12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776677767786779678067816782678367846785678667876788678967906791679267936794679567966797679867996800680168026803680468056806680768086809681068116812681368146815681668176818681968206821682268236824682568266827682868296830683168326833683468356836683768386839684068416842684368446845684668476848684968506851685268536854685568566857685868596860686168626863686468656866686768686869687068716872687368746875687668776878687968806881688268836884688568866887688868896890689168926893689468956896689768986899690069016902690369046905690669076908690969106911691269136914691569166917691869196920692169226923692469256926692769286929693069316932693369346935693669376938693969406941694269436944694569466947694869496950695169526953695469556956695769586959696069616962696369646965696669676968696969706971697269736974697569766977697869796980698169826983698469856986698769886989699069916992699369946995699669976998699970007001700270037004700570067007700870097010701170127013701470157016701770187019702070217022702370247025702670277028702970307031703270337034703570367037703870397040704170427043704470457046704770487049705070517052705370547055705670577058705970607061706270637064706570667067706870697070707170727073707470757076707770787079708070817082708370847085708670877088708970907091709270937094709570967097709870997100710171027103710471057106710771087109711071117112711371147115711671177118711971207121712271237124712571267127712871297130713171327133713471357136713771387139714071417142714371447145714671477148714971507151715271537154715571567157715871597160716171627163716471657166716771687169717071717172717371747175717671777178717971807181718271837184718571867187718871897190719171927193719471957196719771987199720072017202720372047205720672077208720972107211721272137214721572167217721872197220722172227223722472257226722772287229723072317232723372347235723672377238723972407241724272437244724572467247724872497250725172527253725472557256725772587259726072617262726372647265726672677268726972707271727272737274727572767277727872797280728172827283728472857286728772887289729072917292729372947295729672977298729973007301730273037304730573067307730873097310731173127313731473157316731773187319732073217322732373247325732673277328732973307331733273337334733573367337733873397340734173427343734473457346734773487349735073517352735373547355735673577358735973607361736273637364736573667367736873697370737173727373737473757376737773787379738073817382738373847385738673877388738973907391739273937394739573967397739873997400740174027403740474057406740774087409741074117412741374147415741674177418741974207421742274237424742574267427742874297430743174327433743474357436743774387439744074417442744374447445744674477448744974507451745274537454745574567457745874597460746174627463746474657466746774687469747074717472747374747475747674777478747974807481748274837484748574867487748874897490749174927493749474957496749774987499750075017502750375047505750675077508750975107511751275137514751575167517751875197520752175227523752475257526752775287529753075317532753375347535753675377538753975407541754275437544754575467547754875497550755175527553755475557556755775587559756075617562756375647565756675677568756975707571757275737574757575767577757875797580758175827583758475857586758775887589759075917592759375947595759675977598759976007601760276037604760576067607760876097610761176127613761476157616761776187619762076217622762376247625762676277628762976307631763276337634763576367637763876397640764176427643764476457646764776487649765076517652765376547655765676577658765976607661766276637664766576667667766876697670767176727673767476757676767776787679768076817682768376847685768676877688768976907691769276937694769576967697769876997700770177027703770477057706770777087709771077117712771377147715771677177718771977207721772277237724772577267727772877297730773177327733773477357736773777387739774077417742774377447745774677477748774977507751775277537754775577567757775877597760776177627763776477657766776777687769777077717772777377747775777677777778777977807781778277837784778577867787778877897790779177927793779477957796779777987799780078017802780378047805780678077808780978107811781278137814781578167817781878197820782178227823782478257826782778287829783078317832783378347835783678377838783978407841784278437844784578467847784878497850785178527853785478557856785778587859786078617862786378647865786678677868786978707871787278737874787578767877787878797880788178827883788478857886788778887889789078917892789378947895789678977898789979007901790279037904790579067907790879097910791179127913791479157916791779187919792079217922792379247925792679277928792979307931793279337934793579367937793879397940794179427943794479457946794779487949795079517952795379547955795679577958795979607961796279637964796579667967796879697970797179727973797479757976797779787979798079817982798379847985798679877988798979907991799279937994799579967997799879998000800180028003800480058006800780088009801080118012801380148015801680178018801980208021802280238024802580268027802880298030803180328033803480358036803780388039804080418042804380448045804680478048804980508051805280538054805580568057805880598060806180628063806480658066806780688069807080718072807380748075807680778078807980808081808280838084808580868087808880898090809180928093809480958096809780988099810081018102810381048105810681078108810981108111811281138114811581168117811881198120812181228123812481258126812781288129813081318132813381348135813681378138813981408141814281438144814581468147814881498150815181528153815481558156815781588159816081618162816381648165816681678168816981708171817281738174817581768177817881798180818181828183818481858186818781888189819081918192819381948195819681978198819982008201820282038204820582068207820882098210821182128213821482158216821782188219822082218222822382248225822682278228822982308231823282338234823582368237823882398240824182428243824482458246824782488249825082518252825382548255825682578258825982608261826282638264826582668267826882698270827182728273827482758276827782788279828082818282828382848285828682878288828982908291829282938294829582968297829882998300830183028303830483058306830783088309831083118312831383148315 |
- # configure.ac
- #
- # Copyright (C) 2006-2021 wolfSSL Inc.
- #
- # This file is part of wolfSSL. (formerly known as CyaSSL)
- #
- #
- AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.])
- AC_PREREQ([2.69])
- AC_INIT([wolfssl],[5.3.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
- AC_CONFIG_AUX_DIR([build-aux])
- # The following sets CFLAGS to empty if unset on command line. We do not
- # want the default "-g -O2" that AC_PROG_CC sets automatically.
- : ${CFLAGS=""}
- # Capture user C_EXTRA_FLAGS from configure line.
- # Use of C_EXTRA_FLAGS is deprecated because CFLAGS was fixed but someone
- # might still be using it.
- CFLAGS="$CFLAGS $C_EXTRA_FLAGS $C_FLAGS"
- AC_PROG_CC
- AM_PROG_CC_C_O
- AC_CANONICAL_HOST
- AC_CANONICAL_TARGET
- AC_CONFIG_MACRO_DIR([m4])
- AM_INIT_AUTOMAKE([1.14.1 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests])
- m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
- AC_ARG_PROGRAM
- AC_CONFIG_HEADERS([config.h:config.in])
- LT_PREREQ([2.4.2])
- LT_INIT([disable-static win32-dll])
- AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list. Can also supply directly to make.])
- #shared library versioning
- WOLFSSL_LIBRARY_VERSION=33:0:0
- # | | |
- # +------+ | +---+
- # | | |
- # current:revision:age
- # | | |
- # | | +- increment if interfaces have been added
- # | | set to zero if interfaces have been removed
- # | | or changed
- # | +- increment if source code has changed
- # | set to zero if current is incremented
- # +- increment if interfaces have been added, removed or changed
- AC_SUBST([WOLFSSL_LIBRARY_VERSION])
- gl_VISIBILITY
- AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
- AM_CFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
- ])
- # Moved these size of and type checks before the library checks.
- # The library checks add the library to subsequent test compiles
- # and in some rare cases, the networking check causes these sizeof
- # checks to fail.
- AC_CHECK_SIZEOF([long long])
- AC_CHECK_SIZEOF([long])
- AC_CHECK_SIZEOF([time_t])
- AC_CHECK_TYPES([__uint128_t])
- # Distro build feature subset (Debian, Ubuntu, etc.)
- AC_ARG_ENABLE([distro],
- [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])],
- [ ENABLED_DISTRO=$enableval ],
- [ ENABLED_DISTRO=no ]
- )
- if test "$ENABLED_DISTRO" = "yes"
- then
- enable_shared=yes
- enable_static=yes
- enable_all=yes
- enable_earlydata=no
- REPRODUCIBLE_BUILD_DEFAULT=yes
- else
- REPRODUCIBLE_BUILD_DEFAULT=no
- fi
- AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h])
- AC_CHECK_LIB([network],[socket])
- AC_C_BIGENDIAN
- # check if functions of interest are linkable, but also check if
- # they're declared by the expected headers, and if not, supersede the
- # unusable positive from AC_CHECK_FUNCS().
- AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit])
- AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime], [], [
- if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
- then
- AC_MSG_NOTICE([ note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])
- eval "ac_cv_func_${as_decl_name}=no"
- _mask_varname=HAVE_`eval "echo '${as_decl_name}'" | tr 'a-z' 'A-Z'`
- sed --in-place "s~^#define ${_mask_varname} 1$~~" confdefs.h
- fi
- ], [[
- #ifdef HAVE_SYS_SOCKET_H
- #include <sys/socket.h>
- #endif
- #ifdef HAVE_STRING_H
- #include <string.h>
- #endif
- #ifdef HAVE_NETDB_H
- #include <netdb.h>
- #endif
- #ifdef HAVE_ARPA_INET_H
- #include <arpa/inet.h>
- #endif
- #ifdef HAVE_SYS_TIME_H
- #include <sys/time.h>
- #endif
- #ifdef HAVE_TIME_H
- #include <time.h>
- #endif
- ]])
- AC_PROG_INSTALL
- AC_TYPE_SIZE_T
- AC_TYPE_UINT8_T
- AC_TYPE_UINTPTR_T
- AM_PROG_AS
- LT_LIB_M
- OPTIMIZE_CFLAGS="-Os"
- OPTIMIZE_FAST_CFLAGS="-O2"
- OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
- DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
- LIB_ADD=
- LIB_STATIC_ADD=
- if test "$output_objdir" = ""
- then
- output_objdir=.
- fi
- # Thread local storage
- AX_TLS([thread_ls_on=yes],[thread_ls_on=no])
- AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"])
- # DEBUG
- AX_DEBUG
- AS_IF([test "$ax_enable_debug" = "yes"],
- [AM_CFLAGS="$AM_CFLAGS $DEBUG_CFLAGS"],
- [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
- AS_IF([test "$ax_enable_debug" = "yes"],
- [AM_CCASFLAGS="$DEBUG_CFLAGS $AM_CCASFLAGS"],
- [AM_CCASFLAGS="$AM_CCASFLAGS -DNDEBUG"])
- # Start without certificates enabled and enable if a certificate algorithm is
- # enabled
- ENABLED_CERTS="no"
- # Support for forcing 32-bit mode
- # To force 32-bit instructions use:
- # ./configure CFLAGS="-m32" LDFLAGS="-m32" && make
- # The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement.
- AC_ARG_ENABLE([32bit],
- [AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
- [ ENABLED_32BIT=$enableval ],
- [ ENABLED_32BIT=no ]
- )
- # 16-bit compiler support
- AC_ARG_ENABLE([16bit],
- [AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])],
- [ ENABLED_16BIT=$enableval ],
- [ ENABLED_16BIT=no ]
- )
- if test "$ENABLED_16BIT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU"
- fi
- AC_ARG_ENABLE([64bit],
- [AS_HELP_STRING([--enable-64bit],[Enables 64-bit support (default: disabled)])],
- [ ENABLED_64BIT=$enableval ],
- [ ENABLED_64BIT=no ]
- )
- AC_ARG_ENABLE([kdf],
- [AS_HELP_STRING([--enable-kdf],[Enables kdf support (default: enabled)])],
- [ ENABLED_KDF=$enableval ],
- [ ENABLED_KDF=yes ]
- )
- AC_ARG_ENABLE([hmac],
- [AS_HELP_STRING([--enable-hmac],[Enables HMAC support (default: enabled)])],
- [ ENABLED_HMAC=$enableval ],
- [ ENABLED_HMAC=yes ]
- )
- AC_ARG_ENABLE([do178],
- [AS_HELP_STRING([--enable-do178],[Enable DO-178, Will NOT work w/o DO178 license (default: disabled)])],
- [ENABLED_DO178=$enableval],
- [ENABLED_DO178="no"])
- if test "$ENABLED_DO178" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DO178"
- else
- AM_CFLAGS="$AM_CFLAGS -DHAVE_DO178"
- fi
- # Support for disabling all ASM
- AC_ARG_ENABLE([asm],
- [AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
- [ ENABLED_ASM=$enableval ],
- [ ENABLED_ASM=yes ]
- )
- if test "$ENABLED_ASM" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
- fi
- AC_SUBST([ENABLED_ASM])
- # FIPS 140
- AC_ARG_ENABLE([fips],
- [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])],
- [ENABLED_FIPS=$enableval],
- [ENABLED_FIPS="no"])
- # wolfEngine Options
- AC_ARG_ENABLE([engine],
- [AS_HELP_STRING([--enable-engine],[Enable wolfEngine options (default: disabled)])],
- [ ENABLED_WOLFENGINE=$enableval ],
- [ ENABLED_WOLFENGINE=no ]
- )
- AS_CASE([$ENABLED_WOLFENGINE],
- [no],[
- ENABLED_WOLFENGINE="no"
- ],
- [disabled],[
- ENABLED_WOLFENGINE="no"
- ],
- [yes|fips-v2|cert3389],[
- ENABLED_WOLFENGINE="yes"
- ENABLED_FIPS="v2"
- ],
- [fips-ready],[
- ENABLED_WOLFENGINE="yes"
- ENABLED_FIPS="ready"
- ],
- [no-fips],[
- ENABLED_WOLFENGINE="yes"
- ENABLED_FIPS="no"
- ],
- [
- AC_MSG_ERROR([Invalid value for --enable-engine "$ENABLED_WOLFENGINE" (options: fips-v2, fips-ready, no-fips, no, disabled)])
- ])
- # The FIPS options are:
- # no - FIPS build disabled, FIPS sources forbidden in build tree
- # disabled - FIPS build disabled, FIPS sources ignored in build tree
- # v1 - FIPS 140-2 Cert 2425
- # default - same as v1
- # v2 - FIPS 140-2 Cert 3389
- # cert3389 - alias for v2
- # rand - wolfRand
- # v5-RC8 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC8)
- # v5-RC9 - historical FIPS 140-3 (wolfCrypt WCv5.0-RC9)
- # v5-RC10 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC10
- # v5-RC11 - historical FIPS 140-3, wolfCrypt/fips WCv5.0-RC11
- # v5-RC12 - FIPS 140-3, wolfCrypt/fips WCv5.0-RC12
- # v5 - currently, alias for v5-RC12
- # v5-ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked
- # v5-dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable
- # ready - currently, same as v5-ready
- # dev - currently, same as v5-dev
- AS_CASE([$ENABLED_FIPS],
- [no],[
- FIPS_VERSION="none"
- ENABLED_FIPS="no"
- ],
- [disabled],[
- FIPS_VERSION="disabled"
- ENABLED_FIPS="no"
- ],
- [v1|yes|cert2425],[
- FIPS_VERSION="v1"
- HAVE_FIPS_VERSION=1
- ENABLED_FIPS="yes"
- ],
- [v2|cert3389],[
- FIPS_VERSION="v2"
- HAVE_FIPS_VERSION=2
- HAVE_FIPS_VERSION_MINOR=0
- ENABLED_FIPS="yes"
- ],
- [rand],[
- FIPS_VERSION="rand"
- HAVE_FIPS_VERSION=2
- HAVE_FIPS_VERSION_MINOR=1
- ENABLED_FIPS="yes"
- ],
- [v5-RC8],[
- FIPS_VERSION="v5-RC8"
- HAVE_FIPS_VERSION=5
- HAVE_FIPS_VERSION_MINOR=0
- ENABLED_FIPS="yes"
- ],
- [v5-RC9],[
- FIPS_VERSION="v5-RC9"
- HAVE_FIPS_VERSION=5
- HAVE_FIPS_VERSION_MINOR=1
- ENABLED_FIPS="yes"
- ],
- [v5-RC10],[
- FIPS_VERSION="v5-RC10"
- HAVE_FIPS_VERSION=5
- HAVE_FIPS_VERSION_MINOR=2
- ENABLED_FIPS="yes"
- ],
- [v5-RC11],[
- FIPS_VERSION="v5-RC11"
- HAVE_FIPS_VERSION=5
- HAVE_FIPS_VERSION_MINOR=2
- ENABLED_FIPS="yes"
- ],
- [v5|v5-RC12],[
- FIPS_VERSION="v5-RC12"
- HAVE_FIPS_VERSION=5
- HAVE_FIPS_VERSION_MINOR=2
- ENABLED_FIPS="yes"
- ],
- [ready|v5-ready],[
- FIPS_VERSION="v5-ready"
- HAVE_FIPS_VERSION=5
- HAVE_FIPS_VERSION_MINOR=3
- ENABLED_FIPS="yes"
- ],
- [dev|v5-dev],[
- FIPS_VERSION="v5-dev"
- HAVE_FIPS_VERSION=5
- HAVE_FIPS_VERSION_MINOR=3
- ENABLED_FIPS="yes"
- ],
- [
- AC_MSG_ERROR([Invalid value for --enable-fips "$ENABLED_FIPS" (main options: v1, v2, v5, ready, dev, rand, no, disabled)])
- ])
- if test -z "$HAVE_FIPS_VERSION_MINOR"
- then
- HAVE_FIPS_VERSION_MINOR=0
- fi
- if test -z "$HAVE_FIPS_VERSION"
- then
- HAVE_FIPS_VERSION=0
- fi
- if test "$ENABLED_FIPS" != "no"
- then
- REPRODUCIBLE_BUILD_DEFAULT=yes
- fi
- AS_CASE([$FIPS_VERSION],
- [none],
- [
- AS_IF([ test -s $srcdir/wolfcrypt/src/fips.c -o -s $srcdir/ctaocrypt/src/fips.c ],
- [AC_MSG_ERROR([FIPS source tree is incompatible with non-FIPS build (requires --enable-fips)])])
- ],
- [disabled],
- [],
- [v1],
- [
- AS_IF([ ! test -s $srcdir/ctaocrypt/src/fips.c],
- [AC_MSG_ERROR([non-FIPS-v1 source tree is incompatible with --enable-fips=$enableval])])
- ],
- [
- AS_IF([ ! test -s $srcdir/wolfcrypt/src/fips.c],
- [AC_MSG_ERROR([non-FIPS source tree is incompatible with --enable-fips=$enableval])])
- ]
- )
- # For reproducible build, gate out from the build anything that might
- # introduce semantically frivolous jitter, maximizing chance of
- # identical object files.
- AC_ARG_ENABLE([reproducible-build],
- [AS_HELP_STRING([--enable-reproducible-build],[Enable maximally reproducible build (default: disabled)])],
- [ ENABLED_REPRODUCIBLE_BUILD=$enableval ],
- [ ENABLED_REPRODUCIBLE_BUILD=$REPRODUCIBLE_BUILD_DEFAULT ]
- )
- if test "$ENABLED_REPRODUCIBLE_BUILD" = "yes"
- then
- # Test ar for the "D" option. Should be checked before the libtool macros.
- if test -z "$AR"; then
- AR=ar
- fi
- xxx_ar_flags=$(${AR} --help 2>&1)
- if test -z "$RANLIB"; then
- RANLIB=ranlib
- fi
- xxx_ranlib_flags=$(${RANLIB} --help 2>&1)
- AM_CFLAGS="$AM_CFLAGS -DHAVE_REPRODUCIBLE_BUILD"
- AS_CASE([$xxx_ar_flags],[*'use zero for timestamps and uids/gids'*],[AR_FLAGS="Dcr" lt_ar_flags="Dcr"])
- AS_CASE([$xxx_ranlib_flags],[*'Use zero for symbol map timestamp'*],[RANLIB="${RANLIB} -D"])
- fi
- AC_ARG_ENABLE([benchmark],
- [AS_HELP_STRING([--enable-benchmark],[Build benchmark when building crypttests (default: enabled)])],
- [ENABLED_BENCHMARK=$enableval],
- [ENABLED_BENCHMARK=yes]
- )
- # Linux Kernel Module
- AC_ARG_ENABLE([linuxkm],
- [AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])],
- [ENABLED_LINUXKM=$enableval],
- [ENABLED_LINUXKM=no]
- )
- AC_ARG_ENABLE([linuxkm-defaults],
- [AS_HELP_STRING([--enable-linuxkm-defaults],[Enable feature defaults for Linux Kernel Module (default: disabled)])],
- [ENABLED_LINUXKM_DEFAULTS=$enableval],
- [ENABLED_LINUXKM_DEFAULTS=$ENABLED_LINUXKM]
- )
- AC_ARG_ENABLE([linuxkm-pie],
- [AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])],
- [ENABLED_LINUXKM_PIE=$enableval],
- [ENABLED_LINUXKM_PIE=$ENABLED_FIPS]
- )
- if test "$ENABLED_LINUXKM_PIE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_LINUXKM_PIE_SUPPORT"
- elif test "$ENABLED_FIPS" = yes && test "$ENABLED_LINUXKM" = yes
- then
- AC_MSG_ERROR([FIPS linuxkm requires linuxkm-pie.])
- fi
- AC_SUBST([ENABLED_LINUXKM_PIE])
- if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_CONST -DWOLFSSL_SP_MOD_WORD_RP -DWOLFSSL_SP_DIV_64 -DWOLFSSL_SP_DIV_WORD_HALF -DWOLFSSL_SMALL_STACK_STATIC -DWOLFSSL_TEST_SUBROUTINE=static"
- if test "$ENABLED_FIPS" = "no"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OLD_PRIME_CHECK"
- fi
- fi
- AC_ARG_WITH([linux-source],
- [AS_HELP_STRING([--with-linux-source=PATH],[PATH to root of Linux kernel build tree])],
- [KERNEL_ROOT=$withval],
- [KERNEL_ROOT=""])
- AC_ARG_WITH([linux-arch],
- [AS_HELP_STRING([--with-linux-arch=arch],[built arch (SRCARCH) of Linux kernel build tree])],
- [KERNEL_ARCH=$withval],
- [KERNEL_ARCH=""])
- if test "x$ENABLED_LINUXKM" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM"
- ENABLED_NO_LIBRARY=yes
- ENABLED_BENCHMARK=no
- output_objdir="$(realpath "$output_objdir")/linuxkm"
- if test "$KERNEL_ROOT" = ""; then
- AC_PATH_DEFAULT_KERNEL_SOURCE
- KERNEL_ROOT="$DEFAULT_KERNEL_ROOT"
- fi
- AC_SUBST([KERNEL_ROOT])
- if test "$KERNEL_ARCH" = ""; then
- AC_DEFAULT_KERNEL_ARCH
- KERNEL_ARCH="$DEFAULT_KERNEL_ARCH"
- fi
- AC_SUBST([KERNEL_ARCH])
- if test "${KERNEL_ROOT}" = ""; then
- AC_MSG_ERROR([Linux kernel source root not found -- supply with --with-linux-source=PATH.])
- fi
- if test "${KERNEL_ARCH}" = ""; then
- AC_MSG_ERROR([Linux kernel target architecture for build tree ${KERNEL_ROOT} could not be determined. Is target kernel configured?])
- fi
- AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO"
- fi
- # Single Precision maths implementation
- if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
- then
- ENABLED_SP_DEFAULT=yes
- ENABLED_SP_MATH_ALL_DEFAULT=yes
- else
- ENABLED_SP_DEFAULT=no
- ENABLED_SP_MATH_ALL_DEFAULT=no
- fi
- AC_ARG_ENABLE([sp],
- [AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])],
- [ ENABLED_SP=$enableval ],
- [ ENABLED_SP=$ENABLED_SP_DEFAULT ],
- )
- AC_ARG_ENABLE([sp-math-all],
- [AS_HELP_STRING([--enable-sp-math-all],[Enable Single Precision math implementation for full algorithm suite (default: disabled)])],
- [ ENABLED_SP_MATH_ALL=$enableval ],
- [ ENABLED_SP_MATH_ALL=$ENABLED_SP_MATH_ALL_DEFAULT ],
- )
- # Single Precision maths exclusively (no fastmath)
- if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" && test "$ENABLED_SP" != "no" && test "$ENABLED_SP_MATH_ALL" = "no"
- then
- ENABLED_SP_MATH_DEFAULT=yes
- else
- ENABLED_SP_MATH_DEFAULT=no
- fi
- AC_ARG_ENABLE([sp-math],
- [AS_HELP_STRING([--enable-sp-math],[Enable Single Precision math implementation with restricted algorithm suite (default: disabled)])],
- [ ENABLED_SP_MATH=$enableval ],
- [ ENABLED_SP_MATH=$ENABLED_SP_MATH_DEFAULT ],
- )
- AC_ARG_ENABLE([sp-asm],
- [AS_HELP_STRING([--enable-sp-asm],[Enable Single Precision assembly implementation (default: disabled)])],
- [ ENABLED_SP_ASM=$enableval ],
- [ ENABLED_SP_ASM=no ],
- )
- # ALL FEATURES
- AC_ARG_ENABLE([all],
- [AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
- [ ENABLED_ALL=$enableval ],
- [ ENABLED_ALL=no ]
- )
- if test "$ENABLED_ALL" = "yes"
- then
- test "$enable_dtls" = "" && enable_dtls=yes
- if test "x$FIPS_VERSION" != "xv1"
- then
- test "$enable_tls13" = "" && enable_tls13=yes
- test "$enable_rsapss" = "" && enable_rsapss=yes
- fi
- # this set is also enabled by enable-all-crypto:
- test "$enable_atomicuser" = "" && enable_atomicuser=yes
- test "$enable_aesgcm" = "" && enable_aesgcm=yes
- test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes
- test "$enable_aesccm" = "" && enable_aesccm=yes
- test "$enable_aesctr" = "" && enable_aesctr=yes
- test "$enable_aesofb" = "" && enable_aesofb=yes
- test "$enable_aescfb" = "" && enable_aescfb=yes
- test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
- test "$enable_camellia" = "" && enable_camellia=yes
- test "$enable_ripemd" = "" && enable_ripemd=yes
- test "$enable_sha224" = "" && enable_sha224=yes
- test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
- test "$enable_keygen" = "" && enable_keygen=yes
- test "$enable_certgen" = "" && enable_certgen=yes
- test "$enable_certreq" = "" && enable_certreq=yes
- test "$enable_certext" = "" && enable_certext=yes
- test "$enable_sep" = "" && enable_sep=yes
- test "$enable_hkdf" = "" && enable_hkdf=yes
- test "$enable_curve25519" = "" && enable_curve25519=yes
- test "$enable_curve448" = "" && enable_curve448=yes
- test "$enable_fpecc" = "" && enable_fpecc=yes
- test "$enable_eccencrypt" = "" && enable_eccencrypt=yes
- test "$enable_psk" = "" && enable_psk=yes
- test "$enable_cmac" = "" && enable_cmac=yes
- test "$enable_xts" = "" && enable_xts=yes
- test "$enable_ocsp" = "" && enable_ocsp=yes
- test "$enable_ocspstapling" = "" && enable_ocspstapling=yes
- test "$enable_ocspstapling2" = "" && enable_ocspstapling2=yes
- test "$enable_crl" = "" && enable_crl=yes
- test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
- test "$enable_tlsx" = "" && enable_tlsx=yes
- test "$enable_pwdbased" = "" && enable_pwdbased=yes
- test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
- test "$enable_x963kdf" = "" && enable_x963kdf=yes
- test "$enable_scrypt" = "" && enable_scrypt=yes
- test "$enable_indef" = "" && enable_indef=yes
- test "$enable_enckeys" = "" && enable_enckeys=yes
- test "$enable_hashflags" = "" && enable_hashflags=yes
- test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
- test "$enable_base64encode" = "" && enable_base64encode=yes
- test "$enable_base16" = "" && enable_base16=yes
- test "$enable_arc4" = "" && enable_arc4=yes
- test "$enable_des3" = "" && enable_des3=yes
- test "$enable_nullcipher" = "" && enable_nullcipher=yes
- test "$enable_blake2" = "" && enable_blake2=yes
- test "$enable_blake2s" = "" && enable_blake2s=yes
- test "$enable_md2" = "" && enable_md2=yes
- test "$enable_md4" = "" && enable_md4=yes
- test "$enable_cryptocb" = "" && enable_cryptocb=yes
- test "$enable_anon" = "" && enable_anon=yes
- test "$enable_ssh" = "" && enable_ssh=yes
- test "$enable_savesession" = "" && enable_savesession=yes
- test "$enable_savecert" = "" && enable_savecert=yes
- test "$enable_postauth" = "" && enable_postauth=yes
- test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
- test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
- test "$enable_mcast" = "" && enable_mcast=yes
- test "$enable_webserver" = "" && enable_webserver=yes
- test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
- test "$enable_sni" = "" && enable_sni=yes
- test "$enable_maxfragment" = "" && enable_maxfragment=yes
- test "$enable_alpn" = "" && enable_alpn=yes
- test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes
- test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
- test "$enable_session_ticket" = "" && enable_session_ticket=yes
- test "$enable_earlydata" = "" && enable_earlydata=yes
- if test "$ENABLED_32BIT" != "yes"
- then
- test "$enable_sha512" = "" && enable_sha512=yes
- test "$enable_sha3" = "" && enable_sha3=yes
- fi
- if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
- then
- test "$enable_compkey" = "" && enable_compkey=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
- fi
- # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
- if test "$ENABLED_SP_MATH" = "no"
- then
- test "$enable_dsa" = "" && enable_dsa=yes
- test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
- test "$enable_srp" = "" && enable_srp=yes
- # linuxkm is incompatible with opensslextra and its dependents.
- if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
- then
- if test "$ENABLED_FIPS" = "no"
- then
- if test "$ENABLED_32BIT" != "yes"
- then
- test "$enable_openssh" = "" && enable_openssh=yes
- fi
- # S/MIME support requires PKCS7, which requires no FIPS.
- test "$enable_smime" = "" && enable_smime=yes
- fi
- test "$enable_opensslextra" = "" && enable_opensslextra=yes
- test "$enable_opensslall" = "" && enable_opensslall=yes
- test "$enable_certservice" = "" && enable_certservice=yes
- test "$enable_lighty" = "" && enable_lighty=yes
- test "$enable_nginx" = "" && enable_nginx=yes
- test "$enable_openvpn" = "" && enable_openvpn=yes
- test "$enable_asio" = "" && enable_asio=yes
- test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
- test "$enable_qt" = "" && enable_qt=yes
- fi
- fi
- if test "$ENABLED_FIPS" = "no"
- then
- test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
- test "$enable_xchacha" = "" && enable_xchacha=yes
- test "$enable_scep" = "" && enable_scep=yes
- test "$enable_pkcs7" = "" && enable_pkcs7=yes
- if test "$ENABLED_32BIT" != "yes"
- then
- test "$enable_ed25519" = "" && enable_ed25519=yes
- test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes
- test "$enable_ed448" = "" && enable_ed448=yes
- test "$enable_ed448_stream" = "" && enable_ed448_stream=yes
- fi
- if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
- then
- # these use DES3:
- test "$enable_stunnel" = "" && enable_stunnel=yes
- test "$enable_curl" = "" && enable_curl=yes
- test "$enable_tcpdump" = "" && enable_tcpdump=yes
- test "$enable_eccsi" = "" && enable_eccsi=yes
- test "$enable_sakke" = "" && enable_sakke=yes
- fi
- fi
- if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "v5-dev"; then
- test "$enable_aessiv" = "" && enable_aessiv=yes
- fi
- # Enable DH const table speedups (eliminates `-lm` math lib dependency)
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
- DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
- # Enable multiple attribute additions such as DC
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
- # Enable AES Decrypt, AES ECB
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB"
- # Enable Alt Names, DER Load, Keep Certs, CRL IO with Timeout
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
- # Enable DH Extra
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
- # Enable deterministic ECC signing API with variant
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT"
- # Store issuer name components when parsing certificates.
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
- fi
- # ALL CRYPTO FEATURES
- AC_ARG_ENABLE([all-crypto],
- [AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
- [ ENABLED_ALL_CRYPT=$enableval ],
- [ ENABLED_ALL_CRYPT=no ]
- )
- if test "$ENABLED_ALL_CRYPT" = "yes"
- then
- test "$enable_atomicuser" = "" && enable_atomicuser=yes
- test "$enable_aesgcm" = "" && enable_aesgcm=yes
- test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes
- test "$enable_aesccm" = "" && enable_aesccm=yes
- test "$enable_aesctr" = "" && enable_aesctr=yes
- test "$enable_aesofb" = "" && enable_aesofb=yes
- test "$enable_aescfb" = "" && enable_aescfb=yes
- test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
- test "$enable_camellia" = "" && enable_camellia=yes
- test "$enable_ripemd" = "" && enable_ripemd=yes
- test "$enable_sha224" = "" && enable_sha224=yes
- test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
- test "$enable_keygen" = "" && enable_keygen=yes
- test "$enable_certgen" = "" && enable_certgen=yes
- test "$enable_certreq" = "" && enable_certreq=yes
- test "$enable_certext" = "" && enable_certext=yes
- test "$enable_sep" = "" && enable_sep=yes
- test "$enable_hkdf" = "" && enable_hkdf=yes
- test "$enable_curve25519" = "" && enable_curve25519=yes
- test "$enable_curve448" = "" && enable_curve448=yes
- test "$enable_fpecc" = "" && enable_fpecc=yes
- test "$enable_eccencrypt" = "" && enable_eccencrypt=yes
- test "$enable_psk" = "" && enable_psk=yes
- test "$enable_cmac" = "" && enable_cmac=yes
- test "$enable_siphash" = "" && enable_siphash=yes
- test "$enable_xts" = "" && enable_xts=yes
- test "$enable_ocsp" = "" && enable_ocsp=yes
- test "$enable_ocspstapling" = "" && enable_ocspstapling=yes
- test "$enable_ocspstapling2" = "" && enable_ocspstapling2=yes
- test "$enable_crl" = "" && enable_crl=yes
- test "$enable_supportedcurves" = "" && enable_supportedcurves=yes
- test "$enable_tlsx" = "" && enable_tlsx=yes
- test "$enable_pwdbased" = "" && enable_pwdbased=yes
- test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes
- test "$enable_x963kdf" = "" && enable_x963kdf=yes
- test "$enable_scrypt" = "" && enable_scrypt=yes
- test "$enable_indef" = "" && enable_indef=yes
- test "$enable_enckeys" = "" && enable_enckeys=yes
- test "$enable_hashflags" = "" && enable_hashflags=yes
- test "$enable_defaultdhparams" = "" && enable_defaultdhparams=yes
- test "$enable_base64encode" = "" && enable_base64encode=yes
- test "$enable_base16" = "" && enable_base16=yes
- test "$enable_arc4" = "" && enable_arc4=yes
- test "$enable_des3" = "" && enable_des3=yes
- test "$enable_nullcipher" = "" && enable_nullcipher=yes
- test "$enable_blake2" = "" && enable_blake2=yes
- test "$enable_blake2s" = "" && enable_blake2s=yes
- test "$enable_md2" = "" && enable_md2=yes
- test "$enable_md4" = "" && enable_md4=yes
- test "$enable_cryptocb" = "" && enable_cryptocb=yes
- test "$enable_anon" = "" && enable_anon=yes
- test "$enable_ssh" = "" && enable_ssh=yes
- if test "$ENABLED_32BIT" != "yes"
- then
- test "$enable_sha512" = "" && enable_sha512=yes
- test "$enable_sha3" = "" && enable_sha3=yes
- fi
- if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
- then
- test "$enable_compkey" = "" && enable_compkey=yes
- fi
- if test "$ENABLED_SP_MATH" = "no"
- then
- test "$enable_dsa" = "" && enable_dsa=yes
- test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
- test "$enable_srp" = "" && enable_srp=yes
- fi
- if test "$ENABLED_FIPS" = "no"
- then
- test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
- test "$enable_xchacha" = "" && enable_xchacha=yes
- test "$enable_pkcs7" = "" && enable_pkcs7=yes
- if test "$ENABLED_32BIT" != "yes"
- then
- test "$enable_ed25519" = "" && enable_ed25519=yes
- test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes
- test "$enable_ed448" = "" && enable_ed448=yes
- test "$enable_ed448_stream" = "" && enable_ed448_stream=yes
- fi
- if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
- then
- test "$enable_eccsi" = "" && enable_eccsi=yes
- test "$enable_sakke" = "" && enable_sakke=yes
- fi
- fi
- if test "$ENABLED_FIPS" = "no" || test "$ENABLED_FIPS" = "v5-dev"; then
- test "$enable_aessiv" = "" && enable_aessiv=yes
- fi
- # Enable AES Decrypt, AES ECB, Alt Names, DER Load
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD"
- # Enable DH const table speedups (eliminates `-lm` math lib dependency)
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
- DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
- # Enable multiple attribute additions such as DC
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB"
- fi
- # SINGLE THREADED
- AC_ARG_ENABLE([singlethreaded],
- [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
- [ ENABLED_SINGLETHREADED=$enableval ],
- [ ENABLED_SINGLETHREADED=no ])
- AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
- AX_PTHREAD([
- AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.])
- # If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer
- # versions of clang don't need the -Q flag when using pthreads.
- AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"])
- AM_CFLAGS="$AM_CFLAGS -D_POSIX_THREADS $PTHREAD_CFLAGS"
- LIBS="$LIBS $PTHREAD_LIBS"
- ],[
- ENABLED_SINGLETHREADED=yes
- ])
- ])
- AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" ])
- # DTLS
- # DTLS is a prereq for the options mcast, sctp, and jni. Enabling any of those
- # without DTLS will also enable DTLS.
- AC_ARG_ENABLE([dtls],
- [AS_HELP_STRING([--enable-dtls],[Enable wolfSSL DTLS (default: disabled)])],
- [ ENABLED_DTLS=$enableval ],
- [ ENABLED_DTLS=no ]
- )
- if test "$ENABLED_DTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
- fi
- # DTLS change MTU
- AC_ARG_ENABLE([dtls-mtu],
- [AS_HELP_STRING([--enable-dtls-mtu],[Enable setting the MTU size for wolfSSL DTLS (default: disabled)])],
- [ ENABLED_DTLS_MTU=$enableval ],
- [ ENABLED_DTLS_MTU=no ]
- )
- if test "$ENABLED_DTLS_MTU" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU"
- fi
- # TLS v1.3 Draft 18 (Note: only final TLS v1.3 supported, here for backwards build compatibility)
- AC_ARG_ENABLE([tls13-draft18],
- [AS_HELP_STRING([--enable-tls13-draft18],[Enable wolfSSL TLS v1.3 Draft 18 (default: disabled)])],
- [ ENABLED_TLS13_DRAFT18=$enableval ],
- [ ENABLED_TLS13_DRAFT18=no ]
- )
- # TLS v1.3
- AC_ARG_ENABLE([tls13],
- [AS_HELP_STRING([--enable-tls13],[Enable wolfSSL TLS v1.3 (default: enabled)])],
- [ ENABLED_TLS13=$enableval ],
- [ ENABLED_TLS13=yes ]
- )
- if test "x$FIPS_VERSION" = "xv1" ||
- ( test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1 )
- then
- ENABLED_TLS13="no"
- fi
- # Post-handshake Authentication
- AC_ARG_ENABLE([postauth],
- [AS_HELP_STRING([--enable-postauth],[Enable wolfSSL Post-handshake Authentication (default: disabled)])],
- [ ENABLED_TLS13_POST_AUTH=$enableval ],
- [ ENABLED_TLS13_POST_AUTH=no ]
- )
- if test "$ENABLED_TLS13_POST_AUTH" = "yes"
- then
- if test "x$ENABLED_TLS13" = "xno"
- then
- AC_MSG_NOTICE([TLS 1.3 is disabled - disabling Post-handshake Authentication])
- ENABLED_TLS13_POST_AUTH="no"
- else
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_POST_HANDSHAKE_AUTH"
- fi
- fi
- # Hello Retry Request Cookie
- AC_ARG_ENABLE([hrrcookie],
- [AS_HELP_STRING([--enable-hrrcookie],[Enable the server to send Cookie Extension in HRR with state (default: disabled)])],
- [ ENABLED_SEND_HRR_COOKIE=$enableval ],
- [ ENABLED_SEND_HRR_COOKIE=no ]
- )
- if test "$ENABLED_SEND_HRR_COOKIE" = "yes"
- then
- if test "x$ENABLED_TLS13" = "xno"
- then
- AC_MSG_NOTICE([TLS 1.3 is disabled - disabling HRR Cookie])
- ENABLED_SEND_HRR_COOKIE="no"
- else
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE"
- fi
- fi
- # RNG
- AC_ARG_ENABLE([rng],
- [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
- [ ENABLED_RNG=$enableval ],
- [ ENABLED_RNG=yes ]
- )
- if test "$ENABLED_RNG" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
- fi
- # DTLS-SCTP
- AC_ARG_ENABLE([sctp],
- [AS_HELP_STRING([--enable-sctp],[Enable wolfSSL DTLS-SCTP support (default: disabled)])],
- [ENABLED_SCTP=$enableval],
- [ENABLED_SCTP=no])
- AS_IF([test "x$ENABLED_SCTP" = "xyes"],
- [AC_MSG_CHECKING([for SCTP])
- AC_RUN_IFELSE(
- [AC_LANG_PROGRAM(
- [[
- #include <sys/socket.h>
- #include <arpa/inet.h>
- ]],
- [[int s = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP); if (s == -1) return 1;]])],
- [AC_MSG_RESULT(yes)],
- [AC_MSG_RESULT(no)
- AC_MSG_ERROR([SCTP not available, remove enable-sctp from configure])],
- : ,
- : ,
- : )])
- # DTLS-SRTP
- AC_ARG_ENABLE([srtp],
- [AS_HELP_STRING([--enable-srtp],[Enable wolfSSL DTLS-SRTP support (default: disabled)])],
- [ENABLED_SRTP=$enableval],
- [ENABLED_SRTP=no])
- # DTLS-MULTICAST
- AC_ARG_ENABLE([mcast],
- [AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
- [ENABLED_MCAST=$enableval],
- [ENABLED_MCAST=no])
- # List of open source project defines using our openssl compatibility layer:
- # bind dns (--enable-bind) WOLFSSL_BIND
- # libssh2 (--enable-libssh2)
- # openssh (--enable-openssh) WOLFSSL_OPENSSH
- # openvpn (--enable-openvpn) WOLFSSL_OPENVPN
- # nginx (--enable-nginx) WOLFSSL_NGINX
- # ntp (--enable-ntp)
- # openresty (--enable-openresty)
- # haproxy (--enable-haproxy) WOLFSSL_HAPROXY
- # wpa_supplicant (--enable-wpas) WOLFSSL_WPAS
- # ssl fortress (--enable-fortress) FORTRESS
- # ssl bump (--enable-bump)
- # signal (--enable-signal)
- # lighty (--enable-lighty) HAVE_LIGHTY
- # rsyslog (--enable-rsyslog)
- # stunnel (--enable-stunnel) HAVE_STUNNEL
- # curl (--enable-curl) HAVE_CURL
- # libest (--enable-libest) HAVE_LIBEST
- # asio (--enable-asio) WOLFSSL_ASIO
- # libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS
- # qt (--enable-qt) WOLFSSL_QT
- # qt test (--enable-qt-test) WOLFSSL_QT_TEST
- # HAVE_POCO_LIB
- # WOLFSSL_MYSQL_COMPATIBLE
- # web server (--enable-webserver) HAVE_WEBSERVER
- # net-snmp (--enable-net-snmp)
- # krb (--enable-krb) WOLFSSL_KRB
- # FFmpeg (--enable-ffmpeg) WOLFSSL_FFMPEG
- # strongSwan (--enable-strongswan)
- # Bind DNS compatibility Build
- AC_ARG_ENABLE([bind],
- [AS_HELP_STRING([--enable-bind],[Enable Bind DNS compatibility build (default: disabled)])],
- [ENABLED_BIND=$enableval],
- [ENABLED_BIND=no])
- AC_ARG_ENABLE([libssh2],
- [AS_HELP_STRING([--enable-libssh2],[Enable libssh2 compatibility build (default: disabled)])],
- [ENABLED_LIBSSH2=$enableval],
- [ENABLED_LIBSSH2=no])
- # OpenSSH compatibility Build
- AC_ARG_ENABLE([openssh],
- [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
- [ENABLED_OPENSSH=$enableval],
- [ENABLED_OPENSSH=no])
- # OpenVPN compatibility Build
- AC_ARG_ENABLE([openvpn],
- [AS_HELP_STRING([--enable-openvpn],[Enable OpenVPN compatibility build (default: disabled)])],
- [ENABLED_OPENVPN=$enableval],
- [ENABLED_OPENVPN=no])
- # openresty compatibility build
- AC_ARG_ENABLE([openresty],
- [AS_HELP_STRING([--enable-openresty],[Enable openresty (default: disabled)])],
- [ ENABLED_OPENRESTY=$enableval ],
- [ ENABLED_OPENRESTY=no ]
- )
- # nginx compatibility build
- AC_ARG_ENABLE([nginx],
- [AS_HELP_STRING([--enable-nginx],[Enable nginx (default: disabled)])],
- [ ENABLED_NGINX=$enableval ],
- [ ENABLED_NGINX=no ]
- )
- # chrony support. Needs the compatibility layer for SNI callback functionality,
- # but otherwise uses pure wolfCrypt.
- AC_ARG_ENABLE([chrony],
- [AS_HELP_STRING([--enable-chrony],[Enable chrony support (default: disabled)])],
- [ ENABLED_CHRONY=$enableval ],
- [ ENABLED_CHRONY=no ]
- )
- if test "$ENABLED_CHRONY" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
- fi
- if test "$ENABLED_OPENRESTY" = "yes"
- then
- ENABLED_NGINX="yes"
- fi
- # lighty Support
- AC_ARG_ENABLE([lighty],
- [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
- [ ENABLED_LIGHTY=$enableval ],
- [ ENABLED_LIGHTY=no ]
- )
- # rsyslog Support
- AC_ARG_ENABLE([rsyslog],
- [AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])],
- [ ENABLED_RSYSLOG=$enableval ],
- [ ENABLED_RSYSLOG=no ]
- )
- # haproxy compatibility build
- AC_ARG_ENABLE([haproxy],
- [AS_HELP_STRING([--enable-haproxy],[Enable haproxy (default: disabled)])],
- [ ENABLED_HAPROXY=$enableval ],
- [ ENABLED_HAPROXY=no ]
- )
- # wpa_supplicant support
- AC_ARG_ENABLE([wpas],
- [AS_HELP_STRING([--enable-wpas],[Enable wpa_supplicant support (default: disabled)])],
- [ ENABLED_WPAS=$enableval ],
- [ ENABLED_WPAS=no ]
- )
- # wpa_supplicant support
- AC_ARG_ENABLE([wpas-dpp],
- [AS_HELP_STRING([--enable-wpas-dpp],[Enable wpa_supplicant support with dpp (default: disabled)])],
- [ ENABLED_WPAS_DPP=$enableval ],
- [ ENABLED_WPAS_DPP=no ]
- )
- # ntp support
- AC_ARG_ENABLE([ntp],
- [AS_HELP_STRING([--enable-ntp],[Enable ntp support (default: disabled)])],
- [ ENABLED_NTP=$enableval ],
- [ ENABLED_NTP=no ]
- )
- if test "$ENABLED_WPAS_DPP" = "yes"
- then
- ENABLED_WPAS="yes"
- fi
- # Fortress build
- AC_ARG_ENABLE([fortress],
- [AS_HELP_STRING([--enable-fortress],[Enable SSL fortress build (default: disabled)])],
- [ ENABLED_FORTRESS=$enableval ],
- [ ENABLED_FORTRESS=no ]
- )
- # libwebsockets Support
- AC_ARG_ENABLE([libwebsockets],
- [AS_HELP_STRING([--enable-libwebsockets],[Enable libwebsockets (default: disabled)])],
- [ ENABLED_LIBWEBSOCKETS=$enableval ],
- [ ENABLED_LIBWEBSOCKETS=no ]
- )
- if test "$ENABLED_LIBWEBSOCKETS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_NO_EC"
- fi
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_FORTRESS="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH -DHAVE_EX_DATA -DWOLFSSL_BASE16"
- fi
- # net-snmp Build
- AC_ARG_ENABLE([net-snmp],
- [AS_HELP_STRING([--enable-net-snmp],[Enable net-snmp (default: disabled)])],
- [ ENABLED_NETSNMP=$enableval ],
- [ ENABLED_NETSNMP=no ]
- )
- # kerberos 5 Build
- AC_ARG_ENABLE([krb],
- [AS_HELP_STRING([--enable-krb],[Enable kerberos 5 support (default: disabled)])],
- [ ENABLED_KRB=$enableval ],
- [ ENABLED_KRB=no ]
- )
- # FFmpeg Build
- AC_ARG_ENABLE([ffmpeg],
- [AS_HELP_STRING([--enable-ffmpeg],[Enable FFmpeg support (default: disabled)])],
- [ ENABLED_FFMPEG=$enableval ],
- [ ENABLED_FFMPEG=no ]
- )
- #IP alternative name Support
- AC_ARG_ENABLE([ip-alt-name],
- [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])],
- [ ENABLE_IP_ALT_NAME=$enableval ],
- [ ENABLE_IP_ALT_NAME=no ]
- )
- if test "$ENABLE_IP_ALT_NAME" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME"
- fi
- #Qt Support
- AC_ARG_ENABLE([qt],
- [AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])],
- [ ENABLED_QT=$enableval ],
- [ ENABLED_QT=no ]
- )
- # ssl bump build
- AC_ARG_ENABLE([bump],
- [AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])],
- [ ENABLED_BUMP=$enableval ],
- [ ENABLED_BUMP=no ]
- )
- # SNIFFER
- AC_ARG_ENABLE([sniffer],
- [AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])],
- [ ENABLED_SNIFFER=$enableval ],
- [ ENABLED_SNIFFER=no ]
- )
- # signal compatibility build
- AC_ARG_ENABLE([signal],
- [AS_HELP_STRING([--enable-signal],[Enable signal (default: disabled)])],
- [ ENABLED_SIGNAL=$enableval ],
- [ ENABLED_SIGNAL=no ]
- )
- # strongSwan support
- AC_ARG_ENABLE([strongswan],
- [AS_HELP_STRING([--enable-strongswan],[Enable strongSwan support (default: disabled)])],
- [ ENABLED_STRONGSWAN=$enableval ],
- [ ENABLED_STRONGSWAN=no ]
- )
- # OpenSSL Coexist
- AC_ARG_ENABLE([opensslcoexist],
- [AS_HELP_STRING([--enable-opensslcoexist],[Enable coexistence of wolfssl/openssl (default: disabled)])],
- [ ENABLED_OPENSSLCOEXIST=$enableval ],
- [ ENABLED_OPENSSLCOEXIST=no ]
- )
- if test "x$ENABLED_OPENSSLCOEXIST" = "xyes" || test "$ENABLED_WOLFENGINE" = "yes"
- then
- # make sure old names are disabled
- enable_oldnames=no
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COEXIST"
- fi
- # S/MIME
- AC_ARG_ENABLE([smime],
- [AS_HELP_STRING([--enable-smime],[Enable S/MIME (default: disabled)])],
- [ ENABLED_SMIME=$enableval ],
- [ ENABLED_SMIME=no ]
- )
- # Platform Security Architecture (PSA)
- AC_ARG_ENABLE([psa],
- [AS_HELP_STRING([--enable-psa],[use Platform Security Architecture (PSA) interface (default: disabled)])],
- [ ENABLED_PSA=$enableval ],
- [ ENABLED_PSA=no ]
- )
- AC_ARG_WITH([psa-include],
- [AS_HELP_STRING([--with-psa-include=PATH],
- [PATH to directory with PSA header files])],
- [PSA_INCLUDE=$withval],
- [PSA_INCLUDE=""])
- AC_ARG_WITH([psa-lib],
- [AS_HELP_STRING([--with-psa-lib=PATH],[PATH to directory with the PSA library])],
- [PSA_LIB=$withval],
- [PSA_LIB=""])
- AC_ARG_WITH([psa-lib-name],
- [AS_HELP_STRING([--with-psa-lib-name=NAME],[NAME of PSA library])],
- [PSA_LIB_NAME=$withval],
- [PSA_LIB_NAME=""])
- AC_ARG_ENABLE([psa-lib-static],
- [AS_HELP_STRING([--enable-psa-lib-static],[Link PSA as static library (default: disable)])],
- [ ENABLED_PSA_STATIC=$enableval ],
- [ ENABLED_PSA_STATIC=no ]
- )
- if test "x$ENABLED_PSA" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_PSA"
- fi
- if test "x$ENABLED_PSA" != "xyes" && \
- (test "x$PSA_LIB"! = "x" || test "x$PSA_INCLUDE" != "x" || test "x$PSA_LIB_NAME" != "x" )
- then
- AC_MSG_ERROR([to use PSA you need to enable it with --enable-psa])
- fi
- if test -n "$PSA_LIB"
- then
- AC_MSG_CHECKING([for $PSA_LIB])
- if ! test -d "$PSA_LIB"
- then
- AC_MSG_ERROR([PSA lib dir $PSA_LIB not found.])
- fi
- AC_MSG_RESULT([yes])
- AM_LDFLAGS="$AM_LDFLAGS -L$PSA_LIB"
- fi
- if test -n "$PSA_LIB_NAME"
- then
- if test "x$ENABLED_PSA_STATIC" = "xyes"
- then
- LIB_STATIC_ADD="$LIB_STATIC_ADD $PSA_LIB/$PSA_LIB_NAME"
- else
- LIB_ADD="$LIB_ADD -l$PSA_LIB_NAME"
- fi
- fi
- if test -n "$PSA_INCLUDE"
- then
- AC_MSG_CHECKING([for $PSA_INCLUDE])
- if ! test -d "$PSA_INCLUDE"
- then
- AC_MSG_ERROR([psa include dir $PSA_INCLUDE not found.])
- fi
- AC_MSG_RESULT([yes])
- AM_CFLAGS="$AM_CFLAGS -I$PSA_INCLUDE"
- fi
- AC_SUBST([PSA_LIB])
- AC_SUBST([PSA_LIB_NAME])
- AC_SUBST([PSA_INCLUDE])
- # OPENSSL Compatibility ALL
- AC_ARG_ENABLE([opensslall],
- [AS_HELP_STRING([--enable-opensslall],[Enable all OpenSSL API, size++ (default: disabled)])],
- [ ENABLED_OPENSSLALL=$enableval ],
- [ ENABLED_OPENSSLALL=no ]
- )
- if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
- test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || \
- test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || \
- test "$ENABLED_NTP" = "yes" || test "$ENABLED_NETSNMP" = "yes" || \
- test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
- test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
- test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes"
- then
- ENABLED_OPENSSLALL="yes"
- fi
- # OPENSSL Extra Compatibility
- AC_ARG_ENABLE([opensslextra],
- [AS_HELP_STRING([--enable-opensslextra],[Enable extra OpenSSL API, size+ (default: disabled)])],
- [ ENABLED_OPENSSLEXTRA=$enableval ],
- [ ENABLED_OPENSSLEXTRA=no ]
- )
- # One Error Queue per Thread
- AC_ARG_ENABLE([error-queue-per-thread],
- [AS_HELP_STRING([--enable-error-queue-per-thread],[Enable one error queue per thread. Requires thread local storage. (default: disabled)])],
- [ ENABLED_ERRORQUEUEPERTHREAD=$enableval ],
- [ ENABLED_ERRORQUEUEPERTHREAD=no ]
- )
- if test "$ENABLED_ERRORQUEUEPERTHREAD" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DERROR_QUEUE_PER_THREAD"
- fi
- # High Strength Build
- AC_ARG_ENABLE([maxstrength],
- [AS_HELP_STRING([--enable-maxstrength],[Enable Max Strength build, allows TLSv1.2-AEAD-PFS ciphers only (default: disabled)])],
- [ENABLED_MAXSTRENGTH=$enableval],
- [ENABLED_MAXSTRENGTH=no])
- # Harden, enable Timing Resistance and Blinding by default
- AC_ARG_ENABLE([harden],
- [AS_HELP_STRING([--enable-harden],[Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)])],
- [ENABLED_HARDEN=$enableval],
- [ENABLED_HARDEN=yes])
- if test "$ENABLED_HARDEN" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT"
- if test "$ENABLED_RNG" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWC_RSA_BLINDING"
- fi
- else
- AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
- fi
- # IPv6 Test Apps
- AC_ARG_ENABLE([ipv6],
- [AS_HELP_STRING([--enable-ipv6],[Enable testing of IPV6 (default: disabled)])],
- [ ENABLED_IPV6=$enableval ],
- [ ENABLED_IPV6=no ]
- )
- if test "$ENABLED_IPV6" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DTEST_IPV6 -DWOLFSSL_IPV6"
- fi
- if test "$ENABLED_WPAS" = "small"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS_SMALL"
- fi
- if test "$ENABLED_WPAS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
- fi
- if test "$ENABLED_WPAS" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
- AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
- AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT"
- AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL"
- AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
- fi
- if test "$ENABLED_FORTRESS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
- fi
- if test "$ENABLED_BUMP" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
- DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
- fi
- ENABLED_SLOWMATH="yes"
- # lean psk build
- AC_ARG_ENABLE([leanpsk],
- [AS_HELP_STRING([--enable-leanpsk],[Enable Lean PSK build (default: disabled)])],
- [ ENABLED_LEANPSK=$enableval ],
- [ ENABLED_LEANPSK=no ]
- )
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANPSK -DWOLFSSL_STATIC_PSK -DHAVE_NULL_CIPHER -DSINGLE_THREADED -DNO_AES -DNO_FILESYSTEM -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD4 -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_WRITEV -DNO_DEV_RANDOM -DWOLFSSL_USER_IO -DNO_SHA"
- ENABLED_SLOWMATH="no"
- ENABLED_SINGLETHREADED="yes"
- enable_lowresource=yes
- fi
- # lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir)
- AC_ARG_ENABLE([leantls],
- [AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])],
- [ ENABLED_LEANTLS=$enableval ],
- [ ENABLED_LEANTLS=no ]
- )
- if test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LEANTLS -DNO_WRITEV -DHAVE_ECC -DTFM_ECC256 -DECC_USER_CURVES -DNO_WOLFSSL_SERVER -DNO_RSA -DNO_DSA -DNO_DH -DNO_PWDBASED -DNO_MD5 -DNO_ERROR_STRINGS -DNO_OLD_TLS -DNO_RC4 -DNO_SHA -DNO_PSK -DNO_WOLFSSL_MEMORY -DNO_WOLFSSL_CM_VERIFY"
- enable_lowresource=yes
- fi
- # low resource options to reduce flash and memory use
- AC_ARG_ENABLE([lowresource],
- [AS_HELP_STRING([--enable-lowresource],[Enable low resource options for memory/flash (default: disabled)])],
- [ ENABLED_LOWRESOURCE=$enableval ],
- [ ENABLED_LOWRESOURCE=no ]
- )
- if test "$ENABLED_LOWRESOURCE" = "yes"
- then
- # low memory / flash flags
- AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE -DRSA_LOW_MEM -DGCM_SMALL -DCURVE25519_SMALL -DED25519_SMALL -DWOLFSSL_SMALL_CERT_VERIFY -DWOLFSSL_NO_ASYNC_IO"
- # low flash flags
- AM_CFLAGS="$AM_CFLAGS -DUSE_SLOW_SHA -DUSE_SLOW_SHA256 -DUSE_SLOW_SHA512"
- fi
- # TITAN cache
- AC_ARG_ENABLE([titancache],
- [AS_HELP_STRING([--enable-titancache],[Enable titan session cache (default: disabled)])],
- [ ENABLED_TITANCACHE=$enableval ],
- [ ENABLED_TITANCACHE=no ]
- )
- if test "$ENABLED_TITANCACHE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DTITAN_SESSION_CACHE"
- fi
- # HUGE cache
- AC_ARG_ENABLE([hugecache],
- [AS_HELP_STRING([--enable-hugecache],[Enable huge session cache (default: disabled)])],
- [ ENABLED_HUGECACHE=$enableval ],
- [ ENABLED_HUGECACHE=no ]
- )
- if test "$ENABLED_HUGECACHE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHUGE_SESSION_CACHE"
- fi
- # big cache
- AC_ARG_ENABLE([bigcache],
- [AS_HELP_STRING([--enable-bigcache],[Enable big session cache (default: disabled)])],
- [ ENABLED_BIGCACHE=$enableval ],
- [ ENABLED_BIGCACHE=no ]
- )
- if test "$ENABLED_BIGCACHE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DBIG_SESSION_CACHE"
- fi
- # SMALL cache
- AC_ARG_ENABLE([smallcache],
- [AS_HELP_STRING([--enable-smallcache],[Enable small session cache (default: disabled)])],
- [ ENABLED_SMALLCACHE=$enableval ],
- [ ENABLED_SMALLCACHE=no ]
- )
- if test "$ENABLED_SMALLCACHE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
- fi
- # Persistent session cache
- AC_ARG_ENABLE([savesession],
- [AS_HELP_STRING([--enable-savesession],[Enable persistent session cache (default: disabled)])],
- [ ENABLED_SAVESESSION=$enableval ],
- [ ENABLED_SAVESESSION=no ]
- )
- if test "$ENABLED_SAVESESSION" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
- fi
- # Persistent cert cache
- AC_ARG_ENABLE([savecert],
- [AS_HELP_STRING([--enable-savecert],[Enable persistent cert cache (default: disabled)])],
- [ ENABLED_SAVECERT=$enableval ],
- [ ENABLED_SAVECERT=no ]
- )
- if test "$ENABLED_SAVECERT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
- fi
- # Write duplicate WOLFSSL object
- AC_ARG_ENABLE([writedup],
- [AS_HELP_STRING([--enable-writedup],[Enable write duplication of WOLFSSL objects (default: disabled)])],
- [ ENABLED_WRITEDUP=$enableval ],
- [ ENABLED_WRITEDUP=no ]
- )
- if test "$ENABLED_WRITEDUP" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_WRITE_DUP"
- fi
- # Atomic User Record Layer
- AC_ARG_ENABLE([atomicuser],
- [AS_HELP_STRING([--enable-atomicuser],[Enable Atomic User Record Layer (default: disabled)])],
- [ ENABLED_ATOMICUSER=$enableval ],
- [ ENABLED_ATOMICUSER=no ]
- )
- if test "$ENABLED_ATOMICUSER" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
- fi
- # Public Key Callbacks
- AC_ARG_ENABLE([pkcallbacks],
- [AS_HELP_STRING([--enable-pkcallbacks],[Enable Public Key Callbacks (default: disabled)])],
- [ ENABLED_PKCALLBACKS=$enableval ],
- [ ENABLED_PKCALLBACKS=no ]
- )
- if test "$ENABLED_PKCALLBACKS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
- fi
- # Microchip/Atmel CryptoAuthLib
- ENABLED_CRYPTOAUTHLIB="no"
- trylibatcadir=""
- AC_ARG_WITH([cryptoauthlib],
- [AS_HELP_STRING([--with-cryptoauthlib=PATH],[PATH to CryptoAuthLib install (default /usr/)])],
- [
- AC_MSG_CHECKING([for cryptoauthlib])
- CPPFLAGS="$CPPFLAGS -DWOLFSSL_ATECC508A"
- LIBS="$LIBS -lcryptoauth"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
- if test "x$libatca_linked" = "xno" ; then
- if test "x$withval" != "xno" ; then
- trylibatcadir=$withval
- fi
- if test "x$withval" = "xyes" ; then
- trylibatcadir="/usr"
- fi
- LDFLAGS="$LDFLAGS -L$trylibatcadir/lib"
- CPPFLAGS="$CPPFLAGS -I$trylibatcadir/lib"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <cryptoauthlib.h>]], [[ atcab_init(0); ]])],[ libatca_linked=yes ],[ libatca_linked=no ])
- if test "x$libatca_linked" = "xno" ; then
- AC_MSG_ERROR([cryptoauthlib isn't found.
- If it's already installed, specify its path using --with-cryptoauthlib=/dir/])
- fi
- AM_LDFLAGS="$AM_LDFLAGS -L$trylibatcadir/lib"
- AM_CFLAGS="$AM_CFLAGS -I$trylibatcadir/lib"
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([yes])
- fi
- ENABLED_CRYPTOAUTHLIB="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ATECC508A"
- ]
- )
- # NXP SE050
- # Example: "./configure --with-se050=/home/pi/simw_top"
- ENABLED_SE050="no"
- trylibse050dir=""
- AC_ARG_WITH([se050],
- [AS_HELP_STRING([--with-se050=PATH],[PATH to SE050 install (default /usr/local/lib/)])],
- [
- AC_MSG_CHECKING([for SE050])
- LIBS="$LIBS -lSSS_APIs"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0);]])],[ libse050_linked=yes ],[ libse050_linked=no ])
- if test "x$libse050_linked" = "xno" ; then
- if test "x$withval" != "xno" ; then
- trylibse050dir=$withval
- fi
- if test "x$withval" = "xyes" ; then
- trylibse050dir="/usr/local/lib/"
- fi
- LDFLAGS="$LDFLAGS -L$trylibse050dir/build/sss"
- CPPFLAGS="$CPPFLAGS -I$trylibse050dir/build"
- CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/inc"
- CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/ex/inc"
- CPPFLAGS="$CPPFLAGS -I$trylibse050dir/sss/port/default"
- CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/inc"
- CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/log/"
- CPPFLAGS="$CPPFLAGS -I$trylibse050dir/hostlib/hostLib/libCommon/infra"
- if test -e "$trylibse050dir/build/sss/libSSS_APIs.a"; then
- SE050_STATIC=yes
- else
- SE050_STATIC=no
- fi
- if test "x$SE050_STATIC" = "xyes"; then
- LIB_STATIC_ADD="$trylibse050dir/build/sss/ex/src/libex_common.a \
- $trylibse050dir/build/sss/libSSS_APIs.a \
- $trylibse050dir/build/hostlib/hostLib/se05x/libse05x.a \
- $trylibse050dir/build/hostlib/hostLib/liba7x_utils.a \
- $trylibse050dir/build/hostlib/hostLib/libCommon/log/libmwlog.a \
- $trylibse050dir/build/hostlib/hostLib/libCommon/libsmCom.a $LIB_STATIC_ADD"
- else
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <fsl_sss_api.h>]], [[ sss_mac_init(0); ]])],[ libse050_linked=yes ],[ libse050_linked=no ])
- if test "x$libse050_linked" = "xno" ; then
- AC_MSG_ERROR([SE050 isn't found.
- If it's already installed, specify its path using --with-se050=/dir/])
- fi
- fi
- # Requires AES direct
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
- # Does not support SHA2-512 224/256
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([yes])
- fi
- ENABLED_SE050="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SE050 -DSSS_USE_FTR_FILE"
- ]
- )
- ENABLED_SNIFFTEST=no
- AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
- [
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SNIFFER -DWOLFSSL_STATIC_EPHEMERAL"
- AC_CHECK_HEADERS([pcap/pcap.h],
- [ ENABLED_SNIFFTEST=yes ],
- [ AC_MSG_WARN([cannot enable sniffer test without having libpcap available.]) ]
- )
- ])
- # AES-CBC
- AC_ARG_ENABLE([aescbc],
- [AS_HELP_STRING([--enable-aescbc],[Enable wolfSSL AES-CBC support (default: enabled)])],
- [ ENABLED_AESCBC=$enableval ],
- [ ENABLED_AESCBC=yes ]
- )
- if test "$ENABLED_AESCBC" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
- fi
- # AES-CBC length checks (checks that input lengths are multiples of block size)
- AC_ARG_ENABLE([aescbc_length_checks],
- [AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])],
- [ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ],
- [ ENABLED_AESCBC_LENGTH_CHECKS=no ]
- )
- if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS"
- fi
- # leanpsk and leantls don't need gcm
- # AES-GCM
- AC_ARG_ENABLE([aesgcm],
- [AS_HELP_STRING([--enable-aesgcm],[Enable wolfSSL AES-GCM support (default: enabled)])],
- [ ENABLED_AESGCM=$enableval ],
- [ ENABLED_AESGCM=yes ]
- )
- AC_ARG_ENABLE([aesgcm-stream],
- [AS_HELP_STRING([--enable-aesgcm-stream],[Enable wolfSSL AES-GCM support with streaming APIs (default: disabled)])],
- [ ENABLED_AESGCM_STREAM=$enableval ],
- [ ENABLED_AESGCM_STREAM=no ]
- )
- # leanpsk and leantls don't need gcm
- if test "$FIPS_VERSION" = "rand" || test "$ENABLED_LEANPSK" = "yes" ||
- (test "$ENABLED_LEANTLS" = "yes" && test "$ENABLED_TLS13" = "no")
- then
- ENABLED_AESGCM=no
- fi
- if test "$ENABLED_AESGCM" = "yes" && test "$ac_cv_c_bigendian" != "yes"
- then
- ENABLED_AESGCM="4bit"
- fi
- # AES-CCM
- AC_ARG_ENABLE([aesccm],
- [AS_HELP_STRING([--enable-aesccm],[Enable wolfSSL AES-CCM support (default: disabled)])],
- [ ENABLED_AESCCM=$enableval ],
- [ ENABLED_AESCCM=no ]
- )
- if test "$ENABLED_AESCCM" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"
- fi
- # AES-SIV (RFC 5297)
- AC_ARG_ENABLE([aessiv],
- [AS_HELP_STRING([--enable-aessiv],[Enable AES-SIV (RFC 5297) (default: disabled)])],
- [ ENABLED_AESSIV=$enableval ],
- [ ENABLED_AESSIV=no ]
- )
- if test "$ENABLED_CHRONY" = "yes"
- then
- ENABLED_AESSIV=yes
- fi
- # AES-CTRf
- AC_ARG_ENABLE([aesctr],
- [AS_HELP_STRING([--enable-aesctr],[Enable wolfSSL AES-CTR support (default: disabled)])],
- [ ENABLED_AESCTR=$enableval ],
- [ ENABLED_AESCTR=no ]
- )
- if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
- then
- ENABLED_AESCTR=yes
- fi
- # AES-OFB
- AC_ARG_ENABLE([aesofb],
- [AS_HELP_STRING([--enable-aesofb],[Enable wolfSSL AES-OFB support (default: disabled)])],
- [ ENABLED_AESOFB=$enableval ],
- [ ENABLED_AESOFB=no ]
- )
- if test "$ENABLED_AESOFB" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB -DWOLFSSL_AES_DIRECT"
- fi
- # AES-CFB
- AC_ARG_ENABLE([aescfb],
- [AS_HELP_STRING([--enable-aescfb],[Enable wolfSSL AES-CFB support (default: disabled)])],
- [ ENABLED_AESCFB=$enableval ],
- [ ENABLED_AESCFB=no ]
- )
- if test "$ENABLED_AESCFB" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
- fi
- ENABLED_ARMASM_INLINE="no"
- ENABLED_ARMASM_SHA3="no"
- # ARM Assembly
- # Both SHA3 and SHA512 instructions available with ARMV8.2-a
- AC_ARG_ENABLE([armasm],
- [AS_HELP_STRING([--enable-armasm],[Enable wolfSSL ARMv8 ASM support (default: disabled). Set to sha512-crypto or sha3-crypto to use SHA512 and SHA3 instructions with Aarch64 CPU.])],
- [ ENABLED_ARMASM=$enableval ],
- [ ENABLED_ARMASM=no ]
- )
- if test "$ENABLED_ARMASM" != "no" && test "$ENABLED_ASM" = "yes"
- then
- for v in `echo $ENABLED_ARMASM | tr "," " "`
- do
- case $v in
- yes)
- ;;
- inline)
- ENABLED_ARMASM_INLINE=yes
- ;;
- sha512-crypto | sha3-crypto)
- case $host_cpu in
- *aarch64*)
- ;;
- *)
- AC_MSG_ERROR([SHA512/SHA3 instructions only available on Aarch64 CPU.])
- break;;
- esac
- ENABLED_ARMASM_SHA3=yes
- ;;
- *)
- AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, sha512-crypto, sha3-crypto): $ENABLED_ARMASM.])
- break;;
- esac
- done
- ENABLED_ARMASM="yes"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW"
- #Check if mcpu and mfpu values already set if not use default
- case $CPPFLAGS in
- *mcpu* | *mfpu*)
- break;; #Do not override user set values
- *)
- case $host_cpu in
- *aarch64*)
- case $host_os in
- *darwin*)
- # All known Aarch64 Mac computers support SHA-512 instructions
- ENABLED_ARMASM_SHA3=yes
- ;;
- *)
- # +crypto needed for hardware acceleration
- if test "$ENABLED_ARMASM_SHA3" = "yes"; then
- AM_CPPFLAGS="$AM_CPPFLAGS -march=armv8.2-a+crypto+sha3"
- else
- AM_CPPFLAGS="$AM_CPPFLAGS -mcpu=generic+crypto"
- fi
- ;;
- esac
- # Include options.h
- AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
- # Check for and set -mstrict-align compiler flag
- # Used to set assumption that Aarch64 systems will not handle
- # unaligned memory references. The flag -mstrict-align is needed
- # on some compiler versions to avoid an invalid addressing mode
- # error with "m" constraint variables in the inline assembly AES
- # code. Even though unaligned load/store access is permitted on
- # normal memory with Cortex-A series boards with the exception
- # being exclusive and ordered access.
- case $CPPFLAGS in
- *mstrict-align*)
- break;; # already set by user
- *)
- AM_CPPFLAGS="$AM_CPPFLAGS -mstrict-align"
- AC_MSG_NOTICE([64bit ARMv8, setting -mstrict-align]);;
- esac
- AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]);;
- *)
- AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8"
- # Include options.h
- AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
- AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]);;
- esac
- esac
- fi
- if test "$ENABLED_ARMASM_SHA3" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3"
- fi
- # Xilinx hardened crypto
- AC_ARG_ENABLE([xilinx],
- [AS_HELP_STRING([--enable-xilinx],[Enable wolfSSL support for Xilinx hardened crypto(default: disabled)])],
- [ ENABLED_XILINX=$enableval ],
- [ ENABLED_XILINX=no ]
- )
- if test "$ENABLED_XILINX" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_XILINX -DWOLFSSL_XILINX_CRYPT"
- fi
- # CAAM build
- trylibsecodir="/usr"
- AC_ARG_WITH([seco],
- [AS_HELP_STRING([--with-seco=PATH],[PATH to SECO install (default /usr/lib/)])],
- [
- AC_MSG_CHECKING([for SECO])
- if test "x$withval" != "xno" ; then
- trylibsecodir=$withval
- fi
- ]
- )
- AC_ARG_ENABLE([caam],
- [AS_HELP_STRING([--enable-caam],[Enable wolfSSL support for CAAM (default: disabled)])],
- [ ENABLED_CAAM=$enableval ],
- [ ENABLED_CAAM=no ]
- )
- if test "$ENABLED_CAAM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_IMX6_CAAM"
- fi
- if test "$ENABLED_CAAM" = "qnx"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_IMX6_CAAM -DWOLFSSL_QNX_CAAM"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_ECC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CMAC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CIPHER"
- fi
- if test "$ENABLED_CAAM" = "seco"
- then
- SECO_DIR=$trylibsecodir
- AM_CPPFLAGS="$AM_CPPFLAGS -I$SECO_DIR/include"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM -DWOLFSSL_SECO_CAAM -DWOLFSSL_HASH_KEEP"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_ECC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CMAC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CIPHER"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_HMAC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_HASH"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CAAM_CURVE25519"
- AC_CHECK_LIB([hsm_lib],[hsm_open_session])
- AC_CHECK_LIB([seco_nvm_manager],[seco_nvm_manager])
- LIB_STATIC_ADD="$LIB_STATIC_ADD $SECO_DIR/lib/hsm_lib.a $SECO_DIR/lib/seco_nvm_manager.a"
- LIB_ADD="$LIB_ADD -lz"
- fi
- # INTEL AES-NI
- AC_ARG_ENABLE([aesni],
- [AS_HELP_STRING([--enable-aesni],[Enable wolfSSL AES-NI support (default: disabled)])],
- [ ENABLED_AESNI=$enableval ],
- [ ENABLED_AESNI=no ]
- )
- # INTEL ASM
- AC_ARG_ENABLE([intelasm],
- [AS_HELP_STRING([--enable-intelasm],[Enable All Intel ASM speedups (default: disabled)])],
- [ ENABLED_INTELASM=$enableval ],
- [ ENABLED_INTELASM=no ]
- )
- if test "$ENABLED_ASM" = "yes"
- then
- if test "$ENABLED_AESNI" = "small"
- then
- AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
- ENABLED_AESNI=yes
- fi
- if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
- if test "$GCC" = "yes"
- then
- # clang needs these flags
- if test "$CC" = "clang"
- then
- AM_CFLAGS="$AM_CFLAGS -maes -mpclmul"
- else
- # GCC needs these flags, icc doesn't
- # opt levels greater than 2 may cause problems on systems w/o
- # aesni
- if test "$CC" != "icc"
- then
- AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
- fi
- fi
- fi
- AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
- fi
- if test "$ENABLED_INTELASM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DUSE_INTEL_SPEEDUP"
- ENABLED_AESNI=yes
- fi
- fi
- AC_ARG_ENABLE([aligndata],
- [AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])],
- [ ENABLED_ALIGN_DATA=$enableval ],
- [ ENABLED_ALIGN_DATA=yes ]
- )
- if test "$ENABLED_ALIGN_DATA" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_ALIGN"
- fi
- # INTEL RDRAND
- AC_ARG_ENABLE([intelrand],
- [AS_HELP_STRING([--enable-intelrand],[Enable Intel rdrand as preferred RNG source (default: disabled)])],
- [ ENABLED_INTELRDRAND=$enableval ],
- [ ENABLED_INTELRDRAND=no ]
- )
- if test "$ENABLED_INTELRDRAND" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
- fi
- # AMD RDSEED
- AC_ARG_ENABLE([amdrand],
- [AS_HELP_STRING([--enable-amdrand],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])],
- [ ENABLED_AMDRDSEED=$enableval ],
- [ ENABLED_AMDRDSEED=no ]
- )
- if test "$ENABLED_AMDRDSEED" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AMD_RDSEED"
- fi
- # Linux af_alg
- AC_ARG_ENABLE([afalg],
- [AS_HELP_STRING([--enable-afalg],[Enable Linux af_alg use for crypto (default: disabled)])],
- [ ENABLED_AFALG=$enableval ],
- [ ENABLED_AFALG=no ]
- )
- if test "$ENABLED_AFALG" = "yes"
- then
- if test "$ENABLED_AESCCM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH"
- fi
- if test "$ENABLED_AFALG" = "xilinx"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3 -DWOLFSSL_AFALG_XILINX_RSA"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
- ENABLED_AFALG="yes"
- ENABLED_XILINX="yes"
- fi
- if test "$ENABLED_AFALG" = "xilinx-aes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX -DWOLFSSL_AFALG_XILINX_AES"
- ENABLED_AFALG="yes"
- ENABLED_XILINX="yes"
- fi
- if test "$ENABLED_AFALG" = "xilinx-sha3"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_SHA3"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA3_224 -DWOLFSSL_NOSHA3_256 -DWOLFSSL_NOSHA3_512"
- ENABLED_AFALG="yes"
- ENABLED_XILINX="yes"
- fi
- if test "$ENABLED_AFALG" = "xilinx-rsa"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_XILINX_RSA"
- ENABLED_AFALG="yes"
- ENABLED_XILINX="yes"
- fi
- # libkcapi
- AC_ARG_ENABLE([kcapi-hash],
- [AS_HELP_STRING([--enable-kcapi-hash],[Enable libkcapi use for hashing (default: disabled)])],
- [ ENABLED_KCAPI_HASH=$enableval ],
- [ ENABLED_KCAPI_HASH=no ]
- )
- AC_ARG_ENABLE([kcapi-hmac],
- [AS_HELP_STRING([--enable-kcapi-hmac],[Enable libkcapi use for HMAC (default: disabled)])],
- [ ENABLED_KCAPI_HMAC=$enableval ],
- [ ENABLED_KCAPI_HMAC=no ]
- )
- AC_ARG_ENABLE([kcapi-aes],
- [AS_HELP_STRING([--enable-kcapi-aes],[Enable libkcapi use for AES (default: disabled)])],
- [ ENABLED_KCAPI_AES=$enableval ],
- [ ENABLED_KCAPI_AES=no ]
- )
- AC_ARG_ENABLE([kcapi-rsa],
- [AS_HELP_STRING([--enable-kcapi-rsa],[Enable libkcapi use for RSA (default: disabled)])],
- [ ENABLED_KCAPI_RSA=$enableval ],
- [ ENABLED_KCAPI_RSA=no ]
- )
- AC_ARG_ENABLE([kcapi-dh],
- [AS_HELP_STRING([--enable-kcapi-dh],[Enable libkcapi use for DH (default: disabled)])],
- [ ENABLED_KCAPI_DH=$enableval ],
- [ ENABLED_KCAPI_DH=no ]
- )
- AC_ARG_ENABLE([kcapi-ecc],
- [AS_HELP_STRING([--enable-kcapi-ecc],[Enable libkcapi use for ECC (default: disabled)])],
- [ ENABLED_KCAPI_ECC=$enableval ],
- [ ENABLED_KCAPI_ECC=no ]
- )
- AC_ARG_ENABLE([kcapi],
- [AS_HELP_STRING([--enable-kcapi],[Enable libkcapi use for crypto (default: disabled)])],
- [ ENABLED_KCAPI=$enableval ],
- [ ENABLED_KCAPI=no ]
- )
- if test "$ENABLED_KCAPI" = "yes"
- then
- AS_IF([test "$enable_kcapi_hash" != "no"], [ENABLED_KCAPI_HASH=yes])
- AS_IF([test "$enable_kcapi_hmac" != "no"], [ENABLED_KCAPI_HMAC=yes])
- AS_IF([test "$enable_kcapi_aes" != "no"], [ENABLED_KCAPI_AES=yes])
- AS_IF([test "$enable_kcapi_rsa" != "no"], [ENABLED_KCAPI_RSA=yes])
- AS_IF([test "$enable_kcapi_dh" != "no"], [ENABLED_KCAPI_DH=yes])
- AS_IF([test "$enable_kcapi_ecc" != "no"], [ENABLED_KCAPI_ECC=yes])
- fi
- if test "$ENABLED_KCAPI_HASH" != "no" ||
- test "$ENABLED_KCAPI_HMAC" != "no" ||
- test "$ENABLED_KCAPI_AES" != "no" ||
- test "$ENABLED_KCAPI_RSA" != "no" ||
- test "$ENABLED_KCAPI_DH" != "no" ||
- test "$ENABLED_KCAPI_ECC" != "no"
- then
- LIBS="$LIBS -lkcapi"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI"
- fi
- if test "$ENABLED_KCAPI_HASH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HASH -DWOLFSSL_KCAPI_HASH_KEEP"
- # Linux Kernel doesn't support truncated SHA512 algorithms
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
- fi
- if test "$ENABLED_KCAPI_HMAC" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_HMAC"
- fi
- if test "$ENABLED_KCAPI_AES" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_AES"
- HAVE_AESGCM_PORT=yes
- if test "$ENABLED_AESCCM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
- fi
- fi
- if test "$ENABLED_KCAPI_RSA" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_RSA"
- fi
- if test "$ENABLED_KCAPI_DH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_DH -DWOLFSSL_DH_EXTRA"
- fi
- if test "$ENABLED_KCAPI_ECC" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KCAPI_ECC"
- fi
- # Support for Linux dev/crypto calls
- AC_ARG_ENABLE([devcrypto],
- [AS_HELP_STRING([--enable-devcrypto],[Enable Linux dev crypto calls: all | aes (all aes support) | hash (all hash algos) | cbc (aes-cbc only) (default: disabled)])],
- [ ENABLED_DEVCRYPTO=$enableval ],
- [ ENABLED_DEVCRYPTO=no ]
- )
- if test "$ENABLED_DEVCRYPTO" = "yes" || test "$ENABLED_DEVCRYPTO" = "all"
- then
- #enable all devcrypto supported algorithms
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
- if test "$ENABLED_AESCCM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
- ENABLED_DEVCRYPTO=yes
- fi
- if test "$ENABLED_DEVCRYPTO" = "aes"
- then
- #enable only AES-CBC algorithm support
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_AES"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
- if test "$ENABLED_AESCCM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
- fi
- ENABLED_DEVCRYPTO=yes
- fi
- if test "$ENABLED_DEVCRYPTO" = "cbc"
- then
- #enable only AES-CBC algorithm support
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CBC"
- ENABLED_DEVCRYPTO=yes
- fi
- if test "$ENABLED_DEVCRYPTO" = "hash"
- then
- #enable only hash algorithm support
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_HASH_RAW"
- ENABLED_DEVCRYPTO=yes
- fi
- if test "$ENABLED_DEVCRYPTO" = "hmac"
- then
- #enable only hmac algorithm support
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HMAC"
- ENABLED_DEVCRYPTO=yes
- fi
- if test "$ENABLED_DEVCRYPTO" = "rsa"
- then
- #enable only rsa algorithm support
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_RSA"
- ENABLED_DEVCRYPTO=yes
- fi
- if test "$ENABLED_DEVCRYPTO" = "seco"
- then
- #enable support of devcrypto for algos not supported with seco
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HMAC"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_RSA"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_CURVE25519"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_ECDSA"
- ENABLED_DEVCRYPTO=yes
- fi
- # Camellia
- AC_ARG_ENABLE([camellia],
- [AS_HELP_STRING([--enable-camellia],[Enable wolfSSL Camellia support (default: disabled)])],
- [ ENABLED_CAMELLIA=$enableval ],
- [ ENABLED_CAMELLIA=no ]
- )
- if test "$ENABLED_CAMELLIA" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CAMELLIA"
- fi
- # MD2
- AC_ARG_ENABLE([md2],
- [AS_HELP_STRING([--enable-md2],[Enable wolfSSL MD2 support (default: disabled)])],
- [ ENABLED_MD2=$enableval ],
- [ ENABLED_MD2=no ]
- )
- if test "$ENABLED_BUMP" = "yes"
- then
- ENABLED_MD2="yes"
- fi
- if test "$ENABLED_MD2" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MD2"
- fi
- # NULL CIPHER
- AC_ARG_ENABLE([nullcipher],
- [AS_HELP_STRING([--enable-nullcipher],[Enable wolfSSL NULL cipher support (default: disabled)])],
- [ ENABLED_NULL_CIPHER=$enableval ],
- [ ENABLED_NULL_CIPHER=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_NULL_CIPHER="yes"
- fi
- if test "$ENABLED_NULL_CIPHER" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
- fi
- # RIPEMD
- AC_ARG_ENABLE([ripemd],
- [AS_HELP_STRING([--enable-ripemd],[Enable wolfSSL RIPEMD-160 support (default: disabled)])],
- [ ENABLED_RIPEMD=$enableval ],
- [ ENABLED_RIPEMD=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno"
- then
- ENABLED_RIPEMD="yes"
- fi
- if test "$ENABLED_RIPEMD" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RIPEMD"
- fi
- # BLAKE2
- AC_ARG_ENABLE([blake2],
- [AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])],
- [ ENABLED_BLAKE2=$enableval ],
- [ ENABLED_BLAKE2=no ]
- )
- if test "$ENABLED_BLAKE2" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2 -DHAVE_BLAKE2B"
- fi
- AC_ARG_ENABLE([blake2s],
- [AS_HELP_STRING([--enable-blake2s],[Enable wolfSSL BLAKE2s support (default: disabled)])],
- [ ENABLED_BLAKE2S=$enableval ],
- [ ENABLED_BLAKE2S=no ]
- )
- if test "$ENABLED_BLAKE2S" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S"
- ENABLED_BLAKE2="yes"
- fi
- # set sha224 default
- SHA224_DEFAULT=no
- if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
- then
- if test "x$ENABLED_AFALG" = "xno" && test "x$ENABLED_DEVCRYPTO" = "xno" &&
- ( test "x$ENABLED_FIPS" = "xno" ||
- ( test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" != 1 ) )
- then
- SHA224_DEFAULT=yes
- fi
- fi
- # SHA224
- AC_ARG_ENABLE([sha224],
- [AS_HELP_STRING([--enable-sha224],[Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)])],
- [ ENABLED_SHA224=$enableval ],
- [ ENABLED_SHA224=$SHA224_DEFAULT ]
- )
- if test "$ENABLED_SHA224" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"
- fi
- # set sha3 default
- SHA3_DEFAULT=no
- if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64") && test "$ENABLED_32BIT" = "no"
- then
- if test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -ge 2
- then
- SHA3_DEFAULT=yes
- fi
- fi
- # SHA3
- AC_ARG_ENABLE([sha3],
- [AS_HELP_STRING([--enable-sha3],[Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)])],
- [ ENABLED_SHA3=$enableval ],
- [ ENABLED_SHA3=$SHA3_DEFAULT ]
- )
- if test "$ENABLED_SHA3" = "small"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3_SMALL"
- ENABLED_SHA3="yes"
- fi
- # SHAKE256
- AC_ARG_ENABLE([shake256],
- [AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])],
- [ ENABLED_SHAKE256=$enableval ]
- [ ENABLED_SHAKE256=no ]
- )
- # SHA512
- AC_ARG_ENABLE([sha512],
- [AS_HELP_STRING([--enable-sha512],[Enable wolfSSL SHA-512 support (default: enabled)])],
- [ ENABLED_SHA512=$enableval ],
- [ ENABLED_SHA512=yes ]
- )
- # options that don't require sha512
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
- then
- ENABLED_SHA512="no"
- fi
- # options that require sha512
- if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
- then
- ENABLED_SHA512="yes"
- ENABLED_SHA384="yes"
- fi
- if test "$ENABLED_SHA512" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512"
- fi
- # SHA384
- AC_ARG_ENABLE([sha384],
- [AS_HELP_STRING([--enable-sha384],[Enable wolfSSL SHA-384 support (default: enabled)])],
- [ ENABLED_SHA384=$enableval ],
- [ ENABLED_SHA384=yes ]
- )
- # options that don't require sha384
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" || test "$ENABLED_32BIT" = "yes" || test "$ENABLED_16BIT" = "yes"
- then
- ENABLED_SHA384="no"
- fi
- # options that require sha384
- if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
- then
- ENABLED_SHA384="yes"
- fi
- if test "$ENABLED_SHA384" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA384"
- fi
- # SESSION CERTS
- AC_ARG_ENABLE([sessioncerts],
- [AS_HELP_STRING([--enable-sessioncerts],[Enable session cert storing (default: disabled)])],
- [ ENABLED_SESSIONCERTS=$enableval ],
- [ ENABLED_SESSIONCERTS=no ]
- )
- if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
- test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
- test "x$ENABLED_STRONGSWAN" = "xyes"
- then
- ENABLED_SESSIONCERTS=yes
- fi
- if test "$ENABLED_TLS13" = "yes" && test "$ENABLED_PSK" = "yes"
- then
- ENABLED_SESSIONCERTS=yes
- fi
- if test "$ENABLED_SESSIONCERTS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
- fi
- # KEY GENERATION
- AC_ARG_ENABLE([keygen],
- [AS_HELP_STRING([--enable-keygen],[Enable key generation (default: disabled)])],
- [ ENABLED_KEYGEN=$enableval ],
- [ ENABLED_KEYGEN=no ]
- )
- if test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || \
- test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_OPENRESTY" = "yes" || \
- test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WOLFENGINE" = "yes" || \
- test "$ENABLED_STRONGSWAN" = "yes"
- then
- ENABLED_KEYGEN=yes
- fi
- # CERT GENERATION
- AC_ARG_ENABLE([certgen],
- [AS_HELP_STRING([--enable-certgen],[Enable cert generation (default: disabled)])],
- [ ENABLED_CERTGEN=$enableval ],
- [ ENABLED_CERTGEN=no ]
- )
- if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || \
- test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || \
- test "$ENABLED_CHRONY" = "yes" || test "$ENABLED_STRONGSWAN" = "yes"
- then
- ENABLED_CERTGEN=yes
- fi
- # CERT REQUEST GENERATION
- AC_ARG_ENABLE([certreq],
- [AS_HELP_STRING([--enable-certreq],[Enable cert request generation (default: disabled)])],
- [ ENABLED_CERTREQ=$enableval ],
- [ ENABLED_CERTREQ=no ]
- )
- # CERT REQUEST EXTENSION
- AC_ARG_ENABLE([certext],
- [AS_HELP_STRING([--enable-certext],[Enable cert request extensions (default: disabled)])],
- [ ENABLED_CERTEXT=$enableval ],
- [ ENABLED_CERTEXT=no ]
- )
- if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_STRONGSWAN" = "yes"
- then
- ENABLED_CERTEXT=yes
- fi
- # DECODED CERT CACHE
- AC_ARG_ENABLE([certgencache],
- [AS_HELP_STRING([--enable-certgencache],[Enable decoded cert caching (default: disabled)])],
- [ ENABLED_certgencache=$enableval ],
- [ ENABLED_certgencache=no ]
- )
- if test "$ENABLED_certgencache" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN_CACHE"
- fi
- # SEP
- AC_ARG_ENABLE([sep],
- [AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])],
- [ ENABLED_SEP=$enableval ],
- [ ENABLED_SEP=no ]
- )
- if test "$ENABLED_SEP" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEP -DKEEP_PEER_CERT"
- fi
- # HKDF
- AC_ARG_ENABLE([hkdf],
- [AS_HELP_STRING([--enable-hkdf],[Enable HKDF (HMAC-KDF) support (default: disabled)])],
- [ ENABLED_HKDF=$enableval ],
- [ ENABLED_HKDF=no ]
- )
- if test "$ENABLED_TLS13" = "yes"
- then
- ENABLED_HKDF="yes"
- fi
- if test "$ENABLED_HKDF" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"
- fi
- # X9.63 KDF
- AC_ARG_ENABLE([x963kdf],
- [AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])],
- [ ENABLED_X963KDF=$enableval ],
- [ ENABLED_X963KDF=no ]
- )
- if test "$ENABLED_X963KDF" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
- fi
- # DSA
- AC_ARG_ENABLE([dsa],
- [AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])],
- [ ENABLED_DSA=$enableval ],
- [ ENABLED_DSA=no ]
- )
- if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
- then
- ENABLED_DSA="yes"
- fi
- if test "$ENABLED_DSA" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
- else
- ENABLED_CERTS=yes
- fi
- # ECC Shamir
- AC_ARG_ENABLE([eccshamir],
- [AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled)])],
- [ ENABLED_ECC_SHAMIR=$enableval ],
- [ ENABLED_ECC_SHAMIR=yes ]
- )
- # ECC
- AC_ARG_ENABLE([ecc],
- [AS_HELP_STRING([--enable-ecc],[Enable ECC (default: enabled)])],
- [ ENABLED_ECC=$enableval ],
- [ ENABLED_ECC=yes ]
- )
- # lean psk doesn't need ecc
- if test "$ENABLED_LEANPSK" = "yes"
- then
- ENABLED_ECC=no
- fi
- if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes"
- then
- ENABLED_ECC="yes"
- fi
- if test "$ENABLED_ECC" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- if test "$ENABLED_ECC_SHAMIR" = "yes" && test "$ENABLED_LOWRESOURCE" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- if test "$ENABLED_ECC" = "nonblock"
- then
- AM_CFLAGS="$AM_CFLAGS -DWC_ECC_NONBLOCK"
- fi
- if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_FASTMATH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DALT_ECC_SIZE"
- fi
- ENABLED_CERTS=yes
- fi
- # ECC Custom Curves
- AC_ARG_ENABLE([ecccustcurves],
- [AS_HELP_STRING([--enable-ecccustcurves],[Enable ECC custom curves (default: disabled)])],
- [ ENABLED_ECCCUSTCURVES=$enableval ],
- [ ENABLED_ECCCUSTCURVES=no ]
- )
- if test "$ENABLED_ECCCUSTCURVES" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES"
- # For distro, all or ecccustcurves=all builds, enable all curve types
- if test "$ENABLED_DISTRO" = "yes" || test "$ENABLED_ALL" = "yes" || test "$ENABLED_ECCCUSTCURVES" = "all"
- then
- # Enable ECC SECPR2, SECPR3, BRAINPOOL and KOBLITZ curves
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
- # Enable ECC Cofactor support
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_CDH"
- # If fastmath enabled and on x86 use speedups
- if test "x$ENABLED_FASTMATH" = "xyes" && test "$host_cpu" = "x86_64"
- then
- AM_CFLAGS="$AM_CFLAGS -DTFM_ECC192 -DTFM_ECC224 -DTFM_ECC256 -DTFM_ECC384 -DTFM_ECC521"
- fi
- fi
- fi
- # ECC Minimum Key Size
- ENABLED_ECCMINSZ=224
- AC_ARG_WITH([eccminsz],
- [AS_HELP_STRING([--with-eccminsz=BITS],[Sets the ECC minimum key size (default: 224 bits)])],
- [
- ENABLED_ECCMINSZ=$withval
- AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=$withval"
- ]
- )
- # Compressed Key
- AC_ARG_ENABLE([compkey],
- [AS_HELP_STRING([--enable-compkey],[Enable compressed keys support (default: disabled)])],
- [ ENABLED_COMPKEY=$enableval ],
- [ ENABLED_COMPKEY=no ]
- )
- if test "$ENABLED_WPAS" = "yes"
- then
- ENABLED_COMPKEY=yes
- fi
- if test "$ENABLED_COMPKEY" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_COMP_KEY"
- fi
- # for using memory optimization setting on both curve25519 and ed25519
- ENABLED_CURVE25519_SMALL=no
- ENABLED_ED25519_SMALL=no
- # CURVE25519
- AC_ARG_ENABLE([curve25519],
- [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])],
- [ ENABLED_CURVE25519=$enableval ],
- [ ENABLED_CURVE25519=no ]
- )
- if test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno"
- then
- ENABLED_CURVE25519="yes"
- fi
- if test "$ENABLED_CURVE25519" != "no"
- then
- if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL"
- ENABLED_CURVE25519_SMALL=yes
- ENABLED_CURVE25519=yes
- fi
- if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT"
- ENABLED_CURVE25519=yes
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
- ENABLED_FEMATH=yes
- fi
- # ED25519
- AC_ARG_ENABLE([ed25519],
- [AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
- [ ENABLED_ED25519=$enableval ],
- [ ENABLED_ED25519=no ]
- )
- AC_ARG_ENABLE([ed25519-stream],
- [AS_HELP_STRING([--enable-ed25519-stream],[Enable wolfSSL ED25519 support with streaming verify APIs (default: disabled)])],
- [ ENABLED_ED25519_STREAM=$enableval ],
- [ ENABLED_ED25519_STREAM=no ]
- )
- if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
- test "$ENABLED_CHRONY" = "yes"
- then
- ENABLED_ED25519="yes"
- fi
- # for using memory optimization setting on both curve448 and ed448
- ENABLED_CURVE448_SMALL=no
- ENABLED_ED448_SMALL=no
- # CURVE448
- AC_ARG_ENABLE([curve448],
- [AS_HELP_STRING([--enable-curve448],[Enable Curve448 (default: disabled)])],
- [ ENABLED_CURVE448=$enableval ],
- [ ENABLED_CURVE448=no ]
- )
- if test "$ENABLED_CURVE448" != "no"
- then
- if test "$ENABLED_CURVE448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DCURVE448_SMALL"
- ENABLED_CURVE448_SMALL=yes
- ENABLED_CURVE448=yes
- fi
- if test "$ENABLED_CURVE448" = "no128bit" || test "$ENABLED_32BIT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_CURVED448_128BIT"
- ENABLED_CURVE448=yes
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE448"
- ENABLED_FE448=yes
- fi
- # ED448
- AC_ARG_ENABLE([ed448],
- [AS_HELP_STRING([--enable-ed448],[Enable ED448 (default: disabled)])],
- [ ENABLED_ED448=$enableval ],
- [ ENABLED_ED448=no ]
- )
- AC_ARG_ENABLE([ed448-stream],
- [AS_HELP_STRING([--enable-ed448-stream],[Enable wolfSSL ED448 support with streaming verify APIs (default: disabled)])],
- [ ENABLED_ED448_STREAM=$enableval ],
- [ ENABLED_ED448_STREAM=no ]
- )
- if test "$ENABLED_ED448" != "no" && test "$ENABLED_32BIT" = "no"
- then
- if test "$ENABLED_ED448" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DED448_SMALL"
- ENABLED_ED448_SMALL=yes
- ENABLED_CURVE448_SMALL=yes
- ENABLED_ED448=yes
- fi
- if test "$ENABLED_SHA512" = "no"
- then
- AC_MSG_ERROR([cannot enable ed448 without enabling sha512.])
- fi
- if test "$HAVE_FIPS_VERSION" = 2
- then
- AC_MSG_ERROR([cannot enable ed448 w/ dependency shake256 in FIPSv2 mode])
- fi
- ENABLED_FE448=yes
- ENABLED_GE448=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ED448"
- # EdDSA448 requires SHAKE256 which requires SHA-3
- ENABLED_SHA3=yes
- ENABLED_SHAKE256=yes
- ENABLED_CERTS=yes
- fi
- if test "$ENABLED_ED448_STREAM" != "no"
- then
- if test "$ENABLED_ED448" = "no"
- then
- AC_MSG_ERROR([ED448 verify streaming enabled but ED448 is disabled])
- else
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED448_STREAMING_VERIFY"
- fi
- fi
- # FP ECC, Fixed Point cache ECC
- AC_ARG_ENABLE([fpecc],
- [AS_HELP_STRING([--enable-fpecc],[Enable Fixed Point cache ECC (default: disabled)])],
- [ ENABLED_FPECC=$enableval ],
- [ ENABLED_FPECC=no ]
- )
- if test "$ENABLED_FPECC" = "yes"
- then
- if test "$ENABLED_ECC" = "no"
- then
- AC_MSG_ERROR([cannot enable fpecc without enabling ecc.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DFP_ECC"
- fi
- # ECC encrypt
- AC_ARG_ENABLE([eccencrypt],
- [AS_HELP_STRING([--enable-eccencrypt],[Enable ECC encrypt (default: disabled). yes = SEC1 standard, iso18033 = ISO 18033 standard, old = original wolfSSL algorithm])],
- [ ENABLED_ECC_ENCRYPT=$enableval ],
- [ ENABLED_ECC_ENCRYPT=no ]
- )
- if test "$ENABLED_ECC_ENCRYPT" != "no"
- then
- if test "$ENABLED_ECC" = "no"
- then
- AC_MSG_ERROR([cannot enable eccencrypt without enabling ecc.])
- fi
- if test "$ENABLED_HKDF" = "no"
- then
- AC_MSG_ERROR([cannot enable eccencrypt without enabling hkdf.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC_ENCRYPT"
- if test "$ENABLED_ECC_ENCRYPT" = "old"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_OLD"
- fi
- if test "$ENABLED_ECC_ENCRYPT" = "iso18033"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECIES_ISO18033"
- fi
- fi
- # Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI)
- AC_ARG_ENABLE([eccsi],
- [AS_HELP_STRING([--enable-eccsi],[Enable ECCSI (default: disabled)])],
- [ ENABLED_ECCSI=$enableval ],
- [ ENABLED_ECCSI=no ]
- )
- if test "x$ENABLED_ECCSI" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_ECCSI -DWOLFSSL_PUBLIC_MP"
- fi
- # Sakai-Kasahara Key Encryption (SAKKE) - pairing based crypto
- AC_ARG_ENABLE([sakke],
- [AS_HELP_STRING([--enable-sakke],[Enable SAKKE - paring based crypto (default: disabled)])],
- [ ENABLED_SAKKE=$enableval ],
- [ ENABLED_SAKKE=no ]
- )
- if test "x$ENABLED_SAKKE" = "xsmall"
- then
- ENABLED_SAKKE="yes"
- ENABLED_SAKKE_SMALL="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_SAKKE_SMALL"
- fi
- if test "x$ENABLED_SAKKE" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SAKKE"
- fi
- # PSK
- AC_ARG_ENABLE([psk],
- [AS_HELP_STRING([--enable-psk],[Enable PSK (default: disabled)])],
- [ ENABLED_PSK=$enableval ],
- [ ENABLED_PSK=no ]
- )
- # Single PSK identity
- AC_ARG_ENABLE([psk-one-id],
- [AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
- [ ENABLED_PSK_ONE_ID=$enableval ],
- [ ENABLED_PSK_ONE_ID=no ]
- )
- if test "$ENABLED_PSK_ONE_ID" = "yes"
- then
- if test "$ENABLED_PSK" = "no"
- then
- ENABLED_PSK="yes"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSK_ONE_ID"
- fi
- # ERROR STRINGS
- AC_ARG_ENABLE([errorstrings],
- [AS_HELP_STRING([--enable-errorstrings],[Enable error strings table (default: enabled)])],
- [ ENABLED_ERROR_STRINGS=$enableval ],
- [ ENABLED_ERROR_STRINGS=yes ]
- )
- if test "$ENABLED_ERROR_STRINGS" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
- else
- # turn off error strings if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_STRINGS"
- ENABLED_ERROR_STRINGS=no
- fi
- fi
- # ERROR QUEUE
- AC_ARG_ENABLE([errorqueue],
- [AS_HELP_STRING([--enable-errorqueue],[Disables adding nodes to error queue when compiled with OPENSSL_EXTRA (default: enabled)])],
- [ ENABLED_ERROR_QUEUE=$enableval ],
- [ ENABLED_ERROR_QUEUE=yes ]
- )
- # OLD TLS
- AC_ARG_ENABLE([oldtls],
- [AS_HELP_STRING([--enable-oldtls],[Enable old TLS versions < 1.2 (default: enabled)])],
- [ ENABLED_OLD_TLS=$enableval ],
- [ ENABLED_OLD_TLS=yes ]
- )
- if test "$ENABLED_OLD_TLS" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
- else
- # turn off old if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
- ENABLED_OLD_TLS=no
- fi
- fi
- # TLSv1.2
- AC_ARG_ENABLE([tlsv12],
- [AS_HELP_STRING([--enable-tlsv12],[Enable TLS versions 1.2 (default: enabled)])],
- [ ENABLED_TLSV12=$enableval ],
- [ ENABLED_TLSV12=yes ]
- )
- if test "$ENABLED_TLSV12" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_TLS12 -DNO_OLD_TLS"
- fi
- # TLSv1.0
- AC_ARG_ENABLE([tlsv10],
- [AS_HELP_STRING([--enable-tlsv10],[Enable old TLS versions 1.0 (default: disabled)])],
- [ ENABLED_TLSV10=$enableval ],
- [ ENABLED_TLSV10=no ]
- )
- if test "$ENABLED_TLSV10" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_TLSV10"
- fi
- # SSLv3
- AC_ARG_ENABLE([sslv3],
- [AS_HELP_STRING([--enable-sslv3],[Enable SSL version 3.0 (default: disabled)])],
- [ ENABLED_SSLV3=$enableval ],
- [ ENABLED_SSLV3=no]
- )
- if test "x$ENABLED_HAPROXY" = "xyes" && test "x$ENABLED_ALL" = "xno"
- then
- ENABLED_SSLV3="yes"
- fi
- if test "$ENABLED_SSLV3" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3"
- fi
- # STACK SIZE info for testwolfcrypt and examples
- AC_ARG_ENABLE([stacksize],
- [AS_HELP_STRING([--enable-stacksize],[Enable stack size info on examples (default: disabled)])],
- [ ENABLED_STACKSIZE=$enableval ],
- [ ENABLED_STACKSIZE=no ]
- )
- if test "$ENABLED_STACKSIZE" != "no"
- then
- AC_CHECK_FUNC([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
- AC_CHECK_DECL([posix_memalign], [], [AC_MSG_ERROR(stacksize needs posix_memalign)])
- AC_CHECK_FUNC([pthread_attr_setstack], [], AC_CHECK_LIB([pthread],[pthread_attr_setstack]))
- AC_CHECK_DECL([pthread_attr_setstack], [], [AC_MSG_ERROR(stacksize needs pthread_attr_setstack)], [[#include <pthread.h>]])
- AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE"
- fi
- if test "$ENABLED_STACKSIZE" = "verbose"
- then
- if test "$thread_ls_on" != "yes"
- then
- AC_MSG_ERROR(stacksize-verbose needs thread-local storage.)
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_STACK_SIZE_VERBOSE"
- fi
- # MEMORY
- AC_ARG_ENABLE([memory],
- [AS_HELP_STRING([--enable-memory],[Enable memory callbacks (default: enabled)])],
- [ ENABLED_MEMORY=$enableval ],
- [ ENABLED_MEMORY=yes ]
- )
- if test "$ENABLED_MEMORY" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_MEMORY"
- else
- # turn off memory cb if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- # but don't turn on NO_WOLFSSL_MEMORY because using own
- ENABLED_MEMORY=no
- fi
- fi
- # MEMORY SIZE info
- AC_ARG_ENABLE([trackmemory],
- [AS_HELP_STRING([--enable-trackmemory],[Enable memory use info on wolfCrypt and wolfSSL cleanup (default: disabled)])],
- [ ENABLED_TRACKMEMORY=$enableval ],
- [ ENABLED_TRACKMEMORY=no ]
- )
- if test "$ENABLED_TRACKMEMORY" != "no"
- then
- if test "$ENABLED_MEMORY" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY"
- else
- AC_MSG_ERROR([trackmemory requires using wolfSSL memory (--enable-memory).])
- fi
- if test "$ENABLED_TRACKMEMORY" = "verbose"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY_VERBOSE"
- fi
- fi
- # MEMORY usage logging
- AC_ARG_ENABLE([memorylog],
- [AS_HELP_STRING([--enable-memorylog],[Enable dynamic memory logging (default: disabled)])],
- [ ENABLED_MEMORYLOG=$enableval ],
- [ ENABLED_MEMORYLOG=no ]
- )
- if test "$ENABLED_MEMORYLOG" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MEMORY_LOG"
- fi
- # STACK usage logging
- AC_ARG_ENABLE([stacklog],
- [AS_HELP_STRING([--enable-stacklog],[Enable stack logging (default: disabled)])],
- [ ENABLED_STACKLOG=$enableval ],
- [ ENABLED_STACKLOG=no ]
- )
- if test "$ENABLED_STACKLOG" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STACK_LOG -finstrument-functions"
- fi
- ENABLED_WOLFSENTRY=no
- AC_ARG_WITH([wolfsentry],
- [AS_HELP_STRING([--with-wolfsentry=PATH],[PATH to directory with wolfSentry installation])],
- [WOLFSENTRY_INSTALLDIR=$withval],
- [WOLFSENTRY_INSTALLDIR=""])
- AC_ARG_WITH([wolfsentry-lib],
- [AS_HELP_STRING([--with-wolfsentry-lib=PATH],[PATH to directory with wolfSentry library])],
- [WOLFSENTRY_LIB=$withval],
- [WOLFSENTRY_LIB=""])
- AC_ARG_WITH([wolfsentry-include],
- [AS_HELP_STRING([--with-wolfsentry-include=PATH],[PATH to directory with wolfSentry header files])],
- [WOLFSENTRY_INCLUDE=$withval],
- [WOLFSENTRY_INCLUDE=""])
- if test -n "$WOLFSENTRY_INSTALLDIR" || test -n "$WOLFSENTRY_LIB" || test -n "$WOLFSENTRY_INCLUDE"
- then
- ENABLED_WOLFSENTRY=yes
- fi
- AC_ARG_ENABLE([wolfsentry],
- [AS_HELP_STRING([--enable-wolfsentry],[Enable wolfSentry hooks and plugins (default: disabled)])],
- [ ENABLED_WOLFSENTRY=$enableval ],
- [ ]
- )
- if test "$WOLFSENTRY_LIB" = "" && test -n "$WOLFSENTRY_INSTALLDIR"
- then
- WOLFSENTRY_LIB="${WOLFSENTRY_INSTALLDIR}/lib"
- fi
- if test "$WOLFSENTRY_INCLUDE" = "" && test -n "$WOLFSENTRY_INSTALLDIR"
- then
- WOLFSENTRY_INCLUDE="${WOLFSENTRY_INSTALLDIR}/include"
- fi
- if test -n "$WOLFSENTRY_LIB"
- then
- AC_MSG_CHECKING([for $WOLFSENTRY_LIB])
- if ! test -d "$WOLFSENTRY_LIB"
- then
- AC_MSG_ERROR([wolfSentry lib dir $WOLFSENTRY_LIB not found.])
- fi
- AC_MSG_RESULT([yes])
- WOLFSENTRY_LIB="-L$WOLFSENTRY_LIB"
- fi
- if test -n "$WOLFSENTRY_INCLUDE"
- then
- AC_MSG_CHECKING([for $WOLFSENTRY_INCLUDE])
- if ! test -d "$WOLFSENTRY_INCLUDE"
- then
- AC_MSG_ERROR([wolfSentry include dir $WOLFSENTRY_INCLUDE not found.])
- fi
- AC_MSG_RESULT([yes])
- WOLFSENTRY_INCLUDE="-I$WOLFSENTRY_INCLUDE"
- fi
- if test "$ENABLED_WOLFSENTRY" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS"
- WOLFSENTRY_LIB="$WOLFSENTRY_LIB -lwolfsentry"
- fi
- AC_SUBST([WOLFSENTRY_LIB])
- AC_SUBST([WOLFSENTRY_INCLUDE])
- if test "$ENABLED_QT" = "yes"
- then
- # Requires opensslextra and opensslall
- if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLALL="yes"
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL -DHAVE_EX_DATA"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QT -DSESSION_CERTS -DOPENSSL_NO_SSL2"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DHAVE_EX_DATA"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ"
- if test "x$ENABLED_ALL" = "xno"; then
- # Don't enable old SSL/TLS for --enable-all, which is used by distro
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3 -DWOLFSSL_ALLOW_TLSV10"
- fi
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- # Requires PSK make sure on
- if test "x$ENABLED_PSK" = "xno"
- then
- ENABLED_PSK="yes"
- fi
- # Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
- test "$enable_arc4" = "" && enable_arc4=yes
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- # requires oldnames disabled
- enable_oldnames=no
- fi
- AC_ARG_ENABLE([qt-test],
- [AS_HELP_STRING([--enable-qt-test],[Enable qt tests (default: disabled)])],
- [ ENABLED_QT_TEST=$enableval ],
- [ ENABLED_QT_TEST=no ]
- )
- if test "$ENABLED_QT_TEST" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3 -DWOLFSSL_STATIC_RSA"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_PSK"
- fi
- # RSA
- AC_ARG_ENABLE([rsa],
- [AS_HELP_STRING([--enable-rsa],[Enable RSA (default: enabled)])],
- [ ENABLED_RSA=$enableval ],
- [ ENABLED_RSA=yes ]
- )
- if test "$ENABLED_RSA" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
- else
- # turn off RSA if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RSA"
- ENABLED_RSA=no
- else
- ENABLED_CERTS=yes
- fi
- fi
- AC_ARG_ENABLE([oaep],
- [AS_HELP_STRING([--enable-oaep],[Enable RSA OAEP (default: enabled)])],
- [ ENABLED_OAEP=$enableval ],
- [ ENABLED_OAEP=yes ]
- )
- if test "$ENABLED_OAEP" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWC_NO_RSA_OAEP"
- fi
- AC_ARG_ENABLE([rsapub],
- [AS_HELP_STRING([--enable-rsapub],[Enable RSA Public Only (default: disabled)])],
- [ ENABLED_RSAPUB=$enableval ],
- [ ENABLED_RSAPUB=no ]
- )
- if test "$ENABLED_RSAPUB" = "yes"
- then
- if test "$ENABLED_RSA" = "no"
- then
- ENABLED_RSA="yes"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY"
- fi
- AC_ARG_ENABLE([rsavfy],
- [AS_HELP_STRING([--enable-rsavfy],[Enable RSA Verify Inline Only (default: disabled)])],
- [ ENABLED_RSAVFY=$enableval ],
- [ ENABLED_RSAVFY=no ]
- )
- if test "$ENABLED_RSAVFY" = "yes"
- then
- if test "$ENABLED_RSA" = "no"
- then
- ENABLED_RSA="yes"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_PUBLIC_ONLY -DWOLFSSL_RSA_VERIFY_ONLY"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSA_VERIFY_INLINE -DNO_SIG_WRAPPER"
- AM_CFLAGS="$AM_CFLAGS -DNO_CHECK_PRIVATE_KEY"
- fi
- # RSA-PSS
- AC_ARG_ENABLE([rsapss],
- [ --enable-rsapss Enable RSA-PSS (default: disabled)],
- [ ENABLED_RSAPSS=$enableval ],
- [ ENABLED_RSAPSS=no ]
- )
- if test "$ENABLED_RSA" = "no"
- then
- ENABLED_RSAPSS="no"
- else
- if test "$ENABLED_TLS13" = "yes"
- then
- ENABLED_RSAPSS="yes"
- fi
- fi
- if test "$ENABLED_RSAPSS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"
- fi
- # DH
- AC_ARG_ENABLE([dh],
- [AS_HELP_STRING([--enable-dh],[Enable DH (default: enabled)])],
- [ ENABLED_DH=$enableval ],
- [ ENABLED_DH=yes ]
- )
- if test "$ENABLED_OPENSSH" = "yes"
- then
- ENABLED_DH="yes"
- fi
- if test "$ENABLED_DH" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DH"
- else
- # turn off DH if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DH"
- ENABLED_DH=no
- fi
- fi
- if test "x$ENABLED_SNIFFER" = "xyes" && test "x$ENABLED_DH" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA"
- fi
- # Anonymous
- AC_ARG_ENABLE([anon],
- [AS_HELP_STRING([--enable-anon],[Enable Anonymous (default: disabled)])],
- [ ENABLED_ANON=$enableval ],
- [ ENABLED_ANON=no ]
- )
- if test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
- test "x$ENABLED_HAPROXY" = "xyes" || test "$ENABLED_RSYSLOG" = "yes"
- then
- ENABLED_ANON=yes
- fi
- if test "x$ENABLED_ANON" = "xyes"
- then
- if test "x$ENABLED_DH" != "xyes"
- then
- AC_MSG_ERROR([Anonymous suite requires DH.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ANON"
- fi
- # ASN
- # turn off asn, which means no certs, no rsa, no dsa, no ecc,
- # and no big int (unless dh is on)
- AC_ARG_ENABLE([asn],
- [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])],
- [ ENABLED_ASN=$enableval ],
- [ ENABLED_ASN=yes ]
- )
- if test "$ENABLED_ASN" = "template"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
- ENABLED_ASN=yes
- fi
- if test "$ENABLED_ASN" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
- enable_pwdbased=no
- if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no"
- then
- # DH and ECC need bigint
- AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
- fi
- else
- # turn off ASN if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT"
- ENABLED_ASN=no
- else
- if test "$ENABLED_ASN" = "nocrypt"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT"
- enable_pwdbased=no
- fi
- fi
- fi
- if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && test "$ENABLED_ASN" = "no"
- then
- AC_MSG_ERROR([please disable rsa if disabling asn.])
- fi
- if test "$ENABLED_DSA" = "yes" && test "$ENABLED_ASN" = "no"
- then
- AC_MSG_ERROR([please disable dsa if disabling asn.])
- fi
- # DH and ECC need bigint
- if test "$ENABLED_ASN" = "no" && test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
- then
- ENABLED_FASTMATH=no
- ENABLED_SLOWMATH=no
- fi
- # AES
- AC_ARG_ENABLE([aes],
- [AS_HELP_STRING([--enable-aes],[Enable AES (default: enabled)])],
- [ ENABLED_AES=$enableval ],
- [ ENABLED_AES=yes ]
- )
- if test "$ENABLED_AES" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_AES"
- if test "$ENABLED_FORTRESS" = "yes"
- then
- AC_MSG_ERROR([fortress requires aes])
- fi
- if test "$ENABLED_ECC_ENCRYPT" = "yes"
- then
- AC_MSG_ERROR([cannot enable eccencrypt and hkdf without aes.])
- fi
- if test "$ENABLED_AESGCM" = "yes"
- then
- AC_MSG_ERROR([AESGCM requires AES.])
- fi
- if test "$ENABLED_AESCCM" = "yes"
- then
- AC_MSG_ERROR([AESCCM requires AES.])
- fi
- if test "$ENABLED_AESCTR" = "yes"
- then
- AC_MSG_ERROR([AESCTR requires AES.])
- fi
- else
- # turn off AES if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_AES"
- ENABLED_AES=no
- fi
- fi
- # DTLSv1.3
- AC_ARG_ENABLE([dtls13],
- [AS_HELP_STRING([--enable-dtls13],[Enable wolfSSL DTLS v1.3 (default: disabled)])],
- [ ENABLED_DTLS13=$enableval ],
- [ ENABLED_DTLS13=no ]
- )
- if test "x$ENABLED_DTLS13" = "xyes"
- then
- if test "x$ENABLED_DTLS" != "xyes" || test "x$ENABLED_TLS13" != "xyes"
- then
- AC_MSG_ERROR([You need to enable both DTLS and TLSv1.3 to use DTLSv1.3])
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS13 -DWOLFSSL_W64_WRAPPER"
- if test "x$ENABLED_AES" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
- fi
- fi
- # CODING
- AC_ARG_ENABLE([coding],
- [AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])],
- [ ENABLED_CODING=$enableval ],
- [ ENABLED_CODING=yes ]
- )
- if test "$ENABLED_CODING" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
- else
- # turn off CODING if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_CODING"
- ENABLED_CODING=no
- fi
- fi
- # Base64 Encode
- BASE64ENCODE_DEFAULT=no
- if test "$host_cpu" = "x86_64"
- then
- BASE64ENCODE_DEFAULT=yes
- fi
- AC_ARG_ENABLE([base64encode],
- [AS_HELP_STRING([--enable-base64encode],[Enable Base64 encoding (default: enabled on x86_64)])],
- [ ENABLED_BASE64ENCODE=$enableval ],
- [ ENABLED_BASE64ENCODE=$BASE64ENCODE_DEFAULT ]
- )
- if test "$ENABLED_BASE64ENCODE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE64_ENCODE"
- fi
- # Base16
- AC_ARG_ENABLE([base16],
- [AS_HELP_STRING([--enable-base16],[Enable Base16 encoding/decoding (default: disabled)])],
- [ ENABLED_BASE16=$enableval ],
- [ ENABLED_BASE16=no ]
- )
- if test "$ENABLED_CAAM" = "qnx"
- then
- ENABLED_BASE16=yes
- fi
- if test "$ENABLED_BASE16" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BASE16"
- fi
- # DES3
- AC_ARG_ENABLE([des3],
- [AS_HELP_STRING([--enable-des3],[Enable DES3 (default: disabled)])],
- [ ENABLED_DES3=$enableval ],
- [ ENABLED_DES3=no ]
- )
- # Enable 3DES with OpenSSH and FIPS 140-2 but not 140-3
- if (test "$ENABLED_OPENSSH" = "yes" && \
- (test "x$ENABLED_FIPS" = "xno" || test "$HAVE_FIPS_VERSION" -le 2)) || \
- test "$ENABLED_QT" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
- test "x$ENABLED_WPAS" != "xno" || test "$ENABLED_NETSNMP" = "yes" || \
- test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_KRB" = "yes" || \
- test "$ENABLED_WOLFENGINE" = "yes" || test "$ENABLED_STRONGSWAN" = "yes"
- then
- ENABLED_DES3="yes"
- fi
- # ARC4
- if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
- test "$ENABLED_WPAS" = "yes" || test "$ENABLED_KRB" = "yes"
- then
- # Requires RC4 make sure on (if not forcefully disabled with --disable-arc4)
- test "$enable_arc4" = "" && enable_arc4=yes
- fi
- AC_ARG_ENABLE([arc4],
- [AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])],
- [ ENABLED_ARC4=$enableval ],
- [ ENABLED_ARC4=no ]
- )
- # MD5
- AC_ARG_ENABLE([md5],
- [AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])],
- [ ENABLED_MD5=$enableval ],
- [ ENABLED_MD5=yes ]
- )
- # SHA
- AC_ARG_ENABLE([sha],
- [AS_HELP_STRING([--enable-sha],[Enable SHA (default: enabled)])],
- [ ENABLED_SHA=$enableval ],
- [ ENABLED_SHA=yes ]
- )
- if test "$ENABLED_SHA" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
- else
- # turn off SHA if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_SHA -DNO_OLD_TLS"
- ENABLED_SHA=no
- fi
- fi
- # SipHash
- AC_ARG_ENABLE([siphash],
- [AS_HELP_STRING([--enable-siphash],[Enable SipHash (default: disabled)])],
- [ ENABLED_SIPHASH=$enableval ],
- [ ENABLED_SIPHASH=no ]
- )
- AS_IF([test "x$ENABLED_SIPHASH" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIPHASH"])
- # CMAC
- AC_ARG_ENABLE([cmac],
- [AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
- [ ENABLED_CMAC=$enableval ],
- [ ENABLED_CMAC=no ]
- )
- if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_AESSIV" = "yes" || test "$ENABLED_WOLFENGINE" = "yes"
- then
- ENABLED_CMAC=yes
- fi
- AS_IF([test "x$ENABLED_CMAC" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
- # AES-XTS
- AC_ARG_ENABLE([xts],
- [AS_HELP_STRING([--enable-xts],[Enable XTS (default: disabled)])],
- [ ENABLED_XTS=$enableval ],
- [ ENABLED_XTS=no ]
- )
- AS_IF([test "x$ENABLED_XTS" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"])
- # Web Server Build
- AC_ARG_ENABLE([webserver],
- [AS_HELP_STRING([--enable-webserver],[Enable Web Server (default: disabled)])],
- [ ENABLED_WEBSERVER=$enableval ],
- [ ENABLED_WEBSERVER=no ]
- )
- if test "$ENABLED_WEBSERVER" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_WEBSERVER"
- fi
- # Web Client Build (HTTP Client)
- AC_ARG_ENABLE([webclient],
- [AS_HELP_STRING([--enable-webclient],[Enable Web Client (HTTP) (default: disabled)])],
- [ ENABLED_WEBCLIENT=$enableval ],
- [ ENABLED_WEBCLIENT=no ]
- )
- if test "$ENABLED_WEBCLIENT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HTTP_CLIENT"
- fi
- # RC2
- AC_ARG_ENABLE([rc2],
- [AS_HELP_STRING([--enable-rc2],[Enable RC2 encryption (default: disabled)])],
- [ ENABLED_RC2=$enableval ],
- [ ENABLED_RC2=no ]
- )
- if test "$ENABLED_RC2" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWC_RC2"
- fi
- # FIPS feature and macro setup
- AS_CASE([$FIPS_VERSION],
- [v5*], [ # FIPS 140-3
- AM_CFLAGS="$AM_CFLAGS \
- -DHAVE_FIPS \
- -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
- -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
- -DHAVE_ECC_CDH \
- -DWC_RSA_NO_PADDING \
- -DECC_USER_CURVES \
- -DHAVE_ECC384 \
- -DHAVE_ECC521 \
- -DWOLFSSL_VALIDATE_FFC_IMPORT \
- -DHAVE_FFDHE_Q \
- -DHAVE_FFDHE_3072 \
- -DHAVE_FFDHE_4096 \
- -DHAVE_FFDHE_6144 \
- -DHAVE_FFDHE_8192"
- # KCAPI API does not support custom k for sign, don't force enable ECC key sizes and do not use seed callback
- AS_IF([test "x$ENABLED_KCAPI_ECC" = "xno"],
- [AM_CFLAGS="$AM_CFLAGS \
- -DWC_RNG_SEED_CB \
- -DWOLFSSL_ECDSA_SET_K \
- -DWOLFSSL_VALIDATE_ECC_IMPORT \
- -DWOLFSSL_VALIDATE_ECC_KEYGEN \
- -DHAVE_ECC192 \
- -DHAVE_ECC224 \
- -DHAVE_ECC256"])
- DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
- # force various features to FIPS 140-3 defaults, unless overridden with v5-dev:
- AS_IF([test "$ENABLED_KEYGEN" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_keygen" != "no")],
- [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
- AS_IF([test "$ENABLED_SHA224" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha224" != "no")],
- [ENABLED_SHA224="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224"])
- AS_IF([test "$ENABLED_WOLFSSH" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ssh" != "no")],
- [enable_ssh="yes"])
- # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
- AS_IF([test "$ENABLED_SHAKE256" != "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_shake256" != "yes")],
- [ENABLED_SHAKE256=no; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"])
- # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
- AS_IF([test "$ENABLED_AESCCM" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesccm" != "no")],
- [ENABLED_AESCCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
- AS_IF([test "$ENABLED_RSAPSS" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_rsapss" != "no")],
- [ENABLED_RSAPSS="yes"; AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
- AS_IF([test "$ENABLED_ECC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_ecc" != "no")],
- [ENABLED_ECC="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- AS_IF([test "$ENABLED_ECC_SHAMIR" = "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_eccshamir" != "no")],
- [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])])
- AS_IF([test "$ENABLED_AESCTR" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesctr" != "no")],
- [ENABLED_AESCTR="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
- AS_IF([test "$ENABLED_CMAC" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_cmac" != "no")],
- [ENABLED_CMAC="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
- AS_IF([test "$ENABLED_HKDF" != "yes" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_hkdf" != "no")],
- [ENABLED_HKDF="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
- AS_IF([test "$ENABLED_INTELASM" = "yes"],
- [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
- AS_IF([test "$ENABLED_SHA512" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_sha512" != "no")],
- [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
- AS_IF([test "$ENABLED_AESGCM" = "no" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesgcm" != "no")],
- [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
- # Old TLS requires MD5 + HMAC, which is not allowed under FIPS 140-3
- AS_IF([test "$ENABLED_OLD_TLS" != "no"],
- [ENABLED_OLD_TLS="no"; AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"])
- AS_IF([test $HAVE_FIPS_VERSION_MINOR -ge 2],
- [AS_IF([test "x$ENABLED_AESOFB" = "xno" && (test "$FIPS_VERSION" != "v5-dev" || test "$enable_aesofb" != "no")],
- [ENABLED_AESOFB="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_OFB"])])
- AS_IF([(test "$ENABLED_AESCCM" = "yes" && test "$HAVE_AESCCM_PORT" != "yes") ||
- (test "$ENABLED_AESCTR" = "yes" && test "$HAVE_AESCTR_PORT" != "yes") ||
- (test "$ENABLED_AESGCM" = "yes" && test "$HAVE_AESGCM_PORT" != "yes") ||
- (test "$ENABLED_AESOFB" = "yes" && test "$HAVE_AESOFB_PORT" != "yes")],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB"])
- ],
- [v2],[ # FIPS 140-2, Cert 3389
- AM_CFLAGS="$AM_CFLAGS \
- -DHAVE_FIPS \
- -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION \
- -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR \
- -DWOLFSSL_KEY_GEN \
- -DWOLFSSL_SHA224 \
- -DWOLFSSL_AES_DIRECT \
- -DHAVE_AES_ECB \
- -DHAVE_ECC_CDH \
- -DWC_RSA_NO_PADDING \
- -DWOLFSSL_VALIDATE_FFC_IMPORT \
- -DHAVE_FFDHE_Q \
- -DHAVE_PUBLIC_FFDHE"
- ENABLED_KEYGEN="yes"
- ENABLED_SHA224="yes"
- ENABLED_DES3="yes"
- # Shake256 is a SHA-3 algorithm not in our FIPS algorithm list
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SHAKE256"
- ENABLED_SHAKE256=no
- # SHA512-224 and SHA512-256 are SHA-2 algorithms not in our FIPS algorithm list
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256"
- AS_IF([test "x$ENABLED_AESCCM" != "xyes"],
- [ENABLED_AESCCM="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AESCCM"])
- AS_IF([test "x$ENABLED_RSAPSS" != "xyes"],
- [ENABLED_RSAPSS="yes"
- AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS"])
- AS_IF([test "x$ENABLED_ECC" != "xyes"],
- [ENABLED_ECC="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT"
- AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"])
- AS_IF([test "x$ENABLED_AESCTR" != "xyes"],
- [ENABLED_AESCTR="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"])
- AS_IF([test "x$ENABLED_CMAC" != "xyes"],
- [ENABLED_CMAC="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC"])
- AS_IF([test "x$ENABLED_HKDF" != "xyes"],
- [ENABLED_HKDF="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF"])
- AS_IF([test "x$ENABLED_INTELASM" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DFORCE_FAILURE_RDSEED"])
- AS_IF([test "x$ENABLED_SHA512" = "xno"],
- [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
- AS_IF([test "x$ENABLED_AESGCM" = "xno"],
- [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
- ],
- ["rand"],[
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_FIPS_RAND -DHAVE_FIPS -DHAVE_FIPS_VERSION=$HAVE_FIPS_VERSION -DHAVE_FIPS_VERSION_MINOR=$HAVE_FIPS_VERSION_MINOR"
- ],
- ["v1"],[ # FIPS 140-2, Cert 2425
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
- AS_IF([test "x$ENABLED_SHA512" = "xno"],
- [ENABLED_SHA512="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"])
- AS_IF([test "x$ENABLED_AESGCM" = "xno"],
- [ENABLED_AESGCM="yes"; AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"])
- AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])
- ])
- AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$thread_ls_on" = "xno"],
- [AC_MSG_ERROR([FIPS requires Thread Local Storage])])
- # SELFTEST
- AC_ARG_ENABLE([selftest],
- [AS_HELP_STRING([--enable-selftest],[Enable selftest, Will NOT work w/o CAVP selftest license (default: disabled)])],
- [ ENABLED_SELFTEST=$enableval ],
- [ ENABLED_SELFTEST="no" ]
- )
- AS_CASE([$ENABLED_SELFTEST],
- ["v2"],[
- # selftest v2 (wolfCrypt 4.1.0)
- ENABLED_SELFTEST="yes"
- SELFTEST_VERSION="v2"
- ],
- ["no"],[SELFTEST_VERSION="none"],
- [
- # selftest v1 (wolfCrypt 3.14.2)
- ENABLED_SELFTEST="yes"
- SELFTEST_VERSION="v1"
- ])
- AS_CASE([$SELFTEST_VERSION],
- ["v2"],[
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_SELFTEST_VERSION=2 -DHAVE_PUBLIC_FFDHE"
- ],
- ["v1"],[
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE"
- ])
- # Set SHA-3 and SHAKE256 flags
- if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
- fi
- AS_IF([test "x$ENABLED_FIPS" = "xyes"],[ENABLED_SHAKE256="no"])
- if test "$ENABLED_SHAKE256" = "yes" || test "$ENABLED_SHAKE256" = "small"
- then
- if test "$ENABLED_32BIT" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHAKE256"
- if test "$ENABLED_SHA3" = "no"
- then
- AC_MSG_ERROR([Must have SHA-3 enabled: --enable-sha3])
- fi
- fi
- fi
- # set POLY1305 default
- POLY1305_DEFAULT=yes
- if test "x$ENABLED_FIPS" = "xyes"
- then
- POLY1305_DEFAULT=no
- fi
- # POLY1305
- AC_ARG_ENABLE([poly1305],
- [AS_HELP_STRING([--enable-poly1305],[Enable wolfSSL POLY1305 support (default: enabled)])],
- [ ENABLED_POLY1305=$enableval ],
- [ ENABLED_POLY1305=$POLY1305_DEFAULT]
- )
- # leanpsk and leantls don't need poly1305
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- ENABLED_POLY1305=no
- fi
- if test "$ENABLED_POLY1305" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305"
- fi
- # set CHACHA default
- CHACHA_DEFAULT=yes
- if test "x$ENABLED_FIPS" = "xyes"
- then
- CHACHA_DEFAULT=no
- fi
- # CHACHA
- AC_ARG_ENABLE([chacha],
- [AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
- [ ENABLED_CHACHA=$enableval ],
- [ ENABLED_CHACHA=$CHACHA_DEFAULT]
- )
- # leanpsk and leantls don't need chacha
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- ENABLED_CHACHA=no
- fi
- if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
- fi
- if test "$ENABLED_CHACHA" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
- fi
- # XCHACHA
- AC_ARG_ENABLE([xchacha],
- [AS_HELP_STRING([--enable-xchacha],[Enable XCHACHA (default: disabled).])],
- [ ENABLED_XCHACHA=$enableval ],
- [ ENABLED_XCHACHA=no]
- )
- if test "$ENABLED_XCHACHA" = "yes"
- then
- if test "$ENABLED_CHACHA" = "no"
- then
- AC_MSG_ERROR([XChaCha (--enable-xchacha) depends on ChaCha (--enable-chacha)])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_XCHACHA"
- fi
- # Hash DRBG
- AC_ARG_ENABLE([hashdrbg],
- [AS_HELP_STRING([--enable-hashdrbg],[Enable Hash DRBG support (default: enabled)])],
- [ ENABLED_HASHDRBG=$enableval ],
- [ ENABLED_HASHDRBG=yes ]
- )
- if test "x$ENABLED_HASHDRBG" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
- else
- # turn on Hash DRBG if FIPS is on (don't force on for KCAPI)
- if test "x$ENABLED_FIPS" = "xyes" && test "x$ENABLED_KCAPI" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_HASHDRBG"
- ENABLED_HASHDRBG=yes
- else
- AM_CFLAGS="$AM_CFLAGS -DWC_NO_HASHDRBG"
- fi
- fi
- # Filesystem Build
- if test "$ENABLED_LINUXKM" = "yes"
- then
- ENABLED_FILESYSTEM_DEFAULT=no
- else
- ENABLED_FILESYSTEM_DEFAULT=yes
- fi
- AC_ARG_ENABLE([filesystem],
- [AS_HELP_STRING([--enable-filesystem],[Enable Filesystem support (default: enabled)])],
- [ ENABLED_FILESYSTEM=$enableval ],
- [ ENABLED_FILESYSTEM=$ENABLED_FILESYSTEM_DEFAULT ]
- )
- if test "$ENABLED_FILESYSTEM" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
- else
- # turn off filesystem if leanpsk on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LINUXKM" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
- ENABLED_FILESYSTEM=no
- fi
- fi
- # inline Build
- AC_ARG_ENABLE([inline],
- [AS_HELP_STRING([--enable-inline],[Enable inline functions (default: enabled)])],
- [ ENABLED_INLINE=$enableval ],
- [ ENABLED_INLINE=yes ]
- )
- if test "$ENABLED_INLINE" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_INLINE"
- fi
- # OCSP
- if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
- then
- test "$enable_ocsp" = "" && enable_ocsp=yes
- fi
- AC_ARG_ENABLE([ocsp],
- [AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])],
- [ ENABLED_OCSP=$enableval ],
- [ ENABLED_OCSP=no ]
- )
- if test "$ENABLED_OCSP" = "yes"
- then
- # check openssl command tool for testing ocsp
- AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no])
- if test "$HAVE_OPENSSL_CMD" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD"
- else
- AC_MSG_WARN([openssl command line tool not available for testing ocsp])
- fi
- fi
- # Certificate Status Request : a.k.a. OCSP Stapling
- AC_ARG_ENABLE([ocspstapling],
- [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
- )
- if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
- then
- ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
- fi
- if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- fi
- # Certificate Status Request v2 : a.k.a. OCSP stapling v2
- AC_ARG_ENABLE([ocspstapling2],
- [AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=$enableval ],
- [ ENABLED_CERTIFICATE_STATUS_REQUEST_V2=no ]
- )
- if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
- then
- ENABLED_CERTIFICATE_STATUS_REQUEST_V2=yes
- fi
- if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- fi
- # CRL
- AC_ARG_ENABLE([crl],
- [AS_HELP_STRING([--enable-crl],[Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)])],
- [ ENABLED_CRL=$enableval ],
- [ ENABLED_CRL=no ]
- )
- if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
- test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
- test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes"
- then
- ENABLED_CRL=yes
- fi
- if test "$ENABLED_CRL" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- fi
- if test "$ENABLED_CRL" = "io"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO"
- fi
- # CRL Monitor
- AC_ARG_ENABLE([crl-monitor],
- [AS_HELP_STRING([--enable-crl-monitor],[Enable CRL Monitor (default: disabled)])],
- [ ENABLED_CRL_MONITOR=$enableval ],
- [ ENABLED_CRL_MONITOR=no ]
- )
- if test "$ENABLED_CRL_MONITOR" = "yes"
- then
- case $host_os in
- *linux* | *darwin* | *freebsd*)
- if test "x$ENABLED_SINGLETHREADED" = "xno"; then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
- else
- ENABLED_CRL_MONITOR="no"
- AC_MSG_ERROR([crl monitor requires threading / pthread])
- fi
- ;;
- *)
- if test "x$ENABLED_DISTRO" = "xyes" ; then
- ENABLED_CRL_MONITOR="no"
- else
- AC_MSG_ERROR( [crl monitor only allowed on linux, OS X, or freebsd])
- fi
- break;;
- esac
- fi
- # USER CRYPTO
- ENABLED_USER_CRYPTO="no"
- ENABLED_USER_RSA="no"
- AC_DEFINE([BUILD_USER_RSA], [], [User RSA is being defined])
- trycryptodir=""
- AC_ARG_WITH([user-crypto],
- [AS_HELP_STRING([--with-user-crypto=PATH],[Path to USER_CRYPTO install (default /usr/local)])],
- [
- CPPFLAGS="$CPPFLAGS -DHAVE_USER_CRYPTO"
- LIBS="$LIBS -lusercrypto"
- if test "x$withval" != "xno" ; then
- trycryptodir=$withval
- fi
- if test "x$withval" = "xyes" ; then
- trycryptodir="/usr/local"
- fi
- LDFLAGS="$LDFLAGS -L$trycryptodir/lib"
- CPPFLAGS="$CPPFLAGS -I$trycryptodir/include"
- #Look for RSA Init function in usercrypto lib
- AC_CHECK_LIB([usercrypto], [wc_InitRsaKey], [user_rsa_linked=yes], [user_rsa_linked=no])
- if test "x$user_rsa_linked" = "xyes" ; then
- AC_MSG_NOTICE([User user_rsa.h being used])
- AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_RSA"
- ENABLED_USER_RSA=yes
- ENABLED_USER_CRYPTO=yes
- fi
- #Display check and find result of link attempts
- AC_MSG_CHECKING([for USER_CRYPTO])
- if test "x$ENABLED_USER_CRYPTO" = "xno" ; then
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([USER_CRYPTO not found. Either move to /usr/include and /usr/lib or
- Specify its path using --with-user-crypto=/dir/])
- else
- AC_MSG_RESULT([yes])
- # Check if .la is available if not then rely on exported path
- if test -e $trycryptodir/lib/libusercrypto.la
- then
- LIB_ADD="$trycryptodir/lib/libusercrypto.la $LIB_ADD"
- else
- LIB_ADD="-lusercrypto $LIB_ADD"
- fi
- AM_LDFLAGS="$AM_LDFLAGS -L$trycryptodir/lib"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_USER_CRYPTO"
- fi
- ]
- )
- if test "$ENABLED_USER_CRYPTO" = "yes" && test "$ENABLED_FIPS" = "yes"
- then
- AC_MSG_ERROR([cannot enable user crypto and fips, user crypto posibility of using code in fips boundary.])
- fi
- # liboqs
- ENABLED_LIBOQS="no"
- tryliboqsdir=""
- AC_ARG_WITH([liboqs],
- [AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) EXPERIMENTAL!])],
- [
- AC_MSG_CHECKING([for liboqs])
- CPPFLAGS="$CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS"
- LIBS="$LIBS -loqs"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
- if test "x$liboqs_linked" = "xno" ; then
- if test "x$withval" != "xno" ; then
- tryliboqsdir=$withval
- fi
- if test "x$withval" = "xyes" ; then
- tryliboqsdir="/usr/local"
- fi
- LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
- CPPFLAGS="$CPPFLAGS -I$tryliboqsdir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
- if test "x$liboqs_linked" = "xno" ; then
- AC_MSG_ERROR([liboqs isn't found.
- If it's already installed, specify its path using --with-liboqs=/dir/])
- fi
- AC_MSG_RESULT([yes])
- AM_LDFLAGS="$AM_LDFLAGS -L$tryliboqsdir/lib"
- else
- AC_MSG_RESULT([yes])
- fi
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS"
- ENABLED_LIBOQS="yes"
- ]
- )
- # Whitewood netRandom client library
- ENABLED_WNR="no"
- trywnrdir=""
- AC_ARG_WITH([wnr],
- [AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
- [
- AC_MSG_CHECKING([for Whitewood netRandom])
- CPPFLAGS="$CPPFLAGS -DHAVE_WNR"
- LIBS="$LIBS -lwnr"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
- if test "x$wnr_linked" = "xno" ; then
- if test "x$withval" != "xno" ; then
- trywnrdir=$withval
- fi
- if test "x$withval" = "xyes" ; then
- trywnrdir="/usr/local"
- fi
- LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
- CPPFLAGS="$CPPFLAGS -I$trywnrdir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
- if test "x$wnr_linked" = "xno" ; then
- AC_MSG_ERROR([Whitewood netRandom isn't found.
- If it's already installed, specify its path using --with-wnr=/dir/])
- fi
- AC_MSG_RESULT([yes])
- AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
- else
- AC_MSG_RESULT([yes])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_WNR"
- ENABLED_WNR="yes"
- ]
- )
- # SNI
- AC_ARG_ENABLE([sni],
- [AS_HELP_STRING([--enable-sni],[Enable SNI (default: disabled)])],
- [ ENABLED_SNI=$enableval ],
- [ ENABLED_SNI=no ]
- )
- if test "x$ENABLED_QT" = "xyes"
- then
- ENABLED_SNI="yes"
- fi
- if test "x$ENABLED_SNI" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
- fi
- # Maximum Fragment Length
- AC_ARG_ENABLE([maxfragment],
- [AS_HELP_STRING([--enable-maxfragment],[Enable Maximum Fragment Length (default: disabled)])],
- [ ENABLED_MAX_FRAGMENT=$enableval ],
- [ ENABLED_MAX_FRAGMENT=no ]
- )
- # ALPN
- AC_ARG_ENABLE([alpn],
- [AS_HELP_STRING([--enable-alpn],[Enable ALPN (default: disabled)])],
- [ ENABLED_ALPN=$enableval ],
- [ ENABLED_ALPN=no ]
- )
- if test "$ENABLED_BIND" = "yes"
- then
- ENABLED_ALPN=yes
- fi
- if test "x$ENABLED_ALPN" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
- fi
- # Maximum Fragment Length
- if test "x$ENABLED_MAX_FRAGMENT" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_MAX_FRAGMENT"
- fi
- # Trusted CA Indication Extension
- AC_ARG_ENABLE([trustedca],
- [AS_HELP_STRING([--enable-trustedca],[Enable Trusted CA Indication (default: disabled)])],
- [ ENABLED_TRUSTED_CA=$enableval ],[ ENABLED_TRUSTED_CA=no ])
- AS_IF([test "x$ENABLED_TRUSTED_CA" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUSTED_CA"])
- # Truncated HMAC
- AC_ARG_ENABLE([truncatedhmac],
- [AS_HELP_STRING([--enable-truncatedhmac],[Enable Truncated HMAC (default: disabled)])],
- [ ENABLED_TRUNCATED_HMAC=$enableval ],
- [ ENABLED_TRUNCATED_HMAC=no ]
- )
- if test "x$ENABLED_TRUNCATED_HMAC" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
- fi
- # Renegotiation Indication - (FAKE Secure Renegotiation)
- # Client will send TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not supported
- # with enabling secure renegotiation
- AC_ARG_ENABLE([renegotiation-indication],
- [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication for client via empty cipher (default: disabled)])],
- [ ENABLED_RENEGOTIATION_INDICATION=$enableval ],
- [ ENABLED_RENEGOTIATION_INDICATION=no ]
- )
- if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_RENEGOTIATION_INDICATION"
- fi
- # Secure Renegotiation
- AC_ARG_ENABLE([secure-renegotiation],
- [AS_HELP_STRING([--enable-secure-renegotiation],[Enable Secure Renegotiation (default: disabled)])],
- [ ENABLED_SECURE_RENEGOTIATION=$enableval ],
- [ ENABLED_SECURE_RENEGOTIATION=no ]
- )
- if test "x$ENABLED_HAPROXY" = "xyes"
- then
- ENABLED_SECURE_RENEGOTIATION=yes
- fi
- if test "x$ENABLED_SECURE_RENEGOTIATION" = "xyes"
- then
- if test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"
- then
- AC_MSG_ERROR([cannot enable renegotiation-indication and secure-renegotiation.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
- fi
- # Secure Renegotiation Info
- AC_ARG_ENABLE([secure-renegotiation-info],
- [AS_HELP_STRING([--enable-secure-renegotiation-info],[Enable Secure Renegotiation info extension (default: enabled)])],
- [ ENABLED_SECURE_RENEGOTIATION_INFO=$enableval ],
- [ ENABLED_SECURE_RENEGOTIATION_INFO=yes ]
- )
- # Fallback SCSV
- AC_ARG_ENABLE([fallback-scsv],
- [AS_HELP_STRING([--enable-fallback-scsv],[Enable Fallback SCSV (default: disabled)])],
- [ ENABLED_FALLBACK_SCSV=$enableval ],
- [ ENABLED_FALLBACK_SCSV=no ]
- )
- if test "x$ENABLED_FALLBACK_SCSV" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FALLBACK_SCSV"
- fi
- # Exporting Keying Material
- AC_ARG_ENABLE([keying-material],
- [AS_HELP_STRING([--enable-keying-material],[Enable Keying Material Exporters (default: disabled)])],
- [ ENABLED_KEYING_MATERIAL=$enableval ],
- [ ENABLED_KEYING_MATERIAL=no ]
- )
- if test "$ENABLED_CHRONY" = "yes"
- then
- ENABLED_KEYING_MATERIAL=yes
- fi
- if test "x$ENABLED_KEYING_MATERIAL" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL"
- fi
- # Supported Elliptic Curves Extensions
- AC_ARG_ENABLE([supportedcurves],
- [AS_HELP_STRING([--enable-supportedcurves],[Enable Supported Elliptic Curves (default: enabled)])],
- [ENABLED_SUPPORTED_CURVES=$enableval],
- [ENABLED_SUPPORTED_CURVES=yes])
- if test "x$ENABLED_SUPPORTED_CURVES" = "xyes"
- then
- AS_IF([test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno"],
- [ENABLED_SUPPORTED_CURVES=no],
- [AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES"])
- fi
- # Diffie-Hellman
- if test "$ENABLED_DH" = "yes"
- then
- if test "$ENABLED_TLS13" = "yes" || test "$ENABLED_SUPPORTED_CURVES" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048"
- fi
- fi
- # FFDHE parameters only
- AC_ARG_ENABLE([ffdhe-only],
- [AS_HELP_STRING([--enable-ffdhe-only],[Enable using only FFDHE in client (default: disabled)])],
- [ ENABLED_FFDHE_ONLY=$enableval ],
- [ ENABLED_FFDHE_ONLY=no ]
- )
- if test "x$ENABLED_FFDHE_ONLY" = "xyes"
- then
- if test "$ENABLED_DH" = "no"
- then
- AC_MSG_ERROR([FFDHE only support requires DH support])
- fi
- if test "$ENABLED_SUPPORTED_CURVES" = "no"
- then
- AC_MSG_ERROR([FFDHE only support requires Supported Curves extension])
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
- fi
- # TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448 or libOQS
- if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ECC" = "xno" && \
- (test "x$ENABLED_RSA" = "xno" || test "x$ENABLED_DH" = "xno") && \
- (test "x$ENABLED_CURVE25519" = "xno" || test "x$ENABLED_ED25519" = "xno") && \
- (test "x$ENABLED_CURVE448" = "xno" || test "x$ENABLED_ED448" = "xno") && \
- test "x$ENABLED_LIBOQS" = "xno"
- then
- # disable TLS 1.3
- ENABLED_TLS13=no
- fi
- if test "$ENABLED_TLS13" = "yes" && (test "x$ENABLED_ECC" = "xyes" || \
- test "x$ENABLED_DH" = "xyes")
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"
- fi
- if test "$ENABLED_TLS13" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS"
- fi
- # Session Ticket Extension
- AC_ARG_ENABLE([session-ticket],
- [AS_HELP_STRING([--enable-session-ticket],[Enable Session Ticket (default: disabled)])],
- [ ENABLED_SESSION_TICKET=$enableval ],
- [ ENABLED_SESSION_TICKET=no ]
- )
- if test "x$ENABLED_NGINX" = "xyes" || test "$ENABLED_WPAS" = "yes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
- then
- ENABLED_SESSION_TICKET=yes
- fi
- if test "x$ENABLED_SESSION_TICKET" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SESSION_TICKET"
- fi
- # Extended Master Secret Extension
- AC_ARG_ENABLE([extended-master],
- [AS_HELP_STRING([--enable-extended-master],[Enable Extended Master Secret (default: enabled)])],
- [ ENABLED_EXTENDED_MASTER=$enableval ],
- [ ENABLED_EXTENDED_MASTER=yes ]
- )
- if test "x$ENABLED_EXTENDED_MASTER" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EXTENDED_MASTER"
- fi
- # TLS Extensions
- AC_ARG_ENABLE([tlsx],
- [AS_HELP_STRING([--enable-tlsx],[Enable all TLS Extensions (default: disabled)])],
- [ ENABLED_TLSX=$enableval ],
- [ ENABLED_TLSX=no ]
- )
- if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_SIGNAL" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_CHRONY" = "yes"
- then
- ENABLED_TLSX=yes
- fi
- if test "x$ENABLED_TLSX" = "xyes"
- then
- ENABLED_SNI=yes
- ENABLED_MAX_FRAGMENT=yes
- ENABLED_TRUNCATED_HMAC=yes
- ENABLED_ALPN=yes
- ENABLED_TRUSTED_CA=yes
- ENABLED_ENCRYPT_THEN_MAC=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC -DHAVE_ALPN -DHAVE_TRUSTED_CA"
- # Check the ECC supported curves prereq
- AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_TLS13" = "xyes"],
- [ENABLED_SUPPORTED_CURVES=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
- fi
- # Early Data handshake in TLS v1.3 and above
- AC_ARG_ENABLE([earlydata],
- [AS_HELP_STRING([--enable-earlydata],[Enable Early Data handshake with wolfSSL TLS v1.3 (default: disabled)])],
- [ ENABLED_TLS13_EARLY_DATA=$enableval ],
- [ ENABLED_TLS13_EARLY_DATA=no ]
- )
- if test "$ENABLED_TLS13_EARLY_DATA" = "group"
- then
- ENABLED_TLS13_EARLY_DATA="yes"
- # Group EarlyData with ClientHello
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA_GROUP"
- fi
- if test "$ENABLED_TLS13_EARLY_DATA" = "yes"
- then
- if test "x$ENABLED_TLS13" = "xno" && test "X$ENABLED_ALL" = "xno"
- then
- AC_MSG_ERROR([cannot enable earlydata without enabling tls13.])
- fi
- if test "x$ENABLED_SESSION_TICKET" = "xno" && test "x$ENABLED_PSK" = "xno"
- then
- AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
- fi
- if test "x$ENABLED_TLS13" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA"
- fi
- fi
- if test "$ENABLED_TLSV12" = "no" && test "$ENABLED_TLS13" = "yes" && test "x$ENABLED_SESSION_TICKET" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE"
- fi
- # PKCS7
- AC_ARG_ENABLE([pkcs7],
- [AS_HELP_STRING([--enable-pkcs7],[Enable PKCS7 (default: disabled)])],
- [ ENABLED_PKCS7=$enableval ],
- [ ENABLED_PKCS7=no ]
- )
- # wolfSSH Options
- AC_ARG_ENABLE([wolfssh],
- [AS_HELP_STRING([--enable-wolfssh],[Enable wolfSSH options (default: disabled)])],
- [ ENABLED_WOLFSSH=$enableval ],
- [ ENABLED_WOLFSSH=no ]
- )
- AC_ARG_ENABLE([ssh],
- [AS_HELP_STRING([--enable-ssh],[Enable wolfSSH options (default: disabled)])],
- [ ENABLED_SSH=$enableval ],
- [ ENABLED_SSH=no ]
- )
- if test "x$ENABLED_SSH" = "xyes"
- then
- ENABLED_WOLFSSH="yes"
- fi
- # wolfTPM Options
- AC_ARG_ENABLE([wolftpm],
- [AS_HELP_STRING([--enable-wolftpm],[Enable wolfTPM options (default: disabled)])],
- [ ENABLED_WOLFTPM=$enableval ],
- [ ENABLED_WOLFTPM=no ]
- )
- # wolfCLU Options
- AC_ARG_ENABLE([wolfclu],
- [AS_HELP_STRING([--enable-wolfclu],[Enable wolfCLU options (default: disabled)])],
- [ ENABLED_WOLFCLU=$enableval ],
- [ ENABLED_WOLFCLU=no ]
- )
- if test "x$ENABLED_WOLFTPM" = "xyes"
- then
- # Requires cryptocb (set in its enable section)
- # Requires certgen, certreq, certext
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_CERTREQ" = "xno"
- then
- ENABLED_CERTREQ="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- # Requires PKCS7
- if test "x$ENABLED_PKCS7" = "xno"
- then
- ENABLED_PKCS7="yes"
- fi
- # Requires aescfb
- if test "x$ENABLED_AESCFB" = "xno"
- then
- ENABLED_AESCFB="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
- fi
- fi
- if test "x$ENABLED_SMIME" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SMIME"
- # Requires PKCS7
- if test "x$ENABLED_PKCS7" = "xno"
- then
- ENABLED_PKCS7="yes"
- fi
- fi
- # Simple Certificate Enrollment Protocol (SCEP)
- AC_ARG_ENABLE([scep],
- [AS_HELP_STRING([--enable-scep],[Enable wolfSCEP (default: disabled)])],
- [ ENABLED_WOLFSCEP=$enableval ],
- [ ENABLED_WOLFSCEP=no ]
- )
- # Secure Remote Password
- AC_ARG_ENABLE([srp],
- [AS_HELP_STRING([--enable-srp],[Enable Secure Remote Password (default: disabled)])],
- [ ENABLED_SRP=$enableval ],
- [ ENABLED_SRP=no ]
- )
- if test "x$ENABLED_SRP" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
- fi
- # Indefinite length encoded BER message support
- AC_ARG_ENABLE([indef],
- [AS_HELP_STRING([--enable-indef],[Enable parsing of indefinite length encoded msgs (default: disabled)])],
- [ ENABLED_BER_INDEF=$enableval ],
- [ ENABLED_BER_INDEF=no ]
- )
- if test "x$ENABLED_BER_INDEF" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER"
- fi
- # Alternate certification chains, as oppossed to requiring full chain validataion.
- # Certificate validation behavior is relaxed, similar to openssl and
- # browsers. Only the peer certificate must validate to a trusted
- # certificate. Without this, all certificates sent by a peer must be
- # used in the trust chain or the connection will be rejected.
- AC_ARG_ENABLE([altcertchains],
- [AS_HELP_STRING([--enable-altcertchains],[Enable using alternative certificate chains, only require leaf certificate to validate to trust root (default: disabled)])],
- [ ENABLED_ALT_CERT_CHAINS=$enableval ],
- [ ENABLED_ALT_CERT_CHAINS=no ]
- )
- if test "x$ENABLED_ALT_CERT_CHAINS" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
- fi
- # Small Stack - Cache on object
- AC_ARG_ENABLE([smallstackcache],
- [AS_HELP_STRING([--enable-smallstackcache],[Enable Small Stack Usage Caching (default: disabled)])],
- [ ENABLED_SMALL_STACK_CACHE=$enableval ],
- [ ENABLED_SMALL_STACK_CACHE=no ]
- )
- if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK_CACHE"
- fi
- # Small Stack
- if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
- then
- ENABLED_SMALL_STACK_DEFAULT=yes
- else
- ENABLED_SMALL_STACK_DEFAULT=no
- fi
- AC_ARG_ENABLE([smallstack],
- [AS_HELP_STRING([--enable-smallstack],[Enable Small Stack Usage (default: disabled)])],
- [ ENABLED_SMALL_STACK=$enableval ],
- [ ENABLED_SMALL_STACK=$ENABLED_SMALL_STACK_DEFAULT ]
- )
- if test "x$ENABLED_SMALL_STACK_CACHE" = "xyes"
- then
- ENABLED_SMALL_STACK=yes
- fi
- if test "x$ENABLED_SMALL_STACK" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SMALL_STACK"
- fi
- #valgrind
- AC_ARG_ENABLE([valgrind],
- [AS_HELP_STRING([--enable-valgrind],[Enable valgrind for unit tests (default: disabled)])],
- [ ENABLED_VALGRIND=$enableval ],
- [ ENABLED_VALGRIND=no ]
- )
- if test "$ENABLED_VALGRIND" = "yes"
- then
- AC_CHECK_PROG([HAVE_VALGRIND],[valgrind],[yes],[no])
- if test "$HAVE_VALGRIND" = "no"
- then
- AC_MSG_ERROR([Valgrind not found.])
- fi
- enable_shared=no
- enable_static=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_VALGRIND"
- fi
- # Test certs, use internal cert functions for extra testing
- AC_ARG_ENABLE([testcert],
- [AS_HELP_STRING([--enable-testcert],[Enable Test Cert (default: disabled)])],
- [ ENABLED_TESTCERT=$enableval ],
- [ ENABLED_TESTCERT=no ]
- )
- if test "$ENABLED_TESTCERT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_CERT"
- fi
- # I/O Pool, an example to show user how to override memory handler and use
- # a pool for the input/output buffer requests
- AC_ARG_ENABLE([iopool],
- [AS_HELP_STRING([--enable-iopool],[Enable I/O Pool example (default: disabled)])],
- [ ENABLED_IOPOOL=$enableval ],
- [ ENABLED_IOPOOL=no ]
- )
- if test "$ENABLED_IOPOOL" = "yes"
- then
- if test "$thread_ls_on" = "no"
- then
- AC_MSG_ERROR([I/O Pool example requires Thread Local Storage])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_IO_POOL -DXMALLOC_USER"
- fi
- # Certificate Service Support
- AC_ARG_ENABLE([certservice],
- [AS_HELP_STRING([--enable-certservice],[Enable cert service (default: disabled)])],
- [ ENABLED_CERT_SERVICE=$enableval ],
- [ ENABLED_CERT_SERVICE=no ]
- )
- if test "$ENABLED_CERT_SERVICE" = "yes"
- then
- # Requires ecc,certgen, and opensslextra make sure on
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_ECC" = "xno"
- then
- ENABLED_ECC="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- if test "$ENABLED_ECC_SHAMIR" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- fi
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE"
- fi
- # wolfSSL JNI
- AC_ARG_ENABLE([jni],
- [AS_HELP_STRING([--enable-jni],[Enable wolfSSL JNI (default: disabled)])],
- [ ENABLED_JNI=$enableval ],
- [ ENABLED_JNI=no ]
- )
- if test "$ENABLED_JNI" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_JNI -DHAVE_EX_DATA"
- # Enable prereqs if not already enabled
- if test "x$ENABLED_DTLS" = "xno"
- then
- ENABLED_DTLS="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
- fi
- if test "x$ENABLED_OPENSSLEXTRA" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- if test "x$ENABLED_OPENSSLALL" = "xno"
- then
- ENABLED_OPENSSLALL="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL"
- fi
- if test "x$ENABLED_CRL" = "xno"
- then
- ENABLED_CRL="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- fi
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- if test "x$ENABLED_CRL_MONITOR" = "xno" && test "x$ENABLED_DISTRO" = "xno"
- then
- ENABLED_CRL_MONITOR="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_MONITOR"
- fi
- if test "x$ENABLED_SAVESESSION" = "xno"
- then
- ENABLED_SAVESESSION="yes"
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_SESSION_CACHE"
- fi
- if test "x$ENABLED_SAVECERT" = "xno"
- then
- ENABLED_SAVECERT="yes"
- AM_CFLAGS="$AM_CFLAGS -DPERSIST_CERT_CACHE"
- fi
- if test "x$ENABLED_ATOMICUSER" = "xno"
- then
- ENABLED_ATOMICUSER="yes"
- AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
- fi
- if test "x$ENABLED_ECC" = "xno"
- then
- ENABLED_ECC="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- if test "$ENABLED_ECC_SHAMIR" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- fi
- # Do not enable PK Callbacks in FIPS mode with JNI
- if test "x$ENABLED_PKCALLBACKS" = "xno" && test "$ENABLED_FIPS" = "no"
- then
- ENABLED_PKCALLBACKS="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PK_CALLBACKS"
- fi
- if test "x$ENABLED_DH" = "xno"
- then
- ENABLED_DH="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_DH"
- fi
- if test "x$ENABLED_PSK" = "xno"
- then
- ENABLED_PSK="yes"
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_SNI" = "xno"
- then
- ENABLED_SNI="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
- fi
- if test "x$ENABLED_ALPN" = "xno"
- then
- ENABLED_ALPN="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ALPN"
- fi
- fi
- if test "$ENABLED_LIGHTY" = "yes"
- then
- # Requires opensslextra make sure on
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
- # recommended if building wolfSSL specifically for use by lighttpd
- if test "x$ENABLED_ALL" = "xno"; then
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_COMP"
- if test "x$ENABLED_SSLV3" = "xno"; then
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3"
- if test "x$ENABLED_TLSV10" = "xno"; then
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
- ENABLED_OLD_TLS=no
- fi
- fi
- if test "x$ENABLED_CRL_MONITOR" = "xno"; then
- AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED"
- ENABLED_SINGLETHREADED="yes"
- fi
- # w/ lighttpd 1.4.56 once wolfSSL updated to expose non-filesystem funcs
- #AM_CFLAGS="$AM_CFLAGS -DNO_BIO"
- #AM_CFLAGS="$AM_CFLAGS -DNO_FILESYSTEM"
- #ENABLED_FILESYSTEM=no
- fi
- fi
- if test "$ENABLED_NGINX" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NGINX -DWOLFSSL_SIGNER_DER_CERT"
- fi
- if test "$ENABLED_HAPROXY" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY -DOPENSSL_COMPATIBLE_DEFAULTS"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"
- # --enable-all defines its own DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS
- if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"
- then
- DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
- fi
- # Requires opensslextra and opensslall
- if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLALL="yes"
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
- fi
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_CERTREQ" = "xno"
- then
- ENABLED_CERTREQ="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
- fi
- # Requires sessioncerts make sure on
- if test "x$ENABLED_SESSIONCERTS" = "xno"
- then
- ENABLED_SESSIONCERTS="yes"
- AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
- fi
- fi
- if test "$ENABLED_NETSNMP" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
- if test "x$ENABLED_AESCFB" = "xno"
- then
- ENABLED_AESCFB="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CFB"
- fi
- if test "x$ENABLED_DTLS" = "xno"
- then
- ENABLED_DTLS="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
- fi
- fi
- if test "$ENABLED_KRB" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KRB -DWOLFSSL_AES_DIRECT -DWOLFSSL_DES_ECB"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
- # Requires PKCS7
- if test "x$ENABLED_PKCS7" = "xno"
- then
- ENABLED_PKCS7="yes"
- fi
- fi
- if test "$ENABLED_FFMPEG" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FFMPEG -DOPENSSL_COMPATIBLE_DEFAULTS"
- fi
- if test "$ENABLED_SIGNAL" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNAL -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
- # Requires opensslextra make sure on
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- fi
- if test "$ENABLED_BIND" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
- ENABLED_SHA224="yes"
- ENABLED_SHA384="yes"
- ENABLED_SHA512="yes"
- fi
- if test "$ENABLED_RSYSLOG" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RSYSLOG -DWOLFSSL_ERROR_CODE_OPENSSL"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DOPENSSL_COMPATIBLE_DEFAULTS"
- fi
- if test "$ENABLED_OPENVPN" = "yes"
- then
- ENABLED_SUPPORTED_CURVES="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENVPN -DHAVE_KEYING_MATERIAL"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DHAVE_EX_DATA -DWOLFSSL_KEY_GEN"
- fi
- if test "$ENABLED_NGINX" = "yes"|| test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
- AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT -DKEEP_PEER_CERT"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA"
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || \
- test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
- then
- test "$enable_arc4" = "" && enable_arc4=yes
- fi
- if test "$ENABLED_ARC4" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
- else
- # turn off ARC4 if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_RC4"
- ENABLED_ARC4=no
- fi
- fi
- # Asio Support
- AC_ARG_ENABLE([asio],
- [AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])],
- [ ENABLED_ASIO=$enableval ],
- [ ENABLED_ASIO=no ]
- )
- if test "$ENABLED_ASIO" = "yes"
- then
- # Requires opensslextra and opensslall
- if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLALL="yes"
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN"
- AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA"
- AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3"
- if test "$ENABLED_TLSV10" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1"
- fi
- if test "$ENABLED_OLD_TLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_1"
- fi
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- fi
- # Apache HTTPD
- AC_ARG_ENABLE([apachehttpd],
- [AS_HELP_STRING([--enable-apachehttpd],[Enable Apache httpd (default: disabled)])],
- [ ENABLED_APACHE_HTTPD=$enableval ],
- [ ENABLED_APACHE_HTTPD=no ]
- )
- if test "$ENABLED_APACHE_HTTPD" = "yes"
- then
- # Requires opensslextra and opensslall
- if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLALL="yes"
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APACHE_HTTPD"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT -DWOLFSSL_CERT_GEN"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
- # Requires OCSP make sure on
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- # Requires sessioncerts make sure on
- if test "x$ENABLED_SESSIONCERTS" = "xno"
- then
- ENABLED_SESSIONCERTS="yes"
- AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
- fi
- # Requires ALPN
- if test "x$ENABLED_ALPN" = "xno"
- then
- ENABLED_ALPN="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
- fi
- # Requires CRL
- if test "x$ENABLED_CRL" = "xno"
- then
- ENABLED_CRL="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- fi
- # Requires Certificate Generation, Request and Extensions
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_CERTREQ" = "xno"
- then
- ENABLED_CERTREQ="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- # Requires Secure Renegotiation
- if test "x$ENABLED_SECURE_RENEGOTIATION" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DHAVE_SERVER_RENEGOTIATION_INFO"
- fi
- fi
- # Encrypt-Then-Mac
- AC_ARG_ENABLE([enc-then-mac],
- [AS_HELP_STRING([--enable-enc-then-mac],[Enable Encrypt-Then-Mac extension (default: enabled)])],
- [ ENABLED_ENCRYPT_THEN_MAC=$enableval ],
- [ ENABLED_ENCRYPT_THEN_MAC=yes ]
- )
- if test "x$ENABLED_TLSX" = "xyes"
- then
- ENABLED_ENCRYPT_THEN_MAC=yes
- fi
- if test "x$ENABLED_ENCRYPT_THEN_MAC" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ENCRYPT_THEN_MAC"
- fi
- # stunnel Support
- AC_ARG_ENABLE([stunnel],
- [AS_HELP_STRING([--enable-stunnel],[Enable stunnel (default: disabled)])],
- [ ENABLED_STUNNEL=$enableval ],
- [ ENABLED_STUNNEL=no ]
- )
- if test "$ENABLED_WPAS" = "yes"
- then
- ENABLED_STUNNEL="yes"
- fi
- # stunnel support requires all the features enabled within this conditional.
- if test "$ENABLED_STUNNEL" = "yes"
- then
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- if test "x$ENABLED_SESSION_TICKET" = "xno"
- then
- ENABLED_SESSION_TICKET="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SESSION_TICKET"
- fi
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- if test "x$ENABLED_CODING" = "xno"
- then
- ENABLED_CODING="yes"
- fi
- if test "x$ENABLED_SESSIONCERTS" = "xno"
- then
- ENABLED_SESSIONCERTS="yes"
- AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
- fi
- if test "x$ENABLED_CRL" = "xno"
- then
- ENABLED_CRL="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- fi
- if test "x$ENABLED_DES3" = "xno"
- then
- ENABLED_DES3="yes"
- fi
- if test "x$ENABLED_TLSX" = "xno"
- then
- ENABLED_TLSX="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI -DHAVE_MAX_FRAGMENT -DHAVE_TRUNCATED_HMAC"
- # Check the ECC supported curves prereq
- AS_IF([test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_CURVE25519" = "xyes"],
- [ENABLED_SUPPORTED_CURVES=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES"])
- fi
- if test "x$ENABLED_ECC" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- ENABLED_ECC="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256"
- if test "$ENABLED_ECC_SHAMIR" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"
- fi
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_KEYGEN" = "xno"
- then
- ENABLED_KEYGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI -DHAVE_EX_DATA"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DWOLFSSL_SIGNER_DER_CERT"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_TICKET_HAVE_ID"
- fi
- # curl Support
- AC_ARG_ENABLE([curl],
- [AS_HELP_STRING([--enable-curl],[Enable curl (default: disabled)])],
- [ ENABLED_CURL=$enableval ],
- [ ENABLED_CURL=no ]
- )
- # curl support requires all the features enabled within this conditional.
- if test "$ENABLED_CURL" = "yes"
- then
- if test "x$ENABLED_DES3" = "xno"
- then
- ENABLED_DES3="yes"
- fi
- if test "x$ENABLED_ALPN" = "xno"
- then
- ENABLED_ALPN="yes"
- fi
- if test "x$ENABLED_WOLFSSH" = "xno"
- then
- ENABLED_WOLFSSH="yes"
- fi
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- fi
- if test "x$ENABLED_CRL" = "xno"
- then
- ENABLED_CRL="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- fi
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xno"
- then
- ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
- fi
- if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xno"
- then
- ENABLED_CERTIFICATE_STATUS_REQUEST_V2="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2"
- fi
- if test "x$ENABLED_SNI" = "xno"
- then
- ENABLED_SNI="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"
- fi
- if test "x$ENABLED_ALT_CERT_CHAINS" = "xno"
- then
- ENABLED_ALT_CERT_CHAINS="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB"
- fi
- if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
- && test "x$ENABLED_STUNNEL" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_PSK"
- fi
- if test "$ENABLED_PSK" = "no" && \
- (test "$ENABLED_LEANPSK" = "yes" || test "x$ENABLED_STUNNEL" = "xyes")
- then
- ENABLED_PSK=yes
- fi
- # tcpdump support
- AC_ARG_ENABLE([tcpdump],
- [AS_HELP_STRING([--enable-tcpdump],[Enable tcpdump (default: disabled)])],
- [ ENABLED_TCPDUMP=$enableval ],
- [ ENABLED_TCPDUMP=no ]
- )
- # tcpdump support requires all the features enabled within this conditional.
- if test "$ENABLED_TCPDUMP" = "yes"
- then
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- if test "x$ENABLED_DES3" = "xno"
- then
- ENABLED_DES3="yes"
- fi
- fi
- # sblim-sfcb support
- AC_ARG_ENABLE([sblim-sfcb],
- [AS_HELP_STRING([--enable-sblim-sfcb],[Enable sblim-sfcb support (default: disabled)])],
- [ ENABLED_SBLIM_SFCB=$enableval ],
- [ ENABLED_SBLIM_SFCB=no ]
- )
- # sblim-sfcb support requires all the features enabled within this conditional.
- if test "$ENABLED_SBLIM_SFCB" = "yes"
- then
- if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA"
- fi
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SBLIM_SFCB -DWOLFSSL_SIGNER_DER_CERT"
- fi
- # libest Support
- AC_ARG_ENABLE([libest],
- [AS_HELP_STRING([--enable-libest],[Enable libest (default: disabled)])],
- [ ENABLED_LIBEST=$enableval ],
- [ ENABLED_LIBEST=no ]
- )
- if test "$ENABLED_LIBEST" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DHAVE_LIBEST -DWOLFSSL_ALT_NAMES"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
- # Requires opensslextra and opensslall
- if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- ENABLED_OPENSSLALL="yes"
- ENABLED_OPENSSLEXTRA="yes"
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING"
- AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"
- fi
- # Requires OCSP
- if test "x$ENABLED_OCSP" = "xno"
- then
- ENABLED_OCSP="yes"
- fi
- # Requires PKCS7
- if test "x$ENABLED_PKCS7" = "xno"
- then
- ENABLED_PKCS7="yes"
- fi
- # Requires Certificate Generation and Request
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_CERTREQ" = "xno"
- then
- ENABLED_CERTREQ="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- # Requires CRL
- if test "x$ENABLED_CRL" = "xno"
- then
- ENABLED_CRL="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
- fi
- if test "x$ENABLED_SRP" = "xno"
- then
- ENABLED_SRP="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
- fi
- # Enable prereqs if not already enabled
- if test "x$ENABLED_KEYGEN" = "xno"
- then
- ENABLED_KEYGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
- fi
- # Requires sessioncerts make sure on
- if test "x$ENABLED_SESSIONCERTS" = "xno"
- then
- ENABLED_SESSIONCERTS="yes"
- AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS"
- fi
- if test "x$ENABLED_DSA" = "xno"
- then
- AC_MSG_WARN([Enabling DSA with --enable-dsa is recommended for libest])
- fi
- fi
- # MD4
- AC_ARG_ENABLE([md4],
- [AS_HELP_STRING([--enable-md4],[Enable MD4 (default: disabled)])],
- [ ENABLED_MD4=$enableval ],
- [ ENABLED_MD4=no ]
- )
- if test "$ENABLED_MD4" = "no"
- then
- #turn on MD4 if using stunnel
- if test "x$ENABLED_STUNNEL" = "xyes" || test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_KRB" = "xyes"
- then
- ENABLED_MD4="yes"
- else
- AM_CFLAGS="$AM_CFLAGS -DNO_MD4"
- fi
- fi
- # Encrypted keys
- AC_ARG_ENABLE([enckeys],
- [AS_HELP_STRING([--enable-enckeys],[Enable PEM encrypted private key support (default: disabled)])],
- [ ENABLED_ENCKEYS=$enableval ],
- [ ENABLED_ENCKEYS=no ]
- )
- if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_WPAS" != "no"
- then
- ENABLED_ENCKEYS=yes
- fi
- if test "$ENABLED_ENCKEYS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ENCRYPTED_KEYS"
- fi
- # PKCS#12
- # set PKCS#12 default
- PKCS12_DEFAULT=yes
- if test "$ENABLED_ASN" = "no" || test "$FIPS_VERSION" = "rand"
- then
- PKCS12_DEFAULT=no
- fi
- AC_ARG_ENABLE([pkcs12],
- [AS_HELP_STRING([--enable-pkcs12],[Enable pkcs12 (default: enabled)])],
- [ ENABLED_PKCS12=$enableval ],
- [ ENABLED_PKCS12=$PKCS12_DEFAULT ]
- )
- if test "x$ENABLED_PKCS12" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_PKCS12"
- fi
- # PWDBASED has to come after certservice since we want it on w/o explicit on
- # PWDBASED
- AC_ARG_ENABLE([pwdbased],
- [AS_HELP_STRING([--enable-pwdbased],[Enable PWDBASED (default: disabled)])],
- [ ENABLED_PWDBASED=$enableval ],
- [ ENABLED_PWDBASED=no ]
- )
- if test "$ENABLED_PWDBASED" = "no"
- then
- if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \
- test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" || \
- test "$ENABLED_PKCS12" = "yes"
- then
- # opensslextra, opensslall, webserver, enckeys and pkcs12 need pwdbased
- ENABLED_PWDBASED=yes
- else
- AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED"
- fi
- fi
- AC_ARG_ENABLE([scrypt],
- [AS_HELP_STRING([--enable-scrypt],[Enable SCRYPT (default: disabled)])],
- [ ENABLED_SCRYPT=$enableval ],
- [ ENABLED_SCRYPT=no ]
- )
- if test "$ENABLED_SCRYPT" = "yes"
- then
- if test "$ENABLED_PWDBASED" = "no"
- then
- AC_MSG_ERROR([cannot enable scrypt without enabling pwdbased.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_SCRYPT"
- fi
- # wolfCrypt Only Build
- AC_ARG_ENABLE([cryptonly],
- [AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
- [ENABLED_CRYPTONLY=$enableval],
- [ENABLED_CRYPTONLY=no])
- AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])
- if test "$ENABLED_CRYPTONLY" = "yes"
- then
- if test "$ENABLED_OPENSSLALL" = "yes"
- then
- AC_MSG_ERROR([cryptonly and opensslall are mutually incompatible.])
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_ONLY"
- fi
- if test "x$ENABLED_CRYPTONLY" = "xno"
- then
- if test "x$ENABLED_PSK" = "xno" && test "x$ENABLED_ASN" = "xno"
- then
- AC_MSG_ERROR([please enable psk if disabling asn.])
- fi
- if test "x$ENABLED_ECC" != "xno" && test "x$ENABLED_ASN" = "xno"
- then
- AC_MSG_ERROR([please disable ecc if disabling asn.])
- fi
- if test "$ENABLED_AFALG" = "yes"
- then
- # for TLS connections the intermediate hash needs to store buffer
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AFALG_HASH_KEEP"
- fi
- if test "$ENABLED_DEVCRYPTO" = "yes"
- then
- # for TLS connections the intermediate hash needs to store buffer
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DEVCRYPTO_HASH_KEEP"
- fi
- fi
- # set fastmath default
- FASTMATH_DEFAULT=no
- if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
- then
- FASTMATH_DEFAULT=yes
- fi
- if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
- then
- FASTMATH_DEFAULT=no
- fi
- if test "$ENABLED_SP_MATH" = "yes"
- then
- FASTMATH_DEFAULT=no
- fi
- # fastmath
- AC_ARG_ENABLE([fastmath],
- [AS_HELP_STRING([--enable-fastmath],[Enable fast math ops (default: enabled on x86_64/aarch64)])],
- [ ENABLED_FASTMATH=$enableval ],
- [ ENABLED_FASTMATH=$FASTMATH_DEFAULT]
- )
- if test "x$ENABLED_FASTMATH" = "xyes"
- then
- # turn off fastmth if leanpsk on or asn off (w/o DH and ECC)
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_ASN" = "no"
- then
- if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && test "$ENABLED_RSA" = "no"
- then
- ENABLED_FASTMATH=no
- else
- AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
- ENABLED_SLOWMATH="no"
- fi
- else
- AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
- ENABLED_SLOWMATH="no"
- fi
- if test "$host_cpu" = "x86_64"
- then
- # Have settings.h set FP_MAX_BITS higher if user didn't set directly
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
- fi
- AS_IF([test "x$host_cpu" = "xaarch64"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AARCH64_BUILD"])
- if test "$ENABLED_SAKKE" = "yes" && test "$ENABLED_SAKKE_SMALL" != "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -funroll-loops -DTFM_SMALL_SET"
- fi
- fi
- # fast HUGE math
- AC_ARG_ENABLE([fasthugemath],
- [AS_HELP_STRING([--enable-fasthugemath],[Enable fast math + huge code (default: disabled)])],
- [ ENABLED_FASTHUGEMATH=$enableval ],
- [ ENABLED_FASTHUGEMATH=no ]
- )
- if test "$ENABLED_BUMP" = "yes"
- then
- ENABLED_FASTHUGEMATH="yes"
- fi
- if test "$ENABLED_FASTHUGEMATH" = "yes"
- then
- ENABLED_FASTMATH="yes"
- AM_CFLAGS="$AM_CFLAGS -DUSE_FAST_MATH"
- ENABLED_SLOWMATH="no"
- fi
- # Enable Examples, used to disable examples
- if test "$ENABLED_LINUXKM" = "yes"
- then
- ENABLED_EXAMPLES_DEFAULT=no
- else
- ENABLED_EXAMPLES_DEFAULT=yes
- fi
- AC_ARG_ENABLE([examples],
- [AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
- [ ENABLED_EXAMPLES=$enableval ],
- [ ENABLED_EXAMPLES=$ENABLED_EXAMPLES_DEFAULT ]
- )
- AS_IF([test "x$ENABLED_FILESYSTEM" = "xno"], [ENABLED_EXAMPLES="no"])
- AS_IF([test "x$ENABLED_INLINE" = "xno"], [ENABLED_EXAMPLES="no"])
- AS_IF([test "x$ENABLED_CRYPTONLY" = "xyes"], [ENABLED_EXAMPLES="no"])
- # Enable wolfCrypt test and benchmark
- if test "$ENABLED_LINUXKM" = "yes"
- then
- ENABLED_CRYPT_TESTS_DEFAULT=no
- else
- ENABLED_CRYPT_TESTS_DEFAULT=yes
- fi
- AC_ARG_ENABLE([crypttests],
- [AS_HELP_STRING([--enable-crypttests],[Enable Crypt Bench/Test (default: enabled)])],
- [ ENABLED_CRYPT_TESTS=$enableval ],
- [ ENABLED_CRYPT_TESTS=$ENABLED_CRYPT_TESTS_DEFAULT ]
- )
- AC_SUBST([ENABLED_CRYPT_TESTS])
- # Build wolfCrypt test and benchmark as libraries. This will compile test.c and
- # benchmark.c and make their functions available via libraries, libwolfcrypttest
- # and libwolfcryptbench, respectively. Note that this feature is not enabled by
- # default, and the API of these libraries should NOT be treated as stable.
- AC_ARG_ENABLE([crypttests-libs],
- [AS_HELP_STRING([--enable-crypttests-libs],[Enable wolfcrypt test and benchmark libraries (default: disabled)])],
- [ ENABLED_CRYPT_TESTS_LIBS=$enableval ],
- [ ENABLED_CRYPT_TESTS_LIBS=no ]
- )
- # LIBZ
- ENABLED_LIBZ="no"
- trylibzdir=""
- AC_ARG_WITH([libz],
- [ --with-libz=PATH PATH to libz install (default /usr/) ],
- [
- AC_MSG_CHECKING([for libz])
- CPPFLAGS="$CPPFLAGS -DHAVE_LIBZ"
- LIBS="$LIBS -lz"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
- if test "x$libz_linked" = "xno" ; then
- if test "x$withval" != "xno" ; then
- trylibzdir=$withval
- fi
- if test "x$withval" = "xyes" ; then
- trylibzdir="/usr"
- fi
- LDFLAGS="$LDFLAGS -L$trylibzdir/lib"
- CPPFLAGS="$CPPFLAGS -I$trylibzdir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <zlib.h>]], [[ deflateInit(0, 8); ]])],[ libz_linked=yes ],[ libz_linked=no ])
- if test "x$libz_linked" = "xno" ; then
- AC_MSG_ERROR([libz isn't found.
- If it's already installed, specify its path using --with-libz=/dir/])
- fi
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([yes])
- fi
- ENABLED_LIBZ="yes"
- ]
- )
- # PKCS#11
- AC_ARG_ENABLE([pkcs11],
- [AS_HELP_STRING([--enable-pkcs11],[Enable pkcs11 access (default: disabled)])],
- [ ENABLED_PKCS11=$enableval ],
- [ ENABLED_PKCS11=no ]
- )
- if test "x$ENABLED_PKCS11" != "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11 -DHAVE_WOLF_BIGINT"
- if test "x$ENABLED_PKCS11" != "xstatic"
- then
- LIBS="$LIBS -ldl"
- else
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11_STATIC"
- ENABLED_PKCS11="yes"
- fi
- fi
- # PKCS#8
- AC_ARG_ENABLE([pkcs8],
- [AS_HELP_STRING([--enable-pkcs8],[Enable PKCS #8 key packages (default: enabled)])],
- [ ENABLED_PKCS8=$enableval ],
- [ ENABLED_PKCS8=yes ]
- )
- if test "x$ENABLED_PKCS8" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_PKCS8"
- fi
- # cavium
- trycaviumdir=""
- AC_ARG_WITH([cavium],
- [ --with-cavium=PATH PATH to cavium/software dir ],
- [
- AC_MSG_CHECKING([for cavium])
- CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
- LIB_ADD="-lrt $LIB_ADD"
- if test "x$withval" = "xyes" ; then
- AC_MSG_ERROR([need a PATH for --with-cavium])
- fi
- if test "x$withval" != "xno" ; then
- trycaviumdir=$withval
- fi
- LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
- CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
- if test "x$cavium_linked" = "xno" ; then
- AC_MSG_ERROR([cavium isn't found.
- If it's already installed, specify its path using --with-cavium=/dir/])
- else
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM"
- fi
- AC_MSG_RESULT([yes])
- enable_shared=no
- enable_static=yes
- ENABLED_CAVIUM=yes
- ],
- [ ENABLED_CAVIUM=no ]
- )
- # cavium V
- trycaviumdir=""
- AC_ARG_WITH([cavium-v],
- [ --with-cavium-v=PATH PATH to Cavium V/software dir ],
- [
- AC_MSG_CHECKING([for cavium])
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM -DHAVE_CAVIUM_V"
- LIB_ADD="-lrt -lcrypto $LIB_ADD"
- if test "x$withval" = "xyes" ; then
- AC_MSG_ERROR([need a PATH for --with-cavium])
- fi
- if test "x$withval" != "xno" ; then
- trycaviumdir=$withval
- fi
- if test -e $trycaviumdir/lib/libnitrox.a
- then
- AM_CPPFLAGS="-I$trycaviumdir/include $AM_CPPFLAGS"
- else
- ENABLED_CAVIUM_V=no
- fi
- LIB_STATIC_ADD="$trycaviumdir/lib/libnitrox.a $LIB_STATIC_ADD"
- if test "$ENABLED_CAVIUM_V" = "no"; then
- AC_MSG_ERROR([Could not find Nitrox library])
- fi
- enable_shared=no
- enable_static=yes
- enable_opensslextra=yes
- ENABLED_CAVIUM=yes
- ENABLED_CAVIUM_V=yes
- ],
- [
- ENABLED_CAVIUM_=no
- ENABLED_CAVIUM_V=no
- ]
- )
- # Cavium Octeon
- OCTEON_ROOT=""
- : ${OCTEON_OBJ="obj-octeon2"}
- : ${OCTEON_HOST="standalone"}
- AC_ARG_WITH([octeon-sync],
- [AS_HELP_STRING([--with-octeon-sync=PATH],[PATH to Cavium Octeon SDK dir (sync)])],
- [
- AC_MSG_CHECKING([for octeon])
- if test "x$withval" = "xyes" ; then
- AC_MSG_ERROR([need a PATH for --with-octeon])
- fi
- if test "x$withval" != "xno" ; then
- OCTEON_ROOT=$withval
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM_OCTEON_SYNC"
- AM_CFLAGS="$AM_CFLAGS -DOCTEON_MODEL=$OCTEON_MODEL"
- AM_CFLAGS="$AM_CFLAGS -I$OCTEON_ROOT/executive"
- AS_CASE([$OCTEON_HOST],['linux'],[AM_CFLAGS="$AM_CFLAGS -DCVMX_BUILD_FOR_LINUX_HOST"])
- #-I$OCTEON_ROOT/target/include
- AM_LDFLAGS="$AM_LDFLAGS -lrt -Xlinker -T -Xlinker $OCTEON_ROOT/executive/cvmx-shared-linux.ld"
- AM_LDFLAGS="$AM_LDFLAGS -L$OCTEON_ROOT/executive/$OCTEON_OBJ -lcvmx -lfdt"
- enable_shared=no
- enable_static=yes
- ENABLED_OCTEON_SYNC=yes
- AC_MSG_RESULT([yes])
- ],
- [ENABLED_OCTEON_SYNC=no]
- )
- # Intel QuickAssist
- QAT_DIR=""
- BUILD_INTEL_QAT_VERSION=2
- AC_ARG_WITH([intelqa],
- [AS_HELP_STRING([--with-intelqa=PATH],[PATH to Intel QuickAssist (QAT) driver dir])],
- [ENABLED_INTEL_QA=yes; QAT_DIR=$withval],
- [ENABLED_INTEL_QA=no])
- AC_ARG_WITH([intelqa-sync],
- [AS_HELP_STRING([--with-intelqa-sync=PATH],[PATH to Intel QuickAssist (QAT) driver dir (sync)])],
- [ENABLED_INTEL_QA_SYNC=yes; QAT_DIR=$withval],
- [ENABLED_INTEL_QA_SYNC=no])
- AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" && test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
- [AC_MSG_ERROR([Both Intel QA Async and Sync are selected, only select one.])])
- AS_IF([test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_INTEL_QA_SYNC" = "xyes"],
- [AC_MSG_CHECKING([for intelqa])
- AS_IF([test "x$ENABLED_INTEL_QA" = "xyes"],
- [AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA -DDO_CRYPTO -DUSER_SPACE"; intelqa_opt=""],
- [AM_CPPFLAGS="$AM_CPPFLAGS -DHAVE_INTEL_QA_SYNC -DQAT_USE_POLLING_THREAD -DO_CRYPTO -DUSER_SPACE"; intelqa_opt="-sync"])
- OLD_LIBS="$LIBS"
- OLD_CPPFLAGS="$CPPFLAGS"
- AS_IF([test "x$QAT_DIR" = "xyes"],[AC_MSG_ERROR([need a PATH for --with-intelqa$intelqa_opt])])
- AM_CPPFLAGS="$AM_CPPFLAGS -I$QAT_DIR/quickassist/include -I$QAT_DIR/quickassist/include/lac -I$QAT_DIR/quickassist/utilities/osal/include \
- -I$QAT_DIR/quickassist/utilities/osal/src/linux/user_space/include -I$QAT_DIR/quickassist/lookaside/access_layer/include \
- -I$QAT_DIR/quickassist/lookaside/access_layer/src/common/include -I$srcdir/wolfssl -I$srcdir/wolfssl/wolfcrypt/port/intel \
- -I$QAT_DIR/quickassist/utilities/libusdm_drv"
- CPPFLAGS="$AM_CPPFLAGS"
- LDFLAGS="$LDFLAGS -L$QAT_DIR/build"
- LIBS="$LIBS -lqat_s -lusdm_drv_s"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
- AS_IF([test "x$intelqa_linked" = "xno"],
- [# Try old QAT driver libraries
- LIBS="$OLD_LIBS -licp_qa_al_s"
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cpa_cy_common.h"]],[[Cpa16U count = 0; cpaCyGetNumInstances(&count);]])],[intelqa_linked=yes],[intelqa_linked=no])
- AS_IF([test "x$intelqa_linked" = "xno"],
- [AC_MSG_ERROR([Intel QuickAssist not found. If it's already installed, specify its path using --with-intelqa$intelqa_opt=/dir/])],
- [BUILD_INTEL_QAT_VERSION=1])
- ])
- AC_MSG_RESULT([yes])
- AS_IF([test "x$BUILD_INTEL_QAT_VERSION" = "x1"],
- [LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD"],
- [LIB_ADD="-losal -lrt $LIB_ADD"])
- CPPFLAGS="$OLD_CPPFLAGS"
- ])
- ################################################################################
- # Single Precision option handling #
- ################################################################################
- ENABLED_SP_RSA=no
- ENABLED_SP_DH=no
- ENABLED_SP_FF_2048=no
- ENABLED_SP_FF_3072=no
- ENABLED_SP_FF_4096=no
- ENABLED_SP_ECC=no
- ENABLED_SP_EC_256=no
- ENABLED_SP_EC_384=no
- ENABLED_SP_EC_521=no
- ENABLED_SP_SAKKE_1024=$ENABLED_SAKKE
- ENABLED_SP_NO_MALLOC=no
- ENABLED_SP_NONBLOCK=no
- ENABLED_SP_SMALL=no
- for v in `echo $ENABLED_SP | tr "," " "`
- do
- case $v in
- small)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_2048=yes
- ENABLED_SP_FF_3072=yes
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_256=yes
- if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"; then
- ENABLED_SP_FF_4096=yes
- ENABLED_SP_EC_384=yes
- ENABLED_SP_EC_521=yes
- fi
- ;;
- smallfast)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_2048=yes
- ENABLED_SP_FF_3072=yes
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_256=yes
- if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"; then
- ENABLED_SP_FF_4096=yes
- ENABLED_SP_EC_384=yes
- ENABLED_SP_EC_521=yes
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_FAST_MODEXP"
- ;;
- yes)
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_2048=yes
- ENABLED_SP_FF_3072=yes
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_256=yes
- if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"; then
- ENABLED_SP_FF_4096=yes
- ENABLED_SP_EC_384=yes
- ENABLED_SP_EC_521=yes
- fi
- ;;
- no)
- ;;
- smallec256 | smallp256 | small256)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_256=yes
- ;;
- ec256 | p256 | 256)
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_256=yes
- ;;
- smallec384 | smallp384 | small384)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_384=yes
- ;;
- ec384 | p384 | 384)
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_384=yes
- ;;
- smallec521 | smallp521 | small521)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_521=yes
- ;;
- ec521 | p521 | 521)
- ENABLED_SP_ECC=yes
- ENABLED_SP_EC_521=yes
- ;;
- smallec1024 | smallp1024 | small1024)
- ENABLED_SP_ECC=yes
- ENABLED_SP_SMALL=yes
- ENABLED_SP_SAKKE_1024=yes
- ;;
- ec1024 | p1024 | 1024)
- ENABLED_SP_ECC=yes
- ENABLED_SP_SAKKE_1024=yes
- ;;
- small2048)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_2048=yes
- ;;
- 2048)
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_2048=yes
- ;;
- smallrsa2048)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_FF_2048=yes
- ;;
- rsa2048)
- ENABLED_SP_RSA=yes
- ENABLED_SP_FF_2048=yes
- ;;
- small3072)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_3072=yes
- ;;
- 3072)
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_3072=yes
- ;;
- smallrsa3072)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_FF_3072=yes
- ;;
- rsa3072)
- ENABLED_SP_RSA=yes
- ENABLED_SP_FF_3072=yes
- ;;
- small4096)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_4096=yes
- ;;
- 4096 | +4096)
- ENABLED_SP_RSA=yes
- ENABLED_SP_DH=yes
- ENABLED_SP_FF_4096=yes
- ;;
- smallrsa4096)
- ENABLED_SP_SMALL=yes
- ENABLED_SP_RSA=yes
- ENABLED_SP_FF_4096=yes
- ;;
- rsa4096)
- ENABLED_SP_RSA=yes
- ENABLED_SP_FF_4096=yes
- ;;
- nomalloc)
- ENABLED_SP_NO_MALLOC=yes
- ;;
- nonblock)
- # Requires small and no malloc
- ENABLED_SP_NONBLOCK=yes
- ENABLED_SP_NO_MALLOC=yes
- ENABLED_SP_SMALL=yes
- ;;
- asm)
- ENABLED_SP_ASM=yes
- ;;
- *)
- AC_MSG_ERROR([Invalid choice of Single Precision length in bits [256, 384, 521, 1024, 2048, 3072, 4096]: $ENABLED_SP.])
- break;;
- esac
- done
- ENABLED_SP=no
- if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
- ENABLED_SP=yes
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_RSA"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_RSA"
- fi
- if test "$ENABLED_DH" = "yes" && test "$ENABLED_SP_DH" = "yes"; then
- ENABLED_SP=yes
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_DH"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_DH"
- fi
- if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then
- if test "$ENABLED_SP_FF_2048" = "no"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_2048"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_2048"
- fi
- if test "$ENABLED_SP_FF_3072" = "no"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_3072"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_3072"
- fi
- if test "$ENABLED_SP_FF_4096" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_4096"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_4096"
- fi
- case $host_cpu in
- *x86_64* | *aarch64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE"
- ;;
- *)
- ;;
- esac
- fi
- if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then
- ENABLED_SP=yes
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SP_ECC"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SP_ECC"
- if test "$ENABLED_SP_EC_256" = "no"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_256"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_256"
- fi
- if test "$ENABLED_SP_EC_384" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC384 -DWOLFSSL_SP_384"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_384"
- fi
- if test "$ENABLED_SP_EC_521" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC521 -DWOLFSSL_SP_521"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_521"
- fi
- if test "$ENABLED_SP_SAKKE_1024" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_1024"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_1024"
- fi
- fi
- if test "$ENABLED_SP_SMALL" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
- fi
- if test "$ENABLED_SP_NO_MALLOC" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NO_MALLOC"
- fi
- if test "$ENABLED_SP_NONBLOCK" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NONBLOCK"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_NONBLOCK"
- fi
- # Check that we enable SP with RSA, DH or ECC.
- if test "$ENABLED_SP" = "no"; then
- # Didn't need SP, don't need SP_MATH.
- if test "$ENABLED_SP_MATH" = "yes"; then
- ENABLED_SP_MATH=no
- fi
- fi
- if test "$ENABLED_SP_MATH" = "yes"; then
- if test "$ENABLED_SP" = "no"; then
- AC_MSG_ERROR([Must have SP enabled with SP math: --enable-sp])
- fi
- if test "$ENABLED_ECCCUSTCURVES" = "yes"; then
- AC_MSG_ERROR([Cannot use single precision math and custom curves])
- fi
- if test "$ENABLED_DSA" = "yes"; then
- AC_MSG_ERROR([Cannot use single precision math and DSA])
- fi
- if test "$ENABLED_SRP" = "yes"; then
- AC_MSG_ERROR([Cannot use single precision math and SRP])
- fi
- if test "$ENABLED_SP_RSA" = "no" && test "$ENABLED_RSA" = "yes"; then
- AC_MSG_ERROR([Cannot use RSA single precision only math and RSA])
- fi
- if test "$ENABLED_SP_DH" = "no" && test "$ENABLED_DH" = "yes"; then
- AC_MSG_ERROR([Cannot use DH single precision only math and DH])
- fi
- ENABLED_FASTMATH="no"
- ENABLED_SLOWMATH="no"
- fi
- for v in `echo $ENABLED_SP_MATH_ALL | tr "," " "`
- do
- case $v in
- yes | no)
- ;;
- small)
- ENABLED_SP_MATH_ALL="yes"
- ENABLED_SP_SMALL="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_SMALL"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_SMALL"
- ;;
- huge)
- ENABLED_SP_MATH_ALL="yes"
- ENABLED_FASTHUGEMATH="yes"
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA"
- ;;
- 256 | 384 | 521 | 1024 | 2048 | 3072 | 4096)
- if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -o "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" -lt "$v"
- then
- DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS="$v"
- fi
- ENABLED_SP_MATH_ALL="yes"
- ;;
- nomalloc)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_NO_MALLOC"
- ENABLED_SP_MATH_ALL="yes"
- ;;
- *)
- AC_MSG_ERROR([Support SP int bit sizes: 256, 384, 521, 1024, 2048, 3072, 4096. $ENABLED_SP_MATH_ALL not supported])
- ;;
- esac
- done
- if test "$ENABLED_SP_MATH_ALL" = "yes"; then
- ENABLED_FASTMATH="no"
- ENABLED_SLOWMATH="no"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH_ALL"
- case $host_cpu in
- *x86_64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64"
- ;;
- *x86*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86"
- ;;
- *aarch64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64"
- ;;
- *arm*)
- if test $host_alias = "thumb"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB"
- else
- if test $host_alias = "cortex"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M"
- else
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32"
- fi
- fi
- ;;
- *ppc64* | *powerpc64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC64"
- ;;
- *ppc* | *powerpc*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_PPC"
- ;;
- *mips64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS64"
- ;;
- *mips*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MIPS"
- ;;
- *riscv32*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV32"
- ;;
- *riscv64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_RISCV64"
- ;;
- *s390x*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_S390X"
- ;;
- esac
- fi
- if test "$ENABLED_SP_ASM" = "yes" && test "$ENABLED_SP" = "yes"; then
- if test "$ENABLED_SP_NONBLOCK" = "yes"; then
- AC_MSG_ERROR([SP non-blocking not supported with sp-asm])
- fi
- if test "$ENABLED_ASM" = "no"; then
- AC_MSG_ERROR([Assembly code turned off])
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ASM"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ASM"
- case $host_cpu in
- *aarch64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM64_ASM"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM64_ASM"
- ENABLED_SP_ARM64_ASM=yes
- ;;
- *arm*)
- if test $host_alias = "thumb"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_THUMB_ASM"
- ENABLED_SP_ARM_THUMB_ASM=yes
- else
- if test $host_alias = "cortex"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM_CORTEX_M_ASM"
- ENABLED_SP_ARM_CORTEX_ASM=yes
- else
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_ARM32_ASM"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_ARM32_ASM"
- ENABLED_SP_ARM32_ASM=yes
- fi
- fi
- ;;
- *x86_64*|*amd64*)
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_X86_64_ASM"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_SP_X86_64_ASM"
- ENABLED_SP_X86_64_ASM=yes
- if test "x$ENABLED_FASTMATH" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD"
- fi
- ;;
- *)
- AC_MSG_ERROR([ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm])
- ;;
- esac
- fi
- if test "$ENABLED_SP_MATH" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_MATH"
- fi
- ################################################################################
- # End - Single Precision option handling #
- ################################################################################
- # Fast RSA using Intel IPP
- ippdir="${srcdir}/IPP"
- ipplib="lib" # if autoconf guesses 32bit system changes lib directory
- fastRSA_found=no
- abs_path=`pwd`
- # set up variables used
- IPPLIBS=
- IPPHEADERS=
- IPPLINK=
- AC_ARG_ENABLE([fast-rsa],
- [AS_HELP_STRING([--enable-fast-rsa],[Enable RSA using Intel IPP (default: disabled)])],
- [ ENABLED_FAST_RSA=$enableval ],
- [ ENABLED_FAST_RSA=no ],
- )
- # Fast RSA does not support RSA-PSS
- if test "$ENABLED_RSAPSS" = "yes"; then
- ENABLED_FAST_RSA=no
- fi
- if test "$ENABLED_USER_RSA" = "no" && test "$ENABLED_FIPS" = "no"; then
- if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
- ipplib="lib_32" # 32 bit OS detected
- fi
- # Use static IPP Libraries
- if test "$enable_shared" = "no" && test "$ENABLED_FAST_RSA" = "yes"; then
- case $host_os in
- *darwin*)
- ipplib="$ipplib/mac_static"
- AC_MSG_ERROR([Issue with static linking to libippcp.a on Mac.
- Dynamic IPP libraries supported on Mac])
- break;;
- *linux*)
- ipplib="$ipplib/linux_static"
- break;;
- *)
- ENABLED_FAST_RSA=no
- esac
- if test -e $srcdir/IPP/$ipplib/libippcore.a && test -e $srcdir/IPP/$ipplib/libippcp.a
- then
- :
- else
- ENABLED_FAST_RSA=no
- fi
- AC_CHECK_HEADERS([IPP/include/ipp.h IPP/include/ippcp.h], [AM_CPPFLAGS="-I$srcdir/IPP/include $AM_CPPFLAGS"], [ENABLED_FAST_RSA=no])
- LIB_STATIC_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_STATIC_ADD"
- if test "$ENABLED_FAST_RSA" = "no"; then
- AC_MSG_ERROR([Could not find fast rsa libraries])
- fi
- else
- # Check for and use bundled IPP libraries
- if test "$ENABLED_FAST_RSA" = "yes"; then
- AC_MSG_NOTICE([Using local IPP crypto library])
- AC_CHECK_HEADER([$abs_path/IPP/include/ippcp.h],
- [
- # build and default locations on linux and mac
- STORE_LDFLAGS=${LDFLAGS}
- STORE_CPPFLAGS=${CPPFLAGS}
- # using LDFLAGS instead of AM_ temporarily to test link to library
- LDFLAGS="-L$ippdir/$ipplib -lippcp -lippcore"
- CPPFLAGS="-I$ippdir/include"
- AC_CHECK_HEADERS([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15], [fastRSA_found=yes], [fastRSA_found=no])], [fastRSA_found=no])
- name="$ippdir/$ipplib/libippcp"
- case $host_os in
- *darwin*)
- # check file existence and conditionally set variables
- if test -e $abs_path/IPP/$ipplib/libippcp.dylib
- then
- IPPLIBS="${name}.dylib ${name}-9.0.dylib ${name}e9-9.0.dylib ${name}g9-9.0.dylib ${name}h9-9.0.dylib ${name}k0-9.0.dylib ${name}l9-9.0.dylib ${name}n8-9.0.dylib ${name}p8-9.0.dylib ${name}s8-9.0.dylib ${name}y8-9.0.dylib IPP/lib/libippcore.dylib IPP/lib/libippcore-9.0.dylib"
- IPPLINK="mkdir -p src/.libs && ln -f ${name}.dylib src/.libs/libippcp.dylib && ln -f ${srcdir}/${name}-9.0.dylib src/.libs/libippcp-9.0.dylib && ln -f ${srcdir}/${name}e9-9.0.dylib src/.libs/libippcpe9-9.0.dylib && ln -f ${srcdir}/${name}g9-9.0.dylib src/.libs/libippcpg9-9.0.dylib && ln -f ${srcdir}/${name}h9-9.0.dylib src/.libs/libippcph9-9.0.dylib && ln -f ${srcdir}/${name}k0-9.0.dylib src/.libs/libippcpk0-9.0.dylib && ln -f ${srcdir}/${name}l9-9.0.dylib src/.libs/libippcpl9-9.0.dylib && ln -f ${srcdir}/${name}n8-9.0.dylib src/.libs/libippcpn8-9.0.dylib && ln -f ${srcdir}/${name}p8-9.0.dylib src/.libs/libippcpp8-9.0.dylib && ln -f ${srcdir}/${name}s8-9.0.dylib src/.libs/libippcps8-9.0.dylib && ln -f ${srcdir}/${name}y8-9.0.dylib src/.libs/libippcpy8-9.0.dylib && ln -f ${srcdir}/IPP/lib/libippcore.dylib src/.libs/libippcore.dylib && ln -f ${srcdir}/IPP/lib/libippcore-9.0.dylib src/.libs/libippcore-9.0.dylib"
- else
- fastRSA_found=no
- fi
- break;;
- *linux*)
- # check file existence and conditionally set variables
- if test -e $abs_path/IPP/$ipplib/libippcp.so.9.0
- then
- if test "$ac_cv_sizeof_long" = "4" && test "$ac_cv_sizeof_long_long" = "8"; then
- IPPLIBS="${name}.so.9.0 ${name}g9.so.9.0 ${name}h9.so.9.0 ${name}p8.so.9.0 ${name}px.so.9.0 ${name}s8.so.9.0 ${name}.so ${name}w7.so.9.0 IPP/$ipplib/libippcore.so IPP/$ipplib/libippcore.so.9.0"
- IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}g9.so.9.0 src/.libs/libippcpg9.so.9.0 && ln -f ${name}h9.so.9.0 src/.libs/libippcph9.so.9.0 && ln -f ${name}p8.so.9.0 src/.libs/libippcpp8.so.9.0 && ln -f ${name}px.so.9.0 src/.libs/libippcppx.so.9.0 && ln -f ${name}s8.so.9.0 src/.libs/libippcps8.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}w7.so.9.0 src/.libs/libippcpw7.so.9.0 && ln -f IPP/$ipplib/libippcore.so src/.libs/libippcore.so && ln -f IPP/$ipplib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
- else
- IPPLIBS="${name}.so.9.0 ${name}e9.so.9.0 ${name}k0.so.9.0 ${name}l9.so.9.0 ${name}m7.so.9.0 ${name}mx.so.9.0 ${name}.so ${name}n8.so.9.0 ${name}y8.so.9.0 IPP/lib/libippcore.so IPP/lib/libippcore.so.9.0"
- IPPLINK="mkdir -p src/.libs && ln -f ${name}.so.9.0 src/.libs/libippcp.so.9.0 && ln -f ${name}e9.so.9.0 src/.libs/libippcpe9.so.9.0 && ln -f ${name}k0.so.9.0 src/.libs/libippcpk0.so.9.0 && ln -f ${name}l9.so.9.0 src/.libs/libippcpl9.so.9.0 && ln -f ${name}m7.so.9.0 src/.libs/libippcpm7.so.9.0 && ln -f ${name}mx.so.9.0 src/.libs/libippcpmx.so.9.0 && ln -f ${name}.so src/.libs/libippcp.so && ln -f ${name}n8.so.9.0 src/.libs/libippcpn8.so.9.0 && ln -f ${name}y8.so.9.0 src/.libs/libippcpy8.so.9.0 && ln -f IPP/lib/libippcore.so src/.libs/libippcore.so && ln -f IPP/lib/libippcore.so.9.0 src/.libs/libippcore.so.9.0"
- fi
- else
- fastRSA_found=no
- fi
- break;;
- *)
- fastRSA_found=no
- esac
- if test "$fastRSA_found" = "yes"; then
- # was succesfull so add tested LDFLAGS to AM_ flags
- AM_LDFLAGS="${AM_LDFLAGS} ${LDFLAGS}"
- AM_CPPFLAGS="${AM_CPPFLAGS} ${CPPFLAGS}"
- IPPHEADERS="${srcdir}/IPP/include/*.h"
- fi
- # restore LDFLAGS to user set
- LDFLAGS=${STORE_LDFLAGS}
- CPPFLAGS=${STORE_CPPFLAGS}
- ], [fastRSA_found=no])
- fi
- # Don't cache the result so it can be checked
- AS_UNSET([ac_cv_header_ippcp_h])
- AS_UNSET([ac_cv_header_ipp_h])
- AS_UNSET([ac_cv_lib_ippcp_ippsRSAEncrypt_PKCSv15]);
- # Check link and see if user has pre-existing IPP Libraries if not using local
- if test "$ENABLED_FAST_RSA" = "yes" && test "$fastRSA_found" = "no"; then
- AC_MSG_NOTICE([Checking if IPP crypto library installed])
- AC_CHECK_HEADER([ippcp.h], [AC_CHECK_LIB([ippcp], [ippsRSAEncrypt_PKCSv15],
- [
- fastRSA_found=yes
- AM_LDFLAGS="${AM_LDFLAGS} -lippcore -lippcp"
- ], [ fastRSA_found=no])
- ], [fastRSA_found=no])
- # Error out on not finding libraries
- if test "$fastRSA_found" = "no"; then
- AC_MSG_ERROR([Could not find fast rsa libraries])
- fi
- fi
- fi # end of if for shared library
- else # if user rsa is set than do not use fast rsa option
- if test "$ENABLED_FAST_RSA" = "yes"; then
- AC_MSG_ERROR([Could not use fast rsa libraries with user crypto or fips])
- fi
- fi # end of if for user rsa crypto or fips
- # End result of checking for IPP Libraries
- AC_MSG_CHECKING([for fast RSA])
- if test "$ENABLED_FAST_RSA" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_FAST_RSA -DHAVE_USER_RSA"
- # add in user crypto header that uses Intel IPP
- AM_CPPFLAGS="$AM_CPPFLAGS -I$srcdir/wolfcrypt/user-crypto/include"
- if test "$enable_shared" = "yes"; then
- LIBS="$LIBS -lippcore -lippcp"
- LIB_ADD="-lippcp -lippcore $LIB_ADD"
- else
- LIB_ADD="$srcdir/IPP/$ipplib/libippcp.a $srcdir/IPP/$ipplib/libippcore.a $LIB_ADD"
- fi
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- fi
- AC_SUBST([IPPLIBS])
- AC_SUBST([IPPHEADERS])
- AC_SUBST([IPPLINK])
- # static memory use
- AC_ARG_ENABLE([staticmemory],
- [AS_HELP_STRING([--enable-staticmemory],[Enable static memory use (default: disabled)])],
- [ ENABLED_STATICMEMORY=$enableval ],
- [ ENABLED_STATICMEMORY=no ]
- )
- if test "x$ENABLED_STATICMEMORY" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY"
- if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_SMALL"
- fi
- fi
- # microchip api
- AC_ARG_ENABLE([mcapi],
- [AS_HELP_STRING([--enable-mcapi],[Enable Microchip API (default: disabled)])],
- [ ENABLED_MCAPI=$enableval ],
- [ ENABLED_MCAPI=no ]
- )
- if test "$ENABLED_MCAPI" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_MCAPI"
- if test "x$ENABLED_AESCTR" != "xyes"
- then
- # These flags are already implied by --enable-aesctr
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"
- fi
- if test "x$ENABLED_AESGCM" != "xyes" && test "x$ENABLED_AESGCM" != "xno"
- then
- # Use the smaller object size implementation
- ENABLED_AESGCM=yes
- fi
- fi
- if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_SHA512" = "no"
- then
- AC_MSG_ERROR([please enable sha512 if enabling mcapi.])
- fi
- if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_ECC" = "no"
- then
- AC_MSG_ERROR([please enable ecc if enabling mcapi.])
- fi
- if test "$ENABLED_MCAPI" = "yes" && test "$ENABLED_LIBZ" = "no"
- then
- AC_MSG_ERROR([please use --with-libz if enabling mcapi.])
- fi
- # Asynchronous Crypto
- AC_ARG_ENABLE([asynccrypt],
- [AS_HELP_STRING([--enable-asynccrypt],[Enable Asynchronous Crypto (default: disabled)])],
- [ ENABLED_ASYNCCRYPT=$enableval ],
- [ ENABLED_ASYNCCRYPT=no ]
- )
- if test "$ENABLED_ASYNCCRYPT" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT -DWOLFSSL_NO_HASH_RAW"
- # if no async hardware then use simulator for testing
- if test "x$ENABLED_CAVIUM" = "xno" && test "x$ENABLED_INTEL_QA" = "xno"
- then
- # Async threading is Linux specific
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT_TEST"
- fi
- fi
- # check for async if using Intel QuckAssist or Cavium
- if test "x$ENABLED_INTEL_QA" = "xyes" || test "x$ENABLED_CAVIUM" = "xyes" ; then
- if test "x$ENABLED_ASYNCCRYPT" = "xno" ; then
- AC_MSG_ERROR([Please enable asynchronous support using --enable-asynccrypt])
- fi
- fi
- # Asynchronous threading
- AC_ARG_ENABLE([asyncthreads],
- [AS_HELP_STRING([--enable-asyncthreads],[Enable Asynchronous Threading (default: enabled)])],
- [ ENABLED_ASYNCTHREADS=$enableval ],
- [ ENABLED_ASYNCTHREADS=yes ]
- )
- if test "$ENABLED_ASYNCCRYPT" = "yes" && test "$ENABLED_ASYNCTHREADS" = "yes"
- then
- AX_PTHREAD([ENABLED_ASYNCTHREADS=yes],[ENABLED_ASYNCTHREADS=no])
- else
- ENABLED_ASYNCTHREADS=no
- fi
- if test "$ENABLED_ASYNCTHREADS" = "yes"
- then
- LIB_ADD="-lpthread $LIB_ADD"
- AM_CFLAGS="$AM_CFLAGS -D_GNU_SOURCE"
- else
- AM_CFLAGS="$AM_CFLAGS -DWC_NO_ASYNC_THREADING"
- fi
- # cryptodev is old name, replaced with cryptocb
- AC_ARG_ENABLE([cryptodev],
- [AS_HELP_STRING([--enable-cryptodev],[DEPRECATED, use cryptocb instead])],
- [ ENABLED_CRYPTOCB=$enableval ],[ ENABLED_CRYPTOCB=no ])
- # Support for crypto callbacks
- AC_ARG_ENABLE([cryptocb],
- [AS_HELP_STRING([--enable-cryptocb],[Enable crypto callbacks (default: disabled)])],
- [ ENABLED_CRYPTOCB=$enableval ],
- [ ENABLED_CRYPTOCB=no ]
- )
- if test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_WOLFTPM" = "xyes" || test "$ENABLED_CAAM" = "qnx" || test "$ENABLED_CAAM" = "seco"
- then
- ENABLED_CRYPTOCB=yes
- fi
- if test "$ENABLED_CRYPTOCB" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_CB"
- fi
- # Session Export
- AC_ARG_ENABLE([sessionexport],
- [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])],
- [ ENABLED_SESSIONEXPORT=$enableval ],
- [ ENABLED_SESSIONEXPORT=no ]
- )
- if test "$ENABLED_SESSIONEXPORT" = "yes" ||
- test "$ENABLED_SESSIONEXPORT" = "nopeer"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT"
- if test "$ENABLED_SESSIONEXPORT" = "nopeer"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SESSION_EXPORT_NOPEER"
- fi
- fi
- # AES key wrap
- AC_ARG_ENABLE([aeskeywrap],
- [AS_HELP_STRING([--enable-aeskeywrap],[Enable AES key wrap support (default: disabled)])],
- [ ENABLED_AESKEYWRAP=$enableval ],
- [ ENABLED_AESKEYWRAP=no ]
- )
- if test "$ENABLED_WPAS" != "no" && test "$ENABLED_FIPS" = "no"
- then
- ENABLED_AESKEYWRAP="yes"
- fi
- if test "$ENABLED_AESKEYWRAP" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
- fi
- # Old name support for backwards compatibility
- AC_ARG_ENABLE([oldnames],
- [AS_HELP_STRING([--enable-oldnames],[Keep backwards compat with old names (default: enabled)])],
- [ ENABLED_OLDNAMES=$enableval ],
- [ ENABLED_OLDNAMES=yes ]
- )
- if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA_NAMES -DNO_OLD_MD5_NAME"
- fi
- # Memory Tests
- AC_ARG_ENABLE([memtest],
- [AS_HELP_STRING([--enable-memtest],[Memory testing option, for internal use (default: disabled)])],
- [ ENABLED_MEMTEST=$enableval ],
- [ ENABLED_MEMTEST=no ]
- )
- if test "x$ENABLED_MEMTEST" != "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"
- fi
- if test "x$ENABLED_MEMTEST" = "xfail"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FORCE_MALLOC_FAIL_TEST"
- fi
- # Enable hash flags support
- # Hash flags are useful for runtime options such as SHA3 KECCAK256 selection
- AC_ARG_ENABLE([hashflags],
- [AS_HELP_STRING([--enable-hashflags],[Enable support for hash flags (default: disabled)])],
- [ ENABLED_HASHFLAGS=$enableval ],
- [ ENABLED_HASHFLAGS=no ]
- )
- if test "x$ENABLED_HASHFLAGS" != "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HASH_FLAGS"
- fi
- # Support for enabling setting default DH parameters in
- AC_ARG_ENABLE([defaultdhparams],
- [AS_HELP_STRING([--enable-dhdefaultparams],[Enables option for default dh parameters (default: disabled)])],
- [ ENABLED_DHDEFAULTPARAMS=$enableval ],
- [ ENABLED_DHDEFAULTPARAMS=no ]
- )
- if test "$ENABLED_DHDEFAULTPARAMS" = "yes" || test "$ENABLED_QT" = "no"
- then
- ENABLED_DHDEFAULTPARAMS=yes
- AM_CFLAGS="$AM_CFLAGS -DHAVE_DH_DEFAULT_PARAMS"
- fi
- AC_ARG_WITH([max-rsa-bits],
- [AS_HELP_STRING([--with-max-rsa-bits=number],[number of bits to support for RSA, DH, and DSA keys])],
- [WITH_MAX_CLASSIC_ASYM_KEY_BITS=$withval],
- [WITH_MAX_CLASSIC_ASYM_KEY_BITS="$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS"])
- if test -n "$WITH_MAX_CLASSIC_ASYM_KEY_BITS"; then
- if test "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -lt 1024 -o "$WITH_MAX_CLASSIC_ASYM_KEY_BITS" -gt 16384; then
- AC_MSG_ERROR([--with-max-rsa-bits argument must be between 1024 and 16384 inclusive])
- fi
- if test "$ENABLED_FIPS" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DRSA_MAX_SIZE=$WITH_MAX_CLASSIC_ASYM_KEY_BITS"
- fi
- MPI_MAX_KEY_BITS=$WITH_MAX_CLASSIC_ASYM_KEY_BITS
- fi
- AC_ARG_WITH([max-ecc-bits],
- [AS_HELP_STRING([--with-max-ecc-bits=number],[number of bits to support for ECC algorithms])],
- [WITH_MAX_ECC_BITS=$withval],
- [WITH_MAX_ECC_BITS="$DEFAULT_MAX_ECC_BITS"])
- if test -n "$WITH_MAX_ECC_BITS"; then
- if test "$WITH_MAX_ECC_BITS" -lt 112 -o "$WITH_MAX_ECC_BITS" -gt 1024; then
- AC_MSG_ERROR([--with-max-ecc-bits argument must be between 112 and 1024 inclusive])
- fi
- AM_CFLAGS="$AM_CFLAGS -DMAX_ECC_BITS=$WITH_MAX_ECC_BITS"
- fi
- if test -n "$MPI_MAX_KEY_BITS" -o -n "$WITH_MAX_ECC_BITS"; then
- if test -n "$MAX_MPI_KEY_BITS" -a -n "$WITH_MAX_ECC_BITS"; then
- if test -n "$MAX_MPI_KEY_BITS" -lt "$WITH_MAX_ECC_BITS"; then
- MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
- fi
- elif test -n "$WITH_MAX_ECC_BITS"; then
- MPI_MAX_KEY_BITS="$WITH_MAX_ECC_BITS"
- fi
- if test "$MPI_MAX_KEY_BITS" -gt 1024; then
- AM_CFLAGS="$AM_CFLAGS -DFP_MAX_BITS=$((MPI_MAX_KEY_BITS * 2)) -DSP_INT_BITS=$MPI_MAX_KEY_BITS"
- fi
- fi
- AC_ARG_ENABLE([context-extra-user-data],
- [AS_HELP_STRING([--enable-context-extra-user-data],[Enables option for storing user-defined data in TLS API contexts, with optional argument the number of slots to allocate (default: disabled)])],
- [ ENABLED_EX_DATA=$enableval ],
- [ ENABLED_EX_DATA=no ]
- )
- case "$ENABLED_EX_DATA" in
- no) ;;
- yes) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
- ;;
- [[1-9]]|[[1-9]][[0-9]]) AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA -DMAX_EX_DATA=$ENABLED_EX_DATA"
- ;;
- *) AC_MSG_ERROR([Invalid argument to --enable-context-extra-user-data -- must be yes, no, or a number from 1 to 99])
- ;;
- esac
- # IoT-Safe support
- AC_ARG_ENABLE([iotsafe],
- [AS_HELP_STRING([--enable-iotsafe],[Enables support for IoT-Safe secure applet (default: disabled)])],
- [ ENABLED_IOTSAFE=$enableval ],
- [ ENABLED_IOTSAFE=no ]
- )
- AC_ARG_ENABLE([iotsafe-hwrng],
- [AS_HELP_STRING([--enable-iotsafe-hwrng],[Enables support for IoT-Safe RNG (default: disabled)])],
- [ ENABLED_IOTSAFE_HWRNG=$enableval ],
- [ ENABLED_IOTSAFE_HWRNG=no ]
- )
- # Make clean
- AC_ARG_ENABLE([makeclean],
- [AS_HELP_STRING([--enable-makeclean], [Enables forced "make clean" at the
- end of configure (default: enabled)])],
- [ ENABLED_MAKECLEAN=$enableval ],
- [ ENABLED_MAKECLEAN=yes ]
- )
- # User Settings
- AC_ARG_ENABLE([usersettings],
- [AS_HELP_STRING([--enable-usersettings],[Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)])],
- [ ENABLED_USERSETTINGS=$enableval ],
- [ ENABLED_USERSETTINGS=no ]
- )
- # Default optimization CFLAGS enable
- AC_ARG_ENABLE([optflags],
- [AS_HELP_STRING([--enable-optflags],[Enable default optimization CFLAGS for the compiler (default: enabled)])],
- [ ENABLED_OPTFLAGS=$enableval ],
- [ ENABLED_OPTFLAGS=yes ]
- )
- # check if should run the trusted peer certs test
- # (for now checking both C_FLAGS and C_EXTRA_FLAGS)
- AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
- AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
- [ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes])
- if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
- AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
- ENABLED_TRUSTED_PEER_CERT=yes
- fi
- # dertermine if we have key validation mechanism
- if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes"
- then
- if test "x$ENABLED_ASN" = "xyes"
- then
- ENABLED_PKI="yes"
- fi
- fi
- # When building for wolfRand, strip out all options to disable everything.
- AS_IF([test "x$ENABLED_FIPS" = "xyes" && test "x$FIPS_VERSION" = "xrand"],
- [NEW_AM_CFLAGS="-DNO_AES -DNO_DH -DNO_ASN -DNO_RSA -DNO_SHA -DNO_MD5 -DNO_BIG_INT"
- for v in $AM_CFLAGS
- do
- case $v in
- -DHAVE_FFDHE_2048 | -DTFM_TIMING_RESISTANT | -DECC_TIMING_RESISTANT | \
- -DWC_RSA_BLINDING | -DHAVE_AESGCM | -DWOLFSSL_SHA512 | -DWOLFSSL_SHA384 | \
- -DHAVE_ECC | -DTFM_ECC256 | -DECC_SHAMIR | -DHAVE_TLS_EXTENSIONS | \
- -DHAVE_SUPPORTED_CURVES | -DHAVE_EXTENDED_MASTER | -DUSE_FAST_MATH | \
- -DWOLFSSL_SHA3)
- AS_ECHO(["ignoring $v"])
- ;;
- *)
- NEW_AM_CFLAGS="$NEW_AM_CFLAGS $v"
- ;;
- esac
- done
- AM_CFLAGS=$NEW_AM_CFLAGS])
- case $host_cpu in
- *arm*)
- if test $host_alias = "thumb"; then
- AM_CFLAGS="$AM_CFLAGS -mthumb -march=armv6"
- else
- if test $host_alias = "cortex"; then
- AM_CFLAGS="$AM_CFLAGS -mcpu=cortex-r5"
- fi
- fi
- ;;
- esac
- ################################################################################
- # Update ENABLE_* variables #
- ################################################################################
- if test "x$ENABLED_WOLFCLU" = "xyes"
- then
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- fi
- if test "x$ENABLED_CERTREQ" = "xno"
- then
- ENABLED_CERTREQ="yes"
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- fi
- # Requires md5
- if test "$ENABLED_MD5" = "no"
- then
- ENABLED_MD5="yes"
- fi
- # Requires aesctr
- if test "x$ENABLED_AESCTR" = "xno"
- then
- ENABLED_AESCTR="yes"
- fi
- # Uses key generation
- if test "x$ENABLED_KEYGEN" = "xno"
- then
- ENABLED_KEYGEN="yes"
- fi
- # Uses functions guarded by opensslall
- if test "$ENABLED_OPENSSLALL" = "no"
- then
- ENABLED_OPENSSLALL="yes"
- fi
- # Has option for signing with ED25519
- if test "$ENABLED_ED25519" = "no"
- then
- ENABLED_ED25519=yes
- ENABLED_FEMATH=yes
- ENABLED_GEMATH=yes
- ENABLED_CERTS=yes
- fi
- # Has sha512 hashing
- if test "$ENABLED_SHA512" = "no"
- then
- ENABLED_SHA512="yes"
- fi
- # Has support for DES3 encrypt/decrypt
- if test "$ENABLED_DES3" = "no"
- then
- ENABLED_DES3="yes"
- fi
- # Uses alt name
- ENABLED_ALTNAMES="yes"
- fi
- if test "$ENABLED_STRONGSWAN" = "yes"; then
- if test "$ENABLED_CERTREQ" = "no"; then
- ENABLED_CERTREQ="yes"
- fi
- if test "$ENABLED_OCSP" = "no"; then
- ENABLED_OCSP="yes"
- fi
- fi
- AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
- [AS_IF([test "x$ENABLED_DES3" = "xno"],[ENABLED_DES3="yes"])])
- if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
- test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || \
- test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || \
- test "$ENABLED_OPENSSLALL" = "yes" || \
- test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
- test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
- test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes"
- then
- ENABLED_OPENSSLEXTRA="yes"
- fi
- if test "$ENABLED_ED25519" != "no" && test "$ENABLED_32BIT" = "no"
- then
- if test "$ENABLED_ED25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
- then
- ENABLED_ED25519_SMALL=yes
- ENABLED_CURVE25519_SMALL=yes
- ENABLED_ED25519=yes
- fi
- ENABLED_FEMATH=yes
- ENABLED_GEMATH=yes
- ENABLED_CERTS=yes
- fi
- if test "$ENABLED_MD5" = "yes"
- then
- # turn off MD5 if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- ENABLED_MD5=no
- fi
- fi
- ################################################################################
- # Check for build-type conflicts #
- ################################################################################
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
- test "x$ENABLED_LEANPSK" = "xyes"],
- [AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])])
- AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
- test "x$ENABLED_ASN" = "xno"],
- [AC_MSG_ERROR([please enable asn if enabling ocsp.])])
- AS_IF([test "x$ENABLED_SMIME" = "xyes" && \
- test "x$ENABLED_ASN" = "xno"],
- [AC_MSG_ERROR([please enable asn if enabling S/MIME.])])
- AS_IF([test "x$ENABLED_OCSP" = "xyes" && \
- test "x$ENABLED_RSA" = "xno" && \
- test "x$ENABLED_ECC" = "xno"],
- [AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])])
- # Sync Intel QA and Sync Cavium Octeon require the crypto callback
- AS_IF([test "x$ENABLED_INTEL_QA_SYNC" = "xyes" || test "x$ENABLED_OCTEON_SYNC" = "xyes"],
- [AS_IF([test "x$ENABLED_CRYPTOCB" = "xno"],
- [AC_MSG_ERROR([please enable the crypto callback support using --enable-cryptocb])])])
- # checks for pkcs7 needed enables
- AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
- test "x$ENABLED_RSA" = "xno" && \
- test "x$ENABLED_ECC" = "xno"],
- [AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])
- AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
- test "x$ENABLED_SHA" = "xno"],
- [AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
- AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
- test "x$ENABLED_AES" = "xno" && \
- test "x$ENABLED_DES3" = "xno"],
- [AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
- AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
- test "x$ENABLED_AES" = "xno" && \
- test "x$ENABLED_DES3" = "xno"],
- [AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
- AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
- test "x$ENABLED_ECC" = "xno"],
- [AC_MSG_ERROR([please enable ecc if enabling leantls.])])
- AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
- test "x$ENABLED_RSA" = "xno" && \
- test "x$ENABLED_ECC" = "xno" && \
- test "x$ENABLED_CURVE25519" = "xno"],
- [AC_MSG_ERROR([please enable ecc, rsa or curve25519 if enabling sniffer.])])
- # Lean TLS forces off prereqs of SCEP.
- AS_IF([test "x$ENABLED_SCEP" = "xyes" && \
- test "x$ENABLED_LEANTLS" = "xyes"],
- [AC_MSG_ERROR([Cannot use SCEP and Lean TLS at the same time.])])
- # CMAC currently requires AES.
- AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
- test "x$ENABLED_AES" = "xno"],
- [AC_MSG_ERROR([cannot use CMAC without AES.])])
- # certreq requires certgen
- AS_IF([test "x$ENABLED_CERT_REQ" = "xyes" && \
- test "x$ENABLED_CERT_GEN" = "xno"],
- [AC_MSG_ERROR([cannot use certreq without certgen.])])
- # ed25519 requires sha512
- AS_IF([test "x$ENABLED_ED25519" = "xyes" && \
- test "x$ENABLED_SHA512" = "xno" && \
- test "x$ENABLED_32BIT" = "xno"],
- [AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])])
- # ed25519 stream requires ed25519
- AS_IF([test "x$ENABLED_ED25519_STREAM" = "xyes" && \
- test "x$ENABLED_ED25519" = "xno"],
- [AC_MSG_ERROR([ED25519 verify streaming enabled but ED25519 is disabled])])
- # Ensure only one size is enabled
- AS_IF([test "x$ENABLED_64BIT" = "xyes" && \
- test "x$ENABLED_32BIT" = "xyes"],
- [AC_MSG_ERROR([cannot specify 64-bit build and 32-bit build.])])
- AS_IF([test "x$ENABLED_64BIT" = "xyes" && \
- test "x$ENABLED_16BIT" = "xyes"],
- [AC_MSG_ERROR([cannot specify 64-bit build and 16-bit build.])])
- AS_IF([test "x$ENABLED_32BIT" = "xyes" && \
- test "x$ENABLED_16BIT" = "xyes"],
- [AC_MSG_ERROR([cannot specify 32-bit build and 16-bit build.])])
- # 16-bit build not supported with SP
- AS_IF([test "x$ENABLED_16BIT" = "xyes" && \
- test "x$ENABLED_SP" = "xyes"],
- [AC_MSG_ERROR([16-bit build not available with SP.])])
- ################################################################################
- # Update CFLAGS based on options #
- ################################################################################
- AS_IF([test "x$ENABLED_ALTNAMES" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_NAMES"])
- AS_IF([test "x$ENABLED_KEYGEN" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
- AS_IF([test "x$ENABLED_CERTREQ" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"])
- AS_IF([test "x$ENABLED_CERTGEN" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"])
- AS_IF([test "x$ENABLED_CERTEXT" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"])
- AS_IF([test "x$ENABLED_ED25519" = "xyes" && test "x$ENABLED_32BIT" = "xno"],
- [AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"])
- AS_IF([test "x$ENABLED_ED25519_SMALL" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DED25519_SMALL"])
- AS_IF([test "x$ENABLED_OCSP" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"])
- AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DES_ECB -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA"])
- if test "$ENABLED_ED25519_STREAM" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
- fi
- if test "$ENABLED_ERROR_QUEUE" = "no" || test "$ENABLED_JNI" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_ERROR_QUEUE"
- fi
- AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_TICKET_HAVE_ID -DWOLFSSL_ERROR_CODE_OPENSSL"])
- AS_IF([test "x$ENABLED_AESSIV" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_SIV"])
- AS_IF([test "x$ENABLED_AESCTR" = "xyes" && test "x$ENABLED_FORTRESS" != "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"])
- if test "$ENABLED_MD5" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_MD5 -DNO_OLD_TLS"
- fi
- if test "$ENABLED_HMAC" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_HMAC"
- fi
- if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AKID_NAME -DHAVE_CTS"
- fi
- if test "$ENABLED_OPENSSLEXTRA" = "x509small"
- then
- AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra])
- AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OPENSSL_RAND_CB"
- fi
- if test "$ENABLED_WOLFSCEP" = "yes"
- then
- # Enable prereqs if not already enabled
- if test "x$ENABLED_KEYGEN" = "xno"
- then
- ENABLED_KEYGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
- fi
- if test "x$ENABLED_CERTGEN" = "xno"
- then
- ENABLED_CERTGEN="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN"
- fi
- if test "x$ENABLED_CERTREQ" = "xno"
- then
- ENABLED_CERTREQ="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_REQ"
- fi
- if test "x$ENABLED_CERTEXT" = "xno"
- then
- ENABLED_CERTEXT="yes"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
- fi
- if test "x$ENABLED_PKCS7" = "xno"
- then
- ENABLED_PKCS7="yes"
- fi
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_WOLFSCEP"
- fi
- if test "x$ENABLED_PKCS7" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS7"
- # Enable prereqs if not already enabled
- if test "x$ENABLED_AESKEYWRAP" = "xno"
- then
- ENABLED_AESKEYWRAP="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_KEYWRAP -DWOLFSSL_AES_DIRECT"
- fi
- if test "x$ENABLED_X963KDF" = "xno" && test "$ENABLED_ECC" != "no"
- then
- ENABLED_X963KDF="yes"
- AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF"
- fi
- fi
- if test "x$ENABLED_DES3" = "xno"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
- else
- # turn off DES3 if leanpsk or leantls on
- if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DNO_DES3"
- ENABLED_DES3=no
- fi
- fi
- if test "$ENABLED_AESGCM" != "no"
- then
- if test "$ENABLED_AESGCM" = "word"
- then
- ENABLED_AESGCM=yes
- fi
- if test "$ENABLED_AESGCM" = "word32"
- then
- AM_CFLAGS="$AM_CFLAGS -DGCM_WORD32"
- ENABLED_AESGCM=yes
- fi
- if test "$ENABLED_AESGCM" = "small" || test "$ENABLED_LOWRESOURCE" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DGCM_SMALL"
- ENABLED_AESGCM=yes
- fi
- if test "$ENABLED_AESGCM" = "table"
- then
- AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE"
- ENABLED_AESGCM=yes
- fi
- if test "$ENABLED_AESGCM" = "4bit"
- then
- AM_CFLAGS="$AM_CFLAGS -DGCM_TABLE_4BIT"
- ENABLED_AESGCM=yes
- fi
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AESGCM"
- fi
- if test "$ENABLED_AESGCM_STREAM" != "no"
- then
- if test "$ENABLED_AESGCM" = "no"
- then
- AC_MSG_ERROR([AES-GCM streaming enabled but AES-GCM is disabled])
- else
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM"
- fi
- fi
- if test "$ENABLED_IOTSAFE" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IOTSAFE"
- ENABLED_IOTSAFE=yes
- fi
- if test "$ENABLED_IOTSAFE_HWRNG" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_IOTSAFE_HWRNG"
- ENABLED_IOTSAFE_HWRNG=yes
- fi
- if test "x$ENABLED_WOLFENGINE" = "xyes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_ECB"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT"
- AM_CFLAGS="$AM_CFLAGS -DWC_RSA_NO_PADDING"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
- AM_CFLAGS="$AM_CFLAGS -DECC_MIN_KEY_SZ=192"
- fi
- if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" != "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DSha3=wc_Sha3"
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES"
- AM_CFLAGS="$AM_CFLAGS -DNO_OLD_MD5_NAME"
- fi
- if test "$ENABLED_WOLFENGINE" = "yes" && test "$ENABLED_FIPS" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_LONG_SALT"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PSS_SALT_LEN_DISCOVER"
- fi
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH -DWOLFSSL_CIPHER_TEXT_CHECK"])
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
- test "x$ENABLED_OLD_TLS" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DNO_OLD_TLS"
- ENABLED_OLD_TLS=no])
- AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
- test "x$ENABLED_SSLV3" = "xyes"],
- [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])])
- AS_IF([test "x$ENABLED_SCTP" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SCTP"])
- AS_IF([test "x$ENABLED_SRTP" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SRTP"])
- AS_IF([test "x$ENABLED_MCAST" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTICAST"])
- # WOLFSSL_AFALG does not support SHA224 yet
- AS_IF([(test "x$ENABLED_AFALG" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")],
- [AC_MSG_ERROR([--enable-sha224 with --enable-afalg not yet supported])])
- # WOLFSSL_DEVCRYPTO does not support SHA224 yet
- AS_IF([(test "x$ENABLED_DEVCRYPTO" = "xyes") && \
- (test "x$ENABLED_CAAM" = "xno") && \
- (test "x$ENABLED_SHA224" = "xyes")],
- [AC_MSG_ERROR([--enable-sha224 with --enable-devcrypto not yet supported])])
- # SCTP, Multicast, SRTP, and strongSwan require DTLS
- AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
- (test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes" || \
- test "x$ENABLED_SRTP" = "xyes" || \
- test "x$ENABLED_STRONGSWAN" = "xyes")],
- [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS"
- ENABLED_DTLS=yes])
- # Multicast requires the null cipher
- AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \
- test "x$ENABLED_MCAST" = "xyes"],
- [AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER"
- ENABLED_NULL_CIPHER=yes])
- # wolfSSH and WPA Supplicant both need Public MP, only enable once.
- # This will let you know if you enabled wolfSSH but have any of the prereqs
- # disabled. Some of these options, disabling them adds things to the FLAGS and
- # you need to check and add items in two places depending on the option.
- AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"])])
- if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then
- if test "x$ENABLED_OPENSSLALL" = "xyes"; then
- AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslall])
- fi
- if test "x$ENABLED_OPENSSLEXTRA" = "xyes"; then
- AC_MSG_ERROR([Cannot use --enable-opensslcoexist with --enable-opensslextra])
- fi
- fi
- AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_WOLFSSH"])
- if test "x$ENABLED_CERTS" = "xno" || test "x$ENABLED_LEANPSK" = "xyes" || test "x$ENABLED_ASN" = "xno"; then
- AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_CERTS"
- ENABLED_ASN=no
- fi
- # only allow secure renegotiation info with TLSV12 and ASN
- if test "x$ENABLED_ASN" = "xno" || \
- test "x$ENABLED_TLSV12" = "xno" || \
- test "x$ENABLED_RENEGOTIATION_INDICATION" = "xyes"; then
- ENABLED_SECURE_RENEGOTIATION_INFO="no"
- fi
- if test "x$ENABLED_SECURE_RENEGOTIATION_INFO" = "xyes"; then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SERVER_RENEGOTIATION_INFO"
- fi
- # Depricated Algorithm Handling
- if test "$ENABLED_ARC4" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_RC4"
- fi
- ################################################################################
- # USER SETTINGS
- if test "x$ENABLED_USERSETTINGS" = "xyes"
- then
- # Replace all options and just use WOLFSSL_USER_SETTINGS
- AM_CFLAGS="-DWOLFSSL_USER_SETTINGS"
- AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_USER_SETTINGS"
- fi
- # OPTIMIZE FLAGS
- # For distro disable custom build options that interfere with symbol generation
- if test "$GCC" = "yes" && test "$ENABLED_DISTRO" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS -Wall -Wno-unused"
- if test "$ax_enable_debug" = "no"
- then
- AS_IF([test "x$ENABLED_OPTFLAGS" = "xyes"], [
- if test "$ENABLED_FASTMATH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
- if test "$ENABLED_FASTHUGEMATH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
- fi
- else
- if (test "$ENABLED_SP" = "yes" || test "$ENABLED_SP_MATH_ALL" = "yes") && test "$ENABLED_SP_SMALL" = "no"
- then
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_FAST_CFLAGS"
- if test "$ENABLED_FASTHUGEMATH" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_HUGE_CFLAGS"
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_INT_LARGE_COMBA"
- fi
- else
- AM_CFLAGS="$AM_CFLAGS $OPTIMIZE_CFLAGS"
- fi
- fi
- ])
- fi
- fi
- # ICC command line warning for non supported warning flags
- if test "$CC" = "icc"
- then
- AM_CFLAGS="$AM_CFLAGS -wd10006"
- fi
- # Expose HAVE___UINT128_T to options flags"
- if test "$ac_cv_type___uint128_t" = "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE___UINT128_T=1"
- fi
- LIB_SOCKET_NSL
- AX_HARDEN_CC_COMPILER_FLAGS
- # if mingw then link to ws2_32 for sockets
- case $host_os in
- mingw*)
- LDFLAGS="$LDFLAGS -lws2_32"
- if test "$enable_shared" = "yes"
- then
- AC_DEFINE([WOLFSSL_DLL], [1], [Use __declspec(dllexport) when building library])
- if test "$enable_static" = "yes"
- then
- MINGW_LIB_WARNING="yes"
- fi
- fi ;;
- esac
- if test "$enable_shared" = "no"; then
- if test "$enable_static" = "yes"; then
- AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TEST_STATIC_BUILD"
- fi
- fi
- if test "x$ENABLED_LINUXKM" = "xyes"; then
- AX_SIMD_CC_COMPILER_FLAGS
- AC_SUBST([CFLAGS_FPU_DISABLE])
- AC_SUBST([CFLAGS_FPU_ENABLE])
- AC_SUBST([CFLAGS_SIMD_DISABLE])
- AC_SUBST([CFLAGS_SIMD_ENABLE])
- AC_SUBST([CFLAGS_AUTO_VECTORIZE_DISABLE])
- AC_SUBST([CFLAGS_AUTO_VECTORIZE_ENABLE])
- AC_SUBST([ASFLAGS_FPU_DISABLE_SIMD_ENABLE])
- AC_SUBST([ASFLAGS_FPU_ENABLE_SIMD_DISABLE])
- AC_SUBST([ASFLAGS_FPUSIMD_DISABLE])
- AC_SUBST([ASFLAGS_FPUSIMD_ENABLE])
- if test "$ENABLED_OPENSSLEXTRA" != "no"; then
- AC_MSG_ERROR([--enable-opensslextra is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_FILESYSTEM" = "yes"; then
- AC_MSG_ERROR([--enable-filesystem is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_AFALG" = "yes"; then
- AC_MSG_ERROR([--enable-afalg is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_DEVCRYPTO" = "yes"; then
- AC_MSG_ERROR([--enable-devcrypto is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_PKCS11" = "yes"; then
- AC_MSG_ERROR([--enable-pkcs11 is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_JNI" = "yes"; then
- AC_MSG_ERROR([--enable-jni is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_16BIT" = "yes"; then
- AC_MSG_ERROR([--enable-16bit is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_SINGLETHREADED" = "yes"; then
- AC_MSG_ERROR([--enable-singlethreaded is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_VALGRIND" = "yes"; then
- AC_MSG_ERROR([--enable-valgrind is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_FASTMATH" = "yes"; then
- AC_MSG_ERROR([--enable-fastmath is incompatible with --enable-linuxkm (exceeds stack limit).])
- fi
- if test "$ENABLED_FAST_RSA" = "yes"; then
- AC_MSG_ERROR([--enable-fastrsa is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_LIBZ_RSA" = "yes"; then
- AC_MSG_ERROR([--with-libz is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_IOPOOL" = "yes"; then
- AC_MSG_ERROR([--enable-iopool is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_EXAMPLES" = "yes"; then
- AC_MSG_ERROR([--enable-examples is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_SMALL_STACK" != "yes"; then
- AC_MSG_ERROR([--enable-smallstack is required for --enable-linuxkm.])
- fi
- if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no"; then
- AC_MSG_ERROR([--enable-sp-math or --enable-sp-math-all is required for --enable-linuxkm.])
- fi
- if test "$ENABLED_STACKSIZE" != "no"; then
- AC_MSG_ERROR([--enable-stacksize is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_STACKLOG" = "yes"; then
- AC_MSG_ERROR([--enable-stacklog is incompatible with --enable-linuxkm.])
- fi
- if test "$ENABLED_COMPKEY" = "yes"; then
- AC_MSG_ERROR([--enable-compkey is incompatible with --enable-linuxkm.])
- fi
- fi
- # The following AM_CONDITIONAL statements set flags for use in the Makefiles.
- # Some of these affect build targets and objects, some trigger different
- # test scripts for make check.
- AM_CONDITIONAL([BUILD_DISTRO],[test "x$ENABLED_DISTRO" = "xyes"])
- AM_CONDITIONAL([BUILD_ALL],[test "x$ENABLED_ALL" = "xyes"])
- AM_CONDITIONAL([BUILD_TLS13],[test "x$ENABLED_TLS13" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_RNG],[test "x$ENABLED_RNG" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SCTP],[test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SRTP],[test "x$ENABLED_SRTP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_MCAST],[test "x$ENABLED_MCAST" = "xyes"])
- AM_CONDITIONAL([BUILD_IPV6],[test "x$ENABLED_IPV6" = "xyes"])
- AM_CONDITIONAL([BUILD_LEANPSK],[test "x$ENABLED_LEANPSK" = "xyes"])
- AM_CONDITIONAL([BUILD_LEANTLS],[test "x$ENABLED_LEANTLS" = "xyes"])
- AM_CONDITIONAL([BUILD_LOWMEM],[test "x$ENABLED_LOWRESOURCE" = "xyes"])
- AM_CONDITIONAL([BUILD_PKCALLBACKS], [ test "x$ENABLED_PKCALLBACKS" = "xyes"])
- AM_CONDITIONAL([BUILD_CRYPTOAUTHLIB],[test "x$ENABLED_CRYPTOAUTHLIB" = "xyes"])
- AM_CONDITIONAL([BUILD_SNIFFER], [ test "x$ENABLED_SNIFFER" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SNIFFTEST],[ test "x$ENABLED_SNIFFTEST" = "xyes"])
- AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
- AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
- AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
- AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
- AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])
- AM_CONDITIONAL([BUILD_AFALG],[test "x$ENABLED_AFALG" = "xyes"])
- AM_CONDITIONAL([BUILD_KCAPI],[test "x$ENABLED_KCAPI" = "xyes"])
- AM_CONDITIONAL([BUILD_DEVCRYPTO],[test "x$ENABLED_DEVCRYPTO" = "xyes"])
- AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_BLAKE2],[test "x$ENABLED_BLAKE2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CURVE25519_SMALL],[test "x$ENABLED_CURVE25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ED448],[test "x$ENABLED_ED448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ED448_SMALL],[test "x$ENABLED_ED448_SMALL" = "xyes"])
- AM_CONDITIONAL([BUILD_FE448], [test "x$ENABLED_FE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_GE448], [test "x$ENABLED_GE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CURVE448],[test "x$ENABLED_CURVE448" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_MD5],[test "x$ENABLED_MD5" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SHA],[test "x$ENABLED_SHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_FIPS],[test "x$ENABLED_FIPS" = "xyes"])
- AM_CONDITIONAL([BUILD_FIPS_V1],[test "$HAVE_FIPS_VERSION" = 1])
- AM_CONDITIONAL([BUILD_FIPS_V2],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 0])
- AM_CONDITIONAL([BUILD_FIPS_RAND],[test "$HAVE_FIPS_VERSION" = 2 && test "$HAVE_FIPS_VERSION_MINOR" = 1])
- AM_CONDITIONAL([BUILD_FIPS_V5],[test "$HAVE_FIPS_VERSION" = 5])
- AM_CONDITIONAL([BUILD_FIPS_CURRENT],[test "$HAVE_FIPS_VERSION" -ge 2 ])
- # BUILD_FIPS_CURRENT is for builds after cert 2425.
- AM_CONDITIONAL([BUILD_SIPHASH],[test "x$ENABLED_SIPHASH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CMAC],[test "x$ENABLED_CMAC" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SELFTEST],[test "x$ENABLED_SELFTEST" = "xyes"])
- AM_CONDITIONAL([BUILD_SHA224],[test "x$ENABLED_SHA224" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SHA3],[test "x$ENABLED_SHA3" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_POLY1305],[test "x$ENABLED_POLY1305" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CHACHA],[test "x$ENABLED_CHACHA" = "xyes" || test "x$ENABLED_CHACHA" = "xnoasm" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_XCHACHA],[test "x$ENABLED_XCHACHA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_INLINE],[test "x$ENABLED_INLINE" = "xyes"])
- AM_CONDITIONAL([BUILD_OCSP],[test "x$ENABLED_OCSP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_OCSP_STAPLING],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"])
- AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2],[test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"])
- AM_CONDITIONAL([BUILD_CRL],[test "x$ENABLED_CRL" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CRL_MONITOR],[test "x$ENABLED_CRL_MONITOR" = "xyes"])
- AM_CONDITIONAL([BUILD_USER_RSA],[test "x$ENABLED_USER_RSA" = "xyes"] )
- AM_CONDITIONAL([BUILD_USER_CRYPTO],[test "x$ENABLED_USER_CRYPTO" = "xyes"])
- AM_CONDITIONAL([BUILD_LIBOQS],[test "x$ENABLED_LIBOQS" = "xyes"])
- AM_CONDITIONAL([BUILD_WNR],[test "x$ENABLED_WNR" = "xyes"])
- AM_CONDITIONAL([BUILD_SRP],[test "x$ENABLED_SRP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([USE_VALGRIND],[test "x$ENABLED_VALGRIND" = "xyes"])
- AM_CONDITIONAL([BUILD_MD4],[test "x$ENABLED_MD4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_PWDBASED],[test "x$ENABLED_PWDBASED" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SCRYPT],[test "x$ENABLED_SCRYPT" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CRYPTONLY],[test "x$ENABLED_CRYPTONLY" = "xyes" && test "x$ENABLED_OPENSSLEXTRA" = "xno"])
- AM_CONDITIONAL([BUILD_FASTMATH],[test "x$ENABLED_FASTMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SLOWMATH],[test "x$ENABLED_SLOWMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
- AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
- AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"])
- AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"])
- AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"])
- AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS_LIBS],[test "x$ENABLED_CRYPT_TESTS_LIBS" = "xyes"])
- AM_CONDITIONAL([BUILD_LIBZ],[test "x$ENABLED_LIBZ" = "xyes"])
- AM_CONDITIONAL([BUILD_PKCS11],[test "x$ENABLED_PKCS11" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_PKCS12],[test "x$ENABLED_PKCS12" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_PKCS8],[test "x$ENABLED_PKCS8" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CAVIUM],[test "x$ENABLED_CAVIUM" = "xyes"])
- AM_CONDITIONAL([BUILD_CAVIUM_V],[test "x$ENABLED_CAVIUM_V" = "xyes"])
- AM_CONDITIONAL([BUILD_OCTEON_SYNC],[test "x$ENABLED_OCTEON_SYNC" = "xyes"])
- AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"])
- AM_CONDITIONAL([BUILD_INTEL_QA_SYNC],[test "x$ENABLED_INTEL_QA_SYNC" = "xyes"])
- AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SP_C32],[ ( ( (test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \
- || test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \
- || test "x$ENABLED_USERSETTINGS" = "xyes") && test "x$ENABLED_64BIT" != "xyes"])
- AM_CONDITIONAL([BUILD_SP_C64],[ ( ( (test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \
- || test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \
- || test "x$ENABLED_USERSETTINGS" = "xyes") && test "x$ENABLED_32BIT" != "xyes"])
- AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SP_ARM_CORTEX],[test "x$ENABLED_SP_ARM_CORTEX_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SP_X86_64],[test "x$ENABLED_SP_X86_64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SP_INT],[test "x$ENABLED_SP_MATH" = "xyes" || test "x$ENABLED_SP_MATH_ALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_FAST_RSA],[test "x$ENABLED_FAST_RSA" = "xyes"])
- AM_CONDITIONAL([BUILD_MCAPI],[test "x$ENABLED_MCAPI" = "xyes"])
- AM_CONDITIONAL([BUILD_ASYNCCRYPT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
- AM_CONDITIONAL([BUILD_WOLFEVENT],[test "x$ENABLED_ASYNCCRYPT" = "xyes"])
- AM_CONDITIONAL([BUILD_CRYPTOCB],[test "x$ENABLED_CRYPTOCB" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_PSK],[test "x$ENABLED_PSK" = "xyes"])
- AM_CONDITIONAL([BUILD_TRUST_PEER_CERT],[test "x$ENABLED_TRUSTED_PEER_CERT" = "xyes"])
- AM_CONDITIONAL([BUILD_PKI],[test "x$ENABLED_PKI" = "xyes"])
- AM_CONDITIONAL([BUILD_DES3],[test "x$ENABLED_DES3" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_SMIME],[test "x$ENABLED_SMIME" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"])
- AM_CONDITIONAL([BUILD_CAAM],[test "x$ENABLED_CAAM" = "xyes" || test "x$ENABLED_CAAM" = "xqnx" || test "x$ENABLED_CAAM" = "xseco"])
- AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"])
- AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"])
- AM_CONDITIONAL([BUILD_BENCHMARK],[test "$ENABLED_BENCHMARK" = "yes"])
- AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"])
- AM_CONDITIONAL([BUILD_QNXCAAM],[test "x$ENABLED_CAAM" = "xqnx"])
- AM_CONDITIONAL([BUILD_IOTSAFE],[test "x$ENABLED_IOTSAFE" = "xyes"])
- AM_CONDITIONAL([BUILD_IOTSAFE_HWRNG],[test "x$ENABLED_IOTSAFE_HWRNG" = "xyes"])
- AM_CONDITIONAL([BUILD_SE050],[test "x$ENABLED_SE050" = "xyes"])
- AM_CONDITIONAL([BUILD_KDF],[test "x$ENABLED_KDF" = "xyes"])
- AM_CONDITIONAL([BUILD_HMAC],[test "x$ENABLED_HMAC" = "xyes"])
- AM_CONDITIONAL([BUILD_ERROR_STRINGS],[test "x$ENABLED_ERROR_STRINGS" = "xyes"])
- AM_CONDITIONAL([BUILD_DO178],[test "x$ENABLED_DO178" = "xyes"])
- AM_CONDITIONAL([BUILD_PSA],[test "x$ENABLED_PSA" = "xyes"])
- AM_CONDITIONAL([BUILD_DTLS13],[test "x$ENABLED_DTLS13" = "xyes"])
- if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" &&
- (test "$ax_enable_debug" = "yes" ||
- test "$ENABLED_STACKSIZE" != "no" ||
- (test "$ENABLED_LEANTLS" = "no" &&
- test "$ENABLED_LEANPSK" = "no" &&
- test "$ENABLED_LOWRESOURCE" = "no"))
- then
- AM_CFLAGS="$AM_CFLAGS -DHAVE_WC_INTROSPECTION"
- fi
- if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
- then
- AM_CFLAGS="$AM_CFLAGS -include ${output_objdir}/.build_params"
- fi
- CREATE_HEX_VERSION
- AC_SUBST([AM_CPPFLAGS])
- AC_SUBST([AM_CFLAGS])
- AC_SUBST([AM_LDFLAGS])
- AC_SUBST([AM_CCASFLAGS])
- AC_SUBST([LIB_ADD])
- AC_SUBST([LIB_STATIC_ADD])
- # FINAL
- AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
- AC_CONFIG_FILES([Makefile
- wolfssl/version.h
- wolfssl/options.h
- cyassl/options.h
- support/wolfssl.pc
- rpm/spec
- wolfcrypt/test/test_paths.h
- ])
- AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test])
- AX_CREATE_GENERIC_CONFIG
- AX_AM_JOBSERVER([yes])
- # See Automake 9.4.1 Built Sources Example
- AC_DEFUN([AX_OUT_OF_TREE_FILE],[
- AC_CONFIG_COMMANDS([$1], [test ! -f $srcdir/$1 && >> $srcdir/$1])
- ])
- AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/async.h])
- AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/fips.h])
- AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h])
- AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist.h])
- AX_OUT_OF_TREE_FILE([wolfssl/wolfcrypt/port/intel/quickassist_mem.h])
- AC_OUTPUT
- if test "$ENABLED_MAKECLEAN" = "yes"
- then
- # force make clean
- AC_MSG_NOTICE([---])
- AC_MSG_NOTICE([Running make clean...])
- if test -z "$MAKE"; then
- MAKE="make"
- fi
- if test "$verbose" = "yes"; then
- $MAKE clean
- else
- $MAKE clean >/dev/null
- fi
- fi
- if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
- then
- echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ac_configure_args\"" > ${output_objdir}/.build_params &&
- echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> ${output_objdir}/.build_params ||
- AC_MSG_ERROR([Couldn't create ${output_objdir}/.build_params.])
- fi
- # generate user options header
- AC_MSG_NOTICE([---])
- AC_MSG_NOTICE([Generating user options header...])
- OPTION_FILE="wolfssl/options.h"
- rm -f $OPTION_FILE
- echo "/* wolfssl options.h" > $OPTION_FILE
- echo " * generated from configure options" >> $OPTION_FILE
- echo " *" >> $OPTION_FILE
- echo " * Copyright (C) 2006-2022 wolfSSL Inc." >> $OPTION_FILE
- echo " *" >> $OPTION_FILE
- echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
- echo " *" >> $OPTION_FILE
- echo " */" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE
- echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "#ifdef __cplusplus" >> $OPTION_FILE
- echo "extern \"C\" {" >> $OPTION_FILE
- echo "#endif" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS $EXTRA_CFLAGS; do
- defonly=`echo $option | sed 's/^-D//'`
- if test "$defonly" != "$option"
- then
- noequalsign=`echo $defonly | sed 's/=/ /'`
- if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
- then
- if test "$verbose" = "yes"; then
- AC_MSG_NOTICE([not outputting (N)DEBUG to $OPTION_FILE])
- fi
- continue
- fi
- # allow user to ignore system options
- ignoresys=$(echo "$noequalsign" | grep '^_.*')
- if test -n "$ignoresys"
- then
- echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
- fi
- noarg=`echo $defonly | sed 's/=.*//'`
- echo "#undef $noarg" >> $OPTION_FILE
- echo "#define $noequalsign" >> $OPTION_FILE
- if test -n "$ignoresys"
- then
- echo "#endif" >> $OPTION_FILE
- fi
- echo "" >> $OPTION_FILE
- else
- if test "$verbose" = "yes"; then
- AC_MSG_NOTICE([option w/o begin -D is $option, not saving to $OPTION_FILE])
- fi
- fi
- done
- echo "" >> $OPTION_FILE
- echo "#ifdef __cplusplus" >> $OPTION_FILE
- echo "}" >> $OPTION_FILE
- echo "#endif" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- echo "#endif /* WOLFSSL_OPTIONS_H */" >> $OPTION_FILE
- echo "" >> $OPTION_FILE
- #backwards compatibility for those who have included options or version
- touch cyassl/options.h
- echo "/* cyassl options.h" > cyassl/options.h
- echo " * generated from wolfssl/options.h" >> cyassl/options.h
- echo " */" >> cyassl/options.h
- while read -r line
- do
- echo "$line" >> cyassl/options.h
- done < $OPTION_FILE
- # switch ifdef protection in cyassl/option.h to CYASSL_OPTONS_H, remove bak
- sed -i.bak 's/WOLFSSL_OPTIONS_H/CYASSL_OPTIONS_H/g' cyassl/options.h
- # workaround for mingw sed that may get "Permission denied" trying to preserver permissions
- case $host_os in
- mingw*)
- chmod u+w cyassl/options.h ;;
- esac
- rm cyassl/options.h.bak
- if test "$silent" != "yes"; then
- # output config summary
- echo "---"
- echo "Configuration summary for $PACKAGE_NAME version $VERSION"
- echo ""
- echo " * Installation prefix: $prefix"
- echo " * System type: $host_vendor-$host_os"
- echo " * Host CPU: $host_cpu"
- echo " * C Compiler: $CC"
- echo " * C Flags: $CFLAGS"
- echo " * C++ Compiler: $CXX"
- echo " * C++ Flags: $CXXFLAGS"
- echo " * CPP Flags: $CPPFLAGS"
- echo " * CCAS Flags: $CCASFLAGS"
- echo " * LIB Flags: $LIB"
- test "$ENABLED_LINUXKM" = "yes" && \
- echo " * Linux Kernel Build Root: $KERNEL_ROOT" && \
- echo " * Linux Kernel Build Arch: $KERNEL_ARCH" && \
- echo " * fpu disable C flags: $CFLAGS_FPU_DISABLE" && \
- echo " * fpu enable C flags: $CFLAGS_FPU_ENABLE" && \
- echo " * SIMD disable C flags: $CFLAGS_SIMD_DISABLE" && \
- echo " * SIMD enable C flags: $CFLAGS_SIMD_ENABLE" && \
- echo " * No-auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_DISABLE" && \
- echo " * Auto-vectorize C flags: $CFLAGS_AUTO_VECTORIZE_ENABLE" && \
- echo " * SIMD enable as flags: $ASFLAGS_FPU_DISABLE_SIMD_ENABLE" && \
- echo " * FPU enable as flags: $ASFLAGS_FPU_ENABLE_SIMD_DISABLE" && \
- echo " * SIMD+FPU disable as flags: $ASFLAGS_FPUSIMD_DISABLE" && \
- echo " * SIMD+FPU enable as flags: $ASFLAGS_FPUSIMD_ENABLE" && \
- echo " * Linux kernel module PIE: $ENABLED_LINUXKM_PIE"
- echo " * Debug enabled: $ax_enable_debug"
- echo " * Coverage enabled: $ax_enable_coverage"
- echo " * Warnings as failure: $ac_cv_warnings_as_errors"
- echo " * make -j: $enable_jobserver"
- echo " * VCS checkout: $ac_cv_vcs_checkout"
- echo
- echo " Features "
- if test "$ENABLED_FIPS" = "yes"; then
- echo " * FIPS: $FIPS_VERSION"
- else
- echo " * FIPS: $ENABLED_FIPS"
- fi
- echo " * Single threaded: $ENABLED_SINGLETHREADED"
- echo " * Filesystem: $ENABLED_FILESYSTEM"
- echo " * OpenSSH Build: $ENABLED_OPENSSH"
- echo " * OpenSSL Extra API: $ENABLED_OPENSSLEXTRA"
- echo " * OpenSSL Coexist: $ENABLED_OPENSSLCOEXIST"
- echo " * Old Names: $ENABLED_OLDNAMES"
- echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
- echo " * Distro Build: $ENABLED_DISTRO"
- echo " * Reproducible Build: $ENABLED_REPRODUCIBLE_BUILD"
- echo " * fastmath: $ENABLED_FASTMATH"
- echo " * Assembly Allowed: $ENABLED_ASM"
- echo " * sniffer: $ENABLED_SNIFFER"
- echo " * snifftest: $ENABLED_SNIFFTEST"
- echo " * ARC4: $ENABLED_ARC4"
- echo " * AES: $ENABLED_AES"
- echo " * AES-NI: $ENABLED_AESNI"
- echo " * AES-CBC: $ENABLED_AESCBC"
- echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
- echo " * AES-GCM: $ENABLED_AESGCM"
- echo " * AES-GCM streaming: $ENABLED_AESGCM_STREAM"
- echo " * AES-CCM: $ENABLED_AESCCM"
- echo " * AES-CTR: $ENABLED_AESCTR"
- echo " * AES-CFB: $ENABLED_AESCFB"
- echo " * AES-OFB: $ENABLED_AESOFB"
- echo " * AES-SIV: $ENABLED_AESSIV"
- echo " * DES3: $ENABLED_DES3"
- echo " * Camellia: $ENABLED_CAMELLIA"
- echo " * NULL Cipher: $ENABLED_NULL_CIPHER"
- echo " * MD2: $ENABLED_MD2"
- echo " * MD4: $ENABLED_MD4"
- echo " * MD5: $ENABLED_MD5"
- echo " * RIPEMD: $ENABLED_RIPEMD"
- echo " * SHA: $ENABLED_SHA"
- echo " * SHA-224: $ENABLED_SHA224"
- echo " * SHA-384: $ENABLED_SHA384"
- echo " * SHA-512: $ENABLED_SHA512"
- echo " * SHA3: $ENABLED_SHA3"
- echo " * SHAKE256: $ENABLED_SHAKE256"
- echo " * BLAKE2: $ENABLED_BLAKE2"
- echo " * BLAKE2S: $ENABLED_BLAKE2S"
- echo " * SipHash: $ENABLED_SIPHASH"
- echo " * CMAC: $ENABLED_CMAC"
- echo " * keygen: $ENABLED_KEYGEN"
- echo " * certgen: $ENABLED_CERTGEN"
- echo " * certreq: $ENABLED_CERTREQ"
- echo " * certext: $ENABLED_CERTEXT"
- echo " * certgencache: $ENABLED_certgencache"
- echo " * CHACHA: $ENABLED_CHACHA"
- echo " * XCHACHA: $ENABLED_XCHACHA"
- echo " * Hash DRBG: $ENABLED_HASHDRBG"
- echo " * PWDBASED: $ENABLED_PWDBASED"
- echo " * scrypt: $ENABLED_SCRYPT"
- echo " * wolfCrypt Only: $ENABLED_CRYPTONLY"
- echo " * HKDF: $ENABLED_HKDF"
- echo " * X9.63 KDF: $ENABLED_X963KDF"
- echo " * MD4: $ENABLED_MD4"
- echo " * PSK: $ENABLED_PSK"
- echo " * Poly1305: $ENABLED_POLY1305"
- echo " * LEANPSK: $ENABLED_LEANPSK"
- echo " * LEANTLS: $ENABLED_LEANTLS"
- echo " * RSA: $ENABLED_RSA"
- echo " * RSA-PSS: $ENABLED_RSAPSS"
- echo " * DSA: $ENABLED_DSA"
- echo " * DH: $ENABLED_DH"
- echo " * DH Default Parameters: $ENABLED_DHDEFAULTPARAMS"
- echo " * ECC: $ENABLED_ECC"
- echo " * ECC Custom Curves: $ENABLED_ECCCUSTCURVES"
- echo " * ECC Minimum Bits: $ENABLED_ECCMINSZ"
- echo " * CURVE25519: $ENABLED_CURVE25519"
- echo " * ED25519: $ENABLED_ED25519"
- echo " * ED25519 streaming: $ENABLED_ED25519_STREAM"
- echo " * CURVE448: $ENABLED_CURVE448"
- echo " * ED448: $ENABLED_ED448"
- echo " * ED448 streaming: $ENABLED_ED448_STREAM"
- echo " * FPECC: $ENABLED_FPECC"
- echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
- echo " * ECCSI $ENABLED_ECCSI"
- echo " * SAKKE $ENABLED_SAKKE"
- echo " * ASN: $ENABLED_ASN"
- echo " * Anonymous cipher: $ENABLED_ANON"
- echo " * CODING: $ENABLED_CODING"
- echo " * MEMORY: $ENABLED_MEMORY"
- echo " * I/O POOL: $ENABLED_IOPOOL"
- echo " * wolfSentry: $ENABLED_WOLFSENTRY"
- echo " * LIGHTY: $ENABLED_LIGHTY"
- echo " * WPA Supplicant: $ENABLED_WPAS"
- echo " * HAPROXY: $ENABLED_HAPROXY"
- echo " * STUNNEL: $ENABLED_STUNNEL"
- echo " * tcpdump: $ENABLED_TCPDUMP"
- echo " * libssh2: $ENABLED_LIBSSH2"
- echo " * ntp: $ENABLED_NTP"
- echo " * rsyslog: $ENABLED_RSYSLOG"
- echo " * Apache httpd: $ENABLED_APACHE_HTTPD"
- echo " * NGINX: $ENABLED_NGINX"
- echo " * OpenResty: $ENABLED_OPENRESTY"
- echo " * ASIO: $ENABLED_ASIO"
- echo " * LIBWEBSOCKETS: $ENABLED_LIBWEBSOCKETS"
- echo " * Qt: $ENABLED_QT"
- echo " * Qt Unit Testing: $ENABLED_QT_TEST"
- echo " * SIGNAL: $ENABLED_SIGNAL"
- echo " * chrony: $ENABLED_CHRONY"
- echo " * strongSwan: $ENABLED_STRONGSWAN"
- echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
- echo " * DTLS: $ENABLED_DTLS"
- echo " * DTLS v1.3: $ENABLED_DTLS13"
- echo " * SCTP: $ENABLED_SCTP"
- echo " * SRTP: $ENABLED_SRTP"
- echo " * Indefinite Length: $ENABLED_BER_INDEF"
- echo " * Multicast: $ENABLED_MCAST"
- echo " * SSL v3.0 (Old): $ENABLED_SSLV3"
- echo " * TLS v1.0 (Old): $ENABLED_TLSV10"
- echo " * TLS v1.1 (Old): $ENABLED_OLD_TLS"
- echo " * TLS v1.2: $ENABLED_TLSV12"
- echo " * TLS v1.3: $ENABLED_TLS13"
- echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
- echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
- echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"
- echo " * OCSP: $ENABLED_OCSP"
- echo " * OCSP Stapling: $ENABLED_CERTIFICATE_STATUS_REQUEST"
- echo " * OCSP Stapling v2: $ENABLED_CERTIFICATE_STATUS_REQUEST_V2"
- echo " * CRL: $ENABLED_CRL"
- echo " * CRL-MONITOR: $ENABLED_CRL_MONITOR"
- echo " * Persistent session cache: $ENABLED_SAVESESSION"
- echo " * Persistent cert cache: $ENABLED_SAVECERT"
- echo " * Atomic User Record Layer: $ENABLED_ATOMICUSER"
- echo " * Public Key Callbacks: $ENABLED_PKCALLBACKS"
- echo " * liboqs: $ENABLED_LIBOQS"
- echo " * Whitewood netRandom: $ENABLED_WNR"
- echo " * Server Name Indication: $ENABLED_SNI"
- echo " * ALPN: $ENABLED_ALPN"
- echo " * Maximum Fragment Length: $ENABLED_MAX_FRAGMENT"
- echo " * Trusted CA Indication: $ENABLED_TRUSTED_CA"
- echo " * Truncated HMAC: $ENABLED_TRUNCATED_HMAC"
- echo " * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
- echo " * FFDHE only in client: $ENABLED_FFDHE_ONLY"
- echo " * Session Ticket: $ENABLED_SESSION_TICKET"
- echo " * Extended Master Secret: $ENABLED_EXTENDED_MASTER"
- echo " * Renegotiation Indication: $ENABLED_RENEGOTIATION_INDICATION"
- echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
- echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV"
- echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL"
- echo " * All TLS Extensions: $ENABLED_TLSX"
- echo " * PKCS#7: $ENABLED_PKCS7"
- echo " * S/MIME: $ENABLED_SMIME"
- echo " * wolfSSH: $ENABLED_WOLFSSH"
- echo " * wolfEngine: $ENABLED_WOLFENGINE"
- echo " * wolfTPM: $ENABLED_WOLFTPM"
- echo " * wolfCLU: $ENABLED_WOLFCLU"
- echo " * wolfSCEP: $ENABLED_WOLFSCEP"
- echo " * Secure Remote Password: $ENABLED_SRP"
- echo " * Small Stack: $ENABLED_SMALL_STACK"
- echo " * Linux Kernel Module: $ENABLED_LINUXKM"
- echo " * valgrind unit tests: $ENABLED_VALGRIND"
- echo " * LIBZ: $ENABLED_LIBZ"
- echo " * Examples: $ENABLED_EXAMPLES"
- echo " * Crypt tests: $ENABLED_CRYPT_TESTS"
- echo " * Stack sizes in tests: $ENABLED_STACKSIZE"
- echo " * Heap stats in tests: $ENABLED_TRACKMEMORY"
- echo " * User Crypto: $ENABLED_USER_CRYPTO"
- echo " * Fast RSA: $ENABLED_FAST_RSA"
- echo " * Single Precision: $ENABLED_SP"
- if test "$ENABLED_SP_MATH_ALL" != "no"
- then
- ENABLED_SP_MATH_DESC="all"
- else
- if test "$ENABLED_SP_MATH" != "no"
- then
- ENABLED_SP_MATH_DESC="restricted"
- else
- ENABLED_SP_MATH_DESC="no"
- fi
- fi
- echo " * SP math implementation: $ENABLED_SP_MATH_DESC"
- echo " * Async Crypto: $ENABLED_ASYNCCRYPT"
- echo " * PKCS#8: $ENABLED_PKCS8"
- echo " * PKCS#11: $ENABLED_PKCS11"
- echo " * PKCS#12: $ENABLED_PKCS12"
- echo " * Cavium Nitrox: $ENABLED_CAVIUM"
- echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC"
- echo " * Intel Quick Assist: $ENABLED_INTEL_QA"
- if test "$ENABLED_ARMASM_INLINE" = "yes"
- then
- ENABLED_ARMASM="inline C"
- fi
- echo " * ARM ASM: $ENABLED_ARMASM"
- echo " * ARM ASM SHA512/SHA3 Crypto $ENABLED_ARMASM_SHA3"
- echo " * AES Key Wrap: $ENABLED_AESKEYWRAP"
- echo " * Write duplicate: $ENABLED_WRITEDUP"
- echo " * Xilinx Hardware Acc.: $ENABLED_XILINX"
- echo " * Inline Code: $ENABLED_INLINE"
- echo " * Linux AF_ALG: $ENABLED_AFALG"
- echo " * Linux KCAPI: $ENABLED_KCAPI"
- echo " * Linux devcrypto: $ENABLED_DEVCRYPTO"
- echo " * Crypto callbacks: $ENABLED_CRYPTOCB"
- echo " * i.MX CAAM: $ENABLED_CAAM"
- echo " * IoT-Safe: $ENABLED_IOTSAFE"
- echo " * IoT-Safe HWRNG: $ENABLED_IOTSAFE_HWRNG"
- echo " * NXP SE050: $ENABLED_SE050"
- echo " * PSA: $ENABLED_PSA"
- echo ""
- echo "---"
- fi # $silent != yes
- ################################################################################
- # Show warnings at bottom so they are noticed
- ################################################################################
- if test "$ENABLED_ASYNCCRYPT" = "yes" && ! test -s $srcdir/wolfcrypt/src/async.c
- then
- AC_MSG_WARN([Make sure real async files are loaded. Contact wolfSSL for details on using the asynccrypt option.])
- fi
- # MinGW static vs shared library
- # Reference URL from libtool for MinGW is located at
- # http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross
- # this allows for not even having dllimport/dllexport on functions
- # with recent libtools, only requiring it with global variables.
- #
- # The following warning is displayed here because if not using "contemporary GNU
- # tools" there is the possibility of export/import issues.
- # wolfSSL uses __declspec(dllexport) and "contemporary GNU tools" handle the
- # case where both static and shared libraries are built.
- #
- # More can be found about the MinGW linker at
- # https://sourceware.org/binutils/docs/ld/WIN32.html
- if test "$MINGW_LIB_WARNING" = "yes"
- then
- AC_MSG_WARN([Building with shared and static library at the same time on this system may cause export/import problems when using non contemporary GNU tools.])
- fi
|