], 4363 [ ENABLED_WOLFTPM=no ] 4364 ) 4365 4366# wolfCLU Options 4367AC_ARG_ENABLE([wolfclu], 4368 [AS_HELP_STRING([--enable-wolfclu],[Enable wolfCLU options (default: disabled)])], 4369 [ ENABLED_WOLFCLU=$enableval ], 4370 [ ENABLED_WOLFCLU=no ] 4371 ) 4372 4373 4374if test "x$ENABLED_WOLFTPM" = "xyes" 4375then 4376 # Requires cryptocb (set in its enable section) 4377 # Requires certgen, certreq, certext 4378 if test "x$ENABLED_CERTGEN" = "xno" 4379 then 4380 ENABLED_CERTGEN="yes" 4381 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 4382 fi 4383 if test "x$ENABLED_CERTREQ" = "xno" 4384 then 4385 ENABLED_CERTREQ="yes" 4386 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" 4387 fi 4388 if test "x$ENABLED_CERTEXT" = "xno" 4389 then 4390 ENABLED_CERTEXT="yes" 4391 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" 4392 fi 4393 4394 # Requires PKCS7 4395 if test "x$ENABLED_PKCS7" = "xno" 4396 then 4397 ENABLED_PKCS7="yes" 4398 fi 4399 4400 # Requires aescfb 4401 if test "x$ENABLED_AESCFB" = "xno" 4402 then 4403 ENABLED_AESCFB="yes" 4404 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB" 4405 fi 4406fi 4407 4408if test "x$ENABLED_SMIME" = "xyes" 4409then 4410 AM_CFLAGS="$AM_CFLAGS -DHAVE_SMIME" 4411 # Requires PKCS7 4412 if test "x$ENABLED_PKCS7" = "xno" 4413 then 4414 ENABLED_PKCS7="yes" 4415 fi 4416fi 4417 4418# Simple Certificate Enrollment Protocol (SCEP) 4419AC_ARG_ENABLE([scep], 4420 [AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])], 4421 [ ENABLED_WOLFSCEP=$enableval ], 4422 [ ENABLED_WOLFSCEP=no ] 4423 ) 4424 4425 4426# Secure Remote Password 4427AC_ARG_ENABLE([srp], 4428 [AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])], 4429 [ ENABLED_SRP=$enableval ], 4430 [ ENABLED_SRP=no ] 4431 ) 4432 4433if test "x$ENABLED_SRP" = "xyes" 4434then 4435 AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP" 4436fi 4437 4438 4439# Indefinite length encoded BER message support 4440AC_ARG_ENABLE([indef], 4441 [AS_HELP_STRING([--enable-indef],[Enable parsing of indefinite length encoded msgs (default: disabled)])], 4442 [ ENABLED_BER_INDEF=$enableval ], 4443 [ ENABLED_BER_INDEF=no ] 4444 ) 4445 4446if test "x$ENABLED_BER_INDEF" = "xyes" 4447then 4448 AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER" 4449fi 4450 4451# Alternate certification chains, as oppossed to requiring full chain validataion. 4452# Certificate validation behavior is relaxed, similar to openssl and 4453# browsers. Only the peer certificate must validate to a trusted 4454# certificate. Without this, all certificates sent by a peer must be 4455# used in the trust chain or the connection will be rejected. 4456AC_ARG_ENABLE([altcertchains], 4457 [AS_HELP_STRING([--enable-altcertchains],[Enable using alternative certificate chains, only require leaf certificate to validate to trust root (default: disabled)])], 4458 [ ENABLED_ALT_CERT_CHAINS=$enableval ], 4459 [ ENABLED_ALT_CERT_CHAINS=no ] 4460 ) 4461 4462if test "x$ENABLED_ALT_CERT_CHAINS" = "xyes" 4463then 4464 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS" 4465fi 4466 4467# Small Stack - Cache on object 4468AC_ARG_ENABLE([smallstackcache], 4469 [AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])], 4470 [ ENABLED_SMALL_STACK_CACHE=$enableval ], 4471 [ ENABLED_SMALL_STACK_CACHE=no ] 4472 ) 4473 4474if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes" 4475then 4476 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK_CACHE" 4477fi 4478 4479# Small Stack 4480if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" 4481then 4482 ENABLED_SMALL_STACK_DEFAULT=yes 4483else 4484 ENABLED_SMALL_STACK_DEFAULT=no 4485fi 4486AC_ARG_ENABLE([smallstack], 4487 [AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])], 4488 [ ENABLED_SMALL_STACK=$enableval ], 4489 [ ENABLED_SMALL_STACK=$ENABLED_SMALL_STACK_DEFAULT ] 4490 ) 4491 4492if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes" 4493then 4494 ENABLED_SMALL_STACK=yes 4495fi 4496if test "x$ENABLED_SMALL_STACK" = "xyes" 4497then 4498 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK" 4499fi 4500 4501 4502#valgrind 4503AC_ARG_ENABLE([valgrind], 4504 [AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])], 4505 [ ENABLED_VALGRIND=$enableval ], 4506 [ ENABLED_VALGRIND=no ] 4507 ) 4508 4509if test "$ENABLED_VALGRIND" = "yes" 4510then 4511 AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no]) 4512 4513 if test "$HAVE_VALGRIND" = "no" 4514 then 4515 AC_MSG_ERROR([Valgrind not found.]) 4516 fi 4517 enable_shared=no 4518 enable_static=yes 4519 AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND" 4520fi 4521 4522 4523# Test certs, use internal cert functions for extra testing 4524AC_ARG_ENABLE([testcert], 4525 [AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])], 4526 [ ENABLED_TESTCERT=$enableval ], 4527 [ ENABLED_TESTCERT=no ] 4528 ) 4529 4530if test "$ENABLED_TESTCERT" = "yes" 4531then 4532 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT" 4533fi 4534 4535 4536# I/O Pool, an example to show user how to override memory handler and use 4537# a pool for the input/output buffer requests 4538AC_ARG_ENABLE([iopool], 4539 [AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])], 4540 [ ENABLED_IOPOOL=$enableval ], 4541 [ ENABLED_IOPOOL=no ] 4542 ) 4543 4544if test "$ENABLED_IOPOOL" = "yes" 4545then 4546 if test "$thread_ls_on" = "no" 4547 then 4548 AC_MSG_ERROR([I/O Pool example requires Thread Local Storage]) 4549 fi 4550 AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER" 4551fi 4552 4553 4554# Certificate Service Support 4555AC_ARG_ENABLE([certservice], 4556 [AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])], 4557 [ ENABLED_CERT_SERVICE=$enableval ], 4558 [ ENABLED_CERT_SERVICE=no ] 4559 ) 4560if test "$ENABLED_CERT_SERVICE" = "yes" 4561then 4562 # Requires ecc,certgen, and opensslextra make sure on 4563 if test "x$ENABLED_CERTGEN" = "xno" 4564 then 4565 ENABLED_CERTGEN="yes" 4566 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 4567 fi 4568 if test "x$ENABLED_ECC" = "xno" 4569 then 4570 ENABLED_ECC="yes" 4571 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" 4572 4573 if test "$ENABLED_ECC_SHAMIR" = "yes" 4574 then 4575 AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" 4576 fi 4577 fi 4578 if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 4579 then 4580 ENABLED_OPENSSLEXTRA="yes" 4581 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 4582 fi 4583 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE" 4584fi 4585 4586 4587# wolfSSL JNI 4588AC_ARG_ENABLE([jni], 4589 [AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])], 4590 [ ENABLED_JNI=$enableval ], 4591 [ ENABLED_JNI=no ] 4592 ) 4593if test "$ENABLED_JNI" = "yes" 4594then 4595 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI -DHAVE_EX_DATA" 4596 4597 # Enable prereqs if not already enabled 4598 if test "x$ENABLED_DTLS" = "xno" 4599 then 4600 ENABLED_DTLS="yes" 4601 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS" 4602 fi 4603 if test "x$ENABLED_OPENSSLEXTRA" = "xno" 4604 then 4605 ENABLED_OPENSSLEXTRA="yes" 4606 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 4607 fi 4608 if test "x$ENABLED_OPENSSLALL" = "xno" 4609 then 4610 ENABLED_OPENSSLALL="yes" 4611 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL" 4612 fi 4613 if test "x$ENABLED_CRL" = "xno" 4614 then 4615 ENABLED_CRL="yes" 4616 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" 4617 fi 4618 if test "x$ENABLED_OCSP" = "xno" 4619 then 4620 ENABLED_OCSP="yes" 4621 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 4622 fi 4623 if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno" 4624 then 4625 ENABLED_CRL_MONITOR="yes" 4626 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" 4627 fi 4628 if test "x$ENABLED_SAVESESSION" = "xno" 4629 then 4630 ENABLED_SAVESESSION="yes" 4631 AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE" 4632 fi 4633 if test "x$ENABLED_SAVECERT" = "xno" 4634 then 4635 ENABLED_SAVECERT="yes" 4636 AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE" 4637 fi 4638 if test "x$ENABLED_ATOMICUSER" = "xno" 4639 then 4640 ENABLED_ATOMICUSER="yes" 4641 AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER" 4642 fi 4643 if test "x$ENABLED_ECC" = "xno" 4644 then 4645 ENABLED_ECC="yes" 4646 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" 4647 4648 if test "$ENABLED_ECC_SHAMIR" = "yes" 4649 then 4650 AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" 4651 fi 4652 fi 4653 if test "x$ENABLED_PKCALLBACKS" = "xno" 4654 then 4655 ENABLED_PKCALLBACKS="yes" 4656 AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS" 4657 fi 4658 if test "x$ENABLED_DH" = "xno" 4659 then 4660 ENABLED_DH="yes" 4661 AM_CFLAGS="$AM_CFLAGS -DHAVE_DH" 4662 fi 4663 if test "x$ENABLED_PSK" = "xno" 4664 then 4665 ENABLED_PSK="yes" 4666 fi 4667 if test "x$ENABLED_CERTEXT" = "xno" 4668 then 4669 ENABLED_CERTEXT="yes" 4670 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" 4671 fi 4672 if test "x$ENABLED_CERTGEN" = "xno" 4673 then 4674 ENABLED_CERTGEN="yes" 4675 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 4676 fi 4677 if test "x$ENABLED_SNI" = "xno" 4678 then 4679 ENABLED_SNI="yes" 4680 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI" 4681 fi 4682 if test "x$ENABLED_ALPN" = "xno" 4683 then 4684 ENABLED_ALPN="yes" 4685 AM_CFLAGS="$AM_CFLAGS -DHAVE_ALPN" 4686 fi 4687fi 4688 4689if test "$ENABLED_LIGHTY" = "yes" 4690then 4691 # Requires opensslextra make sure on 4692 if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 4693 then 4694 ENABLED_OPENSSLEXTRA="yes" 4695 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 4696 fi 4697 AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" 4698 AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" 4699 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL" 4700 # recommended if building wolfSSL specifically for use by lighttpd 4701 if test "x$ENABLED_ALL" = "xno"; then 4702 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_COMP" 4703 if test "x$ENABLED_SSLV3" = "xno"; then 4704 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3" 4705 if test "x$ENABLED_TLSV10" = "xno"; then 4706 AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" 4707 ENABLED_OLD_TLS=no 4708 fi 4709 fi 4710 if test "x$ENABLED_CRL_MONITOR" = "xno"; then 4711 AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" 4712 ENABLED_SINGLETHREADED="yes" 4713 fi 4714 4715 # w/ lighttpd 1.4.56 once wolfSSL updated to expose non-filesystem funcs 4716 #AM_CFLAGS="$AM_CFLAGS -DNO_BIO" 4717 #AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM" 4718 #ENABLED_FILESYSTEM=no 4719 fi 4720fi 4721 4722if test "$ENABLED_NGINX" = "yes" 4723then 4724 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX -DWOLFSSL_SIGNER_DER_CERT" 4725fi 4726 4727if test "$ENABLED_HAPROXY" = "yes" 4728then 4729 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY -DOPENSSL_COMPATIBLE_DEFAULTS" 4730 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT" 4731 # --enable-all defines its own DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS 4732 if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" 4733 then 4734 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192 4735 fi 4736 # Requires opensslextra and opensslall 4737 if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 4738 then 4739 ENABLED_OPENSSLALL="yes" 4740 ENABLED_OPENSSLEXTRA="yes" 4741 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" 4742 fi 4743 4744 if test "x$ENABLED_CERTGEN" = "xno" 4745 then 4746 ENABLED_CERTGEN="yes" 4747 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 4748 fi 4749 4750 if test "x$ENABLED_CERTREQ" = "xno" 4751 then 4752 ENABLED_CERTREQ="yes" 4753 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" 4754 fi 4755 4756 # Requires sessioncerts make sure on 4757 if test "x$ENABLED_SESSIONCERTS" = "xno" 4758 then 4759 ENABLED_SESSIONCERTS="yes" 4760 AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" 4761 fi 4762 4763fi 4764 4765if test "$ENABLED_NETSNMP" = "yes" 4766then 4767 AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" 4768 4769 if test "x$ENABLED_AESCFB" = "xno" 4770 then 4771 ENABLED_AESCFB="yes" 4772 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB" 4773 fi 4774 4775 if test "x$ENABLED_DTLS" = "xno" 4776 then 4777 ENABLED_DTLS="yes" 4778 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS" 4779 fi 4780fi 4781 4782if test "$ENABLED_KRB" = "yes" 4783then 4784 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KRB -DWOLFSSL_AES_DIRECT -DWOLFSSL_DES_ECB" 4785 AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" 4786 4787 # Requires PKCS7 4788 if test "x$ENABLED_PKCS7" = "xno" 4789 then 4790 ENABLED_PKCS7="yes" 4791 fi 4792fi 4793 4794if test "$ENABLED_SIGNAL" = "yes" 4795then 4796 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT" 4797 # Requires opensslextra make sure on 4798 if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 4799 then 4800 ENABLED_OPENSSLEXTRA="yes" 4801 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 4802 fi 4803fi 4804 4805if test "$ENABLED_BIND" = "yes" 4806then 4807 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS" 4808 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB" 4809 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512" 4810 ENABLED_SHA224="yes" 4811 ENABLED_SHA384="yes" 4812 ENABLED_SHA512="yes" 4813fi 4814 4815if test "$ENABLED_RSYSLOG" = "yes" 4816then 4817 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSYSLOG -DWOLFSSL_ERROR_CODE_OPENSSL" 4818 AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DOPENSSL_COMPATIBLE_DEFAULTS" 4819fi 4820 4821if test "$ENABLED_OPENVPN" = "yes" 4822then 4823 ENABLED_SUPPORTED_CURVES="yes" 4824 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENVPN -DHAVE_KEYING_MATERIAL" 4825 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN" 4826fi 4827 4828 4829if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" 4830then 4831 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" 4832 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" 4833 AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT" 4834 AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" 4835 4836 ENABLED_CERTGEN="yes" 4837 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 4838fi 4839 4840if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" 4841then 4842 test "$enable_arc4" = "" && enable_arc4=yes 4843fi 4844 4845if test "$ENABLED_ARC4" = "no" 4846then 4847 AM_CFLAGS="$AM_CFLAGS -DNO_RC4" 4848else 4849 # turn off ARC4 if leanpsk or leantls on 4850 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 4851 then 4852 AM_CFLAGS="$AM_CFLAGS -DNO_RC4" 4853 ENABLED_ARC4=no 4854 fi 4855fi 4856 4857# Asio Support 4858AC_ARG_ENABLE([asio], 4859 [AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])], 4860 [ ENABLED_ASIO=$enableval ], 4861 [ ENABLED_ASIO=no ] 4862 ) 4863if test "$ENABLED_ASIO" = "yes" 4864then 4865 # Requires opensslextra and opensslall 4866 if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 4867 then 4868 ENABLED_OPENSSLALL="yes" 4869 ENABLED_OPENSSLEXTRA="yes" 4870 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" 4871 fi 4872 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN" 4873 AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA" 4874 AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2 -DSSL_TXT_TLSV1_1" 4875 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3" 4876 if test "$ENABLED_TLSV10" = "yes" 4877 then 4878 AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1" 4879 fi 4880 4881 # Requires OCSP make sure on 4882 if test "x$ENABLED_OCSP" = "xno" 4883 then 4884 ENABLED_OCSP="yes" 4885 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 4886 fi 4887fi 4888 4889# Apache HTTPD 4890AC_ARG_ENABLE([apachehttpd], 4891 [AS_HELP_STRING([--enable-apachehttpd],[Enable Apache httpd (default: disabled)])], 4892 [ ENABLED_APACHE_HTTPD=$enableval ], 4893 [ ENABLED_APACHE_HTTPD=no ] 4894 ) 4895if test "$ENABLED_APACHE_HTTPD" = "yes" 4896then 4897 # Requires opensslextra and opensslall 4898 if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 4899 then 4900 ENABLED_OPENSSLALL="yes" 4901 ENABLED_OPENSSLEXTRA="yes" 4902 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" 4903 fi 4904 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APACHE_HTTPD" 4905 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" 4906 AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT" 4907 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN" 4908 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI" 4909 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS" 4910 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK" 4911 4912 # Requires OCSP make sure on 4913 if test "x$ENABLED_OCSP" = "xno" 4914 then 4915 ENABLED_OCSP="yes" 4916 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 4917 fi 4918 4919 # Requires sessioncerts make sure on 4920 if test "x$ENABLED_SESSIONCERTS" = "xno" 4921 then 4922 ENABLED_SESSIONCERTS="yes" 4923 AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" 4924 fi 4925 4926 # Requires ALPN 4927 if test "x$ENABLED_ALPN" = "xno" 4928 then 4929 ENABLED_ALPN="yes" 4930 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN" 4931 fi 4932 4933 # Requires CRL 4934 if test "x$ENABLED_CRL" = "xno" 4935 then 4936 ENABLED_CRL="yes" 4937 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" 4938 fi 4939 4940 # Requires Certificate Generation, Request and Extensions 4941 if test "x$ENABLED_CERTGEN" = "xno" 4942 then 4943 ENABLED_CERTGEN="yes" 4944 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 4945 fi 4946 if test "x$ENABLED_CERTREQ" = "xno" 4947 then 4948 ENABLED_CERTREQ="yes" 4949 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" 4950 fi 4951 if test "x$ENABLED_CERTEXT" = "xno" 4952 then 4953 ENABLED_CERTEXT="yes" 4954 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" 4955 fi 4956 4957 # Requires Secure Renegotiation 4958 if test "x$ENABLED_SECURE_RENEGOTIATION" = "xno" 4959 then 4960 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO" 4961 fi 4962fi 4963 4964# Encrypt-Then-Mac 4965AC_ARG_ENABLE([enc-then-mac], 4966 [AS_HELP_STRING([--enable-enc-then-mac],[Enable Encryptr-Then-Mac extension (default: enabled)])], 4967 [ ENABLED_ENCRYPT_THEN_MAC=$enableval ], 4968 [ ENABLED_ENCRYPT_THEN_MAC=yes ] 4969 ) 4970 4971if test "x$ENABLED_APACHE_HTTPD" = "xyes" 4972then 4973 ENABLED_ENCRYPT_THEN_MAC=no 4974fi 4975 4976if test "x$ENABLED_TLSX" = "xyes" 4977then 4978 ENABLED_ENCRYPT_THEN_MAC=yes 4979fi 4980 4981AS_IF([test "x$ENABLED_SNIFFER" = "xyes"],[ENABLED_ENCRYPT_THEN_MAC="no"]) 4982 4983if test "x$ENABLED_ENCRYPT_THEN_MAC" = "xyes" 4984then 4985 AM_CFLAGS="$AM_CFLAGS -DHAVE_ENCRYPT_THEN_MAC" 4986fi 4987 4988 4989# stunnel Support 4990AC_ARG_ENABLE([stunnel], 4991 [AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])], 4992 [ ENABLED_STUNNEL=$enableval ], 4993 [ ENABLED_STUNNEL=no ] 4994 ) 4995if test "$ENABLED_WPAS" = "yes" 4996then 4997 ENABLED_STUNNEL="yes" 4998fi 4999# stunnel support requires all the features enabled within this conditional. 5000if test "$ENABLED_STUNNEL" = "yes" 5001then 5002 if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 5003 then 5004 ENABLED_OPENSSLEXTRA="yes" 5005 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 5006 fi 5007 5008 if test "x$ENABLED_SESSION_TICKET" = "xno" 5009 then 5010 ENABLED_SESSION_TICKET="yes" 5011 AM_CFLAGS="$AM_CFLAGS -DHAVE_SESSION_TICKET" 5012 fi 5013 5014 if test "x$ENABLED_OCSP" = "xno" 5015 then 5016 ENABLED_OCSP="yes" 5017 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 5018 fi 5019 5020 if test "x$ENABLED_CODING" = "xno" 5021 then 5022 ENABLED_CODING="yes" 5023 fi 5024 5025 if test "x$ENABLED_SESSIONCERTS" = "xno" 5026 then 5027 ENABLED_SESSIONCERTS="yes" 5028 AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" 5029 fi 5030 5031 if test "x$ENABLED_CRL" = "xno" 5032 then 5033 ENABLED_CRL="yes" 5034 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" 5035 fi 5036 5037 if test "x$ENABLED_DES3" = "xno" 5038 then 5039 ENABLED_DES3="yes" 5040 fi 5041 5042 if test "x$ENABLED_TLSX" = "xno" 5043 then 5044 ENABLED_TLSX="yes" 5045 AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC" 5046 5047 # Check the ECC supported curves prereq 5048 AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes"], 5049 [ENABLED_SUPPORTED_CURVES=yes 5050 AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"]) 5051 fi 5052 5053 if test "x$ENABLED_ECC" = "xno" 5054 then 5055 ENABLED_OPENSSLEXTRA="yes" 5056 ENABLED_ECC="yes" 5057 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" 5058 5059 if test "$ENABLED_ECC_SHAMIR" = "yes" 5060 then 5061 AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" 5062 fi 5063 fi 5064 5065 if test "x$ENABLED_CERTEXT" = "xno" 5066 then 5067 ENABLED_CERTEXT="yes" 5068 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" 5069 fi 5070 5071 if test "x$ENABLED_CERTGEN" = "xno" 5072 then 5073 ENABLED_CERTGEN="yes" 5074 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 5075 fi 5076 5077 if test "x$ENABLED_KEYGEN" = "xno" 5078 then 5079 ENABLED_KEYGEN="yes" 5080 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" 5081 fi 5082 5083 AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB" 5084 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA" 5085 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DWOLFSSL_SIGNER_DER_CERT" 5086fi 5087 5088if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \ 5089 && test "x$ENABLED_STUNNEL" = "xno" 5090then 5091 AM_CFLAGS="$AM_CFLAGS -DNO_PSK" 5092fi 5093 5094if test "$ENABLED_PSK" = "no" && \ 5095 (test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes") 5096then 5097 ENABLED_PSK=yes 5098fi 5099 5100# tcpdump support 5101AC_ARG_ENABLE([tcpdump], 5102 [AS_HELP_STRING([--enable-tcpdump],[Enable tcpdump (default: disabled)])], 5103 [ ENABLED_TCPDUMP=$enableval ], 5104 [ ENABLED_TCPDUMP=no ] 5105 ) 5106# tcpdump support requires all the features enabled within this conditional. 5107if test "$ENABLED_TCPDUMP" = "yes" 5108then 5109 if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 5110 then 5111 ENABLED_OPENSSLEXTRA="yes" 5112 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 5113 fi 5114 5115 if test "x$ENABLED_DES3" = "xno" 5116 then 5117 ENABLED_DES3="yes" 5118 fi 5119fi 5120 5121# sblim-sfcb support 5122AC_ARG_ENABLE([sblim-sfcb], 5123 [AS_HELP_STRING([--enable-sblim-sfcb],[Enable sblim-sfcb support (default: disabled)])], 5124 [ ENABLED_SBLIM_SFCB=$enableval ], 5125 [ ENABLED_SBLIM_SFCB=no ] 5126 ) 5127# sblim-sfcb support requires all the features enabled within this conditional. 5128if test "$ENABLED_SBLIM_SFCB" = "yes" 5129then 5130 if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 5131 then 5132 ENABLED_OPENSSLEXTRA="yes" 5133 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" 5134 fi 5135 5136 if test "x$ENABLED_CERTGEN" = "xno" 5137 then 5138 ENABLED_CERTGEN="yes" 5139 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 5140 fi 5141 5142 AM_CFLAGS="$AM_CFLAGS -DHAVE_SBLIM_SFCB -DWOLFSSL_SIGNER_DER_CERT" 5143fi 5144 5145# libest Support 5146AC_ARG_ENABLE([libest], 5147 [AS_HELP_STRING([--enable-libest],[Enable libest (default: disabled)])], 5148 [ ENABLED_LIBEST=$enableval ], 5149 [ ENABLED_LIBEST=no ] 5150 ) 5151 5152if test "$ENABLED_LIBEST" = "yes" 5153then 5154 AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES" 5155 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER" 5156 5157 # Requires opensslextra and opensslall 5158 if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 5159 then 5160 ENABLED_OPENSSLALL="yes" 5161 ENABLED_OPENSSLEXTRA="yes" 5162 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" 5163 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING" 5164 AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT" 5165 fi 5166 5167 # Requires OCSP 5168 if test "x$ENABLED_OCSP" = "xno" 5169 then 5170 ENABLED_OCSP="yes" 5171 AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" 5172 fi 5173 5174 # Requires PKCS7 5175 if test "x$ENABLED_PKCS7" = "xno" 5176 then 5177 ENABLED_PKCS7="yes" 5178 fi 5179 5180 # Requires Certificate Generation and Request 5181 if test "x$ENABLED_CERTGEN" = "xno" 5182 then 5183 ENABLED_CERTGEN="yes" 5184 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 5185 fi 5186 if test "x$ENABLED_CERTREQ" = "xno" 5187 then 5188 ENABLED_CERTREQ="yes" 5189 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" 5190 fi 5191 if test "x$ENABLED_CERTEXT" = "xno" 5192 then 5193 ENABLED_CERTEXT="yes" 5194 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" 5195 fi 5196 5197 # Requires CRL 5198 if test "x$ENABLED_CRL" = "xno" 5199 then 5200 ENABLED_CRL="yes" 5201 AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" 5202 fi 5203 5204 if test "x$ENABLED_SRP" = "xno" 5205 then 5206 ENABLED_SRP="yes" 5207 AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP" 5208 fi 5209 5210 # Enable prereqs if not already enabled 5211 if test "x$ENABLED_KEYGEN" = "xno" 5212 then 5213 ENABLED_KEYGEN="yes" 5214 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" 5215 fi 5216 5217 # Requires sessioncerts make sure on 5218 if test "x$ENABLED_SESSIONCERTS" = "xno" 5219 then 5220 ENABLED_SESSIONCERTS="yes" 5221 AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS" 5222 fi 5223 5224 if test "x$ENABLED_DSA" = "xno" 5225 then 5226 AC_MSG_WARN([Enabling DSA with --enable-dsa is recommended for libest]) 5227 fi 5228fi 5229 5230# MD4 5231AC_ARG_ENABLE([md4], 5232 [AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])], 5233 [ ENABLED_MD4=$enableval ], 5234 [ ENABLED_MD4=no ] 5235 ) 5236 5237 5238if test "$ENABLED_MD4" = "no" 5239then 5240 #turn on MD4 if using stunnel 5241 if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_KRB" = "xyes" 5242 then 5243 ENABLED_MD4="yes" 5244 else 5245 AM_CFLAGS="$AM_CFLAGS -DNO_MD4" 5246 fi 5247fi 5248 5249 5250# Encrypted keys 5251AC_ARG_ENABLE([enckeys], 5252 [AS_HELP_STRING([--enable-enckeys],[Enable PEM encrypted private key support (default: disabled)])], 5253 [ ENABLED_ENCKEYS=$enableval ], 5254 [ ENABLED_ENCKEYS=no ] 5255 ) 5256 5257if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_WPAS" != "no" 5258then 5259 ENABLED_ENCKEYS=yes 5260fi 5261 5262if test "$ENABLED_ENCKEYS" = "yes" 5263then 5264 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ENCRYPTED_KEYS" 5265fi 5266 5267 5268# PKCS#12 5269# set PKCS#12 default 5270PKCS12_DEFAULT=yes 5271if test "$ENABLED_ASN" = "no" 5272then 5273 PKCS12_DEFAULT=no 5274fi 5275AC_ARG_ENABLE([pkcs12], 5276 [AS_HELP_STRING([--enable-pkcs12],[Enable pkcs12 (default: enabled)])], 5277 [ ENABLED_PKCS12=$enableval ], 5278 [ ENABLED_PKCS12=$PKCS12_DEFAULT ] 5279 ) 5280 5281if test "x$ENABLED_PKCS12" = "xno" 5282then 5283 AM_CFLAGS="$AM_CFLAGS -DNO_PKCS12" 5284fi 5285 5286# PWDBASED has to come after certservice since we want it on w/o explicit on 5287# PWDBASED 5288AC_ARG_ENABLE([pwdbased], 5289 [AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])], 5290 [ ENABLED_PWDBASED=$enableval ], 5291 [ ENABLED_PWDBASED=no ] 5292 ) 5293 5294if test "$ENABLED_PWDBASED" = "no" 5295then 5296 if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \ 5297 test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" || \ 5298 test "$ENABLED_PKCS12" = "yes" 5299 then 5300 # opensslextra, opensslall, webserver, enckeys and pkcs12 need pwdbased 5301 ENABLED_PWDBASED=yes 5302 else 5303 AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED" 5304 fi 5305fi 5306 5307 5308AC_ARG_ENABLE([scrypt], 5309 [AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])], 5310 [ ENABLED_SCRYPT=$enableval ], 5311 [ ENABLED_SCRYPT=no ] 5312 ) 5313 5314if test "$ENABLED_SCRYPT" = "yes" 5315then 5316 if test "$ENABLED_PWDBASED" = "no" 5317 then 5318 AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.]) 5319 fi 5320 AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT" 5321fi 5322 5323 5324# wolfCrypt Only Build 5325AC_ARG_ENABLE([cryptonly], 5326 [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])], 5327 [ENABLED_CRYPTONLY=$enableval], 5328 [ENABLED_CRYPTONLY=no]) 5329 5330AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"]) 5331 5332if test "$ENABLED_CRYPTONLY" = "yes" 5333then 5334 if test "$ENABLED_OPENSSLALL" = "yes" 5335 then 5336 AC_MSG_ERROR([cryptonly and opensslall are mutually incompatible.]) 5337 fi 5338 AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY" 5339fi 5340 5341if test "x$ENABLED_CRYPTONLY" = "xno" 5342then 5343 if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno" 5344 then 5345 AC_MSG_ERROR([please enable psk if disabling asn.]) 5346 fi 5347 5348 if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno" 5349 then 5350 AC_MSG_ERROR([please disable ecc if disabling asn.]) 5351 fi 5352 5353 if test "$ENABLED_AFALG" = "yes" 5354 then 5355 # for TLS connections the intermediate hash needs to store buffer 5356 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH_KEEP" 5357 fi 5358 5359 if test "$ENABLED_DEVCRYPTO" = "yes" 5360 then 5361 # for TLS connections the intermediate hash needs to store buffer 5362 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH_KEEP" 5363 fi 5364fi 5365 5366# set fastmath default 5367FASTMATH_DEFAULT=no 5368 5369if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" 5370then 5371 FASTMATH_DEFAULT=yes 5372fi 5373if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" 5374then 5375 FASTMATH_DEFAULT=no 5376fi 5377if test "$ENABLED_SP_MATH" = "yes" 5378then 5379 FASTMATH_DEFAULT=no 5380fi 5381 5382# fastmath 5383AC_ARG_ENABLE([fastmath], 5384 [AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: enabled on x86_64/aarch64)])], 5385 [ ENABLED_FASTMATH=$enableval ], 5386 [ ENABLED_FASTMATH=$FASTMATH_DEFAULT] 5387 ) 5388 5389if test "x$ENABLED_FASTMATH" = "xyes" 5390then 5391 # turn off fastmth if leanpsk on or asn off (w/o DH and ECC) 5392 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no" 5393 then 5394 if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no" 5395 then 5396 ENABLED_FASTMATH=no 5397 else 5398 AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH" 5399 ENABLED_SLOWMATH="no" 5400 fi 5401 else 5402 AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH" 5403 ENABLED_SLOWMATH="no" 5404 fi 5405 if test "$host_cpu" = "x86_64" 5406 then 5407 # Have settings.h set FP_MAX_BITS higher if user didn't set directly 5408 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD" 5409 fi 5410 AS_IF([test "x$host_cpu" = "xaarch64"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AARCH64_BUILD"]) 5411 5412 if test "$ENABLED_SAKKE" = "yes" && test "$ENABLED_SAKKE_SMALL" != "yes" 5413 then 5414 AM_CFLAGS="$AM_CFLAGS -funroll-loops -DTFM_SMALL_SET" 5415 fi 5416fi 5417 5418 5419# fast HUGE math 5420AC_ARG_ENABLE([fasthugemath], 5421 [AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])], 5422 [ ENABLED_FASTHUGEMATH=$enableval ], 5423 [ ENABLED_FASTHUGEMATH=no ] 5424 ) 5425 5426if test "$ENABLED_BUMP" = "yes" 5427then 5428 ENABLED_FASTHUGEMATH="yes" 5429fi 5430 5431if test "$ENABLED_FASTHUGEMATH" = "yes" 5432then 5433 ENABLED_FASTMATH="yes" 5434 AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH" 5435 ENABLED_SLOWMATH="no" 5436fi 5437 5438 5439# Enable Examples, used to disable examples 5440if test "$ENABLED_LINUXKM" = "yes" 5441then 5442 ENABLED_EXAMPLES_DEFAULT=no 5443else 5444 ENABLED_EXAMPLES_DEFAULT=yes 5445fi 5446AC_ARG_ENABLE([examples], 5447 [AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])], 5448 [ ENABLED_EXAMPLES=$enableval ], 5449 [ ENABLED_EXAMPLES=$ENABLED_EXAMPLES_DEFAULT ] 5450 ) 5451 5452AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"]) 5453AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"]) 5454AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"]) 5455 5456 5457# Enable wolfCrypt test and benchmark 5458if test "$ENABLED_LINUXKM" = "yes" 5459then 5460 ENABLED_CRYPT_TESTS_DEFAULT=no 5461else 5462 ENABLED_CRYPT_TESTS_DEFAULT=yes 5463fi 5464AC_ARG_ENABLE([crypttests], 5465 [AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])], 5466 [ ENABLED_CRYPT_TESTS=$enableval ], 5467 [ ENABLED_CRYPT_TESTS=$ENABLED_CRYPT_TESTS_DEFAULT ] 5468 ) 5469AC_SUBST([ENABLED_CRYPT_TESTS]) 5470 5471# Build wolfCrypt test and benchmark as libraries. This will compile test.c and 5472# benchmark.c and make their functions available via libraries, libwolfcrypttest 5473# and libwolfcryptbench, respectively. Note that this feature is not enabled by 5474# default, and the API of these libraries should NOT be treated as stable. 5475AC_ARG_ENABLE([crypttests-libs], 5476 [AS_HELP_STRING([--enable-crypttests-libs],[Enable wolfcrypt test and benchmark libraries (default: disabled)])], 5477 [ ENABLED_CRYPT_TESTS_LIBS=$enableval ], 5478 [ ENABLED_CRYPT_TESTS_LIBS=no ] 5479 ) 5480 5481# LIBZ 5482ENABLED_LIBZ="no" 5483trylibzdir="" 5484AC_ARG_WITH([libz], 5485 [ --with-libz=PATH PATH to libz install (default /usr/) ], 5486 [ 5487 AC_MSG_CHECKING([for libz]) 5488 CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ" 5489 LIBS="$LIBS -lz" 5490 5491 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ]) 5492 5493 if test "x$libz_linked" = "xno" ; then 5494 if test "x$withval" != "xno" ; then 5495 trylibzdir=$withval 5496 fi 5497 if test "x$withval" = "xyes" ; then 5498 trylibzdir="/usr" 5499 fi 5500 5501 LDFLAGS="$LDFLAGS -L$trylibzdir/lib" 5502 CPPFLAGS="$CPPFLAGS -I$trylibzdir/include" 5503 5504 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ]) 5505 5506 if test "x$libz_linked" = "xno" ; then 5507 AC_MSG_ERROR([libz isn't found. 5508 If it's already installed, specify its path using --with-libz=/dir/]) 5509 fi 5510 AC_MSG_RESULT([yes]) 5511 else 5512 AC_MSG_RESULT([yes]) 5513 fi 5514 ENABLED_LIBZ="yes" 5515 ] 5516) 5517 5518 5519# PKCS#11 5520AC_ARG_ENABLE([pkcs11], 5521 [AS_HELP_STRING([--enable-pkcs11],[Enable pkcs11 access (default: disabled)])], 5522 [ ENABLED_PKCS11=$enableval ], 5523 [ ENABLED_PKCS11=no ] 5524 ) 5525 5526if test "x$ENABLED_PKCS11" != "xno" 5527then 5528 AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11 -DHAVE_WOLF_BIGINT" 5529 if test "x$ENABLED_PKCS11" != "xstatic" 5530 then 5531 LIBS="$LIBS -ldl" 5532 else 5533 AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11_STATIC" 5534 ENABLED_PKCS11="yes" 5535 fi 5536fi 5537 5538 5539# PKCS#8 5540AC_ARG_ENABLE([pkcs8], 5541 [AS_HELP_STRING([--enable-pkcs8],[Enable PKCS #8 key packages (default: enabled)])], 5542 [ ENABLED_PKCS8=$enableval ], 5543 [ ENABLED_PKCS8=yes ] 5544 ) 5545 5546if test "x$ENABLED_PKCS8" = "xno" 5547then 5548 AM_CFLAGS="$AM_CFLAGS -DNO_PKCS8" 5549fi 5550 5551 5552# cavium 5553trycaviumdir="" 5554AC_ARG_WITH([cavium], 5555 [ --with-cavium=PATH PATH to cavium/software dir ], 5556 [ 5557 AC_MSG_CHECKING([for cavium]) 5558 CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM" 5559 LIB_ADD="-lrt $LIB_ADD" 5560 5561 if test "x$withval" = "xyes" ; then 5562 AC_MSG_ERROR([need a PATH for --with-cavium]) 5563 fi 5564 if test "x$withval" != "xno" ; then 5565 trycaviumdir=$withval 5566 fi 5567 5568 LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o" 5569 CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include" 5570 5571 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ]) 5572 5573 if test "x$cavium_linked" = "xno" ; then 5574 AC_MSG_ERROR([cavium isn't found. 5575 If it's already installed, specify its path using --with-cavium=/dir/]) 5576 else 5577 AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM" 5578 fi 5579 AC_MSG_RESULT([yes]) 5580 enable_shared=no 5581 enable_static=yes 5582 ENABLED_CAVIUM=yes 5583 ], 5584 [ ENABLED_CAVIUM=no ] 5585) 5586 5587# cavium V 5588trycaviumdir="" 5589AC_ARG_WITH([cavium-v], 5590 [ --with-cavium-v=PATH PATH to Cavium V/software dir ], 5591 [ 5592 AC_MSG_CHECKING([for cavium]) 5593 AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V" 5594 LIB_ADD="-lrt -lcrypto $LIB_ADD" 5595 5596 if test "x$withval" = "xyes" ; then 5597 AC_MSG_ERROR([need a PATH for --with-cavium]) 5598 fi 5599 if test "x$withval" != "xno" ; then 5600 trycaviumdir=$withval 5601 fi 5602 5603 if test -e $trycaviumdir/lib/libnitrox.a 5604 then 5605 AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS" 5606 else 5607 ENABLED_CAVIUM_V=no 5608 fi 5609 LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD" 5610 5611 if test "$ENABLED_CAVIUM_V" = "no"; then 5612 AC_MSG_ERROR([Could not find Nitrox library]) 5613 fi 5614 5615 enable_shared=no 5616 enable_static=yes 5617 enable_opensslextra=yes 5618 5619 ENABLED_CAVIUM=yes 5620 ENABLED_CAVIUM_V=yes 5621 ], 5622 [ 5623 ENABLED_CAVIUM_=no 5624 ENABLED_CAVIUM_V=no 5625 ] 5626) 5627 5628 5629# Cavium Octeon 5630OCTEON_ROOT="" 5631: ${OCTEON_OBJ="obj-octeon2"} 5632: ${OCTEON_HOST="standalone"} 5633 5634AC_ARG_WITH([octeon-sync], 5635 [AS_HELP_STRING([--with-octeon-sync=PATH],[PATH to Cavium Octeon SDK dir (sync)])], 5636 [ 5637 AC_MSG_CHECKING([for octeon]) 5638 5639 if test "x$withval" = "xyes" ; then 5640 AC_MSG_ERROR([need a PATH for --with-octeon]) 5641 fi 5642 if test "x$withval" != "xno" ; then 5643 OCTEON_ROOT=$withval 5644 fi 5645 5646 AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM_OCTEON_SYNC" 5647 AM_CFLAGS="$AM_CFLAGS -DOCTEON_MODEL=$OCTEON_MODEL" 5648 AM_CFLAGS="$AM_CFLAGS -I$OCTEON_ROOT/executive" 5649 AS_CASE([$OCTEON_HOST],['linux'],[AM_CFLAGS="$AM_CFLAGS -DCVMX_BUILD_FOR_LINUX_HOST"]) 5650 5651 #-I$OCTEON_ROOT/target/include 5652 AM_LDFLAGS="$AM_LDFLAGS -lrt -Xlinker -T -Xlinker $OCTEON_ROOT/executive/cvmx-shared-linux.ld" 5653 AM_LDFLAGS="$AM_LDFLAGS -L$OCTEON_ROOT/executive/$OCTEON_OBJ -lcvmx -lfdt" 5654 5655 enable_shared=no 5656 enable_static=yes 5657 5658 ENABLED_OCTEON_SYNC=yes 5659 AC_MSG_RESULT([yes]) 5660 ], 5661 [ENABLED_OCTEON_SYNC=no] 5662) 5663 5664 5665# Intel QuickAssist 5666QAT_DIR="" 5667BUILD_INTEL_QAT_VERSION=2 5668 5669AC_ARG_WITH([intelqa], 5670 [AS_HELP_STRING([--with-intelqa=PATH],[PATH to Intel QuickAssist (QAT) driver dir])], 5671 [ENABLED_INTEL_QA=yes; QAT_DIR=$withval], 5672 [ENABLED_INTEL_QA=no]) 5673 5674AC_ARG_WITH([intelqa-sync], 5675 [AS_HELP_STRING([--with-intelqa-sync=PATH],[PATH to Intel QuickAssist (QAT) driver dir (sync)])], 5676 [ENABLED_INTEL_QA_SYNC=yes; QAT_DIR=$withval], 5677 [ENABLED_INTEL_QA_SYNC=no]) 5678 5679AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" && test "x$ENABLED_INTEL_QA_SYNC" = "xyes"], 5680 [AC_MSG_ERROR([Both Intel QA Async and Sync are selected, only select one.])]) 5681 5682AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_INTEL_QA_SYNC" = "xyes"], 5683 [AC_MSG_CHECKING([for intelqa]) 5684 AS_IF([test "x$ENABLED_INTEL_QA" = "xyes"], 5685 [AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"; intelqa_opt=""], 5686 [AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA_SYNC -DQAT_USE_POLLING_THREAD -DO_CRYPTO -DUSER_SPACE"; intelqa_opt="-sync"]) 5687 OLD_LIBS="$LIBS" 5688 OLD_CPPFLAGS="$CPPFLAGS" 5689 5690 AS_IF([test "x$QAT_DIR" = "xyes"],[AC_MSG_ERROR([need a PATH for --with-intelqa$intelqa_opt])]) 5691 5692 AM_CPPFLAGS="$AM_CPPFLAGS -I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \ 5693 -I$QAT_DIR/quickassist/utilities/osal/src/linux/user_space/include -I$QAT_DIR/quickassist/lookaside/access_layer/include \ 5694 -I$QAT_DIR/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel \ 5695 -I$QAT_DIR/quickassist/utilities/libusdm_drv" 5696 CPPFLAGS="$AM_CPPFLAGS" 5697 5698 LDFLAGS="$LDFLAGS -L$QAT_DIR/build" 5699 LIBS="$LIBS -lqat_s -lusdm_drv_s" 5700 5701 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no]) 5702 5703 AS_IF([test "x$intelqa_linked" = "xno"], 5704 [# Try old QAT driver libraries 5705 LIBS="$OLD_LIBS -licp_qa_al_s" 5706 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no]) 5707 AS_IF([test "x$intelqa_linked" = "xno"], 5708 [AC_MSG_ERROR([Intel QuickAssist not found. If it's already installed, specify its path using --with-intelqa$intelqa_opt=/dir/])], 5709 [BUILD_INTEL_QAT_VERSION=1]) 5710 ]) 5711 5712 AC_MSG_RESULT([yes]) 5713 5714 AS_IF([test "x$BUILD_INTEL_QAT_VERSION" = "x1"], 5715 [LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"], 5716 [LIB_ADD="-losal -lrt $LIB_ADD"]) 5717 CPPFLAGS="$OLD_CPPFLAGS" 5718]) 5719 5720 5721ENABLED_SP_RSA=no 5722ENABLED_SP_DH=no 5723ENABLED_SP_FF_2048=no 5724ENABLED_SP_FF_3072=no 5725ENABLED_SP_FF_4096=no 5726ENABLED_SP_ECC=no 5727ENABLED_SP_EC_256=no 5728ENABLED_SP_EC_384=no 5729ENABLED_SP_SAKKE_1024=$ENABLED_SAKKE 5730ENABLED_SP_NO_MALLOC=no 5731ENABLED_SP_NONBLOCK=no 5732ENABLED_SP_SMALL=no 5733for v in `echo $ENABLED_SP | tr "," " "` 5734do 5735 case $v in 5736 small) 5737 ENABLED_SP_SMALL=yes 5738 ENABLED_SP_RSA=yes 5739 ENABLED_SP_DH=yes 5740 ENABLED_SP_FF_2048=yes 5741 ENABLED_SP_FF_3072=yes 5742 ENABLED_SP_ECC=yes 5743 ENABLED_SP_EC_256=yes 5744 if test "$host_cpu" = "x86_64"; then 5745 ENABLED_SP_FF_4096=yes 5746 ENABLED_SP_EC_384=yes 5747 fi 5748 ;; 5749 5750 smallfast) 5751 ENABLED_SP_SMALL=yes 5752 ENABLED_SP_RSA=yes 5753 ENABLED_SP_DH=yes 5754 ENABLED_SP_FF_2048=yes 5755 ENABLED_SP_FF_3072=yes 5756 ENABLED_SP_ECC=yes 5757 ENABLED_SP_EC_256=yes 5758 if test "$host_cpu" = "x86_64"; then 5759 ENABLED_SP_FF_4096=yes 5760 ENABLED_SP_EC_384=yes 5761 fi 5762 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_FAST_MODEXP" 5763 ;; 5764 5765 yes) 5766 ENABLED_SP_RSA=yes 5767 ENABLED_SP_DH=yes 5768 ENABLED_SP_FF_2048=yes 5769 ENABLED_SP_FF_3072=yes 5770 ENABLED_SP_ECC=yes 5771 ENABLED_SP_EC_256=yes 5772 if test "$host_cpu" = "x86_64"; then 5773 ENABLED_SP_FF_4096=yes 5774 ENABLED_SP_EC_384=yes 5775 fi 5776 ;; 5777 5778 no) 5779 ;; 5780 5781 smallec256 | smallp256 | small256) 5782 ENABLED_SP_SMALL=yes 5783 ENABLED_SP_ECC=yes 5784 ENABLED_SP_EC_256=yes 5785 ;; 5786 ec256 | p256 | 256) 5787 ENABLED_SP_ECC=yes 5788 ENABLED_SP_EC_256=yes 5789 ;; 5790 smallec384 | smallp384 | small384) 5791 ENABLED_SP_SMALL=yes 5792 ENABLED_SP_ECC=yes 5793 ENABLED_SP_EC_384=yes 5794 ;; 5795 ec384 | p384 | 384) 5796 ENABLED_SP_ECC=yes 5797 ENABLED_SP_EC_384=yes 5798 ;; 5799 smallec1024 | smallp1024 | small1024) 5800 ENABLED_SP_ECC=yes 5801 ENABLED_SP_SMALL=yes 5802 ENABLED_SP_SAKKE_1024=yes 5803 ;; 5804 ec1024 | p1024 | 1024) 5805 ENABLED_SP_ECC=yes 5806 ENABLED_SP_SAKKE_1024=yes 5807 ;; 5808 5809 small2048) 5810 ENABLED_SP_SMALL=yes 5811 ENABLED_SP_RSA=yes 5812 ENABLED_SP_DH=yes 5813 ENABLED_SP_FF_2048=yes 5814 ;; 5815 2048) 5816 ENABLED_SP_RSA=yes 5817 ENABLED_SP_DH=yes 5818 ENABLED_SP_FF_2048=yes 5819 ;; 5820 smallrsa2048) 5821 ENABLED_SP_SMALL=yes 5822 ENABLED_SP_RSA=yes 5823 ENABLED_SP_FF_2048=yes 5824 ;; 5825 rsa2048) 5826 ENABLED_SP_RSA=yes 5827 ENABLED_SP_FF_2048=yes 5828 ;; 5829 5830 small3072) 5831 ENABLED_SP_SMALL=yes 5832 ENABLED_SP_RSA=yes 5833 ENABLED_SP_DH=yes 5834 ENABLED_SP_FF_3072=yes 5835 ;; 5836 3072) 5837 ENABLED_SP_RSA=yes 5838 ENABLED_SP_DH=yes 5839 ENABLED_SP_FF_3072=yes 5840 ;; 5841 smallrsa3072) 5842 ENABLED_SP_SMALL=yes 5843 ENABLED_SP_RSA=yes 5844 ENABLED_SP_FF_3072=yes 5845 ;; 5846 rsa3072) 5847 ENABLED_SP_RSA=yes 5848 ENABLED_SP_FF_3072=yes 5849 ;; 5850 5851 small4096) 5852 ENABLED_SP_SMALL=yes 5853 ENABLED_SP_RSA=yes 5854 ENABLED_SP_DH=yes 5855 ENABLED_SP_FF_4096=yes 5856 ;; 5857 4096 | +4096) 5858 ENABLED_SP_RSA=yes 5859 ENABLED_SP_DH=yes 5860 ENABLED_SP_FF_4096=yes 5861 ;; 5862 smallrsa4096) 5863 ENABLED_SP_SMALL=yes 5864 ENABLED_SP_RSA=yes 5865 ENABLED_SP_FF_4096=yes 5866 ;; 5867 rsa4096) 5868 ENABLED_SP_RSA=yes 5869 ENABLED_SP_FF_4096=yes 5870 ;; 5871 5872 nomalloc) 5873 ENABLED_SP_NO_MALLOC=yes 5874 ;; 5875 5876 nonblock) 5877 # Requires small and no malloc 5878 ENABLED_SP_NONBLOCK=yes 5879 ENABLED_SP_NO_MALLOC=yes 5880 ENABLED_SP_SMALL=yes 5881 ;; 5882 5883 asm) 5884 ENABLED_SP_ASM=yes 5885 ;; 5886 5887 *) 5888 AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 2048, 3072]: $ENABLED_SP.]) 5889 break;; 5890 esac 5891done 5892 5893ENABLED_SP=no 5894if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then 5895 ENABLED_SP=yes 5896 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA" 5897 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_RSA" 5898fi 5899if test "$ENABLED_DH" = "yes" && test "$ENABLED_SP_DH" = "yes"; then 5900 ENABLED_SP=yes 5901 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH" 5902 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_DH" 5903fi 5904if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then 5905 if test "$ENABLED_SP_FF_2048" = "no"; then 5906 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048" 5907 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048" 5908 fi 5909 if test "$ENABLED_SP_FF_3072" = "no"; then 5910 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072" 5911 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072" 5912 fi 5913 if test "$ENABLED_SP_FF_4096" = "yes"; then 5914 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_4096" 5915 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_4096" 5916 fi 5917 5918 case $host_cpu in 5919 *x86_64* | *aarch64*) 5920 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE" 5921 ;; 5922 *) 5923 ;; 5924 esac 5925fi 5926if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then 5927 ENABLED_SP=yes 5928 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC" 5929 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_ECC" 5930 if test "$ENABLED_SP_EC_256" = "no"; then 5931 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_256" 5932 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_256" 5933 fi 5934 if test "$ENABLED_SP_EC_384" = "yes"; then 5935 AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC384 -DWOLFSSL_SP_384" 5936 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_384" 5937 fi 5938 if test "$ENABLED_SP_SAKKE_1024" = "yes"; then 5939 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_1024" 5940 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_1024" 5941 fi 5942fi 5943if test "$ENABLED_SP_SMALL" = "yes"; then 5944 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL" 5945 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL" 5946fi 5947if test "$ENABLED_SP_NO_MALLOC" = "yes"; then 5948 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC" 5949 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_MALLOC" 5950fi 5951if test "$ENABLED_SP_NONBLOCK" = "yes"; then 5952 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK" 5953 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK" 5954fi 5955 5956# Check that we enable SP with RSA, DH or ECC. 5957if test "$ENABLED_SP" = "no"; then 5958 # Didn't need SP, don't need SP_MATH. 5959 if test "$ENABLED_SP_MATH" = "yes"; then 5960 ENABLED_SP_MATH=no 5961 fi 5962fi 5963 5964if test "$ENABLED_SP_MATH" = "yes"; then 5965 if test "$ENABLED_SP" = "no"; then 5966 AC_MSG_ERROR([Must have SP enabled: --enable-sp]) 5967 fi 5968 if test "$ENABLED_ECCCUSTCURVES" = "yes"; then 5969 AC_MSG_ERROR([Cannot use single precision math and custom curves]) 5970 fi 5971 if test "$ENABLED_OPENSSLEXTRA" = "yes"; then 5972 AC_MSG_ERROR([Cannot use single precision math and OpenSSL extra]) 5973 fi 5974 if test "$ENABLED_DSA" = "yes"; then 5975 AC_MSG_ERROR([Cannot use single precision math and DSA]) 5976 fi 5977 if test "$ENABLED_SRP" = "yes"; then 5978 AC_MSG_ERROR([Cannot use single precision math and SRP]) 5979 fi 5980 if test "$ENABLED_SP_RSA" = "no" && test "$ENABLED_RSA" = "yes"; then 5981 AC_MSG_ERROR([Cannot use RSA single precision only math and RSA]) 5982 fi 5983 if test "$ENABLED_SP_DH" = "no" && test "$ENABLED_DH" = "yes"; then 5984 AC_MSG_ERROR([Cannot use DH single precision only math and DH]) 5985 fi 5986 5987 ENABLED_FASTMATH="no" 5988 ENABLED_SLOWMATH="no" 5989fi 5990 5991for v in `echo $ENABLED_SP_MATH_ALL | tr "," " "` 5992do 5993 case $v in 5994 yes | no) 5995 ;; 5996 small) 5997 ENABLED_SP_MATH_ALL="yes" 5998 ENABLED_SP_SMALL="yes" 5999 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL" 6000 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL" 6001 ;; 6002 huge) 6003 ENABLED_SP_MATH_ALL="yes" 6004 ENABLED_FASTHUGEMATH="yes" 6005 AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS" 6006 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA" 6007 ;; 6008 256 | 384 | 521 | 1024 | 2048 | 3072 | 4096) 6009 if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -o "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -lt "$v" 6010 then 6011 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS="$v" 6012 fi 6013 ENABLED_SP_MATH_ALL="yes" 6014 ;; 6015 nomalloc) 6016 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC" 6017 ENABLED_SP_MATH_ALL="yes" 6018 ;; 6019 *) 6020 AC_MSG_ERROR([Support SP int bit sizes: 256, 384, 521, 1024, 2048, 3072, 4096. $ENABLED_SP_MATH_ALL not supported]) 6021 ;; 6022 esac 6023done 6024 6025if test "$ENABLED_SP_MATH_ALL" = "yes"; then 6026 6027 ENABLED_FASTMATH="no" 6028 ENABLED_SLOWMATH="no" 6029 ENABLED_SP="yes" 6030 #ENABLED_SP_MATH="yes" 6031 6032 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH_ALL" 6033 6034 case $host_cpu in 6035 *x86_64*) 6036 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64" 6037 ;; 6038 *x86*) 6039 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86" 6040 ;; 6041 *aarch64*) 6042 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64" 6043 ;; 6044 *arm*) 6045 if test $host_alias = "thumb"; then 6046 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB" 6047 else 6048 if test $host_alias = "cortex"; then 6049 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M" 6050 else 6051 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32" 6052 fi 6053 fi 6054 ;; 6055 *ppc64* | *powerpc64*) 6056 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC64" 6057 ;; 6058 *ppc* | *powerpc*) 6059 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC" 6060 ;; 6061 *mips64*) 6062 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS64" 6063 ;; 6064 *mips*) 6065 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS" 6066 ;; 6067 *riscv32*) 6068 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV32" 6069 ;; 6070 *riscv64*) 6071 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV64" 6072 ;; 6073 *s390x*) 6074 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_S390X" 6075 ;; 6076 esac 6077fi 6078 6079 6080if test "$ENABLED_SP_ASM" = "yes"; then 6081 if test "$ENABLED_SP" = "no"; then 6082 AC_MSG_ERROR([Must have SP enabled: --enable-sp]) 6083 fi 6084 if test "$ENABLED_SP_NONBLOCK" = "yes"; then 6085 AC_MSG_ERROR([SP non-blocking not supported with sp-asm]) 6086 fi 6087 if test "$ENABLED_ASM" = "no"; then 6088 AC_MSG_ERROR([Assembly code turned off]) 6089 fi 6090 6091 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ASM" 6092 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ASM" 6093 case $host_cpu in 6094 *aarch64*) 6095 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64_ASM" 6096 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM" 6097 ENABLED_SP_ARM64_ASM=yes 6098 ;; 6099 *arm*) 6100 if test $host_alias = "thumb"; then 6101 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM" 6102 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM" 6103 ENABLED_SP_ARM_THUMB_ASM=yes 6104 else 6105 if test $host_alias = "cortex"; then 6106 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" 6107 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM" 6108 ENABLED_SP_ARM_CORTEX_ASM=yes 6109 else 6110 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM" 6111 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM" 6112 ENABLED_SP_ARM32_ASM=yes 6113 fi 6114 fi 6115 ;; 6116 *x86_64*|*amd64*) 6117 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM" 6118 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM" 6119 ENABLED_SP_X86_64_ASM=yes 6120 if test "x$ENABLED_FASTMATH" = "xno" 6121 then 6122 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD" 6123 fi 6124 ;; 6125 *) 6126 AC_MSG_ERROR([ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm]) 6127 ;; 6128 esac 6129 6130fi 6131 6132 6133if test "$ENABLED_SP_MATH" = "yes"; then 6134 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH" 6135fi 6136 6137 6138# Fast RSA using Intel IPP 6139ippdir="${srcdir}/IPP" 6140ipplib="lib" # if autoconf guesses 32bit system changes lib directory 6141fastRSA_found=no 6142abs_path=`pwd` 6143 6144# set up variables used 6145IPPLIBS= 6146IPPHEADERS= 6147IPPLINK= 6148 6149AC_ARG_ENABLE([fast-rsa], 6150 [AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])], 6151 [ ENABLED_FAST_RSA=$enableval ], 6152 [ ENABLED_FAST_RSA=no ], 6153 ) 6154 6155# Fast RSA does not support RSA-PSS 6156if test "$ENABLED_RSAPSS" = "yes"; then 6157 ENABLED_FAST_RSA=no 6158fi 6159 6160if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then 6161 6162 if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then 6163 ipplib="lib_32" # 32 bit OS detected 6164 fi 6165 6166# Use static IPP Libraries 6167if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then 6168 case $host_os in 6169 *darwin*) 6170 ipplib="$ipplib/mac_static" 6171 AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac. 6172 Dynamic IPP libraries supported on Mac]) 6173 break;; 6174 6175 *linux*) 6176 ipplib="$ipplib/linux_static" 6177 break;; 6178 *) 6179 ENABLED_FAST_RSA=no 6180 esac 6181 6182 if test -e $srcdir/IPP/$ipplib/libippcore.a && test -e $srcdir/IPP/$ipplib/libippcp.a 6183 then 6184 : 6185 else 6186 ENABLED_FAST_RSA=no 6187 fi 6188 AC_CHECK_HEADERS([IPP/include/ipp.h IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no]) 6189 LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD" 6190 if test "$ENABLED_FAST_RSA" = "no"; then 6191 AC_MSG_ERROR([Could not find fast rsa libraries]) 6192 fi 6193else 6194 6195# Check for and use bundled IPP libraries 6196if test "$ENABLED_FAST_RSA" = "yes"; then 6197 AC_MSG_NOTICE([Using local IPP crypto library]) 6198 6199 AC_CHECK_HEADER([$abs_path/IPP/include/ippcp.h], 6200 [ 6201 # build and default locations on linux and mac 6202 STORE_LDFLAGS=${LDFLAGS} 6203 STORE_CPPFLAGS=${CPPFLAGS} 6204 6205 # using LDFLAGS instead of AM_ temporarily to test link to library 6206 LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore" 6207 CPPFLAGS="-I$ippdir/include" 6208 AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no]) 6209 name="$ippdir/$ipplib/libippcp" 6210 case $host_os in 6211 *darwin*) 6212 # check file existence and conditionally set variables 6213 if test -e $abs_path/IPP/$ipplib/libippcp.dylib 6214 then 6215 IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib" 6216 IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib" 6217 else 6218 fastRSA_found=no 6219 fi 6220 break;; 6221 6222 *linux*) 6223 # check file existence and conditionally set variables 6224 if test -e $abs_path/IPP/$ipplib/libippcp.so.9.0 6225 then 6226 if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then 6227 IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0" 6228 IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" 6229 else 6230 IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0" 6231 IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0" 6232 fi 6233 else 6234 fastRSA_found=no 6235 fi 6236 break;; 6237 *) 6238 fastRSA_found=no 6239 esac 6240 6241 if test "$fastRSA_found" = "yes"; then 6242 # was succesfull so add tested LDFLAGS to AM_ flags 6243 AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}" 6244 AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}" 6245 IPPHEADERS="${srcdir}/IPP/include/*.h" 6246 fi 6247 6248 # restore LDFLAGS to user set 6249 LDFLAGS=${STORE_LDFLAGS} 6250 CPPFLAGS=${STORE_CPPFLAGS} 6251 ], [fastRSA_found=no]) 6252fi 6253 6254# Don't cache the result so it can be checked 6255AS_UNSET([ac_cv_header_ippcp_h]) 6256AS_UNSET([ac_cv_header_ipp_h]) 6257AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]); 6258 6259# Check link and see if user has pre-existing IPP Libraries if not using local 6260if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then 6261 AC_MSG_NOTICE([Checking if IPP crypto library installed]) 6262 AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], 6263 [ 6264 fastRSA_found=yes 6265 AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp" 6266 ], [ fastRSA_found=no]) 6267 ], [fastRSA_found=no]) 6268 6269 # Error out on not finding libraries 6270 if test "$fastRSA_found" = "no"; then 6271 AC_MSG_ERROR([Could not find fast rsa libraries]) 6272 fi 6273fi 6274fi # end of if for shared library 6275else # if user rsa is set than do not use fast rsa option 6276 if test "$ENABLED_FAST_RSA" = "yes"; then 6277 AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips]) 6278 fi 6279fi # end of if for user rsa crypto or fips 6280 6281# End result of checking for IPP Libraries 6282AC_MSG_CHECKING([for fast RSA]) 6283if test "$ENABLED_FAST_RSA" = "yes"; then 6284 AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA" 6285 # add in user crypto header that uses Intel IPP 6286 AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include" 6287 if test "$enable_shared" = "yes"; then 6288 LIBS="$LIBS -lippcore -lippcp" 6289 LIB_ADD="-lippcp -lippcore $LIB_ADD" 6290 else 6291 LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD" 6292 fi 6293 AC_MSG_RESULT([yes]) 6294else 6295 AC_MSG_RESULT([no]) 6296fi 6297 6298AC_SUBST([IPPLIBS]) 6299AC_SUBST([IPPHEADERS]) 6300AC_SUBST([IPPLINK]) 6301 6302 6303# static memory use 6304AC_ARG_ENABLE([staticmemory], 6305 [AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])], 6306 [ ENABLED_STATICMEMORY=$enableval ], 6307 [ ENABLED_STATICMEMORY=no ] 6308 ) 6309 6310if test "x$ENABLED_STATICMEMORY" = "xyes" 6311then 6312 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY" 6313 if test "x$ENABLED_FASTMATH" = "xno" 6314 then 6315 AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.]) 6316 fi 6317 if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no" 6318 then 6319 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_SMALL" 6320 fi 6321fi 6322 6323 6324# microchip api 6325AC_ARG_ENABLE([mcapi], 6326 [AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])], 6327 [ ENABLED_MCAPI=$enableval ], 6328 [ ENABLED_MCAPI=no ] 6329 ) 6330 6331if test "$ENABLED_MCAPI" = "yes" 6332then 6333 AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI" 6334 if test "x$ENABLED_AESCTR" != "xyes" 6335 then 6336 # These flags are already implied by --enable-aesctr 6337 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT" 6338 fi 6339 if test "x$ENABLED_AESGCM" != "xyes" && test "x$ENABLED_AESGCM" != "xno" 6340 then 6341 # Use the smaller object size implementation 6342 ENABLED_AESGCM=yes 6343 fi 6344fi 6345 6346if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no" 6347then 6348 AC_MSG_ERROR([please enable sha512 if enabling mcapi.]) 6349fi 6350 6351if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no" 6352then 6353 AC_MSG_ERROR([please enable ecc if enabling mcapi.]) 6354fi 6355 6356if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no" 6357then 6358 AC_MSG_ERROR([please use --with-libz if enabling mcapi.]) 6359fi 6360 6361 6362# Asynchronous Crypto 6363AC_ARG_ENABLE([asynccrypt], 6364 [AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])], 6365 [ ENABLED_ASYNCCRYPT=$enableval ], 6366 [ ENABLED_ASYNCCRYPT=no ] 6367 ) 6368 6369if test "$ENABLED_ASYNCCRYPT" = "yes" 6370then 6371 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT -DWOLFSSL_NO_HASH_RAW" 6372 6373 # if no async hardware then use simulator for testing 6374 if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno" 6375 then 6376 # Async threading is Linux specific 6377 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST" 6378 fi 6379fi 6380 6381 6382# check for async if using Intel QuckAssist or Cavium 6383if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then 6384 if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then 6385 AC_MSG_ERROR([Please enable asynchronous support using --enable-asynccrypt]) 6386 fi 6387fi 6388 6389 6390# Asynchronous threading 6391AC_ARG_ENABLE([asyncthreads], 6392 [AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])], 6393 [ ENABLED_ASYNCTHREADS=$enableval ], 6394 [ ENABLED_ASYNCTHREADS=yes ] 6395 ) 6396 6397if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes" 6398then 6399 AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no]) 6400else 6401 ENABLED_ASYNCTHREADS=no 6402fi 6403 6404if test "$ENABLED_ASYNCTHREADS" = "yes" 6405then 6406 LIB_ADD="-lpthread $LIB_ADD" 6407 AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE" 6408else 6409 AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING" 6410fi 6411 6412 6413# cryptodev is old name, replaced with cryptocb 6414AC_ARG_ENABLE([cryptodev], 6415 [AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])], 6416 [ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ]) 6417 6418# Support for crypto callbacks 6419AC_ARG_ENABLE([cryptocb], 6420 [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])], 6421 [ ENABLED_CRYPTOCB=$enableval ], 6422 [ ENABLED_CRYPTOCB=no ] 6423 ) 6424 6425if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" = "qnx" 6426then 6427 ENABLED_CRYPTOCB=yes 6428fi 6429if test "$ENABLED_CRYPTOCB" = "yes" 6430then 6431 AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB" 6432fi 6433 6434 6435# Session Export 6436AC_ARG_ENABLE([sessionexport], 6437 [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], 6438 [ ENABLED_SESSIONEXPORT=$enableval ], 6439 [ ENABLED_SESSIONEXPORT=no ] 6440 ) 6441 6442if test "$ENABLED_SESSIONEXPORT" = "yes" || 6443 test "$ENABLED_SESSIONEXPORT" = "nopeer" 6444then 6445 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT" 6446 6447 if test "$ENABLED_SESSIONEXPORT" = "nopeer" 6448 then 6449 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT_NOPEER" 6450 fi 6451fi 6452 6453 6454# AES key wrap 6455AC_ARG_ENABLE([aeskeywrap], 6456 [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])], 6457 [ ENABLED_AESKEYWRAP=$enableval ], 6458 [ ENABLED_AESKEYWRAP=no ] 6459 ) 6460 6461if test "$ENABLED_WPAS" != "no" && test "$ENABLED_FIPS" = "no" 6462then 6463 ENABLED_AESKEYWRAP="yes" 6464fi 6465 6466if test "$ENABLED_AESKEYWRAP" = "yes" 6467then 6468 AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT" 6469fi 6470 6471 6472# Old name support for backwards compatibility 6473AC_ARG_ENABLE([oldnames], 6474 [AS_HELP_STRING([--enable-oldnames],[Keep backwards compat with old names (default: enabled)])], 6475 [ ENABLED_OLDNAMES=$enableval ], 6476 [ ENABLED_OLDNAMES=yes ] 6477 ) 6478 6479if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 6480then 6481 AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES" 6482 AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME" 6483fi 6484 6485 6486# Memory Tests 6487AC_ARG_ENABLE([memtest], 6488 [AS_HELP_STRING([--enable-memtest],[Memory testing option, for internal use (default: disabled)])], 6489 [ ENABLED_MEMTEST=$enableval ], 6490 [ ENABLED_MEMTEST=no ] 6491 ) 6492 6493if test "x$ENABLED_MEMTEST" != "xno" 6494then 6495 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY" 6496fi 6497 6498if test "x$ENABLED_MEMTEST" = "xfail" 6499then 6500 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FORCE_MALLOC_FAIL_TEST" 6501fi 6502 6503# Enable hash flags support 6504# Hash flags are useful for runtime options such as SHA3 KECCAK256 selection 6505AC_ARG_ENABLE([hashflags], 6506 [AS_HELP_STRING([--enable-hashflags],[Enable support for hash flags (default: disabled)])], 6507 [ ENABLED_HASHFLAGS=$enableval ], 6508 [ ENABLED_HASHFLAGS=no ] 6509 ) 6510 6511if test "x$ENABLED_HASHFLAGS" != "xno" 6512then 6513 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HASH_FLAGS" 6514fi 6515 6516# Support for enabling setting default DH parameters in 6517AC_ARG_ENABLE([defaultdhparams], 6518 [AS_HELP_STRING([--enable-dhdefaultparams],[Enables option for default dh parameters (default: disabled)])], 6519 [ ENABLED_DHDEFAULTPARAMS=$enableval ], 6520 [ ENABLED_DHDEFAULTPARAMS=no ] 6521 ) 6522if test "$ENABLED_DHDEFAULTPARAMS" = "yes" || test "$ENABLED_QT" = "no" 6523then 6524 ENABLED_DHDEFAULTPARAMS=yes 6525 AM_CFLAGS="$AM_CFLAGS -DHAVE_DH_DEFAULT_PARAMS" 6526fi 6527 6528 6529AC_ARG_WITH([max-rsa-bits], 6530 [AS_HELP_STRING([--with-max-rsa-bits=number],[number of bits to support for RSA, DH, and DSA keys])], 6531 [WITH_MAX_CLASSIC_ASYM_KEY_BITS=$withval], 6532 [WITH_MAX_CLASSIC_ASYM_KEY_BITS="$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"]) 6533 6534if test -n "$WITH_MAX_CLASSIC_ASYM_KEY_BITS"; then 6535 if test "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -lt 1024 -o "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -gt 16384; then 6536 AC_MSG_ERROR([--with-max-rsa-bits argument must be between 1024 and 16384 inclusive]) 6537 fi 6538 if test "$ENABLED_FIPS" = "no" 6539 then 6540 AM_CFLAGS="$AM_CFLAGS -DRSA_MAX_SIZE=$WITH_MAX_CLASSIC_ASYM_KEY_BITS" 6541 fi 6542 MPI_MAX_KEY_BITS=$WITH_MAX_CLASSIC_ASYM_KEY_BITS 6543fi 6544 6545AC_ARG_WITH([max-ecc-bits], 6546 [AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])], 6547 [WITH_MAX_ECC_BITS=$withval], 6548 [WITH_MAX_ECC_BITS="$DEFAULT_MAX_ECC_BITS"]) 6549 6550if test -n "$WITH_MAX_ECC_BITS"; then 6551 if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then 6552 AC_MSG_ERROR([--with-max-ecc-bits argument must be between 112 and 1024 inclusive]) 6553 fi 6554 AM_CFLAGS="$AM_CFLAGS -DMAX_ECC_BITS=$WITH_MAX_ECC_BITS" 6555fi 6556 6557if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then 6558 if test -n "$MAX_MPI_KEY_BITS" -a -n "$WITH_MAX_ECC_BITS"; then 6559 if test -n "$MAX_MPI_KEY_BITS" -lt "$WITH_MAX_ECC_BITS"; then 6560 MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS" 6561 fi 6562 elif test -n "$WITH_MAX_ECC_BITS"; then 6563 MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS" 6564 fi 6565 if test "$MPI_MAX_KEY_BITS" -gt 1024; then 6566 AM_CFLAGS="$AM_CFLAGS -DFP_MAX_BITS=$((MPI_MAX_KEY_BITS * 2)) -DSP_INT_BITS=$MPI_MAX_KEY_BITS" 6567 fi 6568fi 6569 6570 6571AC_ARG_ENABLE([context-extra-user-data], 6572 [AS_HELP_STRING([--enable-context-extra-user-data],[Enables option for storing user-defined data in TLS API contexts, with optional argument the number of slots to allocate (default: disabled)])], 6573 [ ENABLED_EX_DATA=$enableval ], 6574 [ ENABLED_EX_DATA=no ] 6575 ) 6576case "$ENABLED_EX_DATA" in 6577no) ;; 6578yes) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" 6579 ;; 6580[[1-9]]|[[1-9]][[0-9]]) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DMAX_EX_DATA=$ENABLED_EX_DATA" 6581 ;; 6582*) AC_MSG_ERROR([Invalid argument to --enable-context-extra-user-data -- must be yes, no, or a number from 1 to 99]) 6583 ;; 6584esac 6585 6586# IoT-Safe support 6587AC_ARG_ENABLE([iotsafe], 6588 [AS_HELP_STRING([--enable-iotsafe],[Enables support for IoT-Safe secure applet (default: disabled)])], 6589 [ ENABLED_IOTSAFE=$enableval ], 6590 [ ENABLED_IOTSAFE=no ] 6591 ) 6592 6593AC_ARG_ENABLE([iotsafe-hwrng], 6594 [AS_HELP_STRING([--enable-iotsafe-hwrng],[Enables support for IoT-Safe RNG (default: disabled)])], 6595 [ ENABLED_IOTSAFE_HWRNG=$enableval ], 6596 [ ENABLED_IOTSAFE_HWRNG=no ] 6597 ) 6598 6599# User Settings 6600AC_ARG_ENABLE([usersettings], 6601 [AS_HELP_STRING([--enable-usersettings],[Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)])], 6602 [ ENABLED_USERSETTINGS=$enableval ], 6603 [ ENABLED_USERSETTINGS=no ] 6604 ) 6605 6606 6607# Default optimization CFLAGS enable 6608AC_ARG_ENABLE([optflags], 6609 [AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])], 6610 [ ENABLED_OPTFLAGS=$enableval ], 6611 [ ENABLED_OPTFLAGS=yes ] 6612 ) 6613 6614 6615# check if should run the trusted peer certs test 6616# (for now checking both C_FLAGS and C_EXTRA_FLAGS) 6617AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes]) 6618 6619 6620# dertermine if we have key validation mechanism 6621if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes" 6622then 6623 if test "x$ENABLED_ASN" = "xyes" 6624 then 6625 ENABLED_PKI="yes" 6626 fi 6627fi 6628 6629 6630# When building for wolfRand, strip out all options to disable everything. 6631AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" = "xrand"], 6632[NEW_AM_CFLAGS="-DNO_AES -DNO_DH -DNO_ASN -DNO_RSA -DNO_SHA -DNO_MD5 -DNO_BIG_INT" 6633for v in $AM_CFLAGS 6634do 6635 case $v in 6636-DHAVE_FFDHE_2048 | -DTFM_TIMING_RESISTANT | -DECC_TIMING_RESISTANT | \ 6637-DWC_RSA_BLINDING | -DHAVE_AESGCM | -DWOLFSSL_SHA512 | -DWOLFSSL_SHA384 | \ 6638-DHAVE_ECC | -DTFM_ECC256 | -DECC_SHAMIR | -DHAVE_TLS_EXTENSIONS | \ 6639-DHAVE_SUPPORTED_CURVES | -DHAVE_EXTENDED_MASTER | -DUSE_FAST_MATH) 6640 AS_ECHO(["ignoring $v"]) 6641 ;; 6642 *) 6643 NEW_AM_CFLAGS="$NEW_AM_CFLAGS $v" 6644 ;; 6645 esac 6646done 6647AM_CFLAGS=$NEW_AM_CFLAGS]) 6648 6649case $host_cpu in 6650 *arm*) 6651 if test $host_alias = "thumb"; then 6652 AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6" 6653 else 6654 if test $host_alias = "cortex"; then 6655 AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5" 6656 fi 6657 fi 6658 ;; 6659esac 6660 6661################################################################################ 6662# Update ENABLE_* variables # 6663################################################################################ 6664 6665if test "x$ENABLED_WOLFCLU" = "xyes" 6666then 6667 if test "x$ENABLED_CERTGEN" = "xno" 6668 then 6669 ENABLED_CERTGEN="yes" 6670 fi 6671 if test "x$ENABLED_CERTREQ" = "xno" 6672 then 6673 ENABLED_CERTREQ="yes" 6674 fi 6675 if test "x$ENABLED_CERTEXT" = "xno" 6676 then 6677 ENABLED_CERTEXT="yes" 6678 fi 6679 6680 # Requires md5 6681 if test "$ENABLED_MD5" = "no" 6682 then 6683 ENABLED_MD5="yes" 6684 fi 6685 6686 # Requires aesctr 6687 if test "x$ENABLED_AESCTR" = "xno" 6688 then 6689 ENABLED_AESCTR="yes" 6690 fi 6691 6692 # Uses key generation 6693 if test "x$ENABLED_KEYGEN" = "xno" 6694 then 6695 ENABLED_KEYGEN="yes" 6696 fi 6697 6698 # Uses functions guarded by opensslall 6699 if test "$ENABLED_OPENSSLALL" = "no" 6700 then 6701 ENABLED_OPENSSLALL="yes" 6702 fi 6703 6704 # Has option for signing with ED25519 6705 if test "$ENABLED_ED25519" = "no" 6706 then 6707 ENABLED_ED25519=yes 6708 ENABLED_FEMATH=yes 6709 ENABLED_GEMATH=yes 6710 ENABLED_CERTS=yes 6711 fi 6712 6713 # Has sha512 hashing 6714 if test "$ENABLED_SHA512" = "no" 6715 then 6716 ENABLED_SHA512="yes" 6717 fi 6718 6719 # Has support for DES3 encrypt/decrypt 6720 if test "$ENABLED_DES3" = "no" 6721 then 6722 ENABLED_DES3="yes" 6723 fi 6724 6725 # Uses alt name 6726 ENABLED_ALTNAMES="yes" 6727fi 6728 6729AS_IF([test "x$ENABLED_MCAPI" = "xyes"], 6730 [AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])]) 6731 6732if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \ 6733 test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || \ 6734 test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || \ 6735 test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \ 6736 test "$ENABLED_LIBWEBSOCKETS" = "yes" || \ 6737 test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \ 6738 test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" 6739then 6740 ENABLED_OPENSSLEXTRA="yes" 6741fi 6742 6743if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no" 6744then 6745 if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" 6746 then 6747 ENABLED_ED25519_SMALL=yes 6748 ENABLED_CURVE25519_SMALL=yes 6749 ENABLED_ED25519=yes 6750 fi 6751 6752 ENABLED_FEMATH=yes 6753 ENABLED_GEMATH=yes 6754 ENABLED_CERTS=yes 6755fi 6756 6757if test "$ENABLED_MD5" = "yes" 6758then 6759 # turn off MD5 if leanpsk or leantls on 6760 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 6761 then 6762 ENABLED_MD5=no 6763 fi 6764fi 6765 6766################################################################################ 6767# Check for build-type conflicts # 6768################################################################################ 6769 6770AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ 6771 test "x$ENABLED_LEANPSK" = "xyes"], 6772 [AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])]) 6773 6774AS_IF([test "x$ENABLED_OCSP" = "xyes" && \ 6775 test "x$ENABLED_ASN" = "xno"], 6776 [AC_MSG_ERROR([please enable asn if enabling ocsp.])]) 6777 6778AS_IF([test "x$ENABLED_SMIME" = "xyes" && \ 6779 test "x$ENABLED_ASN" = "xno"], 6780 [AC_MSG_ERROR([please enable asn if enabling S/MIME.])]) 6781 6782AS_IF([test "x$ENABLED_OCSP" = "xyes" && \ 6783 test "x$ENABLED_RSA" = "xno" && \ 6784 test "x$ENABLED_ECC" = "xno"], 6785 [AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])]) 6786 6787# Sync Intel QA and Sync Cavium Octeon require the crypto callback 6788AS_IF([test "x$ENABLED_INTEL_QA_SYNC" = "xyes" || test "x$ENABLED_OCTEON_SYNC" = "xyes"], 6789 [AS_IF([test "x$ENABLED_CRYPTOCB" = "xno"], 6790 [AC_MSG_ERROR([please enable the crypto callback support using --enable-cryptocb])])]) 6791 6792# checks for pkcs7 needed enables 6793AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ 6794 test "x$ENABLED_RSA" = "xno" && \ 6795 test "x$ENABLED_ECC" = "xno"], 6796 [AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])]) 6797 6798AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ 6799 test "x$ENABLED_SHA" = "xno"], 6800 [AC_MSG_ERROR([please enable sha if enabling pkcs7.])]) 6801 6802AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \ 6803 test "x$ENABLED_AES" = "xno" && \ 6804 test "x$ENABLED_DES3" = "xno"], 6805 [AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])]) 6806 6807AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \ 6808 test "x$ENABLED_AES" = "xno" && \ 6809 test "x$ENABLED_DES3" = "xno"], 6810 [AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])]) 6811 6812AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \ 6813 test "x$ENABLED_ECC" = "xno"], 6814 [AC_MSG_ERROR([please enable ecc if enabling leantls.])]) 6815 6816AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \ 6817 test "x$ENABLED_RSA" = "xno" && \ 6818 test "x$ENABLED_ECC" = "xno" && \ 6819 test "x$ENABLED_CURVE25519" = "xno"], 6820 [AC_MSG_ERROR([please enable ecc, rsa or curve25519 if enabling sniffer.])]) 6821 6822# Lean TLS forces off prereqs of SCEP. 6823AS_IF([test "x$ENABLED_SCEP" = "xyes" && \ 6824 test "x$ENABLED_LEANTLS" = "xyes"], 6825 [AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])]) 6826 6827# CMAC currently requires AES. 6828AS_IF([test "x$ENABLED_CMAC" = "xyes" && \ 6829 test "x$ENABLED_AES" = "xno"], 6830 [AC_MSG_ERROR([cannot use CMAC without AES.])]) 6831 6832# certreq requires certgen 6833AS_IF([test "x$ENABLED_CERT_REQ" = "xyes" && \ 6834 test "x$ENABLED_CERT_GEN" = "xno"], 6835 [AC_MSG_ERROR([cannot use certreq without certgen.])]) 6836 6837# ed25519 requires sha512 6838AS_IF([test "x$ENABLED_ED25519" = "xyes" && \ 6839 test "x$ENABLED_SHA512" = "xno" && \ 6840 test "x$ENABLED_32BIT" = "xno"], 6841 [AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])]) 6842 6843# ed25519 stream requires ed25519 6844AS_IF([test "x$ENABLED_ED25519_STREAM" = "xyes" && \ 6845 test "x$ENABLED_ED25519" = "xno"], 6846 [AC_MSG_ERROR([ED25519 verify streaming enabled but ED25519 is disabled])]) 6847 6848################################################################################ 6849# Update CFLAGS based on options # 6850################################################################################ 6851 6852AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"], 6853 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES"]) 6854 6855AS_IF([test "x$ENABLED_KEYGEN" = "xyes"], 6856 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"]) 6857 6858AS_IF([test "x$ENABLED_CERTREQ" = "xyes"], 6859 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"]) 6860 6861AS_IF([test "x$ENABLED_CERTGEN" = "xyes"], 6862 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"]) 6863 6864AS_IF([test "x$ENABLED_CERTEXT" = "xyes"], 6865 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"]) 6866 6867AS_IF([test "x$ENABLED_ED25519" = "xyes" && test "x$ENABLED_32BIT" = "xno"], 6868 [AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"]) 6869 6870AS_IF([test "x$ENABLED_ED25519_SMALL" = "xyes"], 6871 [AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"]) 6872 6873if test "$ENABLED_ED25519_STREAM" != "no" 6874then 6875 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY" 6876 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY" 6877fi 6878 6879if test "$ENABLED_ERROR_QUEUE" = "no" || test "$ENABLED_JNI" = "yes" 6880then 6881 AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_QUEUE" 6882fi 6883 6884AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"], 6885 [AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"]) 6886 6887AS_IF([test "x$ENABLED_AESCTR" = "xyes" && test "x$ENABLED_FORTRESS" != "xyes"], 6888 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"]) 6889 6890if test "$ENABLED_MD5" = "no" 6891then 6892 AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS" 6893fi 6894 6895if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" 6896then 6897 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB" 6898 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS" 6899 AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET" 6900 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AKID_NAME -DHAVE_CTS" 6901fi 6902 6903if test "$ENABLED_OPENSSLEXTRA" = "x509small" 6904then 6905 AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra]) 6906 AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL" 6907 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB" 6908 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OPENSSL_RAND_CB" 6909fi 6910 6911if test "$ENABLED_WOLFSCEP" = "yes" 6912then 6913 # Enable prereqs if not already enabled 6914 if test "x$ENABLED_KEYGEN" = "xno" 6915 then 6916 ENABLED_KEYGEN="yes" 6917 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" 6918 fi 6919 if test "x$ENABLED_CERTGEN" = "xno" 6920 then 6921 ENABLED_CERTGEN="yes" 6922 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" 6923 fi 6924 if test "x$ENABLED_CERTREQ" = "xno" 6925 then 6926 ENABLED_CERTREQ="yes" 6927 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ" 6928 fi 6929 if test "x$ENABLED_CERTEXT" = "xno" 6930 then 6931 ENABLED_CERTEXT="yes" 6932 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" 6933 fi 6934 if test "x$ENABLED_PKCS7" = "xno" 6935 then 6936 ENABLED_PKCS7="yes" 6937 fi 6938 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP" 6939fi 6940 6941if test "x$ENABLED_PKCS7" = "xyes" 6942then 6943 AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7" 6944 # Enable prereqs if not already enabled 6945 if test "x$ENABLED_AESKEYWRAP" = "xno" 6946 then 6947 ENABLED_AESKEYWRAP="yes" 6948 AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT" 6949 fi 6950 if test "x$ENABLED_X963KDF" = "xno" && test "$ENABLED_ECC" != "no" 6951 then 6952 ENABLED_X963KDF="yes" 6953 AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF" 6954 fi 6955fi 6956 6957if test "x$ENABLED_DES3" = "xno" 6958then 6959 AM_CFLAGS="$AM_CFLAGS -DNO_DES3" 6960else 6961 # turn off DES3 if leanpsk or leantls on 6962 if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" 6963 then 6964 AM_CFLAGS="$AM_CFLAGS -DNO_DES3" 6965 ENABLED_DES3=no 6966 fi 6967fi 6968 6969if test "$ENABLED_AESGCM" != "no" 6970then 6971 if test "$ENABLED_AESGCM" = "word" 6972 then 6973 ENABLED_AESGCM=yes 6974 fi 6975 6976 if test "$ENABLED_AESGCM" = "word32" 6977 then 6978 AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32" 6979 ENABLED_AESGCM=yes 6980 fi 6981 6982 if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" 6983 then 6984 AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL" 6985 ENABLED_AESGCM=yes 6986 fi 6987 6988 if test "$ENABLED_AESGCM" = "table" 6989 then 6990 AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE" 6991 ENABLED_AESGCM=yes 6992 fi 6993 6994 if test "$ENABLED_AESGCM" = "4bit" 6995 then 6996 AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE_4BIT" 6997 ENABLED_AESGCM=yes 6998 fi 6999 7000 AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM" 7001fi 7002if test "$ENABLED_AESGCM_STREAM" != "no" 7003then 7004 if test "$ENABLED_AESGCM" = "no" 7005 then 7006 AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled]) 7007 else 7008 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM" 7009 AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM" 7010 fi 7011fi 7012 7013if test "$ENABLED_IOTSAFE" != "no" 7014then 7015 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IOTSAFE" 7016 ENABLED_IOTSAFE=yes 7017fi 7018 7019if test "$ENABLED_IOTSAFE_HWRNG" != "no" 7020then 7021 AM_CFLAGS="$AM_CFLAGS -DHAVE_IOTSAFE_HWRNG" 7022 ENABLED_IOTSAFE_HWRNG=yes 7023fi 7024 7025 7026AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"], 7027 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"]) 7028 7029AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ 7030 test "x$ENABLED_OLD_TLS" = "xyes"], 7031 [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS" 7032 ENABLED_OLD_TLS=no]) 7033 7034AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ 7035 test "x$ENABLED_SSLV3" = "xyes"], 7036 [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])]) 7037 7038AS_IF([test "x$ENABLED_SCTP" = "xyes"], 7039 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SCTP"]) 7040 7041AS_IF([test "x$ENABLED_MCAST" = "xyes"], 7042 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTICAST"]) 7043 7044# WOLFSSL_AFALG does not support SHA224 yet 7045AS_IF([(test "x$ENABLED_AFALG" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")], 7046 [AC_MSG_ERROR([--enable-sha224 with --enable-afalg not yet supported])]) 7047 7048# WOLFSSL_DEVCRYPTO does not support SHA224 yet 7049AS_IF([(test "x$ENABLED_DEVCRYPTO" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")], 7050 [AC_MSG_ERROR([--enable-sha224 with --enable-devcrypto not yet supported])]) 7051 7052# SCTP and Multicast require DTLS 7053AS_IF([(test "x$ENABLED_DTLS" = "xno") && \ 7054 (test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")], 7055 [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS" 7056 ENABLED_DTLS=yes]) 7057 7058# Multicast requires the null cipher 7059AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \ 7060 test "x$ENABLED_MCAST" = "xyes"], 7061 [AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER" 7062 ENABLED_NULL_CIPHER=yes]) 7063 7064# wolfSSH and WPA Supplicant both need Public MP, only enable once. 7065# This will let you know if you enabled wolfSSH but have any of the prereqs 7066# disabled. Some of these options, disabling them adds things to the FLAGS and 7067# you need to check and add items in two places depending on the option. 7068AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"])]) 7069 7070if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then 7071 if test "x$ENABLED_OPENSSLALL" = "xyes"; then 7072 AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall]) 7073 fi 7074 if test "x$ENABLED_OPENSSLEXTRA" = "xyes"; then 7075 AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra]) 7076 fi 7077fi 7078 7079AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_WOLFSSH"]) 7080 7081if test "x$ENABLED_CERTS" = "xno" || test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_ASN" = "xno"; then 7082 AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS" 7083fi 7084 7085 7086# Depricated Algorithm Handling 7087if test "$ENABLED_ARC4" = "yes" 7088then 7089 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_RC4" 7090fi 7091 7092 7093################################################################################ 7094 7095# USER SETTINGS 7096if test "x$ENABLED_USERSETTINGS" = "xyes" 7097then 7098 # Replace all options and just use WOLFSSL_USER_SETTINGS 7099 AM_CFLAGS="-DWOLFSSL_USER_SETTINGS" 7100fi 7101 7102# OPTIMIZE FLAGS 7103# For distro disable custom build options that interfere with symbol generation 7104if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no" 7105then 7106 AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused" 7107 if test "$ax_enable_debug" = "no" 7108 then 7109 AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [ 7110 if test "$ENABLED_FASTMATH" = "yes" 7111 then 7112 AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS" 7113 if test "$ENABLED_FASTHUGEMATH" = "yes" 7114 then 7115 AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS" 7116 fi 7117 else 7118 if test "$ENABLED_SP" = "yes" && test "$ENABLED_SP_SMALL" = "no" 7119 then 7120 AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS" 7121 if test "$ENABLED_FASTHUGEMATH" = "yes" 7122 then 7123 AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS" 7124 AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA" 7125 fi 7126 else 7127 AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS" 7128 fi 7129 fi 7130 ]) 7131 fi 7132fi 7133 7134# ICC command line warning for non supported warning flags 7135if test "$CC" = "icc" 7136then 7137 AM_CFLAGS="$AM_CFLAGS -wd10006" 7138fi 7139 7140# Expose HAVE___UINT128_T to options flags" 7141if test "$ac_cv_type___uint128_t" = "yes" 7142then 7143 AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1" 7144fi 7145 7146 7147LIB_SOCKET_NSL 7148AX_HARDEN_CC_COMPILER_FLAGS 7149 7150# if mingw then link to ws2_32 for sockets 7151case $host_os in 7152 mingw*) 7153 LDFLAGS="$LDFLAGS -lws2_32" 7154 if test "$enable_shared" = "yes" 7155 then 7156 AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library]) 7157 if test "$enable_static" = "yes" 7158 then 7159 MINGW_LIB_WARNING="yes" 7160 fi 7161 fi ;; 7162esac 7163 7164if test "x$ENABLED_LINUXKM" = "xyes"; then 7165 AX_SIMD_CC_COMPILER_FLAGS 7166 AC_SUBST([CFLAGS_FPU_DISABLE]) 7167 AC_SUBST([CFLAGS_FPU_ENABLE]) 7168 AC_SUBST([CFLAGS_SIMD_DISABLE]) 7169 AC_SUBST([CFLAGS_SIMD_ENABLE]) 7170 AC_SUBST([CFLAGS_AUTO_VECTORIZE_DISABLE]) 7171 AC_SUBST([CFLAGS_AUTO_VECTORIZE_ENABLE]) 7172 AC_SUBST([ASFLAGS_FPU_DISABLE_SIMD_ENABLE]) 7173 AC_SUBST([ASFLAGS_FPU_ENABLE_SIMD_DISABLE]) 7174 AC_SUBST([ASFLAGS_FPUSIMD_DISABLE]) 7175 AC_SUBST([ASFLAGS_FPUSIMD_ENABLE]) 7176 7177 if test "$ENABLED_OPENSSLEXTRA" != "no"; then 7178 AC_MSG_ERROR([--enable-opensslextra is incompatible with --enable-linuxkm.]) 7179 fi 7180 if test "$ENABLED_FILESYSTEM" = "yes"; then 7181 AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.]) 7182 fi 7183 if test "$ENABLED_AFALG" = "yes"; then 7184 AC_MSG_ERROR([--enable-afalg is incompatible with --enable-linuxkm.]) 7185 fi 7186 if test "$ENABLED_DEVCRYPTO" = "yes"; then 7187 AC_MSG_ERROR([--enable-devcrypto is incompatible with --enable-linuxkm.]) 7188 fi 7189 if test "$ENABLED_PKCS11" = "yes"; then 7190 AC_MSG_ERROR([--enable-pkcs11 is incompatible with --enable-linuxkm.]) 7191 fi 7192 if test "$ENABLED_JNI" = "yes"; then 7193 AC_MSG_ERROR([--enable-jni is incompatible with --enable-linuxkm.]) 7194 fi 7195 if test "$ENABLED_16BIT" = "yes"; then 7196 AC_MSG_ERROR([--enable-16bit is incompatible with --enable-linuxkm.]) 7197 fi 7198 if test "$ENABLED_SINGLETHREADED" = "yes"; then 7199 AC_MSG_ERROR([--enable-singlethreaded is incompatible with --enable-linuxkm.]) 7200 fi 7201 if test "$ENABLED_VALGRIND" = "yes"; then 7202 AC_MSG_ERROR([--enable-valgrind is incompatible with --enable-linuxkm.]) 7203 fi 7204 if test "$ENABLED_FASTMATH" = "yes"; then 7205 AC_MSG_ERROR([--enable-fastmath is incompatible with --enable-linuxkm (exceeds stack limit).]) 7206 fi 7207 if test "$ENABLED_FAST_RSA" = "yes"; then 7208 AC_MSG_ERROR([--enable-fastrsa is incompatible with --enable-linuxkm.]) 7209 fi 7210 if test "$ENABLED_LIBZ_RSA" = "yes"; then 7211 AC_MSG_ERROR([--with-libz is incompatible with --enable-linuxkm.]) 7212 fi 7213 if test "$ENABLED_IOPOOL" = "yes"; then 7214 AC_MSG_ERROR([--enable-iopool is incompatible with --enable-linuxkm.]) 7215 fi 7216 if test "$ENABLED_EXAMPLES" = "yes"; then 7217 AC_MSG_ERROR([--enable-examples is incompatible with --enable-linuxkm.]) 7218 fi 7219 if test "$ENABLED_SMALL_STACK" != "yes"; then 7220 AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.]) 7221 fi 7222 if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no"; then 7223 AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.]) 7224 fi 7225 if test "$ENABLED_STACKSIZE" != "no"; then 7226 AC_MSG_ERROR([--enable-stacksize is incompatible with --enable-linuxkm.]) 7227 fi 7228 if test "$ENABLED_STACKLOG" = "yes"; then 7229 AC_MSG_ERROR([--enable-stacklog is incompatible with --enable-linuxkm.]) 7230 fi 7231 if test "$ENABLED_COMPKEY" = "yes"; then 7232 AC_MSG_ERROR([--enable-compkey is incompatible with --enable-linuxkm.]) 7233 fi 7234fi 7235 7236# The following AM_CONDITIONAL statements set flags for use in the Makefiles. 7237# Some of these affect build targets and objects, some trigger different 7238# test scripts for make check. 7239AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"]) 7240AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"]) 7241AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7242AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7243AM_CONDITIONAL([BUILD_SCTP],[test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7244AM_CONDITIONAL([BUILD_MCAST],[test "x$ENABLED_MCAST" = "xyes"]) 7245AM_CONDITIONAL([BUILD_IPV6],[test "x$ENABLED_IPV6" = "xyes"]) 7246AM_CONDITIONAL([BUILD_LEANPSK],[test "x$ENABLED_LEANPSK" = "xyes"]) 7247AM_CONDITIONAL([BUILD_LEANTLS],[test "x$ENABLED_LEANTLS" = "xyes"]) 7248AM_CONDITIONAL([BUILD_LOWMEM],[test "x$ENABLED_LOWRESOURCE" = "xyes"]) 7249AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes"]) 7250AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB],[test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"]) 7251AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7252AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes"]) 7253AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7254AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7255AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"]) 7256AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"]) 7257AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"]) 7258AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"]) 7259AM_CONDITIONAL([BUILD_AFALG],[test "x$ENABLED_AFALG" = "xyes"]) 7260AM_CONDITIONAL([BUILD_KCAPI],[test "x$ENABLED_KCAPI" = "xyes"]) 7261AM_CONDITIONAL([BUILD_DEVCRYPTO],[test "x$ENABLED_DEVCRYPTO" = "xyes"]) 7262AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7263AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7264AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7265AM_CONDITIONAL([BUILD_BLAKE2],[test "x$ENABLED_BLAKE2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7266AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7267AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7268AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7269AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7270AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7271AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes"]) 7272AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7273AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7274AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7275AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes"]) 7276AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7277AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"]) 7278AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7279AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7280AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7281AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7282AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7283AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7284AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7285AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7286AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7287AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7288AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7289AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7290AM_CONDITIONAL([BUILD_IDEA],[test "x$ENABLED_IDEA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7291AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7292AM_CONDITIONAL([BUILD_MD5],[test "x$ENABLED_MD5" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7293AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7294AM_CONDITIONAL([BUILD_HC128],[test "x$ENABLED_HC128" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7295AM_CONDITIONAL([BUILD_RABBIT],[test "x$ENABLED_RABBIT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7296AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"]) 7297AM_CONDITIONAL([BUILD_FIPS_V1],[test "$HAVE_FIPS_VERSION" = 1]) 7298AM_CONDITIONAL([BUILD_FIPS_V2],[test "$HAVE_FIPS_VERSION" = 2]) 7299AM_CONDITIONAL([BUILD_FIPS_RAND],[test "x$FIPS_VERSION" = "xrand"]) 7300AM_CONDITIONAL([BUILD_FIPS_V3],[test "$HAVE_FIPS_VERSION" = 3]) 7301AM_CONDITIONAL([BUILD_FIPS_V5],[test "$HAVE_FIPS_VERSION" = 5]) 7302AM_CONDITIONAL([BUILD_FIPS_CURRENT],[test "$HAVE_FIPS_VERSION" -ge 2 ]) 7303AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7304AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"]) 7305AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7306AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7307AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7308AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes" || test "x$ENABLED_CHACHA" = "xnoasm" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7309AM_CONDITIONAL([BUILD_XCHACHA],[test "x$ENABLED_XCHACHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7310AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"]) 7311AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7312AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"]) 7313AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) 7314AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7315AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"]) 7316AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] ) 7317AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"]) 7318AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"]) 7319AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"]) 7320AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7321AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"]) 7322AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7323AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7324AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7325AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes" && test "x$ENABLED_OPENSSLEXTRA" = "xno"]) 7326AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7327AM_CONDITIONAL([BUILD_SLOWMATH],[test "x$ENABLED_SLOWMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7328AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"]) 7329AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"]) 7330AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"]) 7331AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"]) 7332AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"]) 7333AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS_LIBS],[test "x$ENABLED_CRYPT_TESTS_LIBS" = "xyes"]) 7334AM_CONDITIONAL([BUILD_LIBZ],[test "x$ENABLED_LIBZ" = "xyes"]) 7335AM_CONDITIONAL([BUILD_PKCS11],[test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7336AM_CONDITIONAL([BUILD_PKCS12],[test "x$ENABLED_PKCS12" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7337AM_CONDITIONAL([BUILD_PKCS8],[test "x$ENABLED_PKCS8" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7338AM_CONDITIONAL([BUILD_CAVIUM],[test "x$ENABLED_CAVIUM" = "xyes"]) 7339AM_CONDITIONAL([BUILD_CAVIUM_V],[test "x$ENABLED_CAVIUM_V" = "xyes"]) 7340AM_CONDITIONAL([BUILD_OCTEON_SYNC],[test "x$ENABLED_OCTEON_SYNC" = "xyes"]) 7341AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"]) 7342AM_CONDITIONAL([BUILD_INTEL_QA_SYNC],[test "x$ENABLED_INTEL_QA_SYNC" = "xyes"]) 7343AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7344AM_CONDITIONAL([BUILD_SP_C],[((test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \ 7345 || test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \ 7346 || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7347AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7348AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7349AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7350AM_CONDITIONAL([BUILD_SP_ARM_CORTEX],[test "x$ENABLED_SP_ARM_CORTEX_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7351AM_CONDITIONAL([BUILD_SP_X86_64],[test "x$ENABLED_SP_X86_64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7352AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" || test "x$ENABLED_SP_MATH_ALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7353AM_CONDITIONAL([BUILD_FAST_RSA],[test "x$ENABLED_FAST_RSA" = "xyes"]) 7354AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"]) 7355AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"]) 7356AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"]) 7357AM_CONDITIONAL([BUILD_CRYPTOCB],[test "x$ENABLED_CRYPTOCB" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7358AM_CONDITIONAL([BUILD_PSK],[test "x$ENABLED_PSK" = "xyes"]) 7359AM_CONDITIONAL([BUILD_TRUST_PEER_CERT],[test "x$ENABLED_TRUSTED_PEER_CERT" = "xyes"]) 7360AM_CONDITIONAL([BUILD_PKI],[test "x$ENABLED_PKI" = "xyes"]) 7361AM_CONDITIONAL([BUILD_DES3],[test "x$ENABLED_DES3" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7362AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7363AM_CONDITIONAL([BUILD_SMIME],[test "x$ENABLED_SMIME" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) 7364AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"]) 7365AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" = "xyes" || test "x$ENABLED_CAAM" = "xqnx"]) 7366AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"]) 7367AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"]) 7368AM_CONDITIONAL([BUILD_BENCHMARK],[test "$ENABLED_BENCHMARK" = "yes"]) 7369AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"]) 7370AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM" = "xqnx"]) 7371AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"]) 7372AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"]) 7373AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"]) 7374 7375if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" && 7376 (test "$ax_enable_debug" = "yes" || 7377 test "$ENABLED_STACKSIZE" != "no" || 7378 (test "$ENABLED_LEANTLS" = "no" && 7379 test "$ENABLED_LEANPSK" = "no" && 7380 test "$ENABLED_LOWRESOURCE" = "no")) 7381then 7382 AM_CFLAGS="$AM_CFLAGS -DHAVE_WC_INTROSPECTION" 7383fi 7384 7385if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" 7386then 7387 AM_CFLAGS="$AM_CFLAGS -include ${output_objdir}/.build_params" 7388fi 7389 7390 7391CREATE_HEX_VERSION 7392AC_SUBST([AM_CPPFLAGS]) 7393AC_SUBST([AM_CFLAGS]) 7394AC_SUBST([AM_LDFLAGS]) 7395AC_SUBST([AM_CCASFLAGS]) 7396AC_SUBST([LIB_ADD]) 7397AC_SUBST([LIB_STATIC_ADD]) 7398 7399# FINAL 7400AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h]) 7401AC_CONFIG_FILES([Makefile 7402 wolfssl/version.h 7403 wolfssl/options.h 7404 cyassl/options.h 7405 support/wolfssl.pc 7406 rpm/spec 7407 wolfcrypt/test/test_paths.h 7408 ]) 7409AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test]) 7410 7411AX_CREATE_GENERIC_CONFIG 7412AX_AM_JOBSERVER([yes]) 7413 7414# See Automake 9.4.1 Built Sources Example 7415AC_DEFUN([AX_OUT_OF_TREE_FILE],[ 7416 AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && >> $srcdir/$1]) 7417]) 7418 7419AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/async.h]) 7420AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/fips.h]) 7421AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h]) 7422AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist.h]) 7423AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist_mem.h]) 7424 7425AC_OUTPUT 7426 7427 7428# force make clean 7429AC_MSG_NOTICE([---]) 7430AC_MSG_NOTICE([Running make clean...]) 7431if test "$verbose" = "yes"; then 7432 make clean 7433else 7434 make clean >/dev/null 7435fi 7436 7437if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" 7438then 7439 echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ac_configure_args\"" > ${output_objdir}/.build_params && 7440 echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> ${output_objdir}/.build_params || 7441 AC_MSG_ERROR([Couldn't create ${output_objdir}/.build_params.]) 7442fi 7443 7444# generate user options header 7445AC_MSG_NOTICE([---]) 7446AC_MSG_NOTICE([Generating user options header...]) 7447 7448OPTION_FILE="wolfssl/options.h" 7449rm -f $OPTION_FILE 7450 7451echo "/* wolfssl options.h" > $OPTION_FILE 7452echo " * generated from configure options" >> $OPTION_FILE 7453echo " *" >> $OPTION_FILE 7454echo " * Copyright (C) 2006-2020 wolfSSL Inc." >> $OPTION_FILE 7455echo " *" >> $OPTION_FILE 7456echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE 7457echo " *" >> $OPTION_FILE 7458echo " */" >> $OPTION_FILE 7459 7460echo "" >> $OPTION_FILE 7461echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE 7462echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE 7463echo "" >> $OPTION_FILE 7464echo "" >> $OPTION_FILE 7465echo "#ifdef __cplusplus" >> $OPTION_FILE 7466echo "extern \"C\" {" >> $OPTION_FILE 7467echo "#endif" >> $OPTION_FILE 7468echo "" >> $OPTION_FILE 7469 7470for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS $EXTRA_CFLAGS; do 7471 defonly=`echo $option | sed 's/^-D//'` 7472 if test "$defonly" != "$option" 7473 then 7474 noequalsign=`echo $defonly | sed 's/=/ /'` 7475 if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG" 7476 then 7477 if test "$verbose" = "yes"; then 7478 AC_MSG_NOTICE([not outputting (N)DEBUG to $OPTION_FILE]) 7479 fi 7480 continue 7481 fi 7482 7483 # allow user to ignore system options 7484 ignoresys=$(echo "$noequalsign" | grep '^_.*') 7485 if test -n "$ignoresys" 7486 then 7487 echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE 7488 fi 7489 7490 noarg=`echo $defonly | sed 's/=.*//'` 7491 echo "#undef $noarg" >> $OPTION_FILE 7492 echo "#define $noequalsign" >> $OPTION_FILE 7493 7494 if test -n "$ignoresys" 7495 then 7496 echo "#endif" >> $OPTION_FILE 7497 fi 7498 7499 echo "" >> $OPTION_FILE 7500 else 7501 if test "$verbose" = "yes"; then 7502 AC_MSG_NOTICE([option w/o begin -D is $option, not saving to $OPTION_FILE]) 7503 fi 7504 fi 7505done 7506 7507echo "" >> $OPTION_FILE 7508echo "#ifdef __cplusplus" >> $OPTION_FILE 7509echo "}" >> $OPTION_FILE 7510echo "#endif" >> $OPTION_FILE 7511echo "" >> $OPTION_FILE 7512echo "" >> $OPTION_FILE 7513echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE 7514echo "" >> $OPTION_FILE 7515 7516#backwards compatibility for those who have included options or version 7517touch cyassl/options.h 7518echo "/* cyassl options.h" > cyassl/options.h 7519echo " * generated from wolfssl/options.h" >> cyassl/options.h 7520echo " */" >> cyassl/options.h 7521 7522while read -r line 7523do 7524 echo "$line" >> cyassl/options.h 7525done < $OPTION_FILE 7526 7527# switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak 7528sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h 7529 7530# workaround for mingw sed that may get "Permission denied" trying to preserver permissions 7531case $host_os in 7532 mingw*) 7533 chmod u+w cyassl/options.h ;; 7534esac 7535 7536rm cyassl/options.h.bak 7537 7538if test "$silent" != "yes"; then 7539 7540# output config summary 7541echo "---" 7542echo "Configuration summary for $PACKAGE_NAME version $VERSION" 7543echo "" 7544echo " * Installation prefix: $prefix" 7545echo " * System type: $host_vendor-$host_os" 7546echo " * Host CPU: $host_cpu" 7547echo " * C Compiler: $CC" 7548echo " * C Flags: $CFLAGS" 7549echo " * C++ Compiler: $CXX" 7550echo " * C++ Flags: $CXXFLAGS" 7551echo " * CPP Flags: $CPPFLAGS" 7552echo " * CCAS Flags: $CCASFLAGS" 7553echo " * LIB Flags: $LIB" 7554 7555test "$ENABLED_LINUXKM" = "yes" && \ 7556echo " * Linux Kernel Build Root: $KERNEL_ROOT" && \ 7557echo " * Linux Kernel Build Arch: $KERNEL_ARCH" && \ 7558echo " * fpu disable C flags: $CFLAGS_FPU_DISABLE" && \ 7559echo " * fpu enable C flags: $CFLAGS_FPU_ENABLE" && \ 7560echo " * SIMD disable C flags: $CFLAGS_SIMD_DISABLE" && \ 7561echo " * SIMD enable C flags: $CFLAGS_SIMD_ENABLE" && \ 7562echo " * No-auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_DISABLE" && \ 7563echo " * Auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_ENABLE" && \ 7564echo " * SIMD enable as flags: $ASFLAGS_FPU_DISABLE_SIMD_ENABLE" && \ 7565echo " * FPU enable as flags: $ASFLAGS_FPU_ENABLE_SIMD_DISABLE" && \ 7566echo " * SIMD+FPU disable as flags: $ASFLAGS_FPUSIMD_DISABLE" && \ 7567echo " * SIMD+FPU enable as flags: $ASFLAGS_FPUSIMD_ENABLE" && \ 7568echo " * Linux kernel module PIE: $ENABLED_LINUXKM_PIE" 7569 7570echo " * Debug enabled: $ax_enable_debug" 7571echo " * Coverage enabled: $ax_enable_coverage" 7572echo " * Warnings as failure: $ac_cv_warnings_as_errors" 7573echo " * make -j: $enable_jobserver" 7574echo " * VCS checkout: $ac_cv_vcs_checkout" 7575echo 7576echo " Features " 7577if test "$ENABLED_FIPS" = "yes"; then 7578echo " * FIPS: $FIPS_VERSION" 7579else 7580echo " * FIPS: $ENABLED_FIPS" 7581fi 7582echo " * Single threaded: $ENABLED_SINGLETHREADED" 7583echo " * Filesystem: $ENABLED_FILESYSTEM" 7584echo " * OpenSSH Build: $ENABLED_OPENSSH" 7585echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA" 7586echo " * OpenSSL Coexist: $ENABLED_OPENSSLCOEXIST" 7587echo " * Old Names: $ENABLED_OLDNAMES" 7588echo " * Max Strength Build: $ENABLED_MAXSTRENGTH" 7589echo " * Distro Build: $ENABLED_DISTRO" 7590echo " * Reproducible Build: $ENABLED_REPRODUCIBLE_BUILD" 7591echo " * fastmath: $ENABLED_FASTMATH" 7592echo " * Assembly Allowed: $ENABLED_ASM" 7593echo " * sniffer: $ENABLED_SNIFFER" 7594echo " * snifftest: $ENABLED_SNIFFTEST" 7595echo " * ARC4: $ENABLED_ARC4" 7596echo " * AES: $ENABLED_AES" 7597echo " * AES-NI: $ENABLED_AESNI" 7598echo " * AES-CBC: $ENABLED_AESCBC" 7599echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS" 7600echo " * AES-GCM: $ENABLED_AESGCM" 7601echo " * AES-GCM streaming: $ENABLED_AESGCM_STREAM" 7602echo " * AES-CCM: $ENABLED_AESCCM" 7603echo " * AES-CTR: $ENABLED_AESCTR" 7604echo " * AES-CFB: $ENABLED_AESCFB" 7605echo " * AES-OFB: $ENABLED_AESOFB" 7606echo " * DES3: $ENABLED_DES3" 7607echo " * IDEA: $ENABLED_IDEA" 7608echo " * Camellia: $ENABLED_CAMELLIA" 7609echo " * NULL Cipher: $ENABLED_NULL_CIPHER" 7610echo " * MD2: $ENABLED_MD2" 7611echo " * MD4: $ENABLED_MD4" 7612echo " * MD5: $ENABLED_MD5" 7613echo " * RIPEMD: $ENABLED_RIPEMD" 7614echo " * SHA: $ENABLED_SHA" 7615echo " * SHA-224: $ENABLED_SHA224" 7616echo " * SHA-384: $ENABLED_SHA384" 7617echo " * SHA-512: $ENABLED_SHA512" 7618echo " * SHA3: $ENABLED_SHA3" 7619echo " * SHAKE256: $ENABLED_SHAKE256" 7620echo " * BLAKE2: $ENABLED_BLAKE2" 7621echo " * BLAKE2S: $ENABLED_BLAKE2S" 7622echo " * CMAC: $ENABLED_CMAC" 7623echo " * keygen: $ENABLED_KEYGEN" 7624echo " * certgen: $ENABLED_CERTGEN" 7625echo " * certreq: $ENABLED_CERTREQ" 7626echo " * certext: $ENABLED_CERTEXT" 7627echo " * certgencache: $ENABLED_certgencache" 7628echo " * HC-128: $ENABLED_HC128" 7629echo " * RABBIT: $ENABLED_RABBIT" 7630echo " * CHACHA: $ENABLED_CHACHA" 7631echo " * XCHACHA: $ENABLED_XCHACHA" 7632echo " * Hash DRBG: $ENABLED_HASHDRBG" 7633echo " * PWDBASED: $ENABLED_PWDBASED" 7634echo " * scrypt: $ENABLED_SCRYPT" 7635echo " * wolfCrypt Only: $ENABLED_CRYPTONLY" 7636echo " * HKDF: $ENABLED_HKDF" 7637echo " * X9.63 KDF: $ENABLED_X963KDF" 7638echo " * MD4: $ENABLED_MD4" 7639echo " * PSK: $ENABLED_PSK" 7640echo " * Poly1305: $ENABLED_POLY1305" 7641echo " * LEANPSK: $ENABLED_LEANPSK" 7642echo " * LEANTLS: $ENABLED_LEANTLS" 7643echo " * RSA: $ENABLED_RSA" 7644echo " * RSA-PSS: $ENABLED_RSAPSS" 7645echo " * DSA: $ENABLED_DSA" 7646echo " * DH: $ENABLED_DH" 7647echo " * DH Default Parameters: $ENABLED_DHDEFAULTPARAMS" 7648echo " * ECC: $ENABLED_ECC" 7649echo " * ECC Custom Curves: $ENABLED_ECCCUSTCURVES" 7650echo " * ECC Minimum Bits: $ENABLED_ECCMINSZ" 7651echo " * CURVE25519: $ENABLED_CURVE25519" 7652echo " * ED25519: $ENABLED_ED25519" 7653echo " * ED25519 streaming: $ENABLED_ED25519_STREAM" 7654echo " * CURVE448: $ENABLED_CURVE448" 7655echo " * ED448: $ENABLED_ED448" 7656echo " * ED448 streaming: $ENABLED_ED448_STREAM" 7657echo " * FPECC: $ENABLED_FPECC" 7658echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT" 7659echo " * ECCSI $ENABLED_ECCSI" 7660echo " * SAKKE $ENABLED_SAKKE" 7661echo " * ASN: $ENABLED_ASN" 7662echo " * Anonymous cipher: $ENABLED_ANON" 7663echo " * CODING: $ENABLED_CODING" 7664echo " * MEMORY: $ENABLED_MEMORY" 7665echo " * I/O POOL: $ENABLED_IOPOOL" 7666echo " * wolfSentry: $ENABLED_WOLFSENTRY" 7667echo " * LIGHTY: $ENABLED_LIGHTY" 7668echo " * HAPROXY: $ENABLED_HAPROXY" 7669echo " * STUNNEL: $ENABLED_STUNNEL" 7670echo " * tcpdump: $ENABLED_TCPDUMP" 7671echo " * libssh2: $ENABLED_LIBSSH2" 7672echo " * ntp: $ENABLED_NTP" 7673echo " * rsyslog: $ENABLED_RSYSLOG" 7674echo " * Apache httpd: $ENABLED_APACHE_HTTPD" 7675echo " * NGINX: $ENABLED_NGINX" 7676echo " * OpenResty: $ENABLED_OPENRESTY" 7677echo " * ASIO: $ENABLED_ASIO" 7678echo " * LIBWEBSOCKETS: $ENABLED_LIBWEBSOCKETS" 7679echo " * Qt: $ENABLED_QT" 7680echo " * Qt Unit Testing: $ENABLED_QT_TEST" 7681echo " * SIGNAL: $ENABLED_SIGNAL" 7682echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" 7683echo " * DTLS: $ENABLED_DTLS" 7684echo " * SCTP: $ENABLED_SCTP" 7685echo " * Indefinite Length: $ENABLED_BER_INDEF" 7686echo " * Multicast: $ENABLED_MCAST" 7687echo " * SSL v3.0 (Old): $ENABLED_SSLV3" 7688echo " * TLS v1.0 (Old): $ENABLED_TLSV10" 7689echo " * TLS v1.1 (Old): $ENABLED_OLD_TLS" 7690echo " * TLS v1.2: $ENABLED_TLSV12" 7691echo " * TLS v1.3: $ENABLED_TLS13" 7692echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH" 7693echo " * Early Data: $ENABLED_TLS13_EARLY_DATA" 7694echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE" 7695echo " * OCSP: $ENABLED_OCSP" 7696echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST" 7697echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2" 7698echo " * CRL: $ENABLED_CRL" 7699echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR" 7700echo " * Persistent session cache: $ENABLED_SAVESESSION" 7701echo " * Persistent cert cache: $ENABLED_SAVECERT" 7702echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER" 7703echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS" 7704echo " * liboqs: $ENABLED_LIBOQS" 7705echo " * Whitewood netRandom: $ENABLED_WNR" 7706echo " * Server Name Indication: $ENABLED_SNI" 7707echo " * ALPN: $ENABLED_ALPN" 7708echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT" 7709echo " * Trusted CA Indication: $ENABLED_TRUSTED_CA" 7710echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC" 7711echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES" 7712echo " * FFDHE only in client: $ENABLED_FFDHE_ONLY" 7713echo " * Session Ticket: $ENABLED_SESSION_TICKET" 7714echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER" 7715echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION" 7716echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION" 7717echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV" 7718echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL" 7719echo " * All TLS Extensions: $ENABLED_TLSX" 7720echo " * PKCS#7: $ENABLED_PKCS7" 7721echo " * S/MIME: $ENABLED_SMIME" 7722echo " * wolfSSH: $ENABLED_WOLFSSH" 7723echo " * wolfTPM: $ENABLED_WOLFTPM" 7724echo " * wolfCLU: $ENABLED_WOLFCLU" 7725echo " * wolfSCEP: $ENABLED_WOLFSCEP" 7726echo " * Secure Remote Password: $ENABLED_SRP" 7727echo " * Small Stack: $ENABLED_SMALL_STACK" 7728echo " * Linux Kernel Module: $ENABLED_LINUXKM" 7729echo " * valgrind unit tests: $ENABLED_VALGRIND" 7730echo " * LIBZ: $ENABLED_LIBZ" 7731echo " * Examples: $ENABLED_EXAMPLES" 7732echo " * Crypt tests: $ENABLED_CRYPT_TESTS" 7733echo " * Stack sizes in tests: $ENABLED_STACKSIZE" 7734echo " * Heap stats in tests: $ENABLED_TRACKMEMORY" 7735echo " * User Crypto: $ENABLED_USER_CRYPTO" 7736echo " * Fast RSA: $ENABLED_FAST_RSA" 7737echo " * Single Precision: $ENABLED_SP" 7738if test "$ENABLED_SP_MATH_ALL" != "no" 7739then 7740 ENABLED_SP_MATH_DESC="all" 7741else 7742 if test "$ENABLED_SP_MATH" != "no" 7743 then 7744 ENABLED_SP_MATH_DESC="restricted" 7745 else 7746 ENABLED_SP_MATH_DESC="no" 7747 fi 7748fi 7749echo " * SP math implementation: $ENABLED_SP_MATH_DESC" 7750echo " * Async Crypto: $ENABLED_ASYNCCRYPT" 7751echo " * PKCS#8: $ENABLED_PKCS8" 7752echo " * PKCS#11: $ENABLED_PKCS11" 7753echo " * PKCS#12: $ENABLED_PKCS12" 7754echo " * Cavium Nitrox: $ENABLED_CAVIUM" 7755echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC" 7756echo " * Intel Quick Assist: $ENABLED_INTEL_QA" 7757echo " * ARM ASM: $ENABLED_ARMASM" 7758echo " * ARM ASM SHA512 Crypto $ENABLED_ARMASM_SHA512" 7759echo " * AES Key Wrap: $ENABLED_AESKEYWRAP" 7760echo " * Write duplicate: $ENABLED_WRITEDUP" 7761echo " * Xilinx Hardware Acc.: $ENABLED_XILINX" 7762echo " * Inline Code: $ENABLED_INLINE" 7763echo " * Linux AF_ALG: $ENABLED_AFALG" 7764echo " * Linux KCAPI: $ENABLED_KCAPI" 7765echo " * Linux devcrypto: $ENABLED_DEVCRYPTO" 7766echo " * Crypto callbacks: $ENABLED_CRYPTOCB" 7767echo " * i.MX6 CAAM: $ENABLED_CAAM" 7768echo " * IoT-Safe: $ENABLED_IOTSAFE" 7769echo " * IoT-Safe HWRNG: $ENABLED_IOTSAFE_HWRNG" 7770echo " * NXP SE050: $ENABLED_SE050" 7771echo "" 7772echo "---" 7773 7774fi # $silent != yes 7775 7776################################################################################ 7777# Show warnings at bottom so they are noticed 7778################################################################################ 7779 7780if test "$ENABLED_ASYNCCRYPT" = "yes" && ! test -s $srcdir/wolfcrypt/src/async.c 7781then 7782 AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.]) 7783fi 7784 7785# MinGW static vs shared library 7786# Reference URL from libtool for MinGW is located at 7787# http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross 7788# this allows for not even having dllimport/dllexport on functions 7789# with recent libtools, only requiring it with global variables. 7790# 7791# The following warning is displayed here because if not using "contemporary GNU 7792# tools" there is the possibility of export/import issues. 7793# wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the 7794# case where both static and shared libraries are built. 7795# 7796# More can be found about the MinGW linker at 7797# https://sourceware.org/binutils/docs/ld/WIN32.html 7798if test "$MINGW_LIB_WARNING" = "yes" 7799then 7800 AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.]) 7801fi 7802