From d257a5908751159bd2f5f73485841f0c46453065 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 10 Dec 2024 13:02:07 -0600 Subject: [PATCH] add support for WOLFSSL_NO_OPTIONS_H: * activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o. * refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG. * add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H). * for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c. --- cmake/options.h.in | 4 +++- configure.ac | 4 +++- linuxkm/Kbuild | 4 ++-- wolfcrypt/benchmark/benchmark.c | 2 +- wolfcrypt/test/test.c | 2 +- wolfssl/options.h.in | 4 +++- wolfssl/wolfcrypt/settings.h | 24 +++++++++++++++--------- 7 files changed, 28 insertions(+), 16 deletions(-) diff --git a/cmake/options.h.in b/cmake/options.h.in index 797d180fbd..c2ee963250 100644 --- a/cmake/options.h.in +++ b/cmake/options.h.in @@ -22,7 +22,9 @@ /* cmake template for options.h */ -#ifndef WOLFSSL_OPTIONS_H +#ifdef WOLFSSL_NO_OPTIONS_H +/* options.h inhibited by configuration */ +#elif !defined(WOLFSSL_OPTIONS_H) #define WOLFSSL_OPTIONS_H diff --git a/configure.ac b/configure.ac index 24775bd1b3..16af3bb243 100644 --- a/configure.ac +++ b/configure.ac @@ -10169,7 +10169,9 @@ echo " *" >> $OPTION_FILE echo " */" >> $OPTION_FILE echo "" >> $OPTION_FILE -echo "#ifndef WOLFSSL_OPTIONS_H" >> $OPTION_FILE +echo "#ifdef WOLFSSL_NO_OPTIONS_H" >> $OPTION_FILE +echo "/* options.h inhibited by configuration */" >> $OPTION_FILE +echo "#elif !defined(WOLFSSL_OPTIONS_H)" >> $OPTION_FILE echo "#define WOLFSSL_OPTIONS_H" >> $OPTION_FILE echo "" >> $OPTION_FILE echo "" >> $OPTION_FILE diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index f322742a46..6614e445a1 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -89,7 +89,7 @@ endif ccflags-y := $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_NO_VECTOR_INSNS) $(obj)/libwolfssl.mod.o: ccflags-y := -$(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER +$(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS_H $(obj)/wolfcrypt/src/aes.o: ccflags-y = $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS) @@ -109,7 +109,7 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS) endif -$(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION +$(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION -DWOLFSSL_NO_OPTIONS_H $(obj)/wolfcrypt/benchmark/benchmark.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE) asflags-y := $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPUSIMD_DISABLE) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 21b6ff9272..183ac5ff7a 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -61,7 +61,7 @@ #include #endif -#ifndef WOLFSSL_USER_SETTINGS +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) #include #endif #include /* also picks up user_settings.h */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b137df6b85..9044897169 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -32,7 +32,7 @@ #include #endif -#ifndef WOLFSSL_USER_SETTINGS +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) #include #endif #include diff --git a/wolfssl/options.h.in b/wolfssl/options.h.in index aa94f3ec0e..072ebd1c80 100644 --- a/wolfssl/options.h.in +++ b/wolfssl/options.h.in @@ -22,7 +22,9 @@ /* default blank options for autoconf */ -#ifndef WOLFSSL_OPTIONS_H +#ifdef WOLFSSL_NO_OPTIONS_H +/* options.h inhibited by configuration */ +#elif !defined(WOLFSSL_OPTIONS_H) #define WOLFSSL_OPTIONS_H diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 4879680436..97959113b2 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -47,11 +47,14 @@ extern "C" { #endif -/* This flag allows wolfSSL to include options.h instead of having client - * projects do it themselves. This should *NEVER* be defined when building - * wolfSSL as it can cause hard to debug problems. */ -#if defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H) -#include +/* WOLFSSL_USE_OPTIONS_H directs wolfSSL to include options.h on behalf of + * application code, rather than the application including it directly. This is + * not defined when compiling wolfSSL library objects, which are configured + * through CFLAGS. + */ +#if (defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H)) && \ + !defined(WOLFSSL_NO_OPTIONS_H) + #include #endif /* Uncomment next line if using IPHONE */ @@ -335,10 +338,13 @@ #include "nucleus.h" #include "os/networking/ssl/lite/cyassl_nucleus_defs.h" #elif !defined(BUILDING_WOLFSSL) && !defined(WOLFSSL_OPTIONS_H) && \ - !defined(WOLFSSL_CUSTOM_CONFIG) - /* This warning indicates that the settings header may not be included before - * other wolfSSL headers. If you are using a custom configuration method, - * define WOLFSSL_CUSTOM_CONFIG to override this error. */ + !defined(WOLFSSL_NO_OPTIONS_H) && !defined(WOLFSSL_CUSTOM_CONFIG) + /* This warning indicates that wolfSSL features may not have been properly + * configured before other wolfSSL headers were included. If you are using + * an alternative configuration method -- e.g. custom header, or CFLAGS in + * an application build -- then your application can avoid this warning by + * defining WOLFSSL_NO_OPTIONS_H or WOLFSSL_CUSTOM_CONFIG as appropriate. + */ #warning "No configuration for wolfSSL detected, check header order" #endif