#
# See the LICENSE file for the license associated with this file.
-AC_INIT([libtpms], [0.7.0])
-AC_PREREQ(2.12)
+AC_INIT([libtpms],[0.9.6])
+AC_PREREQ([2.69])
AC_CONFIG_SRCDIR(Makefile.am)
AC_CONFIG_AUX_DIR([.])
-AM_CONFIG_HEADER(config.h)
+AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
AC_CANONICAL_TARGET
AM_INIT_AUTOMAKE([foreign 1.6 subdir-objects])
+AM_SILENT_RULES([yes])
LIBTPMS_VER_MAJOR=`echo $PACKAGE_VERSION | awk -F. '{print $1}'`
LIBTPMS_VER_MINOR=`echo $PACKAGE_VERSION | awk -F. '{print $2}'`
DEBUG=""
AC_MSG_CHECKING([for debug-enabled build])
-AC_ARG_ENABLE(debug, AC_HELP_STRING([--enable-debug], [create a debug build]),
+AC_ARG_ENABLE(debug, AS_HELP_STRING([--enable-debug],[create a debug build]),
[if test "$enableval" = "yes"; then
DEBUG="yes"
AC_MSG_RESULT([yes])
AM_CONDITIONAL([HAVE_VERSION_SCRIPT], [test "x$have_version_script" = "xyes"])
-cryptolib=freebl
+AC_ARG_WITH([tpm1],
+ AS_HELP_STRING([--with-tpm1], [build libtpms with TPM 1.2 support]), [], [with_tpm1=yes])
+AM_CONDITIONAL([WITH_TPM1], [test "x$with_tpm1" != "xno"])
+AS_IF([test "x$with_tpm1" != "xno"], [
+ AC_DEFINE([WITH_TPM1], [1], [With TPM 1.2 support])
+ AC_SUBST([WITH_TPM1], [1])
+])
+
+AC_ARG_WITH([tpm2],
+ AS_HELP_STRING([--with-tpm2],[build libtpms with TPM2 support]),
+ [],
+ [with_tpm2=yes]
+)
+AS_IF([test "x$with_tpm2" = xyes], [
+ AC_MSG_RESULT([Building with TPM2 support])
+ AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2])
+ AC_SUBST([WITH_TPM2], [1])
+ AM_CONDITIONAL(WITH_TPM2, true)
+ cryptolib=openssl
+], [
+ AM_CONDITIONAL(WITH_TPM2, false)
+ cryptolib=freebl
+])
+
AC_SUBST(cryptolib, $cryptolib)
AC_ARG_WITH([openssl],
- AC_HELP_STRING([--with-openssl],
- [build libtpms with openssl library]),
+ AS_HELP_STRING([--with-openssl],[build libtpms with openssl library]),
[AC_CHECK_LIB(crypto,
[AES_set_encrypt_key],
[],
[])
LIBS="$LIBS_save"
CFLAGS="$CFLAGS_save $CFLAGS"
+ enable_use_openssl_functions=no
;;
openssl)
AM_CONDITIONAL(LIBTPMS_USE_FREEBL, false)
AC_DEFINE([USE_OPENSSL_CRYPTO_LIBRARY],
[1],
[use openssl crypto library])
+ LIBCRYPTO_EXTRA_CFLAGS="-DOPENSSL_SUPPRESS_DEPRECATED"
+ AC_SUBST([LIBCRYPTO_EXTRA_CFLAGS])
;;
esac
-AC_ARG_WITH([tpm2],
- AC_HELP_STRING([--with-tpm2],
- [build libtpms with TPM2 support (experimental)]),
- AC_MSG_RESULT([Building with TPM2 support])
- if test "x$cryptolib" = "xfreebl"; then
- AC_MSG_ERROR([TPM2 support requires openssl crypto library])
- fi
- AC_DEFINE_UNQUOTED([WITH_TPM2], 1, [whether to support TPM2])
- AM_CONDITIONAL(WITH_TPM2, true),
- AM_CONDITIONAL(WITH_TPM2, false)
-)
-
use_openssl_functions_for=""
use_openssl_functions_symmetric=0
use_openssl_functions_ec=0
if test "x$cryptolib" != "xopenssl"; then
AC_MSG_ERROR([OpenSSL crypto function usage requires openssl as crypto library])
fi
+ LIBS_save=$LIBS
# Check for symmetric key crypto functions
not_found=0
AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_new],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_EncryptInit_ex],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_aes_128_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_des_ede3_cbc],, not_found=1)
+ AC_CHECK_LIB([crypto], [EVP_camellia_128_cbc],, not_found=1)
AC_CHECK_LIB([crypto], [DES_random_key],, not_found=1)
+ AC_CHECK_LIB([crypto], [EVP_CIPHER_CTX_iv],, not_found=1)
if test "x$not_found" = "x0"; then
use_openssl_functions_symmetric=1
use_openssl_functions_for="symmetric (AES, TDES) "
AC_CHECK_LIB([crypto], [RSA_set0_key],, not_found=1)
AC_CHECK_LIB([crypto], [RSA_set0_factors],, not_found=1)
AC_CHECK_LIB([crypto], [RSA_set0_crt_params],, not_found=1)
+ AC_CHECK_LIB([crypto], [RSA_generate_key_ex],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_new],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_assign],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_encrypt_init],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_verify_init],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_PKEY_verify],, not_found=1)
AC_CHECK_LIB([crypto], [EVP_get_digestbyname],, not_found=1)
+ # OpenSSL 3.0 turned some #defines into functions
+ AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set0_rsa_oaep_label],,
+ AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set0_rsa_oaep_label],, not_found=1)
+ )
+ AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_padding],,
+ AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_rsa_padding],, not_found=1)
+ )
+ AX_CHECK_DEFINE([<openssl/rsa.h>], [EVP_PKEY_CTX_set_rsa_oaep_md],,
+ AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_rsa_oaep_md],, not_found=1)
+ )
+ AX_CHECK_DEFINE([<openssl/evp.h>], [EVP_PKEY_CTX_set_signature_md],,
+ AC_CHECK_LIB([crypto], [EVP_PKEY_CTX_set_signature_md],, not_found=1)
+ )
if test "x$not_found" = "x0"; then
use_openssl_functions_rsa=1
use_openssl_functions_for="${use_openssl_functions_for}RSA "
fi
+ LIBS=$LIBS_save
])
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_SYMMETRIC=$use_openssl_functions_symmetric"
CFLAGS="$CFLAGS -DUSE_OPENSSL_FUNCTIONS_EC=$use_openssl_functions_ec"
AC_PROG_CC
AC_PROG_CXX
AC_PROG_INSTALL
-AC_PROG_LIBTOOL
+LT_INIT
#AM_GNU_GETTEXT_VERSION([0.15])
#AM_GNU_GETTEXT([external])
-AC_HEADER_STDC
AC_C_CONST
AC_C_INLINE
AS_HELP_STRING([--disable-hardening], [Disable hardening flags]))
if test "x$enable_hardening" != "xno"; then
- # Some versions of gcc fail with -Wstack-protector enabled
- TMP="$($CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>&1)"
- if echo $TMP | $GREP 'unrecognized command line option' >/dev/null; then
- HARDENING_CFLAGS="-fstack-protector "
+ # Some versions of gcc fail with -Wstack-protector,
+ # some with -Wstack-protector-strong enabled
+ if ! $CC -fstack-protector-strong $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then
+ if $CC -fstack-protector $srcdir/include/libtpms/tpm_error.h 2>/dev/null; then
+ HARDENING_CFLAGS="-fstack-protector "
+ fi
else
HARDENING_CFLAGS="-fstack-protector-strong "
fi
- dnl Must not have -O0 but must have a -O for -D_FORTIFY_SOURCE=2
- TMP1="$(echo $CFLAGS | sed -n 's/.*\(-O0\).*/\1/p')"
- TMP2="$(echo $CFLAGS | sed -n 's/.*\(-O\).*/\1/p')"
- if test -z "$TMP1" && test -n "$TPM2"; then
- HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2 "
- fi
- dnl Check ld for 'relro' and 'now'
- if $LD --help 2>&1 | $GREP '\-z relro ' > /dev/null; then
- HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro "
- fi
- if $LD --help 2>&1 | $GREP '\-z now ' > /dev/null; then
- HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now "
+ dnl Only support -D_FORTIFY_SOURCE=2 and have higher levels passed in by user
+ dnl since they may create more overhead
+ if $CC $CFLAGS -Werror -D_FORTIFY_SOURCE=2 $srcdir/include/libtpms/tpm_library.h 2>/dev/null; then
+ HARDENING_CFLAGS="$HARDENING_CFLAGS -D_FORTIFY_SOURCE=2"
fi
+ dnl Check linker for 'relro' and 'now'
+ save_CFLAGS="$CFLAGS"
+ CFLAGS="-Wl,-z,relro -Werror"
+ AC_MSG_CHECKING([whether linker supports -Wl,-z,relro])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[int main() { return 0; }]])],
+ [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,relro"
+ AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(no)]
+ )
+ CFLAGS="-Wl,-z,now -Werror"
+ AC_MSG_CHECKING([whether linker supports -Wl,-z,now])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[int main() { return 0; }]])],
+ [HARDENING_LDFLAGS="$HARDENING_LDFLAGS -Wl,-z,now"
+ AC_MSG_RESULT(yes)],
+ [AC_MSG_RESULT(no)]
+ )
+ CFLAGS="$save_CFLAGS"
AC_SUBST([HARDENING_CFLAGS])
AC_SUBST([HARDENING_LDFLAGS])
fi
-CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign"
-LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
+AM_CFLAGS="$CFLAGS $COVERAGE_CFLAGS -Wall -Werror -Wreturn-type -Wsign-compare -Wno-self-assign -Wmissing-prototypes"
+AM_CFLAGS="$AM_CFLAGS"
+AM_LDFLAGS="$LDFLAGS $COVERAGE_LDFLAGS"
+
+AC_SUBST([AM_CFLAGS])
+AC_SUBST([AM_LDFLAGS])
AC_CONFIG_FILES(Makefile \
dist/libtpms.spec \
src/Makefile \
libtpms.pc \
tests/Makefile)
+PKG_INSTALLDIR()
AC_OUTPUT
if test -z "$enable_debug" ; then
fi
echo
-echo "CFLAGS=$CFLAGS"
+echo "AM_CFLAGS=$AM_CFLAGS"
echo "HARDENING_CFLAGS=$HARDENING_CFLAGS"
echo "HARDENING_LDFLAGS=$HARDENING_LDFLAGS"
-echo "LDFLAGS=$LDFLAGS"
+echo "AM_LDFLAGS=$AM_LDFLAGS"
echo
echo "Version to build : $PACKAGE_VERSION"
echo "Crypto library : $cryptolib"
echo "Debug build : $enable_debug"
+echo "With TPM1.2 support : $with_tpm1"
echo "With TPM2 support : $with_tpm2"
echo "HAVE_VERSION_SCRIPT : $have_version_script"
echo "Use openssl crypto for : $use_openssl_functions_for"