12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275 |
- # configure.ac
- #
- # Copyright (C) 2006-2015 wolfSSL Inc.
- #
- # This file is part of wolfSSL. (formerly known as CyaSSL)
- #
- #
- AC_INIT([wolfssl],[3.9.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
- AC_CONFIG_AUX_DIR([build-aux])
- # The following sets CFLAGS to empty if unset on command line. We do not want
- # the default "-g -O2" that AC_PROG_CC sets automatically.
- : ${CFLAGS=""}
- AC_CANONICAL_HOST
- AC_CANONICAL_BUILD
- AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
- AC_PREREQ([2.63])
- AC_ARG_PROGRAM
- AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS],
- [AX_SAVE_FLAGS
- AC_LANG_PUSH([C])
- AC_USE_SYSTEM_EXTENSIONS
- AC_LANG_POP([C])
- AX_RESTORE_FLAGS
- ])
- #PROTECT_AC_USE_SYSTEM_EXTENSIONS
- AC_CONFIG_MACRO_DIR([m4])
- AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
- #shared library versioning
- WOLFSSL_LIBRARY_VERSION=7:0:4
- # | | |
- # +------+ | +---+
- # | | |
- # current:revision:age
- # | | |
- # | | +- increment if interfaces have been added
- # | | set to zero if interfaces have been removed
- # | | or changed
- # | +- increment if source code has changed
- # | set to zero if current is incremented
- # +- increment if interfaces have been added, removed or changed
- AC_SUBST([WOLFSSL_LIBRARY_VERSION])
- # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even
- # if user doesn't override, no way to tell
- USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS"
- USER_CFLAGS="$CFLAGS"
- LT_PREREQ([2.2])
- LT_INIT([disable-static],[win32-dll])
- LT_LANG([C++])
- LT_LANG([C])
- gl_VISIBILITY
- AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
- AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
- CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY"
- ])
- m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
- AC_CHECK_FUNCS([gethostbyname])
- AC_CHECK_FUNCS([getaddrinfo])
- AC_CHECK_FUNCS([gettimeofday])
- AC_CHECK_FUNCS([gmtime_r])
- AC_CHECK_FUNCS([inet_ntoa])
- AC_CHECK_FUNCS([memset])
- AC_CHECK_FUNCS([socket])
- AC_CHECK_HEADERS([arpa/inet.h])
- AC_CHECK_HEADERS([fcntl.h])
- AC_CHECK_HEADERS([limits.h])
- AC_CHECK_HEADERS([netdb.h])
- AC_CHECK_HEADERS([netinet/in.h])
- AC_CHECK_HEADERS([stddef.h])
- AC_CHECK_HEADERS([sys/ioctl.h])
- AC_CHECK_HEADERS([sys/socket.h])
- AC_CHECK_HEADERS([sys/time.h])
- AC_CHECK_HEADERS([errno.h])
- AC_CHECK_LIB(network,socket)
- AC_CHECK_SIZEOF(long long, 8)
- AC_CHECK_SIZEOF(long, 4)
- AC_CHECK_TYPES(__uint128_t)
- AC_C_BIGENDIAN
- # mktime check takes forever on some systems, if time supported it would be
- # highly unusual for mktime to be missing
- #AC_FUNC_MKTIME
- AC_PROG_CC
- AC_PROG_CC_C_O
- AC_PROG_CXX
- AC_PROG_INSTALL
- AC_TYPE_SIZE_T
- AC_TYPE_UINT8_T
- AM_PROG_AS
- AM_PROG_CC_C_O
- LT_LIB_M
- OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer"
- OPTIMIZE_FAST_CFLAGS="-O2 -fomit-frame-pointer"
- OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
- DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
- LIB_ADD=
- LIB_STATIC_ADD=
- thread_ls_on=no
- # Thread local storage
- AX_TLS([
- [AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]
- [thread_ls_on=yes]
- ] , [:])
- # DEBUG
- AX_DEBUG
- AS_IF([test "$ax_enable_debug" = "yes"],
- [AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"],
- [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
- # Distro build feature subset (Debian, Ubuntu, etc.)
- AC_ARG_ENABLE([distro],
- [ --enable-distro Enable wolfSSL distro build (default: disabled)],
- [ ENABLED_DISTRO=$enableval ],
- [ ENABLED_DISTRO=no ]
- )
- if test "$ENABLED_DISTRO" = "yes"
- then
- enable_shared=yes
- enable_static=yes
- enable_dtls=yes
- enable_openssh=yes
- enable_opensslextra=yes
- enable_savesession=yes
- enable_savecert=yes
- enable_atomicuser=yes
- enable_pkcallbacks=yes
- enable_aesgcm=yes
- enable_aesccm=yes
- enable_camellia=yes
- enable_ripemd=yes
- enable_sha512=yes
- enable_sessioncerts=yes
- enable_keygen=yes
- enable_certgen=yes
- enable_certreq=yes
- enable_certext=yes
- enable_sep=yes
- enable_hkdf=yes
- enable_dsa=yes
- enable_ecccustcurves=yes
- enable_compkey=yes
- enable_curve25519=yes
- enable_ed25519=yes
- enable_fpecc=yes
- enable_eccencrypt=yes
- enable_psk=yes
- enable_idea=yes
- enable_cmac=yes
- enable_webserver=yes
- enable_hc128=yes
- enable_rabbit=yes
- enable_ocsp=yes
- enable_ocspstapling=yes
- enable_ocspstapling2=yes
- enable_crl=yes
- enable_crl_monitor=yes
- enable_sni=yes
- enable_maxfragment=yes
- enable_alpn=yes
- enable_truncatedhmac=yes
- enable_supportedcurves=yes
- enable_session_ticket=yes
- enable_tlsx=yes
- enable_pkcs7=yes
- enable_scep=yes
- enable_srp=yes
- enable_certservice=yes
- enable_jni=yes
- enable_lighty=yes
- enable_stunnel=yes
- enable_pwdbased=yes
- fi
- # SINGLE THREADED
- AC_ARG_ENABLE([singlethreaded],
- [ --enable-singlethreaded Enable wolfSSL single threaded (default: disabled)],
- [ ENABLED_SINGLETHREADED=$enableval ],
- [ ENABLED_SINGLETHREADED=no ])
- AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
- AX_PTHREAD([
- AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
- AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS"
- LIBS="$LIBS $PTHREAD_LIBS"
- ],[
- ENABLED_SINGLETHREADED=yes
- ])
- ])
- AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ])
- # DTLS
- AC_ARG_ENABLE([dtls],
- [ --enable-dtls Enable wolfSSL DTLS (default: disabled)],
- [ ENABLED_DTLS=$enableval ],
- [ ENABLED_DTLS=no ]
- )
- if test "$ENABLED_DTLS" = "yes"
- then
- AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
- fi
- # DTLS-SCTP
- AC_ARG_ENABLE([sctp],
- [AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
- [ENABLED_SCTP=$enableval],
- [ENABLED_SCTP=no])
- AM_CONDITIONAL([BUILD_SCTP], [test "x$ENABLED_SCTP" = "xyes"])
- AS_IF([test "x$ENABLED_SCTP" = "xyes"],
- [AC_MSG_CHECKING([for SCTP])
- AC_RUN_IFELSE(
- [AC_LANG_PROGRAM(
- [[
- #include <sys/socket.h>
- #include <arpa/inet.h>
- ]],
- [[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
- [AC_MSG_RESULT(yes)],
- [AC_MSG_RESULT(no)
- AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])])
- ])
- # OpenSSH compatibility Build
- AC_ARG_ENABLE([openssh],
- [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
- [ENABLED_OPENSSH=$enableval],
- [ENABLED_OPENSSH=no])
- # OPENSSL Extra Compatibility
- AC_ARG_ENABLE([opensslextra],
- [ --enable-opensslextra Enable extra OpenSSL API, size+ (default: disabled)],
- [ ENABLED_OPENSSLEXTRA=$enableval ],
- [ ENABLED_OPENSSLEXTRA=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_OPENSSLEXTRA="yes"
- fi
- if test "$ENABLED_OPENSSLEXTRA" = "yes"
- then
- AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
- fi
- if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes"
- then
- AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.])
- fi
- # High Strength Build
- AC_ARG_ENABLE([maxstrength],
- [AS_HELP_STRING([--enable-maxstrength],[Enable Max Strengh build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
- [ENABLED_MAXSTRENGTH=$enableval],
- [ENABLED_MAXSTRENGTH=no])
- # Harden, enable Timing Resistance and Blinding by default
- AC_ARG_ENABLE([harden],
- [AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
- [ENABLED_HARDEN=$enableval],
- [ENABLED_HARDEN=yes])
- if test "$ENABLED_HARDEN" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING"
- fi
- # IPv6 Test Apps
- AC_ARG_ENABLE([ipv6],
- [ --enable-ipv6 Enable testing of IPV6 (default: disabled)],
- [ ENABLED_IPV6=$enableval ],
- [ ENABLED_IPV6=no ]
- )
- if test "$ENABLED_IPV6" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6"
- fi
- AM_CONDITIONAL([BUILD_IPV6], [test "x$ENABLED_IPV6" = "xyes"])
- # Fortress build
- AC_ARG_ENABLE([fortress],
- [ --enable-fortress Enable SSL fortress build (default: disabled)],
- [ ENABLED_FORTRESS=$enableval ],
- [ ENABLED_FORTRESS=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_FORTRESS="yes"
- fi
- if test "$ENABLED_FORTRESS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_DES_ECB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN"
- fi
- # ssl bump build
- AC_ARG_ENABLE([bump],
- [ --enable-bump Enable SSL Bump build (default: disabled)],
- [ ENABLED_BUMP=$enableval ],
- [ ENABLED_BUMP=no ]
- )
- if test "$ENABLED_BUMP" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192 -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
- fi
- ENABLED_SLOWMATH="yes"
- # lean psk build
- AC_ARG_ENABLE([leanpsk],
- [ --enable-leanpsk Enable Lean PSK build (default: disabled)],
- [ ENABLED_LEANPSK=$enableval ],
- [ ENABLED_LEANPSK=no ]
- )
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_CERTS -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_SESSION_CACHE -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA -DUSE_SLOW_SHA"
- ENABLED_SLOWMATH="no"
- ENABLED_SINGLETHREADED="yes"
- fi
- AM_CONDITIONAL([BUILD_LEANPSK], [test "x$ENABLED_LEANPSK" = "xyes"])
- # lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
- AC_ARG_ENABLE([leantls],
- [ --enable-leantls Enable Lean TLS build (default: disabled)],
- [ ENABLED_LEANTLS=$enableval ],
- [ ENABLED_LEANTLS=no ]
- )
- if test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RABBIT -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SESSION_CACHE -DNO_SHA -DUSE_SLOW_SHA -DUSE_SLOW_SHA2 -DNO_PSK -DNO_WOLFSSL_MEMORY"
- fi
- AM_CONDITIONAL([BUILD_LEANTLS], [test "x$ENABLED_LEANTLS" = "xyes"])
- # big cache
- AC_ARG_ENABLE([bigcache],
- [ --enable-bigcache Enable big session cache (default: disabled)],
- [ ENABLED_BIGCACHE=$enableval ],
- [ ENABLED_BIGCACHE=no ]
- )
- if test "$ENABLED_BIGCACHE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
- fi
- # HUGE cache
- AC_ARG_ENABLE([hugecache],
- [ --enable-hugecache Enable huge session cache (default: disabled)],
- [ ENABLED_HUGECACHE=$enableval ],
- [ ENABLED_HUGECACHE=no ]
- )
- if test "$ENABLED_HUGECACHE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
- fi
- # SMALL cache
- AC_ARG_ENABLE([smallcache],
- [ --enable-smallcache Enable small session cache (default: disabled)],
- [ ENABLED_SMALLCACHE=$enableval ],
- [ ENABLED_SMALLCACHE=no ]
- )
- if test "$ENABLED_SMALLCACHE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
- fi
- # Persistent session cache
- AC_ARG_ENABLE([savesession],
- [ --enable-savesession Enable persistent session cache (default: disabled)],
- [ ENABLED_SAVESESSION=$enableval ],
- [ ENABLED_SAVESESSION=no ]
- )
- if test "$ENABLED_SAVESESSION" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
- fi
- # Persistent cert cache
- AC_ARG_ENABLE([savecert],
- [ --enable-savecert Enable persistent cert cache (default: disabled)],
- [ ENABLED_SAVECERT=$enableval ],
- [ ENABLED_SAVECERT=no ]
- )
- if test "$ENABLED_SAVECERT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
- fi
- # Atomic User Record Layer
- AC_ARG_ENABLE([atomicuser],
- [ --enable-atomicuser Enable Atomic User Record Layer (default: disabled)],
- [ ENABLED_ATOMICUSER=$enableval ],
- [ ENABLED_ATOMICUSER=no ]
- )
- if test "$ENABLED_ATOMICUSER" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
- fi
- # Public Key Callbacks
- AC_ARG_ENABLE([pkcallbacks],
- [ --enable-pkcallbacks Enable Public Key Callbacks (default: disabled)],
- [ ENABLED_PKCALLBACKS=$enableval ],
- [ ENABLED_PKCALLBACKS=no ]
- )
- if test "$ENABLED_PKCALLBACKS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
- fi
- # SNIFFER
- AC_ARG_ENABLE([sniffer],
- [AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
- [ ENABLED_SNIFFER=$enableval ],
- [ ENABLED_SNIFFER=no ]
- )
- # sniffer doesn't work in maxstrength mode
- if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
- then
- AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
- fi
- ENABLED_SNIFFTEST=no
- AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
- [
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DOPENSSL_EXTRA"
- AC_CHECK_HEADERS([pcap/pcap.h],
- [ ENABLED_SNIFFTEST=yes ],
- [ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
- )
- ])
- AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" ])
- AM_CONDITIONAL([BUILD_SNIFFTEST], [ test "x$ENABLED_SNIFFTEST" = "xyes" ])
- # AES-GCM
- AC_ARG_ENABLE([aesgcm],
- [AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
- [ ENABLED_AESGCM=$enableval ],
- [ ENABLED_AESGCM=yes ]
- )
- # leanpsk and leantls don't need gcm
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- ENABLED_AESGCM=no
- fi
- if test "$ENABLED_AESGCM" = "word32"
- then
- AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
- ENABLED_AESGCM=yes
- fi
- if test "$ENABLED_AESGCM" = "small"
- then
- AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
- ENABLED_AESGCM=yes
- fi
- if test "$ENABLED_AESGCM" = "table"
- then
- AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
- ENABLED_AESGCM=yes
- fi
- if test "$ENABLED_AESGCM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
- fi
- AM_CONDITIONAL([BUILD_AESGCM], [test "x$ENABLED_AESGCM" = "xyes"])
- # AES-CCM
- AC_ARG_ENABLE([aesccm],
- [ --enable-aesccm Enable wolfSSL AES-CCM support (default: disabled)],
- [ ENABLED_AESCCM=$enableval ],
- [ ENABLED_AESCCM=no ]
- )
- if test "$ENABLED_AESCCM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
- fi
- AM_CONDITIONAL([BUILD_AESCCM], [test "x$ENABLED_AESCCM" = "xyes"])
- # AES-ARM
- AC_ARG_ENABLE([armasm],
- [AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARM ASM support (default: disabled)])],
- [ ENABLED_ARMASM=$enableval ],
- [ ENABLED_ARMASM=no ]
- )
- if test "$ENABLED_ARMASM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
- if test "$GCC" = "yes"
- then
- # GCC needs this flag
- AM_CFLAGS="$AM_CFLAGS -mcpu=generic+crypto"
- fi
- fi
- AM_CONDITIONAL([BUILD_ARMASM], [test "x$ENABLED_ARMASM" = "xyes"])
- # AES-NI
- AC_ARG_ENABLE([aesni],
- [AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
- [ ENABLED_AESNI=$enableval ],
- [ ENABLED_AESNI=no ]
- )
- # INTEL ASM
- AC_ARG_ENABLE([intelasm],
- [AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
- [ ENABLED_INTELASM=$enableval ],
- [ ENABLED_INTELASM=no ]
- )
- if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
- if test "$GCC" = "yes"
- then
- # GCC needs these flags, icc doesn't
- # opt levels greater than 2 may cause problems on systems w/o aesni
- if test "$CC" != "icc"
- then
- AM_CFLAGS="$AM_CFLAGS -maes -msse4"
- fi
- fi
- AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
- fi
- if test "$ENABLED_INTELASM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDGEN -DUSE_INTEL_SPEEDUP"
- ENABLED_AESNI=yes
- fi
- AM_CONDITIONAL([BUILD_AESNI], [test "x$ENABLED_AESNI" = "xyes"])
- # Camellia
- AC_ARG_ENABLE([camellia],
- [ --enable-camellia Enable wolfSSL Camellia support (default: disabled)],
- [ ENABLED_CAMELLIA=$enableval ],
- [ ENABLED_CAMELLIA=no ]
- )
- if test "$ENABLED_CAMELLIA" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
- fi
- AM_CONDITIONAL([BUILD_CAMELLIA], [test "x$ENABLED_CAMELLIA" = "xyes"])
- # MD2
- AC_ARG_ENABLE([md2],
- [ --enable-md2 Enable wolfSSL MD2 support (default: disabled)],
- [ ENABLED_MD2=$enableval ],
- [ ENABLED_MD2=no ]
- )
- if test "$ENABLED_BUMP" = "yes"
- then
- ENABLED_MD2="yes"
- fi
- if test "$ENABLED_MD2" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
- fi
- AM_CONDITIONAL([BUILD_MD2], [test "x$ENABLED_MD2" = "xyes"])
- # NULL CIPHER
- AC_ARG_ENABLE([nullcipher],
- [ --enable-nullcipher Enable wolfSSL NULL cipher support (default: disabled)],
- [ ENABLED_NULL_CIPHER=$enableval ],
- [ ENABLED_NULL_CIPHER=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_NULL_CIPHER="yes"
- fi
- if test "$ENABLED_NULL_CIPHER" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
- fi
- # RIPEMD
- AC_ARG_ENABLE([ripemd],
- [ --enable-ripemd Enable wolfSSL RIPEMD-160 support (default: disabled)],
- [ ENABLED_RIPEMD=$enableval ],
- [ ENABLED_RIPEMD=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_RIPEMD="yes"
- fi
- if test "$ENABLED_RIPEMD" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
- fi
- AM_CONDITIONAL([BUILD_RIPEMD], [test "x$ENABLED_RIPEMD" = "xyes"])
- # BLAKE2
- AC_ARG_ENABLE([blake2],
- [ --enable-blake2 Enable wolfSSL BLAKE2 support (default: disabled)],
- [ ENABLED_BLAKE2=$enableval ],
- [ ENABLED_BLAKE2=no ]
- )
- if test "$ENABLED_BLAKE2" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2"
- fi
- AM_CONDITIONAL([BUILD_BLAKE2], [test "x$ENABLED_BLAKE2" = "xyes"])
- # set sha512 default
- SHA512_DEFAULT=no
- if test "$host_cpu" = "x86_64"
- then
- SHA512_DEFAULT=yes
- fi
- # SHA512
- AC_ARG_ENABLE([sha512],
- [AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled on x86_64)])],
- [ ENABLED_SHA512=$enableval ],
- [ ENABLED_SHA512=$SHA512_DEFAULT ]
- )
- # leanpsk and leantls don't need sha512
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- ENABLED_SHA512=no
- fi
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_SHA512="yes"
- fi
- if test "$ENABLED_SHA512" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
- fi
- if test "$ENABLED_FORTRESS" = "yes"
- then
- ENABLED_SHA512="yes"
- fi
- AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
- # SESSION CERTS
- AC_ARG_ENABLE([sessioncerts],
- [ --enable-sessioncerts Enable session cert storing (default: disabled)],
- [ ENABLED_SESSIONCERTS=$enableval ],
- [ ENABLED_SESSIONCERTS=no ]
- )
- if test "$ENABLED_SESSIONCERTS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
- fi
- # KEY GENERATION
- AC_ARG_ENABLE([keygen],
- [ --enable-keygen Enable key generation (default: disabled)],
- [ ENABLED_KEYGEN=$enableval ],
- [ ENABLED_KEYGEN=no ]
- )
- if test "$ENABLED_KEYGEN" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
- fi
- # CERT GENERATION
- AC_ARG_ENABLE([certgen],
- [ --enable-certgen Enable cert generation (default: disabled)],
- [ ENABLED_CERTGEN=$enableval ],
- [ ENABLED_CERTGEN=no ]
- )
- if test "$ENABLED_CERTGEN" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- # CERT REQUEST GENERATION
- AC_ARG_ENABLE([certreq],
- [ --enable-certreq Enable cert request generation (default: disabled)],
- [ ENABLED_CERTREQ=$enableval ],
- [ ENABLED_CERTREQ=no ]
- )
- if test "$ENABLED_CERTREQ" = "yes"
- then
- if test "$ENABLED_CERTGEN" = "no"
- then
- AC_MSG_ERROR([cannot enable certreq without enabling certgen.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
- fi
- # CERT REQUEST EXTENSION
- AC_ARG_ENABLE([certext],
- [ --enable-certext Enable cert request extensions (default: disabled)],
- [ ENABLED_CERTEXT=$enableval ],
- [ ENABLED_CERTEXT=no ]
- )
- if test "$ENABLED_CERTEXT" = "yes"
- then
- if test "$ENABLED_CERTGEN" = "no"
- then
- AC_MSG_ERROR([cannot enable certext without enabling certgen.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- # SEP
- AC_ARG_ENABLE([sep],
- [ --enable-sep Enable sep extensions (default: disabled)],
- [ ENABLED_SEP=$enableval ],
- [ ENABLED_SEP=no ]
- )
- if test "$ENABLED_SEP" = "yes"
- then
- AM_CFLAGS="-DWOLFSSL_SEP -DKEEP_PEER_CERT $AM_CFLAGS"
- fi
- # HKDF
- AC_ARG_ENABLE([hkdf],
- [ --enable-hkdf Enable HKDF (HMAC-KDF) support (default: disabled)],
- [ ENABLED_HKDF=$enableval ],
- [ ENABLED_HKDF=no ]
- )
- if test "$ENABLED_HKDF" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
- fi
- # DSA
- AC_ARG_ENABLE([dsa],
- [ --enable-dsa Enable DSA (default: disabled)],
- [ ENABLED_DSA=$enableval ],
- [ ENABLED_DSA=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_DSA="yes"
- fi
- if test "$ENABLED_DSA" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
- fi
- AM_CONDITIONAL([BUILD_DSA], [test "x$ENABLED_DSA" = "xyes"])
- # set ecc default
- ECC_DEFAULT=no
- if test "$host_cpu" = "x86_64"
- then
- ECC_DEFAULT=yes
- fi
- # ECC Shamir
- AC_ARG_ENABLE([eccshamir],
- [AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled on x86_64)])],
- [ ENABLED_ECC_SHAMIR=$enableval ],
- [ ENABLED_ECC_SHAMIR=$ECC_DEFAULT ]
- )
- # ECC
- AC_ARG_ENABLE([ecc],
- [AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled on x86_64)])],
- [ ENABLED_ECC=$enableval ],
- [ ENABLED_ECC=$ECC_DEFAULT ]
- )
- # lean psk doesn't need ecc
- if test "$ENABLED_LEANPSK" = "yes"
- then
- ENABLED_ECC=no
- fi
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_ECC="yes"
- fi
- if test "$ENABLED_ECC" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- if test "$ENABLED_ECC_SHAMIR" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- fi
- AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
- # ECC Custom Curves
- AC_ARG_ENABLE([ecccustcurves],
- [AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
- [ ENABLED_ECCCUSTCURVES=$enableval ],
- [ ENABLED_ECCCUSTCURVES=no ]
- )
- if test "$ENABLED_ECCCUSTCURVES" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
- fi
- # Compressed Key
- AC_ARG_ENABLE([compkey],
- [AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
- [ ENABLED_COMPKEY=$enableval ],
- [ ENABLED_COMPKEY=no ]
- )
- if test "$ENABLED_COMPKEY" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
- fi
- # for using memory optimization setting on both curve25519 and ed25519
- ENABLED_CURVED25519_SMALL=no
- # CURVE25519
- AC_ARG_ENABLE([curve25519],
- [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
- [ ENABLED_CURVE25519=$enableval ],
- [ ENABLED_CURVE25519=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_CURVE25519="yes"
- fi
- if test "$ENABLED_CURVE25519" = "small"
- then
- AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
- ENABLED_CURVED25519_SMALL=yes
- ENABLED_CURVE25519=yes
- fi
- if test "$ENABLED_CURVE25519" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
- ENABLED_FEMATH=yes
- fi
- AM_CONDITIONAL([BUILD_CURVE25519], [test "x$ENABLED_CURVE25519" = "xyes"])
- # ED25519
- AC_ARG_ENABLE([ed25519],
- [AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
- [ ENABLED_ED25519=$enableval ],
- [ ENABLED_ED25519=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_ED25519="yes"
- fi
- if test "$ENABLED_ED25519" = "small"
- then
- AM_CFLAGS="$AM_CFLAGS -DCURVED25519_SMALL"
- ENABLED_CURVED25519_SMALL=yes
- ENABLED_ED25519=yes
- fi
- if test "$ENABLED_ED25519" = "yes"
- then
- if test "$ENABLED_SHA512" = "no"
- then
- AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])
- fi
- ENABLED_FEMATH=yes
- ENABLED_GEMATH=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
- fi
- AM_CONDITIONAL([BUILD_ED25519], [test "x$ENABLED_ED25519" = "xyes"])
- AM_CONDITIONAL([BUILD_CURVED25519_SMALL], [test "x$ENABLED_CURVED25519_SMALL" = "xyes"])
- AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"])
- AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"])
- # FP ECC, Fixed Point cache ECC
- AC_ARG_ENABLE([fpecc],
- [ --enable-fpecc Enable Fixed Point cache ECC (default: disabled)],
- [ ENABLED_FPECC=$enableval ],
- [ ENABLED_FPECC=no ]
- )
- if test "$ENABLED_FPECC" = "yes"
- then
- if test "$ENABLED_ECC" = "no"
- then
- AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
- fi
- # ECC encrypt
- AC_ARG_ENABLE([eccencrypt],
- [ --enable-eccencrypt Enable ECC encrypt (default: disabled)],
- [ ENABLED_ECC_ENCRYPT=$enableval ],
- [ ENABLED_ECC_ENCRYPT=no ]
- )
- if test "$ENABLED_ECC_ENCRYPT" = "yes"
- then
- if test "$ENABLED_ECC" = "no"
- then
- AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
- fi
- if test "$ENABLED_HKDF" = "no"
- then
- AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
- fi
- # PSK
- AC_ARG_ENABLE([psk],
- [ --enable-psk Enable PSK (default: disabled)],
- [ ENABLED_PSK=$enableval ],
- [ ENABLED_PSK=no ]
- )
- # ERROR STRINGS
- AC_ARG_ENABLE([errorstrings],
- [ --enable-errorstrings Enable error strings table (default: enabled)],
- [ ENABLED_ERROR_STRINGS=$enableval ],
- [ ENABLED_ERROR_STRINGS=yes ]
- )
- if test "$ENABLED_ERROR_STRINGS" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
- else
- # turn off error strings if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
- ENABLED_ERROR_STRINGS=no
- fi
- fi
- # OLD TLS
- AC_ARG_ENABLE([oldtls],
- [ --enable-oldtls Enable old TLS versions < 1.2 (default: enabled)],
- [ ENABLED_OLD_TLS=$enableval ],
- [ ENABLED_OLD_TLS=yes ]
- )
- if test "$ENABLED_OLD_TLS" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
- else
- # turn off old if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
- ENABLED_OLD_TLS=no
- fi
- fi
- # SSLv3
- AC_ARG_ENABLE([sslv3],
- [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
- [ ENABLED_SSLV3=$enableval ],
- [ ENABLED_SSLV3=no]
- )
- if test "$ENABLED_SSLV3" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
- fi
- # STACK SIZE info for examples
- AC_ARG_ENABLE([stacksize],
- [ --enable-stacksize Enable stack size info on examples (default: disabled)],
- [ ENABLED_STACKSIZE=$enableval ],
- [ ENABLED_STACKSIZE=no ]
- )
- if test "$ENABLED_STACKSIZE" = "yes"
- then
- AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
- AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
- AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE -DWOLFSSL_LOW_MEMORY"
- fi
- # MEMORY
- AC_ARG_ENABLE([memory],
- [ --enable-memory Enable memory callbacks (default: enabled)],
- [ ENABLED_MEMORY=$enableval ],
- [ ENABLED_MEMORY=yes ]
- )
- if test "$ENABLED_MEMORY" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
- else
- # turn off memory cb if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- # but don't turn on NO_WOLFSSL_MEMORY because using own
- ENABLED_MEMORY=no
- fi
- fi
- AM_CONDITIONAL([BUILD_MEMORY], [test "x$ENABLED_MEMORY" = "xyes"])
- # RSA
- AC_ARG_ENABLE([rsa],
- [ --enable-rsa Enable RSA (default: enabled)],
- [ ENABLED_RSA=$enableval ],
- [ ENABLED_RSA=yes ]
- )
- if test "$ENABLED_RSA" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
- else
- # turn off RSA if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
- ENABLED_RSA=no
- fi
- fi
- AM_CONDITIONAL([BUILD_RSA], [test "x$ENABLED_RSA" = "xyes"])
- # DH
- AC_ARG_ENABLE([dh],
- [AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
- [ ENABLED_DH=$enableval ],
- [ ENABLED_DH=yes ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_DH="yes"
- fi
- if test "$ENABLED_DH" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DH"
- else
- # turn off DH if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DH"
- ENABLED_DH=no
- fi
- fi
- AM_CONDITIONAL([BUILD_DH], [test "x$ENABLED_DH" = "xyes"])
- # Anonymous
- AC_ARG_ENABLE([anon],
- [AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
- [ ENABLED_ANON=$enableval ],
- [ ENABLED_ANON=no ]
- )
- if test "x$ENABLED_ANON" = "xyes"
- then
- if test "x$ENABLED_DH" != "xyes"
- then
- AC_MSG_ERROR([Anonymous suite requires DH.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
- fi
- # ASN
- # turn off asn, which means no certs, no rsa, no dsa, no ecc,
- # and no big int (unless dh is on)
- AC_ARG_ENABLE([asn],
- [ --enable-asn Enable ASN (default: enabled)],
- [ ENABLED_ASN=$enableval ],
- [ ENABLED_ASN=yes ]
- )
- if test "$ENABLED_ASN" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
- if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" == "no"
- then
- # DH and ECC need bigint
- AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
- fi
- else
- # turn off ASN if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS -DNO_BIG_INT"
- ENABLED_ASN=no
- fi
- fi
- if test "$ENABLED_RSA" = "yes" && test "$ENABLED_ASN" = "no"
- then
- AC_MSG_ERROR([please disable rsa if disabling asn.])
- fi
- if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
- then
- AC_MSG_ERROR([please disable dsa if disabling asn.])
- fi
- # DH and ECC need bigint
- if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
- then
- ENABLED_FASTMATH=no
- ENABLED_SLOWMATH=no
- fi
- AM_CONDITIONAL([BUILD_ASN], [test "x$ENABLED_ASN" = "xyes"])
- # AES
- AC_ARG_ENABLE([aes],
- [ --enable-aes Enable AES (default: enabled)],
- [ ENABLED_AES=$enableval ],
- [ ENABLED_AES=yes ]
- )
- if test "$ENABLED_AES" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_AES"
- if test "$ENABLED_FORTRESS" = "yes"
- then
- AC_MSG_ERROR([fortress requires aes])
- fi
- if test "$ENABLED_ECC_ENCRYPT" = "yes"
- then
- AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
- fi
- if test "$ENABLED_AESGCM" = "yes"
- then
- AC_MSG_ERROR([AESGCM requires AES.])
- fi
- if test "$ENABLED_AESCCM" = "yes"
- then
- AC_MSG_ERROR([AESCCM requires AES.])
- fi
- else
- # turn off AES if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_AES"
- ENABLED_AES=no
- fi
- fi
- AM_CONDITIONAL([BUILD_AES], [test "x$ENABLED_AES" = "xyes"])
- # CODING
- AC_ARG_ENABLE([coding],
- [ --enable-coding Enable Coding base 16/64 (default: enabled)],
- [ ENABLED_CODING=$enableval ],
- [ ENABLED_CODING=yes ]
- )
- if test "$ENABLED_CODING" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
- else
- # turn off CODING if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
- ENABLED_CODING=no
- fi
- fi
- AM_CONDITIONAL([BUILD_CODING], [test "x$ENABLED_CODING" = "xyes"])
- # Base64 Encode
- BASE64ENCODE_DEFAULT=no
- if test "$host_cpu" = "x86_64"
- then
- BASE64ENCODE_DEFAULT=yes
- fi
- AC_ARG_ENABLE([base64encode],
- [ --enable-base64encode Enable Base64 encoding (default: enabled on x86_64)],
- [ ENABLED_BASE64ENCODE=$enableval ],
- [ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
- )
- if test "$ENABLED_BASE64ENCODE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
- fi
- # DES3
- AC_ARG_ENABLE([des3],
- [AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
- [ ENABLED_DES3=$enableval ],
- [ ENABLED_DES3=no ]
- )
- # IDEA
- AC_ARG_ENABLE([idea],
- [AS_HELP_STRING([--enable-idea],[Enable IDEA Cipher (default: disabled)])],
- [ ENABLED_IDEA=$enableval ],
- [ ENABLED_IDEA=no ]
- )
- if test "x$ENABLED_IDEA" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_IDEA"
- fi
- AM_CONDITIONAL([BUILD_IDEA], [test "x$ENABLED_IDEA" = "xyes"])
- # ARC4
- AC_ARG_ENABLE([arc4],
- [ --enable-arc4 Enable ARC4 (default: disabled)],
- [ ENABLED_ARC4=$enableval ],
- [ ENABLED_ARC4=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_ARC4="yes"
- fi
- if test "$ENABLED_ARC4" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
- else
- # turn off ARC4 if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
- ENABLED_ARC4=no
- fi
- fi
- AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"])
- # MD5
- AC_ARG_ENABLE([md5],
- [ --enable-md5 Enable MD5 (default: enabled)],
- [ ENABLED_MD5=$enableval ],
- [ ENABLED_MD5=yes ]
- )
- if test "$ENABLED_MD5" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
- else
- # turn off MD5 if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
- ENABLED_MD5=no
- fi
- fi
- AM_CONDITIONAL([BUILD_MD5], [test "x$ENABLED_MD5" = "xyes"])
- # SHA
- AC_ARG_ENABLE([sha],
- [ --enable-sha Enable SHA (default: enabled)],
- [ ENABLED_SHA=$enableval ],
- [ ENABLED_SHA=yes ]
- )
- if test "$ENABLED_SHA" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
- else
- # turn off SHA if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
- ENABLED_SHA=no
- fi
- fi
- AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
- # CMAC
- AC_ARG_ENABLE([cmac],
- [AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
- [ ENABLED_CMAC=$enableval ],
- [ ENABLED_CMAC=no ]
- )
- AS_IF([test "x$ENABLED_CMAC" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
- AM_CONDITIONAL([BUILD_CMAC], [test "x$ENABLED_CMAC" = "xyes"])
- # Web Server Build
- AC_ARG_ENABLE([webserver],
- [ --enable-webserver Enable Web Server (default: disabled)],
- [ ENABLED_WEBSERVER=$enableval ],
- [ ENABLED_WEBSERVER=no ]
- )
- if test "$ENABLED_WEBSERVER" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
- fi
- # HC128
- AC_ARG_ENABLE([hc128],
- [ --enable-hc128 Enable HC-128 (default: disabled)],
- [ ENABLED_HC128=$enableval ],
- [ ENABLED_HC128=no ]
- )
- if test "$ENABLED_HC128" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_HC128"
- else
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HC128"
- fi
- AM_CONDITIONAL([BUILD_HC128], [test "x$ENABLED_HC128" = "xyes"])
- # RABBIT
- AC_ARG_ENABLE([rabbit],
- [ --enable-rabbit Enable RABBIT (default: disabled)],
- [ ENABLED_RABBIT=$enableval ],
- [ ENABLED_RABBIT=no ]
- )
- if test "$ENABLED_RABBIT" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RABBIT"
- else
- AM_CFLAGS="$AM_CFLAGS -DHAVE_RABBIT"
- fi
- AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
- # FIPS
- AC_ARG_ENABLE([fips],
- [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
- [ ENABLED_FIPS=$enableval ],
- [ ENABLED_FIPS=no ]
- )
- if test "x$ENABLED_FIPS" = "xyes"
- then
- # requires thread local storage
- if test "$thread_ls_on" = "no"
- then
- AC_MSG_ERROR([FIPS requires Thread Local Storage])
- fi
- # requires SHA512
- if test "x$ENABLED_SHA512" = "xno"
- then
- ENABLED_SHA512="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
- AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
- fi
- # requires AESGCM
- if test "x$ENABLED_AESGCM" != "xyes"
- then
- ENABLED_AESGCM="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
- AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
- fi
- # requires DES3
- if test "x$ENABLED_DES3" = "xno"
- then
- ENABLED_DES3="yes"
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
- fi
- AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
- # set POLY1305 default
- POLY1305_DEFAULT=yes
- if test "x$ENABLED_FIPS" = "xyes"
- then
- POLY1305_DEFAULT=no
- fi
- # POLY1305
- AC_ARG_ENABLE([poly1305],
- [AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
- [ ENABLED_POLY1305=$enableval ],
- [ ENABLED_POLY1305=$POLY1305_DEFAULT]
- )
- # leanpsk and leantls don't need poly1305
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- ENABLED_POLY1305=no
- fi
- if test "$ENABLED_POLY1305" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
- fi
- AM_CONDITIONAL([BUILD_POLY1305], [test "x$ENABLED_POLY1305" = "xyes"])
- # set CHACHA default
- CHACHA_DEFAULT=yes
- if test "x$ENABLED_FIPS" = "xyes"
- then
- CHACHA_DEFAULT=no
- fi
- # CHACHA
- AC_ARG_ENABLE([chacha],
- [ --enable-chacha Enable CHACHA (default: enabled)],
- [ ENABLED_CHACHA=$enableval ],
- [ ENABLED_CHACHA=$CHACHA_DEFAULT]
- )
- # leanpsk and leantls don't need chacha
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- ENABLED_CHACHA=no
- fi
- if test "$ENABLED_CHACHA" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
- fi
- AM_CONDITIONAL([BUILD_CHACHA], [test "x$ENABLED_CHACHA" = "xyes"])
- # Hash DRBG
- AC_ARG_ENABLE([hashdrbg],
- [ --enable-hashdrbg Enable Hash DRBG support (default: enabled)],
- [ ENABLED_HASHDRBG=$enableval ],
- [ ENABLED_HASHDRBG=yes ]
- )
- if test "x$ENABLED_HASHDRBG" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
- else
- # turn on Hash DRBG if FIPS is on or ARC4 is off
- if test "x$ENABLED_FIPS" = "xyes" || test "x$ENABLED_ARC4" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
- ENABLED_HASHDRBG=yes
- fi
- fi
- # Filesystem Build
- AC_ARG_ENABLE([filesystem],
- [ --enable-filesystem Enable Filesystem support (default: enabled)],
- [ ENABLED_FILESYSTEM=$enableval ],
- [ ENABLED_FILESYSTEM=yes ]
- )
- if test "$ENABLED_FILESYSTEM" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
- else
- # turn off filesystem if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
- ENABLED_FILESYSTEM=no
- fi
- fi
- # inline Build
- AC_ARG_ENABLE([inline],
- [ --enable-inline Enable inline functions (default: enabled)],
- [ ENABLED_INLINE=$enableval ],
- [ ENABLED_INLINE=yes ]
- )
- if test "$ENABLED_INLINE" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
- fi
- AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"])
- # OCSP
- AC_ARG_ENABLE([ocsp],
- [ --enable-ocsp Enable OCSP (default: disabled)],
- [ ENABLED_OCSP=$enableval ],
- [ ENABLED_OCSP=no ],
- )
- if test "$ENABLED_OCSP" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
- fi
- AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
- if test "$ENABLED_OCSP" = "yes"
- then
- # check openssl command tool for testing ocsp
- AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
- if test "$HAVE_OPENSSL_CMD" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
- else
- AC_MSG_WARN([openssl command line tool not available for testing ocsp])
- fi
- fi
- # Certificate Status Request : a.k.a. OCSP Stapling
- AC_ARG_ENABLE([ocspstapling],
- [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
- )
- if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
- AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
- fi
- fi
- AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
- # Certificate Status Request v2 : a.k.a. OCSP stapling v2
- AC_ARG_ENABLE([ocspstapling2],
- [AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
- )
- if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
- AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
- fi
- fi
- AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
- # CRL
- AC_ARG_ENABLE([crl],
- [ --enable-crl Enable CRL (default: disabled)],
- [ ENABLED_CRL=$enableval ],
- [ ENABLED_CRL=no ],
- )
- if test "$ENABLED_CRL" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- fi
- AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
- # CRL Monitor
- AC_ARG_ENABLE([crl-monitor],
- [ --enable-crl-monitor Enable CRL Monitor (default: disabled)],
- [ ENABLED_CRL_MONITOR=$enableval ],
- [ ENABLED_CRL_MONITOR=no ],
- )
- if test "$ENABLED_CRL_MONITOR" = "yes"
- then
- case $host_os in
- *linux* | *darwin* | *freebsd*)
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR" ;;
- *)
- AC_MSG_ERROR([crl monitor only allowed on linux, OS X, or freebsd]) ;;
- esac
- fi
- AM_CONDITIONAL([BUILD_CRL_MONITOR], [test "x$ENABLED_CRL_MONITOR" = "xyes"])
- # USER CRYPTO
- ENABLED_USER_CRYPTO="no"
- ENABLED_USER_RSA="no"
- AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
- trycryptodir=""
- AC_ARG_WITH([user-crypto],
- [AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
- [
- CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
- LIBS="$LIBS -lusercrypto"
- if test "x$withval" != "xno" ; then
- trycryptodir=$withval
- fi
- if test "x$withval" == "xyes" ; then
- trycryptodir="/usr/local"
- fi
- LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
- CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
- #Look for RSA Init function in usercrypto lib
- AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
- if test "x$user_rsa_linked" == "xyes" ; then
- AC_MSG_NOTICE([User user_rsa.h being used])
- AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
- ENABLED_USER_RSA=yes
- ENABLED_USER_CRYPTO=yes
- fi
- #Display check and find result of link attempts
- AC_MSG_CHECKING([for USER_CRYPTO])
- if test "x$ENABLED_USER_CRYPTO" == "xno" ; then
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
- Specify its path using --with-user-crypto=/dir/])
- else
- AC_MSG_RESULT([yes])
- # Check if .la is available if not then rely on exported path
- AC_CHECK_FILE($trycryptodir/lib/libusercrypto.la, [LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"], [LIB_ADD="-lusercrypto $LIB_ADD"])
- AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
- fi
- ]
- )
- AM_CONDITIONAL([BUILD_USER_RSA], [test "x$ENABLED_USER_RSA" == "xyes"] )
- AM_CONDITIONAL([BUILD_USER_CRYPTO], [test "x$ENABLED_USER_CRYPTO" = "xyes"])
- if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
- then
- AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
- fi
- # NTRU
- ENABLED_NTRU="no"
- tryntrudir=""
- AC_ARG_WITH([ntru],
- [AS_HELP_STRING([--with-ntru=PATH],[Path to NTRU install (default /usr/)])],
- [
- AC_MSG_CHECKING([for NTRU])
- CPPFLAGS="$CPPFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
- LIBS="$LIBS -lntruencrypt"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
- if test "x$ntru_linked" == "xno" ; then
- if test "x$withval" != "xno" ; then
- tryntrudir=$withval
- fi
- if test "x$withval" == "xyes" ; then
- tryntrudir="/usr"
- fi
- LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryntrudir/lib"
- CPPFLAGS="$CPPFLAGS -I$tryntrudir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <libntruencrypt/ntru_crypto_drbg.h>]], [[ ntru_crypto_drbg_instantiate(0, 0, 0, 0, 0); ]])], [ ntru_linked=yes ],[ ntru_linked=no ])
- if test "x$ntru_linked" == "xno" ; then
- AC_MSG_ERROR([NTRU isn't found.
- If it's already installed, specify its path using --with-ntru=/dir/])
- fi
- AC_MSG_RESULT([yes])
- AM_LDFLAGS="$AM_LDFLAGS -L$tryntrudir/lib"
- else
- AC_MSG_RESULT([yes])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_QSH -DHAVE_TLS_EXTENSIONS"
- ENABLED_NTRU="yes"
- ]
- )
- AM_CONDITIONAL([BUILD_NTRU], [test "x$ENABLED_NTRU" = "xyes"])
- # Whitewood netRandom client library
- ENABLED_WNR="no"
- trywnrdir=""
- AC_ARG_WITH([wnr],
- [AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
- [
- AC_MSG_CHECKING([for Whitewood netRandom])
- CPPFLAGS="$CPPFLAGS -DHAVE_WNR"
- LIBS="$LIBS -lwnr"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
- if test "x$wnr_linked" == "xno" ; then
- if test "x$withval" != "xno" ; then
- trywnrdir=$withval
- fi
- if test "x$withval" == "xyes" ; then
- trywnrdir="/usr/local"
- fi
- LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
- CPPFLAGS="$CPPFLAGS -I$trywnrdir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
- if test "x$wnr_linked" == "xno" ; then
- AC_MSG_ERROR([Whitewood netRandom isn't found.
- If it's already installed, specify its path using --with-wnr=/dir/])
- fi
- AC_MSG_RESULT([yes])
- AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
- else
- AC_MSG_RESULT([yes])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
- ENABLED_WNR="yes"
- ]
- )
- AM_CONDITIONAL([BUILD_WNR], [test "x$ENABLED_WNR" = "xyes"])
- # SNI
- AC_ARG_ENABLE([sni],
- [ --enable-sni Enable SNI (default: disabled)],
- [ ENABLED_SNI=$enableval ],
- [ ENABLED_SNI=no ]
- )
- if test "x$ENABLED_SNI" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
- fi
- # Maximum Fragment Length
- AC_ARG_ENABLE([maxfragment],
- [ --enable-maxfragment Enable Maximum Fragment Length (default: disabled)],
- [ ENABLED_MAX_FRAGMENT=$enableval ],
- [ ENABLED_MAX_FRAGMENT=no ]
- )
- # ALPN
- AC_ARG_ENABLE([alpn],
- [ --enable-alpn Enable ALPN (default: disabled)],
- [ ENABLED_ALPN=$enableval ],
- [ ENABLED_ALPN=no ]
- )
- if test "x$ENABLED_ALPN" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
- fi
- # Maximum Fragment Length
- if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
- fi
- # Truncated HMAC
- AC_ARG_ENABLE([truncatedhmac],
- [ --enable-truncatedhmac Enable Truncated HMAC (default: disabled)],
- [ ENABLED_TRUNCATED_HMAC=$enableval ],
- [ ENABLED_TRUNCATED_HMAC=no ]
- )
- if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
- fi
- # Renegotiation Indication - (FAKE Secure Renegotiation)
- AC_ARG_ENABLE([renegotiation-indication],
- [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])],
- [ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
- [ ENABLED_RENEGOTIATION_INDICATION=no ]
- )
- if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
- fi
- # Secure Renegotiation
- AC_ARG_ENABLE([secure-renegotiation],
- [AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
- [ ENABLED_SECURE_RENEGOTIATION=$enableval ],
- [ ENABLED_SECURE_RENEGOTIATION=no ]
- )
- if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
- then
- if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
- then
- AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION"
- fi
- # Supported Elliptic Curves Extensions
- AC_ARG_ENABLE([supportedcurves],
- [AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
- [ ENABLED_SUPPORTED_CURVES=$enableval ],
- [ ENABLED_SUPPORTED_CURVES=yes ]
- )
- if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"
- fi
- # Session Ticket Extension
- AC_ARG_ENABLE([session-ticket],
- [AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
- [ ENABLED_SESSION_TICKET=$enableval ],
- [ ENABLED_SESSION_TICKET=no ]
- )
- if test "x$ENABLED_SESSION_TICKET" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
- fi
- # TLS Extensions
- AC_ARG_ENABLE([tlsx],
- [ --enable-tlsx Enable all TLS Extensions (default: disabled)],
- [ ENABLED_TLSX=$enableval ],
- [ ENABLED_TLSX=no ]
- )
- if test "x$ENABLED_TLSX" = "xyes"
- then
- ENABLED_SNI=yes
- ENABLED_MAX_FRAGMENT=yes
- ENABLED_TRUNCATED_HMAC=yes
- ENABLED_SUPPORTED_CURVES=yes
- ENABLED_ALPN=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_SUPPORTED_CURVES -DHAVE_ALPN"
- fi
- # PKCS7
- AC_ARG_ENABLE([pkcs7],
- [AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
- [ ENABLED_PKCS7=$enableval ],
- [ ENABLED_PKCS7=no ],
- )
- # Simple Certificate Enrollment Protocol (SCEP)
- AC_ARG_ENABLE([scep],
- [ --enable-scep Enable wolfSCEP (default: disabled)],
- [ ENABLED_WOLFSCEP=$enableval ],
- [ ENABLED_WOLFSCEP=no ]
- )
- # Secure Remote Password
- AC_ARG_ENABLE([srp],
- [ --enable-srp Enable Secure Remote Password (default: disabled)],
- [ ENABLED_SRP=$enableval ],
- [ ENABLED_SRP=no ]
- )
- if test "x$ENABLED_SRP" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
- fi
- AM_CONDITIONAL([BUILD_SRP], [test "x$ENABLED_SRP" = "xyes"])
- # Small Stack
- AC_ARG_ENABLE([smallstack],
- [ --enable-smallstack Enable Small Stack Usage (default: disabled)],
- [ ENABLED_SMALL_STACK=$enableval ],
- [ ENABLED_SMALL_STACK=no ]
- )
- if test "x$ENABLED_SMALL_STACK" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
- fi
- #valgrind
- AC_ARG_ENABLE([valgrind],
- [ --enable-valgrind Enable valgrind for unit tests (default: disabled)],
- [ ENABLED_VALGRIND=$enableval ],
- [ ENABLED_VALGRIND=no ]
- )
- if test "$ENABLED_VALGRIND" = "yes"
- then
- AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
- if test "$HAVE_VALGRIND" = "no"
- then
- AC_MSG_ERROR([Valgrind not found.])
- fi
- enable_shared=no
- enable_static=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
- fi
- AM_CONDITIONAL([USE_VALGRIND], [test "x$ENABLED_VALGRIND" = "xyes"])
- # Test certs, use internal cert functions for extra testing
- AC_ARG_ENABLE([testcert],
- [ --enable-testcert Enable Test Cert (default: disabled)],
- [ ENABLED_TESTCERT=$enableval ],
- [ ENABLED_TESTCERT=no ]
- )
- if test "$ENABLED_TESTCERT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
- fi
- # I/O Pool, an example to show user how to override memory handler and use
- # a pool for the input/output buffer requests
- AC_ARG_ENABLE([iopool],
- [ --enable-iopool Enable I/O Pool example (default: disabled)],
- [ ENABLED_IOPOOL=$enableval ],
- [ ENABLED_IOPOOL=no ]
- )
- if test "$ENABLED_IOPOOL" = "yes"
- then
- if test "$thread_ls_on" = "no"
- then
- AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
- fi
- # Certificate Service Support
- AC_ARG_ENABLE([certservice],
- [ --enable-certservice Enable cert service (default: disabled)],
- [ ENABLED_CERT_SERVICE=$enableval ],
- [ ENABLED_CERT_SERVICE=no ]
- )
- if test "$ENABLED_CERT_SERVICE" = "yes"
- then
- # Requires ecc,certgen, and opensslextra make sure on
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_ECC" = "xno"
- then
- ENABLED_ECC="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-
- if test "$ENABLED_ECC_SHAMIR" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- fi
- if test "x$ENABLED_OPENSSLEXTRA" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
- fi
- # wolfSSL JNI
- AC_ARG_ENABLE([jni],
- [ --enable-jni Enable wolfSSL JNI (default: disabled)],
- [ ENABLED_JNI=$enableval ],
- [ ENABLED_JNI=no ]
- )
- if test "$ENABLED_JNI" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI"
- # Enable prereqs if not already enabled
- if test "x$ENABLED_DTLS" = "xno"
- then
- ENABLED_DTLS="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
- fi
- if test "x$ENABLED_OPENSSLEXTRA" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- if test "x$ENABLED_CRL" = "xno"
- then
- ENABLED_CRL="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
- fi
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
- AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
- fi
- if test "x$ENABLED_CRL_MONITOR" = "xno"
- then
- ENABLED_CRL_MONITOR="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
- fi
- if test "x$ENABLED_SAVESESSION" = "xno"
- then
- ENABLED_SAVESESSION="yes"
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
- fi
- if test "x$ENABLED_SAVECERT" = "xno"
- then
- ENABLED_SAVECERT="yes"
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
- fi
- if test "x$ENABLED_ATOMICUSER" = "xno"
- then
- ENABLED_ATOMICUSER="yes"
- AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
- fi
- if test "x$ENABLED_ECC" = "xno"
- then
- ENABLED_ECC="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-
- if test "$ENABLED_ECC_SHAMIR" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- fi
- if test "x$ENABLED_PKCALLBACKS" = "xno"
- then
- ENABLED_PKCALLBACKS="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
- fi
- if test "x$ENABLED_DH" = "xno"
- then
- ENABLED_DH="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
- fi
- if test "x$ENABLED_PSK" = "xno"
- then
- ENABLED_PSK="yes"
- fi
- fi
- # lighty Support
- AC_ARG_ENABLE([lighty],
- [ --enable-lighty Enable lighttpd/lighty (default: disabled)],
- [ ENABLED_LIGHTY=$enableval ],
- [ ENABLED_LIGHTY=no ]
- )
- if test "$ENABLED_LIGHTY" = "yes"
- then
- # Requires opensslextra make sure on
- if test "x$ENABLED_OPENSSLEXTRA" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
- fi
- # stunnel Support
- AC_ARG_ENABLE([stunnel],
- [ --enable-stunnel Enable stunnel (default: disabled)],
- [ ENABLED_STUNNEL=$enableval ],
- [ ENABLED_STUNNEL=no ]
- )
- if test "$ENABLED_STUNNEL" = "yes"
- then
- # Requires opensslextra make sure on
- if test "x$ENABLED_OPENSSLEXTRA" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS"
- fi
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
- AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
- fi
- # Requires coding make sure on
- if test "x$ENABLED_CODING" = "xno"
- then
- ENABLED_CODING="yes"
- fi
- # Requires sessioncerts make sure on
- if test "x$ENABLED_SESSIONCERTS" = "xno"
- then
- ENABLED_SESSIONCERTS="yes"
- AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
- fi
- # Requires crls, make sure on
- if test "x$ENABLED_CRL" = "xno"
- then
- ENABLED_CRL="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- AM_CONDITIONAL([BUILD_CRL], [test "x$ENABLED_CRL" = "xyes"])
- fi
- # Requires tlsx, make sure on
- if test "x$ENABLED_TLSX" = "xno"
- then
- ENABLED_TLSX="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_SUPPORTED_CURVES"
- fi
- # Requires ecc make sure on
- if test "x$ENABLED_ECC" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- ENABLED_ECC="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- AM_CONDITIONAL([BUILD_ECC], [test "x$ENABLED_ECC" = "xyes"])
-
- if test "$ENABLED_ECC_SHAMIR" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
- fi
- if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
- && test "x$ENABLED_STUNNEL" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
- fi
- if test "$ENABLED_PSK" = "no" && \
- (test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
- then
- ENABLED_PSK=yes
- fi
- # MD4
- AC_ARG_ENABLE([md4],
- [ --enable-md4 Enable MD4 (default: disabled)],
- [ ENABLED_MD4=$enableval ],
- [ ENABLED_MD4=no ]
- )
- if test "$ENABLED_MD4" = "no"
- then
- #turn on MD4 if using stunnel
- if test "x$ENABLED_STUNNEL" = "xyes"
- then
- ENABLED_MD4="yes"
- else
- AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
- fi
- fi
- AM_CONDITIONAL([BUILD_MD4], [test "x$ENABLED_MD4" = "xyes"])
- # PWDBASED has to come after certservice since we want it on w/o explicit on
- # PWDBASED
- AC_ARG_ENABLE([pwdbased],
- [ --enable-pwdbased Enable PWDBASED (default: disabled)],
- [ ENABLED_PWDBASED=$enableval ],
- [ ENABLED_PWDBASED=no ]
- )
- if test "$ENABLED_PWDBASED" = "no"
- then
- if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes"
- then
- # opensslextra and webserver needs pwdbased
- ENABLED_PWDBASED=yes
- else
- AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
- fi
- fi
- AM_CONDITIONAL([BUILD_PWDBASED], [test "x$ENABLED_PWDBASED" = "xyes"])
- # wolfCrypt Only Build
- AC_ARG_ENABLE([cryptonly],
- [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
- [ENABLED_CRYPTONLY=$enableval],
- [ENABLED_CRYPTONLY=no])
- if test "$ENABLED_CRYPTONLY" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
- fi
- AM_CONDITIONAL([BUILD_CRYPTONLY], [test "x$ENABLED_CRYPTONLY" = "xyes"])
- if test "x$ENABLED_CRYPTONLY" = "xno"
- then
- if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
- then
- AC_MSG_ERROR([please enable psk if disabling asn.])
- fi
- if test "x$ENABLED_ECC" = "xyes" && test "x$ENABLED_ASN" = "xno"
- then
- AC_MSG_ERROR([please disable ecc if disabling asn.])
- fi
- fi
- # set fastmath default
- FASTMATH_DEFAULT=no
- if test "$host_cpu" = "x86_64"
- then
- FASTMATH_DEFAULT=yes
- fi
- # fastmath
- AC_ARG_ENABLE([fastmath],
- [ --enable-fastmath Enable fast math ops (default: enabled on x86_64)],
- [ ENABLED_FASTMATH=$enableval ],
- [ ENABLED_FASTMATH=$FASTMATH_DEFAULT]
- )
- if test "x$ENABLED_FASTMATH" = "xyes"
- then
- # turn off fastmth if leanpsk on or asn off (w/o DH and ECC)
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
- then
- if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
- then
- ENABLED_FASTMATH=no
- else
- AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
- ENABLED_SLOWMATH="no"
- fi
- else
- AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
- ENABLED_SLOWMATH="no"
- fi
- if test "$host_cpu" = "x86_64"
- then
- # Have settings.h set FP_MAX_BITS higher if user didn't set directly
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
- fi
- fi
- # fast HUGE math
- AC_ARG_ENABLE([fasthugemath],
- [ --enable-fasthugemath Enable fast math + huge code (default: disabled)],
- [ ENABLED_FASTHUGEMATH=$enableval ],
- [ ENABLED_FASTHUGEMATH=no ]
- )
- if test "$ENABLED_BUMP" = "yes"
- then
- ENABLED_FASTHUGEMATH="yes"
- fi
- if test "$ENABLED_FASTHUGEMATH" = "yes"
- then
- ENABLED_FASTMATH="yes"
- AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
- ENABLED_SLOWMATH="no"
- fi
- AM_CONDITIONAL([BUILD_FASTMATH], [test "x$ENABLED_FASTMATH" = "xyes"])
- AM_CONDITIONAL([BUILD_SLOWMATH], [test "x$ENABLED_SLOWMATH" = "xyes"])
- # Enable Examples, used to disable examples
- AC_ARG_ENABLE([examples],
- [ --enable-examples Enable Examples (default: enabled)],
- [ ENABLED_EXAMPLES=$enableval ],
- [ ENABLED_EXAMPLES=yes ]
- )
- AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
- AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
- AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
- AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
- AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS], [test "x$ENABLED_EXAMPLES" = "xyes"])
- AM_CONDITIONAL([BUILD_TESTS], [test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
- # Enable wolfCrypt test and benchmark
- AC_ARG_ENABLE([crypttests],
- [ --enable-crypttests Enable Crypt Bench/Test (default: enabled)],
- [ ENABLED_CRYPT_TESTS=$enableval ],
- [ ENABLED_CRYPT_TESTS=yes ]
- )
- AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS], [test "x$ENABLED_CRYPT_TESTS" = "xyes"])
- # LIBZ
- ENABLED_LIBZ="no"
- trylibzdir=""
- AC_ARG_WITH([libz],
- [ --with-libz=PATH PATH to libz install (default /usr/) ],
- [
- AC_MSG_CHECKING([for libz])
- CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
- LIBS="$LIBS -lz"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
- if test "x$libz_linked" == "xno" ; then
- if test "x$withval" != "xno" ; then
- trylibzdir=$withval
- fi
- if test "x$withval" == "xyes" ; then
- trylibzdir="/usr"
- fi
- AM_LDFLAGS="$AM_LDFLAGS -L$trylibzdir/lib"
- CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
- if test "x$libz_linked" == "xno" ; then
- AC_MSG_ERROR([libz isn't found.
- If it's already installed, specify its path using --with-libz=/dir/])
- fi
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([yes])
- fi
- ENABLED_LIBZ="yes"
- ]
- )
- AM_CONDITIONAL([BUILD_LIBZ], [test "x$ENABLED_LIBZ" = "xyes"])
- # cavium
- trycaviumdir=""
- AC_ARG_WITH([cavium],
- [ --with-cavium=PATH PATH to cavium/software dir ],
- [
- AC_MSG_CHECKING([for cavium])
- CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
- if test "x$withval" == "xyes" ; then
- AC_MSG_ERROR([need a PATH for --with-cavium])
- fi
- if test "x$withval" != "xno" ; then
- trycaviumdir=$withval
- fi
- LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
- CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
- if test "x$cavium_linked" == "xno" ; then
- AC_MSG_ERROR([cavium isn't found.
- If it's already installed, specify its path using --with-cavium=/dir/])
- fi
- AC_MSG_RESULT([yes])
- enable_shared=no
- enable_static=yes
- ENABLED_CAVIUM=yes
- ],
- [ ENABLED_CAVIUM=no ]
- )
- # cavium V
- trycaviumdir=""
- AC_ARG_WITH([cavium-v],
- [ --with-cavium-v=PATH PATH to Cavium V/software dir ],
- [
- AC_MSG_CHECKING([for cavium])
- CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
- if test "x$withval" == "xyes" ; then
- AC_MSG_ERROR([need a PATH for --with-cavium])
- fi
- if test "x$withval" != "xno" ; then
- trycaviumdir=$withval
- fi
- LDFLAGS="$AM_LDFLAGS $trycaviumdir/utils/sample_tests/cavium_common.o $trycaviumdir/utils/sample_tests/cavium_sym_crypto.o $trycaviumdir/utils/sample_tests/cavium_asym_crypto.o"
- CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
- #AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(0); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
- if test "x$cavium_linked" == "xno" ; then
- AC_MSG_ERROR([cavium isn't found.
- If it's already installed, specify its path using --with-cavium-v=/dir/])
- fi
- AC_MSG_RESULT([yes])
- enable_shared=no
- enable_static=yes
- ENABLED_CAVIUM=yes
- ENABLED_CAVIUM_V=yes
- ],
- [
- ENABLED_CAVIUM_=no
- ENABLED_CAVIUM_V=no
- ]
- )
- AM_CONDITIONAL([BUILD_CAVIUM], [test "x$ENABLED_CAVIUM" = "xyes"])
- # Fast RSA using Intel IPP
- ippdir="${srcdir}/IPP"
- ipplib="lib" # if autoconf guesses 32bit system changes lib directory
- fastRSA_found=no
- abs_path=`pwd`
- # set up variables used
- IPPLIBS=
- IPPHEADERS=
- IPPLINK=
- AC_ARG_ENABLE([fast-rsa],
- [AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
- [ ENABLED_FAST_RSA=$enableval ],
- [ ENABLED_FAST_RSA=no ],
- )
- if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
- if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
- ipplib="lib_32" # 32 bit OS detected
- fi
- # Use static IPP Libraries
- if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
- case $host_os in
- *darwin*)
- ipplib="$ipplib/mac_static"
- AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
- Dynamic IPP libraries supported on Mac])
- break;;
- *linux*)
- ipplib="$ipplib/linux_static"
- break;;
- *)
- ENABLED_FAST_RSA=no
- esac
- AC_CHECK_FILES([$srcdir/IPP/$ipplib/libippcore.a $srcdir/IPP/$ipplib/libippcp.a], [], [ENABLED_FAST_RSA=no])
- AC_CHECK_FILES([$srcdir/IPP/include/ipp.h $srcdir/IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
- LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
- if test "$ENABLED_FAST_RSA" = "no"; then
- AC_MSG_ERROR([Could not find fast rsa libraries])
- fi
- else
- # Check for and use bundled IPP libraries
- if test "$ENABLED_FAST_RSA" = "yes"; then
- AC_MSG_NOTICE([Using local IPP crypto library])
- AC_CHECK_FILES([$abs_path/IPP/include/ippcp.h],
- [
- # build and default locations on linux and mac
- STORE_LDFLAGS=${LDFLAGS}
- STORE_CPPFLAGS=${CPPFLAGS}
- # using LDFLAGS instead of AM_ temporarily to test link to library
- LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
- CPPFLAGS="-I$ippdir/include"
- AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
- name="$ippdir/$ipplib/libippcp"
- case $host_os in
- *darwin*)
- # check file existence and conditionally set variables
- AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.dylib], [
- IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
- IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
- ], [fastRSA_found=no])
- break;;
- *linux*)
- # check file existence and conditionally set variables
- AC_CHECK_FILES([$abs_path/IPP/$ipplib/libippcp.so.9.0], [
- if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
- IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
- IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
- else
- IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
- IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
- fi
- ], [fastRSA_found=no])
- break;;
- *)
- fastRSA_found=no
- esac
- if test "$fastRSA_found" = "yes"; then
- # was succesfull so add tested LDFLAGS to AM_ flags
- AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
- AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
- IPPHEADERS="${srcdir}/IPP/include/*.h"
- fi
- # restore LDFLAGS to user set
- LDFLAGS=${STORE_LDFLAGS}
- CPPFLAGS=${STORE_CPPFLAGS}
- ], [fastRSA_found=no])
- fi
- # Don't cache the result so it can be checked
- AS_UNSET([ac_cv_header_ippcp_h])
- AS_UNSET([ac_cv_header_ipp_h])
- AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
- # Check link and see if user has pre-existing IPP Libraries if not using local
- if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
- AC_MSG_NOTICE([Checking if IPP crypto library installed])
- AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
- [
- fastRSA_found=yes
- AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
- ], [ fastRSA_found=no])
- ], [fastRSA_found=no])
- # Error out on not finding libraries
- if test "$fastRSA_found" = "no"; then
- AC_MSG_ERROR([Could not find fast rsa libraries])
- fi
- fi
- fi # end of if for shared library
- else # if user rsa is set than do not use fast rsa option
- if test "$ENABLED_FAST_RSA" = "yes"; then
- AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
- fi
- fi # end of if for user rsa crypto or fips
- # End result of checking for IPP Libraries
- AC_MSG_CHECKING([for fast RSA])
- if test "$ENABLED_FAST_RSA" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
- # add in user crypto header that uses Intel IPP
- AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
- if test "$enable_shared" = "yes"; then
- LIBS="$LIBS -lippcore -lippcp"
- LIB_ADD="-lippcp -lippcore $LIB_ADD"
- else
- LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
- fi
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- fi
- AC_SUBST([IPPLIBS])
- AC_SUBST([IPPHEADERS])
- AC_SUBST([IPPLINK])
- AM_CONDITIONAL([BUILD_FAST_RSA], [test "x$ENABLED_FAST_RSA" = "xyes"])
- # static memory use
- AC_ARG_ENABLE([staticmemory],
- [AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
- [ ENABLED_STATICMEMORY=$enableval ],
- [ ENABLED_STATICMEMORY=no ]
- )
- if test "x$ENABLED_STATICMEMORY" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
- if test "x$ENABLED_FASTMATH" = "xno"
- then
- AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.])
- fi
- fi
- # microchip api
- AC_ARG_ENABLE([mcapi],
- [ --enable-mcapi Enable Microchip API (default: disabled)],
- [ ENABLED_MCAPI=$enableval ],
- [ ENABLED_MCAPI=no ]
- )
- if test "$ENABLED_MCAPI" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
- fi
- if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
- then
- AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
- fi
- if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
- then
- AC_MSG_ERROR([please enable ecc if enabling mcapi.])
- fi
- if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
- then
- AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
- fi
- AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"])
- # Asynchronous Crypto
- AC_ARG_ENABLE([asynccrypt],
- [ --enable-asynccrypt Enable Asynchronous Crypto (default: disabled)],
- [ ENABLED_ASYNCCRYPT=$enableval ],
- [ ENABLED_ASYNCCRYPT=no ]
- )
- if test "$ENABLED_ASYNCCRYPT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT"
-
- # if Cavium not enabled the use async simulator for testing
- if test "x$ENABLED_CAVIUM" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
- fi
- fi
- AM_CONDITIONAL([BUILD_ASYNCCRYPT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
- AM_CONDITIONAL([BUILD_WOLFEVENT], [test "x$ENABLED_ASYNCCRYPT" = "xyes"])
- # Session Export
- AC_ARG_ENABLE([sessionexport],
- [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
- [ ENABLED_SESSIONEXPORT=$enableval ],
- [ ENABLED_SESSIONEXPORT=no ]
- )
- if test "$ENABLED_SESSIONEXPORT" = "yes"
- then
- if test "$ENABLED_DTLS" = "no"
- then
- AC_MSG_ERROR([Only DTLS supported with session export])
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
- fi
- # check if PSK was enabled for conditionally running psk.test script
- AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
- # check if should run the trusted peer certs test
- # (for now checking both C_FLAGS and C_EXTRA_FLAGS)
- case $C_EXTRA_FLAGS in
- *WOLFSSL_TRUST_PEER_CERT*)
- have_tp=yes
- break;;
- *)
- have_tp=no ;;
- esac
- if test "$have_tp" = "no"; then
- case $C_FLAGS in
- *WOLFSSL_TRUST_PEER_CERT*)
- have_tp=yes
- break;;
- *)
- have_tp=no ;;
- esac
- fi
- AM_CONDITIONAL([BUILD_TRUST_PEER_CERT], [test "x$have_tp" = "xyes"])
- ################################################################################
- # Check for build-type conflicts #
- ################################################################################
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
- test "x$ENABLED_LEANPSK" = "xyes"],
- [AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
- AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
- test "x$ENABLED_ASN" = "xno"],
- [AC_MSG_ERROR([please enable asn if enabling ocsp.])])
- AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
- test "x$ENABLED_RSA" = "xno" && \
- test "x$ENABLED_ECC" = "xno"],
- [AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
- # checks for pkcs7 needed enables
- AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
- test "x$ENABLED_RSA" = "xno"],
- [AC_MSG_ERROR([please enable rsa if enabling pkcs7.])])
- AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
- test "x$ENABLED_SHA" = "xno"],
- [AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
- AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
- test "x$ENABLED_ECC" = "xno"],
- [AC_MSG_ERROR([please enable ecc if enabling leantls.])])
- AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
- test "x$ENABLED_RSA" = "xno"],
- [AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
- # Lean TLS forces off prereqs of SCEP.
- AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
- test "x$ENABLED_LEANTLS" = "xyes"],
- [AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
- # CMAC currently requires AES.
- AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
- test "x$ENABLED_AES" = "xno"],
- [AC_MSG_ERROR([cannot use CMAC without AES.])])
- ################################################################################
- # Update CFLAGS based on options #
- ################################################################################
- if test "$ENABLED_WOLFSCEP" = "yes"
- then
- # Enable prereqs if not already enabled
- if test "x$ENABLED_KEYGEN" = "xno"
- then
- ENABLED_KEYGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
- fi
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_CERTREQ" = "xno"
- then
- ENABLED_CERTREQ="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- if test "x$ENABLED_PKCS7" = "xno"
- then
- ENABLED_PKCS7="yes"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
- fi
- if test "x$ENABLED_PKCS7" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
- # Enable prereqs if not already enabled
- AS_IF([test "x$ENABLED_DES3" = "xno"],
- [ENABLED_DES3=yes])
- fi
- if test "x$ENABLED_DES3" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
- else
- # turn off DES3 if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
- ENABLED_DES3=no
- fi
- fi
- AM_CONDITIONAL([BUILD_DES3], [test "x$ENABLED_DES3" = "xyes"])
- AM_CONDITIONAL([BUILD_PKCS7], [test "x$ENABLED_PKCS7" = "xyes"])
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"])
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
- test "x$ENABLED_OLD_TLS" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
- ENABLED_OLD_TLS=no])
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
- test "x$ENABLED_SSLV3" = "xyes"],
- [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
- AS_IF([test "x$ENABLED_SCTP" = "xyes"],
- [AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
- # SCTP requires DTLS
- AS_IF([test "x$ENABLED_DTLS" = "xno" && \
- test "x$ENABLED_SCTP" = "xyes"],
- [AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
- ENABLED_DTLS=yes])
- ################################################################################
- # OPTIMIZE FLAGS
- if test "$GCC" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
- if test "$ax_enable_debug" = "no"
- then
- if test "$ENABLED_FASTMATH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
- if test "$ENABLED_FASTHUGEMATH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
- fi
- else
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
- fi
- fi
- fi
- # ICC command line warning for non supported warning flags
- if test "$CC" = "icc"
- then
- AM_CFLAGS="$AM_CFLAGS -wd10006"
- fi
- # Expose HAVE___UINT128_T to options flags"
- if test "$ac_cv_type___uint128_t" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T"
- fi
- LIB_SOCKET_NSL
- AX_HARDEN_CC_COMPILER_FLAGS
- # if mingw then link to ws2_32 for sockets
- case $host_os in
- mingw*)
- LDFLAGS="$LDFLAGS -lws2_32"
- if test "$enable_shared" = "yes"
- then
- AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
- if test "$enable_static" = "yes"
- then
- MINGW_LIB_WARNING="yes"
- fi
- fi ;;
- esac
- # add user C_EXTRA_FLAGS back
- CFLAGS="$CFLAGS $USER_C_EXTRA_FLAGS"
- OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $AM_CFLAGS"
- CREATE_HEX_VERSION
- AC_SUBST([AM_CPPFLAGS])
- AC_SUBST([AM_CFLAGS])
- AC_SUBST([AM_LDFLAGS])
- AC_SUBST([AM_CCASFLAGS])
- AC_SUBST([LIB_ADD])
- AC_SUBST([LIB_STATIC_ADD])
- # FINAL
- AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
- AC_CONFIG_FILES([Makefile])
- AC_CONFIG_FILES([wolfssl/version.h])
- AC_CONFIG_FILES([wolfssl/options.h])
- #have options.h and version.h for autoconf fips tag and build
- #if test "x$ENABLED_FIPS" = "xyes"
- #then
- # AC_CONFIG_FILES([cyassl/version.h])
- # AC_CONFIG_FILES([cyassl/options.h])
- #fi
- AC_CONFIG_FILES([support/wolfssl.pc])
- AC_CONFIG_FILES([rpm/spec])
- AX_CREATE_GENERIC_CONFIG
- AX_AM_JOBSERVER([yes])
- AC_OUTPUT
- # force make clean
- echo "---"
- echo "Running make clean..."
- make clean >/dev/null 2>&1
- # generate user options header
- echo "---"
- echo "Generating user options header..."
- OPTION_FILE="wolfssl/options.h"
- #if
- #OPTION_FILE+="cyassl/options.h"
- #fi
- rm -f $OPTION_FILE
- echo "/* wolfssl options.h" > $OPTION_FILE
- echo " * generated from configure options" >> $OPTION_FILE
- echo " *" >> $OPTION_FILE
- echo " * Copyright (C) 2006-2015 wolfSSL Inc." >> $OPTION_FILE
- echo " *" >> $OPTION_FILE
- echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
- echo " *" >> $OPTION_FILE
- echo " */" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
- echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "#ifdef __cplusplus" >> $OPTION_FILE
- echo "extern \"C\" {" >> $OPTION_FILE
- echo "#endif" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- for option in $OPTION_FLAGS; do
- defonly=`echo $option | sed 's/-D//'`
- if test "$defonly" != "$option"
- then
- noequalsign=`echo $defonly | sed 's/=/ /'`
- if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
- then
- echo "not outputting (N)DEBUG to $OPTION_FILE"
- continue
- fi
- # allow user to igonore system options
- ignoresys=no
- if [[[ $noequalsign == _* ]]] ;
- then
- ignoresys=yes
- echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
- fi
- noarg=`echo $defonly | sed 's/=.*//'`
- echo "#undef $noarg" >> $OPTION_FILE
- echo "#define $noequalsign" >> $OPTION_FILE
- if test "$ignoresys" = "yes"
- then
- echo "#endif" >> $OPTION_FILE
- fi
- echo "" >> $OPTION_FILE
- else
- echo "option w/o begin -D is $option, not saving to $OPTION_FILE"
- fi
- done
- echo "" >> $OPTION_FILE
- echo "#ifdef __cplusplus" >> $OPTION_FILE
- echo "}" >> $OPTION_FILE
- echo "#endif" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo
- #backwards compatability for those who have included options or version
- touch cyassl/options.h
- echo "/* cyassl options.h" > cyassl/options.h
- echo " * generated from wolfssl/options.h" >> cyassl/options.h
- echo " */" >> cyassl/options.h
- echo ""
- while read -r line
- do
- echo "$line" >> cyassl/options.h
- done < $OPTION_FILE
- # switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak
- sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h
- # workaround for mingw sed that may get "Permission denied" trying to preserver permissions
- case $host_os in
- mingw*)
- chmod u+w cyassl/options.h ;;
- esac
- rm cyassl/options.h.bak
- # output config summary
- echo "---"
- echo "Configuration summary for $PACKAGE_NAME version $VERSION"
- echo ""
- echo " * Installation prefix: $prefix"
- echo " * System type: $host_vendor-$host_os"
- echo " * Host CPU: $host_cpu"
- echo " * C Compiler: $CC"
- echo " * C Flags: $CFLAGS"
- echo " * C++ Compiler: $CXX"
- echo " * C++ Flags: $CXXFLAGS"
- echo " * CPP Flags: $CPPFLAGS"
- echo " * CCAS Flags: $CCASFLAGS"
- echo " * LIB Flags: $LIB"
- echo " * Debug enabled: $ax_enable_debug"
- echo " * Warnings as failure: $ac_cv_warnings_as_errors"
- echo " * make -j: $enable_jobserver"
- echo " * VCS checkout: $ac_cv_vcs_checkout"
- echo
- echo " Features "
- echo " * Single threaded: $ENABLED_SINGLETHREADED"
- echo " * Filesystem: $ENABLED_FILESYSTEM"
- echo " * OpenSSH Build: $ENABLED_OPENSSH"
- echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
- echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
- echo " * Distro Build: $ENABLED_DISTRO"
- echo " * fastmath: $ENABLED_FASTMATH"
- echo " * sniffer: $ENABLED_SNIFFER"
- echo " * snifftest: $ENABLED_SNIFFTEST"
- echo " * ARC4: $ENABLED_ARC4"
- echo " * AES: $ENABLED_AES"
- echo " * AES-NI: $ENABLED_AESNI"
- echo " * AES-GCM: $ENABLED_AESGCM"
- echo " * AES-CCM: $ENABLED_AESCCM"
- echo " * DES3: $ENABLED_DES3"
- echo " * IDEA: $ENABLED_IDEA"
- echo " * Camellia: $ENABLED_CAMELLIA"
- echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
- echo " * MD5: $ENABLED_MD5"
- echo " * RIPEMD: $ENABLED_RIPEMD"
- echo " * SHA: $ENABLED_SHA"
- echo " * SHA-512: $ENABLED_SHA512"
- echo " * BLAKE2: $ENABLED_BLAKE2"
- echo " * CMAC: $ENABLED_CMAC"
- echo " * keygen: $ENABLED_KEYGEN"
- echo " * certgen: $ENABLED_CERTGEN"
- echo " * certreq: $ENABLED_CERTREQ"
- echo " * certext: $ENABLED_CERTEXT"
- echo " * HC-128: $ENABLED_HC128"
- echo " * RABBIT: $ENABLED_RABBIT"
- echo " * CHACHA: $ENABLED_CHACHA"
- echo " * Hash DRBG: $ENABLED_HASHDRBG"
- echo " * PWDBASED: $ENABLED_PWDBASED"
- echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
- echo " * HKDF: $ENABLED_HKDF"
- echo " * MD4: $ENABLED_MD4"
- echo " * PSK: $ENABLED_PSK"
- echo " * Poly1305: $ENABLED_POLY1305"
- echo " * LEANPSK: $ENABLED_LEANPSK"
- echo " * LEANTLS: $ENABLED_LEANTLS"
- echo " * RSA: $ENABLED_RSA"
- echo " * DSA: $ENABLED_DSA"
- echo " * DH: $ENABLED_DH"
- echo " * ECC: $ENABLED_ECC"
- echo " * CURVE25519: $ENABLED_CURVE25519"
- echo " * ED25519: $ENABLED_ED25519"
- echo " * FPECC: $ENABLED_FPECC"
- echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
- echo " * ASN: $ENABLED_ASN"
- echo " * Anonymous cipher: $ENABLED_ANON"
- echo " * CODING: $ENABLED_CODING"
- echo " * MEMORY: $ENABLED_MEMORY"
- echo " * I/O POOL: $ENABLED_IOPOOL"
- echo " * LIGHTY: $ENABLED_LIGHTY"
- echo " * STUNNEL: $ENABLED_STUNNEL"
- echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
- echo " * DTLS: $ENABLED_DTLS"
- echo " * SCTP: $ENABLED_SCTP"
- echo " * Old TLS Versions: $ENABLED_OLD_TLS"
- echo " * SSL version 3.0: $ENABLED_SSLV3"
- echo " * OCSP: $ENABLED_OCSP"
- echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
- echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
- echo " * CRL: $ENABLED_CRL"
- echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
- echo " * Persistent session cache: $ENABLED_SAVESESSION"
- echo " * Persistent cert cache: $ENABLED_SAVECERT"
- echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
- echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
- echo " * NTRU: $ENABLED_NTRU"
- echo " * Whitewood netRandom: $ENABLED_WNR"
- echo " * Server Name Indication: $ENABLED_SNI"
- echo " * ALPN: $ENABLED_ALPN"
- echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
- echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
- echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
- echo " * Session Ticket: $ENABLED_SESSION_TICKET"
- echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
- echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
- echo " * All TLS Extensions: $ENABLED_TLSX"
- echo " * PKCS#7 $ENABLED_PKCS7"
- echo " * wolfSCEP $ENABLED_WOLFSCEP"
- echo " * Secure Remote Password $ENABLED_SRP"
- echo " * Small Stack: $ENABLED_SMALL_STACK"
- echo " * valgrind unit tests: $ENABLED_VALGRIND"
- echo " * LIBZ: $ENABLED_LIBZ"
- echo " * Examples: $ENABLED_EXAMPLES"
- echo " * User Crypto: $ENABLED_USER_CRYPTO"
- echo " * Fast RSA: $ENABLED_FAST_RSA"
- echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
- echo " * Cavium: $ENABLED_CAVIUM"
- echo " * ARM ASM: $ENABLED_ARMASM"
- echo ""
- echo "---"
- ################################################################################
- # Show warnings at bottom so they are noticed
- ################################################################################
- if test "$ENABLED_ASYNCCRYPT" = "yes"
- then
- AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
- fi
- # MinGW static vs shared library
- # Reference URL from libtool for MinGW is located at
- # http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
- # this allows for not even having dllimport/dllexport on functions
- # with recent libtools, only requiring it with global variables.
- #
- # The following warning is displayed here because if not using "contemporary GNU
- # tools" there is the possibility of export/import issues.
- # wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
- # case where both static and shared libraries are built.
- #
- # More can be found about the MinGW linker at
- # https://sourceware.org/binutils/docs/ld/WIN32.html
- if test "$MINGW_LIB_WARNING" = "yes"
- then
- AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
- fi
|