--- gvpe/configure.ac 2009/07/18 05:59:16 1.55 +++ gvpe/configure.ac 2013/07/18 13:35:19 1.63 @@ -1,10 +1,10 @@ dnl Process this file with autoconf to produce a configure script. -AC_PREREQ(2.59) +AC_PREREQ(2.69) AC_INIT AC_CONFIG_SRCDIR([src/gvpe.C]) AC_CANONICAL_TARGET -AM_INIT_AUTOMAKE(gvpe, 2.22) +AM_INIT_AUTOMAKE(gvpe, 2.25) AC_CONFIG_HEADERS([config.h]) AM_MAINTAINER_MODE @@ -48,9 +48,6 @@ #endif ]) -dnl Include the macros from the m4/ directory -AM_ACLOCAL_INCLUDE(m4) - AM_GNU_GETTEXT([external]) AM_GNU_GETTEXT_VERSION(0.11.5) @@ -245,6 +242,22 @@ fi dnl tinc_ZLIB +AC_ARG_ENABLE(threads, + [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], + [try_threads=$enableval], + [try_threads=yes] +) + +if test "x$try_threads" = xyes; then + AC_CHECK_HEADER(pthread.h,[ + LIBS="$LIBS -lpthread" + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([#include ], [pthread_t id; pthread_create (&id, 0, 0, 0);])], + [AC_DEFINE_UNQUOTED(ENABLE_PTHREADS, 1, [POSIX thread support.])] + ) + ]) +fi + AC_ARG_ENABLE(static-daemon, [AS_HELP_STRING(--enable-static-daemon,enable statically linked daemon.)], [LDFLAGS_DAEMON=-static] @@ -316,28 +329,36 @@ ] ) -HMAC=12 +RSA=3072 +AC_ARG_ENABLE(rsa-length, + [AS_HELP_STRING(--enable-rsa-length=BITS,[ + use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], + RSA=$enableval +) +AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) + +HMACSIZE=12 AC_ARG_ENABLE(hmac-length, [AS_HELP_STRING(--enable-hmac-length=BYTES,[ use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], - HMAC=$enableval + HMACSIZE=$enableval ) -AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) +AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) -RAND=8 +RANDSIZE=12 AC_ARG_ENABLE(rand-length, [AS_HELP_STRING(--enable-rand-length=BYTES, - [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])], - RAND=$enableval + [use BYTES bytes of extra randomness (default 12). Allowed values are 0, 4, 8, 12.])], + RANDSIZE=$enableval ) -AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.]) +AC_DEFINE_UNQUOTED(RAND_SIZE, $RANDSIZE, [Add this many bytes of randomness to each packet.]) MTU=1500 -AC_ARG_ENABLE(mtu, +AC_ARG_ENABLE(max-mtu, [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], MTU=$enableval ) -AC_DEFINE_UNQUOTED(MAX_MTU, $MTU + 14, [Maximum MTU supported.]) +AC_DEFINE_UNQUOTED(MAX_MTU, ($MTU + 14), [Maximum MTU supported.]) COMPRESS=1 AC_ARG_ENABLE(compression, @@ -352,27 +373,39 @@ AC_ARG_ENABLE(cipher, [AS_HELP_STRING(--enable-cipher=CIPHER,[ Select the symmetric cipher (default "aes-128"). - Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192" or "aes-256".])], - if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi - if test "x$enableval" = xaes-128; then CIPHER=aes_128_cbc; fi - if test "x$enableval" = xaes-192; then CIPHER=aes_192_cbc; fi - if test "x$enableval" = xaes-256; then CIPHER=aes_256_cbc; fi + Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], + if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi + if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi + if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi + if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi + if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi + if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi ) AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) -DIGEST=ripemd160 -AC_ARG_ENABLE(digest, - [AS_HELP_STRING(--enable-digest=CIPHER,[ - Select the digest algorithm to use (default "ripemd160"). Must be one of - "sha512", "sha256", "sha1" (somewhat insecure), "ripemd160", "md5" (insecure) or "md4" (insecure).])], - if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi - if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi - if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi - if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi - if test "x$enableval" = xmd5 ; then DIGEST=md5 ; fi - if test "x$enableval" = xmd4 ; then DIGEST=md4 ; fi +HMAC=sha1 +AC_ARG_ENABLE(hmac-digest, + [AS_HELP_STRING(--enable-hmac-digest=HMAC,[ + Select the HMAC digest algorithm to use (default "sha1"). Must be one of + "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi + if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi + if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi + if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi + if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi +) +AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.]) + +AUTH=sha512 +AC_ARG_ENABLE(auth-digest, + [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ + Select the hmac algorithm to use (default "sha512"). Must be one of + "sha512", "sha256", "whirlpool".])], + if test "x$enableval" = xwhirlpool; then AUTH=whirlpool; fi + if test "x$enableval" = xsha512 ; then AUTH=sha512 ; fi + if test "x$enableval" = xsha256 ; then AUTH=sha256 ; fi ) -AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) +AC_DEFINE_UNQUOTED(ENABLE_AUTH, EVP_${AUTH}, [Select the auth digest algorithm to use.]) if $CXX -v --help 2>&1 | grep -q fno-rtti; then CXXFLAGS="$CXXFLAGS -fno-rtti" @@ -407,8 +440,10 @@ echo "*** Configuration Summary" echo "***" echo "*** Kernel Iface: $IFTYPE/$IFSUBTYPE" +echo "*** RSA size: $RSA" echo "*** Cipher used: $CIPHER" echo "*** Digest used: $DIGEST" +echo "*** Authdigest: $AUTH" echo "*** HMAC length: $HMAC" echo "*** RAND used: $RAND" echo "*** Max. MTU: $MTU" @@ -417,19 +452,14 @@ echo "*** Enable options:" grep ENABLE_ config.h | sed -e 's/^/*** /' -if test "x$DIGEST" = xmd4; then -echo "***" -echo "*** WARNING: The digest you have chosen ($DIGEST) is known to be insecure" -fi - -if test "$HMAC" -lt 12; then +if test "$HMACSIZE" -lt 12; then echo "***" -echo "*** WARNING: The hmac length you have chosen ($HMAC) is probably insecure" +echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" fi -if test "$RAND" -lt 8; then +if test "$RANDSIZE" -lt 12; then echo "***" -echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure" +echo "*** WARNING: The random prefix you have chosen ($RANDSIZE) is probably insecure" fi echo "***"