#
# Copyright (C) 2007-2017 Tobias Brunner
-# Copyright (C) 2006-2017 Andreas Steffen
+# Copyright (C) 2006-2019 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
# HSR Hochschule fuer Technik Rapperswil
#
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.8.0dr2])
+AC_INIT([strongSwan],[5.8.2])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
ARG_WITH_SUBST([ipsecdir], [${libexecdir%/}/ipsec], [set installation path for ipsec tools])
ARG_WITH_SUBST([ipseclibdir], [${libdir%/}/ipsec], [set installation path for ipsec libraries])
ARG_WITH_SUBST([plugindir], [${ipseclibdir%/}/plugins], [set the installation path of plugins])
-ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic librariers])
+ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic libraries])
ARG_WITH_SUBST([nm-ca-dir], [/usr/share/ca-certificates], [directory the NM backend uses to look up trusted root certificates])
ARG_WITH_SUBST([swanctldir], [${sysconfdir}/swanctl], [base directory for swanctl configuration files and credentials])
ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set directory of linux header files to use])
ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
ARG_WITH_SUBST([ipsec-script], [ipsec], [change the name of the ipsec script])
ARG_WITH_SUBST([fips-mode], [0], [set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2)])
-ARG_WITH_SUBST([libfuzzer], [], [path to libFuzzer.a])
+ARG_WITH_SUBST([libfuzzer], [], [-fsanitize=fuzzer or path to libFuzzer.a, a local driver is used if not specified])
ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.])
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.])
ARG_DISBL_SET([des], [disable DES/3DES software implementation plugin.])
+ARG_DISBL_SET([drbg], [disable the NIST Deterministic Random Bit Generator plugin.])
ARG_DISBL_SET([fips-prf], [disable FIPS PRF software implementation plugin.])
ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
ARG_DISBL_SET([nonce], [disable nonce generation plugin.])
ARG_ENABL_SET([ntru], [enables the NTRU crypto plugin.])
ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.])
+ARG_ENABL_SET([wolfssl], [enables the wolfSSL crypto plugin.])
ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.])
ARG_DISBL_SET([random], [disable RNG implementation on top of /dev/(u)random.])
ARG_DISBL_SET([rc2], [disable RC2 software implementation plugin.])
AC_PROG_YACC
AM_PATH_PYTHON(,,[:])
AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
+AC_ARG_VAR([PERL], [the Perl interpreter])
AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
+AC_ARG_VAR([GPERF], [the GNU gperf program])
-# because gperf is not needed by end-users we just report it but do not abort on failure
-AC_MSG_CHECKING([gperf version >= 3.0.0])
+# because gperf is not needed by end-users we only abort if generated files don't exist
+AC_MSG_CHECKING([gperf len type])
if test -x "$GPERF"; then
- if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then
- GPERF_OUTPUT="`echo foo | ${GPERF}`"
- AC_COMPILE_IFELSE(
+ GPERF_OUTPUT="`echo foo | ${GPERF}`"
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=size_t],
+ [AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <string.h>
- const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
- [GPERF_LEN_TYPE=size_t],
- [AC_COMPILE_IFELSE(
- [AC_LANG_PROGRAM(
- [[#include <string.h>
- const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
- [GPERF_LEN_TYPE=unsigned],
- [AC_MSG_ERROR([unable to determine gperf len type])]
- )]
- )
- AC_SUBST(GPERF_LEN_TYPE)
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- fi
+ const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=unsigned],
+ [AC_MSG_ERROR([unable to determine gperf len type])]
+ )]
+ )
+ AC_SUBST(GPERF_LEN_TYPE)
+ AC_MSG_RESULT([$GPERF_LEN_TYPE])
else
AC_MSG_RESULT([not found])
+ GPERF_TEST_FILE="$srcdir/src/libstrongswan/crypto/proposal/proposal_keywords_static.c"
+ if test ! -f "$GPERF_TEST_FILE"; then
+ AC_MSG_ERROR([GNU gperf required to generate e.g. $GPERF_TEST_FILE])
+ fi
fi
# ========================
fi
if test x$fips_prf = xtrue; then
- if test x$openssl = xfalse; then
+ if test x$openssl = xfalse -a x$wolfssl = xfalse; then
sha1=true;
fi
fi
)
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
-AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo)
+AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
AC_CHECK_FUNC([syslog], [
AC_DEFINE([HAVE_SYSLOG], [], [have syslog(3) and friends])
PKG_CHECK_MODULES(tss2_esys, [tss2-esys],
[tss2_esys=true; AC_DEFINE([TSS2_ESYS], [], [use TSS2 v2 Extended System API])],
[tss2_esys=false])
- PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
- [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
- [tss2_tabrmd=false])
- PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
- [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
- [tss2_socket=false])
if test x$tss2_sys = xtrue; then
AC_DEFINE([TSS_TSS2_V2], [], [use TSS 2.0 v2 libraries])
AC_SUBST(tss2_CFLAGS, "$tss2_sys_CFLAGS")
AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
- elif test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
- AC_DEFINE([TSS_TSS2_V1], [], [use TSS 2.0 v1 libraries])
- AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
- AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
else
- AC_MSG_FAILURE([no TSS2 TCTI or SAPI libraries detected])
+ PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
+ [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Manager])],
+ [tss2_tabrmd=false])
+ PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
+ [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
+ [tss2_socket=false])
+ if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+ AC_DEFINE([TSS_TSS2_V1], [], [use TSS 2.0 v1 libraries])
+ AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
+ AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
+ else
+ AC_MSG_FAILURE([no TSS2 TCTI or SAPI libraries detected])
+ fi
fi
fi
AC_CHECK_HEADER([openssl/evp.h],,[AC_MSG_ERROR([OpenSSL header openssl/evp.h not found!])])
fi
+if test x$wolfssl = xtrue; then
+ PKG_CHECK_MODULES(wolfssl, [wolfssl])
+ AC_SUBST(wolfssl_CFLAGS)
+ AC_SUBST(wolfssl_LIBS)
+fi
+
if test x$gcrypt = xtrue; then
AC_CHECK_LIB([gcrypt],[gcry_control],[LIBS="$LIBS"],[AC_MSG_ERROR([gcrypt library not found])],[-lgpg-error])
AC_CHECK_HEADER([gcrypt.h],,[AC_MSG_ERROR([gcrypt header gcrypt.h not found!])])
fi
if test x$fuzzing = xtrue; then
- if test x$libfuzzer = x; then
+ case "$libfuzzer" in
+ "")
AC_MSG_NOTICE([fuzz targets enabled without libFuzzer, using local driver])
CFLAGS="${CFLAGS} -fsanitize=address"
libfuzzer="libFuzzerLocal.a"
- else
+ ;;
+ "-fsanitize=fuzzer")
+ libfuzzer=""
+ FUZZING_CFLAGS="-fsanitize=fuzzer"
+ AC_SUBST(FUZZING_CFLAGS)
+ ;;
+ *)
# required for libFuzzer
FUZZING_LDFLAGS="-stdlib=libc++ -lstdc++"
if test "$SANITIZER" = "coverage"; then
FUZZING_LDFLAGS="$FUZZING_LDFLAGS -lm"
fi
AC_SUBST(FUZZING_LDFLAGS)
- fi
+ ;;
+ esac
fi
if test x$ruby_gems = xtrue; then
else
AC_SUBST(PYTHONEGGINSTALLDIR, "--install-dir $pythoneggdir")
fi
+ AC_PATH_PROG([TOX], [tox], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
AC_PATH_PROG([PY_TEST], [py.test], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
fi
AM_CONDITIONAL(PYTHON_EGGS_INSTALL, [test "x$python_eggs_install" = xtrue])
ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([padlock], [s charon])
ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([wolfssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([botan], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
ADD_PLUGIN([ntru], [s charon scripts nm cmd])
+ADD_PLUGIN([drbg], [s charon pki scripts nm cmd])
ADD_PLUGIN([newhope], [s charon scripts nm cmd])
ADD_PLUGIN([bliss], [s charon pki scripts nm cmd])
ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue)
AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue)
+AM_CONDITIONAL(USE_WOLFSSL, test x$wolfssl = xtrue)
AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue)
AM_CONDITIONAL(USE_BOTAN, test x$botan = xtrue)
AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue)
AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue)
AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
+AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
# charon plugins
# ----------------
AM_CONDITIONAL(USE_RUBY_GEMS, test x$ruby_gems = xtrue)
AM_CONDITIONAL(USE_PYTHON_EGGS, test x$python_eggs = xtrue)
AM_CONDITIONAL(USE_PERL_CPAN, test x$perl_cpan = xtrue)
-AM_CONDITIONAL(USE_PY_TEST, test "x$PY_TEST" != x)
+AM_CONDITIONAL(USE_TOX, test "x$TOX" != x)
+AM_CONDITIONAL(USE_PY_TEST, test "x$PY_TEST" != x -a "x$TOX" = x)
# ========================
# set global definitions
man/Makefile
init/Makefile
init/systemd/Makefile
- init/systemd-swanctl/Makefile
+ init/systemd-starter/Makefile
src/Makefile
src/include/Makefile
src/libstrongswan/Makefile
src/libstrongswan/plugins/sqlite/Makefile
src/libstrongswan/plugins/padlock/Makefile
src/libstrongswan/plugins/openssl/Makefile
+ src/libstrongswan/plugins/wolfssl/Makefile
src/libstrongswan/plugins/gcrypt/Makefile
src/libstrongswan/plugins/botan/Makefile
src/libstrongswan/plugins/agent/Makefile
src/libstrongswan/plugins/ccm/Makefile
src/libstrongswan/plugins/gcm/Makefile
src/libstrongswan/plugins/af_alg/Makefile
+ src/libstrongswan/plugins/drbg/Makefile
src/libstrongswan/plugins/ntru/Makefile
src/libstrongswan/plugins/bliss/Makefile
src/libstrongswan/plugins/bliss/tests/Makefile