aboutsummaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/m4
diff options
context:
space:
mode:
authorPramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>2019-01-02 09:59:48 -0800
committerPramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>2019-03-29 09:59:04 -0700
commit7626b75b3c71173ba62c2f92d22bab8f4291e44a (patch)
tree7308a2628a014fef0f245ef4f00408cf92d15e60 /SoftHSMv2/m4
parentf2ff7a136a152b36b3aa4d0d574796e6edbef24a (diff)
Update SoftHSM v2.0 to the latest version
Change-Id: Ib3ec2c297f897c82776a66fe2ad55b18984c0337 Issue-ID: AAF-687 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Diffstat (limited to 'SoftHSMv2/m4')
-rw-r--r--SoftHSMv2/m4/acx_64bit.m445
-rw-r--r--SoftHSMv2/m4/acx_botan.m473
-rw-r--r--SoftHSMv2/m4/acx_botan_aes_gcm.m442
-rw-r--r--SoftHSMv2/m4/acx_botan_ecc.m463
-rw-r--r--SoftHSMv2/m4/acx_botan_eddsa.m449
-rw-r--r--SoftHSMv2/m4/acx_botan_gnump.m42
-rw-r--r--SoftHSMv2/m4/acx_botan_gost.m465
-rw-r--r--SoftHSMv2/m4/acx_botan_rawpss.m442
-rw-r--r--SoftHSMv2/m4/acx_cppunit.m416
-rw-r--r--SoftHSMv2/m4/acx_crypto_backend.m432
-rw-r--r--SoftHSMv2/m4/acx_openssl.m457
-rw-r--r--SoftHSMv2/m4/acx_openssl_ecc.m449
-rw-r--r--SoftHSMv2/m4/acx_openssl_eddsa.m468
-rw-r--r--SoftHSMv2/m4/acx_openssl_fips.m435
-rw-r--r--SoftHSMv2/m4/acx_openssl_gost.m495
-rw-r--r--SoftHSMv2/m4/acx_p11kit.m45
-rw-r--r--SoftHSMv2/m4/acx_sqlite3.m49
17 files changed, 491 insertions, 256 deletions
diff --git a/SoftHSMv2/m4/acx_64bit.m4 b/SoftHSMv2/m4/acx_64bit.m4
index f610b21..4620184 100644
--- a/SoftHSMv2/m4/acx_64bit.m4
+++ b/SoftHSMv2/m4/acx_64bit.m4
@@ -7,23 +7,42 @@ AC_DEFUN([ACX_64BIT],[
if test "x$enable_64bit" = "xyes"
then
- AC_MSG_CHECKING(if we can compile in 64-bit mode)
tmp_CFLAGS=$CFLAGS
CFLAGS="-m64"
- AC_RUN_IFELSE(
- [
+ AC_CACHE_CHECK([if we can compile in 64-bit mode], [acx_cv_prog_cc_64bit],[
+ acx_cv_prog_cc_64bit=no
+ AC_COMPILE_IFELSE([
AC_LANG_PROGRAM([],[return sizeof(void*) == 8 ? 0 : 1;])
], [
- AC_MSG_RESULT(yes)
- CXXFLAGS="-m64 $CXXFLAGS"
- LDFLAGS="-m64 $LDFLAGS"
- CFLAGS="-m64 $tmp_CFLAGS"
- ],[
- AC_MSG_RESULT(no)
- AC_MSG_ERROR([Don't know how to compile in 64-bit mode.])
- CFLAGS=$tmp_CFLAGS
- ]
- )
+ acx_cv_prog_cc_64bit=yes
+ ])
+ ])
+
+ if test "x$acx_cv_prog_cc_64bit" = xyes; then
+ AC_MSG_CHECKING([if we can run 64-bit programs])
+ AC_CACHE_VAL([acx_cv_sys_64bit],[
+ acx_cv_sys_64bit=no
+ AC_RUN_IFELSE([
+ AC_LANG_PROGRAM([],[return sizeof(void*) == 8 ? 0 : 1;])
+ ], [
+ AC_MSG_RESULT(yes)
+ acx_cv_sys_64bit=yes
+ ],[
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([Don't know how to compile in 64-bit mode.])
+ CFLAGS=$tmp_CFLAGS
+ ],[
+ AC_MSG_WARN([Cannot test, assuming 64-bit])
+ acx_cv_sys_64bit=yes
+ ])
+ ])
+
+ CXXFLAGS="-m64 $CXXFLAGS"
+ LDFLAGS="-m64 $LDFLAGS"
+ CFLAGS="-m64 $tmp_CFLAGS"
+ else
+ CFLAGS=$tmp_CFLAGS
+ fi
fi
])
diff --git a/SoftHSMv2/m4/acx_botan.m4 b/SoftHSMv2/m4/acx_botan.m4
index ed93786..346a180 100644
--- a/SoftHSMv2/m4/acx_botan.m4
+++ b/SoftHSMv2/m4/acx_botan.m4
@@ -1,39 +1,64 @@
AC_DEFUN([ACX_BOTAN],[
+ WITH_BOTAN=
AC_ARG_WITH(botan,
AC_HELP_STRING([--with-botan=PATH],[Specify prefix of path of Botan]),
[
BOTAN_PATH="$withval"
+ WITH_BOTAN=1
],
[
BOTAN_PATH="/usr/local"
])
- BOTAN_VERSION_MAJOR=2
- BOTAN_VERSION_MINOR=0
- AC_CHECK_FILE($BOTAN_PATH/include/botan-2/botan/version.h,
- BOTAN_VERSION_MAJOR=2
- BOTAN_VERSION_MINOR=0,
- AC_CHECK_FILE($BOTAN_PATH/include/botan-1.11/botan/version.h,
- BOTAN_VERSION_MAJOR=1
- BOTAN_VERSION_MINOR=11,
- AC_CHECK_FILE($BOTAN_PATH/include/botan-1.10/botan/version.h,
- BOTAN_VERSION_MAJOR=1
- BOTAN_VERSION_MINOR=10,
- AC_MSG_ERROR([Cannot find Botan includes]))))
- AC_MSG_CHECKING(what are the Botan includes)
- if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then
- BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-2"
+ if test -n "${PKG_CONFIG}" && test -z "${WITH_BOTAN}"; then
+ PKG_CHECK_MODULES([BOTAN], [botan-2 >= $1.$2.$3], [
+ BOTAN_VERSION_MAJOR=2
+ BOTAN_VERSION_MINOR=0
+ ],[
+ PKG_CHECK_MODULES([BOTAN], [botan-1.11 >= $1.$2.$3], [
+ BOTAN_VERSION_MAJOR=1
+ BOTAN_VERSION_MINOR=11
+ ],[
+ PKG_CHECK_MODULES([BOTAN], [botan-1.10 >= $1.$2.$3], [
+ BOTAN_VERSION_MAJOR=1
+ BOTAN_VERSION_MINOR=10
+ ],[
+ AC_MSG_ERROR([Cannot find Botan])
+ ])
+ ])
+ ])
else
- BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-1.$BOTAN_VERSION_MINOR"
+ BOTAN_VERSION_MAJOR=2
+ BOTAN_VERSION_MINOR=0
+ if test -f "$BOTAN_PATH/include/botan-2/botan/version.h"; then
+ BOTAN_VERSION_MAJOR=2
+ BOTAN_VERSION_MINOR=0
+ elif test -f "$BOTAN_PATH/include/botan-1.11/botan/version.h"; then
+ BOTAN_VERSION_MAJOR=1
+ BOTAN_VERSION_MINOR=11
+ elif test -f "$BOTAN_PATH/include/botan-1.10/botan/version.h"; then
+ BOTAN_VERSION_MAJOR=1
+ BOTAN_VERSION_MINOR=10
+ else
+ AC_MSG_ERROR([Cannot find Botan includes])
+ fi
+
+ if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then
+ BOTAN_CFLAGS="-I$BOTAN_PATH/include/botan-2"
+ BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-2"
+ else
+ BOTAN_CFLAGS="-I$BOTAN_PATH/include/botan-1.$BOTAN_VERSION_MINOR"
+ BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-1.$BOTAN_VERSION_MINOR"
+ fi
+
+ AC_SUBST(BOTAN_CFLAGS)
+ AC_SUBST(BOTAN_LIBS)
fi
- AC_MSG_RESULT($BOTAN_INCLUDES)
+
+ AC_MSG_CHECKING(what are the Botan includes)
+ AC_MSG_RESULT($BOTAN_CFLAGS)
AC_MSG_CHECKING(what are the Botan libs)
- if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then
- BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-2"
- else
- BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-1.$BOTAN_VERSION_MINOR"
- fi
AC_MSG_RESULT($BOTAN_LIBS)
if test "x${BOTAN_VERSION_MAJOR}" != "x1" -o "x${BOTAN_VERSION_MINOR}" != "x10"; then
@@ -43,7 +68,7 @@ AC_DEFUN([ACX_BOTAN],[
tmp_CPPFLAGS=$CPPFLAGS
tmp_LIBS=$LIBS
- CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES"
+ CPPFLAGS="$CPPFLAGS $BOTAN_CFLAGS"
LIBS="$LIBS $BOTAN_LIBS"
AC_LANG_PUSH([C++])
@@ -65,8 +90,6 @@ AC_DEFUN([ACX_BOTAN],[
CPPFLAGS=$tmp_CPPFLAGS
LIBS=$tmp_LIBS
- AC_SUBST(BOTAN_INCLUDES)
- AC_SUBST(BOTAN_LIBS)
AC_SUBST(BOTAN_VERSION_MAJOR)
AC_SUBST(BOTAN_VERSION_MINOR)
])
diff --git a/SoftHSMv2/m4/acx_botan_aes_gcm.m4 b/SoftHSMv2/m4/acx_botan_aes_gcm.m4
index d52c9cb..4873e30 100644
--- a/SoftHSMv2/m4/acx_botan_aes_gcm.m4
+++ b/SoftHSMv2/m4/acx_botan_aes_gcm.m4
@@ -8,29 +8,35 @@ AC_DEFUN([ACX_BOTAN_AES_GCM],[
LIBS="$CRYPTO_LIBS $LIBS"
AC_LANG_PUSH([C++])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <botan/botan.h>
- #include <botan/version.h>
- int main()
- {
- using namespace Botan;
+ AC_CACHE_VAL([acx_cv_lib_botan_aes_gcm_support],[
+ acx_cv_lib_botan_aes_gcm_support=no
+ AC_COMPILE_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <botan/botan.h>
+ #include <botan/version.h>
+ int main()
+ {
+ using namespace Botan;
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0)
- return 0;
+ return 0;
+#else
+#error "Botan too old"
#endif
- return 1;
- }
- ]])
- ],[
- AC_MSG_RESULT([Found AES GCM])
- AC_DEFINE([WITH_AES_GCM], [1],
- [Compile with AES GCM])
- ],[
- AC_MSG_RESULT([Cannot find AES GCM support, upgrade to Botan >= v2.0.0])
-
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found AES GCM])
+ acx_cv_lib_botan_aes_gcm_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find AES GCM support, upgrade to Botan >= v2.0.0])
+ ])
])
AC_LANG_POP([C++])
+ if test "x$acx_cv_lib_botan_aes_gcm_support" = xyes; then
+ AC_DEFINE([WITH_AES_GCM], [1],
+ [Compile with AES GCM])
+ fi
CPPFLAGS=$tmp_CPPFLAGS
LIBS=$tmp_LIBS
diff --git a/SoftHSMv2/m4/acx_botan_ecc.m4 b/SoftHSMv2/m4/acx_botan_ecc.m4
index 9bce21d..1dd067e 100644
--- a/SoftHSMv2/m4/acx_botan_ecc.m4
+++ b/SoftHSMv2/m4/acx_botan_ecc.m4
@@ -8,42 +8,49 @@ AC_DEFUN([ACX_BOTAN_ECC],[
LIBS="$CRYPTO_LIBS $LIBS"
AC_LANG_PUSH([C++])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <botan/init.h>
- #include <botan/ec_group.h>
- #include <botan/oids.h>
- #include <botan/version.h>
- int main()
- {
- Botan::LibraryInitializer::initialize();
- const std::string name("secp256r1");
- const Botan::OID oid(Botan::OIDS::lookup(name));
- const Botan::EC_Group ecg(oid);
- try {
+ AC_CACHE_VAL([acx_cv_lib_botan_ecc_support],[
+ acx_cv_lib_botan_ecc_support=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <botan/init.h>
+ #include <botan/ec_group.h>
+ #include <botan/oids.h>
+ #include <botan/version.h>
+ int main()
+ {
+ Botan::LibraryInitializer::initialize();
+ const std::string name("secp256r1");
+ const Botan::OID oid(Botan::OIDS::lookup(name));
+ const Botan::EC_Group ecg(oid);
+ try {
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
- const std::vector<Botan::byte> der =
- ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+ const std::vector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
#else
- const Botan::SecureVector<Botan::byte> der =
- ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+ const Botan::SecureVector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
#endif
- } catch(...) {
- return 1;
+ } catch(...) {
+ return 1;
+ }
+ return 0;
}
- return 0;
- }
- ]])
- ],[
- AC_MSG_RESULT([Found P256])
- ],[
- AC_MSG_RESULT([Cannot find P256])
- AC_MSG_ERROR([
+ ]])
+ ],[
+ AC_MSG_RESULT([Found P256])
+ acx_cv_lib_botan_ecc_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find P256])
+ AC_MSG_ERROR([
Botan library has no valid ECC support. Please upgrade to a later version
of Botan, above or including version 1.10.6 or 1.11.5.
Alternatively disable ECC support in SoftHSM with --disable-ecc
])
- ],[])
+ ],[
+ AC_MSG_WARN([Cannot test, assuming P256])
+ acx_cv_lib_botan_ecc_support=yes
+ ])
+ ])
AC_LANG_POP([C++])
CPPFLAGS=$tmp_CPPFLAGS
diff --git a/SoftHSMv2/m4/acx_botan_eddsa.m4 b/SoftHSMv2/m4/acx_botan_eddsa.m4
new file mode 100644
index 0000000..88090b7
--- /dev/null
+++ b/SoftHSMv2/m4/acx_botan_eddsa.m4
@@ -0,0 +1,49 @@
+AC_DEFUN([ACX_BOTAN_EDDSA],[
+ AC_MSG_CHECKING(for Botan EDDSA support)
+
+ tmp_CPPFLAGS=$CPPFLAGS
+ tmp_LIBS=$LIBS
+
+ CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES"
+ LIBS="$CRYPTO_LIBS $LIBS"
+
+ AC_LANG_PUSH([C++])
+ AC_CACHE_VAL([acx_cv_lib_botan_eddsa_support],[
+ acx_cv_lib_botan_eddsa_support=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <botan/init.h>
+ #include <botan/ed25519.h>
+ #include <botan/version.h>
+ int main()
+ {
+ Botan::secure_vector<uint8_t> k(32);
+ try {
+ Botan::Ed25519_PrivateKey* key =
+ new Botan::Ed25519_PrivateKey(k);
+ } catch(...) {
+ return 1;
+ }
+ return 0;
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found Ed25519])
+ acx_cv_lib_botan_eddsa_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find Ed25519])
+ AC_MSG_ERROR([
+Botan library has no valid EDDSA support. Please upgrade to a later version
+of Botan with EDDSA support.
+Alternatively disable EDDSA support in SoftHSM with --disable-eddsa
+])
+ ],[
+ AC_MSG_WARN([Cannot test, assuming EDDSA])
+ acx_cv_lib_botan_eddsa_support=yes
+ ])
+ ])
+ AC_LANG_POP([C++])
+
+ CPPFLAGS=$tmp_CPPFLAGS
+ LIBS=$tmp_LIBS
+])
diff --git a/SoftHSMv2/m4/acx_botan_gnump.m4 b/SoftHSMv2/m4/acx_botan_gnump.m4
index d15859a..28272ab 100644
--- a/SoftHSMv2/m4/acx_botan_gnump.m4
+++ b/SoftHSMv2/m4/acx_botan_gnump.m4
@@ -2,7 +2,7 @@ AC_DEFUN([ACX_BOTAN_GNUMP],[
tmp_CPPFLAGS=$CPPFLAGS
tmp_LIBS=$LIBS
- CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES"
+ CPPFLAGS="$CPPFLAGS $BOTAN_CFLAGS"
LIBS="$LIBS $BOTAN_LIBS"
AC_LANG_PUSH([C++])
diff --git a/SoftHSMv2/m4/acx_botan_gost.m4 b/SoftHSMv2/m4/acx_botan_gost.m4
index 3720f4a..ba4c334 100644
--- a/SoftHSMv2/m4/acx_botan_gost.m4
+++ b/SoftHSMv2/m4/acx_botan_gost.m4
@@ -8,43 +8,50 @@ AC_DEFUN([ACX_BOTAN_GOST],[
LIBS="$CRYPTO_LIBS $LIBS"
AC_LANG_PUSH([C++])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <botan/init.h>
- #include <botan/gost_3410.h>
- #include <botan/oids.h>
- #include <botan/version.h>
- int main()
- {
- Botan::LibraryInitializer::initialize();
- const std::string name("gost_256A");
- const Botan::OID oid(Botan::OIDS::lookup(name));
- const Botan::EC_Group ecg(oid);
- try {
+ AC_CACHE_VAL([acx_cv_lib_botan_gost_support],[
+ acx_cv_lib_botan_gost_support=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <botan/init.h>
+ #include <botan/gost_3410.h>
+ #include <botan/oids.h>
+ #include <botan/version.h>
+ int main()
+ {
+ Botan::LibraryInitializer::initialize();
+ const std::string name("gost_256A");
+ const Botan::OID oid(Botan::OIDS::lookup(name));
+ const Botan::EC_Group ecg(oid);
+ try {
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
- const std::vector<Botan::byte> der =
- ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+ const std::vector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
#else
- const Botan::SecureVector<Botan::byte> der =
- ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
+ const Botan::SecureVector<Botan::byte> der =
+ ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID);
#endif
- } catch(...) {
- return 1;
- }
+ } catch(...) {
+ return 1;
+ }
- return 0;
- }
- ]])
- ],[
- AC_MSG_RESULT([Found GOST])
- ],[
- AC_MSG_RESULT([Cannot find GOST])
- AC_MSG_ERROR([
+ return 0;
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found GOST])
+ acx_cv_lib_botan_gost_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find GOST])
+ AC_MSG_ERROR([
Botan library has no valid GOST support. Please upgrade to a later version
of Botan, above or including version 1.10.6 or 1.11.5.
Alternatively disable GOST support in SoftHSM with --disable-gost
])
- ],[])
+ ],[
+ AC_MSG_WARN([Cannot test, assuming GOST])
+ acx_cv_lib_botan_gost_support=yes
+ ])
+ ])
AC_LANG_POP([C++])
CPPFLAGS=$tmp_CPPFLAGS
diff --git a/SoftHSMv2/m4/acx_botan_rawpss.m4 b/SoftHSMv2/m4/acx_botan_rawpss.m4
index 018e324..92b56ff 100644
--- a/SoftHSMv2/m4/acx_botan_rawpss.m4
+++ b/SoftHSMv2/m4/acx_botan_rawpss.m4
@@ -8,29 +8,35 @@ AC_DEFUN([ACX_BOTAN_RAWPSS],[
LIBS="$CRYPTO_LIBS $LIBS"
AC_LANG_PUSH([C++])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <botan/botan.h>
- #include <botan/version.h>
- int main()
- {
- using namespace Botan;
+ AC_CACHE_VAL([acx_cv_lib_botan_raw_pss_support],[
+ acx_cv_lib_botan_raw_pss_support=no
+ AC_COMPILE_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <botan/botan.h>
+ #include <botan/version.h>
+ int main()
+ {
+ using namespace Botan;
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0)
- return 0;
+ return 0;
+#else
+#error "Botan too old"
#endif
- return 1;
- }
- ]])
- ],[
- AC_MSG_RESULT([Found raw PSS])
- AC_DEFINE([WITH_RAW_PSS], [1],
- [Compile with raw RSA PKCS PSS])
- ],[
- AC_MSG_RESULT([Cannot find raw PSS support, upgrade to Botan >= v2.3.0])
-
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found raw PSS])
+ acx_cv_lib_botan_raw_pss_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find raw PSS support, upgrade to Botan >= v2.3.0])
+ ])
])
AC_LANG_POP([C++])
+ if test "x$acx_cv_lib_botan_raw_pss_support" = xyes; then
+ AC_DEFINE([WITH_RAW_PSS], [1],
+ [Compile with raw RSA PKCS PSS])
+ fi
CPPFLAGS=$tmp_CPPFLAGS
LIBS=$tmp_LIBS
diff --git a/SoftHSMv2/m4/acx_cppunit.m4 b/SoftHSMv2/m4/acx_cppunit.m4
index 2720d81..1e04244 100644
--- a/SoftHSMv2/m4/acx_cppunit.m4
+++ b/SoftHSMv2/m4/acx_cppunit.m4
@@ -1,21 +1,15 @@
AC_DEFUN([ACX_CPPUNIT],[
AC_PATH_PROG([CPPUNIT_CONFIG], [cppunit-config])
- AC_PATH_PROG([PKG_CONFIG], [pkg-config])
- if test -n "${CPPUNIT_CONFIG}"; then
+ if test -n "${PKG_CONFIG}"; then
+ PKG_CHECK_MODULES([CPPUNIT], [cppunit], [], [:])
+ elif test -n "${CPPUNIT_CONFIG}"; then
AC_MSG_CHECKING([cppunit cflags])
CPPUNIT_CFLAGS=`${CPPUNIT_CONFIG} --cflags`
AC_MSG_RESULT([${CPPUNIT_CFLAGS}])
AC_MSG_CHECKING([cppunit libs])
CPPUNIT_LIBS=`${CPPUNIT_CONFIG} --libs`
AC_MSG_RESULT([${CPPUNIT_LIBS}])
- elif test -n "${PKG_CONFIG}"; then
- AC_MSG_CHECKING([cppunit cflags])
- CPPUNIT_CFLAGS=`${PKG_CONFIG} cppunit --cflags`
- AC_MSG_RESULT([${CPPUNIT_CFLAGS}])
- AC_MSG_CHECKING([cppunit libs])
- CPPUNIT_LIBS=`${PKG_CONFIG} cppunit --libs`
- AC_MSG_RESULT([${CPPUNIT_LIBS}])
+ AC_SUBST([CPPUNIT_CFLAGS])
+ AC_SUBST([CPPUNIT_LIBS])
fi
- AC_SUBST([CPPUNIT_CFLAGS])
- AC_SUBST([CPPUNIT_LIBS])
])
diff --git a/SoftHSMv2/m4/acx_crypto_backend.m4 b/SoftHSMv2/m4/acx_crypto_backend.m4
index c860c89..f815bcd 100644
--- a/SoftHSMv2/m4/acx_crypto_backend.m4
+++ b/SoftHSMv2/m4/acx_crypto_backend.m4
@@ -42,6 +42,28 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
fi
AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"])
+ # Add Eddsa check
+
+ AC_ARG_ENABLE(eddsa,
+ AC_HELP_STRING([--enable-eddsa],
+ [Enable support for EDDSA (default disabled)]
+ ),
+ [enable_eddsa="${enableval}"],
+ [enable_eddsa="no"]
+ )
+ AC_MSG_CHECKING(for EDDSA support)
+ if test "x${enable_eddsa}" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE_UNQUOTED(
+ [WITH_EDDSA],
+ [],
+ [Compile with EDDSA support]
+ )
+ else
+ AC_MSG_RESULT(no)
+ fi
+ AM_CONDITIONAL([WITH_EDDSA], [test "x${enable_eddsa}" = "xyes"])
+
# Second check for the FIPS 140-2 mode
AC_ARG_ENABLE(fips,
@@ -92,6 +114,10 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
ACX_OPENSSL_ECC
fi
+ if test "x${enable_eddsa}" = "xyes"; then
+ ACX_OPENSSL_EDDSA
+ fi
+
if test "x${enable_gost}" = "xyes"; then
if test "x${enable_fips}" = "xyes"; then
AC_MSG_ERROR([GOST is not FIPS approved])
@@ -126,13 +152,17 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
ACX_BOTAN(1,10,0)
- CRYPTO_INCLUDES=$BOTAN_INCLUDES
+ CRYPTO_INCLUDES=$BOTAN_CFLAGS
CRYPTO_LIBS=$BOTAN_LIBS
if test "x${enable_ecc}" = "xyes"; then
ACX_BOTAN_ECC
fi
+ if test "x${enable_eddsa}" = "xyes"; then
+ ACX_BOTAN_EDDSA
+ fi
+
if test "x${enable_fips}" = "xyes"; then
AC_MSG_ERROR([Botan does not support FIPS 140-2 mode])
fi
diff --git a/SoftHSMv2/m4/acx_openssl.m4 b/SoftHSMv2/m4/acx_openssl.m4
index e90c78f..2f1adad 100644
--- a/SoftHSMv2/m4/acx_openssl.m4
+++ b/SoftHSMv2/m4/acx_openssl.m4
@@ -2,18 +2,19 @@ AC_DEFUN([ACX_OPENSSL],[
AC_ARG_WITH(openssl,
AC_HELP_STRING([--with-openssl=PATH],[Specify prefix of path of OpenSSL]),
[
- OPENSSL_PATH="$withval"
+ OPENSSL_INCLUDES="-I$withval/include"
+ OPENSSL_LIBDIRS="-L$withval/lib"
],
[
- OPENSSL_PATH="/usr/local"
+ OPENSSL_INCLUDES=""
+ OPENSSL_LIBDIRS=""
])
AC_MSG_CHECKING(what are the OpenSSL includes)
- OPENSSL_INCLUDES="-I$OPENSSL_PATH/include"
AC_MSG_RESULT($OPENSSL_INCLUDES)
AC_MSG_CHECKING(what are the OpenSSL libs)
- OPENSSL_LIBS="-L$OPENSSL_PATH/lib -lcrypto"
+ OPENSSL_LIBS="$OPENSSL_LIBDIRS -lcrypto"
AC_MSG_RESULT($OPENSSL_LIBS)
tmp_CPPFLAGS=$CPPFLAGS
@@ -28,28 +29,32 @@ AC_DEFUN([ACX_OPENSSL],[
AC_MSG_CHECKING([for OpenSSL version])
CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3)
AC_LANG_PUSH([C])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <openssl/ssl.h>
- #include <openssl/opensslv.h>
- int main()
- {
- #ifndef OPENSSL_VERSION_NUMBER
- return -1;
- #endif
- #if OPENSSL_VERSION_NUMBER >= $CHECK_OPENSSL_VERSION
- return 0;
- #else
- return 1;
- #endif
- }
- ]])
- ],[
- AC_MSG_RESULT([>= $1.$2.$3])
- ],[
- AC_MSG_RESULT([< $1.$2.$3])
- AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
- ],[])
+ AC_CACHE_VAL([acx_cv_lib_openssl_sufficient],[
+ acx_cv_lib_openssl_sufficient=no
+ AC_COMPILE_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <openssl/ssl.h>
+ #include <openssl/opensslv.h>
+ int main()
+ {
+ #ifndef OPENSSL_VERSION_NUMBER
+ #error "OpenSSL version undefined"
+ #endif
+ #if OPENSSL_VERSION_NUMBER >= $CHECK_OPENSSL_VERSION
+ return 0;
+ #else
+ #error "OpenSSL too old"
+ #endif
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([>= $1.$2.$3])
+ acx_cv_lib_openssl_sufficient=yes
+ ],[
+ AC_MSG_RESULT([< $1.$2.$3])
+ AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)])
+ ])
+ ])
AC_LANG_POP([C])
CPPFLAGS=$tmp_CPPFLAGS
diff --git a/SoftHSMv2/m4/acx_openssl_ecc.m4 b/SoftHSMv2/m4/acx_openssl_ecc.m4
index 612c505..3ecf7a9 100644
--- a/SoftHSMv2/m4/acx_openssl_ecc.m4
+++ b/SoftHSMv2/m4/acx_openssl_ecc.m4
@@ -8,28 +8,35 @@ AC_DEFUN([ACX_OPENSSL_ECC],[
LIBS="$CRYPTO_LIBS $LIBS"
AC_LANG_PUSH([C])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <openssl/ecdsa.h>
- #include <openssl/objects.h>
- int main()
- {
- EC_KEY *ec256, *ec384, *ec521;
+ AC_CACHE_VAL([acx_cv_lib_openssl_ecc_support],[
+ acx_cv_lib_openssl_ecc_support=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <openssl/ecdsa.h>
+ #include <openssl/objects.h>
+ int main()
+ {
+ EC_KEY *ec256, *ec384, *ec521;
- ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
- ec521 = EC_KEY_new_by_curve_name(NID_secp521r1);
- if (ec256 == NULL || ec384 == NULL || ec521 == NULL)
- return 1;
- return 0;
- }
- ]])
- ],[
- AC_MSG_RESULT([Found P256, P384, and P521])
- ],[
- AC_MSG_RESULT([Cannot find P256, P384, or P521])
- AC_MSG_ERROR([OpenSSL library has no ECC support])
- ],[])
+ ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
+ ec521 = EC_KEY_new_by_curve_name(NID_secp521r1);
+ if (ec256 == NULL || ec384 == NULL || ec521 == NULL)
+ return 1;
+ return 0;
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found P256, P384, and P521])
+ acx_cv_lib_openssl_ecc_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find P256, P384, or P521])
+ AC_MSG_ERROR([OpenSSL library has no ECC support])
+ ],[
+ AC_MSG_WARN([Cannot test, assuming P256, P384, and P521])
+ acx_cv_lib_openssl_ecc_support=yes
+ ])
+ ])
AC_LANG_POP([C])
CPPFLAGS=$tmp_CPPFLAGS
diff --git a/SoftHSMv2/m4/acx_openssl_eddsa.m4 b/SoftHSMv2/m4/acx_openssl_eddsa.m4
new file mode 100644
index 0000000..0b629e2
--- /dev/null
+++ b/SoftHSMv2/m4/acx_openssl_eddsa.m4
@@ -0,0 +1,68 @@
+AC_DEFUN([ACX_OPENSSL_EDDSA],[
+ AC_MSG_CHECKING(for OpenSSL EDDSA support)
+
+ tmp_CPPFLAGS=$CPPFLAGS
+ tmp_LIBS=$LIBS
+
+ CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES"
+ LIBS="$CRYPTO_LIBS $LIBS"
+
+ AC_LANG_PUSH([C])
+ AC_CACHE_VAL([acx_cv_lib_openssl_ed25519_support],[
+ acx_cv_lib_openssl_ed25519_support=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ int main()
+ {
+ EVP_PKEY_CTX *ctx;
+
+ ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+ if (ctx == NULL)
+ return 1;
+ return 0;
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found ED25519])
+ acx_cv_lib_openssl_ed25519_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find ED25519])
+ AC_MSG_ERROR([OpenSSL library has no EDDSA support])
+ ],[
+ AC_MSG_WARN([Cannot test, ED25519])
+ acx_cv_lib_openssl_ed25519_support=yes
+ ])
+ ])
+ AC_CACHE_VAL([acx_cv_lib_openssl_ed448_support],[
+ acx_cv_lib_openssl_ed448_support=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <openssl/evp.h>
+ #include <openssl/objects.h>
+ int main()
+ {
+ EVP_PKEY_CTX *ctx;
+
+ ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
+ if (ctx == NULL)
+ return 1;
+ return 0;
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found ED448])
+ acx_cv_lib_openssl_ed448_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find ED448])
+ ],[
+ AC_MSG_WARN([Cannot test, ED448])
+ acx_cv_lib_openssl_ed448_support=yes
+ ])
+ ])
+ AC_LANG_POP([C])
+
+ CPPFLAGS=$tmp_CPPFLAGS
+ LIBS=$tmp_LIBS
+])
diff --git a/SoftHSMv2/m4/acx_openssl_fips.m4 b/SoftHSMv2/m4/acx_openssl_fips.m4
index 0491397..a55c209 100644
--- a/SoftHSMv2/m4/acx_openssl_fips.m4
+++ b/SoftHSMv2/m4/acx_openssl_fips.m4
@@ -11,20 +11,27 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[
# "reference the OpenSSL FIPS object module"
AC_LANG_PUSH([C])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <openssl/crypto.h>
- int main()
- {
- return !FIPS_mode_set(1);
- }
- ]])
- ],[
- AC_MSG_RESULT([Found working FIPS_mode_set()])
- ],[
- AC_MSG_RESULT([FIPS_mode_set(1) failed])
- AC_MSG_ERROR([OpenSSL library is not FIPS capable])
- ],[])
+ AC_CACHE_VAL([acx_cv_lib_openssl_fips],[
+ acx_cv_lib_openssl_fips=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <openssl/crypto.h>
+ int main()
+ {
+ return !FIPS_mode_set(1);
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found working FIPS_mode_set()])
+ acx_cv_lib_openssl_fips=yes
+ ],[
+ AC_MSG_RESULT([FIPS_mode_set(1) failed])
+ AC_MSG_ERROR([OpenSSL library is not FIPS capable])
+ ],[
+ AC_MSG_WARN([Cannot test, assuming FIPS])
+ acx_cv_lib_openssl_fips=yes
+ ])
+ ])
AC_LANG_POP([C])
# build missing fips_premain_dso tool
diff --git a/SoftHSMv2/m4/acx_openssl_gost.m4 b/SoftHSMv2/m4/acx_openssl_gost.m4
index dca489b..7deaacb 100644
--- a/SoftHSMv2/m4/acx_openssl_gost.m4
+++ b/SoftHSMv2/m4/acx_openssl_gost.m4
@@ -8,56 +8,63 @@ AC_DEFUN([ACX_OPENSSL_GOST],[
LIBS="$CRYPTO_LIBS $LIBS"
AC_LANG_PUSH([C])
- AC_RUN_IFELSE([
- AC_LANG_SOURCE([[
- #include <openssl/engine.h>
- #include <openssl/crypto.h>
- #include <openssl/opensslv.h>
- int main()
- {
- ENGINE* eg;
- const EVP_MD* EVP_GOST_34_11;
+ AC_CACHE_VAL([acx_cv_lib_openssl_gost_support],[
+ acx_cv_lib_openssl_gost_support=no
+ AC_RUN_IFELSE([
+ AC_LANG_SOURCE([[
+ #include <openssl/engine.h>
+ #include <openssl/crypto.h>
+ #include <openssl/opensslv.h>
+ int main()
+ {
+ ENGINE* eg;
+ const EVP_MD* EVP_GOST_34_11;
- /* Initialise OpenSSL */
- OpenSSL_add_all_algorithms();
+ /* Initialise OpenSSL */
+ OpenSSL_add_all_algorithms();
- /* Load engines */
- #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- ENGINE_load_builtin_engines();
- #else
- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL);
- #endif
+ /* Load engines */
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ ENGINE_load_builtin_engines();
+ #else
+ OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL);
+ #endif
- /* Initialise the GOST engine */
- eg = ENGINE_by_id("gost");
- if (eg == NULL)
- return 1;
- if (ENGINE_init(eg) <= 0)
- return 1;
+ /* Initialise the GOST engine */
+ eg = ENGINE_by_id("gost");
+ if (eg == NULL)
+ return 1;
+ if (ENGINE_init(eg) <= 0)
+ return 1;
- /* better than digest_gost */
- EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94);
- if (EVP_GOST_34_11 == NULL)
- return 1;
+ /* better than digest_gost */
+ EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94);
+ if (EVP_GOST_34_11 == NULL)
+ return 1;
- /* from the openssl.cnf */
- if (ENGINE_register_pkey_asn1_meths(eg) <= 0)
- return 1;
- if (ENGINE_ctrl_cmd_string(eg,
- "CRYPT_PARAMS",
- "id-Gost28147-89-CryptoPro-A-ParamSet",
- 0) <= 0)
- return 1;
+ /* from the openssl.cnf */
+ if (ENGINE_register_pkey_asn1_meths(eg) <= 0)
+ return 1;
+ if (ENGINE_ctrl_cmd_string(eg,
+ "CRYPT_PARAMS",
+ "id-Gost28147-89-CryptoPro-A-ParamSet",
+ 0) <= 0)
+ return 1;
- return 0;
- }
- ]])
- ],[
- AC_MSG_RESULT([Found GOST engine])
- ],[
- AC_MSG_RESULT([Cannot find GOST engine])
- AC_MSG_ERROR([OpenSSL library has no GOST support])
- ],[])
+ return 0;
+ }
+ ]])
+ ],[
+ AC_MSG_RESULT([Found GOST engine])
+ acx_cv_lib_openssl_gost_support=yes
+ ],[
+ AC_MSG_RESULT([Cannot find GOST engine])
+ AC_MSG_ERROR([OpenSSL library has no GOST support])
+ ],[
+ AC_MSG_WARN([Cannot test, assuming GOST engine])
+ acx_cv_lib_openssl_gost_support=yes
+ ])
+ ])
AC_LANG_POP([C])
CPPFLAGS=$tmp_CPPFLAGS
diff --git a/SoftHSMv2/m4/acx_p11kit.m4 b/SoftHSMv2/m4/acx_p11kit.m4
index 20c7b7e..9545e7e 100644
--- a/SoftHSMv2/m4/acx_p11kit.m4
+++ b/SoftHSMv2/m4/acx_p11kit.m4
@@ -17,9 +17,8 @@ AC_DEFUN([ACX_P11KIT],[
if test "x${enable_p11kit}" = "xyes"; then
AC_MSG_RESULT(yes)
if test "x${P11KIT_PATH}" = "x"; then
- AC_PATH_PROG(PKGCONFIG, [pkg-config])
- if test "x${PKGCONFIG}" != "x" && ${PKGCONFIG} --exists p11-kit-1; then
- P11KIT_PATH=`${PKGCONFIG} --variable=p11_module_configs p11-kit-1`
+ if test "x${PKG_CONFIG}" != "x" && ${PKG_CONFIG} --exists p11-kit-1; then
+ P11KIT_PATH=`${PKG_CONFIG} --variable=p11_module_configs p11-kit-1`
fi
fi
AC_MSG_CHECKING(where to install the p11-kit module)
diff --git a/SoftHSMv2/m4/acx_sqlite3.m4 b/SoftHSMv2/m4/acx_sqlite3.m4
index cf829b7..fd942a7 100644
--- a/SoftHSMv2/m4/acx_sqlite3.m4
+++ b/SoftHSMv2/m4/acx_sqlite3.m4
@@ -2,11 +2,13 @@ AC_DEFUN([ACX_SQLITE3],[
AC_ARG_WITH(sqlite3,
AC_HELP_STRING([--with-sqlite3=PATH],[Specify prefix of path of SQLite3]),
[
- SQLITE3_PATH="$withval"
+ SQLITE3_INCLUDES="-I$withval/include"
+ SQLITE3_LIBDIRS="-L$withval/lib"
AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $withval/bin)
],[
- SQLITE3_PATH="/usr/local"
+ SQLITE3_INCLUDES=""
+ SQLITE3_LIBDIRS=""
AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $PATH)
])
@@ -16,11 +18,10 @@ AC_DEFUN([ACX_SQLITE3],[
fi
AC_MSG_CHECKING(what are the SQLite3 includes)
- SQLITE3_INCLUDES="-I$SQLITE3_PATH/include"
AC_MSG_RESULT($SQLITE3_INCLUDES)
AC_MSG_CHECKING(what are the SQLite3 libs)
- SQLITE3_LIBS="-L$SQLITE3_PATH/lib -lsqlite3"
+ SQLITE3_LIBS="$SQLITE3_LIBDIRS -lsqlite3"
AC_MSG_RESULT($SQLITE3_LIBS)
tmp_CPPFLAGS=$CPPFLAGS