-
Notifications
You must be signed in to change notification settings - Fork 15
/
configure.ac
177 lines (147 loc) · 5.44 KB
/
configure.ac
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
# See autoconf and autoscan online documentation for details.
AC_INIT([openssl-ibmca], [2.4.1], [https://github.com/opencryptoki/openssl-ibmca/issues],[],[https://github.com/opencryptoki/openssl-ibmca])
AC_CONFIG_SRCDIR([src/engine/e_ibmca.c]) # sanity check
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_AUX_DIR([build-aux])
AM_INIT_AUTOMAKE([foreign])
AC_PATH_PROG([CHMOD], [chmod], [/bin/chmod])
logdir=/tmp
AC_SUBST(logdir)
# Cmdline arguments.
AC_ARG_ENABLE([debug],
[AS_HELP_STRING([--enable-debug], [turn on debugging flags (default is off)])],
[enable_debug="yes"],)
if test "x$enable_debug" == "xyes"; then
CFLAGS="$CFLAGS -O0 -g -DDEBUG -Wall"
AC_MSG_RESULT([*** Enabling debugging at user request ***])
else
CFLAGS="$CFLAGS -O2 -Wall"
fi
AC_ARG_ENABLE([engine],
[AS_HELP_STRING([--enable-engine], [build IBMCA engine (OpenSSL 1.1.1, default is yes)])],
[if test "x$enableval" = "xyes" ; then
enable_engine="yes"
else
enable_engine="no"
fi],
[enable_engine="yes"])
AC_ARG_ENABLE([provider],
[AS_HELP_STRING([--enable-provider], [build IBMCA provider (OpenSSL >= 3.0, default is yes if built against OpenSSL 3.0 or later, else the default is false)])],
[if test "x$enableval" = "xyes" ; then
enable_provider="yes"
else
enable_provider="no"
fi],
[enable_provider="check"])
# Checks for programs.
AC_DISABLE_STATIC
AC_PROG_CC
LT_INIT
dnl --- check for perl
AC_PATH_PROG(PERL, perl)
if test -z "$PERL" ; then
AC_MSG_ERROR([Please install perl])
fi
AC_MSG_CHECKING([if perl module 'FindBin' is installed])
(echo "use FindBin;" ; echo "exit(0);") | $PERL > /dev/null 2>&1
if test $? != 0 ; then
AC_MSG_RESULT(no)
AC_MSG_ERROR([Please install perl-FindBin])
fi
AC_MSG_RESULT(yes)
# Checks for libraries.
AC_CHECK_LIB([crypto], [RAND_add], [], AC_MSG_ERROR([*** openssl >= 1.1.1 is required ***]))
AC_CHECK_LIB([crypto], [OSSL_LIB_CTX_new], [openssl_3_0="yes"], [openssl_3_0="no"])
# Checks for header files.
AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stddef.h stdlib.h \
string.h strings.h sys/ioctl.h sys/param.h sys/socket.h sys/time.h unistd.h])
AC_CHECK_HEADER([ica_api.h], [], AC_MSG_ERROR([*** libica-devel >= 3.6.0 is required ***]))
# Checks for typedefs, structures, and compiler characteristics.
AC_HEADER_STDBOOL
AC_C_INLINE
AC_TYPE_SIZE_T
AC_TYPE_SSIZE_T
# Checks for library functions.
AC_CHECK_FUNCS([gethostbyaddr gethostbyname memset strcasecmp strncasecmp strstr malloc])
AC_CHECK_DECLS([ICA_FLAG_DHW,DES_ECB], [],
AC_MSG_ERROR([*** libica-devel >= 3.6.0 are required ***]),
[#include <ica_api.h>])
AC_CHECK_DECLS([OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION],
[openssl_implicit_rejection="yes"], [openssl_implicit_rejection="no"],
[#include <openssl/core_names.h>])
AM_CONDITIONAL([OPENSSL_IMPLICIT_REJECTION], [test "x$openssl_implicit_rejection" = xyes])
AC_ARG_WITH([libica-cex],
[AS_HELP_STRING([--with-libica-cex],[Use libica-cex as default library for the IBMCA engine])],
[usecexonly=${withval}],
[])
AC_ARG_WITH([libica-version],
[AS_HELP_STRING([--with-libica-version],[Use specified libica major version (defaults to 4)])],
[libicaversion=${withval}],
[libicaversion=4])
if test "x$usecexonly" = xyes; then
defaultlib="libica-cex.so.$libicaversion"
ica="ica-cex"
else
defaultlib="libica.so.$libicaversion"
ica="ica"
fi
# In cex-only mode, testing the ciphers does not make any sense since
# they will fall back to OpenSSL without the engine. So remove these
# tests from that build.
AM_CONDITIONAL([FULL_LIBICA], [test "x$usecexonly" != xyes])
AC_ARG_WITH([provider-libica-full],
[AS_HELP_STRING([--with-provider-libica-full],[Use the full libica as library for the IBMCA provider])],
[useproviderfulllibica=${withval}],
[])
AM_CONDITIONAL([PROVIDER_FULL_LIBICA], [test "x$useproviderfulllibica" = xyes])
AC_SUBST(libicaversion, "$libicaversion")
# If compiled against OpenSSL 3.0 or later, build the provider unless
# explicitely disabled.
# If build against OpenSSL 1.1.1, we can not build the provider.
if test "x$openssl_3_0" = xyes; then
if test "x$enable_provider" != xno; then
enable_provider=yes
fi
else
if test "x$enable_provider" = xyes; then
AC_MSG_ERROR([*** openssl >= 3.0 is required to build the IBMCA provider ***]);
fi
enable_provider=no
fi
AM_CONDITIONAL([IBMCA_ENGINE], [test "x$enable_engine" == xyes])
AM_CONDITIONAL([IBMCA_PROVIDER], [test "x$enable_provider" == xyes])
AC_DEFINE_UNQUOTED([LIBICA_SHARED_LIB],["$defaultlib"])
AC_SUBST([ICA],["$ica"])
AC_CHECK_PROG([openssl_var],[openssl],[yes],[no])
if test "x$openssl_var" != xyes; then
AC_MSG_ERROR([openssl binary required]);
fi
if test "x$enable_provider" = xyes; then
AC_CHECK_DECLS([ica_fips_status], [],
AC_MSG_ERROR([*** libica >= 4.0 is required to build the IBMCA provider ***]),
[#include <ica_api.h>])
fi
AC_CHECK_DECLS([ica_cleanup],,,[#include <ica_api.h>])
AC_CONFIG_FILES([
Makefile
src/Makefile
src/engine/Makefile
src/engine/test/Makefile.linux
src/engine/doc/Makefile
src/provider/Makefile
src/provider/doc/Makefile
test/Makefile
test/engine/Makefile
test/provider/Makefile])
AC_OUTPUT
echo "CFLAGS=$CFLAGS"
echo "IBMCA engine: $enable_engine"
echo " default library: $defaultlib"
echo "IBMCA provider: $enable_provider"
if test "x$useproviderfulllibica" = xyes; then
echo " libica library: libica"
else
echo " libica library: libica-cex"
fi