@@ -6,156 +6,12 @@ # # Add here whatever m4 macros you want to define for your package # -dnl $1 = Description to show user -dnl $2 = Libraries to link to -dnl $3 = Variable to update (optional; default LIBS) -dnl $4 = Action to run if found -dnl $5 = Action to run if not found -AC_DEFUN([SHOBJ_DO_STATIC_LINK_LIB], [ - ifelse($3, [], [ - define([VAR_TO_UPDATE], [LIBS]) - ], [ - define([VAR_TO_UPDATE], [$3]) - ]) - - AC_MSG_CHECKING([for how to statically link to $1]) - - trylink_ADD_LDFLAGS='' - for arg in $VAR_TO_UPDATE; do - case "${arg}" in - -L*) - trylink_ADD_LDFLAGS="${arg}" - ;; - esac - done - - SAVELIBS="$LIBS" - staticlib="" - found="0" - dnl HP/UX uses -Wl,-a,archive ... -Wl,-a,shared_archive - dnl Linux and Solaris us -Wl,-Bstatic ... -Wl,-Bdynamic - AC_LANG_PUSH([C]) - for trylink in "-Wl,-a,archive $2 -Wl,-a,shared_archive" "-Wl,-Bstatic $2 -Wl,-Bdynamic" "$2"; do - if echo " ${LDFLAGS} " | grep ' -static ' >/dev/null; then - if test "${trylink}" != "$2"; then - continue - fi - fi - - LIBS="${SAVELIBS} ${trylink_ADD_LDFLAGS} ${trylink}" - - AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ - staticlib="${trylink}" - found="1" - - break - ]) - done - AC_LANG_POP([C]) - LIBS="${SAVELIBS}" - - if test "${found}" = "1"; then - new_RESULT='' - SAVERESULT="$VAR_TO_UPDATE" - for lib in ${SAVERESULT}; do - addlib='1' - for removelib in $2; do - if test "${lib}" = "${removelib}"; then - addlib='0' - break - fi - done - - if test "$addlib" = '1'; then - new_RESULT="${new_RESULT} ${lib}" - fi - done - VAR_TO_UPDATE="${new_RESULT} ${staticlib}" - - AC_MSG_RESULT([${staticlib}]) - - $4 - else - AC_MSG_RESULT([cant]) - - $5 - fi -]) - AC_DEFUN([TCLTLS_SSL_OPENSSL], [ - AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false]) - - openssldir='' - opensslpkgconfigdir='' - - AC_ARG_WITH([openssl-dir], - AS_HELP_STRING( - [--with-openssl-dir=], - [path to root directory of OpenSSL or LibreSSL installation] - ), [ - openssldir="$withval" - ] - ) - AC_ARG_WITH([openssl-pkgconfig], - AS_HELP_STRING( - [--with-openssl-pkgconfig=], - [path to root directory of OpenSSL or LibreSSL pkgconfigdir] - ), [ - opensslpkgconfigdir="$withval" - ] - ) - - if test -n "$openssldir"; then - if test -e "$openssldir/libssl.$SHOBJEXT"; then - TCLTLS_SSL_LIBS="-L$openssldir -lssl -lcrypto" - openssldir="`AS_DIRNAME(["$openssldir"])`" - else - TCLTLS_SSL_LIBS="-L$openssldir/lib -lssl -lcrypto" - fi - TCLTLS_SSL_CFLAGS="-I$openssldir/include" - TCLTLS_SSL_CPPFLAGS="-I$openssldir/include" - fi - - AC_MSG_CHECKING([for OpenSSL config]) - AC_MSG_RESULT($openssldir) - AC_MSG_CHECKING([for OpenSSL pkgconfig]) - AC_MSG_RESULT($opensslpkgconfigdir) - - pkgConfigExtraArgs='' - if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - pkgConfigExtraArgs='--static' - fi - - dnl Use pkg-config to find the libraries - dnl Temporarily update PKG_CONFIG_PATH - PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" - if test -n "${opensslpkgconfigdir}"; then - if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then - AC_MSG_ERROR([Unable to locate ${opensslpkgconfigdir}/openssl.pc]) - fi - - PKG_CONFIG_PATH="${opensslpkgconfigdir}${PATH_SEPARATOR}${PKG_CONFIG_PATH}" - export PKG_CONFIG_PATH - fi - - AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for OpenSSL or LibreSSL]) - AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for OpenSSL or LibreSSL]) - AC_ARG_VAR([TCLTLS_SSL_CPPFLAGS], [C preprocessor flags for OpenSSL or LibreSSL]) - if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="`"${PKGCONFIG}" openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) - fi - if test -z "$TCLTLS_SSL_CFLAGS"; then - TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) - fi - if test -z "$TCLTLS_SSL_CPPFLAGS"; then - TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) - fi - PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" - + AC_CHECK_TOOL([PKG_CONFIG], [pkg-config], [false]) dnl Disable support for TLS 1.0 protocol AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol]) @@ -189,11 +45,12 @@ AC_MSG_CHECKING([for disable TLS1.3 protocol]) AC_MSG_RESULT('yes') fi ]) - dnl Enable support for building the same library every time + + dnl Enable support for building the same Diffie–Hellman parameters each time AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic DH parameters]), [ tcltls_deterministic="$enableval" ], [ tcltls_deterministic='no' ]) @@ -202,32 +59,36 @@ else GEN_DH_PARAMS_ARGS='' fi dnl Enable support for specifying pre-computed DH params size - AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], [specify the size in bits of the built-in, precomputed, DH params]), [ + AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], + [specify the size in bits of the built-in, precomputed, DH params]), [ AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])]) GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" ]) AC_SUBST(GEN_DH_PARAMS_ARGS) AC_MSG_CHECKING([for DH params]) AC_MSG_RESULT([$GEN_DH_PARAMS_ARGS]) + dnl Determine if we have been asked to use a fast path if possible - AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [ + AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], + [enable using the underlying file descriptor for talking directly to the SSL library]), [ tcltls_ssl_fastpath="$enableval" ], [ tcltls_ssl_fastpath='no' ]) if test "$tcltls_ssl_fastpath" = 'yes'; then - AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Define this to enable using the underlying file descriptor for talking directly to the SSL library]) + AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Enable SSL library direct use of the underlying file descriptor]) fi AC_MSG_CHECKING([for fast path]) AC_MSG_RESULT([$tcltls_ssl_fastpath]) + dnl Enable hardening - AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [enable hardening attempts]), [ + AC_ARG_ENABLE([hardening], AS_HELP_STRING([--enable-hardening], [enable hardening attempts]), [ tcltls_enable_hardening="$enableval" ], [ tcltls_enable_hardening='yes' ]) if test "$tcltls_enable_hardening" = 'yes'; then @@ -237,48 +98,138 @@ AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) fi fi AC_MSG_CHECKING([for enable hardening]) AC_MSG_RESULT([$tcltls_enable_hardening]) + dnl Determine if we have been asked to statically link to the SSL library AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable static linking to the SSL library]), [ TCLEXT_TLS_STATIC_SSL="$enableval" ], [ TCLEXT_TLS_STATIC_SSL='no' ]) - - if test "${SHARED_BUILD}" != "1"; then - dnl If we are doing a static build, save the linker flags for other programs to consume - rm -f tcltls.${AREXT}.linkadd - AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.${AREXT}.linkadd - fi - - dnl If we have been asked to statically link to the SSL library, tell the linker to do so - if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - dnl Don't bother doing this if we aren't actually doing the runtime linking - if test "${SHARED_BUILD}" = "1"; then - dnl Split the libraries into SSL and non-SSL libraries - new_TCLTLS_SSL_LIBS_normal='' - new_TCLTLS_SSL_LIBS_static='' - for arg in $TCLTLS_SSL_LIBS; do - case "${arg}" in - -L*) - new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" - new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" - ;; - -ldl|-lrt|-lc|-lpthread|-lm|-lcrypt|-lidn|-lresolv|-lgcc|-lgcc_s) - new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" - ;; - -l*) - new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" - ;; - *) - new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" - ;; - esac - done - SHOBJ_DO_STATIC_LINK_LIB([OpenSSL], [$new_TCLTLS_SSL_LIBS_static], [new_TCLTLS_SSL_LIBS_static]) - TCLTLS_SSL_LIBS="${new_TCLTLS_SSL_LIBS_normal} ${new_TCLTLS_SSL_LIBS_static}" - fi - fi + AC_MSG_CHECKING([for static linking of openSSL libraries]) + AC_MSG_RESULT([$TCLEXT_TLS_STATIC_SSL]) + + # Static lib + pkgConfigExtraArgs='' + if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then + pkgConfigExtraArgs='--static' + fi + + + dnl Get SSL paths + AC_ARG_WITH([openssl-dir], + AS_HELP_STRING([--with-openssl-dir=], + [path to root directory of OpenSSL or LibreSSL installation] + ), [ + openssldir="$withval" + ], [ + openssldir='' + ] + ) + + dnl Get SSL include files path + AC_ARG_WITH([openssl-includedir], + AS_HELP_STRING([--with-openssl-includedir=], + [path to include directory of OpenSSL or LibreSSL installation] + ), [ + opensslincludedir="$withval" + ], [ + if test -n "$openssldir"; then + opensslincludedir="$openssldir/include/openssl" + else + opensslincludedir='' + fi + ] + ) + AC_MSG_CHECKING([for OpenSSL include directory]) + AC_MSG_RESULT($opensslincludedir) + + dnl Get SSL lib files path + if test -n "$opensslincludedir"; then + if test -f "$opensslincludedir/ssl.h"; then + TCLTLS_SSL_CFLAGS="-I$opensslincludedir" + TCLTLS_SSL_INCLUDES="-I$opensslincludedir" + else + AC_MSG_ERROR([Unable to locate ssl.h]) + fi + fi + + AC_ARG_WITH([openssl-libdir], + AS_HELP_STRING([--with-openssl-libdir=], + [path to lib directory of OpenSSL or LibreSSL installation] + ), [ + openssllibdir="$withval" + ], [ + if test -n "$openssldir"; then + if test "$do64bit" == 'yes'; then + openssllibdir="$openssldir/lib64" + else + openssllibdir="$openssldir/lib" + fi + else + openssllibdir='' + fi + ] + ) + AC_MSG_CHECKING([for OpenSSL lib directory]) + AC_MSG_RESULT($openssllibdir) + + if test -n "$openssllibdir"; then + if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then + if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then + TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" + else + # Linux and Solaris + TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" + # HPUX + # -Wl,-a,archive ... -Wl,-a,shared_archive + fi + else + AC_MSG_ERROR([Unable to locate libssl${SHLIB_SUFFIX}]) + fi + else + TCLTLS_SSL_LIBS="-lcrypto -lssl" + fi + + + AC_ARG_WITH([openssl-pkgconfig], + AS_HELP_STRING( + [--with-openssl-pkgconfig=], + [path to root directory of OpenSSL or LibreSSL pkgconfigdir] + ), [ + opensslpkgconfigdir="$withval" + ], [ + opensslpkgconfigdir='' + ] + ) + AC_MSG_CHECKING([for OpenSSL pkgconfig]) + AC_MSG_RESULT($opensslpkgconfigdir) + + dnl Use pkg-config to find the libraries + dnl Temporarily update PKG_CONFIG_PATH + PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" + if test -n "${opensslpkgconfigdir}"; then + if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then + AC_MSG_ERROR([Unable to locate ${opensslpkgconfigdir}/openssl.pc]) + fi + + PKG_CONFIG_PATH="${opensslpkgconfigdir}${PATH_SEPARATOR}${PKG_CONFIG_PATH}" + export PKG_CONFIG_PATH + fi + + AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for OpenSSL or LibreSSL]) + AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for OpenSSL or LibreSSL]) + AC_ARG_VAR([TCLTLS_SSL_INCLUDES], [C compiler include paths for OpenSSL or LibreSSL]) + if test -z "$TCLTLS_SSL_LIBS"; then + TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + fi + if test -z "$TCLTLS_SSL_CFLAGS"; then + TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + fi + if test -z "$TCLTLS_SSL_INCLUDES"; then + TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + fi + PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" ])