]> git.proxmox.com Git - libtpms.git/blob - configure.ac
projects / libtpms.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
tpm2: Use OpenSSL to create TDES keys if rand == NULL
[libtpms.git] / configure.ac
1 #
2 # configure.in
3 #
4 # See the LICENSE file for the license associated with this file.
5
6 AC_INIT([libtpms], [0.7.0])
7 AC_PREREQ(2.12)
8 AC_CONFIG_SRCDIR(Makefile.am)
9 AC_CONFIG_AUX_DIR([.])
10 AM_CONFIG_HEADER(config.h)
11
12 AC_CONFIG_MACRO_DIR([m4])
13 AC_CANONICAL_TARGET
14 AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects])
15
16 LIBTPMS_VER_MAJOR=`echo $PACKAGE_VERSION | awk -F. '{print $1}'`
17 LIBTPMS_VER_MINOR=`echo $PACKAGE_VERSION | awk -F. '{print $2}'`
18 LIBTPMS_VER_MICRO=`echo $PACKAGE_VERSION | awk -F. '{print $3}'`
19 LIBTPMS_VERSION=$PACKAGE_VERSION
20 LIBTPMS_VERSION_INFO=`expr $LIBTPMS_VER_MAJOR + $LIBTPMS_VER_MINOR`:$LIBTPMS_VER_MICRO:$LIBTPMS_VER_MINOR
21
22 AC_SUBST([LIBTPMS_VER_MAJOR])
23 AC_SUBST([LIBTPMS_VER_MINOR])
24 AC_SUBST([LIBTPMS_VER_MICRO])
25 AC_SUBST([LIBTPMS_VERSION])
26 AC_SUBST([LIBTPMS_VERSION_INFO])
27
28 DEBUG=""
29 AC_MSG_CHECKING([for debug-enabled build])
30 AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
31 [if test "$enableval" = "yes"; then
32 DEBUG="yes"
33 AC_MSG_RESULT([yes])
34 else
35 DEBUG="no"
36 AC_MSG_RESULT([no])
37 fi],
38 [DEBUG="no",
39 AC_MSG_RESULT([no])])
40
41 if test "$DEBUG" = "yes"; then
42 CFLAGS="$CFLAGS -O0 -g -DDEBUG"
43 fi
44
45 debug_defines=
46 if test "$DEBUG" = "yes"; then
47 debug_defines="-DTPM_DEBUG"
48 # Enable the following only if ABSOLUTELY necessary
49 # volatile state will be written and behavior changes
50 #"-DTPM_VOLATILE_STORE"
51 fi
52 AC_SUBST(DEBUG_DEFINES, $debug_defines)
53
54 # AX_CHECK_LINK_FLAG needs autoconf 2.64 or later
55 have_version_script="no"
56 m4_if(
57 m4_version_compare(
58 m4_defn([AC_AUTOCONF_VERSION]),
59 [2.64]),
60 -1,
61 [],
62 [AX_CHECK_LINK_FLAG([-Wl,--version-script=$srcdir/src/test.syms],
63 [have_version_script="yes"],
64 [])]
65 )
66
67 AM_CONDITIONAL([HAVE_VERSION_SCRIPT], [test "x$have_version_script" = "xyes"])
68
69 cryptolib=freebl
70 AC_SUBST(cryptolib, $cryptolib)
71
72 AC_ARG_WITH([openssl],
73 AC_HELP_STRING([--with-openssl],
74 [build libtpms with openssl library]),
75 [AC_CHECK_LIB(crypto,
76 [AES_set_encrypt_key],
77 [],
78 AC_MSG_ERROR(Faulty openssl crypto library))
79 AC_CHECK_HEADERS([openssl/aes.h],[],
80 AC_MSG_ERROR(Is openssl-devel/libssl-dev installed?))
81 AC_MSG_RESULT([Building with openssl crypto library])
82 cryptolib=openssl
83 ]
84 )
85
86 case "$cryptolib" in
87 freebl)
88 AM_CONDITIONAL(LIBTPMS_USE_FREEBL, true)
89 AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, false)
90 AC_DEFINE([USE_FREEBL_CRYPTO_LIBRARY],
91 [1],
92 [use freebl crypto library])
93
94 CFLAGS_save=$CFLAGS
95
96 AC_CHECK_HEADERS([gmp.h],[],
97 AC_MSG_ERROR(gmp-devel/libgmp-dev is bad))
98
99 CFLAGS="$(nspr-config --cflags)"
100 if test $? -ne 0; then
101 AC_MSG_ERROR(Could not find nspr-config. Is nspr-devel/libnspr4-dev installed?)
102 fi
103 CPPFLAGS=$CFLAGS
104 AC_CHECK_HEADERS([plbase64.h],[],
105 AC_MSG_ERROR(You must install nspr-devel/libnspr4-dev))
106
107 CFLAGS="$(nss-config --cflags) $CFLAGS"
108 if test $? -ne 0; then
109 AC_MSG_ERROR(Could not find nss-config. Is nss-devel/libnss3-dev installed?)
110 fi
111 CPPFLAGS="$CPPFLAGS $CFLAGS"
112 AC_CHECK_HEADERS([sslerr.h],[],
113 AC_MSG_ERROR(nss-devel/libnss3-dev is bad))
114
115 # Check for missing headers
116 AC_CHECK_HEADERS([blapi.h],[],
117 AC_MSG_ERROR(nss-softokn-freebl-devel/libnss3-dev is missing blapi.h))
118 # Check for missing freebl library or missing library functions
119 LIBS_save="$LIBS"
120 LIBS="$(nss-config --libs) $(nspr-config --libs)"
121 AC_SEARCH_LIBS([AES_CreateContext], [freebl],[],
122 AC_MSG_ERROR("Could not find AES_CreateContext(). Is nss-softokn-freebl-devel/libnss3-dev installed?"),
123 [])
124 LIBS="$LIBS_save"
125 CFLAGS="$CFLAGS_save $CFLAGS"
126 ;;
127 openssl)
128 AM_CONDITIONAL(LIBTPMS_USE_FREEBL, false)
129 AM_CONDITIONAL(LIBTPMS_USE_OPENSSL, true)
130 AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
131 [1],
132 [use openssl crypto library])
133 ;;
134 esac
135
136 AC_ARG_WITH([tpm2],
137 AC_HELP_STRING([--with-tpm2],
138 [build libtpms with TPM2 support (experimental)]),
139 AC_MSG_RESULT([Building with TPM2 support])
140 if test "x$cryptolib" = "xfreebl"; then
141 AC_MSG_ERROR([TPM2 support requires openssl crypto library])
142 fi
143 AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2])
144 AM_CONDITIONAL(WITH_TPM2, true),
145 AM_CONDITIONAL(WITH_TPM2, false)
146 )
147
148 use_openssl_functions_for=""
149 use_openssl_functions_symmetric=0
150 use_openssl_functions_ec=0
151 use_openssl_functions_ecdsa=0
152 AC_ARG_ENABLE(use-openssl-functions,
153 AS_HELP_STRING([--disable-use-openssl-functions],
154 [Use TPM 2 crypot code rather than OpenSSL crypto functions]),
155 )
156 AS_IF([test "x$enable_use_openssl_functions" != "xno"], [
157 if test "x$cryptolib" != "xopenssl"; then
158 AC_MSG_ERROR([OpenSSL crypto function usage requires openssl as crypto library])
159 fi
160 # Check for symmetric key crypto functions
161 not_found=0
162 AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],, not_found=1)
163 AC_CHECK_LIB([crypto], [EVP_EncryptInit_ex],, not_found=1)
164 AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
165 AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
166 AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
167 if test "x$not_found" = "x0"; then
168 use_openssl_functions_symmetric=1
169 use_openssl_functions_for="symmetric (AES, TDES) "
170 fi
171 # Check for EC crypto support
172 not_found=0
173 AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
174 AC_CHECK_LIB([crypto], [EC_KEY_generate_key],, not_found=1)
175 AC_CHECK_LIB([crypto], [EC_KEY_get0_private_key],, not_found=1)
176 if test "x$not_found" = "x0"; then
177 use_openssl_functions_ec=1
178 use_openssl_functions_for="${use_openssl_functions_for}general elliptic curve (EC) "
179 fi
180 # Check for ECDSA crypto support
181 not_found=0
182 AC_CHECK_LIB([crypto], [ECDSA_SIG_new],, not_found=1)
183 AC_CHECK_LIB([crypto], [ECDSA_SIG_set0],, not_found=1)
184 AC_CHECK_LIB([crypto], [ECDSA_do_verify],, not_found=1)
185 AC_CHECK_LIB([crypto], [ECDSA_do_sign],, not_found=1)
186 AC_CHECK_LIB([crypto], [EC_KEY_set_group],, not_found=1)
187 if test "x$not_found" = "x0"; then
188 use_openssl_functions_ecdsa=1
189 use_openssl_functions_for="${use_openssl_functions_for}elliptic curve (ECDSA)"
190 fi
191 ])
192 CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=$use_openssl_functions_symmetric"
193 CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_EC=$use_openssl_functions_ec"
194 CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_ECDSA=$use_openssl_functions_ecdsa"
195
196 AC_ARG_ENABLE([sanitizers], AS_HELP_STRING([--enable-sanitizers], [Enable address sanitizing]),
197 [SANITIZERS="-fsanitize=address,undefined"], [])
198 AC_ARG_ENABLE([fuzzer], AS_HELP_STRING([--enable-fuzzer], [Enable fuzzer]),
199 [FUZZER="$SANITIZERS -fsanitize=fuzzer"
200 AM_CONDITIONAL(WITH_FUZZER, true)],
201 [AM_CONDITIONAL(WITH_FUZZER, false)])
202 AC_SUBST([SANITIZERS])
203 AC_SUBST([FUZZER])
204
205 AM_CONDITIONAL([WITH_FUZZING_ENGINE], [test "x$LIB_FUZZING_ENGINE" != "x"])
206 AC_SUBST([LIB_FUZZING_ENGINE])
207
208 AC_ARG_ENABLE([test-coverage],
209 AS_HELP_STRING([--enable-test-coverage], [Enable test coverage flags]),
210 [COVERAGE_CFLAGS="-fprofile-arcs -ftest-coverage" COVERAGE_LDFLAGS="-fprofile-arcs"])
211
212 LT_INIT
213 AC_PROG_CC
214 AC_PROG_CXX
215 AC_PROG_INSTALL
216 AC_PROG_LIBTOOL
217
218 #AM_GNU_GETTEXT_VERSION([0.15])
219 #AM_GNU_GETTEXT([external])
220
221 AC_HEADER_STDC
222 AC_C_CONST
223 AC_C_INLINE
224
225 AC_TYPE_SIZE_T
226
227 AC_CHECK_LIB(c, clock_gettime, LIBRT_LIBS="", LIBRT_LIBS="-lrt")
228 AC_SUBST([LIBRT_LIBS])
229
230 AC_ARG_ENABLE([hardening],
231 AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
232
233 if test "x$enable_hardening" != "xno"; then
234 # Some versions of gcc fail with -Wstack-protector enabled
235 TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)"
236 if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
237 HARDENING_CFLAGS="-fstack-protector "
238 else
239 HARDENING_CFLAGS="-fstack-protector-strong "
240 fi
241
242 dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
243 TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
244 TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
245 if test -z "$TMP1" && test -n "$TPM2"; then
246 HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
247 fi
248 dnl Check ld for 'relro' and 'now'
249 if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
250 HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro "
251 fi
252 if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
253 HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now "
254 fi
255 AC_SUBST([HARDENING_CFLAGS])
256 AC_SUBST([HARDENING_LDFLAGS])
257 fi
258
259 CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
260 LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
261
262 AC_CONFIG_FILES(Makefile \
263 dist/libtpms.spec \
264 include/Makefile \
265 include/libtpms/Makefile \
266 include/libtpms/tpm_library.h \
267 man/Makefile \
268 man/man3/Makefile \
269 src/Makefile \
270 libtpms.pc \
271 tests/Makefile)
272 AC_OUTPUT
273
274 if test -z "$enable_debug" ; then
275 enable_debug="no"
276 fi
277 if test -z "$with_tpm2"; then
278 with_tpm2=no
279 fi
280
281 echo
282 echo "CFLAGS=$CFLAGS"
283 echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
284 echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS"
285 echo "LDFLAGS=$LDFLAGS"
286 echo
287 echo "Version to build : $PACKAGE_VERSION"
288 echo "Crypto library : $cryptolib"
289 echo "Debug build : $enable_debug"
290 echo "With TPM2 support : $with_tpm2"
291 echo "HAVE_VERSION_SCRIPT : $have_version_script"
292 echo "Use openssl crypto for : $use_openssl_functions_for"
293 echo
294 echo
Software TPM Library