… | |
… | |
335 | use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], |
335 | use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], |
336 | RSA=$enableval |
336 | RSA=$enableval |
337 | ) |
337 | ) |
338 | AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) |
338 | AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) |
339 | |
339 | |
340 | HMAC=12 |
340 | HMACSIZE=12 |
341 | AC_ARG_ENABLE(hmac-length, |
341 | AC_ARG_ENABLE(hmac-length, |
342 | [AS_HELP_STRING(--enable-hmac-length=BYTES,[ |
342 | [AS_HELP_STRING(--enable-hmac-length=BYTES,[ |
343 | use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], |
343 | use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], |
344 | HMAC=$enableval |
344 | HMACSIZE=$enableval |
345 | ) |
345 | ) |
346 | AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) |
346 | AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.]) |
347 | |
|
|
348 | RAND=8 |
|
|
349 | AC_ARG_ENABLE(rand-length, |
|
|
350 | [AS_HELP_STRING(--enable-rand-length=BYTES, |
|
|
351 | [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])], |
|
|
352 | RAND=$enableval |
|
|
353 | ) |
|
|
354 | AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.]) |
|
|
355 | |
347 | |
356 | MTU=1500 |
348 | MTU=1500 |
357 | AC_ARG_ENABLE(max-mtu, |
349 | AC_ARG_ENABLE(max-mtu, |
358 | [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], |
350 | [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], |
359 | MTU=$enableval |
351 | MTU=$enableval |
… | |
… | |
367 | COMPRESS=0 |
359 | COMPRESS=0 |
368 | fi |
360 | fi |
369 | ) |
361 | ) |
370 | AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) |
362 | AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) |
371 | |
363 | |
372 | CIPHER=aes_128_cbc |
364 | CIPHER=aes_128_ctr |
373 | AC_ARG_ENABLE(cipher, |
365 | AC_ARG_ENABLE(cipher, |
374 | [AS_HELP_STRING(--enable-cipher=CIPHER,[ |
366 | [AS_HELP_STRING(--enable-cipher=CIPHER,[ |
375 | Select the symmetric cipher (default "aes-128"). |
367 | Select the symmetric cipher (default "aes-128"). |
376 | Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], |
368 | Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])], |
377 | if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi |
369 | #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi |
378 | if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi |
370 | if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi |
379 | if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi |
371 | if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi |
380 | if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi |
372 | if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi |
381 | if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi |
373 | #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi |
382 | if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi |
374 | #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi |
383 | ) |
375 | ) |
384 | AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) |
376 | AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) |
385 | |
377 | |
386 | DIGEST=sha1 |
378 | HMAC=sha1 |
387 | AC_ARG_ENABLE(digest, |
379 | AC_ARG_ENABLE(hmac-digest, |
388 | [AS_HELP_STRING(--enable-digest=DIGEST,[ |
380 | [AS_HELP_STRING(--enable-hmac-digest=HMAC,[ |
389 | Select the digest algorithm to use (default "sha1"). Must be one of |
381 | Select the HMAC digest algorithm to use (default "sha1"). Must be one of |
390 | "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], |
382 | "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], |
391 | if test "x$enableval" = xwhirlpool; then DIGEST=whirlpool; fi |
383 | if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi |
392 | if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi |
384 | if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi |
393 | if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi |
385 | if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi |
394 | if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi |
386 | if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi |
395 | if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi |
387 | if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi |
396 | ) |
388 | ) |
397 | AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) |
389 | AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.]) |
398 | |
390 | |
399 | AUTH=sha512 |
391 | AUTH=sha512 |
400 | AC_ARG_ENABLE(auth-digest, |
392 | AC_ARG_ENABLE(auth-digest, |
401 | [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ |
393 | [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ |
402 | Select the hmac algorithm to use (default "sha512"). Must be one of |
394 | Select the hmac algorithm to use (default "sha512"). Must be one of |
… | |
… | |
418 | LIBS="$EXTRA_LIBS $LIBS" |
410 | LIBS="$EXTRA_LIBS $LIBS" |
419 | |
411 | |
420 | dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then |
412 | dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then |
421 | dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" |
413 | dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" |
422 | dnl fi |
414 | dnl fi |
423 | dnl |
415 | dnl |
424 | dnl if $LD -v --help 2>&1 | grep -q gc-sections; then |
416 | dnl if $LD -v --help 2>&1 | grep -q gc-sections; then |
425 | dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" |
417 | dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" |
426 | dnl fi |
418 | dnl fi |
427 | |
419 | |
428 | AC_SUBST(INCLUDES) |
420 | AC_SUBST(INCLUDES) |
… | |
… | |
443 | echo "*** RSA size: $RSA" |
435 | echo "*** RSA size: $RSA" |
444 | echo "*** Cipher used: $CIPHER" |
436 | echo "*** Cipher used: $CIPHER" |
445 | echo "*** Digest used: $DIGEST" |
437 | echo "*** Digest used: $DIGEST" |
446 | echo "*** Authdigest: $AUTH" |
438 | echo "*** Authdigest: $AUTH" |
447 | echo "*** HMAC length: $HMAC" |
439 | echo "*** HMAC length: $HMAC" |
448 | echo "*** RAND used: $RAND" |
|
|
449 | echo "*** Max. MTU: $MTU" |
440 | echo "*** Max. MTU: $MTU" |
450 | |
441 | |
451 | echo "***" |
442 | echo "***" |
452 | echo "*** Enable options:" |
443 | echo "*** Enable options:" |
453 | grep ENABLE_ config.h | sed -e 's/^/*** /' |
444 | grep ENABLE_ config.h | sed -e 's/^/*** /' |
454 | |
445 | |
455 | if test "$HMAC" -lt 12; then |
446 | if test "$HMACSIZE" -lt 12; then |
456 | echo "***" |
447 | echo "***" |
457 | echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" |
448 | echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure" |
458 | fi |
|
|
459 | |
|
|
460 | if test "$RAND" -lt 8; then |
|
|
461 | echo "***" |
|
|
462 | echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure" |
|
|
463 | fi |
449 | fi |
464 | |
450 | |
465 | echo "***" |
451 | echo "***" |
466 | echo |
452 | echo |
467 | |
453 | |