configure.ac 70.3 KB
Newer Older
Roger Dingledine's avatar
Roger Dingledine committed
1
dnl Copyright (c) 2001-2004, Roger Dingledine
2
dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
3
dnl Copyright (c) 2007-2017, The Tor Project, Inc.
Nick Mathewson's avatar
Nick Mathewson committed
4
dnl See LICENSE for licensing information
5

6
AC_PREREQ([2.63])
7
AC_INIT([tor],[0.3.3.1-alpha-dev])
Stewart Smith's avatar
Stewart Smith committed
8
AC_CONFIG_SRCDIR([src/or/main.c])
9
AC_CONFIG_MACRO_DIR([m4])
10
11
12
13

# "foreign" means we don't follow GNU package layout standards
# "1.11" means we require automake version 1.11 or newer
# "subdir-objects" means put .o files in the same directory as the .c files
14
AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects -Wall -Werror])
15

16
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
17
AC_CONFIG_HEADERS([orconfig.h])
18

19
AC_USE_SYSTEM_EXTENSIONS
20
21
AC_CANONICAL_HOST

22
23
PKG_PROG_PKG_CONFIG

24
25
if test -f "/etc/redhat-release"; then
  if test -f "/usr/kerberos/include"; then
26
    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
27
  fi
28
fi
29

30
31
# Not a no-op; we want to make sure that CPPFLAGS is set before we use
# the += operator on it in src/or/Makefile.am
32
CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
33

34
AC_ARG_ENABLE(openbsd-malloc,
35
   AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD.  Linux only]))
36
AC_ARG_ENABLE(static-openssl,
37
   AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
38
AC_ARG_ENABLE(static-libevent,
39
   AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
40
AC_ARG_ENABLE(static-zlib,
41
   AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
42
AC_ARG_ENABLE(static-tor,
43
   AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
44
AC_ARG_ENABLE(unittests,
45
   AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
46
AC_ARG_ENABLE(coverage,
47
   AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
48
49
AC_ARG_ENABLE(asserts-in-tests,
   AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage]))
50
AC_ARG_ENABLE(system-torrc,
51
   AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
Nick Mathewson's avatar
Nick Mathewson committed
52
AC_ARG_ENABLE(libfuzzer,
53
54
55
   AS_HELP_STRING(--enable-libfuzzer, [build extra fuzzers based on 'libfuzzer']))
AC_ARG_ENABLE(oss-fuzz,
   AS_HELP_STRING(--enable-oss-fuzz, [build extra fuzzers based on 'oss-fuzz' environment]))
56
57
AC_ARG_ENABLE(memory-sentinels,
   AS_HELP_STRING(--disable-memory-sentinels, [disable code that tries to prevent some kinds of memory access bugs. For fuzzing only.]))
58
59
AC_ARG_ENABLE(rust,
   AS_HELP_STRING(--enable-rust, [enable rust integration]))
60
61
AC_ARG_ENABLE(cargo-online-mode,
   AS_HELP_STRING(--enable-cargo-online-mode, [Allow cargo to make network requests to fetch crates. For builds with rust only.]))
62
63
AC_ARG_ENABLE(restart-debugging,
   AS_HELP_STRING(--enable-restart-debugging, [Build Tor with support for debugging in-process restart. Developers only.]))
64

65
if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
66
67
68
    AC_MSG_ERROR([Can't disable assertions outside of coverage build])
fi

69
70
71
AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno")
AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes")
AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno")
Nick Mathewson's avatar
Nick Mathewson committed
72
AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes")
73
AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes")
74
AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes")
75

76
77
78
79
80
81
if test "$enable_static_tor" = "yes"; then
  enable_static_libevent="yes";
  enable_static_openssl="yes";
  enable_static_zlib="yes";
  CFLAGS="$CFLAGS -static"
fi
82

83
84
85
86
87
if test "$enable_system_torrc" = "no"; then
  AC_DEFINE(DISABLE_SYSTEM_TORRC, 1,
            [Defined if we're not going to look for a torrc in SYSCONF])
fi

88
89
90
91
92
if test "$enable_memory_sentinels" = "no"; then
  AC_DEFINE(DISABLE_MEMORY_SENTINELS, 1,
           [Defined if we're turning off memory safety code to look for bugs])
fi

93
AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes")
94

95
AC_ARG_ENABLE(asciidoc,
96
     AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
97
     [case "${enableval}" in
98
99
        "yes") asciidoc=true ;;
        "no")  asciidoc=false ;;
100
101
102
        *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
      esac], [asciidoc=true])

103
104
# systemd notify support
AC_ARG_ENABLE(systemd,
105
      AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
106
      [case "${enableval}" in
107
108
        "yes") systemd=true ;;
        "no")  systemd=false ;;
109
110
111
        * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
      esac], [systemd=auto])

112
113
114
115
if test "$enable_restart_debugging" = "yes"; then
  AC_DEFINE(ENABLE_RESTART_DEBUGGING, 1,
            [Defined if we're building with support for in-process restart debugging.])
fi
116
117
118


# systemd support
119
if test "x$enable_systemd" = "xno"; then
120
121
122
123
124
125
    have_systemd=no;
else
    PKG_CHECK_MODULES(SYSTEMD,
        [libsystemd-daemon],
        have_systemd=yes,
        have_systemd=no)
126
    if test "x$have_systemd" = "xno"; then
127
128
129
130
131
132
        AC_MSG_NOTICE([Okay, checking for systemd a different way...])
        PKG_CHECK_MODULES(SYSTEMD,
            [libsystemd],
            have_systemd=yes,
            have_systemd=no)
    fi
133
134
fi

135
if test "x$have_systemd" = "xyes"; then
136
    AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
137
    TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
138
    TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
139
    PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
140
         [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
141
fi
142
AC_SUBST(TOR_SYSTEMD_CFLAGS)
143
144
AC_SUBST(TOR_SYSTEMD_LIBS)

145
if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then
146
147
148
    AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
fi

149
case "$host" in
150
151
152
153
154
   *-*-solaris* )
     AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
     ;;
esac

155
AC_ARG_ENABLE(gcc-warnings,
156
157
158
     AS_HELP_STRING(--enable-gcc-warnings, [deprecated alias for enable-fatal-warnings]))
AC_ARG_ENABLE(fatal-warnings,
     AS_HELP_STRING(--enable-fatal-warnings, [tell the compiler to treat all warnings as errors.]))
159
AC_ARG_ENABLE(gcc-warnings-advisory,
160
     AS_HELP_STRING(--disable-gcc-warnings-advisory, [disable the regular verbose warnings]))
161

162
163
dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
AC_ARG_ENABLE(gcc-hardening,
164
    AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))
165

166
dnl Deprecated --enable-expensive-hardening but keep it for now for backward compat.
167
AC_ARG_ENABLE(expensive-hardening,
168
169
170
171
172
173
    AS_HELP_STRING(--enable-expensive-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
AC_ARG_ENABLE(fragile-hardening,
    AS_HELP_STRING(--enable-fragile-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
if test "x$enable_expensive_hardening" = "xyes" || test "x$enable_fragile_hardening" = "xyes"; then
  fragile_hardening="yes"
fi
174

175
176
177
dnl Linker hardening options
dnl Currently these options are ELF specific - you can't use this with MacOSX
AC_ARG_ENABLE(linker-hardening,
178
    AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))
179

180
AC_ARG_ENABLE(local-appdata,
181
   AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
182
183
184
185
186
if test "$enable_local_appdata" = "yes"; then
  AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
            [Defined if we default to host local appdata paths on Windows])
fi

187
188
# Tor2web mode flag
AC_ARG_ENABLE(tor2web-mode,
189
     AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
190
[if test "x$enableval" = "xyes"; then
191
192
193
    CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
fi])

194
AC_ARG_ENABLE(tool-name-check,
195
     AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
196

197
AC_ARG_ENABLE(seccomp,
198
     AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))
199

200
AC_ARG_ENABLE(libscrypt,
201
     AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
202

203
204
205
206
207
208
209
210
211
212
dnl Enable event tracing which are transformed to debug log statement.
AC_ARG_ENABLE(event-tracing-debug,
     AS_HELP_STRING(--enable-event-tracing-debug, [build with event tracing to debug log]))
AM_CONDITIONAL([USE_EVENT_TRACING_DEBUG], [test "x$enable_event_tracing_debug" = "xyes"])

if test x$enable_event_tracing_debug = xyes; then
  AC_DEFINE([USE_EVENT_TRACING_DEBUG], [1], [Tracing framework to log debug])
  AC_DEFINE([TOR_EVENT_TRACING_ENABLED], [1], [Compile the event tracing instrumentation])
fi

213
214
215
216
217
218
219
220
221
222
223
224
225
226
dnl Enable Android only features.
AC_ARG_ENABLE(android,
     AS_HELP_STRING(--enable-android, [build with Android features enabled]))
AM_CONDITIONAL([USE_ANDROID], [test "x$enable_android" = "xyes"])

if test "x$enable_android" = "xyes"; then
  AC_DEFINE([USE_ANDROID], [1], [Compile with Android specific features enabled])

  dnl Check if the Android log library is available.
  AC_CHECK_HEADERS([android/log.h])
  AC_SEARCH_LIBS(__android_log_write, [log])

fi

227
228
229
230
231
232
233
234
235
dnl check for the correct "ar" when cross-compiling.
dnl   (AM_PROG_AR was new in automake 1.11.2, which we do not yet require,
dnl    so kludge up a replacement for the case where it isn't there yet.)
m4_ifdef([AM_PROG_AR],
         [AM_PROG_AR],
         [AN_MAKEVAR([AR], [AC_PROG_AR])
          AN_PROGRAM([ar], [AC_PROG_AR])
          AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [:])])
          AC_PROG_AR])
236

237
238
239
240
241
242
dnl Check whether the above macro has settled for a simply named tool even
dnl though we're cross compiling. We must do this before running AC_PROG_CC,
dnl because that will find any cc on the system, not only the cross-compiler,
dnl and then verify that a binary built with this compiler runs on the
dnl build system. It will then come to the false conclusion that we're not
dnl cross-compiling.
243
244
if test "x$enable_tool_name_check" != "xno"; then
    if test "x$ac_tool_warned" = "xyes"; then
245
        AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
246
	elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then
247
248
249
250
		AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
	fi
fi

251
AC_PROG_CC
252
AC_PROG_CPP
253
254
AC_PROG_MAKE_SET
AC_PROG_RANLIB
255
AC_PROG_SED
256

257
258
259
AC_ARG_VAR([PERL], [path to Perl binary])
AC_CHECK_PROGS([PERL], [perl])
AM_CONDITIONAL(USE_PERL, [test "x$ac_cv_prog_PERL" != "x"])
260

261
262
dnl check for asciidoc and a2x
AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
263
AC_PATH_PROGS([A2X], [a2x a2x.py], none)
264

265
AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue")
266

267
AM_PROG_CC_C_O
268
AC_PROG_CC_C99
269

270
AC_ARG_VAR([PYTHON], [path to Python binary])
271
AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
272
273
274
275
276
if test "x$PYTHON" = "x"; then
  AC_MSG_WARN([Python unavailable; some tests will not be run.])
fi
AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])

277
278
279
dnl List all external rust crates we depend on here. Include the version
rust_crates="libc-0.2.22"
AC_SUBST(rust_crates)
280

281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
AC_C_FLEXIBLE_ARRAY_MEMBER
], [
 dnl Maybe we've got an old autoconf...
 AC_CACHE_CHECK([for flexible array members],
     tor_cv_c_flexarray,
     [AC_COMPILE_IFELSE(
       AC_LANG_PROGRAM([
 struct abc { int a; char b[]; };
], [
 struct abc *def = malloc(sizeof(struct abc)+sizeof(char));
 def->b[0] = 33;
]),
  [tor_cv_c_flexarray=yes],
  [tor_cv_c_flexarray=no])])
296
 if test "$tor_cv_flexarray" = "yes"; then
297
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
298
 else
299
   AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
300
301
302
 fi
])

303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
      tor_cv_c_c99_decl,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
	 [tor_cv_c_c99_decl=yes],
	 [tor_cv_c_c99_decl=no] )])
if test "$tor_cv_c_c99_decl" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
fi

AC_CACHE_CHECK([for working C99 designated initializers],
      tor_cv_c_c99_designated_init,
      [AC_COMPILE_IFELSE(
         [AC_LANG_PROGRAM([struct s { int a; int b; };],
  	       [[ struct s ss = { .b = 5, .a = 6 }; ]])],
	 [tor_cv_c_c99_designated_init=yes],
	 [tor_cv_c_c99_designated_init=no] )])

if test "$tor_cv_c_c99_designated_init" != "yes"; then
  AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
fi

325
326
TORUSER=_tor
AC_ARG_WITH(tor-user,
327
        AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
328
329
330
331
332
333
334
335
        [
           TORUSER=$withval
        ]
)
AC_SUBST(TORUSER)

TORGROUP=_tor
AC_ARG_WITH(tor-group,
336
        AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
337
338
339
340
341
342
        [
           TORGROUP=$withval
        ]
)
AC_SUBST(TORGROUP)

343

344
dnl If _WIN32 is defined and non-zero, we are building for win32
345
AC_MSG_CHECKING([for win32])
346
AC_RUN_IFELSE([AC_LANG_SOURCE([
347
int main(int c, char **v) {
348
349
#ifdef _WIN32
#if _WIN32
350
351
352
353
354
355
356
  return 0;
#else
  return 1;
#endif
#else
  return 2;
#endif
357
}])],
358
bwin32=true; AC_MSG_RESULT([yes]),
359
360
bwin32=false; AC_MSG_RESULT([no]),
bwin32=cross; AC_MSG_RESULT([cross])
361
362
)

363
if test "$bwin32" = "cross"; then
364
AC_MSG_CHECKING([for win32 (cross)])
365
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
366
#ifdef _WIN32
367
368
369
370
371
int main(int c, char **v) {return 0;}
#else
#error
int main(int c, char **v) {return x(y);}
#endif
372
])],
373
374
375
376
bwin32=true; AC_MSG_RESULT([yes]),
bwin32=false; AC_MSG_RESULT([no]))
fi

377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
AH_BOTTOM([
#ifdef _WIN32
/* Defined to access windows functions and definitions for >=WinXP */
# ifndef WINVER
#  define WINVER 0x0501
# endif

/* Defined to access _other_ windows functions and definitions for >=WinXP */
# ifndef _WIN32_WINNT
#  define _WIN32_WINNT 0x0501
# endif

/* Defined to avoid including some windows headers as part of Windows.h */
# ifndef WIN32_LEAN_AND_MEAN
#  define WIN32_LEAN_AND_MEAN 1
# endif
#endif
])

Nick Mathewson's avatar
Nick Mathewson committed
396

397
AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue")
398
AM_CONDITIONAL(BUILD_LIBTORRUNNER, test "x$bwin32" != "xtrue")
399

400
401
dnl Enable C99 when compiling with MIPSpro
AC_MSG_CHECKING([for MIPSpro compiler])
402
AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
403
404
405
406
#if (defined(__sgi) && defined(_COMPILER_VERSION))
#error
  return x(y);
#endif
407
])],
408
bmipspro=false; AC_MSG_RESULT(no),
409
bmipspro=true; AC_MSG_RESULT(yes))
410

411
if test "$bmipspro" = "true"; then
412
413
414
  CFLAGS="$CFLAGS -c99"
fi

415
416
AC_C_BIGENDIAN

417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
if test "x$enable_rust" = "xyes"; then
  AC_ARG_VAR([RUSTC], [path to the rustc binary])
  AC_CHECK_PROG([RUSTC], [rustc], [rustc],[no])
  if test "x$RUSTC" = "xno"; then
    AC_MSG_ERROR([rustc unavailable but rust integration requested.])
  fi

  AC_ARG_VAR([CARGO], [path to the cargo binary])
  AC_CHECK_PROG([CARGO], [cargo], [cargo],[no])
  if test "x$CARGO" = "xno"; then
    AC_MSG_ERROR([cargo unavailable but rust integration requested.])
  fi

  AC_DEFINE([HAVE_RUST], 1, [have Rust])
  if test "x$enable_cargo_online_mode" = "xyes"; then
    CARGO_ONLINE=
    RUST_DL=#
  else
    CARGO_ONLINE=--frozen
    RUST_DL=

    dnl When we're not allowed to touch the network, we need crate dependencies
    dnl locally available.
    AC_MSG_CHECKING([rust crate dependencies])
441
442
443
    AC_ARG_VAR([TOR_RUST_DEPENDENCIES], [path to directory with local crate mirror])
    if test "x$TOR_RUST_DEPENDENCIES" = "x"; then
      TOR_RUST_DEPENDENCIES="$srcdir/src/ext/rust/"
444
445
      NEED_MOD=1
    fi
446
447
    if test ! -d "$TOR_RUST_DEPENDENCIES"; then
      AC_MSG_ERROR([Rust dependency directory $TOR_RUST_DEPENDENCIES does not exist. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
448
      ERRORED=1
449
450
    fi
    for dep in $rust_crates; do
451
452
      if test ! -d "$TOR_RUST_DEPENDENCIES"/"$dep"; then
        AC_MSG_ERROR([Failure to find rust dependency $TOR_RUST_DEPENDENCIES/$dep. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.])
453
        ERRORED=1
454
455
456
457
      fi
    done
    if test "x$NEED_MOD" = "x1"; then
      dnl When looking for dependencies from cargo, pick right directory
458
      TOR_RUST_DEPENDENCIES="../../src/ext/rust"
459
    fi
460
461
462
    if test "x$ERRORED" = "x"; then
      AC_MSG_RESULT([yes])
    fi
463
464
  fi

465
466
467
468
469
470
471
472
473
  dnl This is a workaround for #46797
  dnl (a.k.a https://github.com/rust-lang/rust/issues/46797 ).  Once the
  dnl upstream bug is fixed, we can remove this workaround.
  case "$host_os" in
      darwin*)
        TOR_RUST_EXTRA_LIBS="-lresolv"
	;;
  esac

474
475
476
  dnl For now both MSVC and MinGW rust libraries will output static libs with
  dnl the MSVC naming convention.
  if test "$bwin32" = "true"; then
477
    TOR_RUST_STATIC_NAME=tor_rust.lib
478
  else
479
    TOR_RUST_STATIC_NAME=libtor_rust.a
480
481
  fi

482
  AC_SUBST(TOR_RUST_STATIC_NAME)
483
484
485
486
487
  AC_SUBST(CARGO_ONLINE)
  AC_SUBST(RUST_DL)

  dnl Let's check the rustc version, too
  AC_MSG_CHECKING([rust version])
488
  RUSTC_VERSION=`$RUSTC --version`
489
490
491
492
493
494
495
496
  RUSTC_VERSION_MAJOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 1`
  RUSTC_VERSION_MINOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 2`
  if test "x$RUSTC_VERSION_MAJOR" = "x" -o "x$RUSTC_VERSION_MINOR" = "x"; then
    AC_MSG_ERROR([rustc version couldn't be identified])
  fi
  if test "$RUSTC_VERSION_MAJOR" -lt 2 -a "$RUSTC_VERSION_MINOR" -lt 14; then
    AC_MSG_ERROR([rustc must be at least version 1.14])
  fi
497
  AC_MSG_RESULT([$RUSTC_VERSION])
498
499
fi

500
501
AC_SUBST(TOR_RUST_EXTRA_LIBS)

502
AC_SEARCH_LIBS(socket, [socket network])
503
AC_SEARCH_LIBS(gethostbyname, [nsl])
504
AC_SEARCH_LIBS(dlopen, [dl])
505
AC_SEARCH_LIBS(inet_aton, [resolv])
506
AC_SEARCH_LIBS(backtrace, [execinfo])
507
508
509
510
511
512
saved_LIBS="$LIBS"
AC_SEARCH_LIBS([clock_gettime], [rt])
if test "$LIBS" != "$saved_LIBS"; then
   # Looks like we need -lrt for clock_gettime().
   have_rt=yes
fi
513

514
515
AC_SEARCH_LIBS(pthread_create, [pthread])
AC_SEARCH_LIBS(pthread_detach, [pthread])
516

517
518
AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true")
AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
519

520
AC_CHECK_FUNCS(
521
        _NSGetEnviron \
522
523
	RtlSecureZeroMemory \
	SecureZeroMemory \
Sebastian Hahn's avatar
Sebastian Hahn committed
524
        accept4 \
Nick Mathewson's avatar
Nick Mathewson committed
525
526
        backtrace \
        backtrace_symbols_fd \
527
	eventfd \
528
	explicit_bzero \
529
	timingsafe_memcmp \
530
531
        flock \
        ftime \
532
        get_current_dir_name \
533
        getaddrinfo \
Sebastian Hahn's avatar
Sebastian Hahn committed
534
        getifaddrs \
535
        getpass \
536
537
538
        getrlimit \
        gettimeofday \
        gmtime_r \
539
	gnu_get_libc_version \
540
	htonll \
541
        inet_aton \
Sebastian Hahn's avatar
Sebastian Hahn committed
542
        ioctl \
543
        issetugid \
544
        llround \
545
        localtime_r \
Sebastian Hahn's avatar
Sebastian Hahn committed
546
        lround \
547
	mach_approximate_time \
548
        memmem \
549
        memset_s \
550
551
	pipe \
	pipe2 \
552
        prctl \
553
	readpassphrase \
Sebastian Hahn's avatar
Sebastian Hahn committed
554
        rint \
Nick Mathewson's avatar
Nick Mathewson committed
555
        sigaction \
556
        socketpair \
557
	statvfs \
558
559
        strlcat \
        strlcpy \
560
	strnlen \
561
562
563
564
        strptime \
        strtok_r \
        strtoull \
        sysconf \
565
	sysctl \
Nick Mathewson's avatar
Nick Mathewson committed
566
	truncate \
567
        uname \
568
	usleep \
569
        vasprintf \
570
	_vscprintf
571
)
572

573
574
575
576
577
# Apple messed up when they added two functions functions in Sierra: they
# forgot to decorate them with appropriate AVAILABLE_MAC_OS_VERSION
# checks. So we should only probe for those functions if we are sure that we
# are not targetting OSX 10.11 or earlier.
AC_MSG_CHECKING([for a pre-Sierra OSX build target])
578
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
579
580
#ifdef __APPLE__
#  include <AvailabilityMacros.h>
581
582
#  ifndef MAC_OS_X_VERSION_10_12
#    define MAC_OS_X_VERSION_10_12 101200
583
584
#  endif
#  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
585
#    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
586
587
588
589
#      error "Running on Mac OSX 10.11 or earlier"
#    endif
#  endif
#endif
590
]], [[]])],
591
592
593
594
595
596
597
598
599
600
   [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])],
   [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])])

if test "$on_macos_pre_10_12" = "no"; then
  AC_CHECK_FUNCS(
        clock_gettime \
        getentropy \
  )
fi

601
if test "$bwin32" != "true"; then
602
603
  AC_CHECK_HEADERS(pthread.h)
  AC_CHECK_FUNCS(pthread_create)
604
  AC_CHECK_FUNCS(pthread_condattr_setclock)
605
606
fi

607
if test "$bwin32" = "true"; then
608
609
610
611
612
613
614
  AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [
#include <windows.h>
#include <conio.h>
#include <wchar.h>
                 ])
fi

615
616
AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
  test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")
617

618
dnl ------------------------------------------------------
619
dnl Where do you live, libevent?  And how do we call you?
620

621
if test "$bwin32" = "true"; then
622
  TOR_LIB_WS32=-lws2_32
623
  TOR_LIB_IPHLPAPI=-liphlpapi
624
625
  # Some of the cargo-cults recommend -lwsock32 as well, but I don't
  # think it's actually necessary.
626
  TOR_LIB_GDI=-lgdi32
627
  TOR_LIB_USERENV=-luserenv
Nick Mathewson's avatar
   
Nick Mathewson committed
628
else
629
630
  TOR_LIB_WS32=
  TOR_LIB_GDI=
631
  TOR_LIB_USERENV=
Nick Mathewson's avatar
   
Nick Mathewson committed
632
fi
633
634
AC_SUBST(TOR_LIB_WS32)
AC_SUBST(TOR_LIB_GDI)
635
AC_SUBST(TOR_LIB_IPHLPAPI)
636
AC_SUBST(TOR_LIB_USERENV)
Nick Mathewson's avatar
   
Nick Mathewson committed
637

638
tor_libevent_pkg_redhat="libevent"
639
tor_libevent_pkg_debian="libevent-dev"
640
641
642
tor_libevent_devpkg_redhat="libevent-devel"
tor_libevent_devpkg_debian="libevent-dev"

643
644
645
646
dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
dnl linking for static builds.
STATIC_LIBEVENT_FLAGS=""
if test "$enable_static_libevent" = "yes"; then
647
    if test "$have_rt" = "yes"; then
648
649
650
651
652
      STATIC_LIBEVENT_FLAGS=" -lrt "
    fi
fi

TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
653
#ifdef _WIN32
654
655
#include <winsock2.h>
#endif
656
#include <sys/time.h>
Roger Dingledine's avatar
Roger Dingledine committed
657
#include <sys/types.h>
658
#include <event2/event.h>], [
659
#ifdef _WIN32
660
661
#include <winsock2.h>
#endif
662
663
struct event_base;
struct event_base *event_base_new(void);],
664
    [
665
#ifdef _WIN32
666
{WSADATA d; WSAStartup(0x101,&d); }
667
#endif
Alex Xu's avatar
Alex Xu committed
668
event_base_free(event_base_new());
669
], [--with-libevent-dir], [/opt/libevent])
670

671
dnl Determine the incantation needed to link libevent.
672
673
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
674
save_CPPFLAGS="$CPPFLAGS"
675
676

LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS"
677
LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
678
CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"
679

680
681
AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)

682
683
684
685
if test "$enable_static_libevent" = "yes"; then
   if test "$tor_cv_library_libevent_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent")
   else
686
     TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
687
688
   fi
else
689
     if test "x$ac_cv_header_event2_event_h" = "xyes"; then
Nick Mathewson's avatar
Nick Mathewson committed
690
691
       AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new"))
       AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new"))
692

693
       if test "$ac_cv_search_event_new" != "none required"; then
694
695
         TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
       fi
696
       if test "$ac_cv_search_evdns_base_new" != "none required"; then
697
698
699
         TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
       fi
     else
700
       AC_MSG_ERROR("libevent2 is required but the headers could not be found")
701
     fi
702
703
fi

704
705
706
707
708
dnl Now check for particular libevent functions.
AC_CHECK_FUNCS([evutil_secure_rng_set_urandom_device_file \
                evutil_secure_rng_add_bytes \
])

709
710
711
712
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

713
714
715
716
717
dnl Check that libevent is at least at version 2.0.10, the first stable
dnl release of its series
CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent"
AC_MSG_CHECKING([whether Libevent is new enough])
AC_COMPILE_IFELSE([AC_LANG_SOURCE([
718
#include <event2/event.h>
719
#if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 0x02000a00
720
721
722
723
724
#error
int x = y(zz);
#else
int x = 1;
#endif
725
726
727
728
729
730
731
732
])], [ AC_MSG_RESULT([yes]) ],
   [ AC_MSG_RESULT([no])
     AC_MSG_ERROR([Libevent is not new enough.  We require 2.0.10-stable or later]) ] )

LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

733
AC_SUBST(TOR_LIBEVENT_LIBS)
734

735
736
737
738
739
740
741
dnl ------------------------------------------------------
dnl Where do you live, libm?

dnl On some platforms (Haiku/BeOS) the math library is
dnl part of libroot. In which case don't link against lm
TOR_LIB_MATH=""
save_LIBS="$LIBS"
742
743
744
AC_SEARCH_LIBS(pow, [m], , AC_MSG_ERROR([Could not find pow in libm or libc.]))
if test "$ac_cv_search_pow" != "none required"; then
    TOR_LIB_MATH="$ac_cv_search_pow"
745
746
747
748
fi
LIBS="$save_LIBS"
AC_SUBST(TOR_LIB_MATH)

749
dnl ------------------------------------------------------
750
dnl Where do you live, openssl?  And how do we call you?
751

752
tor_openssl_pkg_redhat="openssl"
753
tor_openssl_pkg_debian="libssl-dev"
754
755
756
tor_openssl_devpkg_redhat="openssl-devel"
tor_openssl_devpkg_debian="libssl-dev"

757
758
ALT_openssl_WITHVAL=""
AC_ARG_WITH(ssl-dir,
759
  AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
760
  [
761
      if test "x$withval" != "xno" && test "x$withval" != "x"; then
762
763
764
765
         ALT_openssl_WITHVAL="$withval"
      fi
  ])

766
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
767
TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32],
768
769
770
    [#include <openssl/ssl.h>],
    [struct ssl_method_st; const struct ssl_method_st *TLSv1_1_method(void);],
    [TLSv1_1_method();], [],
771
    [/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
772

773
774
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()

775
776
777
778
if test "$enable_static_openssl" = "yes"; then
   if test "$tor_cv_library_openssl_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
   else
779
     TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
780
781
   fi
else
782
     TOR_OPENSSL_LIBS="-lssl -lcrypto"
783
784
785
fi
AC_SUBST(TOR_OPENSSL_LIBS)

786
787
788
789
790
791
792
dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LIBS="$TOR_OPENSSL_LIBS $LIBS"
LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
793

794
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
795
#include <openssl/opensslv.h>
796
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
797
798
#error "too old"
#endif
799
   ]], [[]])],
800
   [ : ],
801
   [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
802

803
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
804
805
806
807
808
809
810
811
#include <openssl/opensslv.h>
#include <openssl/evp.h>
#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA)
#error "no ECC"
#endif
#if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1)
#error "curves unavailable"
#endif
812
   ]], [[]])],
813
   [ : ],
814
   [ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
815

816
817
818
819
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])

820
821
822
823
824
AC_CHECK_FUNCS([ \
		SSL_SESSION_get_master_key \
		SSL_get_server_random \
                SSL_get_client_ciphers \
                SSL_get_client_random \
825
		SSL_CIPHER_find \
826
		TLS_method
827
	       ])
rl1987's avatar
rl1987 committed
828
829
830
831

dnl Check if OpenSSL has scrypt implementation.
AC_CHECK_FUNCS([ EVP_PBE_scrypt ])

832
833
834
835
836
dnl Check if OpenSSL structures are opaque
AC_CHECK_MEMBERS([SSL.state], , ,
[#include <openssl/ssl.h>
])

837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
dnl Define the set of checks for KIST scheduler support.
AC_DEFUN([CHECK_KIST_SUPPORT],[
  dnl KIST needs struct tcp_info and for certain members to exist.
  AC_CHECK_MEMBERS(
    [struct tcp_info.tcpi_unacked, struct tcp_info.tcpi_snd_mss],
    , ,[[#include <netinet/tcp.h>]])
  dnl KIST needs SIOCOUTQNSD to exist for an ioctl call.
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
                     #include <linux/sockios.h>
                     #ifndef SIOCOUTQNSD
                     #error
                     #endif
                     ])], have_siocoutqnsd=yes, have_siocoutqnsd=no)
  if test "x$have_siocoutqnsd" = "xyes"; then
    if test "x$ac_cv_member_struct_tcp_info_tcpi_unacked" = "xyes"; then
      if test "x$ac_cv_member_struct_tcp_info_tcpi_snd_mss" = "xyes"; then
        have_kist_support=yes
      fi
    fi
  fi
])
dnl Now, trigger the check.
CHECK_KIST_SUPPORT
AS_IF([test "x$have_kist_support" = "xyes"],
      [AC_DEFINE(HAVE_KIST_SUPPORT, 1, [Defined if KIST scheduler is supported
                                        on this system])],
      [AC_MSG_NOTICE([KIST scheduler can't be used. Missing support.])])

865
866
867
868
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
CPPFLAGS="$save_CPPFLAGS"

869
870
871
dnl ------------------------------------------------------
dnl Where do you live, zlib?  And how do we call you?

872
873
874
875
tor_zlib_pkg_redhat="zlib"
tor_zlib_pkg_debian="zlib1g"
tor_zlib_devpkg_redhat="zlib-devel"
tor_zlib_devpkg_debian="zlib1g-dev"
876
877
878
879

TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
    [#include <zlib.h>],
    [const char * zlibVersion(void);],
880
    [zlibVersion();], [--with-zlib-dir],
881
882
    [/opt/zlib])

883
884
885
886
887
888
889
890
891
892
893
894
if test "$enable_static_zlib" = "yes"; then
   if test "$tor_cv_library_zlib_dir" = "(system)"; then
     AC_MSG_ERROR("You must specify an explicit --with-zlib-dir=x option when
 using --enable-static-zlib")
   else
     TOR_ZLIB_LIBS="$TOR_LIBDIR_zlib/libz.a"
   fi
else
     TOR_ZLIB_LIBS="-lz"
fi
AC_SUBST(TOR_ZLIB_LIBS)

895
896
897
898
dnl ------------------------------------------------------
dnl Where we do we find lzma?

AC_ARG_ENABLE(lzma,
Taylor Yu's avatar
Taylor Yu committed
899
      AS_HELP_STRING(--enable-lzma, [enable support for the LZMA compression scheme.]),
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
      [case "${enableval}" in
        "yes") lzma=true ;;
        "no")  lzma=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-lzma) ;;
      esac], [lzma=auto])

if test "x$enable_lzma" = "xno"; then
    have_lzma=no;
else
    PKG_CHECK_MODULES([LZMA],
                      [liblzma],
                      have_lzma=yes,
                      have_lzma=no)

    if test "x$have_lzma" = "xno" ; then
        AC_MSG_WARN([Unable to find liblzma.])
    fi
fi

if test "x$have_lzma" = "xyes"; then
    AC_DEFINE(HAVE_LZMA,1,[Have LZMA])
    TOR_LZMA_CFLAGS="${LZMA_CFLAGS}"
    TOR_LZMA_LIBS="${LZMA_LIBS}"
fi
AC_SUBST(TOR_LZMA_CFLAGS)
AC_SUBST(TOR_LZMA_LIBS)

927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
dnl ------------------------------------------------------
dnl Where we do we find zstd?

AC_ARG_ENABLE(zstd,
      AS_HELP_STRING(--enable-zstd, [enable support for the Zstandard compression scheme.]),
      [case "${enableval}" in
        "yes") zstd=true ;;
        "no")  zstd=false ;;
        * ) AC_MSG_ERROR(bad value for --enable-zstd) ;;
      esac], [zstd=auto])

if test "x$enable_zstd" = "xno"; then
    have_zstd=no;
else
    PKG_CHECK_MODULES([ZSTD],
Taylor Yu's avatar
Taylor Yu committed
942
                      [libzstd >= 1.1],
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
                      have_zstd=yes,
                      have_zstd=no)

    if test "x$have_zstd" = "xno" ; then
        AC_MSG_WARN([Unable to find libzstd.])
    fi
fi

if test "x$have_zstd" = "xyes"; then
    AC_DEFINE(HAVE_ZSTD,1,[Have Zstd])
    TOR_ZSTD_CFLAGS="${ZSTD_CFLAGS}"
    TOR_ZSTD_LIBS="${ZSTD_LIBS}"
fi
AC_SUBST(TOR_ZSTD_CFLAGS)
AC_SUBST(TOR_ZSTD_LIBS)

959
960
961
962
963
964
965
966
967
968
969
970
971
dnl ----------------------------------------------------------------------
dnl Check if libcap is available for capabilities.

tor_cap_pkg_debian="libcap2"
tor_cap_pkg_redhat="libcap"
tor_cap_devpkg_debian="libcap-dev"
tor_cap_devpkg_redhat="libcap-devel"

AC_CHECK_LIB([cap], [cap_init], [],
  AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.])
)
AC_CHECK_FUNCS(cap_set_proc)

972
973
974
975
976
dnl ---------------------------------------------------------------------
dnl Now that we know about our major libraries, we can check for compiler
dnl and linker hardening options.  We need to do this with the libraries known,
dnl since sometimes the linker will like an option but not be willing to
dnl use it with a build of a library.
977

978
all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
979
all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_LIB_USERENV $TOR_CAP_LIBS"
980

981
982
983
984
985
CFLAGS_FTRAPV=
CFLAGS_FWRAPV=
CFLAGS_ASAN=
CFLAGS_UBSAN=

Nick Mathewson's avatar
Nick Mathewson committed
986

987
988
989
990
991
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
#if !defined(__clang__)
#error
#endif])], have_clang=yes, have_clang=no)

992
if test "x$enable_gcc_hardening" != "xno"; then
993
    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
994
    if test "x$have_clang" = "xyes"; then
995
996
        TOR_CHECK_CFLAGS(-Qunused-arguments)
    fi
997
998
999
    TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
    AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
    AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
1000
m4_ifdef([AS_VAR_IF],[
1001
1002
1003
1004
    AS_VAR_IF(can_compile, [yes],
        AS_VAR_IF(can_link, [yes],
                  [],
                  AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
1005
        )])
1006
1007
    AS_VAR_POPDEF([can_link])
    AS_VAR_POPDEF([can_compile])
1008
1009
    TOR_CHECK_CFLAGS(-Wstack-protector)
    TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
Nick Mathewson's avatar
Nick Mathewson committed
1010
    if test "$bwin32" = "false" && test "$enable_libfuzzer" != "yes" && test "$enable_oss_fuzz" != "yes"; then
1011
1012
1013
       TOR_CHECK_CFLAGS(-fPIE)
       TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
    fi
1014
    TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
1015
fi
1016

1017
if test "$fragile_hardening" = "yes"; then
1018
1019
1020
1021
1022
    TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
   if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
      AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
   fi

1023
   if test "$tor_cv_cflags__ftrapv" != "yes"; then
1024
     AC_MSG_ERROR([You requested fragile hardening, but the compiler does not seem to support -ftrapv.])
1025
1026
1027
1028
   fi

   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], also_link, CFLAGS_ASAN="-fsanitize=address", true)
    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
1029
      AC_MSG_ERROR([The compiler supports -fsanitize=address, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libubsan.*, and with Clang you need libclang_rt.ubsan*])
1030
1031
1032
1033
    fi

   TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], also_link, CFLAGS_UBSAN="-fsanitize=undefined", true)
    if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
1034
      AC_MSG_ERROR([The compiler supports -fsanitize=undefined, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libasan.*, and with Clang you need libclang_rt.ubsan*])
1035
1036
1037
    fi

TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
1038
1039
fi

1040
1041
1042
CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN"
CFLAGS_CONSTTIME="$CFLAGS_FWRAPV"

1043
mulodi_fixes_ftrapv=no
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
if test "$have_clang" = "yes"; then
  saved_CFLAGS="$CFLAGS"
  CFLAGS="$CFLAGS $CFLAGS_FTRAPV"
  AC_MSG_CHECKING([whether clang -ftrapv can link a 64-bit int multiply])
  AC_LINK_IFELSE([
      AC_LANG_SOURCE([[
          #include <stdint.h>
          #include <stdlib.h>
	  int main(int argc, char **argv)
	  {
            int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
1055
	                * (int64_t)atoi(argv[3]);
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
	    return x == 9;
	  } ]])],
	  [ftrapv_can_link=yes; AC_MSG_RESULT([yes])],
	  [ftrapv_can_link=no; AC_MSG_RESULT([no])])
  if test "$ftrapv_can_link" = "no"; then
    AC_MSG_CHECKING([whether defining __mulodi4 fixes that])
    AC_LINK_IFELSE([
      AC_LANG_SOURCE([[
          #include <stdint.h>
          #include <stdlib.h>
	  int64_t __mulodi4(int64_t a, int64_t b, int *overflow) {
             *overflow=0;
	     return a;
          }
	  int main(int argc, char **argv)
	  {
            int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
1073
	                * (int64_t)atoi(argv[3]);
1074
1075
1076
1077
1078
1079
1080
1081
	    return x == 9;
	  } ]])],
	  [mulodi_fixes_ftrapv=yes; AC_MSG_RESULT([yes])],
	  [mulodi_fixes_ftrapv=no; AC_MSG_RESULT([no])])
  fi
  CFLAGS="$saved_CFLAGS"
fi

1082
1083
AM_CONDITIONAL(ADD_MULODI4, test "$mulodi_fixes_ftrapv" = "yes")

1084
1085
1086
1087
1088
1089
1090
1091
dnl These cflags add bunches of branches, and we haven't been able to
dnl persuade ourselves that they're suitable for code that needs to be
dnl constant time.
AC_SUBST(CFLAGS_BUGTRAP)
dnl These cflags are variant ones sutable for code that needs to be
dnl constant-time.
AC_SUBST(CFLAGS_CONSTTIME)

1092
if test "x$enable_linker_hardening" != "xno"; then
1093
1094
    TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
fi
1095

1096
1097
1098
# For backtrace support
TOR_CHECK_LDFLAGS(-rdynamic)

1099
dnl ------------------------------------------------------
1100
1101
1102
1103
dnl Now see if we have a -fomit-frame-pointer compiler option.

saved_CFLAGS="$CFLAGS"
TOR_CHECK_CFLAGS(-fomit-frame-pointer)
1104
F_OMIT_FRAME_POINTER=''
1105
if test "$saved_CFLAGS" != "$CFLAGS"; then
1106
  if test "$fragile_hardening" = "yes"; then
1107
1108
    F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
  fi
1109
1110
1111
1112
fi
CFLAGS="$saved_CFLAGS"
AC_SUBST(F_OMIT_FRAME_POINTER)

1113
1114
1115
1116
1117
1118
1119
dnl ------------------------------------------------------
dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
dnl for us, as GCC 4.6 and later do at many optimization levels), then
dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
dnl code will work.
TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)

1120
1121
1122
dnl ============================================================
dnl Check for libseccomp