#
# Copyright (C) 2007-2017 Tobias Brunner
-# Copyright (C) 2006-2017 Andreas Steffen
+# Copyright (C) 2006-2019 Andreas Steffen
# Copyright (C) 2006-2014 Martin Willi
# HSR Hochschule fuer Technik Rapperswil
#
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.8.0])
+AC_INIT([strongSwan],[5.8.2])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
ARG_WITH_SUBST([ipsecdir], [${libexecdir%/}/ipsec], [set installation path for ipsec tools])
ARG_WITH_SUBST([ipseclibdir], [${libdir%/}/ipsec], [set installation path for ipsec libraries])
ARG_WITH_SUBST([plugindir], [${ipseclibdir%/}/plugins], [set the installation path of plugins])
-ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic librariers])
+ARG_WITH_SUBST([imcvdir], [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic libraries])
ARG_WITH_SUBST([nm-ca-dir], [/usr/share/ca-certificates], [directory the NM backend uses to look up trusted root certificates])
ARG_WITH_SUBST([swanctldir], [${sysconfdir}/swanctl], [base directory for swanctl configuration files and credentials])
ARG_WITH_SUBST([linux-headers], [\${top_srcdir}/src/include], [set directory of linux header files to use])
ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
ARG_WITH_SUBST([ipsec-script], [ipsec], [change the name of the ipsec script])
ARG_WITH_SUBST([fips-mode], [0], [set openssl FIPS mode: disabled(0), enabled(1), Suite B enabled(2)])
-ARG_WITH_SUBST([libfuzzer], [], [path to libFuzzer.a])
+ARG_WITH_SUBST([libfuzzer], [], [-fsanitize=fuzzer or path to libFuzzer.a, a local driver is used if not specified])
ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently supported values are "libcap" and "native"])
ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
ARG_WITH_SET([dev-headers], [no], [install strongSwan development headers to directory.])
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
ARG_ENABL_SET([ctr], [enables the Counter Mode wrapper crypto plugin.])
ARG_DISBL_SET([des], [disable DES/3DES software implementation plugin.])
+ARG_DISBL_SET([drbg], [disable the NIST Deterministic Random Bit Generator plugin.])
ARG_DISBL_SET([fips-prf], [disable FIPS PRF software implementation plugin.])
ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
AC_PROG_YACC
AM_PATH_PYTHON(,,[:])
AC_PATH_PROG([PERL], [perl], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
+AC_ARG_VAR([PERL], [the Perl interpreter])
AC_PATH_PROG([GPERF], [gperf], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
+AC_ARG_VAR([GPERF], [the GNU gperf program])
-# because gperf is not needed by end-users we just report it but do not abort on failure
-AC_MSG_CHECKING([gperf version >= 3.0.0])
+# because gperf is not needed by end-users we only abort if generated files don't exist
+AC_MSG_CHECKING([gperf len type])
if test -x "$GPERF"; then
- if test "`$GPERF --version | $AWK -F' ' '/^GNU gperf/ { print $3 }' | $AWK -F. '{ print $1 }'`" -ge "3"; then
- GPERF_OUTPUT="`echo foo | ${GPERF}`"
- AC_COMPILE_IFELSE(
+ GPERF_OUTPUT="`echo foo | ${GPERF}`"
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <string.h>
+ const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=size_t],
+ [AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[[#include <string.h>
- const char *in_word_set(const char*, size_t); $GPERF_OUTPUT]])],
- [GPERF_LEN_TYPE=size_t],
- [AC_COMPILE_IFELSE(
- [AC_LANG_PROGRAM(
- [[#include <string.h>
- const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
- [GPERF_LEN_TYPE=unsigned],
- [AC_MSG_ERROR([unable to determine gperf len type])]
- )]
- )
- AC_SUBST(GPERF_LEN_TYPE)
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- fi
+ const char *in_word_set(const char*, unsigned); $GPERF_OUTPUT]])],
+ [GPERF_LEN_TYPE=unsigned],
+ [AC_MSG_ERROR([unable to determine gperf len type])]
+ )]
+ )
+ AC_SUBST(GPERF_LEN_TYPE)
+ AC_MSG_RESULT([$GPERF_LEN_TYPE])
else
AC_MSG_RESULT([not found])
+ GPERF_TEST_FILE="$srcdir/src/libstrongswan/crypto/proposal/proposal_keywords_static.c"
+ if test ! -f "$GPERF_TEST_FILE"; then
+ AC_MSG_ERROR([GNU gperf required to generate e.g. $GPERF_TEST_FILE])
+ fi
fi
# ========================
)
AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
-AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo)
+AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
AC_CHECK_FUNC([syslog], [
AC_DEFINE([HAVE_SYSLOG], [], [have syslog(3) and friends])
PKG_CHECK_MODULES(tss2_esys, [tss2-esys],
[tss2_esys=true; AC_DEFINE([TSS2_ESYS], [], [use TSS2 v2 Extended System API])],
[tss2_esys=false])
- PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
- [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
- [tss2_tabrmd=false])
- PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
- [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
- [tss2_socket=false])
if test x$tss2_sys = xtrue; then
AC_DEFINE([TSS_TSS2_V2], [], [use TSS 2.0 v2 libraries])
AC_SUBST(tss2_CFLAGS, "$tss2_sys_CFLAGS")
AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
- elif test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
- AC_DEFINE([TSS_TSS2_V1], [], [use TSS 2.0 v1 libraries])
- AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
- AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
else
- AC_MSG_FAILURE([no TSS2 TCTI or SAPI libraries detected])
+ PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
+ [tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Manager])],
+ [tss2_tabrmd=false])
+ PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
+ [tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
+ [tss2_socket=false])
+ if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+ AC_DEFINE([TSS_TSS2_V1], [], [use TSS 2.0 v1 libraries])
+ AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
+ AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
+ else
+ AC_MSG_FAILURE([no TSS2 TCTI or SAPI libraries detected])
+ fi
fi
fi
fi
if test x$wolfssl = xtrue; then
- wolfssl_lib=wolfssl
- AC_CHECK_LIB([$wolfssl_lib],[wolfSSL_Init],[LIBS="$LIBS"],
- [AC_MSG_ERROR([wolfSSL lib$wolfssl_lib not found])],[$DLLIB])
- AC_SUBST(WOLFSSL_LIB, [-l$wolfssl_lib])
- AC_CHECK_HEADER([wolfssl/options.h],,[AC_MSG_ERROR([wolfSSL header wolfssl/options.h not found!])])
+ PKG_CHECK_MODULES(wolfssl, [wolfssl])
+ AC_SUBST(wolfssl_CFLAGS)
+ AC_SUBST(wolfssl_LIBS)
fi
if test x$gcrypt = xtrue; then
fi
if test x$fuzzing = xtrue; then
- if test x$libfuzzer = x; then
+ case "$libfuzzer" in
+ "")
AC_MSG_NOTICE([fuzz targets enabled without libFuzzer, using local driver])
CFLAGS="${CFLAGS} -fsanitize=address"
libfuzzer="libFuzzerLocal.a"
- else
+ ;;
+ "-fsanitize=fuzzer")
+ libfuzzer=""
+ FUZZING_CFLAGS="-fsanitize=fuzzer"
+ AC_SUBST(FUZZING_CFLAGS)
+ ;;
+ *)
# required for libFuzzer
FUZZING_LDFLAGS="-stdlib=libc++ -lstdc++"
if test "$SANITIZER" = "coverage"; then
FUZZING_LDFLAGS="$FUZZING_LDFLAGS -lm"
fi
AC_SUBST(FUZZING_LDFLAGS)
- fi
+ ;;
+ esac
fi
if test x$ruby_gems = xtrue; then
else
AC_SUBST(PYTHONEGGINSTALLDIR, "--install-dir $pythoneggdir")
fi
+ AC_PATH_PROG([TOX], [tox], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
AC_PATH_PROG([PY_TEST], [py.test], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
fi
AM_CONDITIONAL(PYTHON_EGGS_INSTALL, [test "x$python_eggs_install" = xtrue])
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
ADD_PLUGIN([ntru], [s charon scripts nm cmd])
+ADD_PLUGIN([drbg], [s charon pki scripts nm cmd])
ADD_PLUGIN([newhope], [s charon scripts nm cmd])
ADD_PLUGIN([bliss], [s charon pki scripts nm cmd])
ADD_PLUGIN([curl], [s charon scepclient pki scripts nm cmd])
AM_CONDITIONAL(USE_NTRU, test x$ntru = xtrue)
AM_CONDITIONAL(USE_NEWHOPE, test x$newhope = xtrue)
AM_CONDITIONAL(USE_BLISS, test x$bliss = xtrue)
+AM_CONDITIONAL(USE_DRBG, test x$drbg = xtrue)
# charon plugins
# ----------------
AM_CONDITIONAL(USE_RUBY_GEMS, test x$ruby_gems = xtrue)
AM_CONDITIONAL(USE_PYTHON_EGGS, test x$python_eggs = xtrue)
AM_CONDITIONAL(USE_PERL_CPAN, test x$perl_cpan = xtrue)
-AM_CONDITIONAL(USE_PY_TEST, test "x$PY_TEST" != x)
+AM_CONDITIONAL(USE_TOX, test "x$TOX" != x)
+AM_CONDITIONAL(USE_PY_TEST, test "x$PY_TEST" != x -a "x$TOX" = x)
# ========================
# set global definitions
src/libstrongswan/plugins/ccm/Makefile
src/libstrongswan/plugins/gcm/Makefile
src/libstrongswan/plugins/af_alg/Makefile
+ src/libstrongswan/plugins/drbg/Makefile
src/libstrongswan/plugins/ntru/Makefile
src/libstrongswan/plugins/bliss/Makefile
src/libstrongswan/plugins/bliss/tests/Makefile