[tor-commits] [tor/master] Add a configure switch to build with NSS.

nickm at torproject.org nickm at torproject.org
Wed Sep 5 00:47:13 UTC 2018


commit 79267bad654ed39f13e6fb89a5468f23468c3169
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Jul 11 12:57:30 2018 -0400

    Add a configure switch to build with NSS.
    
    When it is set, include the NSS headers and libraries as
    appropriate.  Doesn't actually use them yet, though.
---
 Makefile.am                  |  5 +++++
 configure.ac                 | 22 ++++++++++++++++++++++
 src/lib/crypt_ops/include.am |  5 ++++-
 src/lib/include.libdonna.am  |  2 +-
 src/lib/tls/include.am       |  5 ++++-
 5 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index cf268b0b7..01ed8c935 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -129,6 +129,11 @@ TOR_INTERNAL_TESTING_LIBS = \
 
 TOR_LDFLAGS_CRYPTLIB=@TOR_LDFLAGS_openssl@
 TOR_LIBS_CRYPTLIB=@TOR_OPENSSL_LIBS@
+TOR_CFLAGS_CRYPTLIB=
+if USE_NSS
+TOR_CFLAGS_CRYPTLIB+=@NSS_CFLAGS@
+TOR_LIBS_CRYPTLIB+=@NSS_LIBS@
+endif
 
 # All libraries used to link tor-cov
 
diff --git a/configure.ac b/configure.ac
index 532476672..2fe353d75 100644
--- a/configure.ac
+++ b/configure.ac
@@ -53,6 +53,8 @@ AC_ARG_ENABLE(restart-debugging,
    AS_HELP_STRING(--enable-restart-debugging, [Build Tor with support for debugging in-process restart. Developers only.]))
 AC_ARG_ENABLE(zstd-advanced-apis,
    AS_HELP_STRING(--disable-zstd-advanced-apis, [Build without support for zstd's "static-only" APIs.]))
+AC_ARG_ENABLE(nss,
+   AS_HELP_STRING(--enable-nss, [Use Mozilla's NSS TLS library. (EXPERIMENTAL)]))
 
 if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
     AC_MSG_ERROR([Can't disable assertions outside of coverage build])
@@ -64,6 +66,15 @@ AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" =
 AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes")
 AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes")
 AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes")
+AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
+AM_CONDITIONAL(USE_OPENSSL, true)
+
+if test "x$enable_nss" = "xyes"; then
+  AC_DEFINE(ENABLE_NSS, 1,
+  	    [Defined if we're building with NSS in addition to OpenSSL.])
+fi
+AC_DEFINE(ENABLE_OPENSSL, 1,
+          [Defined if we're building with OpenSSL or LibreSSL])
 
 if test "$enable_static_tor" = "yes"; then
   enable_static_libevent="yes";
@@ -822,6 +833,17 @@ LIBS="$save_LIBS"
 AC_SUBST(TOR_LIB_MATH)
 
 dnl ------------------------------------------------------
+dnl Hello, NSS.  You're new around here.
+if test "x$enable_nss" = "xyes"; then
+  PKG_CHECK_MODULES(NSS,
+     [nss],
+     [have_nss=yes],
+     [have_nss=no; AC_MSG_ERROR([You asked for NSS but I can't find it.])])
+  AC_SUBST(NSS_CFLAGS)
+  AC_SUBST(NSS_LIBS)
+fi
+
+dnl ------------------------------------------------------
 dnl Where do you live, openssl?  And how do we call you?
 
 tor_openssl_pkg_redhat="openssl"
diff --git a/src/lib/crypt_ops/include.am b/src/lib/crypt_ops/include.am
index 1b88b880d..009e4c66c 100644
--- a/src/lib/crypt_ops/include.am
+++ b/src/lib/crypt_ops/include.am
@@ -22,10 +22,13 @@ src_lib_libtor_crypt_ops_a_SOURCES =			\
 	src/lib/crypt_ops/crypto_util.c                 \
 	src/lib/crypt_ops/digestset.c
 
+src_lib_libtor_crypt_ops_a_CFLAGS = $(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB)
+
 src_lib_libtor_crypt_ops_testing_a_SOURCES = \
 	$(src_lib_libtor_crypt_ops_a_SOURCES)
 src_lib_libtor_crypt_ops_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
-src_lib_libtor_crypt_ops_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_lib_libtor_crypt_ops_testing_a_CFLAGS = \
+	$(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB) $(TEST_CFLAGS)
 
 noinst_HEADERS +=					\
 	src/lib/crypt_ops/aes.h				\
diff --git a/src/lib/include.libdonna.am b/src/lib/include.libdonna.am
index 5b92dc58a..60a3f5097 100644
--- a/src/lib/include.libdonna.am
+++ b/src/lib/include.libdonna.am
@@ -1,4 +1,4 @@
-src_lib_libcurve25519_donna_a_CFLAGS=
+src_lib_libcurve25519_donna_a_CFLAGS=$(TOR_CFLAGS_CRYPTO)
 
 if BUILD_CURVE25519_DONNA
 src_lib_libcurve25519_donna_a_SOURCES=\
diff --git a/src/lib/tls/include.am b/src/lib/tls/include.am
index b3b013f4d..9cc57ca77 100644
--- a/src/lib/tls/include.am
+++ b/src/lib/tls/include.am
@@ -9,10 +9,13 @@ src_lib_libtor_tls_a_SOURCES =			\
 	src/lib/tls/buffers_tls.c		\
 	src/lib/tls/tortls.c
 
+src_lib_libtor_tls_a_CFLAGS = $(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB)
+
 src_lib_libtor_tls_testing_a_SOURCES = \
 	$(src_lib_libtor_tls_a_SOURCES)
 src_lib_libtor_tls_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
-src_lib_libtor_tls_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_lib_libtor_tls_testing_a_CFLAGS = \
+	$(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB) $(TEST_CFLAGS)
 
 noinst_HEADERS +=				\
 	src/lib/tls/ciphers.inc			\





More information about the tor-commits mailing list