configure.ac 70.4 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
dnl Copyright (c) 2001-2004, Roger Dingledine
2
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
3
dnl Copyright (c) 2007-2017, The Tor Project, Inc.
Nick Mathewson's avatar
Nick Mathewson committed
4
dnl See LICENSE for licensing information
5

6
AC_PREREQ([2.63])
7
AC_INIT([tor],[0.3.3.4-alpha-dev])
Stewart Smith's avatar
Stewart Smith committed
8
AC_CONFIG_SRCDIR([src/or/main.c])
9
AC_CONFIG_MACRO_DIR([m4])
10
11
12
13

# "foreign" means we don't follow GNU package layout standards
# "1.11" means we require automake version 1.11 or newer
# "subdir-objects" means put .o files in the same directory as the .c files
14
AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects -Wall -Werror])
15

16
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
17
AC_CONFIG_HEADERS([orconfig.h])
18

19
AC_USE_SYSTEM_EXTENSIONS
20
21
AC_CANONICAL_HOST

22
23
PKG_PROG_PKG_CONFIG

24
25
if test -f "/etc/redhat-release"; then
  if test -f "/usr/kerberos/include"; then
26
    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
27
  fi
28
fi
29

30
31
# Not a no-op; we want to make sure that CPPFLAGS is set before we use
# the += operator on it in src/or/Makefile.am
32
CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
33

34
AC_ARG_ENABLE(openbsd-malloc,
35
   AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD.  Linux only]))
36
AC_ARG_ENABLE(static-openssl,
37
   AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
38
AC_ARG_ENABLE(static-libevent,
39
   AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
40
AC_ARG_ENABLE(static-zlib,
41
   AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
42
AC_ARG_ENABLE(static-tor,
43
   AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
44
AC_ARG_ENABLE(unittests,
45
   AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
46
AC_ARG_ENABLE(coverage,
47
   AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
48
49
AC_ARG_ENABLE(asserts-in-tests,
   AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage]))
50
AC_ARG_ENABLE(system-torrc,
51
   AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
Nick Mathewson's avatar
Nick Mathewson committed
52
AC_ARG_ENABLE(libfuzzer,
53
54
55
   AS_HELP_STRING(--enable-libfuzzer, [build extra fuzzers based on 'libfuzzer']))
AC_ARG_ENABLE(oss-fuzz,
   AS_HELP_STRING(--enable-oss-fuzz, [build extra fuzzers based on 'oss-fuzz' environment]))
56
57
AC_ARG_ENABLE(memory-sentinels,
   AS_HELP_STRING(--disable-memory-sentinels, [disable code that tries to prevent some kinds of memory access bugs. For fuzzing only.]))
58
59
AC_ARG_ENABLE(rust,
   AS_HELP_STRING(--enable-rust, [enable rust integration]))
60
61
AC_ARG_ENABLE(cargo-online-mode,
   AS_HELP_STRING(--enable-cargo-online-mode, [Allow cargo to make network requests to fetch crates. For builds with rust only.]))
62
63
AC_ARG_ENABLE(restart-debugging,
   AS_HELP_STRING(--enable-restart-debugging, [Build Tor with support for debugging in-process restart. Developers only.]))
64

65
if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
66
67
68
    AC_MSG_ERROR([Can't disable assertions outside of coverage build])
fi

69
70
71
AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno")
AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes")
AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno")
Nick Mathewson's avatar
Nick Mathewson committed
72
AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes")
73
AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes")
74
AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes")
75

76
77
78
79
80
81
if test "$enable_static_tor" = "yes"; then
  enable_static_libevent="yes";
  enable_static_openssl="yes";
  enable_static_zlib="yes";
  CFLAGS="$CFLAGS -static"
fi
82

83
84
85
86
87
if test "$enable_system_torrc" = "no"; then
  AC_DEFINE(DISABLE_SYSTEM_TORRC, 1,
            [Defined if we're not going to look for a torrc in SYSCONF])
fi

88
89
90
91
92
if test "$enable_memory_sentinels" = "no"; then
  AC_DEFINE(DISABLE_MEMORY_SENTINELS, 1,
           [Defined if we're turning off memory safety code to look for bugs])
fi

93
AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes")
94

95
AC_ARG_ENABLE(asciidoc,
96
     AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
97
     [case "${enableval}" in
98
99
        "yes") asciidoc=true ;;
        "no")  asciidoc=false ;;
100
101
102
        *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
      esac], [asciidoc=true])

103
104
# systemd notify support
AC_ARG_ENABLE(systemd,
105
      AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
106
      [case "${enableval}" in
107
108
        "yes") systemd=true ;;
        "no")  systemd=false ;;
109
110
111
        * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
      esac], [systemd=auto])

112
113
114
115
if test "$enable_restart_debugging" = "yes"; then
  AC_DEFINE(ENABLE_RESTART_DEBUGGING, 1,
            [Defined if we're building with support for in-process restart debugging.])
fi
116
117
118


# systemd support
119
if test "x$enable_systemd" = "xno"; then
120
121
122
123
124
125
    have_systemd=no;
else
    PKG_CHECK_MODULES(SYSTEMD,
        [libsystemd-daemon],
        have_systemd=yes,
        have_systemd=no)
126
    if test "x$have_systemd" = "xno"; then
127
128
129
130
131
132
        AC_MSG_NOTICE([Okay, checking for systemd a different way...])
        PKG_CHECK_MODULES(SYSTEMD,
            [libsystemd],
            have_systemd=yes,
            have_systemd=no)
    fi
133
134
fi

135
if test "x$have_systemd" = "xyes"; then
136
    AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
137
    TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
138
    TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
139
    PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
140
         [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
141
fi
142
AC_SUBST(TOR_SYSTEMD_CFLAGS)
143
144
AC_SUBST(TOR_SYSTEMD_LIBS)

145
if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then
146
147
148
    AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
fi

149
case "$host" in
150
151
152
153
154
   *-*-solaris* )
     AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
     ;;
esac

155
AC_ARG_ENABLE(gcc-warnings,
156
157
158
     AS_HELP_STRING(--enable-gcc-warnings, [deprecated alias for enable-fatal-warnings]))
AC_ARG_ENABLE(fatal-warnings,
     AS_HELP_STRING(--enable-fatal-warnings, [tell the compiler to treat all warnings as errors.]))
159
AC_ARG_ENABLE(gcc-warnings-advisory,
160
     AS_HELP_STRING(--disable-gcc-warnings-advisory, [disable the regular verbose warnings]))
161

162
163
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
AC_ARG_ENABLE(gcc-hardening,
164
    AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))
165

166
dnl Deprecated --enable-expensive-hardening but keep it for now for backward compat.
167
AC_ARG_ENABLE(expensive-hardening,
168
169
170
171
172
173
    AS_HELP_STRING(--enable-expensive-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
AC_ARG_ENABLE(fragile-hardening,
    AS_HELP_STRING(--enable-fragile-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
if test "x$enable_expensive_hardening" = "xyes" || test "x$enable_fragile_hardening" = "xyes"; then
  fragile_hardening="yes"
fi
174

175
176
177
dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with MacOSX
AC_ARG_ENABLE(linker-hardening,
178
    AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))
179

180
AC_ARG_ENABLE(local-appdata,
181
   AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
182
183
184
185
186
if test "$enable_local_appdata" = "yes"; then
  AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
            [Defined if we default to host local appdata paths on Windows])
fi

187
188
# Tor2web mode flag
AC_ARG_ENABLE(tor2web-mode,
189
     AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
190
[if test "x$enableval" = "xyes"; then
191
192
193
    CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
fi])

194
AC_ARG_ENABLE(tool-name-check,
195
     AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
196

197
AC_ARG_ENABLE(seccomp,
198
     AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))
199

200
AC_ARG_ENABLE(libscrypt,
201
     AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
202

203
204
205
206
207
208
209
210
211
212
dnl Enable event tracing which are transformed to debug log statement.
AC_ARG_ENABLE(event-tracing-debug,
     AS_HELP_STRING(--enable-event-tracing-debug, [build with event tracing to debug log]))
AM_CONDITIONAL([USE_EVENT_TRACING_DEBUG], [test "x$enable_event_tracing_debug" = "xyes"])

if test x$enable_event_tracing_debug = xyes; then
  AC_DEFINE([USE_EVENT_TRACING_DEBUG], [1], [Tracing framework to log debug])
  AC_DEFINE([TOR_EVENT_TRACING_ENABLED], [1], [Compile the event tracing instrumentation])
fi

213
214
215
216
217
218
219
220
221
222
223
224
225
226
dnl Enable Android only features.
AC_ARG_ENABLE(android,
     AS_HELP_STRING(--enable-android, [build with Android features enabled]))
AM_CONDITIONAL([USE_ANDROID], [test "x$enable_android" = "xyes"])

if test "x$enable_android" = "xyes"; then
  AC_DEFINE([USE_ANDROID], [1], [Compile with Android specific features enabled])

  dnl Check if the Android log library is available.
  AC_CHECK_HEADERS([android/log.h])
  AC_SEARCH_LIBS(__android_log_write, [log])

fi

227
228
229
230
231
232
233
234
235
dnl check for the correct "ar" when cross-compiling.
dnl   (AM_PROG_AR was new in automake 1.11.2, which we do not yet require,
dnl    so kludge up a replacement for the case where it isn't there yet.)
m4_ifdef([AM_PROG_AR],
         [AM_PROG_AR],
         [AN_MAKEVAR([AR], [AC_PROG_AR])
          AN_PROGRAM([ar], [AC_PROG_AR])
          AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [:])])
          AC_PROG_AR])
236

237
238
239
240
241
242
dnl Check whether the above macro has settled for a simply named tool even
dnl though we're cross compiling. We must do this before running AC_PROG_CC,
dnl because that will find any cc on the system, not only the cross-compiler,
dnl and then verify that a binary built with this compiler runs on the
dnl build system. It will then come to the false conclusion that we're not
dnl cross-compiling.
243
244
if test "x$enable_tool_name_check" != "xno"; then
    if test "x$ac_tool_warned" = "xyes"; then
245
        AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
246
	elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then
247
248
249
250
		AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
	fi
fi

251
AC_PROG_CC
252
AC_PROG_CPP
253
254
AC_PROG_MAKE_SET
AC_PROG_RANLIB
255
AC_PROG_SED
256

257
258
259
AC_ARG_VAR([PERL], [path to Perl binary])
AC_CHECK_PROGS([PERL], [perl])
AM_CONDITIONAL(USE_PERL, [test "x$ac_cv_prog_PERL" != "x"])
260

261
262
dnl check for asciidoc and a2x
AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
263
AC_PATH_PROGS([A2X], [a2x a2x.py], none)
264

265
AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue")
266

267
AM_PROG_CC_C_O
268
AC_PROG_CC_C99
269

270
AC_ARG_VAR([PYTHON], [path to Python binary])
271
AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
272
273
274
275
276
if test "x$PYTHON" = "x"; then
  AC_MSG_WARN([Python unavailable; some tests will not be run.])
fi
AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])

277
dnl List all external rust crates we depend on here. Include the version
278
rust_crates="libc-0.2.39"
279
AC_SUBST(rust_crates)
280

281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
AC_C_FLEXIBLE_ARRAY_MEMBER
], [
 dnl Maybe we've got an old autoconf...
 AC_CACHE_CHECK([for flexible array members],
     tor_cv_c_flexarray,
     [AC_COMPILE_IFELSE(
       AC_LANG_PROGRAM([
 struct abc { int a; char b[]; };
], [
 struct abc *def = malloc(sizeof(struct abc)+sizeof(char));
 def->b[0] = 33;
]),
  [tor_cv_c_flexarray=yes],
  [tor_cv_c_flexarray=no])])
296
 if test "$tor_cv_flexarray" = "yes"; then
297
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
298
 else
299
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
300
301
302
 fi
])

303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
      tor_cv_c_c99_decl,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
	 [tor_cv_c_c99_decl=yes],
	 [tor_cv_c_c99_decl=no] )])
if test "$tor_cv_c_c99_decl" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
fi

AC_CACHE_CHECK([for working C99 designated initializers],
      tor_cv_c_c99_designated_init,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([struct s { int a; int b; };],
  	       [[ struct s ss = { .b = 5, .a = 6 }; ]])],
	 [tor_cv_c_c99_designated_init=yes],
	 [tor_cv_c_c99_designated_init=no] )])

if test "$tor_cv_c_c99_designated_init" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
fi

325
326
TORUSER=_tor
AC_ARG_WITH(tor-user,
327
        AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
328
329
330
331
332
333
334
335
        [
           TORUSER=$withval
        ]
)
AC_SUBST(TORUSER)

TORGROUP=_tor
AC_ARG_WITH(tor-group,
336
        AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
337
338
339
340
341
342
        [
           TORGROUP=$withval
        ]
)
AC_SUBST(TORGROUP)

343

344
dnl If _WIN32 is defined and non-zero, we are building for win32
345
AC_MSG_CHECKING([for win32])
346
AC_RUN_IFELSE([AC_LANG_SOURCE([
347
int main(int c, char **v) {
348
349
#ifdef _WIN32
#if _WIN32
350
351
352
353
354
355
356
  return 0;
#else
  return 1;
#endif
#else
  return 2;
#endif
357
}])],
358
bwin32=true; AC_MSG_RESULT([yes]),
359
360
bwin32=false; AC_MSG_RESULT([no]),
bwin32=cross; AC_MSG_RESULT([cross])
361
362
)

363
if test "$bwin32" = "cross"; then
364
AC_MSG_CHECKING([for win32 (cross)])
365
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
366
#ifdef _WIN32
367
368
369
370
371
int main(int c, char **v) {return 0;}
#else
#error
int main(int c, char **v) {return x(y);}
#endif
372
])],
373
374
375
376
bwin32=true; AC_MSG_RESULT([yes]),
bwin32=false; AC_MSG_RESULT([no]))
fi

377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
AH_BOTTOM([
#ifdef _WIN32
/* Defined to access windows functions and definitions for >=WinXP */
# ifndef WINVER
#  define WINVER 0x0501
# endif

/* Defined to access _other_ windows functions and definitions for >=WinXP */
# ifndef _WIN32_WINNT
#  define _WIN32_WINNT 0x0501
# endif

/* Defined to avoid including some windows headers as part of Windows.h */
# ifndef WIN32_LEAN_AND_MEAN
#  define WIN32_LEAN_AND_MEAN 1
# endif
#endif
])

Nick Mathewson's avatar
Nick Mathewson committed
396

397
AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue")
398
AM_CONDITIONAL(BUILD_LIBTORRUNNER, test "x$bwin32" != "xtrue")
399

400
401
dnl Enable C99 when compiling with MIPSpro
AC_MSG_CHECKING([for MIPSpro compiler])
402
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
403
404
405
406
#if (defined(__sgi) && defined(_COMPILER_VERSION))
#error
  return x(y);
#endif
407
])],
408
bmipspro=false; AC_MSG_RESULT(no),
409
bmipspro=true; AC_MSG_RESULT(yes))
410

411
if test "$bmipspro" = "true"; then
412
413
414
  CFLAGS="$CFLAGS -c99"
fi

415
416
AC_C_BIGENDIAN

417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
if test "x$enable_rust" = "xyes"; then
  AC_ARG_VAR([RUSTC], [path to the rustc binary])
  AC_CHECK_PROG([RUSTC], [rustc], [rustc],[no])
  if test "x$RUSTC" = "xno"; then
    AC_MSG_ERROR([rustc unavailable but rust integration requested.])
  fi

  AC_ARG_VAR([CARGO], [path to the cargo binary])
  AC_CHECK_PROG([CARGO], [cargo], [cargo],[no])
  if test "x$CARGO" = "xno"; then
    AC_MSG_ERROR([cargo unavailable but rust integration requested.])
  fi

  AC_DEFINE([HAVE_RUST], 1, [have Rust])
  if test "x$enable_cargo_online_mode" = "xyes"; then
    CARGO_ONLINE=
    RUST_DL=#
  else
    CARGO_ONLINE=--frozen
    RUST_DL=

    dnl When we're not allowed to touch the network, we need crate dependencies
    dnl locally available.
    AC_MSG_CHECKING([rust crate dependencies])
441
442
443
    AC_ARG_VAR([TOR_RUST_DEPENDENCIES], [path to directory with local crate mirror])
    if test "x$TOR_RUST_DEPENDENCIES" = "x"; then
      TOR_RUST_DEPENDENCIES="$srcdir/src/ext/rust/"
444
445
      NEED_MOD=1
    fi
446
447
    if test ! -d "$TOR_RUST_DEPENDENCIES"; then
      AC_MSG_ERROR([Rust dependency directory $TOR_RUST_DEPENDENCIES does not exist. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
448
      ERRORED=1
449
450
    fi
    for dep in $rust_crates; do
451
452
      if test ! -d "$TOR_RUST_DEPENDENCIES"/"$dep"; then
        AC_MSG_ERROR([Failure to find rust dependency $TOR_RUST_DEPENDENCIES/$dep. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
453
        ERRORED=1
454
455
456
457
      fi
    done
    if test "x$NEED_MOD" = "x1"; then
      dnl When looking for dependencies from cargo, pick right directory
458
      TOR_RUST_DEPENDENCIES="../../src/ext/rust"
459
    fi
460
461
462
    if test "x$ERRORED" = "x"; then
      AC_MSG_RESULT([yes])
    fi
463
464
  fi

465
466
467
468
469
470
471
472
473
  dnl This is a workaround for #46797
  dnl (a.k.a https://github.com/rust-lang/rust/issues/46797 ).  Once the
  dnl upstream bug is fixed, we can remove this workaround.
  case "$host_os" in
      darwin*)
        TOR_RUST_EXTRA_LIBS="-lresolv"
	;;
  esac

474
475
476
  dnl For now both MSVC and MinGW rust libraries will output static libs with
  dnl the MSVC naming convention.
  if test "$bwin32" = "true"; then
477
    TOR_RUST_STATIC_NAME=tor_rust.lib
478
  else
479
    TOR_RUST_STATIC_NAME=libtor_rust.a
480
481
  fi

482
  AC_SUBST(TOR_RUST_STATIC_NAME)
483
484
485
486
487
  AC_SUBST(CARGO_ONLINE)
  AC_SUBST(RUST_DL)

  dnl Let's check the rustc version, too
  AC_MSG_CHECKING([rust version])
488
  RUSTC_VERSION=`$RUSTC --version`
489
490
491
492
493
494
495
496
  RUSTC_VERSION_MAJOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 1`
  RUSTC_VERSION_MINOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 2`
  if test "x$RUSTC_VERSION_MAJOR" = "x" -o "x$RUSTC_VERSION_MINOR" = "x"; then
    AC_MSG_ERROR([rustc version couldn't be identified])
  fi
  if test "$RUSTC_VERSION_MAJOR" -lt 2 -a "$RUSTC_VERSION_MINOR" -lt 14; then
    AC_MSG_ERROR([rustc must be at least version 1.14])
  fi
497
  AC_MSG_RESULT([$RUSTC_VERSION])
498
499
fi

500
501
AC_SUBST(TOR_RUST_EXTRA_LIBS)

502
AC_SEARCH_LIBS(socket, [socket network])
503
AC_SEARCH_LIBS(gethostbyname, [nsl])
504
AC_SEARCH_LIBS(dlopen, [dl])
505
AC_SEARCH_LIBS(inet_aton, [resolv])
506
AC_SEARCH_LIBS(backtrace, [execinfo])
507
508
509
510
511
512
saved_LIBS="$LIBS"
AC_SEARCH_LIBS([clock_gettime], [rt])
if test "$LIBS" != "$saved_LIBS"; then
   # Looks like we need -lrt for clock_gettime().
   have_rt=yes
fi
513

514
515
AC_SEARCH_LIBS(pthread_create, [pthread])
AC_SEARCH_LIBS(pthread_detach, [pthread])
516

517
518
AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true")
AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
519

520
AC_CHECK_FUNCS(
521
        _NSGetEnviron \
522
523
	RtlSecureZeroMemory \
	SecureZeroMemory \
Sebastian Hahn's avatar
Sebastian Hahn committed
524
        accept4 \
Nick Mathewson's avatar
Nick Mathewson committed
525
526
        backtrace \
        backtrace_symbols_fd \
527
	eventfd \
528
	explicit_bzero \
529
	timingsafe_memcmp \
530
531
        flock \
        ftime \
532
        get_current_dir_name \
533
        getaddrinfo \
Sebastian Hahn's avatar
Sebastian Hahn committed
534
        getifaddrs \
535
        getpass \
536
537
538
        getrlimit \
        gettimeofday \
        gmtime_r \
539
	gnu_get_libc_version \
540
	htonll \
541
        inet_aton \
Sebastian Hahn's avatar
Sebastian Hahn committed
542
        ioctl \
543
        issetugid \
544
        llround \
545
        localtime_r \
Sebastian Hahn's avatar
Sebastian Hahn committed
546
        lround \
547
	mach_approximate_time \
548
        memmem \
549
        memset_s \
550
551
	pipe \
	pipe2 \
552
        prctl \
553
	readpassphrase \
Sebastian Hahn's avatar
Sebastian Hahn committed
554
        rint \
Nick Mathewson's avatar
Nick Mathewson committed
555
        sigaction \
556
        socketpair \
557
	statvfs \
558
559
        strlcat \
        strlcpy \
560
	strnlen \
561
562
563
564
        strptime \
        strtok_r \
        strtoull \
        sysconf \
565
	sysctl \
Nick Mathewson's avatar
Nick Mathewson committed
566
	truncate \
567
        uname \
568
	usleep \
569
        vasprintf \
570
	_vscprintf
571
)
572

573
574
575
# Apple messed up when they added two functions functions in Sierra: they
# forgot to decorate them with appropriate AVAILABLE_MAC_OS_VERSION
# checks. So we should only probe for those functions if we are sure that we
576
# are not targeting OSX 10.11 or earlier.
577
AC_MSG_CHECKING([for a pre-Sierra OSX build target])
578
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
579
580
#ifdef __APPLE__
#  include <AvailabilityMacros.h>
581
582
#  ifndef MAC_OS_X_VERSION_10_12
#    define MAC_OS_X_VERSION_10_12 101200
583
584
#  endif
#  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
585
#    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
586
587
588
589
#      error "Running on Mac OSX 10.11 or earlier"
#    endif
#  endif
#endif
590
]], [[]])],
591
592
593
594
595
596
597
598
599
600
   [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])],
   [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])])

if test "$on_macos_pre_10_12" = "no"; then
  AC_CHECK_FUNCS(
        clock_gettime \
        getentropy \
  )
fi

601
if test "$bwin32" != "true"; then
602
603
  AC_CHECK_HEADERS(pthread.h)
  AC_CHECK_FUNCS(pthread_create)
604
  AC_CHECK_FUNCS(pthread_condattr_setclock)
605
606
fi

607
if test "$bwin32" = "true"; then
608
609
610
611
612
613
614
  AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [
#include <windows.h>
#include <conio.h>
#include <wchar.h>
                 ])
fi

615
616
AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
  test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")
617

618
dnl ------------------------------------------------------
619
dnl Where do you live, libevent?  And how do we call you?
620

621
if test "$bwin32" = "true"; then
622
  TOR_LIB_WS32=-lws2_32
623
  TOR_LIB_IPHLPAPI=-liphlpapi
624
625
  # Some of the cargo-cults recommend -lwsock32 as well, but I don't
  # think it's actually necessary.
626
  TOR_LIB_GDI=-lgdi32
627
  TOR_LIB_USERENV=-luserenv
Nick Mathewson's avatar
   
Nick Mathewson committed
628
else
629
630
  TOR_LIB_WS32=
  TOR_LIB_GDI=
631
  TOR_LIB_USERENV=
Nick Mathewson's avatar
   
Nick Mathewson committed
632
fi
633
634
AC_SUBST(TOR_LIB_WS32)
AC_SUBST(TOR_LIB_GDI)
635
AC_SUBST(TOR_LIB_IPHLPAPI)
636
AC_SUBST(TOR_LIB_USERENV)
Nick Mathewson's avatar
   
Nick Mathewson committed
637

638
tor_libevent_pkg_redhat="libevent"
639
tor_libevent_pkg_debian="libevent-dev"
640
641
642
tor_libevent_devpkg_redhat="libevent-devel"
tor_libevent_devpkg_debian="libevent-dev"

643
644
645
646
dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
dnl linking for static builds.
STATIC_LIBEVENT_FLAGS=""
if test "$enable_static_libevent" = "yes"; then
647
    if test "$have_rt" = "yes"; then
648
649
650
651
652
      STATIC_LIBEVENT_FLAGS=" -lrt "
    fi
fi

TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
653
#ifdef _WIN32
654
655
#include <winsock2.h>
#endif
656
#include <sys/time.h>
Roger Dingledine's avatar
Roger Dingledine committed
657
#include <sys/types.h>
658
#include <event2/event.h>], [
659
#ifdef _WIN32
660
661
#include <winsock2.h>
#endif
662
struct event_base;
663
664
struct event_base *event_base_new(void);
void event_base_free(struct event_base *);],
665
    [
666
#ifdef _WIN32
667
{WSADATA d; WSAStartup(0x101,&d); }
668
#endif
Alex Xu's avatar
Alex Xu committed
669
event_base_free(event_base_new());
670
], [--with-libevent-dir], [/opt/libevent])
671

672
dnl Determine the incantation needed to link libevent.
673
674
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
675
save_CPPFLAGS="$CPPFLAGS"
676
677

LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS"
678
LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
679
CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"
680

681
682
AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)

683
684
685
686
if test "$enable_static_libevent" = "yes"; then
   if test "$tor_cv_library_libevent_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent")
   else
687
     TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
688
689
   fi
else
690
     if test "x$ac_cv_header_event2_event_h" = "xyes"; then
Nick Mathewson's avatar
Nick Mathewson committed
691
692
       AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new"))
       AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new"))
693

694
       if test "$ac_cv_search_event_new" != "none required"; then
695
696
         TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
       fi
697
       if test "$ac_cv_search_evdns_base_new" != "none required"; then
698
699
700
         TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
       fi
     else
701
       AC_MSG_ERROR("libevent2 is required but the headers could not be found")
702
     fi
703
704
fi

705
706
707
708
709
dnl Now check for particular libevent functions.
AC_CHECK_FUNCS([evutil_secure_rng_set_urandom_device_file \
                evutil_secure_rng_add_bytes \
])

710
711
712
713
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

714
715
716
717
718
dnl Check that libevent is at least at version 2.0.10, the first stable
dnl release of its series
CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent"
AC_MSG_CHECKING([whether Libevent is new enough])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
719
#include <event2/event.h>
720
#if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 0x02000a00
721
722
723
724
725
#error
int x = y(zz);
#else
int x = 1;
#endif
726
727
728
729
730
731
732
733
])], [ AC_MSG_RESULT([yes]) ],
   [ AC_MSG_RESULT([no])
     AC_MSG_ERROR([Libevent is not new enough.  We require 2.0.10-stable or later]) ] )

LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

734
AC_SUBST(TOR_LIBEVENT_LIBS)
735

736
737
738
739
740
741
742
dnl ------------------------------------------------------
dnl Where do you live, libm?

dnl On some platforms (Haiku/BeOS) the math library is
dnl part of libroot. In which case don't link against lm
TOR_LIB_MATH=""
save_LIBS="$LIBS"
743
744
745
AC_SEARCH_LIBS(pow, [m], , AC_MSG_ERROR([Could not find pow in libm or libc.]))
if test "$ac_cv_search_pow" != "none required"; then
    TOR_LIB_MATH="$ac_cv_search_pow"
746
747
748
749
fi
LIBS="$save_LIBS"
AC_SUBST(TOR_LIB_MATH)

750
dnl ------------------------------------------------------
751
dnl Where do you live, openssl?  And how do we call you?
752

753
tor_openssl_pkg_redhat="openssl"
754
tor_openssl_pkg_debian="libssl-dev"
755
756
757
tor_openssl_devpkg_redhat="openssl-devel"
tor_openssl_devpkg_debian="libssl-dev"

758
759
ALT_openssl_WITHVAL=""
AC_ARG_WITH(ssl-dir,
760
  AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
761
  [
762
      if test "x$withval" != "xno" && test "x$withval" != "x"; then
763
764
765
766
         ALT_openssl_WITHVAL="$withval"
      fi
  ])

767
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
768
TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32],
769
770
771
    [#include <openssl/ssl.h>],
    [struct ssl_method_st; const struct ssl_method_st *TLSv1_1_method(void);],
    [TLSv1_1_method();], [],
772
    [/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
773

774
775
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()

776
777
778
779
if test "$enable_static_openssl" = "yes"; then
   if test "$tor_cv_library_openssl_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
   else
780
     TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
781
782
   fi
else
783
     TOR_OPENSSL_LIBS="-lssl -lcrypto"
784
785
786
fi
AC_SUBST(TOR_OPENSSL_LIBS)

787
788
789
790
791
792
793
dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
794

795
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
796
#include <openssl/opensslv.h>
797
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
798
799
#error "too old"
#endif
800
   ]], [[]])],
801
   [ : ],
802
   [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
803

804
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
805
806
807
808
809
810
811
812
#include <openssl/opensslv.h>
#include <openssl/evp.h>
#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA)
#error "no ECC"
#endif
#if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1)
#error "curves unavailable"
#endif
813
   ]], [[]])],
814
   [ : ],
815
   [ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
816

817
818
819
820
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])

821
822
823
824
825
AC_CHECK_FUNCS([ \
		SSL_SESSION_get_master_key \
		SSL_get_server_random \
                SSL_get_client_ciphers \
                SSL_get_client_random \
826
		SSL_CIPHER_find \
827
		TLS_method
828
	       ])
rl1987's avatar
rl1987 committed
829
830
831
832

dnl Check if OpenSSL has scrypt implementation.
AC_CHECK_FUNCS([ EVP_PBE_scrypt ])

833
834
835
836
837
dnl Check if OpenSSL structures are opaque
AC_CHECK_MEMBERS([SSL.state], , ,
[#include <openssl/ssl.h>
])

838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
dnl Define the set of checks for KIST scheduler support.
AC_DEFUN([CHECK_KIST_SUPPORT],[
  dnl KIST needs struct tcp_info and for certain members to exist.
  AC_CHECK_MEMBERS(
    [struct tcp_info.tcpi_unacked, struct tcp_info.tcpi_snd_mss],
    , ,[[#include <netinet/tcp.h>]])
  dnl KIST needs SIOCOUTQNSD to exist for an ioctl call.
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
                     #include <linux/sockios.h>
                     #ifndef SIOCOUTQNSD
                     #error
                     #endif
                     ])], have_siocoutqnsd=yes, have_siocoutqnsd=no)
  if test "x$have_siocoutqnsd" = "xyes"; then
    if test "x$ac_cv_member_struct_tcp_info_tcpi_unacked" = "xyes"; then
      if test "x$ac_cv_member_struct_tcp_info_tcpi_snd_mss" = "xyes"; then
        have_kist_support=yes
      fi
    fi
  fi
])
dnl Now, trigger the check.
CHECK_KIST_SUPPORT
AS_IF([test "x$have_kist_support" = "xyes"],
      [AC_DEFINE(HAVE_KIST_SUPPORT, 1, [Defined if KIST scheduler is supported
                                        on this system])],
      [AC_MSG_NOTICE([KIST scheduler can't be used. Missing support.])])

866
867
868
869
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

870
871
872
dnl ------------------------------------------------------
dnl Where do you live, zlib?  And how do we call you?

873
874
875
876
tor_zlib_pkg_redhat="zlib"
tor_zlib_pkg_debian="zlib1g"
tor_zlib_devpkg_redhat="zlib-devel"
tor_zlib_devpkg_debian="zlib1g-dev"
877
878
879
880

TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
    [#include <zlib.h>],
    [const char * zlibVersion(void);],
881
    [zlibVersion();], [--with-zlib-dir],
882
883
    [/opt/zlib])

884
885
886
887
888
889
890
891
892
893
894
895
if test "$enable_static_zlib" = "yes"; then
   if test "$tor_cv_library_zlib_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-zlib-dir=x option when
 using --enable-static-zlib")
   else
     TOR_ZLIB_LIBS="$TOR_LIBDIR_zlib/libz.a"
   fi
else
     TOR_ZLIB_LIBS="-lz"
fi
AC_SUBST(TOR_ZLIB_LIBS)

896
897
898
899
dnl ------------------------------------------------------
dnl Where we do we find lzma?

AC_ARG_ENABLE(lzma,
Taylor Yu's avatar
Taylor Yu committed
900
      AS_HELP_STRING(--enable-lzma, [enable support for the LZMA compression scheme.]),
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
      [case "${enableval}" in
        "yes") lzma=true ;;
        "no")  lzma=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-lzma) ;;
      esac], [lzma=auto])

if test "x$enable_lzma" = "xno"; then
    have_lzma=no;
else
    PKG_CHECK_MODULES([LZMA],
                      [liblzma],
                      have_lzma=yes,
                      have_lzma=no)

    if test "x$have_lzma" = "xno" ; then
        AC_MSG_WARN([Unable to find liblzma.])
    fi
fi

if test "x$have_lzma" = "xyes"; then
    AC_DEFINE(HAVE_LZMA,1,[Have LZMA])
    TOR_LZMA_CFLAGS="${LZMA_CFLAGS}"
    TOR_LZMA_LIBS="${LZMA_LIBS}"
fi
AC_SUBST(TOR_LZMA_CFLAGS)
AC_SUBST(TOR_LZMA_LIBS)

928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
dnl ------------------------------------------------------
dnl Where we do we find zstd?

AC_ARG_ENABLE(zstd,
      AS_HELP_STRING(--enable-zstd, [enable support for the Zstandard compression scheme.]),
      [case "${enableval}" in
        "yes") zstd=true ;;
        "no")  zstd=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-zstd) ;;
      esac], [zstd=auto])

if test "x$enable_zstd" = "xno"; then
    have_zstd=no;
else
    PKG_CHECK_MODULES([ZSTD],
Taylor Yu's avatar
Taylor Yu committed
943
                      [libzstd >= 1.1],
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
                      have_zstd=yes,
                      have_zstd=no)

    if test "x$have_zstd" = "xno" ; then
        AC_MSG_WARN([Unable to find libzstd.])
    fi
fi

if test "x$have_zstd" = "xyes"; then
    AC_DEFINE(HAVE_ZSTD,1,[Have Zstd])
    TOR_ZSTD_CFLAGS="${ZSTD_CFLAGS}"
    TOR_ZSTD_LIBS="${ZSTD_LIBS}"
fi
AC_SUBST(TOR_ZSTD_CFLAGS)
AC_SUBST(TOR_ZSTD_LIBS)

960
961
962
963
964
965
966
967
968
969
970
971
972
dnl ----------------------------------------------------------------------
dnl Check if libcap is available for capabilities.

tor_cap_pkg_debian="libcap2"
tor_cap_pkg_redhat="libcap"
tor_cap_devpkg_debian="libcap-dev"
tor_cap_devpkg_redhat="libcap-devel"

AC_CHECK_LIB([cap], [cap_init], [],
  AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.])
)
AC_CHECK_FUNCS(cap_set_proc)

973
974
975
976
977
dnl ---------------------------------------------------------------------
dnl Now that we know about our major libraries, we can check for compiler
dnl and linker hardening options.  We need to do this with the libraries known,
dnl since sometimes the linker will like an option but not be willing to
dnl use it with a build of a library.
978

979
all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
980
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_LIB_USERENV $TOR_CAP_LIBS"
981

982
983
984
985
986
CFLAGS_FTRAPV=
CFLAGS_FWRAPV=
CFLAGS_ASAN=
CFLAGS_UBSAN=

Nick Mathewson's avatar
Nick Mathewson committed
987

988
989
990
991
992
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
#if !defined(__clang__)
#error
#endif])], have_clang=yes, have_clang=no)

993
if test "x$enable_gcc_hardening" != "xno"; then
994
    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
995
    if test "x$have_clang" = "xyes"; then
996
997
        TOR_CHECK_CFLAGS(-Qunused-arguments)
    fi
998
999
1000
    TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
    AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
    AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
1001
m4_ifdef([AS_VAR_IF],[
1002
1003
1004
1005
    AS_VAR_IF(can_compile, [yes],
        AS_VAR_IF(can_link, [yes],
                  [],
                  AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
1006
        )])
1007
1008
    AS_VAR_POPDEF([can_link])
    AS_VAR_POPDEF([can_compile])
1009
1010
    TOR_CHECK_CFLAGS(-Wstack-protector)
    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
Nick Mathewson's avatar
Nick Mathewson committed
1011
    if test "$bwin32" = "false" && test "$enable_libfuzzer" != "yes" && test "$enable_oss_fuzz" != "yes"; then
1012
1013
1014
       TOR_CHECK_CFLAGS(-fPIE)
       TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
    fi
1015
    TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
1016
fi
1017

1018
if test "$fragile_hardening" = "yes"; then
1019
1020
1021
1022
1023
    TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
   if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
      AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
   fi

1024
   if test "$tor_cv_cflags__ftrapv" != "yes"; then
1025
     AC_MSG_ERROR([You requested fragile hardening, but the compiler does not seem to support -ftrapv.])
1026
1027
1028
1029
   fi

   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], also_link, CFLAGS_ASAN="-fsanitize=address", true)
    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
1030
      AC_MSG_ERROR([The compiler supports -fsanitize=address, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libubsan.*, and with Clang you need libclang_rt.ubsan*])
1031
1032
1033
1034
    fi

   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], also_link, CFLAGS_UBSAN="-fsanitize=undefined", true)
    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
1035
      AC_MSG_ERROR([The compiler supports -fsanitize=undefined, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libasan.*, and with Clang you need libclang_rt.ubsan*])
1036
1037
1038
    fi

TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
1039
1040
fi

1041
1042
1043
CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN"
CFLAGS_CONSTTIME="$CFLAGS_FWRAPV"

1044
mulodi_fixes_ftrapv=no
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
if test "$have_clang" = "yes"; then
  saved_CFLAGS="$CFLAGS"
  CFLAGS="$CFLAGS $CFLAGS_FTRAPV"
  AC_MSG_CHECKING([whether clang -ftrapv can link a 64-bit int multiply])
  AC_LINK_IFELSE([
      AC_LANG_SOURCE([[
          #include <stdint.h>
          #include <stdlib.h>
	  int main(int argc, char **argv)
	  {
            int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
1056
	                * (int64_t)atoi(argv[3]);
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
	    return x == 9;
	  } ]])],
	  [ftrapv_can_link=yes; AC_MSG_RESULT([yes])],
	  [ftrapv_can_link=no; AC_MSG_RESULT([no])])
  if test "$ftrapv_can_link" = "no"; then
    AC_MSG_CHECKING([whether defining __mulodi4 fixes that])
    AC_LINK_IFELSE([
      AC_LANG_SOURCE([[
          #include <stdint.h>
          #include <stdlib.h>
	  int64_t __mulodi4(int64_t a, int64_t b, int *overflow) {
             *overflow=0;
	     return a;
          }
	  int main(int argc, char **argv)
	  {
            int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
1074
	                * (int64_t)atoi(argv[3]);
1075
1076
1077
1078
1079
1080
1081
1082
	    return x == 9;
	  } ]])],
	  [mulodi_fixes_ftrapv=yes; AC_MSG_RESULT([yes])],
	  [mulodi_fixes_ftrapv=no; AC_MSG_RESULT([no])])
  fi
  CFLAGS="$saved_CFLAGS"
fi

1083
1084
AM_CONDITIONAL(ADD_MULODI4, test "$mulodi_fixes_ftrapv" = "yes")

1085
1086
1087
1088
1089
1090
1091
1092
dnl These cflags add bunches of branches, and we haven't been able to
dnl persuade ourselves that they're suitable for code that needs to be
dnl constant time.
AC_SUBST(CFLAGS_BUGTRAP)
dnl These cflags are variant ones sutable for code that needs to be
dnl constant-time.
AC_SUBST(CFLAGS_CONSTTIME)

1093
if test "x$enable_linker_hardening" != "xno"; then
1094
1095
    TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
fi
1096

1097
1098
1099
# For backtrace support
TOR_CHECK_LDFLAGS(-rdynamic)

1100
dnl ------------------------------------------------------
1101
1102
1103
1104
dnl Now see if we have a -fomit-frame-pointer compiler option.

saved_CFLAGS="$CFLAGS"
TOR_CHECK_CFLAGS(-fomit-frame-pointer)
1105
F_OMIT_FRAME_POINTER=''
1106
if test "$saved_CFLAGS" != "$CFLAGS"; then
1107
  if test "$fragile_hardening" = "yes"; then
1108
1109
    F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
  fi
1110
1111
1112
1113
fi
CFLAGS="$saved_CFLAGS"
AC_SUBST(F_OMIT_FRAME_POINTER)

1114
1115
1116
1117
1118
1119
1120
dnl ------------------------------------------------------
dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
dnl for us, as GCC 4.6 and later do at many optimization levels), then
dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
dnl code will work.
TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)