Update CMakeLists.txt

both CMakeLists.txt and source use ENABLE_XXX

CMakeLists.txt

@@ -27,9 +27,6 @@ set(src
 	src/zuc_modes.c
 	src/aes.c
 	src/aes_modes.c
-	src/sha256.c
-	src/sha512.c
-	src/chacha20.c
 	src/hash_drbg.c
 	src/block_cipher.c
 	src/digest.c
@@ -127,11 +124,6 @@ set(tests
 	sm9
 	zuc
 	aes
-	sha224
-	sha256
-	sha384
-	sha512
-	chacha20
 	hash_drbg
 	block_cipher
 	digest
@@ -171,9 +163,6 @@ set(demos
 	sdf_info_demo
 	sdf_rand_demo
 	sdf_sign_demo
-	sha256_digest_demo
-	sha512_256_digest_demo
-	sha512_digest_demo
 	#sm2_ciphertext_to_der_demo
 	sm2_ecdh_demo
 	sm2_encrypt_demo
@@ -241,29 +230,30 @@ include(CheckSymbolExists)
 
 option(ENABLE_SM2_ALGOR_ID_ENCODE_NULL "Enable AlgorithmIdenifier with algorithm sm2sign_with_sm3 encode a NULL object as parameters" OFF)
 if (ENABLE_SM2_ALGOR_ID_ENCODE_NULL)
-	message(STATUS "ENABLE_SM2_ALGOR_ID_ENCODE_NULL")
+	message(STATUS "ENABLE_SM2_ALGOR_ID_ENCODE_NULL is ON")
-	add_definitions(-DSM2_ALGOR_ID_ENCODE_NULL)
+	add_definitions(-DENABLE_SM2_ALGOR_ID_ENCODE_NULL)
 endif()
 
 
 option(ENABLE_SM2_PRIVATE_KEY_EXPORT "Enable export un-encrypted SM2 private key" OFF)
 if (ENABLE_SM2_PRIVATE_KEY_EXPORT)
-	message(STATUS "ENABLE_SM2_PRIVATE_KEY_EXPORT")
+	message(STATUS "ENABLE_SM2_PRIVATE_KEY_EXPORT is ON")
-	add_definitions(-DSM2_PRIVATE_KEY_EXPORT)
+	add_definitions(-DENABLE_SM2_PRIVATE_KEY_EXPORT)
 	list(APPEND demos sm2_key_export_demo)
 endif()
 
 
 option(ENABLE_TLS_DEBUG "Enable TLS and TLCP print debug message" OFF)
 if (ENABLE_TLS_DEBUG)
-	message(STATUS "ENABLE_TLS_DEBUG")
+	message(STATUS "ENABLE_TLS_DEBUG is ON")
-	add_definitions(-DTLS_DEBUG)
+	add_definitions(-DENABLE_TLS_DEBUG)
 endif()
 
+
 #option(ENABLE_SM3_AVX_BMI2 "Enable SM3 AVX+BMI2 assembly implementation" OFF)
 #if (ENABLE_SM3_AVX_BMI2)
-#	message(STATUS "ENABLE_SM3_AVX_BMI2")
+#	message(STATUS "ENABLE_SM3_AVX_BMI2 is ON")
-#	add_definitions(-DSM3_AVX_BMI2)
+#	add_definitions(-DENABLE_SM3_AVX_BMI2)
 #	enable_language(ASM)
 #	list(APPEND src src/sm3_avx_bmi2.s)
 #endif()
@@ -271,8 +261,8 @@ endif()
 
 option(ENABLE_SM4_AESNI_AVX "Enable SM4 AESNI+AVX assembly implementation" OFF)
 if (ENABLE_SM4_AESNI_AVX)
-	message(STATUS "ENABLE_SM4_AESNI_AVX")
+	message(STATUS "ENABLE_SM4_AESNI_AVX is ON")
-	add_definitions(-DSM4_AESNI_AVX)
+	add_definitions(-DENABLE_SM4_AESNI_AVX)
 	list(APPEND src src/sm4_aesni_avx.c)
 	list(APPEND tests sm4_aesni_avx)
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -march=native")
@@ -293,15 +283,35 @@ if (ENABLE_SM2_EXTS)
 endif()
 
 
-option(ENABLE_BROKEN_CRYPTO "Enable broken crypto algorithms" OFF)
+option(ENABLE_SHA1 "Enable SHA1" OFF)
-if (ENABLE_BROKEN_CRYPTO)
+if (ENABLE_SHA1)
-	message(STATUS "ENABLE_BROKEN_CRYPTO")
+	message(STATUS "ENABLE_SHA1 is ON")
+	add_definitions(-DENABLE_SHA1)
 	list(APPEND src src/sha1.c)
 	list(APPEND tests sha1)
 	list(APPEND demos sha1_digest_demo)
 endif()
 
 
+# TODO: pbkdf, hkdf and tls13 rely on sha2
+option(ENABLE_SHA2 "Enable SHA2" ON)
+if (ENABLE_SHA2)
+	message(STATUS "ENABLE_SHA2 is ON")
+	add_definitions(-DENABLE_SHA2)
+	list(APPEND src src/sha256.c src/sha512.c)
+	list(APPEND tests sha224 sha256 sha384 sha512)
+	list(APPEND demos sha256_digest_demo sha512_digest_demo sha512_256_digest_demo)
+endif()
+
+
+option(ENABLE_CHACHA20 "Enable Chacha20" OFF)
+if (ENABLE_CHACHA20)
+	message(STATUS "ENABLE_CHACHA20 is ON")
+	list(APPEND src src/chacha20.c)
+	list(APPEND tests chacha20)
+endif()
+
+
 option(ENABLE_INTEL_RDRAND "Enable Intel RDRAND instructions" OFF)
 option(ENABLE_INTEL_RDSEED "Enable Intel RDSEED instructions" OFF)
 
@@ -313,7 +323,7 @@ if (ENABLE_INTEL_RDRAND)
 		HAVE_INTEL_RDRAND)
 	if (HAVE_INTEL_RDRAND)
 		message(STATUS "ENABLE_INTEL_RDRAND")
-		add_definitions(-DINTEL_RDRAND)
+		add_definitions(-DENABLE_INTEL_RDRAND)
 		list(APPEND src src/rdrand.c)
 		list(APPEND demos rdrand_demo)
 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdrnd")
@@ -325,7 +335,7 @@ if (ENABLE_INTEL_RDRAND)
 			HAVE_INTEL_RDSEED)
 		if (HAVE_INTEL_RDSEED)
 			message(STATUS "ENABLE_INTEL_RDSEED")
-			add_definitions(-DINTEL_RDSEED)
+			add_definitions(-DENABLE_INTEL_RDSEED)
 			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mrdseed")
 		endif()
 	endif()
@@ -348,7 +358,7 @@ elseif (APPLE)
 	list(APPEND src src/rand_apple.c src/http.c)
 elseif (HAVE_GETENTROPY)
 	list(APPEND src src/rand_unix.c src/http.c)
-	 message(STATUS "have getentropy")
+	message(STATUS "have getentropy")
 else()
 	list(APPEND src src/rand.c src/http.c)
 endif()
@@ -440,30 +450,22 @@ if (ENABLE_DEMOS)
 	endforeach()
 endif()
 
-
+# Generate install package with cpack
+#	cpack -G TGZ
+#	cpack -G STGZ
+#	cpack -G NSIS64 # Windows only
+#
+# Install the STGZ package
+#	./GmSSL-<version>-Linux.sh --prefix=/usr/local
+#
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
 set(CPACK_PACKAGE_VERSION "3.1.2-Dev")
-
-set(CPACK_RPM_PACKAGE_GROUP "GmSSL Group")
-set(CPACK_PACKAGE_VENDOR "GmSSL Vendor")
-
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 string(CONCAT CPACK_PACKAGE_DESCRIPTION_SUMMARY
     "GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 "
     "and other national secret (national commercial password) algorithm. ")
 set(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE")
-set(CPACK_PACKAGE_CONTACT "https://github.com/guanzhi/GmSSL/issues")
-# The general number of package itself.
-# Should be incremented when the package content changes for the same version.
-# Can be used to distinguish between different builds of the same version.
-# Can be overridden by `cmake -DCPACK_NOARCH_PACKAGE_RELEASE=1`
-set(CPACK_NOARCH_PACKAGE_RELEASE 1 CACHE STRING "The general release number of package")
-
-#set(CPACK_PACKAGING_INSTALL_PREFIX "/usr/local")
 set(CPACK_NSIS_MODIFY_PATH ON)
-
-include(DebPacking)
-include(RpmPacking)
 include(CPack)
 

cmake/DebPacking.cmake

@@ -1,3 +0,0 @@
-set(CPACK_DEBIAN_FILE_NAME DEB-DEFAULT)
-set(CPACK_DEBIAN_PACKAGE_RELEASE ${CPACK_NOARCH_PACKAGE_RELEASE})
-set(CPACK_DEBIAN_PACKAGE_MAINTAINER ${CPACK_PACKAGE_VENDOR})

cmake/LinuxPacking.cmake

@@ -1,17 +0,0 @@
-set(CPACK_PACKAGE_NAME "gmssl")
-set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION_MAJOR 3)
-set(CPACK_PACKAGE_VERSION_MINOR 0)
-set(CPACK_PACKAGE_VERSION_PATCH 0)
-set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
-string(CONCAT CPACK_PACKAGE_DESCRIPTION_SUMMARY 
-    "GmSSL is an open source cryptographic toolbox that supports SM2 / SM3 / SM4 / SM9 "
-    "and other national secret (national commercial password) algorithm. ")
-set(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE")
-set(CPACK_PACKAGE_INSTALL_DIRECTORY /usr)
-set(CPACK_PACKAGE_CONTACT "https://github.com/guanzhi/GmSSL/issues")
-# The general number of package itself. 
-# Should be incremented when the package content changes for the same version.
-# Can be used to distinguish between different builds of the same version.
-# Can be overridden by `cmake -DCPACK_NOARCH_PACKAGE_RELEASE=1`
-set(CPACK_NOARCH_PACKAGE_RELEASE 1 CACHE STRING "The general release number of package")

cmake/RpmPacking.cmake

@@ -1,2 +0,0 @@
-set(CPACK_RPM_FILE_NAME RPM-DEFAULT)
-set(CPACK_RPM_PACKAGE_RELEASE ${CPACK_NOARCH_PACKAGE_RELEASE})

include/gmssl/digest.h

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -16,11 +16,12 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <gmssl/sm3.h>
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
 #include <gmssl/sha1.h>
 #endif
+#ifdef ENABLE_SHA2
 #include <gmssl/sha2.h>
-
+#endif
 
 #ifdef __cplusplus
 extern "C" {
@@ -38,13 +39,15 @@ typedef struct DIGEST_CTX DIGEST_CTX;
 struct DIGEST_CTX {
 	union {
 		SM3_CTX sm3_ctx;
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
 		SHA1_CTX sha1_ctx;
 #endif
+#ifdef ENABLE_SHA2
 		SHA224_CTX sha224_ctx;
 		SHA256_CTX sha256_ctx;
 		SHA384_CTX sha384_ctx;
 		SHA512_CTX sha512_ctx;
+#endif
 	} u;
 	const DIGEST *digest;
 };
@@ -60,15 +63,17 @@ struct DIGEST {
 };
 
 const DIGEST *DIGEST_sm3(void);
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
 const DIGEST *DIGEST_sha1(void);
 #endif
+#ifdef ENABLE_SHA2
 const DIGEST *DIGEST_sha224(void);
 const DIGEST *DIGEST_sha256(void);
 const DIGEST *DIGEST_sha384(void);
 const DIGEST *DIGEST_sha512(void);
 const DIGEST *DIGEST_sha512_224(void);
 const DIGEST *DIGEST_sha512_256(void);
+#endif
 
 const DIGEST *digest_from_name(const char *name);
 const char *digest_name(const DIGEST *digest);

include/gmssl/tls.h

@@ -854,7 +854,7 @@ int tls13_gcm_decrypt(const BLOCK_CIPHER_KEY *key, const uint8_t iv[12],
 	int *record_type, uint8_t *out, size_t *outlen);
 
 
-#ifdef TLS_DEBUG
+#ifdef ENABLE_TLS_DEBUG
 #	define tls_trace(s) fprintf(stderr,(s))
 #	define tls_record_trace(fp,rec,reclen,fmt,ind)  tls_record_print(fp,rec,reclen,fmt,ind)
 #	define tlcp_record_trace(fp,rec,reclen,fmt,ind)  tlcp_record_print(fp,rec,reclen,fmt,ind)

src/digest.c

@@ -24,13 +24,15 @@ typedef struct {
 
 DIGEST_TABLE digest_table[] = {
 	{ OID_sm3, "sm3", "SM3" },
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
 	{ OID_sha1, "sha1", "SHA-1" },
 #endif
+#ifdef ENABLE_SHA2
 	{ OID_sha224, "sha224", "SHA-224" },
 	{ OID_sha256, "sha256", "SHA-256" },
 	{ OID_sha384, "sha384", "SHA-384" },
 	{ OID_sha512, "sha512", "SHA-512" },
+#endif
 };
 
 const char *digest_name(const DIGEST *digest)
@@ -94,10 +96,11 @@ const DIGEST *digest_from_name(const char *name)
 {
 	if (!strcmp(name, "sm3") || !strcmp(name, "SM3")) {
 		return DIGEST_sm3();
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
 	} else if (!strcmp(name, "sha1") || !strcmp(name, "SHA1")) {
 		return DIGEST_sha1();
 #endif
+#ifdef ENABLE_SHA2
 	} else if (!strcmp(name, "sha224") || !strcmp(name, "SHA224")) {
 		return DIGEST_sha224();
 	} else if (!strcmp(name, "sha256") || !strcmp(name, "SHA256")) {
@@ -110,6 +113,7 @@ const DIGEST *digest_from_name(const char *name)
 		return DIGEST_sha512_224();
 	} else if (!strcmp(name, "sha512-256") || !strcmp(name, "SHA512-256")) {
 		return DIGEST_sha512_256();
+#endif
 	}
 	return NULL;
 }
@@ -159,8 +163,7 @@ const DIGEST *DIGEST_sm3(void)
         return &sm3_digest_object;
 }
 
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
-
 #include <gmssl/sha1.h>
 
 static int sha1_digest_init(DIGEST_CTX *ctx)
@@ -207,8 +210,9 @@ const DIGEST *DIGEST_sha1(void)
 {
         return &sha1_digest_object;
 }
-#endif
+#endif // ENABLE SHA1
 
+#ifdef ENABLE_SHA2
 #include <gmssl/sha2.h>
 
 static int sha224_digest_init(DIGEST_CTX *ctx)
@@ -451,3 +455,4 @@ const DIGEST *DIGEST_sha512_256(void)
 {
         return &sha512_256_digest_object;
 }
+#endif // ENABLE_SHA2

src/sm2_key.c

@@ -361,7 +361,7 @@ err:
 	return -1;
 }
 
-#ifdef SM2_PRIVATE_KEY_EXPORT
+#ifdef ENABLE_SM2_PRIVATE_KEY_EXPORT
 int sm2_private_key_info_to_pem(const SM2_KEY *key, FILE *fp)
 {
 	int ret = -1;
@@ -445,7 +445,7 @@ int sm2_public_key_info_from_der(SM2_KEY *pub_key, const uint8_t **in, size_t *i
 	return 1;
 }
 
-#ifdef SM2_PRIVATE_KEY_EXPORT
+#ifdef ENABLE_SM2_PRIVATE_KEY_EXPORT
 
 // FIXME: side-channel of Base64
 int sm2_private_key_to_pem(const SM2_KEY *a, FILE *fp)

src/sm4_modes.c

@@ -101,7 +101,7 @@ static void ctr_incr(uint8_t a[16])
 	}
 }
 
-#ifndef SM4_AESNI_AVX
+#ifndef ENABLE_SM4_AESNI_AVX
 void sm4_ctr_encrypt(const SM4_KEY *key, uint8_t ctr[16], const uint8_t *in, size_t inlen, uint8_t *out)
 {
 	uint8_t block[16];

src/x509_alg.c

@@ -325,7 +325,7 @@ from RFC 5758 Internet X.509 Public Key Infrastructure:
 
 */
 
-#ifdef SM2_ALGOR_ID_ENCODE_NULL // from CMakeLists.txt
+#ifdef ENABLE_SM2_ALGOR_ID_ENCODE_NULL // from CMakeLists.txt
 #define SM2_SIGN_ALGOR_FLAGS 1
 #else
 #define SM2_SIGN_ALGOR_FLAGS 0

tests/digesttest.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
+ *  Copyright 2014-2023 The GmSSL Project. All Rights Reserved.
  *
  *  Licensed under the Apache License, Version 2.0 (the License); you may
  *  not use this file except in compliance with the License.
@@ -15,17 +15,18 @@
 #include <gmssl/digest.h>
 
 const char *digests[] = {
-#ifdef ENABLE_BROKEN_CRYPTO
+	"sm3",
-	"md5",
+#ifdef ENABLE_SHA1
 	"sha1",
 #endif
-	"sm3",
+#ifdef ENABLE_SHA2
 	"sha224",
 	"sha256",
 	"sha384",
 	"sha512",
 	"sha512-224",
 	"sha512-256",
+#endif
 };
 
 int main(void)

tests/hash_drbgtest.c

@@ -37,7 +37,7 @@
 int main(void)
 {
 // currently we only has SHA-1 test suites
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
 	HASH_DRBG drbg;
 
 	uint8_t entropy[sizeof(EntropyInput)/2];
@@ -89,6 +89,6 @@ int main(void)
 		printf("%02x", out[i]);
 	}
 	printf("\n");
-#endif
+#endif // ENABLE_SHA1
 	return 0;
 }

tests/hkdftest.c

@@ -24,6 +24,7 @@ static struct {
 	char *prk;
 	char *okm;
 } hkdf_tests[] = {
+#ifdef ENABLE_SHA2 // FIXME: add SM3 test suites, if neither SHA1, SHA2 enabled, build failure
 	{
 		// test 1
 		"sha256",
@@ -78,7 +79,9 @@ static struct {
 		"b8a11f5c5ee1879ec3454e5f3c738d2d"
 		"9d201395faa4b61a96c8",
 	},
-#ifdef ENABLE_BROKEN_CRYPTO
+#endif // ENABLE_SHA2
+
+#ifdef ENABLE_SHA1
 	{
 		// test 4
 		"sha1",
@@ -142,7 +145,7 @@ static struct {
 		"b3bae548aa53d423b0d1f27ebba6f5e5"
 		"673a081d70cce7acfc48",
 	},
-#endif
+#endif // ENABLE_SHA1
 };
 
 int test_hkdf(void)

tests/pbkdf2test.c

@@ -102,7 +102,7 @@ void test(void)
 static int test_pbkdf2_genkey(void)
 {
 // FIXME: currently we only has SHA-1 tests, replace with SHA-256
-#ifdef ENABLE_BROKEN_CRYPTO
+#ifdef ENABLE_SHA1
 	int i;
 	uint8_t key[64];
 	uint8_t buf[64];

tools/rand.c

@@ -85,7 +85,7 @@ bad:
 		size_t len = outlen < sizeof(buf) ? outlen : sizeof(buf);
 
 		if (rdrand) {
-#ifdef INTEL_RDRAND
+#ifdef ENABLE_INTEL_RDRAND
 			if (rdrand_bytes(buf, len) != 1) {
 				fprintf(stderr, "%s: inner error\n", prog);
 				goto end;
@@ -94,7 +94,7 @@ bad:
 			fprintf(stderr, "%s: `-rdrand` is not supported on your platform\n", prog);
 #endif
 		} else if (rdseed) {
-#ifdef INTEL_RDSEED
+#ifdef ENABLE_INTEL_RDSEED
 			if (rdseed_bytes(buf, len) != 1) {
 				fprintf(stderr, "%s: inner error\n", prog);
 				goto end;