diff options
Diffstat (limited to 'SoftHSMv2/m4')
| -rw-r--r-- | SoftHSMv2/m4/acx_64bit.m4 | 45 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_botan.m4 | 73 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_botan_aes_gcm.m4 | 42 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_botan_ecc.m4 | 63 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_botan_eddsa.m4 | 49 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_botan_gnump.m4 | 2 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_botan_gost.m4 | 65 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_botan_rawpss.m4 | 42 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_cppunit.m4 | 16 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_crypto_backend.m4 | 32 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_openssl.m4 | 57 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_openssl_ecc.m4 | 49 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_openssl_eddsa.m4 | 68 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_openssl_fips.m4 | 35 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_openssl_gost.m4 | 95 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_p11kit.m4 | 5 | ||||
| -rw-r--r-- | SoftHSMv2/m4/acx_sqlite3.m4 | 9 |
17 files changed, 491 insertions, 256 deletions
diff --git a/SoftHSMv2/m4/acx_64bit.m4 b/SoftHSMv2/m4/acx_64bit.m4 index f610b21..4620184 100644 --- a/SoftHSMv2/m4/acx_64bit.m4 +++ b/SoftHSMv2/m4/acx_64bit.m4 @@ -7,23 +7,42 @@ AC_DEFUN([ACX_64BIT],[ if test "x$enable_64bit" = "xyes" then - AC_MSG_CHECKING(if we can compile in 64-bit mode) tmp_CFLAGS=$CFLAGS CFLAGS="-m64" - AC_RUN_IFELSE( - [ + AC_CACHE_CHECK([if we can compile in 64-bit mode], [acx_cv_prog_cc_64bit],[ + acx_cv_prog_cc_64bit=no + AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([],[return sizeof(void*) == 8 ? 0 : 1;]) ], [ - AC_MSG_RESULT(yes) - CXXFLAGS="-m64 $CXXFLAGS" - LDFLAGS="-m64 $LDFLAGS" - CFLAGS="-m64 $tmp_CFLAGS" - ],[ - AC_MSG_RESULT(no) - AC_MSG_ERROR([Don't know how to compile in 64-bit mode.]) - CFLAGS=$tmp_CFLAGS - ] - ) + acx_cv_prog_cc_64bit=yes + ]) + ]) + + if test "x$acx_cv_prog_cc_64bit" = xyes; then + AC_MSG_CHECKING([if we can run 64-bit programs]) + AC_CACHE_VAL([acx_cv_sys_64bit],[ + acx_cv_sys_64bit=no + AC_RUN_IFELSE([ + AC_LANG_PROGRAM([],[return sizeof(void*) == 8 ? 0 : 1;]) + ], [ + AC_MSG_RESULT(yes) + acx_cv_sys_64bit=yes + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([Don't know how to compile in 64-bit mode.]) + CFLAGS=$tmp_CFLAGS + ],[ + AC_MSG_WARN([Cannot test, assuming 64-bit]) + acx_cv_sys_64bit=yes + ]) + ]) + + CXXFLAGS="-m64 $CXXFLAGS" + LDFLAGS="-m64 $LDFLAGS" + CFLAGS="-m64 $tmp_CFLAGS" + else + CFLAGS=$tmp_CFLAGS + fi fi ]) diff --git a/SoftHSMv2/m4/acx_botan.m4 b/SoftHSMv2/m4/acx_botan.m4 index ed93786..346a180 100644 --- a/SoftHSMv2/m4/acx_botan.m4 +++ b/SoftHSMv2/m4/acx_botan.m4 @@ -1,39 +1,64 @@ AC_DEFUN([ACX_BOTAN],[ + WITH_BOTAN= AC_ARG_WITH(botan, AC_HELP_STRING([--with-botan=PATH],[Specify prefix of path of Botan]), [ BOTAN_PATH="$withval" + WITH_BOTAN=1 ], [ BOTAN_PATH="/usr/local" ]) - BOTAN_VERSION_MAJOR=2 - BOTAN_VERSION_MINOR=0 - AC_CHECK_FILE($BOTAN_PATH/include/botan-2/botan/version.h, - BOTAN_VERSION_MAJOR=2 - BOTAN_VERSION_MINOR=0, - AC_CHECK_FILE($BOTAN_PATH/include/botan-1.11/botan/version.h, - BOTAN_VERSION_MAJOR=1 - BOTAN_VERSION_MINOR=11, - AC_CHECK_FILE($BOTAN_PATH/include/botan-1.10/botan/version.h, - BOTAN_VERSION_MAJOR=1 - BOTAN_VERSION_MINOR=10, - AC_MSG_ERROR([Cannot find Botan includes])))) - AC_MSG_CHECKING(what are the Botan includes) - if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then - BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-2" + if test -n "${PKG_CONFIG}" && test -z "${WITH_BOTAN}"; then + PKG_CHECK_MODULES([BOTAN], [botan-2 >= $1.$2.$3], [ + BOTAN_VERSION_MAJOR=2 + BOTAN_VERSION_MINOR=0 + ],[ + PKG_CHECK_MODULES([BOTAN], [botan-1.11 >= $1.$2.$3], [ + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=11 + ],[ + PKG_CHECK_MODULES([BOTAN], [botan-1.10 >= $1.$2.$3], [ + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=10 + ],[ + AC_MSG_ERROR([Cannot find Botan]) + ]) + ]) + ]) else - BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-1.$BOTAN_VERSION_MINOR" + BOTAN_VERSION_MAJOR=2 + BOTAN_VERSION_MINOR=0 + if test -f "$BOTAN_PATH/include/botan-2/botan/version.h"; then + BOTAN_VERSION_MAJOR=2 + BOTAN_VERSION_MINOR=0 + elif test -f "$BOTAN_PATH/include/botan-1.11/botan/version.h"; then + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=11 + elif test -f "$BOTAN_PATH/include/botan-1.10/botan/version.h"; then + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=10 + else + AC_MSG_ERROR([Cannot find Botan includes]) + fi + + if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then + BOTAN_CFLAGS="-I$BOTAN_PATH/include/botan-2" + BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-2" + else + BOTAN_CFLAGS="-I$BOTAN_PATH/include/botan-1.$BOTAN_VERSION_MINOR" + BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-1.$BOTAN_VERSION_MINOR" + fi + + AC_SUBST(BOTAN_CFLAGS) + AC_SUBST(BOTAN_LIBS) fi - AC_MSG_RESULT($BOTAN_INCLUDES) + + AC_MSG_CHECKING(what are the Botan includes) + AC_MSG_RESULT($BOTAN_CFLAGS) AC_MSG_CHECKING(what are the Botan libs) - if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then - BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-2" - else - BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-1.$BOTAN_VERSION_MINOR" - fi AC_MSG_RESULT($BOTAN_LIBS) if test "x${BOTAN_VERSION_MAJOR}" != "x1" -o "x${BOTAN_VERSION_MINOR}" != "x10"; then @@ -43,7 +68,7 @@ AC_DEFUN([ACX_BOTAN],[ tmp_CPPFLAGS=$CPPFLAGS tmp_LIBS=$LIBS - CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES" + CPPFLAGS="$CPPFLAGS $BOTAN_CFLAGS" LIBS="$LIBS $BOTAN_LIBS" AC_LANG_PUSH([C++]) @@ -65,8 +90,6 @@ AC_DEFUN([ACX_BOTAN],[ CPPFLAGS=$tmp_CPPFLAGS LIBS=$tmp_LIBS - AC_SUBST(BOTAN_INCLUDES) - AC_SUBST(BOTAN_LIBS) AC_SUBST(BOTAN_VERSION_MAJOR) AC_SUBST(BOTAN_VERSION_MINOR) ]) diff --git a/SoftHSMv2/m4/acx_botan_aes_gcm.m4 b/SoftHSMv2/m4/acx_botan_aes_gcm.m4 index d52c9cb..4873e30 100644 --- a/SoftHSMv2/m4/acx_botan_aes_gcm.m4 +++ b/SoftHSMv2/m4/acx_botan_aes_gcm.m4 @@ -8,29 +8,35 @@ AC_DEFUN([ACX_BOTAN_AES_GCM],[ LIBS="$CRYPTO_LIBS $LIBS" AC_LANG_PUSH([C++]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <botan/botan.h> - #include <botan/version.h> - int main() - { - using namespace Botan; + AC_CACHE_VAL([acx_cv_lib_botan_aes_gcm_support],[ + acx_cv_lib_botan_aes_gcm_support=no + AC_COMPILE_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/botan.h> + #include <botan/version.h> + int main() + { + using namespace Botan; #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) - return 0; + return 0; +#else +#error "Botan too old" #endif - return 1; - } - ]]) - ],[ - AC_MSG_RESULT([Found AES GCM]) - AC_DEFINE([WITH_AES_GCM], [1], - [Compile with AES GCM]) - ],[ - AC_MSG_RESULT([Cannot find AES GCM support, upgrade to Botan >= v2.0.0]) - + } + ]]) + ],[ + AC_MSG_RESULT([Found AES GCM]) + acx_cv_lib_botan_aes_gcm_support=yes + ],[ + AC_MSG_RESULT([Cannot find AES GCM support, upgrade to Botan >= v2.0.0]) + ]) ]) AC_LANG_POP([C++]) + if test "x$acx_cv_lib_botan_aes_gcm_support" = xyes; then + AC_DEFINE([WITH_AES_GCM], [1], + [Compile with AES GCM]) + fi CPPFLAGS=$tmp_CPPFLAGS LIBS=$tmp_LIBS diff --git a/SoftHSMv2/m4/acx_botan_ecc.m4 b/SoftHSMv2/m4/acx_botan_ecc.m4 index 9bce21d..1dd067e 100644 --- a/SoftHSMv2/m4/acx_botan_ecc.m4 +++ b/SoftHSMv2/m4/acx_botan_ecc.m4 @@ -8,42 +8,49 @@ AC_DEFUN([ACX_BOTAN_ECC],[ LIBS="$CRYPTO_LIBS $LIBS" AC_LANG_PUSH([C++]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <botan/init.h> - #include <botan/ec_group.h> - #include <botan/oids.h> - #include <botan/version.h> - int main() - { - Botan::LibraryInitializer::initialize(); - const std::string name("secp256r1"); - const Botan::OID oid(Botan::OIDS::lookup(name)); - const Botan::EC_Group ecg(oid); - try { + AC_CACHE_VAL([acx_cv_lib_botan_ecc_support],[ + acx_cv_lib_botan_ecc_support=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/init.h> + #include <botan/ec_group.h> + #include <botan/oids.h> + #include <botan/version.h> + int main() + { + Botan::LibraryInitializer::initialize(); + const std::string name("secp256r1"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const std::vector<Botan::byte> der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); + const std::vector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); #else - const Botan::SecureVector<Botan::byte> der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::SecureVector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); #endif - } catch(...) { - return 1; + } catch(...) { + return 1; + } + return 0; } - return 0; - } - ]]) - ],[ - AC_MSG_RESULT([Found P256]) - ],[ - AC_MSG_RESULT([Cannot find P256]) - AC_MSG_ERROR([ + ]]) + ],[ + AC_MSG_RESULT([Found P256]) + acx_cv_lib_botan_ecc_support=yes + ],[ + AC_MSG_RESULT([Cannot find P256]) + AC_MSG_ERROR([ Botan library has no valid ECC support. Please upgrade to a later version of Botan, above or including version 1.10.6 or 1.11.5. Alternatively disable ECC support in SoftHSM with --disable-ecc ]) - ],[]) + ],[ + AC_MSG_WARN([Cannot test, assuming P256]) + acx_cv_lib_botan_ecc_support=yes + ]) + ]) AC_LANG_POP([C++]) CPPFLAGS=$tmp_CPPFLAGS diff --git a/SoftHSMv2/m4/acx_botan_eddsa.m4 b/SoftHSMv2/m4/acx_botan_eddsa.m4 new file mode 100644 index 0000000..88090b7 --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_eddsa.m4 @@ -0,0 +1,49 @@ +AC_DEFUN([ACX_BOTAN_EDDSA],[ + AC_MSG_CHECKING(for Botan EDDSA support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_CACHE_VAL([acx_cv_lib_botan_eddsa_support],[ + acx_cv_lib_botan_eddsa_support=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/init.h> + #include <botan/ed25519.h> + #include <botan/version.h> + int main() + { + Botan::secure_vector<uint8_t> k(32); + try { + Botan::Ed25519_PrivateKey* key = + new Botan::Ed25519_PrivateKey(k); + } catch(...) { + return 1; + } + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found Ed25519]) + acx_cv_lib_botan_eddsa_support=yes + ],[ + AC_MSG_RESULT([Cannot find Ed25519]) + AC_MSG_ERROR([ +Botan library has no valid EDDSA support. Please upgrade to a later version +of Botan with EDDSA support. +Alternatively disable EDDSA support in SoftHSM with --disable-eddsa +]) + ],[ + AC_MSG_WARN([Cannot test, assuming EDDSA]) + acx_cv_lib_botan_eddsa_support=yes + ]) + ]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_gnump.m4 b/SoftHSMv2/m4/acx_botan_gnump.m4 index d15859a..28272ab 100644 --- a/SoftHSMv2/m4/acx_botan_gnump.m4 +++ b/SoftHSMv2/m4/acx_botan_gnump.m4 @@ -2,7 +2,7 @@ AC_DEFUN([ACX_BOTAN_GNUMP],[ tmp_CPPFLAGS=$CPPFLAGS tmp_LIBS=$LIBS - CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES" + CPPFLAGS="$CPPFLAGS $BOTAN_CFLAGS" LIBS="$LIBS $BOTAN_LIBS" AC_LANG_PUSH([C++]) diff --git a/SoftHSMv2/m4/acx_botan_gost.m4 b/SoftHSMv2/m4/acx_botan_gost.m4 index 3720f4a..ba4c334 100644 --- a/SoftHSMv2/m4/acx_botan_gost.m4 +++ b/SoftHSMv2/m4/acx_botan_gost.m4 @@ -8,43 +8,50 @@ AC_DEFUN([ACX_BOTAN_GOST],[ LIBS="$CRYPTO_LIBS $LIBS" AC_LANG_PUSH([C++]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <botan/init.h> - #include <botan/gost_3410.h> - #include <botan/oids.h> - #include <botan/version.h> - int main() - { - Botan::LibraryInitializer::initialize(); - const std::string name("gost_256A"); - const Botan::OID oid(Botan::OIDS::lookup(name)); - const Botan::EC_Group ecg(oid); - try { + AC_CACHE_VAL([acx_cv_lib_botan_gost_support],[ + acx_cv_lib_botan_gost_support=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/init.h> + #include <botan/gost_3410.h> + #include <botan/oids.h> + #include <botan/version.h> + int main() + { + Botan::LibraryInitializer::initialize(); + const std::string name("gost_256A"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const std::vector<Botan::byte> der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); + const std::vector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); #else - const Botan::SecureVector<Botan::byte> der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::SecureVector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); #endif - } catch(...) { - return 1; - } + } catch(...) { + return 1; + } - return 0; - } - ]]) - ],[ - AC_MSG_RESULT([Found GOST]) - ],[ - AC_MSG_RESULT([Cannot find GOST]) - AC_MSG_ERROR([ + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found GOST]) + acx_cv_lib_botan_gost_support=yes + ],[ + AC_MSG_RESULT([Cannot find GOST]) + AC_MSG_ERROR([ Botan library has no valid GOST support. Please upgrade to a later version of Botan, above or including version 1.10.6 or 1.11.5. Alternatively disable GOST support in SoftHSM with --disable-gost ]) - ],[]) + ],[ + AC_MSG_WARN([Cannot test, assuming GOST]) + acx_cv_lib_botan_gost_support=yes + ]) + ]) AC_LANG_POP([C++]) CPPFLAGS=$tmp_CPPFLAGS diff --git a/SoftHSMv2/m4/acx_botan_rawpss.m4 b/SoftHSMv2/m4/acx_botan_rawpss.m4 index 018e324..92b56ff 100644 --- a/SoftHSMv2/m4/acx_botan_rawpss.m4 +++ b/SoftHSMv2/m4/acx_botan_rawpss.m4 @@ -8,29 +8,35 @@ AC_DEFUN([ACX_BOTAN_RAWPSS],[ LIBS="$CRYPTO_LIBS $LIBS" AC_LANG_PUSH([C++]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <botan/botan.h> - #include <botan/version.h> - int main() - { - using namespace Botan; + AC_CACHE_VAL([acx_cv_lib_botan_raw_pss_support],[ + acx_cv_lib_botan_raw_pss_support=no + AC_COMPILE_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/botan.h> + #include <botan/version.h> + int main() + { + using namespace Botan; #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0) - return 0; + return 0; +#else +#error "Botan too old" #endif - return 1; - } - ]]) - ],[ - AC_MSG_RESULT([Found raw PSS]) - AC_DEFINE([WITH_RAW_PSS], [1], - [Compile with raw RSA PKCS PSS]) - ],[ - AC_MSG_RESULT([Cannot find raw PSS support, upgrade to Botan >= v2.3.0]) - + } + ]]) + ],[ + AC_MSG_RESULT([Found raw PSS]) + acx_cv_lib_botan_raw_pss_support=yes + ],[ + AC_MSG_RESULT([Cannot find raw PSS support, upgrade to Botan >= v2.3.0]) + ]) ]) AC_LANG_POP([C++]) + if test "x$acx_cv_lib_botan_raw_pss_support" = xyes; then + AC_DEFINE([WITH_RAW_PSS], [1], + [Compile with raw RSA PKCS PSS]) + fi CPPFLAGS=$tmp_CPPFLAGS LIBS=$tmp_LIBS diff --git a/SoftHSMv2/m4/acx_cppunit.m4 b/SoftHSMv2/m4/acx_cppunit.m4 index 2720d81..1e04244 100644 --- a/SoftHSMv2/m4/acx_cppunit.m4 +++ b/SoftHSMv2/m4/acx_cppunit.m4 @@ -1,21 +1,15 @@ AC_DEFUN([ACX_CPPUNIT],[ AC_PATH_PROG([CPPUNIT_CONFIG], [cppunit-config]) - AC_PATH_PROG([PKG_CONFIG], [pkg-config]) - if test -n "${CPPUNIT_CONFIG}"; then + if test -n "${PKG_CONFIG}"; then + PKG_CHECK_MODULES([CPPUNIT], [cppunit], [], [:]) + elif test -n "${CPPUNIT_CONFIG}"; then AC_MSG_CHECKING([cppunit cflags]) CPPUNIT_CFLAGS=`${CPPUNIT_CONFIG} --cflags` AC_MSG_RESULT([${CPPUNIT_CFLAGS}]) AC_MSG_CHECKING([cppunit libs]) CPPUNIT_LIBS=`${CPPUNIT_CONFIG} --libs` AC_MSG_RESULT([${CPPUNIT_LIBS}]) - elif test -n "${PKG_CONFIG}"; then - AC_MSG_CHECKING([cppunit cflags]) - CPPUNIT_CFLAGS=`${PKG_CONFIG} cppunit --cflags` - AC_MSG_RESULT([${CPPUNIT_CFLAGS}]) - AC_MSG_CHECKING([cppunit libs]) - CPPUNIT_LIBS=`${PKG_CONFIG} cppunit --libs` - AC_MSG_RESULT([${CPPUNIT_LIBS}]) + AC_SUBST([CPPUNIT_CFLAGS]) + AC_SUBST([CPPUNIT_LIBS]) fi - AC_SUBST([CPPUNIT_CFLAGS]) - AC_SUBST([CPPUNIT_LIBS]) ]) diff --git a/SoftHSMv2/m4/acx_crypto_backend.m4 b/SoftHSMv2/m4/acx_crypto_backend.m4 index c860c89..f815bcd 100644 --- a/SoftHSMv2/m4/acx_crypto_backend.m4 +++ b/SoftHSMv2/m4/acx_crypto_backend.m4 @@ -42,6 +42,28 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[ fi AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"]) + # Add Eddsa check + + AC_ARG_ENABLE(eddsa, + AC_HELP_STRING([--enable-eddsa], + [Enable support for EDDSA (default disabled)] + ), + [enable_eddsa="${enableval}"], + [enable_eddsa="no"] + ) + AC_MSG_CHECKING(for EDDSA support) + if test "x${enable_eddsa}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [WITH_EDDSA], + [], + [Compile with EDDSA support] + ) + else + AC_MSG_RESULT(no) + fi + AM_CONDITIONAL([WITH_EDDSA], [test "x${enable_eddsa}" = "xyes"]) + # Second check for the FIPS 140-2 mode AC_ARG_ENABLE(fips, @@ -92,6 +114,10 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[ ACX_OPENSSL_ECC fi + if test "x${enable_eddsa}" = "xyes"; then + ACX_OPENSSL_EDDSA + fi + if test "x${enable_gost}" = "xyes"; then if test "x${enable_fips}" = "xyes"; then AC_MSG_ERROR([GOST is not FIPS approved]) @@ -126,13 +152,17 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[ ACX_BOTAN(1,10,0) - CRYPTO_INCLUDES=$BOTAN_INCLUDES + CRYPTO_INCLUDES=$BOTAN_CFLAGS CRYPTO_LIBS=$BOTAN_LIBS if test "x${enable_ecc}" = "xyes"; then ACX_BOTAN_ECC fi + if test "x${enable_eddsa}" = "xyes"; then + ACX_BOTAN_EDDSA + fi + if test "x${enable_fips}" = "xyes"; then AC_MSG_ERROR([Botan does not support FIPS 140-2 mode]) fi diff --git a/SoftHSMv2/m4/acx_openssl.m4 b/SoftHSMv2/m4/acx_openssl.m4 index e90c78f..2f1adad 100644 --- a/SoftHSMv2/m4/acx_openssl.m4 +++ b/SoftHSMv2/m4/acx_openssl.m4 @@ -2,18 +2,19 @@ AC_DEFUN([ACX_OPENSSL],[ AC_ARG_WITH(openssl, AC_HELP_STRING([--with-openssl=PATH],[Specify prefix of path of OpenSSL]), [ - OPENSSL_PATH="$withval" + OPENSSL_INCLUDES="-I$withval/include" + OPENSSL_LIBDIRS="-L$withval/lib" ], [ - OPENSSL_PATH="/usr/local" + OPENSSL_INCLUDES="" + OPENSSL_LIBDIRS="" ]) AC_MSG_CHECKING(what are the OpenSSL includes) - OPENSSL_INCLUDES="-I$OPENSSL_PATH/include" AC_MSG_RESULT($OPENSSL_INCLUDES) AC_MSG_CHECKING(what are the OpenSSL libs) - OPENSSL_LIBS="-L$OPENSSL_PATH/lib -lcrypto" + OPENSSL_LIBS="$OPENSSL_LIBDIRS -lcrypto" AC_MSG_RESULT($OPENSSL_LIBS) tmp_CPPFLAGS=$CPPFLAGS @@ -28,28 +29,32 @@ AC_DEFUN([ACX_OPENSSL],[ AC_MSG_CHECKING([for OpenSSL version]) CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) AC_LANG_PUSH([C]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <openssl/ssl.h> - #include <openssl/opensslv.h> - int main() - { - #ifndef OPENSSL_VERSION_NUMBER - return -1; - #endif - #if OPENSSL_VERSION_NUMBER >= $CHECK_OPENSSL_VERSION - return 0; - #else - return 1; - #endif - } - ]]) - ],[ - AC_MSG_RESULT([>= $1.$2.$3]) - ],[ - AC_MSG_RESULT([< $1.$2.$3]) - AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) - ],[]) + AC_CACHE_VAL([acx_cv_lib_openssl_sufficient],[ + acx_cv_lib_openssl_sufficient=no + AC_COMPILE_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/ssl.h> + #include <openssl/opensslv.h> + int main() + { + #ifndef OPENSSL_VERSION_NUMBER + #error "OpenSSL version undefined" + #endif + #if OPENSSL_VERSION_NUMBER >= $CHECK_OPENSSL_VERSION + return 0; + #else + #error "OpenSSL too old" + #endif + } + ]]) + ],[ + AC_MSG_RESULT([>= $1.$2.$3]) + acx_cv_lib_openssl_sufficient=yes + ],[ + AC_MSG_RESULT([< $1.$2.$3]) + AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) + ]) + ]) AC_LANG_POP([C]) CPPFLAGS=$tmp_CPPFLAGS diff --git a/SoftHSMv2/m4/acx_openssl_ecc.m4 b/SoftHSMv2/m4/acx_openssl_ecc.m4 index 612c505..3ecf7a9 100644 --- a/SoftHSMv2/m4/acx_openssl_ecc.m4 +++ b/SoftHSMv2/m4/acx_openssl_ecc.m4 @@ -8,28 +8,35 @@ AC_DEFUN([ACX_OPENSSL_ECC],[ LIBS="$CRYPTO_LIBS $LIBS" AC_LANG_PUSH([C]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <openssl/ecdsa.h> - #include <openssl/objects.h> - int main() - { - EC_KEY *ec256, *ec384, *ec521; + AC_CACHE_VAL([acx_cv_lib_openssl_ecc_support],[ + acx_cv_lib_openssl_ecc_support=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/ecdsa.h> + #include <openssl/objects.h> + int main() + { + EC_KEY *ec256, *ec384, *ec521; - ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - ec384 = EC_KEY_new_by_curve_name(NID_secp384r1); - ec521 = EC_KEY_new_by_curve_name(NID_secp521r1); - if (ec256 == NULL || ec384 == NULL || ec521 == NULL) - return 1; - return 0; - } - ]]) - ],[ - AC_MSG_RESULT([Found P256, P384, and P521]) - ],[ - AC_MSG_RESULT([Cannot find P256, P384, or P521]) - AC_MSG_ERROR([OpenSSL library has no ECC support]) - ],[]) + ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + ec384 = EC_KEY_new_by_curve_name(NID_secp384r1); + ec521 = EC_KEY_new_by_curve_name(NID_secp521r1); + if (ec256 == NULL || ec384 == NULL || ec521 == NULL) + return 1; + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found P256, P384, and P521]) + acx_cv_lib_openssl_ecc_support=yes + ],[ + AC_MSG_RESULT([Cannot find P256, P384, or P521]) + AC_MSG_ERROR([OpenSSL library has no ECC support]) + ],[ + AC_MSG_WARN([Cannot test, assuming P256, P384, and P521]) + acx_cv_lib_openssl_ecc_support=yes + ]) + ]) AC_LANG_POP([C]) CPPFLAGS=$tmp_CPPFLAGS diff --git a/SoftHSMv2/m4/acx_openssl_eddsa.m4 b/SoftHSMv2/m4/acx_openssl_eddsa.m4 new file mode 100644 index 0000000..0b629e2 --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_eddsa.m4 @@ -0,0 +1,68 @@ +AC_DEFUN([ACX_OPENSSL_EDDSA],[ + AC_MSG_CHECKING(for OpenSSL EDDSA support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C]) + AC_CACHE_VAL([acx_cv_lib_openssl_ed25519_support],[ + acx_cv_lib_openssl_ed25519_support=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/evp.h> + #include <openssl/objects.h> + int main() + { + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL); + if (ctx == NULL) + return 1; + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found ED25519]) + acx_cv_lib_openssl_ed25519_support=yes + ],[ + AC_MSG_RESULT([Cannot find ED25519]) + AC_MSG_ERROR([OpenSSL library has no EDDSA support]) + ],[ + AC_MSG_WARN([Cannot test, ED25519]) + acx_cv_lib_openssl_ed25519_support=yes + ]) + ]) + AC_CACHE_VAL([acx_cv_lib_openssl_ed448_support],[ + acx_cv_lib_openssl_ed448_support=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/evp.h> + #include <openssl/objects.h> + int main() + { + EVP_PKEY_CTX *ctx; + + ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL); + if (ctx == NULL) + return 1; + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found ED448]) + acx_cv_lib_openssl_ed448_support=yes + ],[ + AC_MSG_RESULT([Cannot find ED448]) + ],[ + AC_MSG_WARN([Cannot test, ED448]) + acx_cv_lib_openssl_ed448_support=yes + ]) + ]) + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_openssl_fips.m4 b/SoftHSMv2/m4/acx_openssl_fips.m4 index 0491397..a55c209 100644 --- a/SoftHSMv2/m4/acx_openssl_fips.m4 +++ b/SoftHSMv2/m4/acx_openssl_fips.m4 @@ -11,20 +11,27 @@ AC_DEFUN([ACX_OPENSSL_FIPS],[ # "reference the OpenSSL FIPS object module" AC_LANG_PUSH([C]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <openssl/crypto.h> - int main() - { - return !FIPS_mode_set(1); - } - ]]) - ],[ - AC_MSG_RESULT([Found working FIPS_mode_set()]) - ],[ - AC_MSG_RESULT([FIPS_mode_set(1) failed]) - AC_MSG_ERROR([OpenSSL library is not FIPS capable]) - ],[]) + AC_CACHE_VAL([acx_cv_lib_openssl_fips],[ + acx_cv_lib_openssl_fips=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/crypto.h> + int main() + { + return !FIPS_mode_set(1); + } + ]]) + ],[ + AC_MSG_RESULT([Found working FIPS_mode_set()]) + acx_cv_lib_openssl_fips=yes + ],[ + AC_MSG_RESULT([FIPS_mode_set(1) failed]) + AC_MSG_ERROR([OpenSSL library is not FIPS capable]) + ],[ + AC_MSG_WARN([Cannot test, assuming FIPS]) + acx_cv_lib_openssl_fips=yes + ]) + ]) AC_LANG_POP([C]) # build missing fips_premain_dso tool diff --git a/SoftHSMv2/m4/acx_openssl_gost.m4 b/SoftHSMv2/m4/acx_openssl_gost.m4 index dca489b..7deaacb 100644 --- a/SoftHSMv2/m4/acx_openssl_gost.m4 +++ b/SoftHSMv2/m4/acx_openssl_gost.m4 @@ -8,56 +8,63 @@ AC_DEFUN([ACX_OPENSSL_GOST],[ LIBS="$CRYPTO_LIBS $LIBS" AC_LANG_PUSH([C]) - AC_RUN_IFELSE([ - AC_LANG_SOURCE([[ - #include <openssl/engine.h> - #include <openssl/crypto.h> - #include <openssl/opensslv.h> - int main() - { - ENGINE* eg; - const EVP_MD* EVP_GOST_34_11; + AC_CACHE_VAL([acx_cv_lib_openssl_gost_support],[ + acx_cv_lib_openssl_gost_support=no + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/engine.h> + #include <openssl/crypto.h> + #include <openssl/opensslv.h> + int main() + { + ENGINE* eg; + const EVP_MD* EVP_GOST_34_11; - /* Initialise OpenSSL */ - OpenSSL_add_all_algorithms(); + /* Initialise OpenSSL */ + OpenSSL_add_all_algorithms(); - /* Load engines */ - #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - ENGINE_load_builtin_engines(); - #else - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL); - #endif + /* Load engines */ + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ENGINE_load_builtin_engines(); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL); + #endif - /* Initialise the GOST engine */ - eg = ENGINE_by_id("gost"); - if (eg == NULL) - return 1; - if (ENGINE_init(eg) <= 0) - return 1; + /* Initialise the GOST engine */ + eg = ENGINE_by_id("gost"); + if (eg == NULL) + return 1; + if (ENGINE_init(eg) <= 0) + return 1; - /* better than digest_gost */ - EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94); - if (EVP_GOST_34_11 == NULL) - return 1; + /* better than digest_gost */ + EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94); + if (EVP_GOST_34_11 == NULL) + return 1; - /* from the openssl.cnf */ - if (ENGINE_register_pkey_asn1_meths(eg) <= 0) - return 1; - if (ENGINE_ctrl_cmd_string(eg, - "CRYPT_PARAMS", - "id-Gost28147-89-CryptoPro-A-ParamSet", - 0) <= 0) - return 1; + /* from the openssl.cnf */ + if (ENGINE_register_pkey_asn1_meths(eg) <= 0) + return 1; + if (ENGINE_ctrl_cmd_string(eg, + "CRYPT_PARAMS", + "id-Gost28147-89-CryptoPro-A-ParamSet", + 0) <= 0) + return 1; - return 0; - } - ]]) - ],[ - AC_MSG_RESULT([Found GOST engine]) - ],[ - AC_MSG_RESULT([Cannot find GOST engine]) - AC_MSG_ERROR([OpenSSL library has no GOST support]) - ],[]) + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found GOST engine]) + acx_cv_lib_openssl_gost_support=yes + ],[ + AC_MSG_RESULT([Cannot find GOST engine]) + AC_MSG_ERROR([OpenSSL library has no GOST support]) + ],[ + AC_MSG_WARN([Cannot test, assuming GOST engine]) + acx_cv_lib_openssl_gost_support=yes + ]) + ]) AC_LANG_POP([C]) CPPFLAGS=$tmp_CPPFLAGS diff --git a/SoftHSMv2/m4/acx_p11kit.m4 b/SoftHSMv2/m4/acx_p11kit.m4 index 20c7b7e..9545e7e 100644 --- a/SoftHSMv2/m4/acx_p11kit.m4 +++ b/SoftHSMv2/m4/acx_p11kit.m4 @@ -17,9 +17,8 @@ AC_DEFUN([ACX_P11KIT],[ if test "x${enable_p11kit}" = "xyes"; then AC_MSG_RESULT(yes) if test "x${P11KIT_PATH}" = "x"; then - AC_PATH_PROG(PKGCONFIG, [pkg-config]) - if test "x${PKGCONFIG}" != "x" && ${PKGCONFIG} --exists p11-kit-1; then - P11KIT_PATH=`${PKGCONFIG} --variable=p11_module_configs p11-kit-1` + if test "x${PKG_CONFIG}" != "x" && ${PKG_CONFIG} --exists p11-kit-1; then + P11KIT_PATH=`${PKG_CONFIG} --variable=p11_module_configs p11-kit-1` fi fi AC_MSG_CHECKING(where to install the p11-kit module) diff --git a/SoftHSMv2/m4/acx_sqlite3.m4 b/SoftHSMv2/m4/acx_sqlite3.m4 index cf829b7..fd942a7 100644 --- a/SoftHSMv2/m4/acx_sqlite3.m4 +++ b/SoftHSMv2/m4/acx_sqlite3.m4 @@ -2,11 +2,13 @@ AC_DEFUN([ACX_SQLITE3],[ AC_ARG_WITH(sqlite3, AC_HELP_STRING([--with-sqlite3=PATH],[Specify prefix of path of SQLite3]), [ - SQLITE3_PATH="$withval" + SQLITE3_INCLUDES="-I$withval/include" + SQLITE3_LIBDIRS="-L$withval/lib" AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $withval/bin) ],[ - SQLITE3_PATH="/usr/local" + SQLITE3_INCLUDES="" + SQLITE3_LIBDIRS="" AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $PATH) ]) @@ -16,11 +18,10 @@ AC_DEFUN([ACX_SQLITE3],[ fi AC_MSG_CHECKING(what are the SQLite3 includes) - SQLITE3_INCLUDES="-I$SQLITE3_PATH/include" AC_MSG_RESULT($SQLITE3_INCLUDES) AC_MSG_CHECKING(what are the SQLite3 libs) - SQLITE3_LIBS="-L$SQLITE3_PATH/lib -lsqlite3" + SQLITE3_LIBS="$SQLITE3_LIBDIRS -lsqlite3" AC_MSG_RESULT($SQLITE3_LIBS) tmp_CPPFLAGS=$CPPFLAGS |