diff options
Diffstat (limited to 'SoftHSMv2/m4')
25 files changed, 1169 insertions, 0 deletions
diff --git a/SoftHSMv2/m4/acx_64bit.m4 b/SoftHSMv2/m4/acx_64bit.m4 new file mode 100644 index 0000000..f610b21 --- /dev/null +++ b/SoftHSMv2/m4/acx_64bit.m4 @@ -0,0 +1,29 @@ +AC_DEFUN([ACX_64BIT],[ + AC_ARG_ENABLE( + [64bit], + [AS_HELP_STRING([--enable-64bit],[enable 64-bit compiling @<:@disabled@:>@])], + [enable_64bit="${enableval}"], + [enable_64bit="no"]) + + if test "x$enable_64bit" = "xyes" + then + AC_MSG_CHECKING(if we can compile in 64-bit mode) + tmp_CFLAGS=$CFLAGS + CFLAGS="-m64" + AC_RUN_IFELSE( + [ + AC_LANG_PROGRAM([],[return sizeof(void*) == 8 ? 0 : 1;]) + ], [ + AC_MSG_RESULT(yes) + CXXFLAGS="-m64 $CXXFLAGS" + LDFLAGS="-m64 $LDFLAGS" + CFLAGS="-m64 $tmp_CFLAGS" + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([Don't know how to compile in 64-bit mode.]) + CFLAGS=$tmp_CFLAGS + ] + ) + fi + +]) diff --git a/SoftHSMv2/m4/acx_botan.m4 b/SoftHSMv2/m4/acx_botan.m4 new file mode 100644 index 0000000..ed93786 --- /dev/null +++ b/SoftHSMv2/m4/acx_botan.m4 @@ -0,0 +1,72 @@ +AC_DEFUN([ACX_BOTAN],[ + AC_ARG_WITH(botan, + AC_HELP_STRING([--with-botan=PATH],[Specify prefix of path of Botan]), + [ + BOTAN_PATH="$withval" + ], + [ + BOTAN_PATH="/usr/local" + ]) + + BOTAN_VERSION_MAJOR=2 + BOTAN_VERSION_MINOR=0 + AC_CHECK_FILE($BOTAN_PATH/include/botan-2/botan/version.h, + BOTAN_VERSION_MAJOR=2 + BOTAN_VERSION_MINOR=0, + AC_CHECK_FILE($BOTAN_PATH/include/botan-1.11/botan/version.h, + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=11, + AC_CHECK_FILE($BOTAN_PATH/include/botan-1.10/botan/version.h, + BOTAN_VERSION_MAJOR=1 + BOTAN_VERSION_MINOR=10, + AC_MSG_ERROR([Cannot find Botan includes])))) + AC_MSG_CHECKING(what are the Botan includes) + if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then + BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-2" + else + BOTAN_INCLUDES="-I$BOTAN_PATH/include/botan-1.$BOTAN_VERSION_MINOR" + fi + AC_MSG_RESULT($BOTAN_INCLUDES) + + AC_MSG_CHECKING(what are the Botan libs) + if test "x${BOTAN_VERSION_MAJOR}" = "x2"; then + BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-2" + else + BOTAN_LIBS="-L$BOTAN_PATH/lib -lbotan-1.$BOTAN_VERSION_MINOR" + fi + AC_MSG_RESULT($BOTAN_LIBS) + + if test "x${BOTAN_VERSION_MAJOR}" != "x1" -o "x${BOTAN_VERSION_MINOR}" != "x10"; then + AX_CXX_COMPILE_STDCXX_11([noext],[mandatory]) + fi + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES" + LIBS="$LIBS $BOTAN_LIBS" + + AC_LANG_PUSH([C++]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [#include <botan/init.h> + #include <botan/version.h>], + [using namespace Botan; + LibraryInitializer::initialize(); + #if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR($1,$2,$3) + #error "Botan version too old"; + #endif])], + [AC_MSG_RESULT([checking for Botan >= v$1.$2.$3 ... yes])], + [AC_MSG_RESULT([checking for Botan >= v$1.$2.$3 ... no]) + AC_MSG_ERROR([Missing the correct version of the Botan library])] + ) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS + + AC_SUBST(BOTAN_INCLUDES) + AC_SUBST(BOTAN_LIBS) + AC_SUBST(BOTAN_VERSION_MAJOR) + AC_SUBST(BOTAN_VERSION_MINOR) +]) diff --git a/SoftHSMv2/m4/acx_botan_aes_gcm.m4 b/SoftHSMv2/m4/acx_botan_aes_gcm.m4 new file mode 100644 index 0000000..d52c9cb --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_aes_gcm.m4 @@ -0,0 +1,37 @@ +AC_DEFUN([ACX_BOTAN_AES_GCM],[ + AC_MSG_CHECKING(for Botan AES GCM support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/botan.h> + #include <botan/version.h> + int main() + { + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) + return 0; +#endif + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([Found AES GCM]) + AC_DEFINE([WITH_AES_GCM], [1], + [Compile with AES GCM]) + ],[ + AC_MSG_RESULT([Cannot find AES GCM support, upgrade to Botan >= v2.0.0]) + + ]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_ecc.m4 b/SoftHSMv2/m4/acx_botan_ecc.m4 new file mode 100644 index 0000000..9bce21d --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_ecc.m4 @@ -0,0 +1,51 @@ +AC_DEFUN([ACX_BOTAN_ECC],[ + AC_MSG_CHECKING(for Botan ECC support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/init.h> + #include <botan/ec_group.h> + #include <botan/oids.h> + #include <botan/version.h> + int main() + { + Botan::LibraryInitializer::initialize(); + const std::string name("secp256r1"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#else + const Botan::SecureVector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#endif + } catch(...) { + return 1; + } + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found P256]) + ],[ + AC_MSG_RESULT([Cannot find P256]) + AC_MSG_ERROR([ +Botan library has no valid ECC support. Please upgrade to a later version +of Botan, above or including version 1.10.6 or 1.11.5. +Alternatively disable ECC support in SoftHSM with --disable-ecc +]) + ],[]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_gnump.m4 b/SoftHSMv2/m4/acx_botan_gnump.m4 new file mode 100644 index 0000000..d15859a --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_gnump.m4 @@ -0,0 +1,27 @@ +AC_DEFUN([ACX_BOTAN_GNUMP],[ + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $BOTAN_INCLUDES" + LIBS="$LIBS $BOTAN_LIBS" + + AC_LANG_PUSH([C++]) + AC_LINK_IFELSE( + [AC_LANG_PROGRAM( + [#include <botan/build.h>], + [#ifndef BOTAN_HAS_ENGINE_GNU_MP + #error "No GNU MP support"; + #endif])], + [AC_MSG_RESULT([checking for Botan GNU MP support... yes])], + [AC_MSG_RESULT([checking for Botan GNU MP support... no]) + AC_MSG_WARN([ +==================================================== +Botan has not been built with GNU MP (--with-gnump). +This will give negative impact on the performance. +====================================================])] + ) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_gost.m4 b/SoftHSMv2/m4/acx_botan_gost.m4 new file mode 100644 index 0000000..3720f4a --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_gost.m4 @@ -0,0 +1,52 @@ +AC_DEFUN([ACX_BOTAN_GOST],[ + AC_MSG_CHECKING(for Botan GOST support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/init.h> + #include <botan/gost_3410.h> + #include <botan/oids.h> + #include <botan/version.h> + int main() + { + Botan::LibraryInitializer::initialize(); + const std::string name("gost_256A"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); + try { +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::vector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#else + const Botan::SecureVector<Botan::byte> der = + ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); +#endif + } catch(...) { + return 1; + } + + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found GOST]) + ],[ + AC_MSG_RESULT([Cannot find GOST]) + AC_MSG_ERROR([ +Botan library has no valid GOST support. Please upgrade to a later version +of Botan, above or including version 1.10.6 or 1.11.5. +Alternatively disable GOST support in SoftHSM with --disable-gost +]) + ],[]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_rawpss.m4 b/SoftHSMv2/m4/acx_botan_rawpss.m4 new file mode 100644 index 0000000..018e324 --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_rawpss.m4 @@ -0,0 +1,37 @@ +AC_DEFUN([ACX_BOTAN_RAWPSS],[ + AC_MSG_CHECKING(for Botan raw PSS support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C++]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/botan.h> + #include <botan/version.h> + int main() + { + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0) + return 0; +#endif + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([Found raw PSS]) + AC_DEFINE([WITH_RAW_PSS], [1], + [Compile with raw RSA PKCS PSS]) + ],[ + AC_MSG_RESULT([Cannot find raw PSS support, upgrade to Botan >= v2.3.0]) + + ]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_botan_rfc5649.m4 b/SoftHSMv2/m4/acx_botan_rfc5649.m4 new file mode 100644 index 0000000..25a3d26 --- /dev/null +++ b/SoftHSMv2/m4/acx_botan_rfc5649.m4 @@ -0,0 +1,47 @@ +AC_DEFUN([ACX_BOTAN_RFC5649],[ + AC_MSG_CHECKING(for Botan RFC5649 support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_DEFINE([HAVE_AES_KEY_WRAP], [1], + [Define if advanced AES key wrap without pad is supported]) + AC_LANG_PUSH([C++]) + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include <botan/botan.h> + #include <botan/rfc3394.h> + #include <botan/version.h> + int main() + { + using namespace Botan; + +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + secure_vector<byte> key(10); + SymmetricKey kek("AABB"); + secure_vector<byte> x = rfc5649_keywrap(key, kek); +#else + SecureVector<byte> key(10); + SymmetricKey kek("AABB"); + Algorithm_Factory& af = global_state().algorithm_factory(); + SecureVector<byte> x = rfc5649_keywrap(key, kek, af); +#endif + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([Found AES key wrap with pad]) + AC_DEFINE([HAVE_AES_KEY_WRAP_PAD], [1], + [Define if advanced AES key wrap with pad is supported]) + ],[ + AC_MSG_RESULT([Cannot find AES key wrap with pad]) + + ]) + AC_LANG_POP([C++]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_cppunit.m4 b/SoftHSMv2/m4/acx_cppunit.m4 new file mode 100644 index 0000000..2720d81 --- /dev/null +++ b/SoftHSMv2/m4/acx_cppunit.m4 @@ -0,0 +1,21 @@ +AC_DEFUN([ACX_CPPUNIT],[ + AC_PATH_PROG([CPPUNIT_CONFIG], [cppunit-config]) + AC_PATH_PROG([PKG_CONFIG], [pkg-config]) + if test -n "${CPPUNIT_CONFIG}"; then + AC_MSG_CHECKING([cppunit cflags]) + CPPUNIT_CFLAGS=`${CPPUNIT_CONFIG} --cflags` + AC_MSG_RESULT([${CPPUNIT_CFLAGS}]) + AC_MSG_CHECKING([cppunit libs]) + CPPUNIT_LIBS=`${CPPUNIT_CONFIG} --libs` + AC_MSG_RESULT([${CPPUNIT_LIBS}]) + elif test -n "${PKG_CONFIG}"; then + AC_MSG_CHECKING([cppunit cflags]) + CPPUNIT_CFLAGS=`${PKG_CONFIG} cppunit --cflags` + AC_MSG_RESULT([${CPPUNIT_CFLAGS}]) + AC_MSG_CHECKING([cppunit libs]) + CPPUNIT_LIBS=`${PKG_CONFIG} cppunit --libs` + AC_MSG_RESULT([${CPPUNIT_LIBS}]) + fi + AC_SUBST([CPPUNIT_CFLAGS]) + AC_SUBST([CPPUNIT_LIBS]) +]) diff --git a/SoftHSMv2/m4/acx_crypto_backend.m4 b/SoftHSMv2/m4/acx_crypto_backend.m4 new file mode 100644 index 0000000..c860c89 --- /dev/null +++ b/SoftHSMv2/m4/acx_crypto_backend.m4 @@ -0,0 +1,168 @@ +AC_DEFUN([ACX_CRYPTO_BACKEND],[ + + # First check if we want to support ECC and GOST + + AC_ARG_ENABLE(ecc, + AC_HELP_STRING([--enable-ecc], + [Enable support for ECC (default enabled)] + ), + [enable_ecc="${enableval}"], + [enable_ecc="yes"] + ) + AC_MSG_CHECKING(for ECC support) + if test "x${enable_ecc}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [WITH_ECC], + [], + [Compile with ECC support] + ) + else + AC_MSG_RESULT(no) + fi + AM_CONDITIONAL([WITH_ECC], [test "x${enable_ecc}" = "xyes"]) + + AC_ARG_ENABLE(gost, + AC_HELP_STRING([--enable-gost], + [Enable support for GOST (default enabled)] + ), + [enable_gost="${enableval}"], + [enable_gost="yes"] + ) + AC_MSG_CHECKING(for GOST support) + if test "x${enable_gost}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [WITH_GOST], + [], + [Compile with GOST support] + ) + else + AC_MSG_RESULT(no) + fi + AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"]) + + # Second check for the FIPS 140-2 mode + + AC_ARG_ENABLE(fips, + AC_HELP_STRING([--enable-fips], + [Enable support for FIPS 140-2 mode (default disabled)] + ), + [enable_fips="${enableval}"], + [enable_fips="no"] + ) + AC_MSG_CHECKING(for FIPS 140-2 mode) + if test "x${enable_fips}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE_UNQUOTED( + [WITH_FIPS], + [], + [Compile with FIPS 140-2 mode] + ) + else + AC_MSG_RESULT(no) + fi + AM_CONDITIONAL([WITH_GOST], [test "x${enable_fips}" = "xyes"]) + + # Then check what crypto library we want to use + + AC_ARG_WITH(crypto-backend, + AC_HELP_STRING([--with-crypto-backend], + [Select crypto backend (openssl|botan)] + ), + [crypto_backend="${withval}"], + [crypto_backend="openssl"] + ) + + AC_MSG_CHECKING(for crypto backend) + + if test "x${crypto_backend}" = "xopenssl"; then + AC_MSG_RESULT(OpenSSL) + + if test "x${enable_fips}" = "xyes"; then + ACX_OPENSSL(1,0,1) + else + ACX_OPENSSL(1,0,0) + fi + + CRYPTO_INCLUDES=$OPENSSL_INCLUDES + CRYPTO_LIBS=$OPENSSL_LIBS + + if test "x${enable_ecc}" = "xyes"; then + ACX_OPENSSL_ECC + fi + + if test "x${enable_gost}" = "xyes"; then + if test "x${enable_fips}" = "xyes"; then + AC_MSG_ERROR([GOST is not FIPS approved]) + fi + ACX_OPENSSL_GOST + fi + + if test "x${enable_fips}" = "xyes"; then + ACX_OPENSSL_FIPS + else + ACX_OPENSSL_EVPAESWRAP + fi + + AC_DEFINE_UNQUOTED( + [WITH_RAW_PSS], + [1], + [Compile with raw RSA PKCS PSS] + ) + AC_DEFINE_UNQUOTED( + [WITH_AES_GCM], + [1], + [Compile with AES_GCM] + ) + AC_DEFINE_UNQUOTED( + [WITH_OPENSSL], + [], + [Compile with OpenSSL support] + ) + + elif test "x${crypto_backend}" = "xbotan"; then + AC_MSG_RESULT(Botan) + + ACX_BOTAN(1,10,0) + + CRYPTO_INCLUDES=$BOTAN_INCLUDES + CRYPTO_LIBS=$BOTAN_LIBS + + if test "x${enable_ecc}" = "xyes"; then + ACX_BOTAN_ECC + fi + + if test "x${enable_fips}" = "xyes"; then + AC_MSG_ERROR([Botan does not support FIPS 140-2 mode]) + fi + + if test "x${enable_gost}" = "xyes"; then + ACX_BOTAN_GOST + fi + + if test "x${BOTAN_VERSION_MAJOR}" = "x1" -a "x${BOTAN_VERSION_MINOR}" = "x10"; then + ACX_BOTAN_GNUMP + fi + + ACX_BOTAN_RFC5649 + ACX_BOTAN_RAWPSS + ACX_BOTAN_AES_GCM + + AC_DEFINE_UNQUOTED( + [WITH_BOTAN], + [], + [Compile with Botan support] + ) + + else + AC_MSG_RESULT(Unknown) + AC_MSG_ERROR([Crypto backend ${crypto_backend} not supported. Use openssl or botan.]) + fi + + AC_SUBST(CRYPTO_INCLUDES) + AC_SUBST(CRYPTO_LIBS) + AM_CONDITIONAL([WITH_OPENSSL], [test "x${crypto_backend}" = "xopenssl"]) + AM_CONDITIONAL([WITH_BOTAN], [test "x${crypto_backend}" = "xbotan"]) + +]) diff --git a/SoftHSMv2/m4/acx_dlopen.m4 b/SoftHSMv2/m4/acx_dlopen.m4 new file mode 100644 index 0000000..2d67614 --- /dev/null +++ b/SoftHSMv2/m4/acx_dlopen.m4 @@ -0,0 +1,15 @@ +AC_DEFUN([ACX_DLOPEN],[ + AC_CHECK_FUNC(dlopen, [AC_DEFINE(HAVE_DLOPEN,1,[Define if you have dlopen])], + [ + AC_CHECK_LIB([dl],[dlopen], + [AC_DEFINE(HAVE_DLOPEN,1,[Define if you have dlopen]) + LIBS="$LIBS -ldl"], + [AC_CHECK_FUNC(LoadLibrary, + [if test $ac_cv_func_LoadLibrary = yes; then + AC_DEFINE(HAVE_LOADLIBRARY, 1, [Whether LoadLibrary is available]) + fi + ], [AC_MSG_ERROR(No dynamic library loading support)] + )] + ) + ]) +]) diff --git a/SoftHSMv2/m4/acx_non_paged_memory.m4 b/SoftHSMv2/m4/acx_non_paged_memory.m4 new file mode 100644 index 0000000..0253e98 --- /dev/null +++ b/SoftHSMv2/m4/acx_non_paged_memory.m4 @@ -0,0 +1,57 @@ +AC_DEFUN([ACX_NON_PAGED_MEMORY],[ + + AC_ARG_ENABLE(non-paged-memory, + AC_HELP_STRING([--disable-non-paged-memory], + [Disable non-paged memory for secure storage (default enabled)] + ), + [enable_non_paged_memory="${enableval}"], + [enable_non_paged_memory="yes"] + ) + + AC_MSG_CHECKING(for non-paged memory for secure storage) + + if test "x${enable_non_paged_memory}" = "xyes"; then + AC_MSG_RESULT(enabled) + AC_DEFINE_UNQUOTED( + [SENSITIVE_NON_PAGE], + [], + [Non-paged memory for secure storage] + ) + AC_CHECK_HEADERS([sys/mman.h]) + + AC_MSG_CHECKING(the maximum size that may be locked into memory) + MLOCK_SIZE="`ulimit -l`" + AC_MSG_RESULT($MLOCK_SIZE) + + if test "x${MLOCK_SIZE}" != "xunlimited"; then + AC_MSG_WARN([ +====================================================================== +SoftHSM has been configured to store sensitive data in non-page RAM +(i.e. memory that is not swapped out to disk). This is the default and +most secure configuration. Your system, however, is not configured to +support this model in non-privileged accounts (i.e. user accounts). + +You can check the setting on your system by running the following +command in a shell: + + ulimit -l + +If this does not return "unlimited" and you plan to run SoftHSM from +non-privileged accounts then you should edit the configuration file +/etc/security/limits.conf (on most systems). + +You will need to add the following lines to this file: + +#<domain> <type> <item> <value> +* - memlock unlimited + +Alternatively, you can elect to disable this feature of SoftHSM by +re-running configure with the option "--disable-non-paged-memory". +Please be advised that this may seriously degrade the security of +SoftHSM. +======================================================================]) + fi + else + AC_MSG_RESULT(disabled) + fi +]) diff --git a/SoftHSMv2/m4/acx_openssl.m4 b/SoftHSMv2/m4/acx_openssl.m4 new file mode 100644 index 0000000..e90c78f --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl.m4 @@ -0,0 +1,60 @@ +AC_DEFUN([ACX_OPENSSL],[ + AC_ARG_WITH(openssl, + AC_HELP_STRING([--with-openssl=PATH],[Specify prefix of path of OpenSSL]), + [ + OPENSSL_PATH="$withval" + ], + [ + OPENSSL_PATH="/usr/local" + ]) + + AC_MSG_CHECKING(what are the OpenSSL includes) + OPENSSL_INCLUDES="-I$OPENSSL_PATH/include" + AC_MSG_RESULT($OPENSSL_INCLUDES) + + AC_MSG_CHECKING(what are the OpenSSL libs) + OPENSSL_LIBS="-L$OPENSSL_PATH/lib -lcrypto" + AC_MSG_RESULT($OPENSSL_LIBS) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $OPENSSL_INCLUDES" + LIBS="$OPENSSL_LIBS $LIBS" + + AC_CHECK_HEADERS([openssl/ssl.h],,[AC_MSG_ERROR([Can't find OpenSSL headers])]) + AC_CHECK_LIB(crypto, BN_new,,[AC_MSG_ERROR([Can't find OpenSSL library])]) + + AC_MSG_CHECKING([for OpenSSL version]) + CHECK_OPENSSL_VERSION=m4_format(0x%02x%02x%02x000L, $1, $2, $3) + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/ssl.h> + #include <openssl/opensslv.h> + int main() + { + #ifndef OPENSSL_VERSION_NUMBER + return -1; + #endif + #if OPENSSL_VERSION_NUMBER >= $CHECK_OPENSSL_VERSION + return 0; + #else + return 1; + #endif + } + ]]) + ],[ + AC_MSG_RESULT([>= $1.$2.$3]) + ],[ + AC_MSG_RESULT([< $1.$2.$3]) + AC_MSG_ERROR([OpenSSL library too old ($1.$2.$3 or later required)]) + ],[]) + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS + + AC_SUBST(OPENSSL_INCLUDES) + AC_SUBST(OPENSSL_LIBS) +]) diff --git a/SoftHSMv2/m4/acx_openssl_ecc.m4 b/SoftHSMv2/m4/acx_openssl_ecc.m4 new file mode 100644 index 0000000..612c505 --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_ecc.m4 @@ -0,0 +1,37 @@ +AC_DEFUN([ACX_OPENSSL_ECC],[ + AC_MSG_CHECKING(for OpenSSL ECC support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/ecdsa.h> + #include <openssl/objects.h> + int main() + { + EC_KEY *ec256, *ec384, *ec521; + + ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + ec384 = EC_KEY_new_by_curve_name(NID_secp384r1); + ec521 = EC_KEY_new_by_curve_name(NID_secp521r1); + if (ec256 == NULL || ec384 == NULL || ec521 == NULL) + return 1; + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found P256, P384, and P521]) + ],[ + AC_MSG_RESULT([Cannot find P256, P384, or P521]) + AC_MSG_ERROR([OpenSSL library has no ECC support]) + ],[]) + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_openssl_fips.m4 b/SoftHSMv2/m4/acx_openssl_fips.m4 new file mode 100644 index 0000000..0491397 --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_fips.m4 @@ -0,0 +1,50 @@ +AC_DEFUN([ACX_OPENSSL_FIPS],[ + AC_MSG_CHECKING(for OpenSSL FIPS capable library) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + # check whether we can build an application which can + # "reference the OpenSSL FIPS object module" + + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/crypto.h> + int main() + { + return !FIPS_mode_set(1); + } + ]]) + ],[ + AC_MSG_RESULT([Found working FIPS_mode_set()]) + ],[ + AC_MSG_RESULT([FIPS_mode_set(1) failed]) + AC_MSG_ERROR([OpenSSL library is not FIPS capable]) + ],[]) + AC_LANG_POP([C]) + + # build missing fips_premain_dso tool + + if test "x${FIPSLD_CC}" != "x"; then + THERE="`echo $CC | sed -e 's|[[^/]]*$||'`".. + if test "x${FIPSLIBDIR}" != "x"; then + PREMAIN_C="${FIPSLIBDIR}/fips_premain.c" + elif test -f "${THERE}/fips/fips_premain.c"; then + PREMAIN_C="${THERE}/fips/fips_premain.c" + elif test -f "${THERE}/lib/fips_premain.c"; then + PREMAIN_C="${THERE}/lib/fips_premain.c" + else + AC_MSG_WARN([can't find fips_premain.c]) + fi + + $FIPSLD_CC $CPPFLAGS -DFINGERPRINT_PREMAIN_DSO_LOAD \ + -o src/lib/fips_premain_dso $PREMAIN_C $LIBS + fi + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_openssl_gost.m4 b/SoftHSMv2/m4/acx_openssl_gost.m4 new file mode 100644 index 0000000..dca489b --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_gost.m4 @@ -0,0 +1,65 @@ +AC_DEFUN([ACX_OPENSSL_GOST],[ + AC_MSG_CHECKING(for OpenSSL GOST support) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C]) + AC_RUN_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/engine.h> + #include <openssl/crypto.h> + #include <openssl/opensslv.h> + int main() + { + ENGINE* eg; + const EVP_MD* EVP_GOST_34_11; + + /* Initialise OpenSSL */ + OpenSSL_add_all_algorithms(); + + /* Load engines */ + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + ENGINE_load_builtin_engines(); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN | OPENSSL_INIT_LOAD_CONFIG, NULL); + #endif + + /* Initialise the GOST engine */ + eg = ENGINE_by_id("gost"); + if (eg == NULL) + return 1; + if (ENGINE_init(eg) <= 0) + return 1; + + /* better than digest_gost */ + EVP_GOST_34_11 = ENGINE_get_digest(eg, NID_id_GostR3411_94); + if (EVP_GOST_34_11 == NULL) + return 1; + + /* from the openssl.cnf */ + if (ENGINE_register_pkey_asn1_meths(eg) <= 0) + return 1; + if (ENGINE_ctrl_cmd_string(eg, + "CRYPT_PARAMS", + "id-Gost28147-89-CryptoPro-A-ParamSet", + 0) <= 0) + return 1; + + return 0; + } + ]]) + ],[ + AC_MSG_RESULT([Found GOST engine]) + ],[ + AC_MSG_RESULT([Cannot find GOST engine]) + AC_MSG_ERROR([OpenSSL library has no GOST support]) + ],[]) + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_openssl_rfc5649.m4 b/SoftHSMv2/m4/acx_openssl_rfc5649.m4 new file mode 100644 index 0000000..c68a336 --- /dev/null +++ b/SoftHSMv2/m4/acx_openssl_rfc5649.m4 @@ -0,0 +1,51 @@ +AC_DEFUN([ACX_OPENSSL_EVPAESWRAP],[ + AC_MSG_CHECKING(OpenSSL EVP interface for AES key wrapping) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" + LIBS="$CRYPTO_LIBS $LIBS" + + AC_LANG_PUSH([C]) + + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/evp.h> + int main() + { + EVP_aes_128_wrap(); + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([RFC 3394 is supported]) + AC_DEFINE([HAVE_AES_KEY_WRAP], [1], + [Define if advanced AES key wrap without pad is supported in EVP interface]) + ],[ + AC_MSG_RESULT([RFC 3394 is not supported]) + ]) + + AC_MSG_CHECKING(OpenSSL EVP interface for AES key wrapping with pad) + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include <openssl/evp.h> + int main() + { + EVP_aes_128_wrap_pad(); + return 1; + } + ]]) + ],[ + AC_MSG_RESULT([RFC 5649 is supported]) + AC_DEFINE([HAVE_AES_KEY_WRAP_PAD], [1], + [Define if advanced AES key wrap with pad is supported in EVP interface]) + ],[ + AC_MSG_RESULT([RFC 5649 is not supported]) + ]) + + AC_LANG_POP([C]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS +]) diff --git a/SoftHSMv2/m4/acx_p11kit.m4 b/SoftHSMv2/m4/acx_p11kit.m4 new file mode 100644 index 0000000..20c7b7e --- /dev/null +++ b/SoftHSMv2/m4/acx_p11kit.m4 @@ -0,0 +1,36 @@ +AC_DEFUN([ACX_P11KIT],[ + AC_ARG_ENABLE([p11-kit], + AC_HELP_STRING([--enable-p11-kit], + [Enable p11-kit integration (default enabled)] + ), + [enable_p11kit="${enableval}"], + [enable_p11kit="yes"] + ) + + AC_ARG_WITH(p11-kit, + AC_HELP_STRING([--with-p11-kit=PATH],[Specify install path of the p11-kit module, will override path given by pkg-config]), + [P11KIT_PATH="$withval"], + [P11KIT_PATH=""] + ) + + AC_MSG_CHECKING(for p11-kit integration) + if test "x${enable_p11kit}" = "xyes"; then + AC_MSG_RESULT(yes) + if test "x${P11KIT_PATH}" = "x"; then + AC_PATH_PROG(PKGCONFIG, [pkg-config]) + if test "x${PKGCONFIG}" != "x" && ${PKGCONFIG} --exists p11-kit-1; then + P11KIT_PATH=`${PKGCONFIG} --variable=p11_module_configs p11-kit-1` + fi + fi + AC_MSG_CHECKING(where to install the p11-kit module) + AC_MSG_RESULT($P11KIT_PATH) + if test "x${P11KIT_PATH}" = "x"; then + AC_MSG_WARN([Missing install path for the p11-kit module, skipping module]) + fi + else + AC_MSG_RESULT(no) + fi + + AC_SUBST(P11KIT_PATH) + AM_CONDITIONAL([WITH_P11KIT], [test "x${enable_p11kit}" = "xyes" -a "x${P11KIT_PATH}" != "x"]) +]) diff --git a/SoftHSMv2/m4/acx_pedantic.m4 b/SoftHSMv2/m4/acx_pedantic.m4 new file mode 100644 index 0000000..11808ee --- /dev/null +++ b/SoftHSMv2/m4/acx_pedantic.m4 @@ -0,0 +1,12 @@ +AC_DEFUN([ACX_PEDANTIC],[ + AC_ARG_ENABLE( + [pedantic], + [AS_HELP_STRING([--enable-pedantic],[enable pedantic compile mode @<:@enabled@:>@])], + , + [enable_pedantic="yes"] + ) + if test "${enable_pedantic}" = "yes"; then + enable_strict="yes"; + CFLAGS="${CFLAGS} -pedantic" + fi +]) diff --git a/SoftHSMv2/m4/acx_prefixhack.m4 b/SoftHSMv2/m4/acx_prefixhack.m4 new file mode 100644 index 0000000..16a50a2 --- /dev/null +++ b/SoftHSMv2/m4/acx_prefixhack.m4 @@ -0,0 +1,23 @@ +# Special processing of paths depending on whether --prefix, +# --sysconfdir or --localstatedir arguments were given. + +AC_DEFUN([ACX_PREFIXHACK],[ + case "$prefix" in + NONE) + case "$sysconfdir" in + '${prefix}/etc') + sysconfdir=/etc + ac_configure_args="$ac_configure_args --sysconfdir=$sysconfdir" + AC_MSG_NOTICE([sysconfdir set to $sysconfdir]) + ;; + esac + case "$localstatedir" in + '${prefix}/var') + localstatedir=/var + ac_configure_args="$ac_configure_args --localstatedir=$localstatedir" + AC_MSG_NOTICE([localstate set to $localstatedir]) + ;; + esac + ;; + esac +]) diff --git a/SoftHSMv2/m4/acx_sqlite3.m4 b/SoftHSMv2/m4/acx_sqlite3.m4 new file mode 100644 index 0000000..cf829b7 --- /dev/null +++ b/SoftHSMv2/m4/acx_sqlite3.m4 @@ -0,0 +1,40 @@ +AC_DEFUN([ACX_SQLITE3],[ + AC_ARG_WITH(sqlite3, + AC_HELP_STRING([--with-sqlite3=PATH],[Specify prefix of path of SQLite3]), + [ + SQLITE3_PATH="$withval" + AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $withval/bin) + + ],[ + SQLITE3_PATH="/usr/local" + AC_PATH_PROGS(SQLITE3, sqlite3, sqlite3, $PATH) + ]) + + + if ! test -x "$SQLITE3"; then + AC_MSG_ERROR([sqlite3 command not found]) + fi + + AC_MSG_CHECKING(what are the SQLite3 includes) + SQLITE3_INCLUDES="-I$SQLITE3_PATH/include" + AC_MSG_RESULT($SQLITE3_INCLUDES) + + AC_MSG_CHECKING(what are the SQLite3 libs) + SQLITE3_LIBS="-L$SQLITE3_PATH/lib -lsqlite3" + AC_MSG_RESULT($SQLITE3_LIBS) + + tmp_CPPFLAGS=$CPPFLAGS + tmp_LIBS=$LIBS + + CPPFLAGS="$CPPFLAGS $SQLITE3_INCLUDES" + LIBS="$LIBS $SQLITE3_LIBS" + + AC_CHECK_HEADERS(sqlite3.h,,[AC_MSG_ERROR([Can't find SQLite3 headers])]) + AC_CHECK_LIB(sqlite3, sqlite3_prepare_v2, [], [AC_MSG_ERROR([Missing SQLite3 library v3.4.2 or greater])]) + + CPPFLAGS=$tmp_CPPFLAGS + LIBS=$tmp_LIBS + + AC_SUBST(SQLITE3_INCLUDES) + AC_SUBST(SQLITE3_LIBS) +]) diff --git a/SoftHSMv2/m4/acx_strict.m4 b/SoftHSMv2/m4/acx_strict.m4 new file mode 100644 index 0000000..0bb8089 --- /dev/null +++ b/SoftHSMv2/m4/acx_strict.m4 @@ -0,0 +1,12 @@ +AC_DEFUN([ACX_STRICT],[ + AC_ARG_ENABLE( + [strict], + [AS_HELP_STRING([--enable-strict],[enable strict compile mode @<:@enabled@:>@])], + , + [enable_strict="yes"] + ) + if test "${enable_strict}" = "yes"; then + CFLAGS="${CFLAGS} -Wall -Wextra" + CXXFLAGS="${CXXFLAGS} -Wall -Wextra" + fi +]) diff --git a/SoftHSMv2/m4/acx_visibility.m4 b/SoftHSMv2/m4/acx_visibility.m4 new file mode 100644 index 0000000..589a72e --- /dev/null +++ b/SoftHSMv2/m4/acx_visibility.m4 @@ -0,0 +1,14 @@ +AC_DEFUN([ACX_VISIBILITY],[ + AC_ARG_ENABLE( + [visibility], + [AS_HELP_STRING([--disable-visibility],[disable hidden visibilty link mode @<:@enabled@:>@])], + [enable_visibility="${enableval}"], + [enable_visibility="yes"] + ) + if test "${enable_visibility}" = "yes"; then + CFLAGS="${CFLAGS} -fvisibility=hidden" + CXXFLAGS="${CXXFLAGS} -fvisibility=hidden" + AC_DEFINE(CRYPTOKI_VISIBILITY, 1, + [Define to default visibility of PKCS@%:@11 entry points]) + fi +]) diff --git a/SoftHSMv2/m4/acx_yield.m4 b/SoftHSMv2/m4/acx_yield.m4 new file mode 100644 index 0000000..335c190 --- /dev/null +++ b/SoftHSMv2/m4/acx_yield.m4 @@ -0,0 +1,10 @@ +AC_DEFUN([ACX_YIELD],[ + YIELD_LIB= + # Solaris has sched_yield in librt, not in libpthread or libc. + # Solaris 2.5.1, 2.6 has sched_yield in libposix4, not librt. + AC_CHECK_LIB(rt, sched_yield, [YIELD_LIB=-lrt], + [AC_CHECK_LIB(posix4, sched_yield, [YIELD_LIB=-lposix4])]) + AC_SUBST([YIELD_LIB]) + + AC_CHECK_HEADER([sched.h]) +]) diff --git a/SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 b/SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 new file mode 100644 index 0000000..28ab4eb --- /dev/null +++ b/SoftHSMv2/m4/ax_cxx_compile_stdcxx_11.m4 @@ -0,0 +1,146 @@ +# ============================================================================ +# http://www.gnu.org/software/autoconf-archive/ax_cxx_compile_stdcxx_11.html +# ============================================================================ +# +# SYNOPSIS +# +# AX_CXX_COMPILE_STDCXX_11([ext|noext],[mandatory|optional]) +# +# DESCRIPTION +# +# Check for baseline language coverage in the compiler for the C++11 +# standard; if necessary, add switches to CXXFLAGS to enable support. +# +# The first argument, if specified, indicates whether you insist on an +# extended mode (e.g. -std=gnu++11) or a strict conformance mode (e.g. +# -std=c++11). If neither is specified, you get whatever works, with +# preference for an extended mode. +# +# The second argument, if specified 'mandatory' or if left unspecified, +# indicates that baseline C++11 support is required and that the macro +# should error out if no mode with that support is found. If specified +# 'optional', then configuration proceeds regardless, after defining +# HAVE_CXX11 if and only if a supporting mode is found. +# +# LICENSE +# +# Copyright (c) 2008 Benjamin Kosnik <bkoz@redhat.com> +# Copyright (c) 2012 Zack Weinberg <zackw@panix.com> +# Copyright (c) 2013 Roy Stogner <roystgnr@ices.utexas.edu> +# Copyright (c) 2014 Alexey Sokolov <sokolov@google.com> +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 4 + +m4_define([_AX_CXX_COMPILE_STDCXX_11_testbody], [[ + #include <memory> + + template <typename T> + struct check + { + static_assert(sizeof(int) <= sizeof(T), "not big enough"); + }; + + struct Base { + virtual void f() {} + }; + struct Child : public Base { + virtual void f() override {} + }; + + std::unique_ptr<Base> ptr_to_base; + + typedef check<check<bool>> right_angle_brackets; + + int a; + decltype(a) b; + + typedef check<int> check_type; + check_type c; + check_type&& cr = static_cast<check_type&&>(c); + + auto d = a; + auto l = [](){}; +]]) + +AC_DEFUN([AX_CXX_COMPILE_STDCXX_11], [dnl + m4_if([$1], [], [], + [$1], [ext], [], + [$1], [noext], [], + [m4_fatal([invalid argument `$1' to AX_CXX_COMPILE_STDCXX_11])])dnl + m4_if([$2], [], [ax_cxx_compile_cxx11_required=true], + [$2], [mandatory], [ax_cxx_compile_cxx11_required=true], + [$2], [optional], [ax_cxx_compile_cxx11_required=false], + [m4_fatal([invalid second argument `$2' to AX_CXX_COMPILE_STDCXX_11])]) + AC_LANG_PUSH([C++])dnl + ac_success=no + AC_CACHE_CHECK(whether $CXX supports C++11 features by default, + ax_cv_cxx_compile_cxx11, + [AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], + [ax_cv_cxx_compile_cxx11=yes], + [ax_cv_cxx_compile_cxx11=no])]) + if test x$ax_cv_cxx_compile_cxx11 = xyes; then + ac_success=yes + fi + + m4_if([$1], [noext], [], [dnl + if test x$ac_success = xno; then + for switch in -std=gnu++11 -std=gnu++0x; do + cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch]) + AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch, + $cachevar, + [ac_save_CXXFLAGS="$CXXFLAGS" + CXXFLAGS="$CXXFLAGS $switch" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], + [eval $cachevar=yes], + [eval $cachevar=no]) + CXXFLAGS="$ac_save_CXXFLAGS"]) + if eval test x\$$cachevar = xyes; then + CXXFLAGS="$CXXFLAGS $switch" + ac_success=yes + break + fi + done + fi]) + + m4_if([$1], [ext], [], [dnl + if test x$ac_success = xno; then + for switch in -std=c++11 -std=c++0x; do + cachevar=AS_TR_SH([ax_cv_cxx_compile_cxx11_$switch]) + AC_CACHE_CHECK(whether $CXX supports C++11 features with $switch, + $cachevar, + [ac_save_CXXFLAGS="$CXXFLAGS" + CXXFLAGS="$CXXFLAGS $switch" + AC_COMPILE_IFELSE([AC_LANG_SOURCE([_AX_CXX_COMPILE_STDCXX_11_testbody])], + [eval $cachevar=yes], + [eval $cachevar=no]) + CXXFLAGS="$ac_save_CXXFLAGS"]) + if eval test x\$$cachevar = xyes; then + CXXFLAGS="$CXXFLAGS $switch" + ac_success=yes + break + fi + done + fi]) + AC_LANG_POP([C++]) + if test x$ax_cxx_compile_cxx11_required = xtrue; then + if test x$ac_success = xno; then + AC_MSG_ERROR([*** A compiler with support for C++11 language features is required.]) + fi + else + if test x$ac_success = xno; then + HAVE_CXX11=0 + AC_MSG_NOTICE([No compiler with C++11 support was found]) + else + HAVE_CXX11=1 + AC_DEFINE(HAVE_CXX11,1, + [define if the compiler supports basic C++11 syntax]) + fi + + AC_SUBST(HAVE_CXX11) + fi +]) |