additional fixes and enhancements for -DOPENSSL_EXTRA -DOPENSSL_COEXIST:

configure.ac: * add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST). * fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "". * move enable_rsapss=yes from enable-all to enable-all-crypto. examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
philljj · Oct 31, 2024 · 950ee40 · 950ee40
1 parent 39e8cb5
commit 950ee40
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 50 deletions.
diff --git a/configure.ac b/configure.ac
@@ -893,36 +893,35 @@ then
 fi
 
 
-
-# ALL FEATURES
+# All features, except conflicting or experimental:
 AC_ARG_ENABLE([all],
     [AS_HELP_STRING([--enable-all],[Enable all wolfSSL features, except SSLv3 (default: disabled)])],
     [ ENABLED_ALL=$enableval ],
     [ ENABLED_ALL=no ]
     )
 if test "$ENABLED_ALL" = "yes"
 then
-    enable_all_crypto=yes
+    test "$enable_all_crypto" = "" && enable_all_crypto=yes
+
+    test "$enable_all_osp" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_all_osp=yes
 
     test "$enable_dtls" = "" && enable_dtls=yes
     if test "x$FIPS_VERSION" != "xv1"
     then
         test "$enable_tls13" = "" && enable_tls13=yes
-        test "$enable_rsapss" = "" && enable_rsapss=yes
     fi
 
     test "$enable_savesession" = "" && enable_savesession=yes
     test "$enable_savecert" = "" && enable_savecert=yes
     test "$enable_postauth" = "" && enable_postauth=yes
     test "$enable_hrrcookie" = "" && enable_hrrcookie=yes
     test "$enable_fallback_scsv" = "" && enable_fallback_scsv=yes
-    test "$enable_webserver" = "" && enable_webserver=yes
     test "$enable_crl_monitor" = "" && enable_crl_monitor=yes
     test "$enable_sni" = "" && enable_sni=yes
     test "$enable_maxfragment" = "" && enable_maxfragment=yes
     test "$enable_alpn" = "" && enable_alpn=yes
     test "$enable_truncatedhmac" = "" && enable_truncatedhmac=yes
-    test "$enable_trusted_ca" = "" && enable_trusted_ca=yes
+    test "$enable_trustedca" = "" && enable_trustedca=yes
     test "$enable_session_ticket" = "" && enable_session_ticket=yes
     test "$enable_earlydata" = "" && enable_earlydata=yes
     test "$enable_ech" = "" && enable_ech=yes
@@ -939,41 +938,16 @@ then
         # linuxkm is incompatible with opensslextra and its dependents.
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
-            if test "$ENABLED_FIPS" = "no"
-            then
-                if test "$ENABLED_32BIT" != "yes"
-                then
-                    test "$enable_openssh" = "" && enable_openssh=yes
-                fi
-                # S/MIME support requires PKCS7, which requires no FIPS.
-                test "$enable_smime" = "" && enable_smime=yes
-            fi
             test "$enable_opensslextra" = "" && enable_opensslextra=yes
             test "$enable_opensslall" = "" && enable_opensslall=yes
             test "$enable_certservice" = "" && enable_certservice=yes
-            test "$enable_lighty" = "" && enable_lighty=yes
-            test "$enable_nginx" = "" && enable_nginx=yes
-            test "$enable_openvpn" = "" && enable_openvpn=yes
-            test "$enable_asio" = "" && enable_asio=yes
-            test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
-            if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
-                test "$enable_qt" = "" && enable_qt=yes
-            fi
         fi
     fi
 
     if test "$ENABLED_FIPS" = "no"
     then
         test "$enable_scep" = "" && enable_scep=yes
         test "$enable_mcast" = "" && enable_mcast=yes
-
-        if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
-        then
-            # these use DES3:
-            test "$enable_stunnel" = "" && enable_stunnel=yes
-            test "$enable_curl" = "" && enable_curl=yes
-            test "$enable_tcpdump" = "" && enable_tcpdump=yes
-        fi
     fi
 
     if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
@@ -994,6 +968,57 @@ then
 fi
 
 
+# All OSP meta-features:
+AC_ARG_ENABLE([all-osp],
+    [AS_HELP_STRING([--enable-all-osp],[Enable all OSP meta feature sets (default: disabled)])],
+    [ ENABLED_ALL_OSP=$enableval ],
+    [ ENABLED_ALL_OSP=no]
+    )
+
+if test "$ENABLED_ALL_OSP" = "yes"
+then
+    if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+    then
+        AC_MSG_ERROR([--enable-all-osp is incompatible with --enable-linuxkm-defaults])
+    fi
+
+    test "$enable_webserver" = "" && enable_webserver=yes
+
+    if test "$ENABLED_SP_MATH" = "no"
+    then
+        if test "$ENABLED_FIPS" = "no"
+        then
+            # S/MIME support requires PKCS7, which requires no FIPS.
+            test "$enable_smime" = "" && enable_smime=yes
+            if test "$ENABLED_32BIT" != "yes"
+            then
+                test "$enable_openssh" = "" && enable_openssh=yes
+            fi
+        fi
+
+        if test "$ENABLED_ALL_OSP" != "no"
+        then
+            test "$enable_lighty" = "" && enable_lighty=yes
+            test "$enable_nginx" = "" && enable_nginx=yes
+            test "$enable_openvpn" = "" && enable_openvpn=yes
+            test "$enable_asio" = "" && enable_asio=yes
+            test "$enable_libwebsockets" = "" && enable_libwebsockets=yes
+            if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then
+                test "$enable_qt" = "" && enable_qt=yes
+            fi
+        fi
+    fi
+
+    if test "$ENABLED_FIPS" = "no"
+    then
+        # these use DES3:
+        test "$enable_stunnel" = "" && enable_stunnel=yes
+        test "$enable_curl" = "" && enable_curl=yes
+        test "$enable_tcpdump" = "" && enable_tcpdump=yes
+    fi
+fi
+
+
 # Auto-selected activation of all applicable asm accelerations
 
 # Enable asm automatically only if the compiler advertises itself as full Gnu C.
@@ -1090,7 +1115,7 @@ then
 fi
 
 
-# ALL CRYPTO FEATURES
+# All wolfCrypt features:
 AC_ARG_ENABLE([all-crypto],
     [AS_HELP_STRING([--enable-all-crypto],[Enable all wolfcrypt algorithms (default: disabled)])],
     [ ENABLED_ALL_CRYPT=$enableval ],
@@ -1149,6 +1174,11 @@ then
     test "$enable_anon" = "" && enable_anon=yes
     test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
 
+    if test "x$FIPS_VERSION" != "xv1"
+    then
+        test "$enable_rsapss" = "" && enable_rsapss=yes
+    fi
+
     # sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
     if test "$ENABLED_SP_MATH" = "no"
     then

diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c
@@ -41,9 +41,7 @@ Or
 #include <wolfssl/wolfcrypt/settings.h>
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#ifdef OPENSSL_EXTRA
-    #undef OPENSSL_COEXIST /* can't use this option with this example */
-#endif
+#undef OPENSSL_COEXIST /* can't use this option with this example */
 
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/wc_port.h>

diff --git a/examples/client/client.c b/examples/client/client.c
@@ -33,9 +33,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#ifdef OPENSSL_EXTRA
-    #undef OPENSSL_COEXIST /* can't use this option with this example */
-#endif
+#undef OPENSSL_COEXIST /* can't use this option with this example */
 
 #include <wolfssl/ssl.h>
 

diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
@@ -30,9 +30,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#ifdef OPENSSL_EXTRA
-    #undef OPENSSL_COEXIST /* can't use this option with this example */
-#endif
+#undef OPENSSL_COEXIST /* can't use this option with this example */
 
 #include <wolfssl/ssl.h> /* name change portability layer */
 #include <wolfssl/wolfcrypt/settings.h>

diff --git a/examples/server/server.c b/examples/server/server.c
@@ -33,9 +33,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#ifdef OPENSSL_EXTRA
-    #undef OPENSSL_COEXIST /* can't use this option with this example */
-#endif
+#undef OPENSSL_COEXIST /* can't use this option with this example */
 
 #include <wolfssl/ssl.h> /* name change portability layer */
 

diff --git a/tests/unit.h b/tests/unit.h
@@ -34,9 +34,7 @@
 #endif
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with unit tests */
-#ifdef OPENSSL_EXTRA
-    #undef OPENSSL_COEXIST /* can't use this option with unit tests */
-#endif
+#undef OPENSSL_COEXIST /* can't use this option with unit tests */
 
 #include <wolfssl/ssl.h>
 #include <wolfssl/test.h>    /* thread and tcp stuff */

diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
@@ -30,9 +30,7 @@
 #endif
 
 #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */
-#ifdef OPENSSL_EXTRA
-    #undef OPENSSL_COEXIST /* can't use this option with this example */
-#endif
+#undef OPENSSL_COEXIST /* can't use this option with this example */
 
 #include <wolfssl/wolfcrypt/types.h>