123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754 |
- # CMakeLists.txt
- #
- # Copyright (C) 2006-2024 wolfSSL Inc.
- #
- # This file is part of wolfSSL. (formerly known as CyaSSL)
- #
- # Usage:
- # $ mkdir build
- # $ cd build
- # $ cmake ..
- # $ cmake --build .
- #
- # To build with debugging use:
- # $ cmake .. -DCMAKE_BUILD_TYPE=Debug
- #
- # See "Building with CMake" in INSTALL for more.
- ####################################################
- # Project
- ####################################################
- cmake_minimum_required(VERSION 3.16)
- if(${CMAKE_VERSION} VERSION_LESS "3.22")
- message(STATUS "This project recommends using CMake version 3.22 or higher. You are using ${CMAKE_VERSION}.")
- else()
- cmake_policy(SET CMP0128 NEW)
- endif()
- if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
- message(FATAL_ERROR "In-source builds are not allowed.\
- Run cmake from a separate directory from where CMakeLists.txt lives.\
- NOTE: cmake will now create CMakeCache.txt and CMakeFiles/*.\
- You must delete them, or cmake will refuse to work.")
- endif()
- project(wolfssl VERSION 5.7.0 LANGUAGES C ASM)
- # Set WOLFSSL_ROOT if not already defined
- if ("${WOLFSSL_ROOT}" STREQUAL "")
- # we'll assume this CMakeLists.txt is in the root of wolfSSL
- if (EXISTS "${CMAKE_SOURCE_DIR}/wolfcrypt/src/")
- get_filename_component(WOLFSSL_ROOT "${CMAKE_SOURCE_DIR}" ABSOLUTE)
- message(STATUS "Found WOLFSSL_ROOT = ${WOLFSSL_ROOT}")
- endif()
- else()
- message(STATUS "Using predefined WOLFSSL_ROOT = ${WOLFSSL_ROOT}")
- endif()
- # shared library versioning
- # increment if interfaces have been removed or changed
- set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
- # increment if interfaces have been added
- # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
- set(WOLFSSL_LIBRARY_VERSION_SECOND 1)
- # increment if source code has changed
- # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
- # WOLFSSL_LIBRARY_VERSION_SECOND is incremented
- set(WOLFSSL_LIBRARY_VERSION_THIRD 0)
- set(LIBTOOL_FULL_VERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}.${WOLFSSL_LIBRARY_VERSION_SECOND}.${WOLFSSL_LIBRARY_VERSION_THIRD})
- set(WOLFSSL_DEFINITIONS)
- set(WOLFSSL_LINK_LIBS)
- set(WOLFSSL_INCLUDE_DIRS)
- set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/")
- include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/functions.cmake)
- ####################################################
- # Compiler
- ####################################################
- # Let CMake choose default compiler
- # TODO: See gl_VISIBILITY in visibility.m4. Need to perform
- # the same checks.
- # TODO: Turn on warnings.
- if(CMAKE_C_COMPILER_ID STREQUAL "AppleClang")
- # Silence ranlib warning "has no symbols"
- set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
- set(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
- set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
- set(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
- endif()
- include(CheckIncludeFile)
- check_include_file("arpa/inet.h" HAVE_ARPA_INET_H)
- check_include_file("fcntl.h" HAVE_FCNTL_H)
- check_include_file("limits.h" HAVE_LIMITS_H)
- check_include_file("netdb.h" HAVE_NETDB_H)
- check_include_file("netinet/in.h" HAVE_NETINET_IN_H)
- check_include_file("stddef.h" HAVE_STDDEF_H)
- check_include_file("time.h" HAVE_TIME_H)
- check_include_file("sys/ioctl.h" HAVE_SYS_IOCTL_H)
- check_include_file("sys/socket.h" HAVE_SYS_SOCKET_H)
- check_include_file("sys/time.h" HAVE_SYS_TIME_H)
- check_include_file("errno.h" HAVE_ERRNO_H)
- check_include_file("dlfcn.h" HAVE_DLFCN_H)
- check_include_file("inttypes.h" HAVE_INTTYPES_H)
- check_include_file("memory.h" HAVE_MEMORY_H)
- check_include_file("stdint.h" HAVE_STDINT_H)
- check_include_file("stdlib.h" HAVE_STDLIB_H)
- check_include_file("string.h" HAVE_STRING_H)
- check_include_file("strings.h" HAVE_STRINGS_H)
- check_include_file("sys/stat.h" HAVE_SYS_STAT_H)
- check_include_file("sys/types.h" HAVE_SYS_TYPES_H)
- check_include_file("unistd.h" HAVE_UNISTD_H)
- include(CheckFunctionExists)
- # TODO: Also check if these functions are declared by the
- # expected headers. See comments around
- # AC_CHECK_FUNCS/AC_CHECK_DECLS in configure.ac.
- check_function_exists("gethostbyname" HAVE_GETHOSTBYNAME)
- check_function_exists("getaddrinfo" HAVE_GETADDRINFO)
- check_function_exists("gettimeofday" HAVE_GETTIMEOFDAY)
- check_function_exists("gmtime_r" HAVE_GMTIME_R)
- check_function_exists("inet_ntoa" HAVE_INET_NTOA)
- check_function_exists("memset" HAVE_MEMSET)
- check_function_exists("socket" HAVE_SOCKET)
- check_function_exists("strftime" HAVE_STRFTIME)
- check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
- include(CheckTypeSize)
- check_type_size("__uint128_t" __UINT128_T)
- check_type_size("long long" SIZEOF_LONG_LONG)
- check_type_size("long" SIZEOF_LONG)
- check_type_size("time_t" SIZEOF_TIME_T)
- # By default, HAVE___UINT128_T gets defined as TRUE,
- # but we want it as 1.
- if(HAVE___UINT128_T)
- set(HAVE___UINT128_T "1" CACHE INTERNAL "Result of TRY_COMPILE" FORCE)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE___UINT128_T")
- endif()
- if(CMAKE_VERSION VERSION_LESS "3.20")
- # TestBigEndian was deprecated in 3.20
- include(TestBigEndian)
- test_big_endian(IS_BIG_ENDIAN)
- set(CMAKE_C_BYTE_ORDER "LITTLE_ENDIAN")
- if(IS_BIG_ENDIAN)
- set(CMAKE_C_BYTE_ORDER "BIG_ENDIAN")
- endif()
- endif()
- # Thread local storage
- include(CheckCSourceCompiles)
- set(TLS_KEYWORDS "__thread" "__declspec(thread)")
- foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
- set(TLS_CODE "#include <stdlib.h>
- static void foo(void) {
- static ${TLS_KEYWORD} int bar\;
- exit(1)\;
- }
- int main() {
- return 0\;
- }"
- )
- check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
- if(THREAD_LS_ON)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
- break()
- else()
- # THREAD_LS_ON is cached after each call to
- # check_c_source_compiles, and the function
- # won't run subsequent times if the variable
- # is in the cache. To make it run again, we
- # need to remove the variable from the cache.
- unset(THREAD_LS_ON CACHE)
- endif()
- endforeach()
- # TODO: AX_PTHREAD does a lot. Need to implement the
- # rest of its logic.
- find_package(Threads)
- ####################################################
- # Cross Compile Example
- ####################################################
- #set(CMAKE_SYSTEM_NAME Linux)
- #set(CMAKE_SYSTEM_PROCESSOR arm)
- #set(CMAKE_C_COMPILER "/opt/arm-linux-musleabihf-cross/bin/arm-linux-musleabihf-gcc")
- #set(CMAKE_CXX_COMPILER "/opt/arm-linux-musleabihf-cross/bin/arm-linux-musleabihf-g++")
- #set(CMAKE_SYSROOT "/opt/arm-linux-musleabihf-cross/arm-linux-musleabihf/")
- # Example for setting CFLAGS
- #set(CMAKE_C_FLAGS "-std=gnu89 ${CMAKE_C_FLAGS}")
- # Example for map file and custom linker script
- #set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
- if(DEFINED WARNING_C_FLAGS)
- set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
- elseif(WIN32)
- # Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
- set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
- else()
- set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
- endif()
- ####################################################
- # Build Options
- ####################################################
- # TODO: - FIPS
- # - Distro
- # - Linux Kernel Module
- # - Single precision math
- # - Enable all
- # - Enable all crypto
- # For reproducible build, gate out from the build anything that might
- # introduce semantically frivolous jitter, maximizing chance of
- # identical object files.
- add_option("WOLFSSL_REPRODUCIBLE_BUILD"
- "Enable maximally reproducible build (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_REPRODUCIBLE_BUILD)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_REPRODUCIBLE_BUILD")
- set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Dqc <TARGET> <LINK_FLAGS> <OBJECTS>")
- set(CMAKE_C_ARCHIVE_APPEND "<CMAKE_AR> Dq <TARGET> <LINK_FLAGS> <OBJECTS>")
- set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -D <TARGET>")
- endif()
- add_option("WOLFSSL_INSTALL" "Create install target for WolfSSL project" "yes" "yes;no")
- # Support for forcing 32-bit mode
- # TODO: detect platform from other options
- add_option("WOLFSSL_32BIT"
- "Enables 32-bit support (default: disabled)"
- "no" "yes;no")
- # 16-bit compiler support
- add_option("WOLFSSL_16BIT"
- "Enables 16-bit support (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_16BIT)
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_16BIT_CPU")
- endif()
- # Support for disabling all ASM
- add_option("WOLFSSL_ASM"
- "Enables option for assembly (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_ASM)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DTFM_NO_ASM"
- "-DWOLFSSL_NO_ASM")
- endif()
- # Enable Debugging
- add_option("WOLFSSL_DEBUG"
- "Enables option for debug (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_DEBUG)
- set(CMAKE_C_FLAGS "-g ${CMAKE_C_FLAGS}")
- list(APPEND WOLFSSL_DEFINITIONS
- "-DDEBUG_WOLFSSL"
- "-DDEBUG")
- endif()
- # Single threaded
- add_option("WOLFSSL_SINGLE_THREADED"
- "Enable wolfSSL single threaded (default: disabled)"
- "no" "yes;no")
- # TODO: Logic here isn't complete, yet (see AX_PTHREAD)
- if(NOT WOLFSSL_SINGLE_THREADED)
- if(CMAKE_USE_PTHREADS_INIT)
- list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
- set(HAVE_PTHREAD 1)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DHAVE_PTHREAD"
- "-D_POSIX_THREADS")
- endif()
- endif()
- # DTLS-SRTP
- add_option("WOLFSSL_SRTP"
- "Enables wolfSSL DTLS-SRTP (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_SRTP)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_SRTP")
- set(WOLFSSL_DTLS "yes")
- set(WOLFSSL_KEYING_MATERIAL "yes")
- endif()
- # DTLS
- add_option("WOLFSSL_DTLS"
- "Enables wolfSSL DTLS (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_DTLS)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_DTLS")
- endif()
- # TLS v1.3
- add_option("WOLFSSL_TLS13"
- "Enable wolfSSL TLS v1.3 (default: enabled)"
- "yes" "yes;no")
- if("${FIPS_VERSION}" STREQUAL "v1")
- override_cache(WOLFSSL_TLS13 "no")
- endif()
- # Post-handshake authentication
- add_option("WOLFSSL_POSTAUTH"
- "Enable wolfSSL Post-handshake Authentication (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_POSTAUTH)
- if(NOT WOLFSSL_TLS13)
- message(WARNING "TLS 1.3 is disabled - disabling Post-handshake Authentication")
- override_cache(WOLFSSL_POSTAUTH "no")
- else()
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_POST_HANDSHAKE_AUTH")
- endif()
- endif()
- # Hello Retry Request Cookie
- add_option("WOLFSSL_HRR_COOKIE"
- "Enable the server to send Cookie Extension in HRR with state (default: disabled)"
- "undefined" "yes;no;undefined")
- if("${WOLFSSL_HRR_COOKIE}" STREQUAL "yes")
- if(NOT WOLFSSL_TLS13)
- message(WARNING "TLS 1.3 is disabled - disabling HRR Cookie")
- override_cache(WOLFSSL_HRR_COOKIE "no")
- else()
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_SEND_HRR_COOKIE")
- endif()
- endif()
- # DTLS v1.3
- add_option("WOLFSSL_DTLS13"
- "Enable wolfSSL DTLS v1.3 (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_DTLS13)
- if (NOT WOLFSSL_DTLS)
- message(FATAL_ERROR "DTLS13 requires DTLS")
- endif()
- if (NOT WOLFSSL_TLS13)
- message(FATAL_ERROR "DTLS13 requires TLS13")
- endif()
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS13")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_W64_WRAPPER")
- if ("${WOLFSSL_HRR_COOKIE}" STREQUAL "undefined")
- message(WARNING "DTLS1.3 is enabled - enabling HRR Cookie")
- override_cache(WOLFSSL_HRR_COOKIE "yes")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SEND_HRR_COOKIE")
- endif()
- if (WOLFSSL_AES)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_DIRECT")
- endif()
- endif()
- # DTLS ConnectionID support
- add_option("WOLFSSL_DTLS_CID"
- "Enables wolfSSL DTLS CID (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_DTLS_CID)
- if(NOT WOLFSSL_DTLS13)
- message(FATAL_ERROR "CID are supported only for DTLSv1.3")
- endif()
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CID")
- endif()
- # RNG
- add_option("WOLFSSL_RNG"
- "Enable compiling and using RNG (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_RNG)
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_RNG")
- endif()
- # QUIC
- add_option(WOLFSSL_QUIC
- "Enable QUIC support (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_QUIC)
- set(WOLFSSL_ALPN "yes")
- set(WOLFSSL_OPENSSLEXTRA "yes")
- set(WOLFSSL_AESCTR "yes")
- set(WOLFSSL_CURVE25519 "yes")
- set(WOLFSSL_SNI "yes")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_QUIC" "-DHAVE_EX_DATA")
- endif()
- # Curl
- add_option(WOLFSSL_CURL
- "Enable CURL support (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_CURL)
- set(WOLFSSL_MD4 "yes")
- set(WOLFSSL_DES3 "yes")
- set(WOLFSSL_ALPN "yes")
- set(WOLFSSL_OPENSSLEXTRA "yes")
- set(WOLFSSL_CRL "yes")
- set(WOLFSSL_OCSP "yes")
- set(WOLFSSL_OCSPSTAPLING "yes")
- set(WOLFSSL_OCSPSTAPLING_V2 "yes")
- set(WOLFSSL_SNI "yes")
- set(WOLFSSL_ALT_CERT_CHAINS "yes")
- set(WOLFSSL_IP_ALT_NAME "yes")
- set(WOLFSSL_SESSION_TICKET "yes")
- set(WOLFSSL_WOLFSSH "yes")
- list(APPEND WOLFSSL_DEFINITIONS
- "-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
- endif()
- # ALPN
- add_option(WOLFSSL_ALPN
- "Enable ALPN support (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_ALPN)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS")
- endif()
- # altcertchains
- add_option(WOLFSSL_ALT_CERT_CHAINS
- "Enable support for Alternate certification chains (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_ALT_CERT_CHAINS)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ALT_CERT_CHAINS")
- endif()
- # ip-alt-name
- add_option(WOLFSSL_IP_ALT_NAME
- "Enable support for IP alternative name (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_IP_ALT_NAME)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_IP_ALT_NAME")
- endif()
- # wolfSSH
- add_option(WOLFSSL_WOLFSSH
- "Enable support for wolfSSH (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_WOLFSSH)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WOLFSSH")
- endif()
- if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
- endif()
- # TODO: - DTLS-SCTP
- # - DTLS multicast
- # - OpenSSH
- # - OpenVPN
- # - Nginx
- # - HAProxy
- # - wpa_supplicant
- # - Fortress
- # - libwebsockets
- # - Qt
- # - SSL bump
- # - sniffer
- # - Signal
- # - OpenSSL coexist
- # - Max strength
- # Harden, enable Timing Resistance and Blinding by default
- add_option("WOLFSSL_HARDEN"
- "Enable Hardened build, Enables Timing Resistance and Blinding (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_HARDEN)
- list(APPEND WOLFSSL_DEFINITIONS "-DTFM_TIMING_RESISTANT" "-DECC_TIMING_RESISTANT")
- if(WOLFSSL_RNG)
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_RSA_BLINDING")
- endif()
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_HARDEN")
- endif()
- add_option(WOLFSSL_OPENSSLEXTRA
- "Enable extra OpenSSL API, size+ (default: disabled)"
- "no" "yes;no")
- add_option(WOLFSSL_OPENSSLALL
- "Enable all OpenSSL API, size++ (default: disabled)"
- "no" "yes;no")
- add_option(WOLFSSL_ASIO
- "Enable asio support (default: disabled)"
- "no" "yes;no")
- if (WOLFSSL_ASIO)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_ASIO" "-DASIO_USE_WOLFSSL"
- "-DBOOST_ASIO_USE_WOLFSSL" "-DHAVE_EX_DATA"
- "-DSSL_TXT_TLSV1_2" "-DOPENSSL_NO_SSL2" "-DOPENSSL_NO_SSL3"
- "-DHAVE_OCSP" "-DWOLFSSL_KEY_GEN")
- override_cache(WOLFSSL_OPENSSLALL "yes")
- override_cache(WOLFSSL_OPENSSLEXTRA "yes")
- endif()
- if (WOLFSSL_OPENSSLEXTRA AND NOT WOLFSSL_OPENSSLCOEXIST)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DOPENSSL_EXTRA")
- endif()
- if (WOLFSSL_OPENSSLALL)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DOPENSSL_ALL" "-DWOLFSSL_EITHER_SIDE" "-DWC_RSA_NO_PADDING"
- "-DWC_RSA_PSS" "-DWOLFSSL_PSS_LONG_SALT" "-DWOLFSSL_TICKET_HAVE_ID"
- "-DWOLFSSL_ERROR_CODE_OPENSSL" "-DWOLFSSL_CERT_NAME_ALL")
- endif()
- # TODO: - IPv6 test apps
- set(WOLFSSL_SLOW_MATH "yes")
- # liboqs
- add_option(WOLFSSL_OQS
- "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
- "no" "yes;no")
- # Kyber
- add_option(WOLFSSL_KYBER
- "Enable the wolfSSL PQ Kyber library (default: disabled)"
- "no" "yes;no")
- # Experimental features
- add_option(WOLFSSL_EXPERIMENTAL
- "Enable experimental features (default: disabled)"
- "no" "yes;no")
- message(STATUS "Looking for WOLFSSL_EXPERIMENTAL")
- if (WOLFSSL_EXPERIMENTAL)
- message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found")
- # We've enabled the experimental environment, but let's
- # check if any experimental features are also enabled:
- set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
- set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
- # Checking for experimental feature: OQS
- message(STATUS "Looking for WOLFSSL_OQS")
- if (WOLFSSL_OQS)
- set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
- message(STATUS "Looking for WOLFSSL_OQS - found")
- message(STATUS "Checking OQS")
- find_package(OQS)
- if (OQS_FOUND)
- message(STATUS "Checking OQS - found")
- list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
- list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
- set_wolfssl_definitions("HAVE_LIBOQS" RESUlT)
- set_wolfssl_definitions("HAVE_TLS_EXTENSIONS" RESUlT)
- set_wolfssl_definitions("OPENSSL_EXTRA" RESUlT)
- else()
- message(STATUS "Checking OQS - not found")
- message(STATUS "WARNING: WOLFSSL_OQS enabled but not found: OQS_LIBRARY=${OQS_LIBRARY}, OQS_INCLUDE_DIR=${OQS_INCLUDE_DIR} ")
- endif()
- else()
- message(STATUS "Looking for WOLFSSL_OQS - not found")
- endif()
- # Checking for experimental feature: Kyber
- message(STATUS "Looking for WOLFSSL_KYBER")
- if (WOLFSSL_KYBER)
- set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
- message(STATUS "Automatically set related requirements for Kyber:")
- set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
- set_wolfssl_definitions("WOLFSSL_WC_KYBER" RESUlT)
- set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT)
- set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT)
- set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT)
- message(STATUS "Looking for WOLFSSL_KYBER - found")
- else()
- message(STATUS "Looking for WOLFSSL_KYBER - not found")
- endif()
- # Other experimental feature detection can be added here...
- # Were any experimental features found? Display a message.
- if(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE)
- message(STATUS "WOLFSSL_EXPERIMENTAL enabled, experimental features enabled.")
- else()
- message(STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled.")
- endif()
- # Sanity checks
- if(WOLFSSL_OQS AND WOLFSSL_KYBER)
- message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
- endif()
- else()
- # Experimental mode not enabled, but were any experimental features enabled? Error out if so:
- message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found")
- if (WOLFSSL_OQS)
- message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
- endif()
- if(WOLFSSL_KYBER)
- message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
- endif()
- endif()
- # TODO: - Lean PSK
- # - Lean TLS
- # - Low resource
- # - Titan cache
- # - Huge cache
- # - Big cache
- # - Small cache
- # - Persistent session cache
- # - Persistent cert cache
- # - Write duplicate
- # - Atomic user record layer
- # - Public key callbacks
- # - Microchip/Atmel CryptoAuthLib
- # - XMSS
- # - LMS
- # - dual-certs
- # AES-CBC
- add_option("WOLFSSL_AESCBC"
- "Enable wolfSSL AES-CBC support (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_AESCBC)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES_CBC")
- endif()
- # AES-GCM
- add_option("WOLFSSL_AESGCM"
- "Enable wolfSSL AES-GCM support (default: enabled)"
- "yes" "yes;no;table;small;word32;4bit")
- # leanpsk and leantls don't need gcm
- if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13))
- override_cache(WOLFSSL_AESGCM "no")
- endif()
- if(WOLFSSL_AESGCM AND CMAKE_C_BYTE_ORDER STREQUAL "LITTLE_ENDIAN")
- override_cache(WOLFSSL_AESGCM "4bit")
- endif()
- if(WOLFSSL_AESGCM)
- if("${WOLFSSL_AESGCM}" STREQUAL "word32")
- list(APPEND WOLFSSL_DEFINITIONS "-DGCM_WORD32")
- override_cache(WOLFSSL_AESGCM "yes")
- endif()
- if(("${WOLFSSL_AESGCM}" STREQUAL "small") OR WOLFSSL_LOW_RESOURCE)
- list(APPEND WOLFSSL_DEFINITIONS "-DGCM_SMALL")
- override_cache(WOLFSSL_AESGCM "yes")
- endif()
- if("${WOLFSSL_AESGCM}" STREQUAL "table")
- list(APPEND WOLFSSL_DEFINITIONS "-DGCM_TABLE")
- override_cache(WOLFSSL_AESGCM "yes")
- endif()
- if("${WOLFSSL_AESGCM}" STREQUAL "4bit")
- list(APPEND WOLFSSL_DEFINITIONS "-DGCM_TABLE_4BIT")
- override_cache(WOLFSSL_AESGCM "yes")
- endif()
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AESGCM")
- endif()
- if(WOLFSSL_QUIC)
- if(NOT WOLFSSL_TLS13)
- message(FATAL_ERROR "TLS 1.3 is disabled - necessary for QUIC")
- endif()
- if(NOT WOLFSSL_AESGCM)
- message(FATAL_ERROR "AES-GCM is disabled - necessary for QUIC")
- endif()
- endif()
- # AES-SIV
- add_option("WOLFSSL_AESSIV"
- "Enable wolfSSL AES-SIV support (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_AESSIV)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_SIV")
- endif()
- # AES-CTR
- add_option("WOLFSSL_AESCTR"
- "Enable wolfSSL AES-CTR support (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_OPENVPN OR
- WOLFSSL_LIBSSH2 OR
- WOLFSSL_AESSIV)
- override_cache(WOLFSSL_AESCTR "yes")
- endif()
- if(WOLFSSL_AESCTR AND NOT WOLFSSL_FORTRESS)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_AES_COUNTER"
- "-DWOLFSSL_AES_DIRECT")
- endif()
- # ARIA
- add_option("WOLFSSL_ARIA"
- "Enable wolfSSL ARIA support (default: disabled)"
- "no" "yes;no")
- # AES-CCM
- add_option("WOLFSSL_AESCCM"
- "Enable wolfSSL AES-CCM support (default: disabled)"
- "no" "yes;no")
- # AES-OFB
- add_option("WOLFSSL_AESOFB"
- "Enable wolfSSL AES-OFB support (default: disabled)"
- "no" "yes;no")
- # TODO: - AES-GCM stream
- # - AES-ARM
- # - Xilinx hardened crypto
- # - Intel AES-NI
- # - Intel ASM
- # - Intel RDRAND
- # - Linux af_alg
- # - Linux dev crpyto calls
- # - Camellia
- # - MD2
- # - NULL cipher
- # - RIPEMD
- # - BLAKE2
- add_option("WOLFSSL_AESCFB"
- "Enable wolfSSL AES-CFB support (default: disabled)"
- "no" "yes;no")
- # Align data
- add_option("WOLFSSL_ALIGN_DATA"
- "Align data for ciphers (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_ALIGN_DATA)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_USE_ALIGN")
- endif()
- # SHA224
- set(SHA224_DEFAULT "no")
- if(("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64|arm64") OR
- ("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
- if(NOT WOLFSSL_AFALG AND NOT WOLFSSL_DEVCRYPTO AND
- (NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2")))
- set(SHA224_DEFAULT "yes")
- endif()
- endif()
- add_option("WOLFSSL_SHA224"
- "Enable wolfSSL SHA-224 support (default: enabled on x86_64/aarch64)"
- ${SHA224_DEFAULT} "yes;no")
- # SHA3
- set(SHA3_DEFAULT "no")
- if(("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64|arm64") OR
- ("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
- if(NOT WOLFSSL_FIPS OR ("${FIPS_VERSION}" STREQUAL "v2"))
- set(SHA3_DEFAULT "yes")
- endif()
- endif()
- add_option("WOLFSSL_SHA3"
- "Enable wolfSSL SHA-3 support (default: enabled on x86_64/aarch64)"
- ${SHA3_DEFAULT} "yes;no;small")
- # SHAKE256
- add_option("WOLFSSL_SHAKE256"
- "Enable wolfSSL SHAKE256 support (default: enabled on x86_64/aarch64)"
- "no" "yes;no;small")
- # SHAKE128
- add_option("WOLFSSL_SHAKE128"
- "Enable wolfSSL SHAKE128 support (default: enabled on x86_64/aarch64)"
- "no" "yes;no;small")
- # SHA512
- add_option("WOLFSSL_SHA512"
- "Enable wolfSSL SHA-512 support (default: enabled)"
- "yes" "yes;no")
- # options that don't require sha512
- if(WOLFSSL_LEAN_PSK OR
- WOLFSSL_LEAN_TLS OR
- WOLFSSL_32BIT OR
- WOLFSSL_16BIT)
- override_cache(WOLFSSL_SHA512 "no")
- endif()
- # options that require sha512
- if(WOLFSSL_OPENSSH OR
- WOLFSSL_WPAS OR
- WOLFSSL_FORTRESS)
- override_cache(WOLFSSL_SHA512 "yes")
- endif()
- if(WOLFSSL_SHA512)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA512")
- endif()
- # SHA384
- add_option("WOLFSSL_SHA384"
- "Enable wolfSSL SHA-384 support (default: enabled)"
- "yes" "yes;no")
- # options that don't require sha384
- if(WOLFSSL_LEAN_PSK OR
- WOLFSSL_LEAN_TLS OR
- WOLFSSL_32BIT OR
- WOLFSSL_16BIT)
- override_cache(WOLFSSL_SHA384 "no")
- endif()
- # options that require sha384
- if(WOLFSSL_OPENSSH OR
- WOLFSSL_WPAS OR
- WOLFSSL_FORTRESS)
- override_cache(WOLFSSL_SHA384 "yes")
- endif()
- if(WOLFSSL_SHA384)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA384")
- endif()
- # TODO: - Session certs
- # - SEP
- add_option("WOLFSSL_KEYGEN"
- "Enable key generation (default: disabled)])"
- "no" "yes;no")
- add_option("WOLFSSL_CERTGEN"
- "Enable cert generation (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_CERTREQ"
- "Enable cert request generation (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_CERTEXT"
- "Enable cert request extensions (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_CERTGENCACHE"
- "Enable decoded cert caching (default: disabled)"
- "no" "yes;no")
- # HKDF
- add_option("WOLFSSL_HKDF"
- "Enable HKDF (HMAC-KDF) support (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_TLS13)
- override_cache(WOLFSSL_HKDF "yes")
- endif()
- if(WOLFSSL_HKDF)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HKDF")
- endif()
- # DSA
- add_option("WOLFSSL_DSA"
- "Enable DSA (default: disabled)"
- "no" "yes;no")
- if(NOT WOLFSSL_DSA AND NOT WOLFSSL_OPENSSH)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_DSA")
- endif()
- # ECC Shamir
- add_option("WOLFSSL_ECCSHAMIR"
- "Enable ECC Shamir (default: enabled)"
- "yes" "yes;no")
- # ECC
- add_option("WOLFSSL_ECC"
- "Enable ECC (default: enabled)"
- "yes" "yes;no;nonblock")
- # lean psk doesn't need ecc
- if(WOLFSSL_LEAN_PSK)
- override_cache(WOLFSSL_ECC "no")
- endif()
- if(WOLFSSL_OPENSSH OR
- WOLFSSL_NGINX OR
- WOLFSSL_SIGNAL)
- override_cache(WOLFSSL_ECC "yes")
- endif()
- if(WOLFSSL_ECC)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC" "-DTFM_ECC256")
- if(WOLFSSL_ECCSHAMIR AND NOT WOLFSSL_LOW_RESOURCE)
- list(APPEND WOLFSSL_DEFINITIONS "-DECC_SHAMIR")
- endif()
- if("${WOLFSSL_ECC}" STREQUAL "nonblock")
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_ECC_NONBLOCK")
- endif()
- endif()
- # TODO: - ECC custom curves
- # - Compressed key
- # - FP ECC, fixed point cache ECC
- # - ECC encrypt
- # - PSK
- # - Single PSK identity
- # CURVE25519
- set(WOLFSSL_CURVE25519_SMALL "no")
- add_option("WOLFSSL_CURVE25519"
- "Enable Curve25519 (default: disabled)"
- "no" "yes;no;small;no128bit")
- if(WOLFSSL_OPENSSH)
- override_cache(WOLFSSL_CURVE25519 "yes")
- endif()
- if(WOLFSSL_CURVE25519)
- if("${WOLFSSL_CURVE25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
- list(APPEND WOLFSSL_DEFINITIONS "-DCURVE25519_SMALL")
- set(WOLFSSL_CURVE25519_SMALL "yes")
- endif()
- if("${WOLFSSL_CURVE25519}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED25519_128BIT")
- endif()
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE25519")
- set(WOLFSSL_FEMATH "yes")
- endif()
- # ED25519
- set(WOLFSSL_ED25519_SMALL "no")
- add_option("WOLFSSL_ED25519"
- "Enable ED25519 (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_OPENSSH)
- override_cache(WOLFSSL_ED25519 "yes")
- endif()
- if(WOLFSSL_ED25519 AND NOT WOLFSSL_32BIT)
- if("${WOLFSSL_ED25519}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
- list(APPEND WOLFSSL_DEFINITIONS "-DED25519_SMALL")
- set(WOLFSSL_ED25519_SMALL "yes")
- set(WOLFSSL_CURVE25519_SMALL "yes")
- endif()
- if(NOT WOLFSSL_SHA512)
- message(FATAL_ERROR "cannot enable ed25519 without enabling sha512.")
- endif()
- set(WOLFSSL_FEMATH "yes")
- set(WOLFSSL_GEMATH "yes")
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED25519")
- endif()
- # CURVE448
- set(WOLFSSL_CURVE448_SMALL "no")
- add_option("WOLFSSL_CURVE448"
- "Enable Curve448 (default: disabled)"
- "no" "yes;no;small")
- if(WOLFSSL_CURVE448)
- if("${WOLFSSL_CURVE448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
- list(APPEND WOLFSSL_DEFINITIONS "-DCURVE448_SMALL")
- set(WOLFSSL_CURVE448_SMALL "yes")
- endif()
- if("${WOLFSSL_CURVE448}" STREQUAL "no128bit" OR WOLFSSL_32BIT)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_CURVED448_128BIT")
- endif()
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CURVE448")
- set(WOLFSSL_FE448 "yes")
- endif()
- # ED448
- set(WOLFSSL_ED448_SMALL "no")
- add_option("WOLFSSL_ED448"
- "Enable ED448 (default: disabled)"
- "no" "yes;no;small")
- if(WOLFSSL_ED448 AND NOT WOLFSSL_32BIT)
- if("${WOLFSSL_ED448}" STREQUAL "small" OR WOLFSSL_LOW_RESOURCE)
- list(APPEND WOLFSSL_DEFINITIONS "-DED448_SMALL")
- set(WOLFSSL_ED448_SMALL "yes")
- set(WOLFSSL_CURVE448_SMALL "yes")
- endif()
- if(NOT WOLFSSL_SHA512)
- message(FATAL_ERROR "cannot enable ed448 without enabling sha512.")
- endif()
- set(WOLFSSL_FE448 "yes")
- set(WOLFSSL_GE448 "yes")
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ED448")
- # EdDSA448 requires SHAKE256 which requires SHA-3
- override_cache(WOLFSSL_SHAKE256 "yes")
- endif()
- # Error strings
- add_option("WOLFSSL_ERROR_STRINGS"
- "Enable error strings table (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_ERROR_STRINGS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_ERROR_STRINGS")
- else()
- # turn off error strings if leanpsk or leantls on
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_ERROR_STRINGS")
- override_cache(WOLFSSL_ERROR_STRINGS "no")
- endif()
- endif()
- # Error queue
- add_option("WOLFSSL_ERROR_QUEUE"
- "Enables adding nodes to error queue when compiled with OPENSSL_EXTRA (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_ERROR_QUEUE)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_ERROR_QUEUE")
- endif()
- # Old TLS
- add_option("WOLFSSL_OLD_TLS"
- "Enable old TLS versions < 1.2 (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_OLD_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_OLD_TLS")
- else()
- # turn off old if leanpsk or leantls on
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_OLD_TLS")
- override_cache(WOLFSSL_OLD_TLS "no")
- endif()
- endif()
- # TLSv1.2
- add_option("WOLFSSL_TLSV12"
- "Enable TLS versions 1.2 (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_TLSV12)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_NO_TLS12"
- "-DNO_OLD_TLS")
- endif()
- # TODO: - TLSv1.0
- # - SSLv3
- # - Stack size
- # - Stack size verbose
- # Memory
- add_option("WOLFSSL_MEMORY"
- "Enable memory callbacks (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_MEMORY)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
- else()
- # turn off memory cb if leanpsk or leantls on
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- # but don't turn on NO_WOLFSSL_MEMORY because using own
- override_cache(WOLFSSL_MEMORY "no")
- endif()
- endif()
- # TODO: - Track memory
- # - Memory log
- # - Stack log
- # RSA
- add_option("WOLFSSL_RSA"
- "Enable RSA (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_RSA)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_RSA")
- else()
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_RSA")
- override_cache(WOLFSSL_RSA "no")
- endif()
- endif()
- # OAEP
- add_option("WOLFSSL_OAEP"
- "Enable RSA OAEP (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_OAEP)
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_RSA_OAEP")
- endif()
- # TODO: - RSA public only
- # - RSA verify inline only
- # RSA-PSS
- add_option("WOLFSSL_RSA_PSS"
- "Enable RSA-PSS (default: disabled)"
- "no" "yes;no")
- if(NOT WOLFSSL_RSA)
- override_cache(WOLFSSL_RSA_PSS "no")
- else()
- if(WOLFSSL_TLS13)
- override_cache(WOLFSSL_RSA_PSS "yes")
- endif()
- endif()
- if(WOLFSSL_RSA_PSS)
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_RSA_PSS")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PSS_LONG_SALT")
- endif()
- # DH
- add_option("WOLFSSL_DH"
- "Enable DH (default: enabled)"
- "yes" "yes;no;const")
- if(WOLFSSL_OPENSSH)
- override_cache(WOLFSSL_DH "yes")
- endif()
- if(NOT WOLFSSL_DH)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_DH")
- else()
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_DH")
- override_cache(WOLFSSL_DH "no")
- endif()
- endif()
- if("${WOLFSSL_DH}" STREQUAL "const")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DH_CONST")
- set(WOLFSSL_DH_CONST "yes")
- endif()
- # TODO: - Anonymous
- # ASN
- # turn off asn, which means no certs, no rsa, no dsa, no ecc,
- # and no big int (unless dh is on)
- add_option("WOLFSSL_ASN"
- "Enable ASN (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_ASN)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_ASN" "-DNO_CERTS")
- if(NOT WOLFSSL_DH AND NOT WOLFSSL_ECC)
- # DH and ECC need bigint
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_BIG_INT")
- endif()
- else()
- # turn off ASN if leanpsk on
- if(WOLFSSL_LEAN_PSK)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DNO_ASN"
- "-DNO_CERTS"
- "-DNO_BIG_INT")
- override_cache(WOLFSSL_ASN "no")
- else()
- if("${WOLFSSL_ASN}" STREQUAL "nocrypt")
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_ASN_CRYPT")
- # TODO: verify that this is correct
- override_cache(WOLFSSL_PWDBASED "no")
- endif()
- endif()
- endif()
- if(WOLFSSL_RSA AND NOT WOLFSSL_RSA_VFY AND NOT WOLFSSL_ASN)
- message(FATAL_ERROR "please disable rsa if disabling asn.")
- endif()
- if(WOLFSSL_DSA AND NOT WOLFSSL_ASN)
- message(FATAL_ERROR "please disable dsa if disabling asn.")
- endif()
- # DH and ECC need bigint
- if(NOT WOLFSSL_ASN AND
- NOT WOLFSSL_DH AND
- NOT WOLFSSL_ECC AND
- NOT WOLFSSL_RSA)
- override_cache(WOLFSSL_FAST_MATH "no")
- set(WOLFSSL_SLOWMATH "no")
- endif()
- # AES
- add_option("WOLFSSL_AES"
- "Enable AES (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_AES)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES")
- if(WOLFSSL_FORTRESS)
- message(FATAL_ERROR "fortress requires aes")
- endif()
- if(WOLFSSL_ECC_ENCRYPT)
- message(FATAL_ERROR "cannot enable eccencrypt and hkdf without aes.")
- endif()
- if(WOLFSSL_AESGCM)
- message(FATAL_ERROR "AESGCM requires AES.")
- endif()
- if(WOLFSSL_AESCCM)
- message(FATAL_ERROR "AESCCM requires AES.")
- endif()
- if(WOLFSSL_AESCTR)
- message(FATAL_ERROR "AESCTR requires AES.")
- endif()
- else()
- if(WOLFSSL_LEAN_PSK)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES")
- override_cache(WOLFSSL_AES "no")
- endif()
- endif()
- # Coding
- add_option("WOLFSSL_CODING"
- "Enable coding base 16/64 (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_CODING)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_CODING")
- else()
- # turn off CODING if leanpsk on
- if(WOLFSSL_LEAN_PSK)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_CODING")
- override_cache(WOLFSSL_CODING "no")
- endif()
- endif()
- # Base64
- set(BASE64_ENCODE_DEFAULT "no")
- if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64|arm64")
- set(BASE64_ENCODE_DEFAULT "yes")
- endif()
- set(WOLFSSL_BASE64_ENCODE_HELP_STRING "Enable Base64 encoding (default: enabled on x86_64)")
- add_option("WOLFSSL_BASE64_ENCODE" ${WOLFSSL_BASE64_ENCODE_HELP_STRING} ${BASE64_ENCODE_DEFAULT} "yes;no")
- if(WOLFSSL_BASE64_ENCODE)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_BASE64_ENCODE")
- endif()
- # TODO: - Base16
- # DES3
- set(WOLFSSL_DES3_HELP_STRING "Enable DES3 (default: disabled)")
- add_option("WOLFSSL_DES3" ${WOLFSSL_DES3_HELP_STRING} "no" "yes;no")
- if(WOLFSSL_OPENSSH OR
- WOLFSSL_QT OR
- WOLFSSL_OPENVPN OR
- WOLFSSL_WPAS OR
- WOLFSSL_ASIO)
- override_cache(WOLFSSL_DES3 "yes")
- endif()
- # DES3 TLS Suites
- set(WOLFSSL_DES3_TLS_SUITES_STRING "Enable DES3 TLS cipher suites (default: disabled)")
- add_option("WOLFSSL_DES3_TLS_SUITES" ${WOLFSSL_DES3_TLS_SUITES_STRING} "no" "yes;no")
- if(NOT WOLFSSL_DES3_TLS_SUITES)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_DES3_TLS_SUITES")
- endif()
- # ARC4
- set(WOLFSSL_ARC4_HELP_STRING "Enable ARC4 (default: disabled)")
- add_option("WOLFSSL_ARC4" ${WOLFSSL_ARC4_HELP_STRING} "no" "yes;no")
- if(WOLFSSL_OPENSSH OR WOLFSSL_WPAS)
- override_cache(WOLFSSL_ARC4 "yes")
- endif()
- # MD5
- set(WOLFSSL_MD5_HELP_STRING "Enable MD5 (default: enabled)")
- add_option("WOLFSSL_MD5" ${WOLFSSL_MD5_HELP_STRING} "yes" "yes;no")
- if(NOT WOLFSSL_MD5)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_MD5" "-DNO_OLD_TLS")
- else()
- # turn off MD5 if leanpsk or leantls on
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_MD5" "-DNO_OLD_TLS")
- override_cache(WOLFSSL_MD5 "no")
- endif()
- endif()
- # SHA
- add_option("WOLFSSL_SHA"
- "Enable SHA (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_SHA)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_SHA" "-DNO_OLD_TLS")
- else()
- # turn off SHA if leanpsk or leantls on
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_SHA" "-DNO_OLD_TLS")
- override_cache(WOLFSSL_SHA "no")
- endif()
- endif()
- # TODO: - AES-XTS
- # - Web server
- # - Web client
- add_option("WOLFSSL_CMAC"
- "Enable CMAC (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_WPAS OR
- WOLFSSL_NTP OR
- WOLFSSL_AESSIV)
- override_cache(WOLFSSL_CMAC "yes")
- endif()
- if(WOLFSSL_CMAC)
- if (NOT WOLFSSL_AES)
- message(FATAL_ERROR "Cannot use CMAC without AES.")
- else()
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_CMAC"
- "-DWOLFSSL_AES_DIRECT")
- endif()
- endif()
- # TODO: - RC2
- # - FIPS, again (there's more logic for FIPS in configure.ac)
- # - Selftest
- # SHA224
- if(WOLFSSL_SHA224)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA224")
- endif()
- # SHA3
- if("${WOLFSSL_SHA3}" STREQUAL "small")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3_SMALL")
- override_cache(WOLFSSL_SHA3 "yes")
- endif()
- if(WOLFSSL_SHA3 AND NOT WOLFSSL_32BIT)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3")
- endif()
- # SHAKE256
- if(WOLFSSL_SHAKE256)
- if(NOT WOLFSSL_32BIT)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256")
- if(NOT WOLFSSL_SHA3)
- message(FATAL_ERROR "Must have SHA-3 enabled: --enable-sha3")
- endif()
- endif()
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_NO_SHAKE256")
- endif()
- # SHAKE128
- if(WOLFSSL_SHAKE128)
- if(NOT WOLFSSL_32BIT)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128")
- if(NOT WOLFSSL_SHA3)
- message(FATAL_ERROR "Must have SHA-3 enabled: --enable-sha3")
- endif()
- endif()
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_NO_SHAKE128")
- endif()
- # POLY1305
- set(POLY1305_DEFAULT "yes")
- if(WOLFSSL_FIPS)
- set(POLY1305_DEFAULT "no")
- endif()
- set(WOLFSSL_POLY1305_HELP_STRING "Enable wolfSSL POLY1305 support (default: enabled)")
- add_option("WOLFSSL_POLY1305" ${WOLFSSL_POLY1305_HELP_STRING} ${POLY1305_DEFAULT} "yes;no")
- # leanpsk and leantls don't need poly1305
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- override_cache(WOLFSSL_POLY1305 "no")
- endif()
- if(WOLFSSL_POLY1305)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DHAVE_POLY1305"
- "-DHAVE_ONE_TIME_AUTH")
- endif()
- # CHACHA
- set(CHACHA_DEFAULT "yes")
- if(WOLFSSL_FIPS)
- set(CHACHA_DEFAULT "no")
- endif()
- add_option("WOLFSSL_CHACHA"
- "Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups"
- ${CHACHA_DEFAULT} "yes;no;noasm")
- # leanpsk and leantls don't need chacha
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- override_cache(WOLFSSL_CHACHA "no")
- endif()
- if(("${WOLFSSL_CHACHA}" STREQUAL "noasm") OR NOT WOLFSSL_ASM)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_CHACHA_ASM")
- endif()
- if(NOT ("${WOLFSSL_CHACHA}" STREQUAL "noasm") AND WOLFSSL_CHACHA)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CHACHA")
- endif()
- # TODO: - XCHACHA
- # Hash DRBG
- add_option("WOLFSSL_HASH_DRBG"
- "Enable Hash DRBG support (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_HASH_DRBG)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HASHDRBG")
- else()
- # turn on Hash DRBG if FIPS is on
- if(WOLFSSL_FIPS)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HASHDRBG")
- override_cache(WOLFSSL_HASH_DRBG "yes")
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_HASHDRBG")
- endif()
- endif()
- # Filesystem
- if(WOLFSSL_LINUX_KM)
- set(FILESYSTEM_DEFAULT "no")
- else()
- set(FILESYSTEM_DEFAULT "yes")
- endif()
- add_option("WOLFSSL_FILESYSTEM"
- "Enable Filesystem support (default: enabled)"
- ${FILESYSTEM_DEFAULT} "yes;no")
- if(NOT WOLFSSL_FILESYSTEM)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_FILESYSTEM")
- else()
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_FILESYSTEM")
- override_cache(WOLFSSL_FILESYSTEM "no")
- endif()
- endif()
- # Inline function support
- add_option("WOLFSSL_INLINE"
- "Enable inline functions (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_INLINE)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_INLINE")
- endif()
- # TODO:
- # - CRL monitor
- # - User crypto
- # - Whitewood netRandom client library
- # - Max fragment length
- # - ALPN
- # - Trusted CA indication
- # - Truncated HMAC
- # - Renegotiation indication
- # - Secure renegotiation
- # - Fallback SCSV
- add_option(WOLFSSL_OCSP "Enable OCSP (default: disabled)" "no" "yes;no")
- add_option(WOLFSSL_OCSPSTAPLING "Enable OCSP Stapling (default: disabled)" "no" "yes;no")
- add_option(WOLFSSL_OCSPSTAPLING_V2 "Enable OCSP Stapling v2 (default: disabled)" "no" "yes;no")
- add_option(WOLFSSL_CRL
- "Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)"
- "no" "yes;no;io")
- set(SNI_DEFAULT "no")
- if(("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|x86|AMD64|arm64") OR
- ("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
- set(SNI_DEFAULT "yes")
- endif()
- set(WOLFSSL_SNI_HELP_STRING "Enable SNI (default: disabled)")
- add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} ${SNI_DEFAULT} "yes;no")
- set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)")
- add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no")
- # Supported elliptic curves extensions
- add_option("WOLFSSL_SUPPORTED_CURVES"
- "Enable Supported Elliptic Curves (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_SUPPORTED_CURVES)
- if(NOT WOLFSSL_ECC AND NOT WOLFSSL_CURVE25519 AND NOT WOLFSSL_CURVE448)
- override_cache(WOLFSSL_SUPPORTED_CURVES "no")
- else()
- list(APPEND WOLFSSL_DEFINITIONS
- "-DHAVE_TLS_EXTENSIONS"
- "-DHAVE_SUPPORTED_CURVES")
- endif()
- endif()
- # Diffie-Hellman
- if(WOLFSSL_DH)
- if(WOLFSSL_TLS13 OR WOLFSSL_SUPPORTED_CURVES)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_FFDHE_2048")
- endif()
- endif()
- # TODO: - FFDHE params only
- # TLS 1.3 Requires either ECC or (RSA/DH), or CURVE25519/ED25519 or CURVE448/ED448
- if (NOT WOLFSSL_ECC AND
- (NOT WOLFSSL_RSA OR NOT WOLFSSL_DH) AND
- (NOT WOLFSSL_CURVE25519 OR NOT WOLFSSL_ED25519) AND
- (NOT WOLFSSL_CURVE448 AND NOT WOLFSSL_ED448))
- override_cache(WOLFSSL_TLS13 "no")
- endif()
- if (WOLFSSL_TLS13)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DHAVE_SUPPORTED_CURVES"
- "-DWOLFSSL_TLS13"
- "-DHAVE_TLS_EXTENSIONS"
- )
- endif()
- # Session Ticket Extension
- add_option("WOLFSSL_SESSION_TICKET"
- "Enable Session Ticket (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_NGINX OR WOLFSSL_WPAS OR WOLFSSL_HAPROXY OR WOLFSSL_LIGHTY)
- override_cache(WOLFSSL_SESSION_TICKET "yes")
- endif()
- if(WOLFSSL_SESSION_TICKET)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DHAVE_TLS_EXTENSIONS"
- "-DHAVE_SESSION_TICKET")
- endif()
- add_option("WOLFSSL_TICKET_NONCE_MALLOC"
- "Enable dynamic allocation of ticket nonces (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_TICKET_NONCE_MALLOC)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DWOLFSSL_TICKET_NONCE_MALLOC")
- endif()
- # Extended master secret extension
- add_option("WOLFSSL_EXTENDED_MASTER"
- "Enable Extended Master Secret (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_EXTENDED_MASTER)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_EXTENDED_MASTER")
- endif()
- if(NOT WOLFSSL_ARC4)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_RC4")
- else()
- # turn off ARC4 if leanpsk or leantls on
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_RC4")
- override_cache(WOLFSSL_ARC4 "no")
- endif()
- endif()
- # TODO: - TLS extensions
- # - Early data handshake
- # - SCEP
- # - Secure remote password
- # - Indefinite length encoded messages
- # - Small stack cache
- # - Small stack
- # - Valgrind
- # - Test certs
- # - I/O pool example
- # - Certificate service
- # - wolfSSL JNI
- # - lighttpd/lighty
- # - Asio
- # - Apache HTTPD
- set(WOLFSSL_PKCS7_HELP_STRING "Enable PKCS7 (default: disabled)")
- add_option(WOLFSSL_PKCS7 ${WOLFSSL_PKCS7_HELP_STRING} "no" "yes;no")
- set(WOLFSSL_TPM_HELP_STRING "Enable wolfTPM options (default: disabled)")
- add_option(WOLFSSL_TPM ${WOLFSSL_TPM_HELP_STRING} "no" "yes;no")
- set(WOLFSSL_AESKEYWRAP_HELP_STRING "Enable AES key wrap support (default: disabled)")
- add_option(WOLFSSL_AESKEYWRAP ${WOLFSSL_AESKEYWRAP_HELP_STRING} "no" "yes;no")
- set(WOLFSSL_X963KDF_HELP_STRING "Enable X9.63 KDF support (default: disabled)")
- add_option(WOLFSSL_X963KDF ${WOLFSSL_X963KDF_HELP_STRING} "no" "yes;no")
- # Encrypt-then-mac
- add_option("WOLFSSL_ENC_THEN_MAC"
- "Enable Encryptr-Then-Mac extension (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_APACHE_HTTPD)
- override_cache(WOLFSSL_ENC_THEN_MAC "no")
- endif()
- if(WOLFSSL_TLSX)
- override_cache(WOLFSSL_ENC_THEN_MAC "yes")
- endif()
- if(WOLFSSL_SNIFFER)
- override_cache(WOLFSSL_ENC_THEN_MAC "no")
- endif()
- # stunnel Support
- # TODO: rest of stunnel support
- add_option("WOLFSSL_STUNNEL"
- "Enable stunnel (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_ENC_THEN_MAC)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ENCRYPT_THEN_MAC")
- endif()
- if(NOT WOLFSSL_PSK AND
- NOT WOLFSSL_LEAN_PSK AND
- NOT WOLFSSL_STUNNEL)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_PSK")
- endif()
- # MD4
- set(WOLFSSL_MD4_HELP_STRING "Enable MD4 (default: disabled)")
- add_option("WOLFSSL_MD4" ${WOLFSSL_MD4_HELP_STRING} "no" "yes;no")
- if(NOT WOLFSSL_MD4)
- # turn on MD4 if using stunnel
- if(WOLFSSL_STUNNEL OR WOLFSSL_WPAS)
- override_cache(WOLFSSL_MD4 "yes")
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_MD4")
- endif()
- endif()
- # Encrypted keys
- add_option("WOLFSSL_ENCKEYS"
- "Enable PEM encrypted key support (default: disabled)"
- "no" "yes;no")
- if(NOT WOLFSSL_ENCKEYS)
- if(WOLFSSL_OPENSSLEXTRA OR
- WOLFSSL_WEBSERVER OR
- WOLFSSL_WPAS)
- # opensslextra, webserver, and WPAS needs enckeys
- override_cache(WOLFSSL_ENCKEYS "yes")
- endif()
- endif()
- if(WOLFSSL_ENCKEYS)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ENCRYPTED_KEYS")
- endif()
- # PKCS#12
- set(WOLFSSL_PKCS12_HELP_STRING "Enable pkcs12 (default: enabled)")
- add_option("WOLFSSL_PKCS12" ${WOLFSSL_PKCS12_HELP_STRING} "yes" "yes;no")
- if(NOT WOLFSSL_ASN)
- override_cache(WOLFSSL_PKCS12 "no")
- endif()
- if(NOT WOLFSSL_PKCS12)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_PKCS12")
- endif()
- # PWDBASED has to come after certservice since we want it on w/o explicit on
- # PWDBASED
- add_option("WOLFSSL_PWDBASED"
- "Enable PWDBASED (default: disabled)"
- "no" "yes;no")
- if(NOT WOLFSSL_PWDBASED)
- if(WOLFSSL_OPENSSLEXTRA OR
- WOLFSSL_OPENSSLALL OR
- WOLFSSL_WEBSERVER OR
- WOLFSSL_ENC_KEYS OR
- WOLFSSL_PKCS12)
- # opensslextra, opensslall, webserver, and enckeys needs pwdbased
- override_cache(WOLFSSL_PWDBASED "yes")
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_PWDBASED")
- endif()
- endif()
- # TODO: - SCRYPT
- # - wolfCrypt only
- # fastmath
- add_option("WOLFSSL_FAST_MATH"
- "Enable fast math ops (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_FAST_MATH)
- # turn off fastmath if leanpsk on or asn off (w/o DH and ECC)
- if(WOLFSSL_LEAN_PSK OR NOT WOLFSSL_ASN)
- if(NOT WOLFSSL_DH AND
- NOT WOLFSSL_ECC AND
- NOT WOLFSSL_RSA)
- override_cache(WOLFSSL_FAST_MATH "no")
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DUSE_FAST_MATH")
- set(WOLFSSL_SLOWMATH "no")
- endif()
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DUSE_FAST_MATH")
- set(WOLFSSL_SLOWMATH "no")
- endif()
- endif()
- # TODO: - Fast huge math
- # Set processor-specific build macros
- if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
- set(WOLFSSL_X86_64_BUILD ON)
- add_option("WOLFSSL_X86_64_BUILD_ASM" "Build ASM files" "yes" "yes;no")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
- elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "aarch64|arm64")
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AARCH64_BUILD")
- endif()
- # SP math all
- add_option("WOLFSSL_SP_MATH_ALL"
- "Enable Single Precision math implementation for full algorithm suite (default: enabled)"
- "yes" "yes;no")
- # Enable examples, used to disable examples
- if(WOLFSSL_LINUX_KM)
- set(EXAMPLES_DEFAULT "no")
- else()
- set(EXAMPLES_DEFAULT "yes")
- endif()
- add_option("WOLFSSL_EXAMPLES"
- "Enable examples (default: enabled)"
- ${EXAMPLES_DEFAULT} "yes;no")
- if(NOT WOLFSSL_FILESYSTEM OR
- NOT WOLFSSL_INLINE OR
- WOLFSSL_CRYPT_ONLY)
- override_cache(WOLFSSL_EXAMPLES "no")
- endif()
- # Enable wolfCrypt test and benchmark
- if(WOLFSSL_LINUX_KM)
- set(CRYPT_TESTS_DEFAULT "no")
- else()
- set(CRYPT_TESTS_DEFAULT "yes")
- endif()
- add_option("WOLFSSL_CRYPT_TESTS"
- "Enable Crypt Bench/Test (default: enabled)"
- ${CRYPT_TESTS_DEFAULT} "yes;no")
- add_option("WOLFSSL_CRYPT_TESTS_LIBS"
- "Build static libraries from the wolfCrypt test and benchmark sources (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_CRYPT_TESTS_HELP"
- "Add help text to wolfCrypt test (default: disabled)"
- "no" "yes;no")
- # TODO: - LIBZ
- # - PKCS#11
- # - Cavium
- # - Cavium V
- # - Cavium Octeon
- # - Intel QuickAssist
- # - SP ASM (and other SP logic)
- # - Fast RSA
- # - Static memory use
- # - Microchip API
- # - Asynchronous crypto
- # Asynchronous threading
- add_option("WOLFSSL_ASYNC_THREADS"
- "Enable Asynchronous Threading (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_ASYNC_CRYPT AND WOLFSSL_ASYNC_THREADS)
- if(CMAKE_USE_PTHREADS_INIT)
- override_cache(WOLFSSL_ASYNC_THREADS "yes")
- else()
- override_cache(WOLFSSL_ASYNC_THREADS "no")
- endif()
- else()
- override_cache(WOLFSSL_ASYNC_THREADS "no")
- endif()
- if(WOLFSSL_ASYNC_THREADS)
- list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
- list(APPEND WOLFSSL_DEFINITIONS "-D_GNU_SOURCE")
- else()
- list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_ASYNC_THREADING")
- endif()
- # TODO: - Session export
- add_option("WOLFSSL_CRYPTOCB"
- "Enable crypto callbacks (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_PKCALLBACKS"
- "Enable public key callbacks (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_OLD_NAMES"
- "Keep backwards compat with old names (default: enabled)"
- "yes" "yes;no")
- if(NOT WOLFSSL_OLD_NAMES AND NOT WOLFSSL_OPENSSL_COEXIST)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DNO_OLD_RNGNAME"
- "-DNO_OLD_WC_NAMES"
- "-DNO_OLD_SSL_NAMES"
- "-DNO_OLD_SHA_NAMES")
- endif()
- # TODO: - Memory tests
- # - Hash flags
- # Support for enabling setting default DH parameters
- add_option("WOLFSSL_DH_DEFAULT_PARAMS"
- "Enables option for default dh parameters (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_DH_DEFAULT_PARAMS OR NOT WOLFSSL_QT)
- override_cache(WOLFSSL_DH_DEFAULT_PARAMS "yes")
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_DH_DEFAULT_PARAMS")
- endif()
- if(NOT WOLFSSL_DES3)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_DES3")
- else()
- # turn off DES3 if leanpsk or leantls on
- if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
- list(APPEND WOLFSSL_DEFINITIONS "-DNO_DES3")
- override_cache(WOLFSSL_DES3 "no")
- endif()
- endif()
- add_option("WOLFSSL_USER_SETTINGS"
- "Use your own user_settings.h and do not add Makefile CFLAGS (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_USER_SETTINGS_ASM"
- "Enable use of user_settings_asm.h in assembly files (default: disabled)"
- "no" "yes;no")
- add_option("WOLFSSL_OPTFLAGS"
- "Enable default optimization CFLAGS for the compiler (default: enabled)"
- "yes" "yes;no")
- add_option("WOLFSSL_SYS_CA_CERTS"
- "Enable ability to load CA certs from OS (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_SYS_CA_CERTS)
- if(NOT WOLFSSL_FILESYSTEM)
- message("Can't enable system CA certs without a filesystem.")
- override_cache(WOLFSSL_SYS_CA_CERTS "no")
- elseif(APPLE)
- # Headers used for MacOS default system CA certs behavior. Only MacOS SDK will have this header
- check_include_file("Security/SecTrustSettings.h" HAVE_SECURITY_SECTRUSTSETTINGS_H)
- # Headers used for Apple native cert validation. All device SDKs should have these headers
- check_include_file("Security/SecCertificate.h" HAVE_SECURITY_SECCERTIFICATE_H)
- check_include_file("Security/SecTrust.h" HAVE_SECURITY_SECTRUST_H)
- check_include_file("Security/SecPolicy.h" HAVE_SECURITY_SECPOLICY_H)
- # Either Security/SecTrustSettings (for MacOS cert loading), or the
- # trio of Security/SecCertificate.h, Security/SecTrust.h, and
- # Security/SecPolicy.h (for native trust APIs on other apple devices)
- # must be present. Default to SecTrustSettings method on MacOS.
- if(HAVE_SECURITY_SECTRUSTSETTINGS_H OR (HAVE_SECURITY_SECCERTIFICATE_H
- AND HAVE_SECURITY_SECTRUST_H
- AND HAVE_SECURITY_SECPOLICY_H))
- find_library(CORE_FOUNDATION_FRAMEWORK CoreFoundation)
- if(NOT CORE_FOUNDATION_FRAMEWORK)
- message(FATAL_ERROR "Can't enable system CA certs without CoreFoundation framework.")
- else()
- find_library(SECURITY_FRAMEWORK Security)
- if(NOT SECURITY_FRAMEWORK)
- message(FATAL_ERROR "Can't enable system CA certs without Security framework.")
- endif()
- endif()
- # MacOS should not use native cert validation by default, but other apple devices should.
- if(NOT HAVE_SECURITY_SECTRUSTSETTINGS_H AND HAVE_SECURITY_SECCERTIFICATE_H
- AND HAVE_SECURITY_SECTRUST_H
- AND HAVE_SECURITY_SECPOLICY_H)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_APPLE_NATIVE_CERT_VALIDATION")
- endif()
- else()
- message(FATAL_ERROR "Can't enable system CA certs without Apple Security.framework headers.")
- endif()
- endif()
- if(WOLFSSL_SYS_CA_CERTS)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SYS_CA_CERTS")
- endif()
- endif()
- # FLAGS operations
- if(WOLFSSL_AESCCM)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AESCCM")
- endif()
- if(WOLFSSL_AESOFB)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_OFB" "-DWOLFSSL_AES_DIRECT")
- endif()
- if(WOLFSSL_TPM)
- override_cache(WOLFSSL_KEYGEN "yes")
- override_cache(WOLFSSL_CERTGEN "yes")
- override_cache(WOLFSSL_CRYPTOCB "yes")
- override_cache(WOLFSSL_CERTREQ "yes")
- override_cache(WOLFSSL_CERTEXT "yes")
- override_cache(WOLFSSL_PKCS7 "yes")
- override_cache(WOLFSSL_AESCFB "yes")
- endif()
- if(WOLFSSL_AESCFB)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CFB")
- endif()
- if(WOLFSSL_PKCS7)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PKCS7")
- override_cache(WOLFSSL_AESKEYWRAP "yes")
- # Enable prereqs if not already enabled
- if(WOLFSSL_ECC)
- override_cache(WOLFSSL_X963KDF "yes")
- endif()
- endif()
- if(WOLFSSL_X963KDF)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_X963_KDF")
- endif()
- if(WOLFSSL_AESKEYWRAP)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DHAVE_AES_KEYWRAP"
- "-DWOLFSSL_AES_DIRECT"
- )
- endif()
- # Hybrid Public Key Encryption (RFC9180)
- add_option("WOLFSSL_HPKE"
- "Enable wolfSSL hybrid public key encryption (default: disabled)"
- "no" "yes;no")
- # Encrypted Client Hello (ECH)
- add_option("WOLFSSL_ECH"
- "Enable wolfSSL encrypted client hello (default: disabled)"
- "no" "yes;no")
- # Keying Material Exporter / TLS Exporter
- add_option("WOLFSSL_KEYING_MATERIAL"
- "Enable wolfSSL keying material export (default: disabled)"
- "no" "yes;no")
- if(WOLFSSL_HPKE)
- if(NOT WOLFSSL_ECC)
- message(FATAL_ERROR "HPKE supported only with ECC (WOLFSSL_ECC)")
- endif()
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HPKE")
- override_cache(WOLFSSL_HKDF "yes")
- endif()
- if(WOLFSSL_ECH)
- if(NOT WOLFSSL_HPKE)
- message(FATAL_ERROR "ECH supported only with HPKE (WOLFSSL_HPKE)")
- endif()
- if(NOT WOLFSSL_SNI)
- message(FATAL_ERROR "ECH supported only with SNI (WOLFSSL_SNI)")
- endif()
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECH")
- endif()
- if(WOLFSSL_KEYING_MATERIAL)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_KEYING_MATERIAL")
- endif()
- if(WOLFSSL_KEYGEN)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_KEY_GEN")
- endif()
- if(WOLFSSL_CERTGEN)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CERT_GEN")
- endif()
- if(WOLFSSL_CERTREQ)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CERT_REQ")
- endif()
- if(WOLFSSL_CERTEXT)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CERT_EXT")
- endif()
- if(WOLFSSL_CERTGENCACHE)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CERT_GEN_CACHE")
- endif()
- if(WOLFSSL_CRYPTOCB)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB")
- endif()
- # Public Key Callbacks
- if(WOLFSSL_PKCALLBACKS)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
- endif()
- if(WOLFSSL_OCSPSTAPLING)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CERTIFICATE_STATUS_REQUEST" "-DHAVE_TLS_EXTENSIONS")
- override_cache(WOLFSSL_OCSP "yes")
- endif()
- if(WOLFSSL_OCSPSTAPLING_V2)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CERTIFICATE_STATUS_REQUEST_V2" "-DHAVE_TLS_EXTENSIONS")
- override_cache(WOLFSSL_OCSP "yes")
- endif()
- # must be below OCSP stapling options to allow override
- if (WOLFSSL_OCSP)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OCSP")
- endif()
- if (WOLFSSL_CRL STREQUAL "yes")
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CRL")
- elseif(WOLFSSL_CRL STREQUAL "io")
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CRL" "-DHAVE_CRL_IO")
- endif()
- if (WOLFSSL_SNI)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_TLS_EXTENSIONS" "-DHAVE_SNI")
- endif()
- if (WOLFSSL_TLSX)
- list(APPEND WOLFSSL_DEFINITIONS
- "-DHAVE_TLS_EXTENSIONS"
- "-DHAVE_SNI"
- "-DHAVE_MAX_FRAGMENT"
- "-DHAVE_TRUNCATED_HMAC"
- "-DHAVE_ALPN"
- "-DHAVE_TRUSTED_CA")
- if (WOLFSSL_ECC OR WOLFSSL_CURVE25519 OR WOLFSSL_CURVE448 OR WOLFSSL_TLS13)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_SUPPORTED_CURVES")
- endif()
- endif()
- add_option("WOLFSSL_CAAM"
- "Enable use of CAAM with NXP (default: disabled)"
- "no" "yes;no")
- if (WOLFSSL_CAAM)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CAAM")
- endif()
- if (WOLFSSL_ARIA)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ARIA")
- endif()
- # Generates the BUILD_* flags. These control what source files are included in
- # the library. A series of AM_CONDITIONALs handle this in configure.ac.
- generate_build_flags()
- # TODO: - Bit of logic after optimization flags option (above)
- # - Check for build-type conflicts section
- # USER SETTINGS
- if(WOLFSSL_USER_SETTINGS)
- # Replace all options and just use WOLFSSL_USER_SETTINGS
- set(WOLFSSL_DEFINITIONS "-DWOLFSSL_USER_SETTINGS")
- endif()
- if(WOLFSSL_USER_SETTINGS_ASM)
- if(WOLFSSL_USER_SETTINGS)
- list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_USER_SETTINGS_ASM")
- # Create user_settings_asm.h for use in assembly files (e.g. .S files).
- if(WIN32)
- execute_process(COMMAND
- $ENV{SHELL} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/user_settings_asm.sh
- "${CMAKE_C_FLAGS} ${CMAKE_CXX_FLAGS}"
- RESULT_VARIABLE USER_SETTINGS_ASM_RET)
- else()
- execute_process(COMMAND
- ${CMAKE_CURRENT_SOURCE_DIR}/scripts/user_settings_asm.sh
- "${CMAKE_C_FLAGS} ${CMAKE_CXX_FLAGS}"
- RESULT_VARIABLE USER_SETTINGS_ASM_RET)
- endif()
- if (NOT USER_SETTINGS_ASM_RET EQUAL 0)
- message(FATAL_ERROR
- "${CMAKE_CURRENT_SOURCE_DIR}/scripts/user_settings_asm.sh failed.")
- endif()
- else()
- message(FATAL_ERROR
- "Must have WOLFSSL_USER_SETTINGS to enable WOLFSSL_USER_SETTINGS_ASM.")
- endif()
- endif()
- add_option("WOLFSSL_CONFIG_H"
- "Enable generation of config.h and define HAVE_CONFIG_H (default: enabled)"
- "yes" "yes;no")
- if(WOLFSSL_CONFIG_H)
- add_definitions("-DHAVE_CONFIG_H")
- configure_file("${CMAKE_CURRENT_SOURCE_DIR}/cmake/config.in"
- "${CMAKE_CURRENT_BINARY_DIR}/config.h" )
- set(abs_top_srcdir ${CMAKE_CURRENT_SOURCE_DIR})
- set(abs_top_builddir ${CMAKE_CURRENT_BINARY_DIR})
- configure_file("${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test_paths.h.in"
- "${CMAKE_CURRENT_BINARY_DIR}/wolfcrypt/test/test_paths.h" )
- endif()
- # If config.h or wolfssl/options.h exists, delete it to avoid
- # a mixup with build/wolfssl/options.h.
- if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/options.h")
- file(REMOVE "${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/options.h")
- endif()
- if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/config.h")
- file(REMOVE "${CMAKE_CURRENT_SOURCE_DIR}/config.h")
- endif()
- # Suppress some warnings about separate compilation, inlining
- add_definitions("-DWOLFSSL_IGNORE_FILE_WARN")
- # Generate user options header
- message(STATUS "Generating user options header...")
- if (${CMAKE_DISABLE_SOURCE_CHANGES})
- set(WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT "${CMAKE_DISABLE_SOURCE_CHANGES}")
- else()
- set(WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT "yes")
- endif()
- add_option("WOLFSSL_BUILD_OUT_OF_TREE"
- "Don't generate files in the source tree (default: ${WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT})"
- "${WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT}" "yes;no")
- if (${WOLFSSL_BUILD_OUT_OF_TREE})
- set(WOLFSSL_OUTPUT_BASE ${CMAKE_CURRENT_BINARY_DIR})
- else()
- set(WOLFSSL_OUTPUT_BASE ${CMAKE_CURRENT_SOURCE_DIR})
- endif()
- set(OPTION_FILE "${WOLFSSL_OUTPUT_BASE}/wolfssl/options.h")
- # sccache
- add_option("ENABLE_SCCACHE"
- "Enable sccache (default: disabled)"
- "no" "yes;no")
- if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
- find_program(SCCACHE sccache REQUIRED)
- if(SCCACHE)
- message(STATUS "Enable sccache")
- if(CMAKE_C_COMPILER_LAUNCHER)
- set(CMAKE_C_COMPILER_LAUNCHER "${CMAKE_C_COMPILER_LAUNCHER}" "${SCCACHE}")
- else()
- set(CMAKE_C_COMPILER_LAUNCHER "${SCCACHE}")
- endif()
- if(CMAKE_CXX_COMPILER_LAUNCHER)
- set(CMAKE_CXX_COMPILER_LAUNCHER "${CMAKE_CXX_COMPILER_LAUNCHER}" "${SCCACHE}")
- else()
- set(CMAKE_CXX_COMPILER_LAUNCHER "${SCCACHE}")
- endif()
- if (MSVC)
- if(CMAKE_BUILD_TYPE STREQUAL "Debug")
- string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG}")
- string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
- elseif(CMAKE_BUILD_TYPE STREQUAL "Release")
- string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}")
- string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
- elseif(CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")
- string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}")
- string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
- endif()
- endif()
- set(WOLFSSL_SCCACHE_ALREADY_SET_FLAG ON)
- endif()
- endif()
- file(REMOVE ${OPTION_FILE})
- file(APPEND ${OPTION_FILE} "/* wolfssl options.h\n")
- file(APPEND ${OPTION_FILE} " * generated from configure options\n")
- file(APPEND ${OPTION_FILE} " *\n")
- file(APPEND ${OPTION_FILE} " * Copyright (C) 2006-2023 wolfSSL Inc.\n")
- file(APPEND ${OPTION_FILE} " *\n")
- file(APPEND ${OPTION_FILE} " * This file is part of wolfSSL. (formerly known as CyaSSL)\n")
- file(APPEND ${OPTION_FILE} " *\n")
- file(APPEND ${OPTION_FILE} " */\n\n")
- file(APPEND ${OPTION_FILE} "#ifndef WOLFSSL_OPTIONS_H\n")
- file(APPEND ${OPTION_FILE} "#define WOLFSSL_OPTIONS_H\n\n\n")
- file(APPEND ${OPTION_FILE} "#ifdef __cplusplus\n")
- file(APPEND ${OPTION_FILE} "extern \"C\" {\n")
- file(APPEND ${OPTION_FILE} "#endif\n\n")
- add_to_options_file("${WOLFSSL_DEFINITIONS}" "${OPTION_FILE}")
- # CMAKE_C_FLAGS is just a string of space-separated flags to pass to the C
- # compiler. We need to replace those spaces with semicolons in order to treat it
- # as a CMake list.
- string(REPLACE " " ";" CMAKE_C_FLAGS_LIST "${CMAKE_C_FLAGS}")
- add_to_options_file("${CMAKE_C_FLAGS_LIST}" "${OPTION_FILE}")
- file(APPEND ${OPTION_FILE} "\n#ifdef __cplusplus\n")
- file(APPEND ${OPTION_FILE} "}\n")
- file(APPEND ${OPTION_FILE} "#endif\n\n\n")
- file(APPEND ${OPTION_FILE} "#endif /* WOLFSSL_OPTIONS_H */\n\n")
- ####################################################
- # Library Target
- ####################################################
- # TODO: - Build shared/static libs based on enables. Check CMake
- # global flag BUILD_SHARED_LIBS.
- option(BUILD_SHARED_LIBS "Build shared libraries (.dll/.so) instead of static ones (.lib/.a)" ON)
- set(LIB_SOURCES "")
- # Generates a list of sources to include in the library.
- # Corresponds to the instances of "src_libwolfssl_la_SOURCES += ..."
- # in the *.am files.
- generate_lib_src_list("${LIB_SOURCES}")
- if(BUILD_SHARED_LIBS)
- message(STATUS "BUILD_SHARED_LIBS enabled: ${LIB_SOURCES}")
- add_library(wolfssl SHARED ${LIB_SOURCES})
- else()
- message(STATUS "Static Libs: ${LIB_SOURCES}")
- add_library(wolfssl STATIC ${LIB_SOURCES})
- endif()
- add_library(wolfssl::wolfssl ALIAS wolfssl)
- if (NOT "$ENV{ARIA_DIR}" STREQUAL "")
- message(STATUS "Found Environment variable ARIA_DIR=$ENV{ARIA_DIR}")
- if(WOLFSSL_ARIA)
- message(STATUS "wolfSSL WOLFSSL_ARIA is enabled")
- else()
- message(STATUS "wolfSSL WOLFSSL_ARIA is not enabled. To enable, specify a user_settings.h file or run: cmake .. -DWOLFSSL_ARIA=yes")
- message(STATUS "Clear the ARIA_DIR environment variable to otherwise suppress this message when not using ARIA ciphers.")
- endif()
- endif()
- # ARIA Check
- if(WOLFSSL_ARIA)
- message(STATUS "WOLFSSL_ARIA is enabled")
- find_package(ARIA)
- if(ARIA_FOUND)
- message(STATUS "ARIA find_package() success.")
- else()
- message(FATAL_ERROR "WOLFSSL_ARIA is enabled, but find_package() did not find ARIA MagicCrypto.\n"
- "Check ARIA_DIR environment variable and/or copy MagicCrypto directory locally.")
- endif()
- list(APPEND WOLFSSL_LINK_LIBS "${ARIA_LIB_FILE}")
- # The cmake target_include_directories() will complain about local directories,
- # so we'll handle MagicCrypto differently when found in wolfssl.
- # see below to use include_directories() instead.
- if(ARIA_IS_LOCAL)
- # there's also a wolfssl port API to include, plus local ARIA include
- include_directories("wolfssl/wolfcrypt/port/aria" "MagicCrypto/include")
- else()
- # see below for target_include_directories() instead
- include_directories("wolfssl/wolfcrypt/port/aria")
- message(STATUS "ARIA_IS_LOCAL is false, appending ${ARIA_INCLUDE_DIR} to WOLFSSL_INCLUDE_DIRS")
- list(APPEND WOLFSSL_INCLUDE_DIRS "${ARIA_INCLUDE_DIR}")
- endif()
- add_library(MagicCrypto_lib
- ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/src/port/aria/aria-crypt.c
- ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/src/port/aria/aria-cryptocb.c
- )
- set_target_properties(MagicCrypto_lib PROPERTIES OUTPUT_NAME "MagicCrypto")
- target_link_libraries(MagicCrypto_lib wolfssl)
- target_compile_options(MagicCrypto_lib PRIVATE "-DHAVE_ARIA")
- # ARIA was enabled and we successfully found it.
- set(HAVE_ARIA 1)
- list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ARIA")
- message(STATUS "ARIA Check: WOLFSSL_LINK_LIBS = ${WOLFSSL_LINK_LIBS}")
- endif()
- set_target_properties(wolfssl
- PROPERTIES
- SOVERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}
- VERSION ${LIBTOOL_FULL_VERSION}
- )
- target_compile_definitions(wolfssl PRIVATE "BUILDING_WOLFSSL")
- if(${BUILD_SHARED_LIBS})
- target_compile_definitions(wolfssl PUBLIC "WOLFSSL_DLL")
- endif()
- target_compile_definitions(wolfssl PUBLIC ${WOLFSSL_DEFINITIONS})
- ####################################################
- # Include Directories
- ####################################################
- if("${WOLFSSL_INCLUDE_DIRS}" STREQUAL "")
- message(STATUS "WOLFSSL_INCLUDE_DIRS is blank. No additional directories will be added.")
- else()
- message(STATUS "WOLFSSL_INCLUDE_DIRS = ${WOLFSSL_INCLUDE_DIRS}")
- endif()
- target_include_directories(wolfssl
- PUBLIC
- $<INSTALL_INTERFACE:include>
- $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
- $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>
- ${WOLFSSL_INCLUDE_DIRS}
- )
- ####################################################
- # Link Libraries
- ####################################################
- target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS})
- if(WIN32)
- # For Windows link ws2_32
- target_link_libraries(wolfssl PUBLIC
- $<$<PLATFORM_ID:Windows>:ws2_32 crypt32>)
- elseif(APPLE)
- if(WOLFSSL_SYS_CA_CERTS)
- target_link_libraries(wolfssl PUBLIC
- ${CORE_FOUNDATION_FRAMEWORK}
- ${SECURITY_FRAMEWORK})
- endif()
- else()
- if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST)
- # DH requires math (m) library
- target_link_libraries(wolfssl
- PUBLIC
- m)
- endif()
- endif()
- ####################################################
- # Tests and Examples
- ####################################################
- enable_testing()
- if(WOLFSSL_EXAMPLES)
- # Build wolfSSL client example
- add_executable(client
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
- target_link_libraries(client wolfssl)
- set_property(TARGET client
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/examples/client)
- # Build wolfSSL server example
- add_executable(server
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c)
- target_link_libraries(server wolfssl)
- set_property(TARGET server
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/examples/server)
- # Build echo client example
- add_executable(echoclient
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c)
- target_include_directories(echoclient PRIVATE
- ${CMAKE_CURRENT_BINARY_DIR})
- target_link_libraries(echoclient wolfssl)
- set_property(TARGET echoclient
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/examples/echoclient)
- # Build echo server example
- add_executable(echoserver
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c)
- target_include_directories(echoserver PRIVATE
- ${CMAKE_CURRENT_BINARY_DIR})
- target_link_libraries(echoserver wolfssl)
- set_property(TARGET echoserver
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/examples/echoserver)
- if(NOT WIN32)
- # Build TLS benchmark example
- add_executable(tls_bench
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
- target_link_libraries(tls_bench wolfssl)
- target_link_libraries(tls_bench Threads::Threads)
- set_property(TARGET tls_bench
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/examples/benchmark)
- endif()
- # Build unit tests
- add_executable(unit_test
- tests/api.c
- tests/hash.c
- tests/srp.c
- tests/suites.c
- tests/w64wrapper.c
- tests/unit.c
- tests/quic.c
- examples/server/server.c
- examples/client/client.c)
- target_include_directories(unit_test PRIVATE
- ${CMAKE_CURRENT_BINARY_DIR})
- target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
- target_link_libraries(unit_test wolfssl)
- target_link_libraries(unit_test Threads::Threads)
- set_property(TARGET unit_test
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/tests/)
- set_property(TARGET unit_test
- PROPERTY RUNTIME_OUTPUT_NAME
- unit.test)
- add_test(NAME unit_test
- COMMAND $<TARGET_FILE:unit_test>
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
- endif()
- if(WOLFSSL_CRYPT_TESTS)
- if(WOLFSSL_CRYPT_TESTS_LIBS)
- # Build wolfCrypt test as a library. This will compile test.c and make
- # its functions available as a CMake target that other CMake targets can
- # pull in, in addition to producing the library itself. Note that this
- # feature is not enabled by default, and the API of this library and
- # wofcryptbench_lib should NOT be treated as stable.
- add_library(wolfcrypttest_lib
- ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
- set_target_properties(wolfcrypttest_lib PROPERTIES OUTPUT_NAME "wolfcrypttest")
- target_link_libraries(wolfcrypttest_lib wolfssl)
- target_compile_options(wolfcrypttest_lib PRIVATE "-DNO_MAIN_DRIVER")
- if(WOLFSSL_CRYPT_TESTS_HELP)
- target_compile_options(wolfcrypttest_lib PRIVATE "-DHAVE_WOLFCRYPT_TEST_OPTIONS")
- endif()
- # Make another library for the wolfCrypt benchmark code.
- add_library(wolfcryptbench_lib
- ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
- set_target_properties(wolfcryptbench_lib PROPERTIES OUTPUT_NAME "wolfcryptbench")
- target_link_libraries(wolfcryptbench_lib wolfssl)
- target_compile_options(wolfcryptbench_lib PRIVATE "-DNO_MAIN_DRIVER")
- endif()
- # Build wolfCrypt test executable.
- add_executable(wolfcrypttest
- ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
- target_link_libraries(wolfcrypttest wolfssl)
- set_property(TARGET wolfcrypttest
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/wolfcrypt/test)
- set_property(TARGET wolfcrypttest
- PROPERTY RUNTIME_OUTPUT_NAME
- testwolfcrypt)
- if(WOLFSSL_CRYPT_TESTS_HELP)
- target_compile_options(wolfcrypttest PRIVATE "-DHAVE_WOLFCRYPT_TEST_OPTIONS")
- endif()
- add_test(NAME wolfcrypttest
- COMMAND $<TARGET_FILE:wolfcrypttest>
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
- # Build wolfCrypt benchmark executable.
- add_executable(wolfcryptbench
- ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
- target_include_directories(wolfcryptbench PRIVATE
- ${CMAKE_CURRENT_BINARY_DIR})
- target_link_libraries(wolfcryptbench wolfssl)
- set_property(TARGET wolfcryptbench
- PROPERTY RUNTIME_OUTPUT_DIRECTORY
- ${WOLFSSL_OUTPUT_BASE}/wolfcrypt/benchmark)
- set_property(TARGET wolfcryptbench
- PROPERTY RUNTIME_OUTPUT_NAME
- benchmark)
- endif()
- ####################################################
- # Installation
- ####################################################
- include(GNUInstallDirs)
- set(HEADER_EXCLUDE
- "internal.h"
- "wolfssl/wolfcrypt/port/nrf51.h"
- "wolfssl/wolfcrypt/port/arm"
- "wolfssl/wolfcrypt/port/cypress"
- "wolfssl/wolfcrypt/port/Espressif"
- "wolfssl/wolfcrypt/port/iotsafe"
- "wolfssl/wolfcrypt/port/nxp"
- "wolfssl/wolfcrypt/port/pic"
- "wolfssl/wolfcrypt/port/Renesas"
- "wolfssl/wolfcrypt/port/silabs"
- "wolfssl/wolfcrypt/port/st"
- "wolfssl/wolfcrypt/port/ti"
- "wolfssl/wolfcrypt/port/xilinx"
- )
- # TODO: add support for the various ports
- # For distro build don't install options.h.
- # It depends on the architecture and conflicts with Multi-Arch.
- if(BUILD_DISTRO)
- list(APPEND HEADER_EXCLUDE
- "options.h")
- endif()
- if(NOT BUILD_CRYPTOAUTHLIB)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/atmel")
- endif()
- if(NOT BUILD_AFALG)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/af_alg")
- endif()
- if(NOT BUILD_KCAPI)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/kcapi"
- )
- endif()
- if(NOT BUILD_DEVCRYPTO)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/devcrypto")
- endif()
- if(NOT BUILD_ASYNCCRYPT)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/async.h")
- endif()
- if(NOT BUILD_PKCS11)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/wc_pkcs11.h"
- "wolfssl/wolfcrypt/pkcs11.h"
- )
- endif()
- if(NOT BUILD_CAVIUM AND NOT BUILD_OCTEON_SYNC)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/cavium")
- else()
- if(NOT BUILD_CAVIUM)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h")
- endif()
- if(NOT BUILD_OCTEON_SYNC)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h"
- )
- endif()
- endif()
- if(NOT BUILD_INTEL_QA AND NOT BUILD_INTEL_QA_SYNC)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/intel")
- else()
- if(NOT BUILD_INTEL_QA)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/intel/quickassist.h"
- "wolfssl/wolfcrypt/port/intel/quickassist_mem.h"
- )
- endif()
- if(NOT BUILD_INTEL_QA_SYNC)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/intel/quickassist_sync.h")
- endif()
- endif()
- if(NOT BUILD_SP)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/sp.h")
- endif()
- if(NOT BUILD_SP_INT)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/sp_int.h")
- endif()
- if(NOT BUILD_SELFTEST)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/selftest.h")
- endif()
- if(NOT BUILD_FIPS OR BUILD_FIPS_V1)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/fips.h")
- endif()
- if(NOT BUILD_QNXCAAM OR BUILD_CAAM)
- list(APPEND HEADER_EXCLUDE
- "wolfssl/wolfcrypt/port/caam"
- )
- endif()
- list(JOIN HEADER_EXCLUDE "|" EXCLUDED_HEADERS_REGEX)
- string(PREPEND EXCLUDED_HEADERS_REGEX "(")
- string(APPEND EXCLUDED_HEADERS_REGEX ")")
- if(WOLFSSL_INSTALL)
- set(INSTALLED_EXAMPLES
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
- ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
- # Install the library
- install(TARGETS wolfssl
- EXPORT wolfssl-targets
- LIBRARY DESTINATION lib
- ARCHIVE DESTINATION lib
- RUNTIME DESTINATION bin
- )
- # Install the headers
- install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
- DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
- FILES_MATCHING PATTERN "*.h"
- REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
- install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
- DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
- FILES_MATCHING PATTERN "*.h"
- REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
- # Install the examples
- install(FILES ${INSTALLED_EXAMPLES}
- DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
- # Install README.txt and taoCert.txt
- install(FILES
- ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
- ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
- DESTINATION ${CMAKE_INSTALL_DOCDIR})
- # Install the export set
- install(EXPORT wolfssl-targets
- DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
- FILE wolfssl-targets.cmake
- NAMESPACE wolfssl::)
- # TODO: Distro build + rules for what to include in the distro.
- # See various include.am files.
- set(prefix ${CMAKE_INSTALL_PREFIX})
- set(exec_prefix "\${prefix}")
- set(libdir "\${exec_prefix}/lib")
- set(includedir "\${prefix}/include")
- set(VERSION ${PROJECT_VERSION})
- # Setting libm in Libs.private of wolfssl.pc.
- # See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
- get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
- list(FIND _wolfssl_dep_libs m _dep_libm)
- if ("${_dep_libm}" GREATER -1)
- set(LIBM -lm)
- else()
- set(LIBM)
- endif()
- configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
- install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
- DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
- include(CMakePackageConfigHelpers)
- configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
- "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
- INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
- NO_SET_AND_CHECK_MACRO
- NO_CHECK_REQUIRED_COMPONENTS_MACRO
- )
- export(EXPORT wolfssl-targets
- FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
- NAMESPACE wolfssl::
- )
- write_basic_package_version_file(
- "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
- VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
- COMPATIBILITY AnyNewerVersion
- )
- install(FILES
- ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
- ${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
- DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
- )
- endif()
|