ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/configure.ac
(Generate patch)

Comparing gvpe/configure.ac (file contents):
Revision 1.62 by root, Tue Jul 16 16:44:36 2013 UTC vs.
Revision 1.66 by root, Thu Oct 25 04:32:26 2018 UTC

2 2
3AC_PREREQ(2.69) 3AC_PREREQ(2.69)
4AC_INIT 4AC_INIT
5AC_CONFIG_SRCDIR([src/gvpe.C]) 5AC_CONFIG_SRCDIR([src/gvpe.C])
6AC_CANONICAL_TARGET 6AC_CANONICAL_TARGET
7AM_INIT_AUTOMAKE(gvpe, 2.25) 7AM_INIT_AUTOMAKE(gvpe, 3.1)
8AC_CONFIG_HEADERS([config.h]) 8AC_CONFIG_HEADERS([config.h])
9AM_MAINTAINER_MODE 9AM_MAINTAINER_MODE
10 10
11AH_TOP([ 11AH_TOP([
12#ifndef CONFIG_H__ 12#ifndef CONFIG_H__
234AC_CACHE_SAVE 234AC_CACHE_SAVE
235 235
236dnl These are defined in files in m4/ 236dnl These are defined in files in m4/
237tinc_TUNTAP 237tinc_TUNTAP
238 238
239tinc_OPENSSL 239PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto >= 1])
240if test "x$openssl_include" != x; then
241 CXXFLAGS="$CXXFLAGS -I$openssl_include"
242fi
243dnl tinc_ZLIB
244 240
245AC_ARG_ENABLE(threads, 241AC_ARG_ENABLE(threads,
246 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)], 242 [AS_HELP_STRING(--enable-threads,try to use threads for long-running asynchronous operations (default enabled).)],
247 [try_threads=$enableval], 243 [try_threads=$enableval],
248 [try_threads=yes] 244 [try_threads=yes]
335 use BITS rsa keys (default 3072). Allowed values are 2048-10240.])], 331 use BITS rsa keys (default 3072). Allowed values are 2048-10240.])],
336 RSA=$enableval 332 RSA=$enableval
337) 333)
338AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.]) 334AC_DEFINE_UNQUOTED(RSABITS, $RSA, [Size of RSA keys.])
339 335
340HMAC=12 336HMACSIZE=12
341AC_ARG_ENABLE(hmac-length, 337AC_ARG_ENABLE(hmac-length,
342 [AS_HELP_STRING(--enable-hmac-length=BYTES,[ 338 [AS_HELP_STRING(--enable-hmac-length=BYTES,[
343 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])], 339 use a hmac of length BYTES bytes (default 12). Allowed values are 4, 8, 12, 16.])],
344 HMAC=$enableval 340 HMACSIZE=$enableval
345) 341)
346AC_DEFINE_UNQUOTED(HMACLENGTH, $HMAC, [Size of HMAC in each packet in bytes.]) 342AC_DEFINE_UNQUOTED(HMACLENGTH, $HMACSIZE, [Size of HMAC in each packet in bytes.])
347
348RAND=8
349AC_ARG_ENABLE(rand-length,
350 [AS_HELP_STRING(--enable-rand-length=BYTES,
351 [use BYTES bytes of extra randomness (default 8). Allowed values are 0, 4, 8.])],
352 RAND=$enableval
353)
354AC_DEFINE_UNQUOTED(RAND_SIZE, $RAND, [Add this many bytes of randomness to each packet.])
355 343
356MTU=1500 344MTU=1500
357AC_ARG_ENABLE(max-mtu, 345AC_ARG_ENABLE(max-mtu,
358 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)], 346 [AS_HELP_STRING(--enable-max-mtu=BYTES,enable mtu sizes upto BYTES bytes (default 1500). Use 9100 for jumbogram support.)],
359 MTU=$enableval 347 MTU=$enableval
367 COMPRESS=0 355 COMPRESS=0
368 fi 356 fi
369) 357)
370AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.]) 358AC_DEFINE_UNQUOTED(ENABLE_COMPRESSION, $COMPRESS, [Enable compression support.])
371 359
372CIPHER=aes_128_cbc 360CIPHER=aes_128_ctr
373AC_ARG_ENABLE(cipher, 361AC_ARG_ENABLE(cipher,
374 [AS_HELP_STRING(--enable-cipher=CIPHER,[ 362 [AS_HELP_STRING(--enable-cipher=CIPHER,[
375 Select the symmetric cipher (default "aes-128"). 363 Select the symmetric cipher (default "aes-128").
376 Must be one of "bf" (blowfish), "aes-128" (rijndael), "aes-192", "aes-256", "camellia-128" or "camellia-256".])], 364 Must be one of "aes-128" (rijndael), "aes-192", or "aes-256".])],
377 if test "x$enableval" = xbf ; then CIPHER=bf_cbc ; fi 365 #if test "x$enableval" = xbf ; then CIPHER=bf_ctr ; fi
378 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_cbc ; fi 366 if test "x$enableval" = xaes-128 ; then CIPHER=aes_128_ctr ; fi
379 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_cbc ; fi 367 if test "x$enableval" = xaes-192 ; then CIPHER=aes_192_ctr ; fi
380 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_cbc ; fi 368 if test "x$enableval" = xaes-256 ; then CIPHER=aes_256_ctr ; fi
381 if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_cbc; fi 369 #if test "x$enableval" = xcamellia-128; then CIPHER=camellia_128_ctr; fi
382 if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_cbc; fi 370 #if test "x$enableval" = xcamellia-256; then CIPHER=camellia_256_ctr; fi
383) 371)
384AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.]) 372AC_DEFINE_UNQUOTED(ENABLE_CIPHER, EVP_${CIPHER}, [Select the symmetric cipher to use.])
385 373
386DIGEST=sha1 374HMAC=sha1
387AC_ARG_ENABLE(digest, 375AC_ARG_ENABLE(hmac-digest,
388 [AS_HELP_STRING(--enable-digest=DIGEST,[ 376 [AS_HELP_STRING(--enable-hmac-digest=HMAC,[
389 Select the digest algorithm to use (default "sha1"). Must be one of 377 Select the HMAC digest algorithm to use (default "sha1"). Must be one of
390 "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])], 378 "sha512", "sha256", "sha1", "ripemd160", "whirlpool".])],
391 if test "x$enableval" = xwhirlpool; then DIGEST=whirlpool; fi 379 if test "x$enableval" = xwhirlpool; then HMAC=whirlpool; fi
392 if test "x$enableval" = xsha512 ; then DIGEST=sha512 ; fi 380 if test "x$enableval" = xsha512 ; then HMAC=sha512 ; fi
393 if test "x$enableval" = xsha256 ; then DIGEST=sha256 ; fi 381 if test "x$enableval" = xsha256 ; then HMAC=sha256 ; fi
394 if test "x$enableval" = xsha1 ; then DIGEST=sha1 ; fi 382 if test "x$enableval" = xsha1 ; then HMAC=sha1 ; fi
395 if test "x$enableval" = xripemd160; then DIGEST=ripemd160; fi 383 if test "x$enableval" = xripemd160; then HMAC=ripemd160; fi
396) 384)
397AC_DEFINE_UNQUOTED(ENABLE_DIGEST, EVP_${DIGEST}, [Select the digest algorithm to use.]) 385AC_DEFINE_UNQUOTED(ENABLE_HMAC, EVP_${HMAC}, [Select the HMAC digest algorithm to use.])
398 386
399AUTH=sha512 387AUTH=sha512
400AC_ARG_ENABLE(auth-digest, 388AC_ARG_ENABLE(auth-digest,
401 [AS_HELP_STRING(--enable-auth-digest=DIGEST,[ 389 [AS_HELP_STRING(--enable-auth-digest=DIGEST,[
402 Select the hmac algorithm to use (default "sha512"). Must be one of 390 Select the hmac algorithm to use (default "sha512"). Must be one of
418LIBS="$EXTRA_LIBS $LIBS" 406LIBS="$EXTRA_LIBS $LIBS"
419 407
420dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then 408dnl if $CXX -v --help 2>&1 | grep -q ffunction-sections; then
421dnl CXXFLAGS="$CXXFLAGS -ffunction-sections" 409dnl CXXFLAGS="$CXXFLAGS -ffunction-sections"
422dnl fi 410dnl fi
423dnl 411dnl
424dnl if $LD -v --help 2>&1 | grep -q gc-sections; then 412dnl if $LD -v --help 2>&1 | grep -q gc-sections; then
425dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections" 413dnl LDFLAGS="$LDFLAGS -Wl,--gc-sections"
426dnl fi 414dnl fi
427 415
428AC_SUBST(INCLUDES) 416AC_SUBST(INCLUDES)
443echo "*** RSA size: $RSA" 431echo "*** RSA size: $RSA"
444echo "*** Cipher used: $CIPHER" 432echo "*** Cipher used: $CIPHER"
445echo "*** Digest used: $DIGEST" 433echo "*** Digest used: $DIGEST"
446echo "*** Authdigest: $AUTH" 434echo "*** Authdigest: $AUTH"
447echo "*** HMAC length: $HMAC" 435echo "*** HMAC length: $HMAC"
448echo "*** RAND used: $RAND"
449echo "*** Max. MTU: $MTU" 436echo "*** Max. MTU: $MTU"
450 437
451echo "***" 438echo "***"
452echo "*** Enable options:" 439echo "*** Enable options:"
453grep ENABLE_ config.h | sed -e 's/^/*** /' 440grep ENABLE_ config.h | sed -e 's/^/*** /'
454 441
455if test "$HMAC" -lt 12; then 442if test "$HMACSIZE" -lt 12; then
456echo "***" 443echo "***"
457echo "*** WARNING: The hmac length you have chosen ($HMAC) is quite insecure" 444echo "*** WARNING: The hmac length you have chosen ($HMACSIZE) is quite insecure"
458fi
459
460if test "$RAND" -lt 8; then
461echo "***"
462echo "*** WARNING: The random prefix you have chosen ($RAND) is probably insecure"
463fi 445fi
464 446
465echo "***" 447echo "***"
466echo 448echo
467 449
450if pkg-config --exists 'libcrypto >= 1.1 libcrypto < 2.0'; then
451 cat <<EOF
452@<:@33m
453***
454*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
455***
456*** You seem to configure gvpe with OpenSSL 1.1 or newer.
457*** While this probably compiles, please note that this is not only
458*** unsupported, but also discouraged.
459***
460*** It is recommended to use either OpenSSL 1.0, as long as that is still
461*** supported, or LibreSSL (https://www.libressl.org/).
462***
463*** This is not a political issue - while porting GVPE to the newer
464*** OpenSSL 1.1 API, I encountered two incompatible API changes that were
465*** not documented, were not caught while compiling but caused security
466*** issues. When reported, the reaction of the OpenSSL developers was to
467*** update the documentation.
468***
469*** As a result, I lost all confidence in the ability and desire of
470*** OpenSSL developers to create a safe API, and would highly recommend
471*** switching to LibreSSL which explicitly avoids such braking changes.
472***
473*** WARNING WARNING WARNING WARNING WARNING WARNING WARNING
474***
475*** Again, do not use OpenSSL 1.1 and complain if stuff breaks.
476*** You have been warned, but your choice is respected.
477***
478@<:@0m
468 479
480EOF
481fi
482
483

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines