CMake fixes and improvements

* Minor fixes to the CMakeLists.txt
* Add more options to the CMake infrastructure already present in the
  autoconf infrastructure
* An autoconf build now also generates and installs files required to
  consume the installed wolfssl library via CMake.
* Added test for autoconf-CMake interworking

Work is mostly done by Codex and Curser.

Author: Frauschi

.github/workflows/cmake-autoconf.yml

@@ -0,0 +1,50 @@
+name: WolfSSL CMake Autoconf Interworking Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+
+    steps:
+# pull wolfSSL
+    - uses: actions/checkout@master
+
+# install cmake and autotools
+    - name: Install cmake
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y cmake autoconf automake libtool
+
+# pull wolfssl
+    - name: Checkout wolfssl
+      uses: actions/checkout@master
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+# build and install wolfssl via autotools for CMake consumer test
+    - name: Build wolfssl with autotools
+      working-directory: ./wolfssl
+      run: |
+        ./autogen.sh
+        ./configure --prefix="$GITHUB_WORKSPACE/install-autoconf" --enable-all
+        make -j $(nproc)
+        make install
+
+# CMake consumer test using the autotools install
+    - name: CMake consumer test (autotools install)
+      working-directory: ./wolfssl
+      run: |
+        mkdir -p cmake/consumer/build
+        cd cmake/consumer/build
+        cmake -DCMAKE_PREFIX_PATH="$GITHUB_WORKSPACE/install-autoconf" ..
+        cmake --build .
+        ./wolfssl_consumer
+        cd ..
+        rm -rf build

.github/workflows/cmake.yml

@@ -36,9 +36,9 @@ jobs:
         cd build
         cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
             -DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
-            -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
+            -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes -DWOLFSSL_AESECB:BOOL=yes \
             -DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
-            -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
+            -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESCTS:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
             -DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
             -DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
             -DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
@@ -51,7 +51,7 @@ jobs:
             -DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
             -DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
             -DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
-            -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
+            -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_DTLS_CH_FRAG:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
             -DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
             -DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
             -DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \

.gitignore

@@ -41,6 +41,9 @@ tags
 .tags*
 cyassl-config
 wolfssl-config
+cmake/wolfssl-config.cmake
+cmake/wolfssl-config-version.cmake
+cmake/wolfssl-targets.cmake
 cyassl.sublime*
 fips.h
 fips.c

CMakeLists.txt

@@ -427,6 +427,18 @@ if(WOLFSSL_DTLS_CID)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CID")
 endif()
 
+# DTLS 1.3 Fragment ClientHello
+add_option("WOLFSSL_DTLS_CH_FRAG"
+    "Enable wolfSSL DTLS 1.3 Fragment ClientHello (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_DTLS_CH_FRAG)
+    if(NOT WOLFSSL_DTLS13)
+        message(FATAL_ERROR "DTLS 1.3 Fragment ClientHello are supported only for DTLSv1.3")
+    endif()
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CH_FRAG")
+endif()
+
 # RNG
 add_option("WOLFSSL_RNG"
     "Enable compiling and using RNG (default: enabled)"
@@ -513,6 +525,7 @@ endif()
 
 if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
+    set(WOLFSSL_PUBLIC_MP ON)
 endif()
 
 # TODO: - DTLS-SCTP
@@ -881,6 +894,27 @@ add_option("WOLFSSL_AESOFB"
     "Enable wolfSSL AES-OFB support (default: disabled)"
     "no" "yes;no")
 
+# AES-ECB
+add_option("WOLFSSL_AESECB"
+    "Enable wolfSSL AES-ECB support (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_AESECB)
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AES_ECB")
+endif()
+
+# AES-CTS
+add_option("WOLFSSL_AESCTS"
+    "Enable wolfSSL AES-CTS support (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_AESCTS)
+    if(NOT WOLFSSL_AESCBC)
+        message(FATAL_ERROR "AES-CTS requires AES-CBC.")
+    endif()
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CTS")
+endif()
+
 # TODO: - AES-GCM stream
 #       - AES-ARM
 #       - Xilinx hardened crypto
@@ -1081,6 +1115,7 @@ if(WOLFSSL_ECCSI)
     endif()
 
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFCRYPT_HAVE_ECCSI -DWOLFSSL_PUBLIC_MP")
+    set(WOLFSSL_PUBLIC_MP ON)
 endif()
 
 # SAKKE
@@ -1105,6 +1140,14 @@ if(WOLFSSL_SIPHASH)
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SIPHASH")
 endif()
 
+add_option("WOLFSSL_PUBLIC_MP"
+    "Enable public MP API (default: disabled)"
+    "no" "yes;no")
+
+if(WOLFSSL_PUBLIC_MP)
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP")
+endif()
+
 # TODO: - Compressed key
 #       - FP ECC, fixed point cache ECC
 #       - ECC encrypt
@@ -1435,6 +1478,12 @@ if(NOT WOLFSSL_AES)
     if(WOLFSSL_AESCTR)
         message(FATAL_ERROR "AESCTR requires AES.")
     endif()
+    if(WOLFSSL_AESECB)
+        message(FATAL_ERROR "AES-ECB requires AES.")
+    endif()
+    if(WOLFSSL_AESCTS)
+        message(FATAL_ERROR "AES-CTS requires AES.")
+    endif()
 else()
     if(WOLFSSL_LEAN_PSK)
         list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES")
@@ -2196,13 +2245,14 @@ if(WOLFSSL_AESOFB)
 endif()
 
 if(WOLFSSL_TPM)
-    override_cache(WOLFSSL_KEYGEN   "yes")
-    override_cache(WOLFSSL_CERTGEN  "yes")
-    override_cache(WOLFSSL_CRYPTOCB "yes")
-    override_cache(WOLFSSL_CERTREQ  "yes")
-    override_cache(WOLFSSL_CERTEXT  "yes")
-    override_cache(WOLFSSL_PKCS7    "yes")
-    override_cache(WOLFSSL_AESCFB   "yes")
+    override_cache(WOLFSSL_KEYGEN    "yes")
+    override_cache(WOLFSSL_CERTGEN   "yes")
+    override_cache(WOLFSSL_CRYPTOCB  "yes")
+    override_cache(WOLFSSL_CERTREQ   "yes")
+    override_cache(WOLFSSL_CERTEXT   "yes")
+    override_cache(WOLFSSL_PKCS7     "yes")
+    override_cache(WOLFSSL_AESCFB    "yes")
+    override_cache(WOLFSSL_PUBLIC_MP "yes")
     list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ALLOW_ENCODING_CA_FALSE")
 endif()
 
@@ -2600,7 +2650,7 @@ target_compile_definitions(wolfssl PRIVATE "BUILDING_WOLFSSL")
 if(${BUILD_SHARED_LIBS})
     target_compile_definitions(wolfssl PUBLIC "WOLFSSL_DLL")
 endif()
-target_compile_definitions(wolfssl PUBLIC ${WOLFSSL_DEFINITIONS})
+target_compile_definitions(wolfssl PRIVATE ${WOLFSSL_DEFINITIONS})
 
 ####################################################
 # Include Directories
@@ -2663,6 +2713,7 @@ if(WOLFSSL_EXAMPLES)
     add_executable(client
         ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
     target_link_libraries(client wolfssl)
+    target_compile_definitions(client PRIVATE ${WOLFSSL_DEFINITIONS})
     set_property(TARGET client
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/examples/client)
@@ -2671,6 +2722,7 @@ if(WOLFSSL_EXAMPLES)
     add_executable(server
         ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c)
     target_link_libraries(server wolfssl)
+    target_compile_definitions(server PRIVATE ${WOLFSSL_DEFINITIONS})
     set_property(TARGET server
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/examples/server)
@@ -2681,6 +2733,7 @@ if(WOLFSSL_EXAMPLES)
     target_include_directories(echoclient PRIVATE
         ${CMAKE_CURRENT_BINARY_DIR})
     target_link_libraries(echoclient wolfssl)
+    target_compile_definitions(echoclient PRIVATE ${WOLFSSL_DEFINITIONS})
     set_property(TARGET echoclient
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/examples/echoclient)
@@ -2691,6 +2744,7 @@ if(WOLFSSL_EXAMPLES)
     target_include_directories(echoserver PRIVATE
         ${CMAKE_CURRENT_BINARY_DIR})
     target_link_libraries(echoserver wolfssl)
+    target_compile_definitions(echoserver PRIVATE ${WOLFSSL_DEFINITIONS})
     set_property(TARGET echoserver
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/examples/echoserver)
@@ -2700,6 +2754,7 @@ if(WOLFSSL_EXAMPLES)
         add_executable(tls_bench
             ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
         target_link_libraries(tls_bench wolfssl)
+        target_compile_definitions(tls_bench PRIVATE ${WOLFSSL_DEFINITIONS})
         if(CMAKE_USE_PTHREADS_INIT)
             target_link_libraries(tls_bench Threads::Threads)
         endif()
@@ -2804,6 +2859,7 @@ if(WOLFSSL_EXAMPLES)
         ${CMAKE_CURRENT_BINARY_DIR})
     target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
     target_link_libraries(unit_test wolfssl)
+    target_compile_definitions(unit_test PRIVATE ${WOLFSSL_DEFINITIONS})
     if(CMAKE_USE_PTHREADS_INIT)
         target_link_libraries(unit_test Threads::Threads)
     endif()
@@ -2829,6 +2885,7 @@ if(WOLFSSL_CRYPT_TESTS)
             ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
         set_target_properties(wolfcrypttest_lib PROPERTIES OUTPUT_NAME "wolfcrypttest")
         target_link_libraries(wolfcrypttest_lib wolfssl)
+        target_compile_definitions(wolfcrypttest_lib PRIVATE ${WOLFSSL_DEFINITIONS})
         target_compile_options(wolfcrypttest_lib PRIVATE "-DNO_MAIN_DRIVER")
         if(WOLFSSL_CRYPT_TESTS_HELP)
             target_compile_options(wolfcrypttest_lib PRIVATE "-DHAVE_WOLFCRYPT_TEST_OPTIONS")
@@ -2839,13 +2896,15 @@ if(WOLFSSL_CRYPT_TESTS)
             ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c)
         set_target_properties(wolfcryptbench_lib PROPERTIES OUTPUT_NAME "wolfcryptbench")
         target_link_libraries(wolfcryptbench_lib wolfssl)
+        target_compile_definitions(wolfcryptbench_lib PRIVATE ${WOLFSSL_DEFINITIONS})
         target_compile_options(wolfcryptbench_lib PRIVATE "-DNO_MAIN_DRIVER")
     endif()
 
     # Build wolfCrypt test executable.
     add_executable(wolfcrypttest
         ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c)
     target_link_libraries(wolfcrypttest wolfssl)
+    target_compile_definitions(wolfcrypttest PRIVATE ${WOLFSSL_DEFINITIONS})
     set_property(TARGET wolfcrypttest
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/wolfcrypt/test)
@@ -2865,6 +2924,7 @@ if(WOLFSSL_CRYPT_TESTS)
     target_include_directories(wolfcryptbench PRIVATE
         ${CMAKE_CURRENT_BINARY_DIR})
     target_link_libraries(wolfcryptbench wolfssl)
+    target_compile_definitions(wolfcryptbench PRIVATE ${WOLFSSL_DEFINITIONS})
     set_property(TARGET wolfcryptbench
                  PROPERTY RUNTIME_OUTPUT_DIRECTORY
                  ${WOLFSSL_OUTPUT_BASE}/wolfcrypt/benchmark)
@@ -3019,9 +3079,9 @@ if(WOLFSSL_INSTALL)
     # Install the library
     install(TARGETS wolfssl
             EXPORT wolfssl-targets
-            LIBRARY DESTINATION lib
-            ARCHIVE DESTINATION lib
-            RUNTIME DESTINATION bin
+            LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+            ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+            RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
             )
     # Install the headers
     install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/

INSTALL

@@ -16,6 +16,9 @@
     all the generated build options. This file needs to be included in your application
     before any other wolfSSL headers. Optionally your application can define
     WOLFSSL_USE_OPTIONS_H to do this automatically.
+    Note: Building with configure also installs CMake package files under
+    $(libdir)/cmake/wolfssl to support find_package(wolfssl). You can disable this
+    with ./configure --disable-cmake-install.
 
 2. Building on iOS
 

Makefile.am

@@ -78,6 +78,9 @@ CLEANFILES+= ecc-key.der \
              pkcs7encryptedDataDES3.der \
              pkcs7encryptedDataDES.der \
              pkcs7envelopedDataAES256CBC_ECDH.der \
+             cmake/wolfssl-config.cmake \
+             cmake/wolfssl-config-version.cmake \
+             cmake/wolfssl-targets.cmake \
              pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der \
              pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der \
              pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der \

cmake/README.md

@@ -3,6 +3,9 @@
 This directory contains some supplementary functions for the [CMakeLists.txt](../CMakeLists.txt) in the root.
 
 See also cmake notes in the [INSTALL](../INSTALL) documentation file.
+When building with autoconf/automake, CMake package files are installed by default
+under $(libdir)/cmake/wolfssl to support find_package(wolfssl). Disable with
+./configure --disable-cmake-install.
 
 If new CMake build options are added `cmake/options.h.in` must also be updated.
 
@@ -56,4 +59,3 @@ See the Microsoft [CMakeSettings.json schema reference](https://learn.microsoft.
   * Specific environment variables
   * *UI-related tweaks
 
-

cmake/consumer/CMakeLists.txt

@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.10)
+
+project(wolfssl_consumer C)
+
+find_package(wolfssl CONFIG REQUIRED)
+
+add_executable(wolfssl_consumer main.c)
+target_link_libraries(wolfssl_consumer PRIVATE wolfssl::wolfssl)

cmake/consumer/README.md

@@ -0,0 +1,12 @@
+# CMake consumer test
+
+This is a minimal CMake project that consumes the installed wolfSSL
+package config.
+
+## Build
+
+```
+cmake -S . -B build -DCMAKE_PREFIX_PATH=/path/to/wolfssl/install
+cmake --build build
+./build/wolfssl_consumer
+```

cmake/consumer/main.c

@@ -0,0 +1,11 @@
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+
+int main(void)
+{
+    if (wolfSSL_Init() != WOLFSSL_SUCCESS) {
+        return 1;
+    }
+    wolfSSL_Cleanup();
+    return 0;
+}