]>
Commit | Line | Data |
---|---|---|
a0098eda CB |
1 | # |
2 | # configure.in | |
3 | # | |
4 | # See the LICENSE file for the license associated with this file. | |
5 | ||
625abcc6 | 6 | AC_INIT([libtpms], [0.8.0]) |
a0098eda CB |
7 | AC_PREREQ(2.12) |
8 | AC_CONFIG_SRCDIR(Makefile.am) | |
d9d83de2 | 9 | AC_CONFIG_AUX_DIR([.]) |
a0098eda CB |
10 | AM_CONFIG_HEADER(config.h) |
11 | ||
12 | AC_CONFIG_MACRO_DIR([m4]) | |
13 | AC_CANONICAL_TARGET | |
23b958af | 14 | AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects]) |
a0098eda CB |
15 | |
16 | LIBTPMS_VER_MAJOR=`echo $PACKAGE_VERSION | awk -F. '{print $1}'` | |
17 | LIBTPMS_VER_MINOR=`echo $PACKAGE_VERSION | awk -F. '{print $2}'` | |
18 | LIBTPMS_VER_MICRO=`echo $PACKAGE_VERSION | awk -F. '{print $3}'` | |
19 | LIBTPMS_VERSION=$PACKAGE_VERSION | |
20 | LIBTPMS_VERSION_INFO=`expr $LIBTPMS_VER_MAJOR + $LIBTPMS_VER_MINOR`:$LIBTPMS_VER_MICRO:$LIBTPMS_VER_MINOR | |
21 | ||
22 | AC_SUBST([LIBTPMS_VER_MAJOR]) | |
23 | AC_SUBST([LIBTPMS_VER_MINOR]) | |
24 | AC_SUBST([LIBTPMS_VER_MICRO]) | |
25 | AC_SUBST([LIBTPMS_VERSION]) | |
26 | AC_SUBST([LIBTPMS_VERSION_INFO]) | |
27 | ||
28 | DEBUG="" | |
29 | AC_MSG_CHECKING([for debug-enabled build]) | |
30 | AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]), | |
31 | [if test "$enableval" = "yes"; then | |
32 | DEBUG="yes" | |
33 | AC_MSG_RESULT([yes]) | |
34 | else | |
35 | DEBUG="no" | |
36 | AC_MSG_RESULT([no]) | |
37 | fi], | |
38 | [DEBUG="no", | |
39 | AC_MSG_RESULT([no])]) | |
40 | ||
d9ea4ea3 | 41 | if test "$DEBUG" = "yes"; then |
a0098eda CB |
42 | CFLAGS="$CFLAGS -O0 -g -DDEBUG" |
43 | fi | |
44 | ||
45 | debug_defines= | |
83ca1948 | 46 | if test "$DEBUG" = "yes"; then |
384bf2e2 SB |
47 | debug_defines="-DTPM_DEBUG" |
48 | # Enable the following only if ABSOLUTELY necessary | |
49 | # volatile state will be written and behavior changes | |
50 | #"-DTPM_VOLATILE_STORE" | |
a0098eda CB |
51 | fi |
52 | AC_SUBST(DEBUG_DEFINES, $debug_defines) | |
53 | ||
dd9c2f21 SB |
54 | # AX_CHECK_LINK_FLAG needs autoconf 2.64 or later |
55 | have_version_script="no" | |
56 | m4_if( | |
57 | m4_version_compare( | |
58 | m4_defn([AC_AUTOCONF_VERSION]), | |
59 | [2.64]), | |
60 | -1, | |
61 | [], | |
62 | [AX_CHECK_LINK_FLAG([-Wl,--version-script=$srcdir/src/test.syms], | |
63 | [have_version_script="yes"], | |
64 | [])] | |
65 | ) | |
66 | ||
27904459 SB |
67 | AM_CONDITIONAL([HAVE_VERSION_SCRIPT], [test "x$have_version_script" = "xyes"]) |
68 | ||
a0098eda | 69 | cryptolib=freebl |
38a7d195 | 70 | AC_SUBST(cryptolib, $cryptolib) |
a0098eda CB |
71 | |
72 | AC_ARG_WITH([openssl], | |
73 | AC_HELP_STRING([--with-openssl], | |
74 | [build libtpms with openssl library]), | |
75 | [AC_CHECK_LIB(crypto, | |
76 | [AES_set_encrypt_key], | |
77 | [], | |
78 | AC_MSG_ERROR(Faulty openssl crypto library)) | |
03d25ba0 SB |
79 | AC_CHECK_HEADERS([openssl/aes.h],[], |
80 | AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?)) | |
a0098eda CB |
81 | AC_MSG_RESULT([Building with openssl crypto library]) |
82 | cryptolib=openssl | |
83 | ] | |
84 | ) | |
85 | ||
86 | case "$cryptolib" in | |
87 | freebl) | |
88 | AM_CONDITIONAL(LIBTPMS_USE_FREEBL, true) | |
89 | AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, false) | |
30a95c3c SB |
90 | AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY], |
91 | [1], | |
92 | [use freebl crypto library]) | |
fd8aa8c3 SB |
93 | |
94 | CFLAGS_save=$CFLAGS | |
95 | ||
03d25ba0 SB |
96 | AC_CHECK_HEADERS([gmp.h],[], |
97 | AC_MSG_ERROR(gmp-devel/libgmp-dev is bad)) | |
98 | ||
99 | CFLAGS="$(nspr-config --cflags)" | |
fd8aa8c3 | 100 | if test $? -ne 0; then |
03d25ba0 | 101 | AC_MSG_ERROR(Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?) |
fd8aa8c3 | 102 | fi |
03d25ba0 SB |
103 | CPPFLAGS=$CFLAGS |
104 | AC_CHECK_HEADERS([plbase64.h],[], | |
105 | AC_MSG_ERROR(You must install nspr-devel/libnspr4-dev)) | |
fd8aa8c3 | 106 | |
03d25ba0 | 107 | CFLAGS="$(nss-config --cflags) $CFLAGS" |
fd8aa8c3 | 108 | if test $? -ne 0; then |
03d25ba0 | 109 | AC_MSG_ERROR(Could not find nss-config. Is nss-devel/libnss3-dev installed?) |
fd8aa8c3 | 110 | fi |
03d25ba0 SB |
111 | CPPFLAGS="$CPPFLAGS $CFLAGS" |
112 | AC_CHECK_HEADERS([sslerr.h],[], | |
113 | AC_MSG_ERROR(nss-devel/libnss3-dev is bad)) | |
fd8aa8c3 | 114 | |
893d9b95 SB |
115 | # Check for missing headers |
116 | AC_CHECK_HEADERS([blapi.h],[], | |
117 | AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h)) | |
118 | # Check for missing freebl library or missing library functions | |
119 | LIBS_save="$LIBS" | |
120 | LIBS="$(nss-config --libs) $(nspr-config --libs)" | |
121 | AC_SEARCH_LIBS([AES_CreateContext], [freebl],[], | |
122 | AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"), | |
123 | []) | |
124 | LIBS="$LIBS_save" | |
03d25ba0 | 125 | CFLAGS="$CFLAGS_save $CFLAGS" |
a0098eda CB |
126 | ;; |
127 | openssl) | |
128 | AM_CONDITIONAL(LIBTPMS_USE_FREEBL, false) | |
129 | AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, true) | |
30a95c3c SB |
130 | AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY], |
131 | [1], | |
132 | [use openssl crypto library]) | |
a0098eda CB |
133 | ;; |
134 | esac | |
135 | ||
3cf528aa SB |
136 | AC_ARG_WITH([tpm2], |
137 | AC_HELP_STRING([--with-tpm2], | |
db80bd9e | 138 | [build libtpms with TPM2 support]), |
3cf528aa SB |
139 | AC_MSG_RESULT([Building with TPM2 support]) |
140 | if test "x$cryptolib" = "xfreebl"; then | |
141 | AC_MSG_ERROR([TPM2 support requires openssl crypto library]) | |
142 | fi | |
143 | AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2]) | |
144 | AM_CONDITIONAL(WITH_TPM2, true), | |
145 | AM_CONDITIONAL(WITH_TPM2, false) | |
146 | ) | |
147 | ||
4e1cd261 SB |
148 | use_openssl_functions_for="" |
149 | use_openssl_functions_symmetric=0 | |
afbb3274 | 150 | use_openssl_functions_ec=0 |
46869d30 | 151 | use_openssl_functions_ecdsa=0 |
6c901e32 | 152 | use_openssl_functions_rsa=0 |
4e1cd261 SB |
153 | AC_ARG_ENABLE(use-openssl-functions, |
154 | AS_HELP_STRING([--disable-use-openssl-functions], | |
155 | [Use TPM 2 crypot code rather than OpenSSL crypto functions]), | |
156 | ) | |
157 | AS_IF([test "x$enable_use_openssl_functions" != "xno"], [ | |
158 | if test "x$cryptolib" != "xopenssl"; then | |
159 | AC_MSG_ERROR([OpenSSL crypto function usage requires openssl as crypto library]) | |
160 | fi | |
4c1dfefa | 161 | LIBS_save=$LIBS |
4e1cd261 SB |
162 | # Check for symmetric key crypto functions |
163 | not_found=0 | |
164 | AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],, not_found=1) | |
165 | AC_CHECK_LIB([crypto], [EVP_EncryptInit_ex],, not_found=1) | |
166 | AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1) | |
167 | AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1) | |
15687b63 | 168 | AC_CHECK_LIB([crypto], [EVP_camellia_128_cbc],, not_found=1) |
fee2ae97 | 169 | AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1) |
4e1cd261 SB |
170 | if test "x$not_found" = "x0"; then |
171 | use_openssl_functions_symmetric=1 | |
172 | use_openssl_functions_for="symmetric (AES, TDES) " | |
173 | fi | |
afbb3274 SB |
174 | # Check for EC crypto support |
175 | not_found=0 | |
176 | AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1) | |
177 | AC_CHECK_LIB([crypto], [EC_KEY_generate_key],, not_found=1) | |
178 | AC_CHECK_LIB([crypto], [EC_KEY_get0_private_key],, not_found=1) | |
179 | if test "x$not_found" = "x0"; then | |
180 | use_openssl_functions_ec=1 | |
181 | use_openssl_functions_for="${use_openssl_functions_for}general elliptic curve (EC) " | |
182 | fi | |
46869d30 SB |
183 | # Check for ECDSA crypto support |
184 | not_found=0 | |
185 | AC_CHECK_LIB([crypto], [ECDSA_SIG_new],, not_found=1) | |
186 | AC_CHECK_LIB([crypto], [ECDSA_SIG_set0],, not_found=1) | |
187 | AC_CHECK_LIB([crypto], [ECDSA_do_verify],, not_found=1) | |
55f59887 | 188 | AC_CHECK_LIB([crypto], [ECDSA_do_sign],, not_found=1) |
46869d30 SB |
189 | AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1) |
190 | if test "x$not_found" = "x0"; then | |
191 | use_openssl_functions_ecdsa=1 | |
73264c84 | 192 | use_openssl_functions_for="${use_openssl_functions_for}elliptic curve (ECDSA) " |
46869d30 | 193 | fi |
6c901e32 SB |
194 | # Check for RSA crypto functions |
195 | not_found=0 | |
196 | AC_CHECK_LIB([crypto], [RSA_set0_key],, not_found=1) | |
197 | AC_CHECK_LIB([crypto], [RSA_set0_factors],, not_found=1) | |
198 | AC_CHECK_LIB([crypto], [RSA_set0_crt_params],, not_found=1) | |
6ae0d8c5 | 199 | AC_CHECK_LIB([crypto], [RSA_generate_key_ex],, not_found=1) |
6c901e32 SB |
200 | AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_new],, not_found=1) |
201 | AC_CHECK_LIB([crypto], [EVP_PKEY_assign],, not_found=1) | |
202 | AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt_init],, not_found=1) | |
203 | AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt],, not_found=1) | |
204 | AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt_init],, not_found=1) | |
205 | AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt],, not_found=1) | |
206 | AC_CHECK_LIB([crypto], [EVP_PKEY_sign_init],, not_found=1) | |
207 | AC_CHECK_LIB([crypto], [EVP_PKEY_sign],, not_found=1) | |
208 | AC_CHECK_LIB([crypto], [EVP_PKEY_verify_init],, not_found=1) | |
209 | AC_CHECK_LIB([crypto], [EVP_PKEY_verify],, not_found=1) | |
210 | AC_CHECK_LIB([crypto], [EVP_get_digestbyname],, not_found=1) | |
763d7a89 SB |
211 | AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set0_rsa_oaep_label],, not_found=1) |
212 | AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_padding],, not_found=1) | |
213 | AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_oaep_md],, not_found=1) | |
214 | AX_CHECK_DEFINE([<openssl/evp.h>], [EVP_PKEY_CTX_set_signature_md],, not_found=1) | |
6c901e32 SB |
215 | if test "x$not_found" = "x0"; then |
216 | use_openssl_functions_rsa=1 | |
217 | use_openssl_functions_for="${use_openssl_functions_for}RSA " | |
218 | fi | |
4c1dfefa | 219 | LIBS=$LIBS_save |
4e1cd261 SB |
220 | ]) |
221 | CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=$use_openssl_functions_symmetric" | |
afbb3274 | 222 | CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_EC=$use_openssl_functions_ec" |
46869d30 | 223 | CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_ECDSA=$use_openssl_functions_ecdsa" |
6c901e32 | 224 | CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_RSA=$use_openssl_functions_rsa" |
4e1cd261 | 225 | |
48dabdbd MAL |
226 | AC_ARG_ENABLE([sanitizers], AS_HELP_STRING([--enable-sanitizers], [Enable address sanitizing]), |
227 | [SANITIZERS="-fsanitize=address,undefined"], []) | |
228 | AC_ARG_ENABLE([fuzzer], AS_HELP_STRING([--enable-fuzzer], [Enable fuzzer]), | |
229 | [FUZZER="$SANITIZERS -fsanitize=fuzzer" | |
230 | AM_CONDITIONAL(WITH_FUZZER, true)], | |
231 | [AM_CONDITIONAL(WITH_FUZZER, false)]) | |
232 | AC_SUBST([SANITIZERS]) | |
233 | AC_SUBST([FUZZER]) | |
234 | ||
b214dabf MAL |
235 | AM_CONDITIONAL([WITH_FUZZING_ENGINE], [test "x$LIB_FUZZING_ENGINE" != "x"]) |
236 | AC_SUBST([LIB_FUZZING_ENGINE]) | |
237 | ||
13992522 SB |
238 | AC_ARG_ENABLE([test-coverage], |
239 | AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]), | |
240 | [COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" COVERAGE_LDFLAGS="-fprofile-arcs"]) | |
241 | ||
4461f8a7 | 242 | LT_INIT |
a0098eda | 243 | AC_PROG_CC |
b214dabf | 244 | AC_PROG_CXX |
a0098eda CB |
245 | AC_PROG_INSTALL |
246 | AC_PROG_LIBTOOL | |
247 | ||
248 | #AM_GNU_GETTEXT_VERSION([0.15]) | |
249 | #AM_GNU_GETTEXT([external]) | |
250 | ||
251 | AC_HEADER_STDC | |
252 | AC_C_CONST | |
253 | AC_C_INLINE | |
254 | ||
255 | AC_TYPE_SIZE_T | |
256 | ||
6b444ad3 SB |
257 | AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt") |
258 | AC_SUBST([LIBRT_LIBS]) | |
259 | ||
be9b50f1 SB |
260 | AC_ARG_ENABLE([hardening], |
261 | AS_HELP_STRING([--disable-hardening], [Disable hardening flags])) | |
262 | ||
263 | if test "x$enable_hardening" != "xno"; then | |
264 | # Some versions of gcc fail with -Wstack-protector enabled | |
265 | TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)" | |
266 | if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then | |
267 | HARDENING_CFLAGS="-fstack-protector " | |
268 | else | |
269 | HARDENING_CFLAGS="-fstack-protector-strong " | |
270 | fi | |
40e13951 | 271 | |
be9b50f1 SB |
272 | dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2 |
273 | TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')" | |
274 | TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')" | |
275 | if test -z "$TMP1" && test -n "$TPM2"; then | |
276 | HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 " | |
277 | fi | |
278 | dnl Check ld for 'relro' and 'now' | |
279 | if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then | |
280 | HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro " | |
281 | fi | |
282 | if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then | |
283 | HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now " | |
284 | fi | |
285 | AC_SUBST([HARDENING_CFLAGS]) | |
286 | AC_SUBST([HARDENING_LDFLAGS]) | |
793852f1 | 287 | fi |
a0098eda | 288 | |
d9ea4ea3 SB |
289 | CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign" |
290 | LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS" | |
a0098eda CB |
291 | |
292 | AC_CONFIG_FILES(Makefile \ | |
293 | dist/libtpms.spec \ | |
294 | include/Makefile \ | |
295 | include/libtpms/Makefile \ | |
296 | include/libtpms/tpm_library.h \ | |
a0098eda CB |
297 | man/Makefile \ |
298 | man/man3/Makefile \ | |
299 | src/Makefile \ | |
300 | libtpms.pc \ | |
301 | tests/Makefile) | |
302 | AC_OUTPUT | |
303 | ||
384bf2e2 SB |
304 | if test -z "$enable_debug" ; then |
305 | enable_debug="no" | |
306 | fi | |
3cf528aa SB |
307 | if test -z "$with_tpm2"; then |
308 | with_tpm2=no | |
309 | fi | |
384bf2e2 SB |
310 | |
311 | echo | |
a0098eda | 312 | echo "CFLAGS=$CFLAGS" |
769fb37a | 313 | echo "HARDENING_CFLAGS=$HARDENING_CFLAGS" |
ec0f7ed1 | 314 | echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS" |
a0098eda | 315 | echo "LDFLAGS=$LDFLAGS" |
384bf2e2 | 316 | echo |
4e1cd261 SB |
317 | echo "Version to build : $PACKAGE_VERSION" |
318 | echo "Crypto library : $cryptolib" | |
319 | echo "Debug build : $enable_debug" | |
320 | echo "With TPM2 support : $with_tpm2" | |
321 | echo "HAVE_VERSION_SCRIPT : $have_version_script" | |
322 | echo "Use openssl crypto for : $use_openssl_functions_for" | |
384bf2e2 SB |
323 | echo |
324 | echo |