diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | cmake/ssl.cmake | 3 | ||||
| -rw-r--r-- | extra/wolfssl/CMakeLists.txt | 47 | ||||
| -rw-r--r-- | extra/wolfssl/user_settings.h.in | 33 |
4 files changed, 53 insertions, 31 deletions
diff --git a/.gitignore b/.gitignore index 0fb30cc3184..95aa3ae64d4 100644 --- a/.gitignore +++ b/.gitignore @@ -58,6 +58,7 @@ extra/perror extra/replace extra/resolve_stack_dump extra/resolveip +extra/wolfssl/user_settings.h import_executables.cmake include/*.h.tmp include/config.h diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake index 7a571171eaf..bcb4a512126 100644 --- a/cmake/ssl.cmake +++ b/cmake/ssl.cmake @@ -49,12 +49,13 @@ ENDMACRO() MACRO (MYSQL_USE_BUNDLED_SSL) SET(INC_DIRS + ${CMAKE_BINARY_DIR}/extra/wolfssl ${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl ${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl/wolfssl ) SET(SSL_LIBRARIES wolfssl wolfcrypt) SET(SSL_INCLUDE_DIRS ${INC_DIRS}) - SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DOPENSSL_ALL -DWOLFSSL_MYSQL_COMPATIBLE -DWC_NO_HARDEN") + SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DWOLFSSL_USER_SETTINGS") SET(HAVE_ERR_remove_thread_state ON CACHE INTERNAL "wolfssl doesn't have ERR_remove_thread_state") SET(HAVE_EncryptAes128Ctr OFF CACHE INTERNAL "wolfssl does support AES-CTR, but differently from openssl") SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "wolfssl does not support AES-GCM") diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt index f3f09f631d7..2cb3f1dd3d1 100644 --- a/extra/wolfssl/CMakeLists.txt +++ b/extra/wolfssl/CMakeLists.txt @@ -25,25 +25,6 @@ ENDIF() SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src) ADD_DEFINITIONS(${SSL_DEFINES}) -ADD_DEFINITIONS( - -DHAVE_CRL - -DWOLFSSL_MYSQL_COMPATIBLE - -DHAVE_ECC - -DECC_TIMING_RESISTANT - -DBUILDING_WOLFSSL - -DHAVE_HASHDRBG - -DWOLFSSL_AES_DIRECT - -DWOLFSSL_SHA384 - -DWOLFSSL_SHA512 - -DWOLFSSL_SHA224 - -DSESSION_CERT - -DKEEP_OUR_CERT - -DWOLFSSL_STATIC_RSA - -DWC_RSA_BLINDING - -DHAVE_TLS_EXTENSIONS - -DHAVE_AES_ECB - -DWOLFSSL_AES_COUNTER - -DNO_WOLFSSL_STUB) SET(WOLFSSL_SOURCES ${WOLFSSL_SRCDIR}/crl.c @@ -53,7 +34,8 @@ SET(WOLFSSL_SOURCES ${WOLFSSL_SRCDIR}/wolfio.c ${WOLFSSL_SRCDIR}/ocsp.c ${WOLFSSL_SRCDIR}/ssl.c) -ADD_DEFINITIONS(-DWOLFSSL_LIB) +ADD_DEFINITIONS(-DWOLFSSL_LIB -DBUILDING_WOLFSSL) + INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl) IF(MSVC) # size_t to long truncation warning @@ -116,28 +98,31 @@ IF(NOT (MSVC AND CMAKE_C_COMPILER_ID MATCHES Clang) ENDIF() IF(WOLFSSL_FASTMATH) - ADD_DEFINITIONS(-DUSE_FAST_MATH) - # FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test - # WolfSSL will use more stack space with it - ADD_DEFINITIONS(-DFP_MAX_BITS=16384) - SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c) + SET(USE_FAST_MATH 1) + SET(TFM_TIMING_RESISTANT 1) + # FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test + # WolfSSL will use more stack space with it + SET(FP_MAX_BITS 16384) + SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c) ELSE() - SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c) + SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c) ENDIF() IF(WOLFSSL_INTELASM) - ADD_DEFINITIONS(-DWOLFSSL_AESNI) - SET(SSL_DEFINES "${SSL_DEFINES} -DWOLFSSL_AESNI" PARENT_SCOPE) + SET(WOLFSSL_AESNI 1) + LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/cpuid.c) IF(MSVC) LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.asm) IF(CMAKE_C_COMPILER_ID MATCHES Clang) SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -maes") ELSE() - ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DWOLFSSL_X86_64_BUILD) + SET(HAVE_INTEL_RDSEED 1) + SET(WOLFSSL_X86_64_BUILD 1) ENDIF() ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64") - ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP) + SET(HAVE_INTEL_RDSEED 1) + SET(USE_INTEL_SPEEDUP 1) LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.S ${WOLFCRYPT_SRCDIR}/sha512_asm.S @@ -146,5 +131,7 @@ IF(WOLFSSL_INTELASM) ENDIF() ENDIF() +CONFIGURE_FILE(user_settings.h.in user_settings.h) +INCLUDE_DIRECTORIES(${SSL_INCLUDE_DIRS}) ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES}) diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in new file mode 100644 index 00000000000..f44143517fa --- /dev/null +++ b/extra/wolfssl/user_settings.h.in @@ -0,0 +1,33 @@ +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#define HAVE_CRL +#define WOLFSSL_MYSQL_COMPATIBLE +#define HAVE_ECC +#define ECC_TIMING_RESISTANT +#define HAVE_HASHDRBG +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA224 +#define SESSION_CERT +#define KEEP_OUR_CERT +#define WOLFSSL_STATIC_RSA +#define WC_RSA_BLINDING +#define HAVE_TLS_EXTENSIONS +#define HAVE_AES_ECB +#define WOLFSSL_AES_COUNTER +#define NO_WOLFSSL_STUB +#define OPENSSL_ALL + + +#cmakedefine WOLFSSL_AESNI +#cmakedefine USE_FAST_MATH +#cmakedefine TFM_TIMING_RESISTANT +#cmakedefine HAVE_INTEL_RDSEED +#cmakedefine USE_INTEL_SPEEDUP +#cmakedefine FP_MAX_BITS @FP_MAX_BITS@ +#cmakedefine USE_FAST_MATH +#cmakedefine WOLFSSL_X86_64_BUILD + +#endif /* WOLFSSL_USER_SETTINGS_H */ |