.PHONY: config glimport
-INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./config.h -e ^./devel/ -e ^./gnulib -e ^./lib/minitasn1/ -e ^./lib/includes/gnutls/gnutls.h -e ^./lib/nettle/backport/ -e ^./lib/priority_options.h -e ^./lib/unistring/ -e ^./lib/x509/supported_exts.h -e ^./lib/build-aux/ -e ^./lib/dlwrap/ -e ^./gl/ -e ^./src/gl/ -e ^./src/.*-options.[ch] -e -args.[ch] -e asn1_tab.c -e ^./tests/suite/`
+INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./config.h -e ^./devel/ -e ^./gnulib -e ^./lib/minitasn1/ -e ^./lib/includes/gnutls/gnutls.h -e ^./lib/nettle/backport/ -e ^./lib/priority_options.h -e ^./lib/unistring/ -e ^./lib/x509/supported_exts.h -e ^./lib/build-aux/ -e ^./lib/dlwrap/ -e '^./lib/crau/' -e ^./gl/ -e ^./src/gl/ -e ^./src/.*-options.[ch] -e -args.[ch] -e asn1_tab.c -e ^./tests/suite/`
ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile)
.DEFAULT_GOAL := bootstrap
Non-SuiteB curves: $enable_non_suiteb
FIPS140 mode: $enable_fips
Strict DER time: $ac_strict_der_time
+ Audit trace: $enable_crypto_auditing
])
AC_MSG_NOTICE([Optional libraries:
;;
esac
-git ls-files -z | grep -z '\.[ch]\(.in\)\?$' | grep -z -v '^devel/' | grep -z -v '^lib/dlwrap/' | xargs -P "$parallel" -0 -n1 "$CLANG_FORMAT" $CLANG_FORMAT_ARGS
+git ls-files -z | grep -z '\.[ch]\(.in\)\?$' | grep -z -v '^devel/' | grep -z -v '^lib/dlwrap/' | grep -z -v '^lib/crau/' | xargs -P "$parallel" -0 -n1 "$CLANG_FORMAT" $CLANG_FORMAT_ARGS
exit $?
ACLOCAL_AMFLAGS = -I ../m4 -I ../gl/m4
-EXTRA_DIST = priority_options.gperf common.mk inih/LICENSE.txt dlwrap/README
+EXTRA_DIST = priority_options.gperf common.mk inih/LICENSE.txt dlwrap/README crau/LICENSE crau/UNLICENSE crau/README.md
BUILT_SOURCES = pkix_asn1_tab.c gnutls_asn1_tab.c priority_options.h
SUBDIRS = includes x509 auth ext algorithms extras accelerated
cert-session.c handshake-checks.c dtls-sw.c dh-primes.c openpgp_compat.c \
crypto-selftests.c crypto-selftests-pk.c secrets.c extv.c extv.h \
hello_ext_lib.c hello_ext_lib.h ocsp-api.c stek.c cert-cred-rawpk.c \
- iov.c iov.h system/ktls.c system/ktls.h pathbuf.c pathbuf.h
+ iov.c iov.h system/ktls.c system/ktls.h pathbuf.c pathbuf.h \
+ crau/crau.h crau/macros.h
if HAVE_ZLIB
COBJECTS += dlwrap/zlib.c dlwrap/zlibfuncs.h dlwrap/zlib.h
srp.h auth/srp_kx.h auth/srp_passwd.h \
file.h supplemental.h crypto.h random.h system.h\
locks.h mbuffers.h ecc.h pin.h fips.h \
- priority_options.h secrets.h stek.h cert-cred.h
+ priority_options.h secrets.h stek.h cert-cred.h \
+ audit.h audit_int.h
if ENABLE_PKCS11
HFILES += pkcs11_int.h pkcs11x.h
--- /dev/null
+MIT License
+
+Copyright (c) 2025 Daiki Ueno
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- /dev/null
+# crau
+
+`crau` is a small helper library to define
+[crypto-auditing][crypto-auditing] probes in C applications. The
+library shall be either statically linked or bundled into the
+application itself.
+
+## Getting started
+
+1. Define `ENABLE_CRYPTO_AUDITING` to 1, e.g., through `<config.h>`
+
+1. Include `<crau/crau.h>`. One of the C files should define
+ `CRAU_IMPLEMENTATION` to get the functions defined.
+
+1. (Optional) Customize the implementation with configuration macros,
+ e.g., `CRAU_CONTEXT_STACK_DEPTH` for your needs. See
+ `<crau/crau.h>` for the details.
+
+1. Instrument the code as follows. See `<crau/crau.h>` and
+ `<crau/macros.h>` for the documentation:
+
+```c
+/* Public key signing operation starts (but the algorithm is not known yet) */
+crau_new_context_with_data(
+ "name", CRAU_STRING, "pk::sign",
+ NULL)
+...
+/* Signing algorithm and bits are known at this point */
+crau_data(
+ "pk::algorithm", CRAU_STRING, "mldsa",
+ "pk::bits", CRAU_WORD, 1952 * 8,
+ NULL)
+
+/* Do the operation */
+sig = mldsa_sign(...);
+
+/* Pop the operation context */
+crau_pop_context();
+```
+
+## Low level macros
+
+Instead of using those helper functions (`crau_*`), it is also
+possible to directly instrument the library with `CRAU_` macros
+defined in `macros.h`:
+
+```c
+/* Public key signing operation starts (but the algorithm is not known yet) */
+CRAU_NEW_CONTEXT_WITH_DATAV(
+ (crau_context_t)this_function,
+ (crau_context_t)parent_function,
+ CRAU_STRING_DATA("name", "pk::sign"));
+...
+/* Signing algorithm and bits are known at this point */
+CRAU_DATAV(
+ (crau_context_t)this_function,
+ CRAU_STRING_DATA("pk::algorithm", "mldsa"),
+ CRAU_WORD_DATA("pk::bits", 1952 * 8))
+
+/* Do the operation */
+sig = mldsa_sign(...);
+```
+
+Note that those macros don't do context management.
+
+## License
+
+MIT or Unlicense
+
+[crypto-auditing]: https://github.com/latchset/crypto-auditing
--- /dev/null
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org/>
--- /dev/null
+/* SPDX-License-Identifier: MIT OR Unlicense */
+/* Copyright (C) 2022-2025 The crypto-auditing developers. */
+
+/* This file declares a set of high-level functions to insert probe
+ * points used for crypto-auditing into the application programs. See
+ * <crau/macros.h> for the low-level interface.
+ *
+ * As this is a header-only library, one of C files that includes
+ * this file should do:
+ *
+ * #define CRAU_IMPLEMENTATION
+ * #include "crau/crau.h"
+ *
+ * to get the necessary functions are defined.
+ *
+ * The following configuration macros can also be set to override the
+ * behavior of the implementation:
+ *
+ * * CRAU_CONTEXT_STACK_DEPTH: depth of the thread-local context stack
+ * (default: 3)
+ *
+ * * CRAU_RETURN_ADDRESS: return address of the current function
+ * (default: auto-detected)
+ *
+ * * CRAU_THREAD_LOCAL: thread-local modifier of the C language
+ * (default: auto-detected)
+ *
+ * * CRAU_MAYBE_UNUSED: an attribute to suppress warnings when a
+ * function argument is not used in the function body (default:
+ * auto-detected)
+ *
+ * Unless ENABLE_CRYPTO_AUDITING is defined, all functions turn to
+ * no-op.
+ */
+
+#ifndef CRAU_CRAU_H
+#define CRAU_CRAU_H
+
+#include <stdint.h>
+
+/* An opaque type that represents a context (e.g., TLS handshake)
+ * where crypto-auditing events occur. This should be a unique
+ * identifier within a thread.
+ */
+typedef long crau_context_t;
+
+/* A special context value used to represent a context which is
+ * automatically assigned based on the current call frame.
+ */
+#ifndef CRAU_AUTO_CONTEXT
+# ifdef __GNUC__
+# define CRAU_AUTO_CONTEXT (crau_context_t)(intptr_t)(char *)__builtin_return_address(0)
+# elif defined(__CC_ARM)
+# define CRAU_AUTO_CONTEXT (crau_context_t)(intptr_t)(char *)__return_address()
+# else
+# define CRAU_AUTO_CONTEXT CRAU_ORPHANED_CONTEXT
+# endif
+#endif /* CRAU_AUTO_CONTEXT */
+
+/* A special context value used to represent a context which is not
+ * associated with any parent nor children.
+ */
+#define CRAU_ORPHANED_CONTEXT ((crau_context_t)-1)
+
+/* Types of crypto-auditing event data. CRAU_WORD means an integer in
+ * a machine word, CRAU_STRING means a NUL-terminated
+ * string. CRAU_BLOB means an explicitly sized binary blob.
+ */
+enum crau_data_type_t {
+ CRAU_WORD,
+ CRAU_STRING,
+ CRAU_BLOB,
+};
+
+/* Push a context CONTEXT onto the thread-local context stack. If the
+ * depth of the stack exceeds CRAU_CONTEXT_STACK_DEPTH, the older
+ * element will be removed.
+ *
+ * This call shall be followed by a `crau_pop_context`.
+ */
+void crau_push_context(crau_context_t context);
+
+/* Pop a context from the thread-local context stack. If the stack is
+ * empty, it returns a CRAU_ORPHANED_CONTEXT.
+ */
+crau_context_t crau_pop_context(void);
+
+/* Return the context currently active for this thread. If there is no
+ * active context, it returns a CRAU_ORPHANED_CONTEXT.
+ */
+crau_context_t crau_current_context(void);
+
+/* Push a context CONTEXT onto the thread-local context stack,
+ * optionally emitting events through varargs.
+ *
+ * If the depth of the stack exceeds CRAU_CONTEXT_STACK_DEPTH, the
+ * older element will be removed. This call shall be followed by a
+ * `crau_pop_context`.
+ */
+void crau_push_context_with_data(crau_context_t context, ...);
+
+/* Push a new context (inferred from the current call stack) onto the
+ * thread-local context stack, optionally emitting events through
+ * varargs.
+ *
+ * Typical usage example is as follows:
+ *
+ * crau_new_context_with_data(
+ * "name", CRAU_STRING, "pk::sign",
+ * "pk::algorithm", CRAU_STRING, "mldsa",
+ * "pk::bits", CRAU_WORD, 1952 * 8,
+ * NULL);
+ *
+ * If the depth of the stack exceeds CRAU_CONTEXT_STACK_DEPTH, the
+ * older element will be removed. This call shall be followed by a
+ * `crau_pop_context`.
+ */
+#define crau_new_context_with_data(...) \
+ crau_push_context_with_data(CRAU_AUTO_CONTEXT, __VA_ARGS__)
+
+/* Emit events through varargs, under the current thread-local
+ * context. Unlike `crau_new_context_with_data`, this does not push a
+ * new context.
+ */
+void crau_data(const char *first_key_ptr, ...);
+
+#ifdef CRAU_IMPLEMENTATION
+
+#include "macros.h"
+
+/* Avoid name clash with crau_data_type_t */
+#undef CRAU_WORD
+#undef CRAU_STRING
+#undef CRAU_BLOB
+
+#include <stdarg.h>
+#include <stddef.h>
+
+# ifdef ENABLE_CRYPTO_AUDITING
+
+# ifndef CRAU_CONTEXT_STACK_DEPTH
+# define CRAU_CONTEXT_STACK_DEPTH 3
+# endif /* CRAU_CONTEXT_STACK_DEPTH */
+
+# ifndef CRAU_THREAD_LOCAL
+# ifdef thread_local
+# define CRAU_THREAD_LOCAL thread_local
+# elif __STDC_VERSION__ >= 201112L && !defined(__STDC_NO_THREADS__)
+# define CRAU_THREAD_LOCAL _Thread_local
+# elif defined(_MSC_VER)
+# define CRAU_THREAD_LOCAL __declspec(thread)
+# elif defined(__GNUC__)
+# define CRAU_THREAD_LOCAL __thread
+# else
+# error "thread_local support is required; define CRAU_THREAD_LOCAL"
+# endif
+# endif /* CRAU_THREAD_LOCAL */
+
+static CRAU_THREAD_LOCAL crau_context_t context_stack[CRAU_CONTEXT_STACK_DEPTH] = {
+ 0,
+};
+static CRAU_THREAD_LOCAL size_t context_stack_top = 0;
+
+static inline void push_context(crau_context_t context)
+{
+ context_stack[context_stack_top++ % CRAU_CONTEXT_STACK_DEPTH] = context;
+}
+
+void crau_push_context(crau_context_t context)
+{
+ CRAU_NEW_CONTEXT(context, crau_current_context());
+ push_context(context);
+}
+
+crau_context_t crau_pop_context(void)
+{
+ return context_stack_top == 0 ? CRAU_ORPHANED_CONTEXT : context_stack[--context_stack_top];
+}
+
+crau_context_t crau_current_context(void)
+{
+ return context_stack_top == 0 ? CRAU_ORPHANED_CONTEXT : context_stack[context_stack_top - 1];
+}
+
+static inline unsigned long
+crau_accumulate_datav(struct crypto_auditing_data data[CRAU_MAX_DATA_ELEMS],
+ va_list ap,
+ char *key_ptr)
+{
+ unsigned long count = 0;
+
+ for (; key_ptr != NULL && count < CRAU_MAX_DATA_ELEMS;
+ key_ptr = va_arg(ap, char *), count++) {
+ data[count].key_ptr = key_ptr;
+
+ switch (va_arg(ap, enum crau_data_type_t)) {
+ case CRAU_WORD:
+ data[count].value_ptr = (void *)va_arg(ap, intptr_t);
+ data[count].value_size = (unsigned long)-2;
+ break;
+ case CRAU_STRING:
+ data[count].value_ptr = (void *)va_arg(ap, char *);
+ data[count].value_size = (unsigned long)-1;
+ break;
+ case CRAU_BLOB:
+ data[count].value_ptr = va_arg(ap, void *);
+ data[count].value_size = va_arg(ap, unsigned long);
+ break;
+ }
+ }
+
+ return count;
+}
+
+void crau_push_context_with_data(crau_context_t context, ...)
+{
+ struct crypto_auditing_data data[CRAU_MAX_DATA_ELEMS];
+ unsigned long count;
+ va_list ap;
+
+ va_start(ap, context);
+ count = crau_accumulate_datav(data, ap, va_arg(ap, char *));
+ va_end(ap);
+
+ CRAU_NEW_CONTEXT_WITH_DATA(context, crau_current_context(), data,
+ count);
+ push_context(context);
+}
+
+void crau_data(const char *first_key_ptr, ...)
+{
+ struct crypto_auditing_data data[CRAU_MAX_DATA_ELEMS];
+ size_t count;
+ va_list ap;
+
+ va_start(ap, first_key_ptr);
+ count = crau_accumulate_datav(data, ap, (char *)first_key_ptr);
+ va_end(ap);
+
+ CRAU_DATA(crau_current_context(), data, count);
+}
+
+# else
+
+# ifndef CRAU_MAYBE_UNUSED
+# if defined(__has_c_attribute) && \
+ __has_c_attribute (__maybe_unused__)
+# define CRAU_MAYBE_UNUSED [[__maybe_unused__]]
+# elif defined(__GNUC__)
+# define CRAU_MAYBE_UNUSED __attribute__((__unused__))
+# endif
+# endif /* CRAU_MAYBE_UNUSED */
+
+void crau_push_context(crau_context_t context CRAU_MAYBE_UNUSED)
+{
+}
+
+crau_context_t crau_pop_context(void)
+{
+ return CRAU_ORPHANED_CONTEXT;
+}
+
+crau_context_t crau_current_context(void)
+{
+ return CRAU_ORPHANED_CONTEXT;
+}
+
+void crau_push_context_with_data(crau_context_t context CRAU_MAYBE_UNUSED, ...)
+{
+}
+
+void crau_data(const char *first_key_ptr CRAU_MAYBE_UNUSED, ...)
+{
+}
+
+# endif /* ENABLE_CRYPTO_AUDITING */
+
+#endif /* CRAU_IMPLEMENTATION */
+
+#endif /* CRAU_CRAU_H */
--- /dev/null
+/* SPDX-License-Identifier: MIT OR Unlicense */
+/* Copyright (C) 2022-2025 The crypto-auditing developers. */
+
+/* This file defines a set of low-level macros to insert probe points
+ * used for crypto-auditing into the application programs. See
+ * <crau/crau.h> for a higher-level and more ergonomic interface.
+ *
+ * Unless ENABLE_CRYPTO_AUDITING is defined, all macros turn to no-op.
+ */
+
+#ifndef CRAU_MACROS_H
+#define CRAU_MACROS_H
+
+#ifdef ENABLE_CRYPTO_AUDITING
+
+#ifdef HAVE_SYS_SDT_H
+#include <sys/sdt.h>
+#endif
+
+/* Introduce a new context CONTEXT, derived from the parent context PARENT.
+ */
+#define CRAU_NEW_CONTEXT(context, parent) \
+ DTRACE_PROBE2(crypto_auditing, new_context, context, parent)
+
+/* Emit an event with KEY and VALUE. The key is a NUL-terminated
+ * string, while the value is an integer in the size of a machine
+ * word.
+ */
+#define CRAU_WORD_DATA(context, key_ptr, value_ptr) \
+ DTRACE_PROBE3(crypto_auditing, word_data, context, key_ptr, value_ptr)
+
+/* Emit an event with KEY and VALUE. The key is a NUL-terminated
+ * string, while the value is also a NUL-terminated string.
+ */
+#define CRAU_STRING_DATA(context, key_ptr, value_ptr) \
+ DTRACE_PROBE3(crypto_auditing, string_data, context, key_ptr, value_ptr)
+
+/* Emit an event with KEY and VALUE. The key is a NUL-terminated
+ * string, while the value is explicitly sized binary blob of the
+ * VALUE_SIZE size.
+ */
+#define CRAU_BLOB_DATA(context, key_ptr, value_ptr, value_size) \
+ DTRACE_PROBE4(crypto_auditing, blob_data, context, key_ptr, value_ptr, \
+ value_size)
+
+/* Generic data structure that represents an event. The KEY_PTR field
+ * points to the name of the event key, and the VALUE_PTR field points
+ * to the value.
+ *
+ * The VALUE_SIZE field is set depending on the type of the value. If
+ * the value is a machine word, it is set to 0xfffffffe (= -2). If
+ * the value is a NUL-terminated string, it is set to 0xffffffff (=
+ * -1). Otherwise, it is set to the actual size of the value.
+ */
+struct crypto_auditing_data {
+ char *key_ptr;
+ void *value_ptr;
+ unsigned long value_size;
+};
+
+#define CRAU_WORD(key_ptr, value_ptr) \
+ { (char *)(key_ptr), (void *)(intptr_t)(value_ptr), (unsigned long)-2 }
+#define CRAU_STRING(key_ptr, value_ptr) \
+ { (char *)(key_ptr), (void *)(value_ptr), (unsigned long)-1 }
+#define CRAU_BLOB(key_ptr, value_ptr, value_size) \
+ { (char *)(key_ptr), (void *)(value_ptr), value_size }
+
+/* The maximum number of events which can be emitted at once. */
+#define CRAU_MAX_DATA_ELEMS 16
+
+/* Emit multiple events at once.
+ */
+#define CRAU_DATA(context, array_ptr, array_size) \
+ DTRACE_PROBE3(crypto_auditing, data, context, array_ptr, array_size)
+
+/* Emit multiple events at once through varargs.
+ */
+#define CRAU_DATAV(context, ...) \
+ ({ \
+ struct crypto_auditing_data __crau_data[] = { __VA_ARGS__ }; \
+ CRAU_DATA(context, __crau_data, \
+ sizeof(__crau_data) / sizeof(__crau_data[0])); \
+ })
+
+/* Introduce a new context CONTEXT, derived from PARENT, with optional
+ * events to be emitted.
+ */
+#define CRAU_NEW_CONTEXT_WITH_DATA(context, parent, array_ptr, array_size) \
+ DTRACE_PROBE4(crypto_auditing, new_context_with_data, context, parent, \
+ array_ptr, array_size)
+
+/* Introduce a new context CONTEXT, derived from PARENT, with optional
+ * events to be emitted, through varargs.
+ */
+#define CRAU_NEW_CONTEXT_WITH_DATAV(context, parent, ...) \
+ ({ \
+ struct crypto_auditing_data __crau_data[] = { __VA_ARGS__ }; \
+ CRAU_NEW_CONTEXT_WITH_DATA(context, parent, __crau_data, \
+ sizeof(__crau_data) / \
+ sizeof(__crau_data[0])); \
+ })
+
+#else
+
+#define CRAU_NEW_CONTEXT(context, parent)
+#define CRAU_WORD_DATA(context, key_ptr, value_ptr)
+#define CRAU_STRING_DATA(context, key_ptr, value_ptr)
+#define CRAU_BLOB_DATA(context, key_ptr, value_ptr, value_size)
+#define CRAU_WORD(key_ptr, value_ptr)
+#define CRAU_STRING(key_ptr, value_ptr)
+#define CRAU_BLOB(key_ptr, value_ptr, value_size)
+#define CRAU_DATA(context, array_ptr, array_size)
+#define CRAU_DATAV(context, ...)
+#define CRAU_NEW_CONTEXT_WITH_DATA(context, parent, array_ptr, array_size)
+#define CRAU_NEW_CONTEXT_WITH_DATAV(context, parent, ...)
+
+#endif /* ENABLE_CRYPTO_AUDITING */
+
+#endif /* CRAU_MACROS_H */
#include "pkcs11/p11_provider.h"
#endif
+#define CRAU_IMPLEMENTATION 1
+#define CRAU_CONTEXT_STACK_DEPTH 8
+#include "crau/crau.h"
+
/* Minimum library versions we accept. */
#define GNUTLS_MIN_LIBTASN1_VERSION "0.3.4"
#endif
_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
+
ret = 0;
out:
fi
AM_CONDITIONAL(ENABLE_OCSP, test "$ac_enable_ocsp" != "no")
+ # For crypto-auditing trace
+ AC_MSG_CHECKING([whether to disable crypto-auditing trace support])
+ AC_ARG_ENABLE([crypto-auditing],
+ [AS_HELP_STRING([--disable-crypto-auditing],
+ [disable crypto-auditing trace support])],
+ [enable_crypto_auditing=$enableval], [enable_crypto_auditing=auto])
+ AC_MSG_RESULT([$enable_crypto_auditing])
+ AS_IF([test "$enable_crypto_auditing" != "no"],
+ [AC_CHECK_HEADERS([sys/sdt.h], [enable_crypto_auditing=yes],
+ [AS_CASE([$enable_crypto_auditing],
+ [yes], [AC_MSG_ERROR([<sys/sdt.h> not found])],
+ [*], [enable_crypto_auditing=no])])])
+ AS_IF([test "$enable_crypto_auditing" = "yes"],
+ [AC_DEFINE([ENABLE_CRYPTO_AUDITING], [1], [enable crypto-auditing trace])])
+ AM_CONDITIONAL([ENABLE_CRYPTO_AUDITING], [test "$enable_crypto_auditing" = "yes"])
+
# For storing integers in pointers without warnings
# https://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc
AC_CHECK_SIZEOF(void *)
projects / thirdparty / gnutls.git / commitdiff
