build/crypto.m4 - trafficserver - Git at Google

 dnl -------------------------------------------------------- -*- autoconf -*-
 dnl Licensed to the Apache Software Foundation (ASF) under one or more
 dnl contributor license agreements.  See the NOTICE file distributed with
 dnl this work for additional information regarding copyright ownership.
 dnl The ASF licenses this file to You under the Apache License, Version 2.0
 dnl (the "License"); you may not use this file except in compliance with
 dnl the License.  You may obtain a copy of the License at
 dnl
 dnl     http://www.apache.org/licenses/LICENSE-2.0
 dnl
 dnl Unless required by applicable law or agreed to in writing, software
 dnl distributed under the License is distributed on an "AS IS" BASIS,
 dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 dnl See the License for the specific language governing permissions and
 dnl limitations under the License.

 dnl
 dnl crypto.m4 Trafficserver's Crypto autoconf macros
 dnl

 dnl
 dnl TS_CHECK_CRYPTO: look for crypto libraries and headers
 dnl
 AC_DEFUN([TS_CHECK_CRYPTO], [
   AC_CHECK_LIB([crypt], [crypt], [AC_SUBST([LIBCRYPT],["-lcrypt"])])

   AX_CHECK_OPENSSL([
     enable_crypto=yes
   ], [
     AC_ERROR(failed to find OpenSSL)
     enable_crypto=no
   ])

   if test "x${enable_crypto}" = "xyes"; then
     TS_ADDTO(LDFLAGS, [$OPENSSL_LDFLAGS])
     TS_ADDTO(CPPFLAGS, [$OPENSSL_INCLUDES])
     TS_ADDTO(CPPFLAGS, [-DOPENSSL_NO_SSL_INTERN])
   fi

   dnl add checks for other varieties of ssl here
 ])
 dnl

 AC_DEFUN([TS_CHECK_CRYPTO_EC_KEYS], [
   _eckeys_saved_LIBS=$LIBS

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_CHECK_HEADERS(openssl/ec.h)
   AC_CHECK_FUNCS(EC_KEY_new_by_curve_name, [enable_tls_eckey=yes], [enable_tls_eckey=no])
   LIBS=$_eckeys_saved_LIBS

   AC_MSG_CHECKING(whether EC keys are supported)
   AC_MSG_RESULT([$enable_tls_eckey])
   TS_ARG_ENABLE_VAR([use], [tls-eckey])
   AC_SUBST(use_tls_eckey)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [
   enable_tls_npn=yes
   _npn_saved_LIBS=$LIBS

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_CHECK_FUNCS(SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_proto_select_cb SSL_select_next_proto SSL_get0_next_proto_negotiated,
     [], [enable_tls_npn=no]
   )
   LIBS=$_npn_saved_LIBS

   AC_MSG_CHECKING(whether to enable Next Protocol Negotiation TLS extension support)
   AC_MSG_RESULT([$enable_tls_npn])
   TS_ARG_ENABLE_VAR([use], [tls-npn])
   AC_SUBST(use_tls_npn)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_ASYNC], [
   enable_tls_async=yes
   _async_saved_LIBS=$LIBS

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_CHECK_FUNCS(SSL_get_all_async_fds ASYNC_init_thread,
     [], [enable_tls_async=no]
   )
   LIBS=$_async_saved_LIBS

   AC_MSG_CHECKING(whether to enable ASYNC job openssl support)
   AC_MSG_RESULT([$enable_tls_async])
   TS_ARG_ENABLE_VAR([use], [tls-async])
   AC_SUBST(use_tls_async)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_ALPN], [
   enable_tls_alpn=yes
   _alpn_saved_LIBS=$LIBS

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_CHECK_FUNCS(SSL_CTX_set_alpn_protos SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_select_next_proto,
     [], [enable_tls_alpn=no]
   )
   LIBS=$_alpn_saved_LIBS

   AC_MSG_CHECKING(whether to enable Application Layer Protocol Negotiation TLS extension support)
   AC_MSG_RESULT([$enable_tls_alpn])
   TS_ARG_ENABLE_VAR([use], [tls-alpn])
   AC_SUBST(use_tls_alpn)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_CERT_CB], [
   _cert_saved_LIBS=$LIBS
   enable_cert_cb=yes

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_CHECK_HEADERS(openssl/ssl.h openssl/ts.h)
   AC_CHECK_HEADERS(openssl/tls1.h, [], [],
 [ #if HAVE_OPENSSL_SSL_H
 #include <openssl/ssl.h>
 #include <openssl/tls1.h>
 #endif ])

   AC_MSG_CHECKING([for SSL_CTX_set_cert_cb])
   AC_LINK_IFELSE(
   [
     AC_LANG_PROGRAM([[
 #if HAVE_OPENSSL_SSL_H
 #include <openssl/ssl.h>
 #endif
 #if HAVE_OPENSSL_TLS1_H
 #include <openssl/tls1.h>
 #endif
       ]],
       [[SSL_CTX_set_cert_cb(NULL, NULL, NULL);]])
   ],
   [
     AC_MSG_RESULT([yes])
   ],
   [
     AC_MSG_RESULT([no])
     enable_cert_cb=no
   ])

   LIBS=$_cert_saved_LIBS

   AC_MSG_CHECKING(whether to enable TLS certificate callback support)
   AC_MSG_RESULT([$enable_cert_cb])
   TS_ARG_ENABLE_VAR([use], [cert-cb])
   AC_SUBST(use_cert_cb)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_SET_RBIO], [
   _rbio_saved_LIBS=$LIBS
   enable_set_rbio=yes

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_MSG_CHECKING([for SSL_set0_rbio])
   AC_LINK_IFELSE(
   [
     AC_LANG_PROGRAM([[
 #if HAVE_OPENSSL_SSL_H
 #include <openssl/ssl.h>
 #endif
 #if HAVE_OPENSSL_TLS1_H
 #include <openssl/tls1.h>
 #endif
       ]],
       [[SSL_set0_rbio(NULL, NULL);]])
   ],
   [
     AC_MSG_RESULT([yes])
   ],
   [
     AC_MSG_RESULT([no])
     enable_set_rbio=no
   ])

   LIBS=$_rbio_saved_LIBS

   AC_MSG_CHECKING(whether to enable set rbio)
   AC_MSG_RESULT([$enable_set_rbio])
   TS_ARG_ENABLE_VAR([use], [set-rbio])
   AC_SUBST(use_set_rbio)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [
   _dh_saved_LIBS=$LIBS
   enable_dh_get_2048_256=yes

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_MSG_CHECKING([for DH_get_2048_256])
   AC_LINK_IFELSE(
   [
     AC_LANG_PROGRAM([[
 #if HAVE_OPENSSL_SSL_H
 #include <openssl/ssl.h>
 #endif
 #if HAVE_OPENSSL_TLS1_H
 #include <openssl/tls1.h>
 #endif
       ]],
       [[DH_get_2048_256();]])
   ],
   [
     AC_MSG_RESULT([yes])
   ],
   [
     AC_MSG_RESULT([no])
     enable_dh_get_2048_256=no
   ])

   LIBS=$_dh_saved_LIBS

   AC_MSG_CHECKING(whether to enable DH_get_2048_256)
   AC_MSG_RESULT([$enable_dh_get_2048_256])
   TS_ARG_ENABLE_VAR([use], [dh_get_2048_256])
   AC_SUBST(use_dh_get_2048_256)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_OCSP], [
   _ocsp_saved_LIBS=$LIBS

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_CHECK_HEADERS(openssl/ocsp.h)
   AC_CHECK_FUNCS(OCSP_sendreq_new OCSP_REQ_CTX_add1_header OCSP_REQ_CTX_set1_req, [enable_tls_ocsp=yes], [enable_tls_ocsp=no])

   LIBS=$_ocsp_saved_LIBS

   AC_MSG_CHECKING(whether OCSP is supported)
   AC_MSG_RESULT([$enable_tls_ocsp])
   TS_ARG_ENABLE_VAR([use], [tls-ocsp])
   AC_SUBST(use_tls_ocsp)
 ])

 AC_DEFUN([TS_CHECK_CRYPTO_SET_CIPHERSUITES], [
   _set_ciphersuites_saved_LIBS=$LIBS

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
   AC_CHECK_HEADERS(openssl/ssl.h)
   AC_CHECK_FUNCS(SSL_CTX_set_ciphersuites, [enable_tls_set_ciphersuites=yes], [enable_tls_set_ciphersuites=no])

   LIBS=$_set_ciphersuites_saved_LIBS

   AC_MSG_CHECKING(whether to enable TLSv1.3 ciphersuites configuration is supported)
   AC_MSG_RESULT([$enable_tls_set_ciphersuites])
   TS_ARG_ENABLE_VAR([use], [tls-set-ciphersuites])
   AC_SUBST(use_tls_set_ciphersuites)
 ])
	dnl -------------------------------------------------------- -- autoconf --
	dnl Licensed to the Apache Software Foundation (ASF) under one or more
	dnl contributor license agreements. See the NOTICE file distributed with
	dnl this work for additional information regarding copyright ownership.
	dnl The ASF licenses this file to You under the Apache License, Version 2.0
	dnl (the "License"); you may not use this file except in compliance with
	dnl the License. You may obtain a copy of the License at
	dnl
	dnl http://www.apache.org/licenses/LICENSE-2.0
	dnl
	dnl Unless required by applicable law or agreed to in writing, software
	dnl distributed under the License is distributed on an "AS IS" BASIS,
	dnl WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	dnl See the License for the specific language governing permissions and
	dnl limitations under the License.

	dnl
	dnl crypto.m4 Trafficserver's Crypto autoconf macros
	dnl

	dnl
	dnl TS_CHECK_CRYPTO: look for crypto libraries and headers
	dnl
	AC_DEFUN([TS_CHECK_CRYPTO], [
	AC_CHECK_LIB([crypt], [crypt], [AC_SUBST([LIBCRYPT],["-lcrypt"])])

	AX_CHECK_OPENSSL([
	enable_crypto=yes
	], [
	AC_ERROR(failed to find OpenSSL)
	enable_crypto=no
	])

	if test "x${enable_crypto}" = "xyes"; then
	TS_ADDTO(LDFLAGS, [$OPENSSL_LDFLAGS])
	TS_ADDTO(CPPFLAGS, [$OPENSSL_INCLUDES])
	TS_ADDTO(CPPFLAGS, [-DOPENSSL_NO_SSL_INTERN])
	fi

	dnl add checks for other varieties of ssl here
	])
	dnl

	AC_DEFUN([TS_CHECK_CRYPTO_EC_KEYS], [
	_eckeys_saved_LIBS=$LIBS

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_CHECK_HEADERS(openssl/ec.h)
	AC_CHECK_FUNCS(EC_KEY_new_by_curve_name, [enable_tls_eckey=yes], [enable_tls_eckey=no])
	LIBS=$_eckeys_saved_LIBS

	AC_MSG_CHECKING(whether EC keys are supported)
	AC_MSG_RESULT([$enable_tls_eckey])
	TS_ARG_ENABLE_VAR([use], [tls-eckey])
	AC_SUBST(use_tls_eckey)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [
	enable_tls_npn=yes
	_npn_saved_LIBS=$LIBS

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_CHECK_FUNCS(SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_proto_select_cb SSL_select_next_proto SSL_get0_next_proto_negotiated,
	[], [enable_tls_npn=no]
	)
	LIBS=$_npn_saved_LIBS

	AC_MSG_CHECKING(whether to enable Next Protocol Negotiation TLS extension support)
	AC_MSG_RESULT([$enable_tls_npn])
	TS_ARG_ENABLE_VAR([use], [tls-npn])
	AC_SUBST(use_tls_npn)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_ASYNC], [
	enable_tls_async=yes
	_async_saved_LIBS=$LIBS

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_CHECK_FUNCS(SSL_get_all_async_fds ASYNC_init_thread,
	[], [enable_tls_async=no]
	)
	LIBS=$_async_saved_LIBS

	AC_MSG_CHECKING(whether to enable ASYNC job openssl support)
	AC_MSG_RESULT([$enable_tls_async])
	TS_ARG_ENABLE_VAR([use], [tls-async])
	AC_SUBST(use_tls_async)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_ALPN], [
	enable_tls_alpn=yes
	_alpn_saved_LIBS=$LIBS

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_CHECK_FUNCS(SSL_CTX_set_alpn_protos SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_select_next_proto,
	[], [enable_tls_alpn=no]
	)
	LIBS=$_alpn_saved_LIBS

	AC_MSG_CHECKING(whether to enable Application Layer Protocol Negotiation TLS extension support)
	AC_MSG_RESULT([$enable_tls_alpn])
	TS_ARG_ENABLE_VAR([use], [tls-alpn])
	AC_SUBST(use_tls_alpn)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_CERT_CB], [
	_cert_saved_LIBS=$LIBS
	enable_cert_cb=yes

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_CHECK_HEADERS(openssl/ssl.h openssl/ts.h)
	AC_CHECK_HEADERS(openssl/tls1.h, [], [],
	[ #if HAVE_OPENSSL_SSL_H
	#include <openssl/ssl.h>
	#include <openssl/tls1.h>
	#endif ])

	AC_MSG_CHECKING([for SSL_CTX_set_cert_cb])
	AC_LINK_IFELSE(
	[
	AC_LANG_PROGRAM([[
	#if HAVE_OPENSSL_SSL_H
	#include <openssl/ssl.h>
	#endif
	#if HAVE_OPENSSL_TLS1_H
	#include <openssl/tls1.h>
	#endif
	]],
	[[SSL_CTX_set_cert_cb(NULL, NULL, NULL);]])
	],
	[
	AC_MSG_RESULT([yes])
	],
	[
	AC_MSG_RESULT([no])
	enable_cert_cb=no
	])

	LIBS=$_cert_saved_LIBS

	AC_MSG_CHECKING(whether to enable TLS certificate callback support)
	AC_MSG_RESULT([$enable_cert_cb])
	TS_ARG_ENABLE_VAR([use], [cert-cb])
	AC_SUBST(use_cert_cb)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_SET_RBIO], [
	_rbio_saved_LIBS=$LIBS
	enable_set_rbio=yes

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_MSG_CHECKING([for SSL_set0_rbio])
	AC_LINK_IFELSE(
	[
	AC_LANG_PROGRAM([[
	#if HAVE_OPENSSL_SSL_H
	#include <openssl/ssl.h>
	#endif
	#if HAVE_OPENSSL_TLS1_H
	#include <openssl/tls1.h>
	#endif
	]],
	[[SSL_set0_rbio(NULL, NULL);]])
	],
	[
	AC_MSG_RESULT([yes])
	],
	[
	AC_MSG_RESULT([no])
	enable_set_rbio=no
	])

	LIBS=$_rbio_saved_LIBS

	AC_MSG_CHECKING(whether to enable set rbio)
	AC_MSG_RESULT([$enable_set_rbio])
	TS_ARG_ENABLE_VAR([use], [set-rbio])
	AC_SUBST(use_set_rbio)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [
	_dh_saved_LIBS=$LIBS
	enable_dh_get_2048_256=yes

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_MSG_CHECKING([for DH_get_2048_256])
	AC_LINK_IFELSE(
	[
	AC_LANG_PROGRAM([[
	#if HAVE_OPENSSL_SSL_H
	#include <openssl/ssl.h>
	#endif
	#if HAVE_OPENSSL_TLS1_H
	#include <openssl/tls1.h>
	#endif
	]],
	[[DH_get_2048_256();]])
	],
	[
	AC_MSG_RESULT([yes])
	],
	[
	AC_MSG_RESULT([no])
	enable_dh_get_2048_256=no
	])

	LIBS=$_dh_saved_LIBS

	AC_MSG_CHECKING(whether to enable DH_get_2048_256)
	AC_MSG_RESULT([$enable_dh_get_2048_256])
	TS_ARG_ENABLE_VAR([use], [dh_get_2048_256])
	AC_SUBST(use_dh_get_2048_256)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_OCSP], [
	_ocsp_saved_LIBS=$LIBS

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_CHECK_HEADERS(openssl/ocsp.h)
	AC_CHECK_FUNCS(OCSP_sendreq_new OCSP_REQ_CTX_add1_header OCSP_REQ_CTX_set1_req, [enable_tls_ocsp=yes], [enable_tls_ocsp=no])

	LIBS=$_ocsp_saved_LIBS

	AC_MSG_CHECKING(whether OCSP is supported)
	AC_MSG_RESULT([$enable_tls_ocsp])
	TS_ARG_ENABLE_VAR([use], [tls-ocsp])
	AC_SUBST(use_tls_ocsp)
	])

	AC_DEFUN([TS_CHECK_CRYPTO_SET_CIPHERSUITES], [
	_set_ciphersuites_saved_LIBS=$LIBS

	TS_ADDTO(LIBS, [$OPENSSL_LIBS])
	AC_CHECK_HEADERS(openssl/ssl.h)
	AC_CHECK_FUNCS(SSL_CTX_set_ciphersuites, [enable_tls_set_ciphersuites=yes], [enable_tls_set_ciphersuites=no])

	LIBS=$_set_ciphersuites_saved_LIBS

	AC_MSG_CHECKING(whether to enable TLSv1.3 ciphersuites configuration is supported)
	AC_MSG_RESULT([$enable_tls_set_ciphersuites])
	TS_ARG_ENABLE_VAR([use], [tls-set-ciphersuites])
	AC_SUBST(use_tls_set_ciphersuites)
	])