[libtpms.git] / configure.ac

#
# configure.in
#
# See the LICENSE file for the license associated with this file.

AC_INIT([libtpms], [0.8.0])
AC_PREREQ(2.12)
AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_AUX_DIR([.])
AM_CONFIG_HEADER(config.h)

AC_CONFIG_MACRO_DIR([m4])
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects])

LIBTPMS_VER_MAJOR=`echo $PACKAGE_VERSION | awk -F. '{print $1}'`
LIBTPMS_VER_MINOR=`echo $PACKAGE_VERSION | awk -F. '{print $2}'`
LIBTPMS_VER_MICRO=`echo $PACKAGE_VERSION | awk -F. '{print $3}'`
LIBTPMS_VERSION=$PACKAGE_VERSION
LIBTPMS_VERSION_INFO=`expr $LIBTPMS_VER_MAJOR + $LIBTPMS_VER_MINOR`:$LIBTPMS_VER_MICRO:$LIBTPMS_VER_MINOR

AC_SUBST([LIBTPMS_VER_MAJOR])
AC_SUBST([LIBTPMS_VER_MINOR])
AC_SUBST([LIBTPMS_VER_MICRO])
AC_SUBST([LIBTPMS_VERSION])
AC_SUBST([LIBTPMS_VERSION_INFO])

DEBUG=""
AC_MSG_CHECKING([for debug-enabled build])
AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
  [if test "$enableval" = "yes"; then
     DEBUG="yes"
     AC_MSG_RESULT([yes])
   else
     DEBUG="no"
     AC_MSG_RESULT([no])
   fi],
  [DEBUG="no",
   AC_MSG_RESULT([no])])

if test "$DEBUG" = "yes"; then
	CFLAGS="$CFLAGS -O0 -g -DDEBUG"
fi

debug_defines=
if test "$DEBUG" = "yes"; then
	debug_defines="-DTPM_DEBUG"
	# Enable the following only if ABSOLUTELY necessary
	# volatile state will be written and behavior changes
	#"-DTPM_VOLATILE_STORE"
fi
AC_SUBST(DEBUG_DEFINES, $debug_defines)

# AX_CHECK_LINK_FLAG needs autoconf 2.64 or later
have_version_script="no"
m4_if(
      m4_version_compare(
                         m4_defn([AC_AUTOCONF_VERSION]),
                         [2.64]),
      -1,
      [],
      [AX_CHECK_LINK_FLAG([-Wl,--version-script=$srcdir/src/test.syms],
                          [have_version_script="yes"],
                          [])]
)

AM_CONDITIONAL([HAVE_VERSION_SCRIPT], [test "x$have_version_script" = "xyes"])

cryptolib=freebl
AC_SUBST(cryptolib, $cryptolib)

AC_ARG_WITH([openssl],
            AC_HELP_STRING([--with-openssl],
                           [build libtpms with openssl library]),
              [AC_CHECK_LIB(crypto,
                            [AES_set_encrypt_key],
                            [],
                            AC_MSG_ERROR(Faulty openssl crypto library))
               AC_CHECK_HEADERS([openssl/aes.h],[],
                            AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
               AC_MSG_RESULT([Building with openssl crypto library])
               cryptolib=openssl
              ]
)

case "$cryptolib" in
freebl)
	AM_CONDITIONAL(LIBTPMS_USE_FREEBL, true)
	AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, false)
        AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
                  [1],
                  [use freebl crypto library])

	CFLAGS_save=$CFLAGS

	AC_CHECK_HEADERS([gmp.h],[],
			 AC_MSG_ERROR(gmp-devel/libgmp-dev is bad))

	CFLAGS="$(nspr-config --cflags)"
	if test $? -ne 0; then
		AC_MSG_ERROR(Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?)
	fi
	CPPFLAGS=$CFLAGS
	AC_CHECK_HEADERS([plbase64.h],[],
			 AC_MSG_ERROR(You must install nspr-devel/libnspr4-dev))

	CFLAGS="$(nss-config --cflags) $CFLAGS"
	if test $? -ne 0; then
		AC_MSG_ERROR(Could not find nss-config. Is nss-devel/libnss3-dev installed?)
	fi
	CPPFLAGS="$CPPFLAGS $CFLAGS"
	AC_CHECK_HEADERS([sslerr.h],[],
			 AC_MSG_ERROR(nss-devel/libnss3-dev is bad))

	# Check for missing headers
	AC_CHECK_HEADERS([blapi.h],[],
			 AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
	# Check for missing freebl library or missing library functions
	LIBS_save="$LIBS"
	LIBS="$(nss-config --libs) $(nspr-config --libs)"
	AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
             AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
             [])
	LIBS="$LIBS_save"
	CFLAGS="$CFLAGS_save $CFLAGS"
	;;
openssl)
	AM_CONDITIONAL(LIBTPMS_USE_FREEBL, false)
	AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, true)
        AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
                  [1],
                  [use openssl crypto library])
	;;
esac

AC_ARG_WITH([tpm2],
	AC_HELP_STRING([--with-tpm2],
		       [build libtpms with TPM2 support]),
	AC_MSG_RESULT([Building with TPM2 support])
	if test "x$cryptolib" = "xfreebl"; then
		AC_MSG_ERROR([TPM2 support requires openssl crypto library])
	fi
	AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2])
	AM_CONDITIONAL(WITH_TPM2, true),
	AM_CONDITIONAL(WITH_TPM2, false)
)

use_openssl_functions_for=""
use_openssl_functions_symmetric=0
use_openssl_functions_ec=0
use_openssl_functions_ecdsa=0
use_openssl_functions_rsa=0
AC_ARG_ENABLE(use-openssl-functions,
	AS_HELP_STRING([--disable-use-openssl-functions],
		       [Use TPM 2 crypot code rather than OpenSSL crypto functions]),
)
AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
	if test "x$cryptolib" != "xopenssl"; then
		AC_MSG_ERROR([OpenSSL crypto function usage requires openssl as crypto library])
	fi
	LIBS_save=$LIBS
	# Check for symmetric key crypto functions
	not_found=0
	AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_EncryptInit_ex],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_camellia_128_cbc],, not_found=1)
	AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
	if test "x$not_found" = "x0"; then
		use_openssl_functions_symmetric=1
		use_openssl_functions_for="symmetric (AES, TDES) "
	fi
	# Check for EC crypto support
	not_found=0
	AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
	AC_CHECK_LIB([crypto], [EC_KEY_generate_key],, not_found=1)
	AC_CHECK_LIB([crypto], [EC_KEY_get0_private_key],, not_found=1)
	if test "x$not_found" = "x0"; then
		use_openssl_functions_ec=1
		use_openssl_functions_for="${use_openssl_functions_for}general elliptic curve (EC) "
	fi
	# Check for ECDSA crypto support
	not_found=0
	AC_CHECK_LIB([crypto], [ECDSA_SIG_new],, not_found=1)
	AC_CHECK_LIB([crypto], [ECDSA_SIG_set0],, not_found=1)
	AC_CHECK_LIB([crypto], [ECDSA_do_verify],, not_found=1)
	AC_CHECK_LIB([crypto], [ECDSA_do_sign],, not_found=1)
	AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
	if test "x$not_found" = "x0"; then
		use_openssl_functions_ecdsa=1
		use_openssl_functions_for="${use_openssl_functions_for}elliptic curve (ECDSA) "
	fi
	# Check for RSA crypto functions
	not_found=0
	AC_CHECK_LIB([crypto], [RSA_set0_key],, not_found=1)
	AC_CHECK_LIB([crypto], [RSA_set0_factors],, not_found=1)
	AC_CHECK_LIB([crypto], [RSA_set0_crt_params],, not_found=1)
	AC_CHECK_LIB([crypto], [RSA_generate_key_ex],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_new],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_assign],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt_init],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt_init],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_sign_init],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_sign],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_verify_init],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_PKEY_verify],, not_found=1)
	AC_CHECK_LIB([crypto], [EVP_get_digestbyname],, not_found=1)
	AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set0_rsa_oaep_label],, not_found=1)
	AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_padding],, not_found=1)
	AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_oaep_md],, not_found=1)
	AX_CHECK_DEFINE([<openssl/evp.h>], [EVP_PKEY_CTX_set_signature_md],, not_found=1)
	if test "x$not_found" = "x0"; then
		use_openssl_functions_rsa=1
		use_openssl_functions_for="${use_openssl_functions_for}RSA "
	fi
	LIBS=$LIBS_save
])
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=$use_openssl_functions_symmetric"
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_EC=$use_openssl_functions_ec"
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_ECDSA=$use_openssl_functions_ecdsa"
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_RSA=$use_openssl_functions_rsa"

AC_ARG_ENABLE([sanitizers], AS_HELP_STRING([--enable-sanitizers], [Enable address sanitizing]),
    [SANITIZERS="-fsanitize=address,undefined"], [])
AC_ARG_ENABLE([fuzzer], AS_HELP_STRING([--enable-fuzzer], [Enable fuzzer]),
    [FUZZER="$SANITIZERS -fsanitize=fuzzer"
     AM_CONDITIONAL(WITH_FUZZER, true)],
    [AM_CONDITIONAL(WITH_FUZZER, false)])
AC_SUBST([SANITIZERS])
AC_SUBST([FUZZER])

AM_CONDITIONAL([WITH_FUZZING_ENGINE], [test "x$LIB_FUZZING_ENGINE" != "x"])
AC_SUBST([LIB_FUZZING_ENGINE])

AC_ARG_ENABLE([test-coverage],
  AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]),
  [COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" COVERAGE_LDFLAGS="-fprofile-arcs"])

LT_INIT
AC_PROG_CC
AC_PROG_CXX
AC_PROG_INSTALL
AC_PROG_LIBTOOL

#AM_GNU_GETTEXT_VERSION([0.15])
#AM_GNU_GETTEXT([external])

AC_HEADER_STDC
AC_C_CONST
AC_C_INLINE

AC_TYPE_SIZE_T

AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
AC_SUBST([LIBRT_LIBS])

AC_ARG_ENABLE([hardening],
  AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))

if test "x$enable_hardening" != "xno"; then
	# Some versions of gcc fail with -Wstack-protector enabled
	TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)"
	if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
		HARDENING_CFLAGS="-fstack-protector "
	else
		HARDENING_CFLAGS="-fstack-protector-strong "
	fi

	dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
	TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
	TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
	if test -z "$TMP1" && test -n "$TPM2"; then
		HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
	fi
	dnl Check ld for 'relro' and 'now'
	if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
		HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro "
	fi
	if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
		HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now "
	fi
	AC_SUBST([HARDENING_CFLAGS])
	AC_SUBST([HARDENING_LDFLAGS])
fi

CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"

AC_CONFIG_FILES(Makefile                   \
		dist/libtpms.spec          \
		include/Makefile           \
		include/libtpms/Makefile   \
		include/libtpms/tpm_library.h \
		man/Makefile               \
		man/man3/Makefile          \
		src/Makefile               \
		libtpms.pc                 \
		tests/Makefile)
AC_OUTPUT

if test -z "$enable_debug" ; then
    enable_debug="no"
fi
if test -z "$with_tpm2"; then
    with_tpm2=no
fi

echo
echo "CFLAGS=$CFLAGS"
echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS"
echo "LDFLAGS=$LDFLAGS"
echo
echo "Version to build        : $PACKAGE_VERSION"
echo "Crypto library          : $cryptolib"
echo "Debug build             : $enable_debug"
echo "With TPM2 support       : $with_tpm2"
echo "HAVE_VERSION_SCRIPT     : $have_version_script"
echo "Use openssl crypto for  : $use_openssl_functions_for"
echo
echo
Commit	Line	Data
a0098eda CB	1	#
	2	# configure.in
	3	#
	4	# See the LICENSE file for the license associated with this file.
	5
625abcc6	6	AC_INIT([libtpms], [0.8.0])
a0098eda CB	7	AC_PREREQ(2.12)
a0098eda CB	8	AC_CONFIG_SRCDIR(Makefile.am)
d9d83de2	9	AC_CONFIG_AUX_DIR([.])
a0098eda CB	10	AM_CONFIG_HEADER(config.h)
	11
	12	AC_CONFIG_MACRO_DIR([m4])
	13	AC_CANONICAL_TARGET
23b958af	14	AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects])
a0098eda CB	15
	16	LIBTPMS_VER_MAJOR=`echo $PACKAGE_VERSION \| awk -F. '{print $1}'`
	17	LIBTPMS_VER_MINOR=`echo $PACKAGE_VERSION \| awk -F. '{print $2}'`
	18	LIBTPMS_VER_MICRO=`echo $PACKAGE_VERSION \| awk -F. '{print $3}'`
	19	LIBTPMS_VERSION=$PACKAGE_VERSION
	20	LIBTPMS_VERSION_INFO=`expr $LIBTPMS_VER_MAJOR + $LIBTPMS_VER_MINOR`:$LIBTPMS_VER_MICRO:$LIBTPMS_VER_MINOR
	21
	22	AC_SUBST([LIBTPMS_VER_MAJOR])
	23	AC_SUBST([LIBTPMS_VER_MINOR])
	24	AC_SUBST([LIBTPMS_VER_MICRO])
	25	AC_SUBST([LIBTPMS_VERSION])
	26	AC_SUBST([LIBTPMS_VERSION_INFO])
	27
	28	DEBUG=""
	29	AC_MSG_CHECKING([for debug-enabled build])
	30	AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
	31	[if test "$enableval" = "yes"; then
	32	DEBUG="yes"
	33	AC_MSG_RESULT([yes])
	34	else
	35	DEBUG="no"
	36	AC_MSG_RESULT([no])
	37	fi],
	38	[DEBUG="no",
	39	AC_MSG_RESULT([no])])
	40
d9ea4ea3	41	if test "$DEBUG" = "yes"; then
a0098eda CB	42	CFLAGS="$CFLAGS -O0 -g -DDEBUG"
	43	fi
	44
	45	debug_defines=
83ca1948	46	if test "$DEBUG" = "yes"; then
384bf2e2 SB	47	debug_defines="-DTPM_DEBUG"
	48	# Enable the following only if ABSOLUTELY necessary
	49	# volatile state will be written and behavior changes
	50	#"-DTPM_VOLATILE_STORE"
a0098eda CB	51	fi
	52	AC_SUBST(DEBUG_DEFINES, $debug_defines)
	53
dd9c2f21 SB	54	# AX_CHECK_LINK_FLAG needs autoconf 2.64 or later
	55	have_version_script="no"
	56	m4_if(
	57	m4_version_compare(
	58	m4_defn([AC_AUTOCONF_VERSION]),
	59	[2.64]),
	60	-1,
	61	[],
	62	[AX_CHECK_LINK_FLAG([-Wl,--version-script=$srcdir/src/test.syms],
	63	[have_version_script="yes"],
	64	[])]
	65	)
	66
27904459 SB	67	AM_CONDITIONAL([HAVE_VERSION_SCRIPT], [test "x$have_version_script" = "xyes"])
27904459 SB	68
a0098eda	69	cryptolib=freebl
38a7d195	70	AC_SUBST(cryptolib, $cryptolib)
a0098eda CB	71
	72	AC_ARG_WITH([openssl],
	73	AC_HELP_STRING([--with-openssl],
	74	[build libtpms with openssl library]),
	75	[AC_CHECK_LIB(crypto,
	76	[AES_set_encrypt_key],
	77	[],
	78	AC_MSG_ERROR(Faulty openssl crypto library))
03d25ba0 SB	79	AC_CHECK_HEADERS([openssl/aes.h],[],
03d25ba0 SB	80	AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
a0098eda CB	81	AC_MSG_RESULT([Building with openssl crypto library])
	82	cryptolib=openssl
	83	]
	84	)
	85
	86	case "$cryptolib" in
	87	freebl)
	88	AM_CONDITIONAL(LIBTPMS_USE_FREEBL, true)
	89	AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, false)
30a95c3c SB	90	AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
	91	[1],
	92	[use freebl crypto library])
fd8aa8c3 SB	93
	94	CFLAGS_save=$CFLAGS
	95
03d25ba0 SB	96	AC_CHECK_HEADERS([gmp.h],[],
	97	AC_MSG_ERROR(gmp-devel/libgmp-dev is bad))
	98
	99	CFLAGS="$(nspr-config --cflags)"
fd8aa8c3	100	if test $? -ne 0; then
03d25ba0	101	AC_MSG_ERROR(Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?)
fd8aa8c3	102	fi
03d25ba0 SB	103	CPPFLAGS=$CFLAGS
	104	AC_CHECK_HEADERS([plbase64.h],[],
	105	AC_MSG_ERROR(You must install nspr-devel/libnspr4-dev))
fd8aa8c3	106
03d25ba0	107	CFLAGS="$(nss-config --cflags) $CFLAGS"
fd8aa8c3	108	if test $? -ne 0; then
03d25ba0	109	AC_MSG_ERROR(Could not find nss-config. Is nss-devel/libnss3-dev installed?)
fd8aa8c3	110	fi
03d25ba0 SB	111	CPPFLAGS="$CPPFLAGS $CFLAGS"
	112	AC_CHECK_HEADERS([sslerr.h],[],
	113	AC_MSG_ERROR(nss-devel/libnss3-dev is bad))
fd8aa8c3	114
893d9b95 SB	115	# Check for missing headers
	116	AC_CHECK_HEADERS([blapi.h],[],
	117	AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
	118	# Check for missing freebl library or missing library functions
	119	LIBS_save="$LIBS"
	120	LIBS="$(nss-config --libs) $(nspr-config --libs)"
	121	AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
	122	AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
	123	[])
	124	LIBS="$LIBS_save"
03d25ba0	125	CFLAGS="$CFLAGS_save $CFLAGS"
a0098eda CB	126	;;
	127	openssl)
	128	AM_CONDITIONAL(LIBTPMS_USE_FREEBL, false)
	129	AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, true)
30a95c3c SB	130	AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
	131	[1],
	132	[use openssl crypto library])
a0098eda CB	133	;;
	134	esac
	135
3cf528aa SB	136	AC_ARG_WITH([tpm2],
3cf528aa SB	137	AC_HELP_STRING([--with-tpm2],
db80bd9e	138	[build libtpms with TPM2 support]),
3cf528aa SB	139	AC_MSG_RESULT([Building with TPM2 support])
	140	if test "x$cryptolib" = "xfreebl"; then
	141	AC_MSG_ERROR([TPM2 support requires openssl crypto library])
	142	fi
	143	AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2])
	144	AM_CONDITIONAL(WITH_TPM2, true),
	145	AM_CONDITIONAL(WITH_TPM2, false)
	146	)
	147
4e1cd261 SB	148	use_openssl_functions_for=""
4e1cd261 SB	149	use_openssl_functions_symmetric=0
afbb3274	150	use_openssl_functions_ec=0
46869d30	151	use_openssl_functions_ecdsa=0
6c901e32	152	use_openssl_functions_rsa=0
4e1cd261 SB	153	AC_ARG_ENABLE(use-openssl-functions,
	154	AS_HELP_STRING([--disable-use-openssl-functions],
	155	[Use TPM 2 crypot code rather than OpenSSL crypto functions]),
	156	)
	157	AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
	158	if test "x$cryptolib" != "xopenssl"; then
	159	AC_MSG_ERROR([OpenSSL crypto function usage requires openssl as crypto library])
	160	fi
4c1dfefa	161	LIBS_save=$LIBS
4e1cd261 SB	162	# Check for symmetric key crypto functions
	163	not_found=0
	164	AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],, not_found=1)
	165	AC_CHECK_LIB([crypto], [EVP_EncryptInit_ex],, not_found=1)
	166	AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
	167	AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
15687b63	168	AC_CHECK_LIB([crypto], [EVP_camellia_128_cbc],, not_found=1)
fee2ae97	169	AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
4e1cd261 SB	170	if test "x$not_found" = "x0"; then
	171	use_openssl_functions_symmetric=1
	172	use_openssl_functions_for="symmetric (AES, TDES) "
	173	fi
afbb3274 SB	174	# Check for EC crypto support
	175	not_found=0
	176	AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
	177	AC_CHECK_LIB([crypto], [EC_KEY_generate_key],, not_found=1)
	178	AC_CHECK_LIB([crypto], [EC_KEY_get0_private_key],, not_found=1)
	179	if test "x$not_found" = "x0"; then
	180	use_openssl_functions_ec=1
	181	use_openssl_functions_for="${use_openssl_functions_for}general elliptic curve (EC) "
	182	fi
46869d30 SB	183	# Check for ECDSA crypto support
	184	not_found=0
	185	AC_CHECK_LIB([crypto], [ECDSA_SIG_new],, not_found=1)
	186	AC_CHECK_LIB([crypto], [ECDSA_SIG_set0],, not_found=1)
	187	AC_CHECK_LIB([crypto], [ECDSA_do_verify],, not_found=1)
55f59887	188	AC_CHECK_LIB([crypto], [ECDSA_do_sign],, not_found=1)
46869d30 SB	189	AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
	190	if test "x$not_found" = "x0"; then
	191	use_openssl_functions_ecdsa=1
73264c84	192	use_openssl_functions_for="${use_openssl_functions_for}elliptic curve (ECDSA) "
46869d30	193	fi
6c901e32 SB	194	# Check for RSA crypto functions
	195	not_found=0
	196	AC_CHECK_LIB([crypto], [RSA_set0_key],, not_found=1)
	197	AC_CHECK_LIB([crypto], [RSA_set0_factors],, not_found=1)
	198	AC_CHECK_LIB([crypto], [RSA_set0_crt_params],, not_found=1)
6ae0d8c5	199	AC_CHECK_LIB([crypto], [RSA_generate_key_ex],, not_found=1)
6c901e32 SB	200	AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_new],, not_found=1)
	201	AC_CHECK_LIB([crypto], [EVP_PKEY_assign],, not_found=1)
	202	AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt_init],, not_found=1)
	203	AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt],, not_found=1)
	204	AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt_init],, not_found=1)
	205	AC_CHECK_LIB([crypto], [EVP_PKEY_decrypt],, not_found=1)
	206	AC_CHECK_LIB([crypto], [EVP_PKEY_sign_init],, not_found=1)
	207	AC_CHECK_LIB([crypto], [EVP_PKEY_sign],, not_found=1)
	208	AC_CHECK_LIB([crypto], [EVP_PKEY_verify_init],, not_found=1)
	209	AC_CHECK_LIB([crypto], [EVP_PKEY_verify],, not_found=1)
	210	AC_CHECK_LIB([crypto], [EVP_get_digestbyname],, not_found=1)
763d7a89 SB	211	AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set0_rsa_oaep_label],, not_found=1)
	212	AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_padding],, not_found=1)
	213	AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_oaep_md],, not_found=1)
	214	AX_CHECK_DEFINE([<openssl/evp.h>], [EVP_PKEY_CTX_set_signature_md],, not_found=1)
6c901e32 SB	215	if test "x$not_found" = "x0"; then
	216	use_openssl_functions_rsa=1
	217	use_openssl_functions_for="${use_openssl_functions_for}RSA "
	218	fi
4c1dfefa	219	LIBS=$LIBS_save
4e1cd261 SB	220	])
4e1cd261 SB	221	CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=$use_openssl_functions_symmetric"
afbb3274	222	CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_EC=$use_openssl_functions_ec"
46869d30	223	CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_ECDSA=$use_openssl_functions_ecdsa"
6c901e32	224	CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_RSA=$use_openssl_functions_rsa"
4e1cd261	225
48dabdbd MAL	226	AC_ARG_ENABLE([sanitizers], AS_HELP_STRING([--enable-sanitizers], [Enable address sanitizing]),
	227	[SANITIZERS="-fsanitize=address,undefined"], [])
	228	AC_ARG_ENABLE([fuzzer], AS_HELP_STRING([--enable-fuzzer], [Enable fuzzer]),
	229	[FUZZER="$SANITIZERS -fsanitize=fuzzer"
	230	AM_CONDITIONAL(WITH_FUZZER, true)],
	231	[AM_CONDITIONAL(WITH_FUZZER, false)])
	232	AC_SUBST([SANITIZERS])
	233	AC_SUBST([FUZZER])
	234
b214dabf MAL	235	AM_CONDITIONAL([WITH_FUZZING_ENGINE], [test "x$LIB_FUZZING_ENGINE" != "x"])
	236	AC_SUBST([LIB_FUZZING_ENGINE])
	237
13992522 SB	238	AC_ARG_ENABLE([test-coverage],
	239	AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]),
	240	[COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" COVERAGE_LDFLAGS="-fprofile-arcs"])
	241
4461f8a7	242	LT_INIT
a0098eda	243	AC_PROG_CC
b214dabf	244	AC_PROG_CXX
a0098eda CB	245	AC_PROG_INSTALL
	246	AC_PROG_LIBTOOL
	247
	248	#AM_GNU_GETTEXT_VERSION([0.15])
	249	#AM_GNU_GETTEXT([external])
	250
	251	AC_HEADER_STDC
	252	AC_C_CONST
	253	AC_C_INLINE
	254
	255	AC_TYPE_SIZE_T
	256
6b444ad3 SB	257	AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
	258	AC_SUBST([LIBRT_LIBS])
	259
be9b50f1 SB	260	AC_ARG_ENABLE([hardening],
	261	AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
	262
	263	if test "x$enable_hardening" != "xno"; then
	264	# Some versions of gcc fail with -Wstack-protector enabled
	265	TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)"
	266	if echo $TMP \| $GREP 'unrecognized command line option' >/dev/null; then
	267	HARDENING_CFLAGS="-fstack-protector "
	268	else
	269	HARDENING_CFLAGS="-fstack-protector-strong "
	270	fi
40e13951	271
be9b50f1 SB	272	dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
	273	TMP1="$(echo $CFLAGS \| sed -n 's/.\(-O0\)./\1/p')"
	274	TMP2="$(echo $CFLAGS \| sed -n 's/.\(-O\)./\1/p')"
	275	if test -z "$TMP1" && test -n "$TPM2"; then
	276	HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
	277	fi
	278	dnl Check ld for 'relro' and 'now'
	279	if $LD --help 2>&1 \| $GREP '\-z relro ' > /dev/null; then
	280	HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro "
	281	fi
	282	if $LD --help 2>&1 \| $GREP '\-z now ' > /dev/null; then
	283	HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now "
	284	fi
	285	AC_SUBST([HARDENING_CFLAGS])
	286	AC_SUBST([HARDENING_LDFLAGS])
793852f1	287	fi
a0098eda	288
d9ea4ea3 SB	289	CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
d9ea4ea3 SB	290	LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
a0098eda CB	291
	292	AC_CONFIG_FILES(Makefile \
	293	dist/libtpms.spec \
	294	include/Makefile \
	295	include/libtpms/Makefile \
	296	include/libtpms/tpm_library.h \
a0098eda CB	297	man/Makefile \
	298	man/man3/Makefile \
	299	src/Makefile \
	300	libtpms.pc \
	301	tests/Makefile)
	302	AC_OUTPUT
	303
384bf2e2 SB	304	if test -z "$enable_debug" ; then
	305	enable_debug="no"
	306	fi
3cf528aa SB	307	if test -z "$with_tpm2"; then
	308	with_tpm2=no
	309	fi
384bf2e2 SB	310
384bf2e2 SB	311	echo
a0098eda	312	echo "CFLAGS=$CFLAGS"
769fb37a	313	echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
ec0f7ed1	314	echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS"
a0098eda	315	echo "LDFLAGS=$LDFLAGS"
384bf2e2	316	echo
4e1cd261 SB	317	echo "Version to build : $PACKAGE_VERSION"
	318	echo "Crypto library : $cryptolib"
	319	echo "Debug build : $enable_debug"
	320	echo "With TPM2 support : $with_tpm2"
	321	echo "HAVE_VERSION_SCRIPT : $have_version_script"
	322	echo "Use openssl crypto for : $use_openssl_functions_for"
384bf2e2 SB	323	echo
384bf2e2 SB	324	echo