From c89b7d5f79b80ba3663f326c23b37ef3c783a657 Mon Sep 17 00:00:00 2001 From: elms Date: Fri, 29 Oct 2021 13:59:53 -0700 Subject: [PATCH] configure and cmake: Closing gap on options and output cmake: * 32-bit and 16-bit mode flags * Add 4bit to AESGCM * Add align data * Encrypted Keys option * PKC12 option * Header installation cleanup configure: * Add comment for `v5-RC9` * update CFLAGS to always be appended instead of mix of prepend and append * removed duplicate `ARC4` logic --- CMakeLists.txt | 257 ++++++++++++++++++++++++++++++++++-------- cmake/functions.cmake | 5 +- configure.ac | 100 ++++++++-------- 3 files changed, 259 insertions(+), 103 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 31562ef61..0e54709ca 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -177,8 +177,6 @@ find_package(Threads) # - Single precision math # - Enable all # - Enable all crypto -# - 32-bit mode -# - 16-bit mode # For reproducible build, gate out from the build anything that might # introduce semantically frivolous jitter, maximizing chance of @@ -187,11 +185,24 @@ set(WOLFSSL_REPRODUCIBLE_BUILD_HELP_STRING "Enable maximally reproducible build add_option("WOLFSSL_REPRODUCIBLE_BUILD" ${WOLFSSL_REPRODUCIBLE_BUILD_HELP_STRING} "no" "yes;no") if(WOLFSSL_REPRODUCIBLE_BUILD) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_REPRODUCIBLE_BUILD") set(CMAKE_C_ARCHIVE_CREATE " Dqc ") set(CMAKE_C_ARCHIVE_APPEND " Dq ") set(CMAKE_C_ARCHIVE_FINISH " -D ") endif() +# Support for forcing 32-bit mode +# TODO: detect platform from other options +set(WOLFSSL_32BIT_HELP_STRING "Enables 32-bit support (default: disabled)") +add_option("WOLFSSL_32BIT" ${WOLFSSL_32BIT_HELP_STRING} "no" "yes;no") + +# 16-bit compiler support +set(WOLFSSL_16BIT_HELP_STRING "Enables 16-bit support (default: disabled)") +add_option("WOLFSSL_16BIT" ${WOLFSSL_16BIT_HELP_STRING} "no" "yes;no") +if(WOLFSSL_16BIT) + list(APPEND WOLFSSL_DEFINITIONS "-DWC_16BIT_CPU") +endif() + # Support for disabling all ASM set(WOLFSSL_ASM_HELP_STRING "Enables option for assembly (default: enabled)") add_option("WOLFSSL_ASM" ${WOLFSSL_ASM_HELP_STRING} "yes" "yes;no") @@ -312,13 +323,17 @@ endif() # AES-GCM set(WOLFSSL_AESGCM_HELP_STRING "Enable wolfSSL AES-GCM support (default: enabled)") -add_option("WOLFSSL_AESGCM" ${WOLFSSL_AESGCM_HELP_STRING} "yes" "yes;no;table;small;word32") +add_option("WOLFSSL_AESGCM" ${WOLFSSL_AESGCM_HELP_STRING} "yes" "yes;no;table;small;word32;4bit") # leanpsk and leantls don't need gcm if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13)) override_cache(WOLFSSL_AESGCM "no") endif() +if(WOLFSSL_AESGCM AND NOT WORDS_BIGENDIAN) + override_cache(WOLFSSL_AESGCM "4bit") +endif() + if(WOLFSSL_AESGCM) if("${WOLFSSL_AESGCM}" STREQUAL "word32") list(APPEND WOLFSSL_DEFINITIONS "-DGCM_WORD32") @@ -335,10 +350,16 @@ if(WOLFSSL_AESGCM) override_cache(WOLFSSL_AESGCM "yes") endif() + if("${WOLFSSL_AESGCM}" STREQUAL "4bit") + list(APPEND WOLFSSL_DEFINITIONS "-DGCM_TABLE_4BIT") + override_cache(WOLFSSL_AESGCM "yes") + endif() + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AESGCM") endif() # TODO: - AES-CCM +# - AES-GCM stream # - AES-CTR # - AES-OFB # - AES-CFB @@ -356,6 +377,13 @@ endif() # - BLAKE2 +# Align data +set(WOLFSSL_ALIGN_DATA_HELP_STRING "Align data for ciphers (default: enabled)") +add_option("WOLFSSL_ALIGN_DATA" ${WOLFSSL_ALIGN_DATA_HELP_STRING} "yes" "yes;no") +if(WOLFSSL_ALIGN_DATA) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_USE_ALIGN") +endif() + # SHA224 set(SHA224_DEFAULT "no") if(("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") OR @@ -693,7 +721,7 @@ else() endif() endif() if(WOLFSSL_RSA_PSS) - list(APPEND WOLFSSL_DEFINITIONS "-DWC_RSA_PSS") + list(APPEND WOLFSSL_DEFINITIONS "-DWC_RSA_PSS") endif() # DH @@ -708,7 +736,7 @@ if(NOT WOLFSSL_DH) list(APPEND WOLFSSL_DEFINITIONS "-DNO_DH") else() if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS) - list(APPEND WOLFSSL_DEFINITIONS "-DNO_DH") + list(APPEND WOLFSSL_DEFINITIONS "-DNO_DH") override_cache(WOLFSSL_DH "no") endif() endif() @@ -815,7 +843,7 @@ set(WOLFSSL_BASE64_ENCODE_HELP_STRING "Enable Base64 encoding (default: enabled add_option("WOLFSSL_BASE64_ENCODE" ${WOLFSSL_BASE64_ENCODE_HELP_STRING} ${BASE64_ENCODE_DEFAULT} "yes;no") if(WOLFSSL_BASE64_ENCODE) - list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_BASE64_ENCODE") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_BASE64_ENCODE") endif() # TODO: - Base16 @@ -841,16 +869,6 @@ if(WOLFSSL_OPENSSH OR WOLFSSL_WPAS) override_cache(WOLFSSL_ARC4 "yes") endif() -if(NOT WOLFSSL_ARC4) - list(APPEND WOLFSSL_DEFINITIONS "-DNO_RC4") -else() - # turn off ARC4 if leanpsk or leantls on - if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS) - list(APPEND WOLFSSL_DEFINITIONS "-DNO_RC4") - override_cache(WOLFSSL_ARC4 "no") - endif() -endif() - # MD5 set(WOLFSSL_MD5_HELP_STRING "Enable MD5 (default: enabled)") add_option("WOLFSSL_MD5" ${WOLFSSL_MD5_HELP_STRING} "yes" "yes;no") @@ -921,10 +939,6 @@ if(WOLFSSL_SHA3 AND NOT WOLFSSL_32BIT) endif() # SHAKE256 -if(NOT WOLFSSL_SHAKE256) - override_cache(WOLFSSL_SHAKE256 ${WOLFSSL_SHA3}) -endif() - if(WOLFSSL_SHAKE256) if(NOT WOLFSSL_32BIT) list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256") @@ -1069,7 +1083,7 @@ add_option("WOLFSSL_SUPPORTED_CURVES" ${WOLFSSL_SUPPORTED_CURVES_HELP_STRING} "y if(WOLFSSL_SUPPORTED_CURVES) if(NOT WOLFSSL_ECC AND NOT WOLFSSL_CURVE25519 AND NOT WOLFSSL_CURVE448) - override_cache(WOLFSSL_SUPPORTED_CURVES "no") + override_cache(WOLFSSL_SUPPORTED_CURVES "no") else() list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_TLS_EXTENSIONS" @@ -1095,9 +1109,10 @@ if (NOT WOLFSSL_ECC AND endif() if (WOLFSSL_TLS13) list(APPEND WOLFSSL_DEFINITIONS + "-DHAVE_SUPPORTED_CURVES" "-DWOLFSSL_TLS13" "-DHAVE_TLS_EXTENSIONS" - "-DHAVE_SUPPORTED_CURVES") + ) endif() # Session Ticket Extension @@ -1122,6 +1137,17 @@ if(WOLFSSL_EXTENDED_MASTER) list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_EXTENDED_MASTER") endif() + +if(NOT WOLFSSL_ARC4) + list(APPEND WOLFSSL_DEFINITIONS "-DNO_RC4") +else() + # turn off ARC4 if leanpsk or leantls on + if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS) + list(APPEND WOLFSSL_DEFINITIONS "-DNO_RC4") + override_cache(WOLFSSL_ARC4 "no") + endif() +endif() + # TODO: - TLS extensions # - Early data handshake # - PKCS7 @@ -1161,16 +1187,16 @@ endif() set(WOLFSSL_STUNNEL_HELP_STRING "Enable stunnel (default: disabled)") add_option("WOLFSSL_STUNNEL" ${WOLFSSL_STUNNEL_HELP_STRING} "no" "yes;no") +if(WOLFSSL_ENC_THEN_MAC) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ENCRYPT_THEN_MAC") +endif() + if(NOT WOLFSSL_PSK AND NOT WOLFSSL_LEAN_PSK AND NOT WOLFSSL_STUNNEL) list(APPEND WOLFSSL_DEFINITIONS "-DNO_PSK") endif() -if(WOLFSSL_ENC_THEN_MAC) - list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ENCRYPT_THEN_MAC") -endif() - # MD4 set(WOLFSSL_MD4_HELP_STRING "Enable MD4 (default: disabled)") add_option("WOLFSSL_MD4" ${WOLFSSL_MD4_HELP_STRING} "no" "yes;no") @@ -1184,7 +1210,34 @@ if(NOT WOLFSSL_MD4) endif() endif() -# TODO: - Encrypted keys +# Encrypted keys +set(WOLFSSL_ENCKEYS_HELP_STRING "Enable PEM encrypted key support (default: disabled)") +add_option("WOLFSSL_ENCKEYS" ${WOLFSSL_ENCKEYS_HELP_STRING} "no" "yes;no") + +if(NOT WOLFSSL_ENCKEYS) + if(WOLFSSL_OPENSSLEXTRA OR + WOLFSSL_WEBSERVER OR + WOLFSSL_WPAS) + # opensslextra, webserver, and WPAS needs enckeys + override_cache(WOLFSSL_ENCKEYS "yes") + endif() +endif() + +if(WOLFSSL_ENCKEYS) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ENCRYPTED_KEYS") +endif() + +# PKCS#12 +set(WOLFSSL_PKCS12_HELP_STRING "Enable pkcs12 (default: enabled)") +add_option("WOLFSSL_PKCS12" ${WOLFSSL_PKCS12_HELP_STRING} "yes" "yes;no") +if(NOT WOLFSSL_ASN) + override_cache(WOLFSSL_PKCS12 "no") +endif() + +if(NOT WOLFSSL_PKCS12) + list(APPEND WOLFSSL_DEFINITIONS "-DNO_PKCS12") +endif() + # PWDBASED has to come after certservice since we want it on w/o explicit on # PWDBASED @@ -1195,7 +1248,8 @@ if(NOT WOLFSSL_PWDBASED) if(WOLFSSL_OPENSSLEXTRA OR WOLFSSL_OPENSSLALL OR WOLFSSL_WEBSERVER OR - WOLFSSL_ENC_KEYS) + WOLFSSL_ENC_KEYS OR + WOLFSSL_PKCS12) # opensslextra, opensslall, webserver, and enckeys needs pwdbased override_cache(WOLFSSL_PWDBASED "yes") else() @@ -1280,7 +1334,6 @@ add_option("WOLFSSL_CRYPT_TESTS_LIBS" ${WOLFSSL_CRYPT_TESTS_LIBS_HELP_STRING} "n # TODO: - LIBZ # - PKCS#11 -# - PKCS#12 # - Cavium # - Cavium V # - Cavium Octeon @@ -1605,25 +1658,125 @@ endif() include(GNUInstallDirs) -set(EXCLUDED_HEADERS_REGEX - "(internal|\ - options|\ - pic32mz-crypt|\ - ti-hash|\ - ti-ccm|\ - nrf51|\ - ksdk_port|\ - dcp_port|\ - xil-sha3|\ - caam_driver|\ - wolfcaam|\ - wolfcaam_sha|\ - stm32|\ - stsafe|\ - esp32-cry|\ - cryptoCell|\ - renesas-tsip-crypt|\ - psoc6_crypto).h") +set(HEADER_EXCLUDE + "internal.h" + "pic32mz-crypt.h" + "ti-hash.h" + "ti-ccm.h" + "nrf51.h" + "ksdk_port.h" + "dcp_port.h" + "xil-sha3.h" + "caam_driver.h" + "wolfcaam.h" + "wolfcaam_sha.h" + "stm32.h" + "stsafe.h" + "esp32-cry.h" + "cryptoCell.h" + "renesas-tsip-crypt.h" + "psoc6_crypto.h" + ) + +# For distro build don't install options.h. +# It depends on the architecture and conflicts with Multi-Arch. +if(BUILD_DISTRO) + list(APPEND HEADER_EXCLUDE + "options.h") +endif() + +if(NOT BUILD_CRYPTOAUTHLIB) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/atmel/atmel.h") +endif() + +if(NOT BUILD_AFALG) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/af_alg/afalg_hash.h" + "wolfssl/wolfcrypt/port/af_alg/wc_afalg.h") +endif() + +if(NOT BUILD_KCAPI) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h" + "wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h" + "wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h" + "wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h" + "wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h" + "wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h" + ) +endif() + +if(NOT BUILD_DEVCRYPTO) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h") +endif() + +if(NOT BUILD_ASYNCCRYPT) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/async.h") +endif() + +if(NOT BUILD_PKCS11) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/wc_pkcs11.h" + "wolfssl/wolfcrypt/pkcs11.h" + ) +endif() + +if(NOT BUILD_CAVIUM) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h") +endif() + +if(NOT BUILD_OCTEON_SYNC) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h" + ) +endif() + +if(NOT BUILD_INTEL_QA) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/intel/quickassist.h" + "wolfssl/wolfcrypt/port/intel/quickassist_mem.h" + ) +endif() + +if(NOT BUILD_INTEL_QA_SYNC) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/intel/quickassist_sync.h") +endif() + +if(NOT BUILD_SP) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/sp.h" + "wolfssl/wolfcrypt/sp_int.h") +endif() + +if(NOT BUILD_SELFTEST) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/selftest.h") +endif() + +if(NOT BUILD_FIPS OR BUILD_FIPS_V1) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/fips.h") +endif() + +if(NOT BUILD_QNXCAAM) + list(APPEND HEADER_EXCLUDE + "wolfssl/wolfcrypt/port/caam/wolfcaam.h" + "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h" + "wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h" + "wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h" + "wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h" + ) +endif() + +list(JOIN HEADER_EXCLUDE "|" EXCLUDED_HEADERS_REGEX) + +string(PREPEND EXCLUDED_HEADERS_REGEX "(") +string(APPEND EXCLUDED_HEADERS_REGEX ")") set(INSTALLED_EXAMPLES ${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c @@ -1646,6 +1799,12 @@ install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl FILES_MATCHING PATTERN "*.h" REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE) +install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/cyassl/ + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/cyassl + FILES_MATCHING PATTERN "*.h" + REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE) + + # Install the examples install(FILES ${INSTALLED_EXAMPLES} DESTINATION ${CMAKE_INSTALL_DOCDIR}/example) @@ -1653,7 +1812,7 @@ install(FILES ${INSTALLED_EXAMPLES} install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt ${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt - DESTINATION ${CMAKE_INSTALL_DOCDIR}/wolfssl) + DESTINATION ${CMAKE_INSTALL_DOCDIR}) # Install the export set install(EXPORT wolfssl-targets DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl diff --git a/cmake/functions.cmake b/cmake/functions.cmake index 53b9e4c71..3825fc26c 100644 --- a/cmake/functions.cmake +++ b/cmake/functions.cmake @@ -164,6 +164,9 @@ function(generate_build_flags) if("${FIPS_VERSION}" STREQUAL "rand") set(BUILD_FIPS_RAND "yes" PARENT_SCOPE) endif() + if("${FIPS_VERSION}" STREQUAL "v5") + set(BUILD_FIPS_V5 "yes" PARENT_SCOPE) + endif() set(BUILD_FIPS_READY ${FIPS_READY} PARENT_SCOPE) if(WOLFSSL_CMAC OR WOLFSSL_USER_SETTINGS) set(BUILD_CMAC "yes" PARENT_SCOPE) @@ -884,7 +887,7 @@ function(generate_lib_src_list LIB_SOURCES) endfunction() function(add_to_options_file DEFINITIONS OPTION_FILE) - list(REMOVE_DUPLICATES DEFINITIONS) + #list(REMOVE_DUPLICATES DEFINITIONS) foreach(DEF IN LISTS DEFINITIONS) if(DEF MATCHES "^-D") if(DEF MATCHES "^-D(N)?DEBUG(=.+)?") diff --git a/configure.ac b/configure.ac index ef20fc2f1..08f9b97c1 100644 --- a/configure.ac +++ b/configure.ac @@ -150,7 +150,7 @@ AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"] # DEBUG AX_DEBUG AS_IF([test "$ax_enable_debug" = "yes"], - [AM_CFLAGS="$DEBUG_CFLAGS $AM_CFLAGS"], + [AM_CFLAGS="$AM_CFLAGS $DEBUG_CFLAGS"], [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) AS_IF([test "$ax_enable_debug" = "yes"], [AM_CCASFLAGS="$DEBUG_CFLAGS $AM_CCASFLAGS"], @@ -744,7 +744,7 @@ then DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 # Enable multiple attribute additions such as DC - AM_CFLAGS="-DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTI_ATTRIB" fi @@ -760,14 +760,14 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ # If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer # versions of clang don't need the -Q flag when using pthreads. AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) - AM_CFLAGS="-D_POSIX_THREADS $AM_CFLAGS $PTHREAD_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -D_POSIX_THREADS $PTHREAD_CFLAGS" LIBS="$LIBS $PTHREAD_LIBS" ],[ ENABLED_SINGLETHREADED=yes ]) ]) -AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ]) +AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="$AM_CFLAGS -DSINGLE_THREADED" ]) # DTLS @@ -780,7 +780,7 @@ AC_ARG_ENABLE([dtls], ) if test "$ENABLED_DTLS" = "yes" then - AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS" fi # DTLS change MTU @@ -791,7 +791,7 @@ AC_ARG_ENABLE([dtls-mtu], ) if test "$ENABLED_DTLS_MTU" = "yes" then - AM_CFLAGS="-DWOLFSSL_DTLS_MTU $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_MTU" fi @@ -826,7 +826,7 @@ then AC_MSG_NOTICE([TLS 1.3 is disabled - disabling Post-handshake Authentication]) ENABLED_TLS13_POST_AUTH="no" else - AM_CFLAGS="-DWOLFSSL_POST_HANDSHAKE_AUTH $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_POST_HANDSHAKE_AUTH" fi fi @@ -844,7 +844,7 @@ then AC_MSG_NOTICE([TLS 1.3 is disabled - disabling HRR Cookie]) ENABLED_SEND_HRR_COOKIE="no" else - AM_CFLAGS="-DWOLFSSL_SEND_HRR_COOKIE $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE" fi fi @@ -1141,7 +1141,7 @@ AC_ARG_ENABLE([error-queue-per-thread], if test "$ENABLED_ERRORQUEUEPERTHREAD" = "yes" then - AM_CFLAGS="-DERROR_QUEUE_PER_THREAD $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DERROR_QUEUE_PER_THREAD" fi # High Strength Build @@ -2275,7 +2275,7 @@ AC_ARG_ENABLE([sep], ) if test "$ENABLED_SEP" = "yes" then - AM_CFLAGS="-DWOLFSSL_SEP -DKEEP_PEER_CERT $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEP -DKEEP_PEER_CERT" fi @@ -3308,18 +3308,6 @@ AC_ARG_ENABLE([arc4], [ ENABLED_ARC4=no ] ) -if test "$ENABLED_ARC4" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DNO_RC4" -else - # turn off ARC4 if leanpsk or leantls on - if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DNO_RC4" - ENABLED_ARC4=no - fi -fi - # MD5 AC_ARG_ENABLE([md5], [AS_HELP_STRING([--enable-md5],[Enable MD5 (default: enabled)])], @@ -4019,6 +4007,12 @@ AC_ARG_WITH([liboqs], AC_MSG_RESULT([yes]) fi + if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" + then + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" + fi + AM_CFLAGS="$AM_CFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS" ENABLED_LIBOQS="yes" ] @@ -4201,7 +4195,7 @@ if test "$ENABLED_DH" = "yes" then if test "$ENABLED_TLS13" = "yes" || test "$ENABLED_SUPPORTED_CURVES" = "yes" then - AM_CFLAGS="-DHAVE_FFDHE_2048 $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048" fi fi @@ -4238,11 +4232,11 @@ fi if test "$ENABLED_TLS13" = "yes" && (test "x$ENABLED_ECC" = "xyes" || \ test "x$ENABLED_DH" = "xyes") then - AM_CFLAGS="-DHAVE_SUPPORTED_CURVES $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DHAVE_SUPPORTED_CURVES" fi if test "$ENABLED_TLS13" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13 -DHAVE_TLS_EXTENSIONS" fi @@ -4313,7 +4307,7 @@ if test "$ENABLED_TLS13_EARLY_DATA" = "group" then ENABLED_TLS13_EARLY_DATA="yes" # Group EarlyData with ClientHello - AM_CFLAGS="-DWOLFSSL_EARLY_DATA_GROUP $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA_GROUP" fi if test "$ENABLED_TLS13_EARLY_DATA" = "yes" then @@ -4325,7 +4319,7 @@ then then AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.]) fi - AM_CFLAGS="-DWOLFSSL_EARLY_DATA $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EARLY_DATA" fi if test "$ENABLED_TLSV12" = "no" && test "$ENABLED_TLS13" = "yes" && test "x$ENABLED_SESSION_TICKET" = "xno" @@ -4570,7 +4564,7 @@ then if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_CERT_SERVICE" fi @@ -4684,7 +4678,7 @@ then if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi AM_CFLAGS="$AM_CFLAGS -DHAVE_LIGHTY -DHAVE_WOLFSSL_SSL_H=1" AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA" @@ -4730,7 +4724,7 @@ then then ENABLED_OPENSSLALL="yes" ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" fi if test "x$ENABLED_CERTGEN" = "xno" @@ -4790,7 +4784,7 @@ then if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi fi @@ -4859,7 +4853,7 @@ then then ENABLED_OPENSSLALL="yes" ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN" AM_CFLAGS="$AM_CFLAGS -DBOOST_ASIO_USE_WOLFSSL -DHAVE_EX_DATA" @@ -4891,7 +4885,7 @@ then then ENABLED_OPENSSLALL="yes" ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_APACHE_HTTPD" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_COMP" @@ -4994,7 +4988,7 @@ then if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi if test "x$ENABLED_SESSION_TICKET" = "xno" @@ -5101,7 +5095,7 @@ then if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi if test "x$ENABLED_DES3" = "xno" @@ -5122,7 +5116,7 @@ then if test "x$ENABLED_OPENSSLEXTRA" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi if test "x$ENABLED_CERTGEN" = "xno" @@ -5151,9 +5145,9 @@ then then ENABLED_OPENSSLALL="yes" ENABLED_OPENSSLEXTRA="yes" - AM_CFLAGS="-DOPENSSL_EXTRA -DOPENSSL_ALL $AM_CFLAGS" - AM_CFLAGS="-DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING $AM_CFLAGS" - AM_CFLAGS="-DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING" + AM_CFLAGS="$AM_CFLAGS -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT" fi # Requires OCSP @@ -6874,7 +6868,7 @@ then fi AS_IF([test "x$ENABLED_OPENSSLALL" = "xyes"], - [AM_CFLAGS="-DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT $AM_CFLAGS"]) + [AM_CFLAGS="$AM_CFLAGS -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -DWOLFSSL_PSS_LONG_SALT"]) AS_IF([test "x$ENABLED_AESCTR" = "xyes" && test "x$ENABLED_FORTRESS" != "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT"]) @@ -6886,18 +6880,18 @@ fi if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then - AM_CFLAGS="-DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB $AM_CFLAGS" - AM_CFLAGS="-DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS $AM_CFLAGS" - AM_CFLAGS="-DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET $AM_CFLAGS" - AM_CFLAGS="-DWOLFSSL_AKID_NAME -DHAVE_CTS $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS" + AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AKID_NAME -DHAVE_CTS" fi if test "$ENABLED_OPENSSLEXTRA" = "x509small" then AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra]) - AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL $AM_CFLAGS" - AM_CFLAGS="-DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB $AM_CFLAGS" - AM_CFLAGS="-DWOLFSSL_NO_OPENSSL_RAND_CB $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EKU_OID -DWOLFSSL_MULTI_ATTRIB" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OPENSSL_RAND_CB" fi if test "$ENABLED_WOLFSCEP" = "yes" @@ -7028,10 +7022,10 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])]) AS_IF([test "x$ENABLED_SCTP" = "xyes"], - [AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"]) + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SCTP"]) AS_IF([test "x$ENABLED_MCAST" = "xyes"], - [AM_CFLAGS="-DWOLFSSL_MULTICAST $AM_CFLAGS"]) + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MULTICAST"]) # WOLFSSL_AFALG does not support SHA224 yet AS_IF([(test "x$ENABLED_AFALG" = "xyes") && (test "x$ENABLED_SHA224" = "xyes")], @@ -7044,20 +7038,20 @@ AS_IF([(test "x$ENABLED_DEVCRYPTO" = "xyes") && (test "x$ENABLED_SHA224" = "xyes # SCTP and Multicast require DTLS AS_IF([(test "x$ENABLED_DTLS" = "xno") && \ (test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")], - [AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS" + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS" ENABLED_DTLS=yes]) # Multicast requires the null cipher AS_IF([test "x$ENABLED_NULL_CIPHER" = "xno" && \ test "x$ENABLED_MCAST" = "xyes"], - [AM_CFLAGS="-DHAVE_NULL_CIPHER $AM_CFLAGS" + [AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER" ENABLED_NULL_CIPHER=yes]) # wolfSSH and WPA Supplicant both need Public MP, only enable once. # This will let you know if you enabled wolfSSH but have any of the prereqs # disabled. Some of these options, disabling them adds things to the FLAGS and # you need to check and add items in two places depending on the option. -AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="-DWOLFSSL_PUBLIC_MP $AM_CFLAGS"])]) +AS_IF([test "x$ENABLED_WOLFSSH" = "xyes"],[AS_IF([test "x$ENABLED_WPAS" = "xno"],[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"])]) if test "x$ENABLED_OPENSSLCOEXIST" = "xyes"; then if test "x$ENABLED_OPENSSLALL" = "xyes"; then @@ -7376,7 +7370,7 @@ fi if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes" then - AM_CFLAGS="-include ${output_objdir}/.build_params $AM_CFLAGS" + AM_CFLAGS="$AM_CFLAGS -include ${output_objdir}/.build_params" fi