From 92db96d80fddca5394a24256bb6b4691f380a8ae Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 11 Jul 2018 12:51:36 -0400
Subject: Make our crypto library symbolic in the makefiles.

---
 Makefile.am | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Makefile.am')

diff --git a/Makefile.am b/Makefile.am
index 0f934cf0f2..cf268b0b7b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -127,6 +127,9 @@ TOR_INTERNAL_TESTING_LIBS = \
 	src/trunnel/libor-trunnel-testing.a \
 	src/lib/libtor-trace.a
 
+TOR_LDFLAGS_CRYPTLIB=@TOR_LDFLAGS_openssl@
+TOR_LIBS_CRYPTLIB=@TOR_OPENSSL_LIBS@
+
 # All libraries used to link tor-cov
 
 include src/include.am
-- 
cgit v1.2.3-54-g00ecf


From 79267bad654ed39f13e6fb89a5468f23468c3169 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 11 Jul 2018 12:57:30 -0400
Subject: Add a configure switch to build with NSS.

When it is set, include the NSS headers and libraries as
appropriate.  Doesn't actually use them yet, though.
---
 Makefile.am                  |  5 +++++
 configure.ac                 | 22 ++++++++++++++++++++++
 src/lib/crypt_ops/include.am |  5 ++++-
 src/lib/include.libdonna.am  |  2 +-
 src/lib/tls/include.am       |  5 ++++-
 5 files changed, 36 insertions(+), 3 deletions(-)

(limited to 'Makefile.am')

diff --git a/Makefile.am b/Makefile.am
index cf268b0b7b..01ed8c935e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -129,6 +129,11 @@ TOR_INTERNAL_TESTING_LIBS = \
 
 TOR_LDFLAGS_CRYPTLIB=@TOR_LDFLAGS_openssl@
 TOR_LIBS_CRYPTLIB=@TOR_OPENSSL_LIBS@
+TOR_CFLAGS_CRYPTLIB=
+if USE_NSS
+TOR_CFLAGS_CRYPTLIB+=@NSS_CFLAGS@
+TOR_LIBS_CRYPTLIB+=@NSS_LIBS@
+endif
 
 # All libraries used to link tor-cov
 
diff --git a/configure.ac b/configure.ac
index 532476672a..2fe353d75d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -53,6 +53,8 @@ AC_ARG_ENABLE(restart-debugging,
    AS_HELP_STRING(--enable-restart-debugging, [Build Tor with support for debugging in-process restart. Developers only.]))
 AC_ARG_ENABLE(zstd-advanced-apis,
    AS_HELP_STRING(--disable-zstd-advanced-apis, [Build without support for zstd's "static-only" APIs.]))
+AC_ARG_ENABLE(nss,
+   AS_HELP_STRING(--enable-nss, [Use Mozilla's NSS TLS library. (EXPERIMENTAL)]))
 
 if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
     AC_MSG_ERROR([Can't disable assertions outside of coverage build])
@@ -64,6 +66,15 @@ AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" =
 AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes")
 AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes")
 AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes")
+AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes")
+AM_CONDITIONAL(USE_OPENSSL, true)
+
+if test "x$enable_nss" = "xyes"; then
+  AC_DEFINE(ENABLE_NSS, 1,
+  	    [Defined if we're building with NSS in addition to OpenSSL.])
+fi
+AC_DEFINE(ENABLE_OPENSSL, 1,
+          [Defined if we're building with OpenSSL or LibreSSL])
 
 if test "$enable_static_tor" = "yes"; then
   enable_static_libevent="yes";
@@ -821,6 +832,17 @@ fi
 LIBS="$save_LIBS"
 AC_SUBST(TOR_LIB_MATH)
 
+dnl ------------------------------------------------------
+dnl Hello, NSS.  You're new around here.
+if test "x$enable_nss" = "xyes"; then
+  PKG_CHECK_MODULES(NSS,
+     [nss],
+     [have_nss=yes],
+     [have_nss=no; AC_MSG_ERROR([You asked for NSS but I can't find it.])])
+  AC_SUBST(NSS_CFLAGS)
+  AC_SUBST(NSS_LIBS)
+fi
+
 dnl ------------------------------------------------------
 dnl Where do you live, openssl?  And how do we call you?
 
diff --git a/src/lib/crypt_ops/include.am b/src/lib/crypt_ops/include.am
index 1b88b880d0..009e4c66c4 100644
--- a/src/lib/crypt_ops/include.am
+++ b/src/lib/crypt_ops/include.am
@@ -22,10 +22,13 @@ src_lib_libtor_crypt_ops_a_SOURCES =			\
 	src/lib/crypt_ops/crypto_util.c                 \
 	src/lib/crypt_ops/digestset.c
 
+src_lib_libtor_crypt_ops_a_CFLAGS = $(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB)
+
 src_lib_libtor_crypt_ops_testing_a_SOURCES = \
 	$(src_lib_libtor_crypt_ops_a_SOURCES)
 src_lib_libtor_crypt_ops_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
-src_lib_libtor_crypt_ops_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_lib_libtor_crypt_ops_testing_a_CFLAGS = \
+	$(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB) $(TEST_CFLAGS)
 
 noinst_HEADERS +=					\
 	src/lib/crypt_ops/aes.h				\
diff --git a/src/lib/include.libdonna.am b/src/lib/include.libdonna.am
index 5b92dc58a0..60a3f5097e 100644
--- a/src/lib/include.libdonna.am
+++ b/src/lib/include.libdonna.am
@@ -1,4 +1,4 @@
-src_lib_libcurve25519_donna_a_CFLAGS=
+src_lib_libcurve25519_donna_a_CFLAGS=$(TOR_CFLAGS_CRYPTO)
 
 if BUILD_CURVE25519_DONNA
 src_lib_libcurve25519_donna_a_SOURCES=\
diff --git a/src/lib/tls/include.am b/src/lib/tls/include.am
index b3b013f4dd..9cc57ca777 100644
--- a/src/lib/tls/include.am
+++ b/src/lib/tls/include.am
@@ -9,10 +9,13 @@ src_lib_libtor_tls_a_SOURCES =			\
 	src/lib/tls/buffers_tls.c		\
 	src/lib/tls/tortls.c
 
+src_lib_libtor_tls_a_CFLAGS = $(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB)
+
 src_lib_libtor_tls_testing_a_SOURCES = \
 	$(src_lib_libtor_tls_a_SOURCES)
 src_lib_libtor_tls_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
-src_lib_libtor_tls_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+src_lib_libtor_tls_testing_a_CFLAGS = \
+	$(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB) $(TEST_CFLAGS)
 
 noinst_HEADERS +=				\
 	src/lib/tls/ciphers.inc			\
-- 
cgit v1.2.3-54-g00ecf