1 dnl Copyright (c) 2001-2004, Roger Dingledine
2 dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
3 dnl Copyright (c) 2007-2017, The Tor Project, Inc.
4 dnl See LICENSE for licensing information
7 AC_INIT([tor],[0.3.1.0-alpha-dev])
8 AC_CONFIG_SRCDIR([src/or/main.c])
9 AC_CONFIG_MACRO_DIR([m4])
11 # "foreign" means we don't follow GNU package layout standards
12 # "1.11" means we require automake version 1.11 or newer
13 # "subdir-objects" means put .o files in the same directory as the .c files
14 AM_INIT_AUTOMAKE([foreign 1.11 subdir-objects -Wall -Werror])
16 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
17 AC_CONFIG_HEADERS([orconfig.h])
19 AC_USE_SYSTEM_EXTENSIONS
24 if test -f "/etc/redhat-release"; then
25 if test -f "/usr/kerberos/include"; then
26 CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
30 # Not a no-op; we want to make sure that CPPFLAGS is set before we use
31 # the += operator on it in src/or/Makefile.am
32 CPPFLAGS="$CPPFLAGS -I\${top_srcdir}/src/common"
34 AC_ARG_ENABLE(openbsd-malloc,
35 AS_HELP_STRING(--enable-openbsd-malloc, [use malloc code from OpenBSD. Linux only]))
36 AC_ARG_ENABLE(static-openssl,
37 AS_HELP_STRING(--enable-static-openssl, [link against a static openssl library. Requires --with-openssl-dir]))
38 AC_ARG_ENABLE(static-libevent,
39 AS_HELP_STRING(--enable-static-libevent, [link against a static libevent library. Requires --with-libevent-dir]))
40 AC_ARG_ENABLE(static-zlib,
41 AS_HELP_STRING(--enable-static-zlib, [link against a static zlib library. Requires --with-zlib-dir]))
42 AC_ARG_ENABLE(static-tor,
43 AS_HELP_STRING(--enable-static-tor, [create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir]))
44 AC_ARG_ENABLE(unittests,
45 AS_HELP_STRING(--disable-unittests, [don't build unit tests for Tor. Risky!]))
46 AC_ARG_ENABLE(coverage,
47 AS_HELP_STRING(--enable-coverage, [enable coverage support in the unit-test build]))
48 AC_ARG_ENABLE(asserts-in-tests,
49 AS_HELP_STRING(--disable-asserts-in-tests, [disable tor_assert() calls in the unit tests, for branch coverage]))
50 AC_ARG_ENABLE(system-torrc,
51 AS_HELP_STRING(--disable-system-torrc, [don't look for a system-wide torrc file]))
52 AC_ARG_ENABLE(libfuzzer,
53 AS_HELP_STRING(--enable-libfuzzer, [build extra fuzzers based on 'libfuzzer']))
54 AC_ARG_ENABLE(oss-fuzz,
55 AS_HELP_STRING(--enable-oss-fuzz, [build extra fuzzers based on 'oss-fuzz' environment]))
56 AC_ARG_ENABLE(memory-sentinels,
57 AS_HELP_STRING(--disable-memory-sentinels, [disable code that tries to prevent some kinds of memory access bugs. For fuzzing only.]))
59 if test "x$enable_coverage" != "xyes" -a "x$enable_asserts_in_tests" = "xno" ; then
60 AC_MSG_ERROR([Can't disable assertions outside of coverage build])
63 AM_CONDITIONAL(UNITTESTS_ENABLED, test "x$enable_unittests" != "xno")
64 AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes")
65 AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno")
66 AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes")
67 AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes")
69 if test "$enable_static_tor" = "yes"; then
70 enable_static_libevent="yes";
71 enable_static_openssl="yes";
72 enable_static_zlib="yes";
73 CFLAGS="$CFLAGS -static"
76 if test "$enable_system_torrc" = "no"; then
77 AC_DEFINE(DISABLE_SYSTEM_TORRC, 1,
78 [Defined if we're not going to look for a torrc in SYSCONF])
81 if test "$enable_memory_sentinels" = "no"; then
82 AC_DEFINE(DISABLE_MEMORY_SENTINELS, 1,
83 [Defined if we're turning off memory safety code to look for bugs])
86 AM_CONDITIONAL(USE_OPENBSD_MALLOC, test "x$enable_openbsd_malloc" = "xyes")
88 AC_ARG_ENABLE(asciidoc,
89 AS_HELP_STRING(--disable-asciidoc, [don't use asciidoc (disables building of manpages)]),
90 [case "${enableval}" in
91 "yes") asciidoc=true ;;
92 "no") asciidoc=false ;;
93 *) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
94 esac], [asciidoc=true])
96 # systemd notify support
97 AC_ARG_ENABLE(systemd,
98 AS_HELP_STRING(--enable-systemd, [enable systemd notification support]),
99 [case "${enableval}" in
100 "yes") systemd=true ;;
101 "no") systemd=false ;;
102 * ) AC_MSG_ERROR(bad value for --enable-systemd) ;;
103 esac], [systemd=auto])
108 if test "x$enable_systemd" = "xno"; then
111 PKG_CHECK_MODULES(SYSTEMD,
115 if test "x$have_systemd" = "xno"; then
116 AC_MSG_NOTICE([Okay, checking for systemd a different way...])
117 PKG_CHECK_MODULES(SYSTEMD,
124 if test "x$have_systemd" = "xyes"; then
125 AC_DEFINE(HAVE_SYSTEMD,1,[Have systemd])
126 TOR_SYSTEMD_CFLAGS="${SYSTEMD_CFLAGS}"
127 TOR_SYSTEMD_LIBS="${SYSTEMD_LIBS}"
128 PKG_CHECK_MODULES(LIBSYSTEMD209, [libsystemd >= 209],
129 [AC_DEFINE(HAVE_SYSTEMD_209,1,[Have systemd v209 or more])], [])
131 AC_SUBST(TOR_SYSTEMD_CFLAGS)
132 AC_SUBST(TOR_SYSTEMD_LIBS)
134 if test "x$enable_systemd" = "xyes" -a "x$have_systemd" != "xyes" ; then
135 AC_MSG_ERROR([Explicitly requested systemd support, but systemd not found])
140 AC_DEFINE(_REENTRANT, 1, [Define on some platforms to activate x_r() functions in time.h])
144 AC_ARG_ENABLE(gcc-warnings,
145 AS_HELP_STRING(--enable-gcc-warnings, [deprecated alias for enable-fatal-warnings]))
146 AC_ARG_ENABLE(fatal-warnings,
147 AS_HELP_STRING(--enable-fatal-warnings, [tell the compiler to treat all warnings as errors.]))
148 AC_ARG_ENABLE(gcc-warnings-advisory,
149 AS_HELP_STRING(--disable-gcc-warnings-advisory, [disable the regular verbose warnings]))
151 dnl Others suggest '/gs /safeseh /nxcompat /dynamicbase' for non-gcc on Windows
152 AC_ARG_ENABLE(gcc-hardening,
153 AS_HELP_STRING(--disable-gcc-hardening, [disable compiler security checks]))
155 dnl Deprecated --enable-expensive-hardening but keep it for now for backward compat.
156 AC_ARG_ENABLE(expensive-hardening,
157 AS_HELP_STRING(--enable-expensive-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
158 AC_ARG_ENABLE(fragile-hardening,
159 AS_HELP_STRING(--enable-fragile-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower]))
160 if test "x$enable_expensive_hardening" = "xyes" || test "x$enable_fragile_hardening" = "xyes"; then
161 fragile_hardening="yes"
164 dnl Linker hardening options
165 dnl Currently these options are ELF specific - you can't use this with MacOSX
166 AC_ARG_ENABLE(linker-hardening,
167 AS_HELP_STRING(--disable-linker-hardening, [disable linker security fixups]))
169 AC_ARG_ENABLE(local-appdata,
170 AS_HELP_STRING(--enable-local-appdata, [default to host local application data paths on Windows]))
171 if test "$enable_local_appdata" = "yes"; then
172 AC_DEFINE(ENABLE_LOCAL_APPDATA, 1,
173 [Defined if we default to host local appdata paths on Windows])
177 AC_ARG_ENABLE(tor2web-mode,
178 AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
179 [if test "x$enableval" = "xyes"; then
180 CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
183 AC_ARG_ENABLE(tool-name-check,
184 AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
186 AC_ARG_ENABLE(seccomp,
187 AS_HELP_STRING(--disable-seccomp, [do not attempt to use libseccomp]))
189 AC_ARG_ENABLE(libscrypt,
190 AS_HELP_STRING(--disable-libscrypt, [do not attempt to use libscrypt]))
192 dnl check for the correct "ar" when cross-compiling.
193 dnl (AM_PROG_AR was new in automake 1.11.2, which we do not yet require,
194 dnl so kludge up a replacement for the case where it isn't there yet.)
195 m4_ifdef([AM_PROG_AR],
197 [AN_MAKEVAR([AR], [AC_PROG_AR])
198 AN_PROGRAM([ar], [AC_PROG_AR])
199 AC_DEFUN([AC_PROG_AR], [AC_CHECK_TOOL([AR], [ar], [:])])
202 dnl Check whether the above macro has settled for a simply named tool even
203 dnl though we're cross compiling. We must do this before running AC_PROG_CC,
204 dnl because that will find any cc on the system, not only the cross-compiler,
205 dnl and then verify that a binary built with this compiler runs on the
206 dnl build system. It will then come to the false conclusion that we're not
208 if test "x$enable_tool_name_check" != "xno"; then
209 if test "x$ac_tool_warned" = "xyes"; then
210 AC_MSG_ERROR([We are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
211 elif test "x$ac_ct_AR" != "x" -a "x$cross_compiling" = "xmaybe"; then
212 AC_MSG_ERROR([We think we are cross compiling but could not find a properly named toolchain. Do you have your cross-compiling toolchain in PATH? (You can --disable-tool-name-check to ignore this.)])
222 AC_ARG_VAR([PERL], [path to Perl binary])
223 AC_CHECK_PROGS([PERL], [perl])
224 AM_CONDITIONAL(USE_PERL, [test "x$ac_cv_prog_PERL" != "x"])
226 dnl check for asciidoc and a2x
227 AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
228 AC_PATH_PROGS([A2X], [a2x a2x.py], none)
230 AM_CONDITIONAL(USE_ASCIIDOC, test "x$asciidoc" = "xtrue")
235 AC_ARG_VAR([PYTHON], [path to Python binary])
236 AC_CHECK_PROGS(PYTHON, [python python2 python2.7 python3 python3.3])
237 if test "x$PYTHON" = "x"; then
238 AC_MSG_WARN([Python unavailable; some tests will not be run.])
240 AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"])
242 ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [
243 AC_C_FLEXIBLE_ARRAY_MEMBER
245 dnl Maybe we've got an old autoconf...
246 AC_CACHE_CHECK([for flexible array members],
250 struct abc { int a; char b[]; };
252 struct abc *def = malloc(sizeof(struct abc)+sizeof(char));
255 [tor_cv_c_flexarray=yes],
256 [tor_cv_c_flexarray=no])])
257 if test "$tor_cv_flexarray" = "yes"; then
258 AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
260 AC_DEFINE([FLEXIBLE_ARRAY_MEMBER], [1], [Define to nothing if C supports flexible array members, and to 1 if it does not.])
264 AC_CACHE_CHECK([for working C99 mid-block declaration syntax],
267 [AC_LANG_PROGRAM([], [int x; x = 3; int y; y = 4 + x;])],
268 [tor_cv_c_c99_decl=yes],
269 [tor_cv_c_c99_decl=no] )])
270 if test "$tor_cv_c_c99_decl" != "yes"; then
271 AC_MSG_ERROR([Your compiler doesn't support c99 mid-block declarations. This is required as of Tor 0.2.6.x])
274 AC_CACHE_CHECK([for working C99 designated initializers],
275 tor_cv_c_c99_designated_init,
277 [AC_LANG_PROGRAM([struct s { int a; int b; };],
278 [[ struct s ss = { .b = 5, .a = 6 }; ]])],
279 [tor_cv_c_c99_designated_init=yes],
280 [tor_cv_c_c99_designated_init=no] )])
282 if test "$tor_cv_c_c99_designated_init" != "yes"; then
283 AC_MSG_ERROR([Your compiler doesn't support c99 designated initializers. This is required as of Tor 0.2.6.x])
287 AC_ARG_WITH(tor-user,
288 AS_HELP_STRING(--with-tor-user=NAME, [specify username for tor daemon]),
296 AC_ARG_WITH(tor-group,
297 AS_HELP_STRING(--with-tor-group=NAME, [specify group name for tor daemon]),
305 dnl If _WIN32 is defined and non-zero, we are building for win32
306 AC_MSG_CHECKING([for win32])
307 AC_RUN_IFELSE([AC_LANG_SOURCE([
308 int main(int c, char **v) {
319 bwin32=true; AC_MSG_RESULT([yes]),
320 bwin32=false; AC_MSG_RESULT([no]),
321 bwin32=cross; AC_MSG_RESULT([cross])
324 if test "$bwin32" = "cross"; then
325 AC_MSG_CHECKING([for win32 (cross)])
326 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
328 int main(int c, char **v) {return 0;}
331 int main(int c, char **v) {return x(y);}
334 bwin32=true; AC_MSG_RESULT([yes]),
335 bwin32=false; AC_MSG_RESULT([no]))
340 /* Defined to access windows functions and definitions for >=WinXP */
342 # define WINVER 0x0501
345 /* Defined to access _other_ windows functions and definitions for >=WinXP */
346 # ifndef _WIN32_WINNT
347 # define _WIN32_WINNT 0x0501
350 /* Defined to avoid including some windows headers as part of Windows.h */
351 # ifndef WIN32_LEAN_AND_MEAN
352 # define WIN32_LEAN_AND_MEAN 1
358 AM_CONDITIONAL(BUILD_NT_SERVICES, test "x$bwin32" = "xtrue")
360 dnl Enable C99 when compiling with MIPSpro
361 AC_MSG_CHECKING([for MIPSpro compiler])
362 AC_COMPILE_IFELSE([AC_LANG_PROGRAM(, [
363 #if (defined(__sgi) && defined(_COMPILER_VERSION))
368 bmipspro=false; AC_MSG_RESULT(no),
369 bmipspro=true; AC_MSG_RESULT(yes))
371 if test "$bmipspro" = "true"; then
372 CFLAGS="$CFLAGS -c99"
377 AC_SEARCH_LIBS(socket, [socket network])
378 AC_SEARCH_LIBS(gethostbyname, [nsl])
379 AC_SEARCH_LIBS(dlopen, [dl])
380 AC_SEARCH_LIBS(inet_aton, [resolv])
381 AC_SEARCH_LIBS(backtrace, [execinfo])
383 AC_SEARCH_LIBS([clock_gettime], [rt])
384 if test "$LIBS" != "$saved_LIBS"; then
385 # Looks like we need -lrt for clock_gettime().
389 AC_SEARCH_LIBS(pthread_create, [pthread])
390 AC_SEARCH_LIBS(pthread_detach, [pthread])
392 AM_CONDITIONAL(THREADS_WIN32, test "$bwin32" = "true")
393 AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
397 RtlSecureZeroMemory \
401 backtrace_symbols_fd \
445 # Apple messed up when they added two functions functions in Sierra: they
446 # forgot to decorate them with appropriate AVAILABLE_MAC_OS_VERSION
447 # checks. So we should only probe for those functions if we are sure that we
448 # are not targetting OSX 10.11 or earlier.
449 AC_MSG_CHECKING([for a pre-Sierra OSX build target])
450 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
452 # include <AvailabilityMacros.h>
453 # ifndef MAC_OS_X_VERSION_10_12
454 # define MAC_OS_X_VERSION_10_12 101200
456 # if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
457 # if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
458 # error "Running on Mac OSX 10.11 or earlier"
463 [on_macos_pre_10_12=no ; AC_MSG_RESULT([no])],
464 [on_macos_pre_10_12=yes; AC_MSG_RESULT([yes])])
466 if test "$on_macos_pre_10_12" = "no"; then
473 if test "$bwin32" != "true"; then
474 AC_CHECK_HEADERS(pthread.h)
475 AC_CHECK_FUNCS(pthread_create)
476 AC_CHECK_FUNCS(pthread_condattr_setclock)
479 if test "$bwin32" = "true"; then
480 AC_CHECK_DECLS([SecureZeroMemory, _getwch], , , [
487 AM_CONDITIONAL(BUILD_READPASSPHRASE_C,
488 test "x$ac_cv_func_readpassphrase" = "xno" && test "$bwin32" = "false")
490 dnl ------------------------------------------------------
491 dnl Where do you live, libevent? And how do we call you?
493 if test "$bwin32" = "true"; then
494 TOR_LIB_WS32=-lws2_32
495 TOR_LIB_IPHLPAPI=-liphlpapi
496 # Some of the cargo-cults recommend -lwsock32 as well, but I don't
497 # think it's actually necessary.
503 AC_SUBST(TOR_LIB_WS32)
504 AC_SUBST(TOR_LIB_GDI)
505 AC_SUBST(TOR_LIB_IPHLPAPI)
507 tor_libevent_pkg_redhat="libevent"
508 tor_libevent_pkg_debian="libevent-dev"
509 tor_libevent_devpkg_redhat="libevent-devel"
510 tor_libevent_devpkg_debian="libevent-dev"
512 dnl On Gnu/Linux or any place we require it, we'll add librt to the Libevent
513 dnl linking for static builds.
514 STATIC_LIBEVENT_FLAGS=""
515 if test "$enable_static_libevent" = "yes"; then
516 if test "$have_rt" = "yes"; then
517 STATIC_LIBEVENT_FLAGS=" -lrt "
521 TOR_SEARCH_LIBRARY(libevent, $trylibeventdir, [-levent $STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32], [
523 #include <winsock2.h>
525 #include <sys/time.h>
526 #include <sys/types.h>
527 #include <event2/event.h>], [
529 #include <winsock2.h>
532 struct event_base *event_base_new(void);],
535 {WSADATA d; WSAStartup(0x101,&d); }
538 ], [--with-libevent-dir], [/opt/libevent])
540 dnl Determine the incantation needed to link libevent.
542 save_LDFLAGS="$LDFLAGS"
543 save_CPPFLAGS="$CPPFLAGS"
545 LIBS="$STATIC_LIBEVENT_FLAGS $TOR_LIB_WS32 $save_LIBS"
546 LDFLAGS="$TOR_LDFLAGS_libevent $LDFLAGS"
547 CPPFLAGS="$TOR_CPPFLAGS_libevent $CPPFLAGS"
549 AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h)
551 if test "$enable_static_libevent" = "yes"; then
552 if test "$tor_cv_library_libevent_dir" = "(system)"; then
553 AC_MSG_ERROR("You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent")
555 TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS"
558 if test "x$ac_cv_header_event2_event_h" = "xyes"; then
559 AC_SEARCH_LIBS(event_new, [event event_core], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for event_new"))
560 AC_SEARCH_LIBS(evdns_base_new, [event event_extra], , AC_MSG_ERROR("libevent2 is installed but linking it failed while searching for evdns_base_new"))
562 if test "$ac_cv_search_event_new" != "none required"; then
563 TOR_LIBEVENT_LIBS="$ac_cv_search_event_new"
565 if test "$ac_cv_search_evdns_base_new" != "none required"; then
566 TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS"
569 AC_MSG_ERROR("libevent2 is required but the headers could not be found")
573 dnl Now check for particular libevent functions.
574 AC_CHECK_FUNCS([evutil_secure_rng_set_urandom_device_file \
575 evutil_secure_rng_add_bytes \
579 LDFLAGS="$save_LDFLAGS"
580 CPPFLAGS="$save_CPPFLAGS"
582 dnl Check that libevent is at least at version 2.0.10, the first stable
583 dnl release of its series
584 CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent"
585 AC_MSG_CHECKING([whether Libevent is new enough])
586 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
587 #include <event2/event.h>
588 #if !defined(LIBEVENT_VERSION_NUMBER) || LIBEVENT_VERSION_NUMBER < 0x02000a00
594 ])], [ AC_MSG_RESULT([yes]) ],
595 [ AC_MSG_RESULT([no])
596 AC_MSG_ERROR([Libevent is not new enough. We require 2.0.10-stable or later]) ] )
599 LDFLAGS="$save_LDFLAGS"
600 CPPFLAGS="$save_CPPFLAGS"
602 AC_SUBST(TOR_LIBEVENT_LIBS)
604 dnl ------------------------------------------------------
605 dnl Where do you live, libm?
607 dnl On some platforms (Haiku/BeOS) the math library is
608 dnl part of libroot. In which case don't link against lm
611 AC_SEARCH_LIBS(pow, [m], , AC_MSG_ERROR([Could not find pow in libm or libc.]))
612 if test "$ac_cv_search_pow" != "none required"; then
613 TOR_LIB_MATH="$ac_cv_search_pow"
616 AC_SUBST(TOR_LIB_MATH)
618 dnl ------------------------------------------------------
619 dnl Where do you live, openssl? And how do we call you?
621 tor_openssl_pkg_redhat="openssl"
622 tor_openssl_pkg_debian="libssl-dev"
623 tor_openssl_devpkg_redhat="openssl-devel"
624 tor_openssl_devpkg_debian="libssl-dev"
626 ALT_openssl_WITHVAL=""
628 AS_HELP_STRING(--with-ssl-dir=PATH, [obsolete alias for --with-openssl-dir]),
630 if test "x$withval" != "xno" && test "x$withval" != "x"; then
631 ALT_openssl_WITHVAL="$withval"
635 TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI],
636 [#include <openssl/rand.h>],
637 [void RAND_add(const void *buf, int num, double entropy);],
638 [RAND_add((void*)0,0,0);], [],
639 [/usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/athena /opt/openssl])
641 dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
643 if test "$enable_static_openssl" = "yes"; then
644 if test "$tor_cv_library_openssl_dir" = "(system)"; then
645 AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
647 TOR_OPENSSL_LIBS="$TOR_LIBDIR_openssl/libssl.a $TOR_LIBDIR_openssl/libcrypto.a"
650 TOR_OPENSSL_LIBS="-lssl -lcrypto"
652 AC_SUBST(TOR_OPENSSL_LIBS)
654 dnl Now check for particular openssl functions.
656 save_LDFLAGS="$LDFLAGS"
657 save_CPPFLAGS="$CPPFLAGS"
658 LIBS="$TOR_OPENSSL_LIBS $LIBS"
659 LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS"
660 CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS"
662 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
663 #include <openssl/opensslv.h>
664 #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
669 [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ])
671 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
672 #include <openssl/opensslv.h>
673 #include <openssl/evp.h>
674 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA)
677 #if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1)
678 #error "curves unavailable"
682 [ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
684 AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
685 [#include <openssl/ssl.h>
689 SSL_SESSION_get_master_key \
690 SSL_get_server_random \
691 SSL_get_client_ciphers \
692 SSL_get_client_random \
697 dnl Check if OpenSSL has scrypt implementation.
698 AC_CHECK_FUNCS([ EVP_PBE_scrypt ])
700 dnl Check if OpenSSL structures are opaque
701 AC_CHECK_MEMBERS([SSL.state], , ,
702 [#include <openssl/ssl.h>
706 LDFLAGS="$save_LDFLAGS"
707 CPPFLAGS="$save_CPPFLAGS"
709 dnl ------------------------------------------------------
710 dnl Where do you live, zlib? And how do we call you?
712 tor_zlib_pkg_redhat="zlib"
713 tor_zlib_pkg_debian="zlib1g"
714 tor_zlib_devpkg_redhat="zlib-devel"
715 tor_zlib_devpkg_debian="zlib1g-dev"
717 TOR_SEARCH_LIBRARY(zlib, $tryzlibdir, [-lz],
719 [const char * zlibVersion(void);],
720 [zlibVersion();], [--with-zlib-dir],
723 if test "$enable_static_zlib" = "yes"; then
724 if test "$tor_cv_library_zlib_dir" = "(system)"; then
725 AC_MSG_ERROR("You must specify an explicit --with-zlib-dir=x option when
726 using --enable-static-zlib")
728 TOR_ZLIB_LIBS="$TOR_LIBDIR_zlib/libz.a"
733 AC_SUBST(TOR_ZLIB_LIBS)
735 dnl ----------------------------------------------------------------------
736 dnl Check if libcap is available for capabilities.
738 tor_cap_pkg_debian="libcap2"
739 tor_cap_pkg_redhat="libcap"
740 tor_cap_devpkg_debian="libcap-dev"
741 tor_cap_devpkg_redhat="libcap-devel"
743 AC_CHECK_LIB([cap], [cap_init], [],
744 AC_MSG_NOTICE([Libcap was not found. Capabilities will not be usable.])
746 AC_CHECK_FUNCS(cap_set_proc)
748 dnl ---------------------------------------------------------------------
749 dnl Now that we know about our major libraries, we can check for compiler
750 dnl and linker hardening options. We need to do this with the libraries known,
751 dnl since sometimes the linker will like an option but not be willing to
752 dnl use it with a build of a library.
754 all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent"
755 all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_CAP_LIBS"
763 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [
764 #if !defined(__clang__)
766 #endif])], have_clang=yes, have_clang=no)
768 if test "x$enable_gcc_hardening" != "xno"; then
769 CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2"
770 if test "x$have_clang" = "xyes"; then
771 TOR_CHECK_CFLAGS(-Qunused-arguments)
773 TOR_CHECK_CFLAGS(-fstack-protector-all, also_link)
774 AS_VAR_PUSHDEF([can_compile], [tor_cv_cflags_-fstack-protector-all])
775 AS_VAR_PUSHDEF([can_link], [tor_can_link_-fstack-protector-all])
776 m4_ifdef([AS_VAR_IF],[
777 AS_VAR_IF(can_compile, [yes],
778 AS_VAR_IF(can_link, [yes],
780 AC_MSG_ERROR([We tried to build with stack protection; it looks like your compiler supports it but your libc does not provide it. Are you missing libssp? (You can --disable-gcc-hardening to ignore this error.)]))
782 AS_VAR_POPDEF([can_link])
783 AS_VAR_POPDEF([can_compile])
784 TOR_CHECK_CFLAGS(-Wstack-protector)
785 TOR_CHECK_CFLAGS(--param ssp-buffer-size=1)
786 if test "$bwin32" = "false" && test "$enable_libfuzzer" != "yes" && test "$enable_oss_fuzz" != "yes"; then
787 TOR_CHECK_CFLAGS(-fPIE)
788 TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
790 TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
793 if test "$fragile_hardening" = "yes"; then
794 TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, also_link, CFLAGS_FTRAPV="-ftrapv", true)
795 if test "$tor_cv_cflags__ftrapv" = "yes" && test "$tor_can_link__ftrapv" != "yes"; then
796 AC_MSG_WARN([The compiler supports -ftrapv, but for some reason I was not able to link with -ftrapv. Are you missing run-time support? Run-time hardening will not work as well as it should.])
799 if test "$tor_cv_cflags__ftrapv" != "yes"; then
800 AC_MSG_ERROR([You requested fragile hardening, but the compiler does not seem to support -ftrapv.])
803 TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], also_link, CFLAGS_ASAN="-fsanitize=address", true)
804 if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
805 AC_MSG_ERROR([The compiler supports -fsanitize=address, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libubsan.so, and with Clang you need libclang_rt.ubsan*])
808 TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], also_link, CFLAGS_UBSAN="-fsanitize=undefined", true)
809 if test "$tor_cv_cflags__fsanitize_address" = "yes" && test "$tor_can_link__fsanitize_address" != "yes"; then
810 AC_MSG_ERROR([The compiler supports -fsanitize=undefined, but for some reason I was not able to link when using it. Are you missing run-time support? With GCC you need libasan.so, and with Clang you need libclang_rt.ubsan*])
813 TOR_CHECK_CFLAGS([-fno-omit-frame-pointer])
816 CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN"
817 CFLAGS_CONSTTIME="$CFLAGS_FWRAPV"
819 mulodi_fixes_ftrapv=no
820 if test "$have_clang" = "yes"; then
821 saved_CFLAGS="$CFLAGS"
822 CFLAGS="$CFLAGS $CFLAGS_FTRAPV"
823 AC_MSG_CHECKING([whether clang -ftrapv can link a 64-bit int multiply])
828 int main(int argc, char **argv)
830 int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
831 * (int64_t)atoi(argv[3]);
834 [ftrapv_can_link=yes; AC_MSG_RESULT([yes])],
835 [ftrapv_can_link=no; AC_MSG_RESULT([no])])
836 if test "$ftrapv_can_link" = "no"; then
837 AC_MSG_CHECKING([whether defining __mulodi4 fixes that])
842 int64_t __mulodi4(int64_t a, int64_t b, int *overflow) {
846 int main(int argc, char **argv)
848 int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2])
849 * (int64_t)atoi(argv[3]);
852 [mulodi_fixes_ftrapv=yes; AC_MSG_RESULT([yes])],
853 [mulodi_fixes_ftrapv=no; AC_MSG_RESULT([no])])
855 CFLAGS="$saved_CFLAGS"
858 AM_CONDITIONAL(ADD_MULODI4, test "$mulodi_fixes_ftrapv" = "yes")
860 dnl These cflags add bunches of branches, and we haven't been able to
861 dnl persuade ourselves that they're suitable for code that needs to be
863 AC_SUBST(CFLAGS_BUGTRAP)
864 dnl These cflags are variant ones sutable for code that needs to be
866 AC_SUBST(CFLAGS_CONSTTIME)
868 if test "x$enable_linker_hardening" != "xno"; then
869 TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check")
872 # For backtrace support
873 TOR_CHECK_LDFLAGS(-rdynamic)
875 dnl ------------------------------------------------------
876 dnl Now see if we have a -fomit-frame-pointer compiler option.
878 saved_CFLAGS="$CFLAGS"
879 TOR_CHECK_CFLAGS(-fomit-frame-pointer)
880 F_OMIT_FRAME_POINTER=''
881 if test "$saved_CFLAGS" != "$CFLAGS"; then
882 if test "$fragile_hardening" = "yes"; then
883 F_OMIT_FRAME_POINTER='-fomit-frame-pointer'
886 CFLAGS="$saved_CFLAGS"
887 AC_SUBST(F_OMIT_FRAME_POINTER)
889 dnl ------------------------------------------------------
890 dnl If we are adding -fomit-frame-pointer (or if the compiler's doing it
891 dnl for us, as GCC 4.6 and later do at many optimization levels), then
892 dnl we should try to add -fasynchronous-unwind-tables so that our backtrace
894 TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)
896 dnl ============================================================
897 dnl Check for libseccomp
899 if test "x$enable_seccomp" != "xno"; then
900 AC_CHECK_HEADERS([seccomp.h])
901 AC_SEARCH_LIBS(seccomp_init, [seccomp])
904 dnl ============================================================
905 dnl Check for libscrypt
907 if test "x$enable_libscrypt" != "xno"; then
908 AC_CHECK_HEADERS([libscrypt.h])
909 AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt])
910 AC_CHECK_FUNCS([libscrypt_scrypt])
913 dnl ============================================================
914 dnl We need an implementation of curve25519.
916 dnl set these defaults.
917 build_curve25519_donna=no
918 build_curve25519_donna_c64=no
919 use_curve25519_donna=no
920 use_curve25519_nacl=no
923 dnl The best choice is using curve25519-donna-c64, but that requires
925 AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
926 tor_cv_can_use_curve25519_donna_c64,
928 [AC_LANG_PROGRAM([dnl
930 typedef unsigned uint128_t __attribute__((mode(TI)));
931 int func(uint64_t a, uint64_t b) {
932 uint128_t c = ((uint128_t)a) * b;
933 int ok = ((uint64_t)(c>>96)) == 522859 &&
934 (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
935 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
936 (((uint64_t)(c))&0xffffffffL) == 0;
940 int ok = func( ((uint64_t)2000000000) * 1000000000,
941 ((uint64_t)1234567890) << 24);
944 [tor_cv_can_use_curve25519_donna_c64=yes],
945 [tor_cv_can_use_curve25519_donna_c64=no],
947 [AC_LANG_PROGRAM([dnl
949 typedef unsigned uint128_t __attribute__((mode(TI)));
950 int func(uint64_t a, uint64_t b) {
951 uint128_t c = ((uint128_t)a) * b;
952 int ok = ((uint64_t)(c>>96)) == 522859 &&
953 (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
954 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
955 (((uint64_t)(c))&0xffffffffL) == 0;
959 int ok = func( ((uint64_t)2000000000) * 1000000000,
960 ((uint64_t)1234567890) << 24);
963 [tor_cv_can_use_curve25519_donna_c64=cross],
964 [tor_cv_can_use_curve25519_donna_c64=no])])])
966 AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
967 nacl/crypto_scalarmult_curve25519.h])
969 AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
970 tor_cv_can_use_curve25519_nacl,
971 [tor_saved_LIBS="$LIBS"
974 [AC_LANG_PROGRAM([dnl
975 #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
976 #include <crypto_scalarmult_curve25519.h>
977 #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
978 #include <nacl/crypto_scalarmult_curve25519.h>
980 #ifdef crypto_scalarmult_curve25519_ref_BYTES
981 #error Hey, this is the reference implementation! That's not fast.
984 unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
985 ])], [tor_cv_can_use_curve25519_nacl=yes],
986 [tor_cv_can_use_curve25519_nacl=no])
987 LIBS="$tor_saved_LIBS" ])
989 dnl Okay, now we need to figure out which one to actually use. Fall back
990 dnl to curve25519-donna.c
992 if test "x$tor_cv_can_use_curve25519_donna_c64" != "xno"; then
993 build_curve25519_donna_c64=yes
994 use_curve25519_donna=yes
995 elif test "x$tor_cv_can_use_curve25519_nacl" = "xyes"; then
996 use_curve25519_nacl=yes
997 CURVE25519_LIBS=-lnacl
999 build_curve25519_donna=yes
1000 use_curve25519_donna=yes
1003 if test "x$use_curve25519_donna" = "xyes"; then
1004 AC_DEFINE(USE_CURVE25519_DONNA, 1,
1005 [Defined if we should use an internal curve25519_donna{,_c64} implementation])
1007 if test "x$use_curve25519_nacl" = "xyes"; then
1008 AC_DEFINE(USE_CURVE25519_NACL, 1,
1009 [Defined if we should use a curve25519 from nacl])
1011 AM_CONDITIONAL(BUILD_CURVE25519_DONNA,
1012 test "x$build_curve25519_donna" = "xyes")
1013 AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64,
1014 test "x$build_curve25519_donna_c64" = "xyes")
1015 AC_SUBST(CURVE25519_LIBS)
1017 dnl Make sure to enable support for large off_t if available.
1020 AC_CHECK_HEADERS([assert.h \
1073 AC_CHECK_HEADERS(sys/param.h)
1075 AC_CHECK_HEADERS(net/if.h, net_if_found=1, net_if_found=0,
1076 [#ifdef HAVE_SYS_TYPES_H
1077 #include <sys/types.h>
1079 #ifdef HAVE_SYS_SOCKET_H
1080 #include <sys/socket.h>
1082 AC_CHECK_HEADERS(net/pfvar.h, net_pfvar_found=1, net_pfvar_found=0,
1083 [#ifdef HAVE_SYS_TYPES_H
1084 #include <sys/types.h>
1086 #ifdef HAVE_SYS_SOCKET_H
1087 #include <sys/socket.h>
1089 #ifdef HAVE_NET_IF_H
1092 #ifdef HAVE_NETINET_IN_H
1093 #include <netinet/in.h>
1096 AC_CHECK_HEADERS(linux/if.h,[],[],
1098 #ifdef HAVE_SYS_SOCKET_H
1099 #include <sys/socket.h>
1103 AC_CHECK_HEADERS(linux/netfilter_ipv4.h,
1104 linux_netfilter_ipv4=1, linux_netfilter_ipv4=0,
1105 [#ifdef HAVE_SYS_TYPES_H
1106 #include <sys/types.h>
1108 #ifdef HAVE_SYS_SOCKET_H
1109 #include <sys/socket.h>
1111 #ifdef HAVE_LIMITS_H
1114 #ifdef HAVE_LINUX_TYPES_H
1115 #include <linux/types.h>
1117 #ifdef HAVE_NETINET_IN6_H
1118 #include <netinet/in6.h>
1120 #ifdef HAVE_NETINET_IN_H
1121 #include <netinet/in.h>
1124 AC_CHECK_HEADERS(linux/netfilter_ipv6/ip6_tables.h,
1125 linux_netfilter_ipv6_ip6_tables=1, linux_netfilter_ipv6_ip6_tables=0,
1126 [#ifdef HAVE_SYS_TYPES_H
1127 #include <sys/types.h>
1129 #ifdef HAVE_SYS_SOCKET_H
1130 #include <sys/socket.h>
1132 #ifdef HAVE_LIMITS_H
1135 #ifdef HAVE_LINUX_TYPES_H
1136 #include <linux/types.h>
1138 #ifdef HAVE_NETINET_IN6_H
1139 #include <netinet/in6.h>
1141 #ifdef HAVE_NETINET_IN_H
1142 #include <netinet/in.h>
1144 #ifdef HAVE_LINUX_IF_H
1145 #include <linux/if.h>
1149 if test "x$net_if_found" = "x1" && test "x$net_pfvar_found" = "x1"; then
1152 if test "x$linux_netfilter_ipv4" = "x1"; then
1155 if test "x$linux_netfilter_ipv6_ip6_tables" = "x1"; then
1158 if test "x$transparent_ok" = "x1"; then
1159 AC_DEFINE(USE_TRANSPARENT, 1, "Define to enable transparent proxy support")
1161 AC_MSG_NOTICE([Transparent proxy support enabled, but missing headers.])
1164 AC_CHECK_MEMBERS([struct timeval.tv_sec], , ,
1165 [#ifdef HAVE_SYS_TYPES_H
1166 #include <sys/types.h>
1168 #ifdef HAVE_SYS_TIME_H
1169 #include <sys/time.h>
1172 dnl In case we aren't given a working stdint.h, we'll need to grow our own.
1175 AC_CHECK_SIZEOF(int8_t)
1176 AC_CHECK_SIZEOF(int16_t)
1177 AC_CHECK_SIZEOF(int32_t)
1178 AC_CHECK_SIZEOF(int64_t)
1179 AC_CHECK_SIZEOF(uint8_t)
1180 AC_CHECK_SIZEOF(uint16_t)
1181 AC_CHECK_SIZEOF(uint32_t)
1182 AC_CHECK_SIZEOF(uint64_t)
1183 AC_CHECK_SIZEOF(intptr_t)
1184 AC_CHECK_SIZEOF(uintptr_t)
1186 dnl AC_CHECK_TYPES([int8_t, int16_t, int32_t, int64_t, uint8_t, uint16_t, uint32_t, uint64_t, intptr_t, uintptr_t])
1188 AC_CHECK_SIZEOF(char)
1189 AC_CHECK_SIZEOF(short)
1190 AC_CHECK_SIZEOF(int)
1191 AC_CHECK_SIZEOF(long)
1192 AC_CHECK_SIZEOF(long long)
1193 AC_CHECK_SIZEOF(__int64)
1194 AC_CHECK_SIZEOF(void *)
1195 AC_CHECK_SIZEOF(time_t)
1196 AC_CHECK_SIZEOF(size_t)
1197 AC_CHECK_SIZEOF(pid_t)
1199 AC_CHECK_TYPES([uint, u_char, ssize_t])
1201 AC_PC_FROM_UCONTEXT([:])
1203 dnl used to include sockaddr_storage, but everybody has that.
1204 AC_CHECK_TYPES([struct in6_addr, struct sockaddr_in6, sa_family_t], , ,
1205 [#ifdef HAVE_SYS_TYPES_H
1206 #include <sys/types.h>
1208 #ifdef HAVE_NETINET_IN_H
1209 #include <netinet/in.h>
1211 #ifdef HAVE_NETINET_IN6_H
1212 #include <netinet/in6.h>
1214 #ifdef HAVE_SYS_SOCKET_H
1215 #include <sys/socket.h>
1218 #define _WIN32_WINNT 0x0501
1219 #define WIN32_LEAN_AND_MEAN
1220 #include <winsock2.h>
1221 #include <ws2tcpip.h>
1224 AC_CHECK_MEMBERS([struct in6_addr.s6_addr32, struct in6_addr.s6_addr16, struct sockaddr_in.sin_len, struct sockaddr_in6.sin6_len], , ,
1225 [#ifdef HAVE_SYS_TYPES_H
1226 #include <sys/types.h>
1228 #ifdef HAVE_NETINET_IN_H
1229 #include <netinet/in.h>
1231 #ifdef HAVE_NETINET_IN6_H
1232 #include <netinet/in6.h>
1234 #ifdef HAVE_SYS_SOCKET_H
1235 #include <sys/socket.h>
1238 #define _WIN32_WINNT 0x0501
1239 #define WIN32_LEAN_AND_MEAN
1240 #include <winsock2.h>
1241 #include <ws2tcpip.h>
1245 AC_CHECK_TYPES([rlim_t], , ,
1246 [#ifdef HAVE_SYS_TYPES_H
1247 #include <sys/types.h>
1249 #ifdef HAVE_SYS_TIME_H
1250 #include <sys/time.h>
1252 #ifdef HAVE_SYS_RESOURCE_H
1253 #include <sys/resource.h>
1257 AX_CHECK_SIGN([time_t],
1260 #ifdef HAVE_SYS_TYPES_H
1261 #include <sys/types.h>
1263 #ifdef HAVE_SYS_TIME_H
1264 #include <sys/time.h>
1271 if test "$ax_cv_decl_time_t_signed" = "no"; then
1272 AC_MSG_ERROR([You have an unsigned time_t; Tor does not support that. Please tell the Tor developers about your interesting platform.])
1275 AX_CHECK_SIGN([size_t],
1276 [ tor_cv_size_t_signed=yes ],
1277 [ tor_cv_size_t_signed=no ], [
1278 #ifdef HAVE_SYS_TYPES_H
1279 #include <sys/types.h>
1283 if test "$ax_cv_decl_size_t_signed" = "yes"; then
1284 AC_MSG_ERROR([You have a signed size_t; that's grossly nonconformant.])
1287 AX_CHECK_SIGN([enum always],
1288 [ AC_DEFINE(ENUM_VALS_ARE_SIGNED, 1, [Define if enum is always signed]) ],
1290 enum always { AAA, BBB, CCC };
1293 AC_CHECK_SIZEOF(socklen_t, , [AC_INCLUDES_DEFAULT()
1294 #ifdef HAVE_SYS_SOCKET_H
1295 #include <sys/socket.h>
1299 # We want to make sure that we _don't_ have a cell_t defined, like IRIX does.
1301 AC_CHECK_SIZEOF(cell_t)
1303 # Now make sure that NULL can be represented as zero bytes.
1304 AC_CACHE_CHECK([whether memset(0) sets pointers to NULL], tor_cv_null_is_zero,
1305 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1306 [[#include <stdlib.h>
1309 #ifdef HAVE_STDDEF_H
1312 int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
1313 return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])],
1314 [tor_cv_null_is_zero=yes],
1315 [tor_cv_null_is_zero=no],
1316 [tor_cv_null_is_zero=cross])])
1318 if test "$tor_cv_null_is_zero" = "cross"; then
1319 # Cross-compiling; let's hope that the target isn't raving mad.
1320 AC_MSG_NOTICE([Cross-compiling: we'll assume that NULL is represented as a sequence of 0-valued bytes.])
1323 if test "$tor_cv_null_is_zero" != "no"; then
1324 AC_DEFINE([NULL_REP_IS_ZERO_BYTES], 1,
1325 [Define to 1 iff memset(0) sets pointers to NULL])
1328 AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], tor_cv_dbl0_is_zero,
1329 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1330 [[#include <stdlib.h>
1333 #ifdef HAVE_STDDEF_H
1336 int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
1337 return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])],
1338 [tor_cv_dbl0_is_zero=yes],
1339 [tor_cv_dbl0_is_zero=no],
1340 [tor_cv_dbl0_is_zero=cross])])
1342 if test "$tor_cv_dbl0_is_zero" = "cross"; then
1343 # Cross-compiling; let's hope that the target isn't raving mad.
1344 AC_MSG_NOTICE([Cross-compiling: we'll assume that 0.0 can be represented as a sequence of 0-valued bytes.])
1347 if test "$tor_cv_dbl0_is_zero" != "no"; then
1348 AC_DEFINE([DOUBLE_0_REP_IS_ZERO_BYTES], 1,
1349 [Define to 1 iff memset(0) sets doubles to 0.0])
1352 # And what happens when we malloc zero?
1353 AC_CACHE_CHECK([whether we can malloc(0) safely.], tor_cv_malloc_zero_works,
1354 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1355 [[#include <stdlib.h>
1358 #ifdef HAVE_STDDEF_H
1361 int main () { return malloc(0)?0:1; }]])],
1362 [tor_cv_malloc_zero_works=yes],
1363 [tor_cv_malloc_zero_works=no],
1364 [tor_cv_malloc_zero_works=cross])])
1366 if test "$tor_cv_malloc_zero_works" = "cross"; then
1367 # Cross-compiling; let's hope that the target isn't raving mad.
1368 AC_MSG_NOTICE([Cross-compiling: we'll assume that we need to check malloc() arguments for 0.])
1371 if test "$tor_cv_malloc_zero_works" = "yes"; then
1372 AC_DEFINE([MALLOC_ZERO_WORKS], 1,
1373 [Define to 1 iff malloc(0) returns a pointer])
1376 # whether we seem to be in a 2s-complement world.
1377 AC_CACHE_CHECK([whether we are using 2s-complement arithmetic], tor_cv_twos_complement,
1378 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1379 [[int main () { int problem = ((-99) != (~99)+1);
1380 return problem ? 1 : 0; }]])],
1381 [tor_cv_twos_complement=yes],
1382 [tor_cv_twos_complement=no],
1383 [tor_cv_twos_complement=cross])])
1385 if test "$tor_cv_twos_complement" = "cross"; then
1386 # Cross-compiling; let's hope that the target isn't raving mad.
1387 AC_MSG_NOTICE([Cross-compiling: we'll assume that negative integers are represented with two's complement.])
1390 if test "$tor_cv_twos_complement" != "no"; then
1391 AC_DEFINE([USING_TWOS_COMPLEMENT], 1,
1392 [Define to 1 iff we represent negative integers with
1396 # What does shifting a negative value do?
1397 AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend,
1398 [AC_RUN_IFELSE([AC_LANG_SOURCE(
1399 [[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
1400 [tor_cv_sign_extend=yes],
1401 [tor_cv_sign_extend=no],
1402 [tor_cv_sign_extend=cross])])
1404 if test "$tor_cv_sign_extend" = "cross"; then
1405 # Cross-compiling; let's hope that the target isn't raving mad.
1406 AC_MSG_NOTICE([Cross-compiling: we'll assume that right-shifting negative integers causes sign-extension])
1409 if test "$tor_cv_sign_extend" != "no"; then
1410 AC_DEFINE([RSHIFT_DOES_SIGN_EXTEND], 1,
1411 [Define to 1 iff right-shifting a negative value performs sign-extension])
1414 # Whether we should use the dmalloc memory allocation debugging library.
1415 AC_MSG_CHECKING(whether to use dmalloc (debug memory allocation library))
1416 AC_ARG_WITH(dmalloc,
1417 AS_HELP_STRING(--with-dmalloc, [use debug memory allocation library]),
1418 [if [[ "$withval" = "yes" ]]; then
1424 fi], [ dmalloc=0; AC_MSG_RESULT(no) ]
1427 if [[ $dmalloc -eq 1 ]]; then
1428 AC_CHECK_HEADERS(dmalloc.h, , AC_MSG_ERROR(dmalloc header file not found. Do you have the development files for dmalloc installed?))
1429 AC_SEARCH_LIBS(dmalloc_malloc, [dmallocth dmalloc], , AC_MSG_ERROR(Libdmalloc library not found. If you enable it you better have it installed.))
1430 AC_DEFINE(USE_DMALLOC, 1, [Debug memory allocation library])
1431 AC_CHECK_FUNCS(dmalloc_strdup dmalloc_strndup)
1434 AC_ARG_WITH(tcmalloc,
1435 AS_HELP_STRING(--with-tcmalloc, [use tcmalloc memory allocation library]),
1436 [ tcmalloc=yes ], [ tcmalloc=no ])
1438 if test "x$tcmalloc" = "xyes"; then
1439 LDFLAGS="-ltcmalloc $LDFLAGS"
1442 using_custom_malloc=no
1443 if test "x$enable_openbsd_malloc" = "xyes"; then
1444 using_custom_malloc=yes
1446 if test "x$tcmalloc" = "xyes"; then
1447 using_custom_malloc=yes
1449 if test "$using_custom_malloc" = "no"; then
1450 AC_CHECK_FUNCS(mallinfo)
1453 # By default, we're going to assume we don't have mlockall()
1454 # bionic and other platforms have various broken mlockall subsystems.
1455 # Some systems don't have a working mlockall, some aren't linkable,
1456 # and some have it but don't declare it.
1457 AC_CHECK_FUNCS(mlockall)
1458 AC_CHECK_DECLS([mlockall], , , [
1459 #ifdef HAVE_SYS_MMAN_H
1460 #include <sys/mman.h>
1463 # Some MinGW environments don't have getpagesize in unistd.h. We don't use
1464 # AC_CHECK_FUNCS(getpagesize), because other environments rename getpagesize
1466 AC_CHECK_DECLS([getpagesize], , , [
1467 #ifdef HAVE_UNISTD_H
1471 # Allow user to specify an alternate syslog facility
1472 AC_ARG_WITH(syslog-facility,
1473 AS_HELP_STRING(--with-syslog-facility=LOG, [syslog facility to use (default=LOG_DAEMON)]),
1474 syslog_facility="$withval", syslog_facility="LOG_DAEMON")
1475 AC_DEFINE_UNQUOTED(LOGFACILITY,$syslog_facility,[name of the syslog facility])
1476 AC_SUBST(LOGFACILITY)
1478 # Check if we have getresuid and getresgid
1479 AC_CHECK_FUNCS(getresuid getresgid)
1481 # Check for gethostbyname_r in all its glorious incompatible versions.
1482 # (This logic is based on that in Python's configure.in)
1483 AH_TEMPLATE(HAVE_GETHOSTBYNAME_R,
1484 [Define this if you have any gethostbyname_r()])
1486 AC_CHECK_FUNC(gethostbyname_r, [
1487 AC_MSG_CHECKING([how many arguments gethostbyname_r() wants])
1489 CFLAGS="$CFLAGS $MY_CPPFLAGS $MY_THREAD_CPPFLAGS $MY_CFLAGS"
1490 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1494 struct hostent *h1, *h2;
1496 (void)gethostbyname_r(cp1,h1,cp2,i1,&h2,&i2);
1498 AC_DEFINE(HAVE_GETHOSTBYNAME_R)
1499 AC_DEFINE(HAVE_GETHOSTBYNAME_R_6_ARG, 1,
1500 [Define this if gethostbyname_r takes 6 arguments])
1503 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1509 (void)gethostbyname_r(cp1,h1,cp2,i1,&i2);
1511 AC_DEFINE(HAVE_GETHOSTBYNAME_R)
1512 AC_DEFINE(HAVE_GETHOSTBYNAME_R_5_ARG, 1,
1513 [Define this if gethostbyname_r takes 5 arguments])
1516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
1521 struct hostent_data hd;
1522 (void) gethostbyname_r(cp1,h1,&hd);
1524 AC_DEFINE(HAVE_GETHOSTBYNAME_R)
1525 AC_DEFINE(HAVE_GETHOSTBYNAME_R_3_ARG, 1,
1526 [Define this if gethostbyname_r takes 3 arguments])
1536 AC_CACHE_CHECK([whether the C compiler supports __func__],
1537 tor_cv_have_func_macro,
1538 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1540 int main(int c, char **v) { puts(__func__); }])],
1541 tor_cv_have_func_macro=yes,
1542 tor_cv_have_func_macro=no))
1544 AC_CACHE_CHECK([whether the C compiler supports __FUNC__],
1545 tor_cv_have_FUNC_macro,
1546 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1548 int main(int c, char **v) { puts(__FUNC__); }])],
1549 tor_cv_have_FUNC_macro=yes,
1550 tor_cv_have_FUNC_macro=no))
1552 AC_CACHE_CHECK([whether the C compiler supports __FUNCTION__],
1553 tor_cv_have_FUNCTION_macro,
1554 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1556 int main(int c, char **v) { puts(__FUNCTION__); }])],
1557 tor_cv_have_FUNCTION_macro=yes,
1558 tor_cv_have_FUNCTION_macro=no))
1560 AC_CACHE_CHECK([whether we have extern char **environ already declared],
1561 tor_cv_have_environ_declared,
1562 AC_COMPILE_IFELSE([AC_LANG_SOURCE([
1563 #ifdef HAVE_UNISTD_H
1567 int main(int c, char **v) { char **t = environ; }])],
1568 tor_cv_have_environ_declared=yes,
1569 tor_cv_have_environ_declared=no))
1571 if test "$tor_cv_have_func_macro" = "yes"; then
1572 AC_DEFINE(HAVE_MACRO__func__, 1, [Defined if the compiler supports __func__])
1575 if test "$tor_cv_have_FUNC_macro" = "yes"; then
1576 AC_DEFINE(HAVE_MACRO__FUNC__, 1, [Defined if the compiler supports __FUNC__])
1579 if test "$tor_cv_have_FUNCTION_macro" = "yes"; then
1580 AC_DEFINE(HAVE_MACRO__FUNCTION__, 1,
1581 [Defined if the compiler supports __FUNCTION__])
1584 if test "$tor_cv_have_environ_declared" = "yes"; then
1585 AC_DEFINE(HAVE_EXTERN_ENVIRON_DECLARED, 1,
1586 [Defined if we have extern char **environ already declared])
1589 # $prefix stores the value of the --prefix command line option, or
1590 # NONE if the option wasn't set. In the case that it wasn't set, make
1591 # it be the default, so that we can use it to expand directories now.
1592 if test "x$prefix" = "xNONE"; then
1593 prefix=$ac_default_prefix
1596 # and similarly for $exec_prefix
1597 if test "x$exec_prefix" = "xNONE"; then
1601 if test "x$BUILDDIR" = "x"; then
1605 AH_TEMPLATE([BUILDDIR],[tor's build directory])
1606 AC_DEFINE_UNQUOTED(BUILDDIR,"$BUILDDIR")
1608 if test "x$CONFDIR" = "x"; then
1609 CONFDIR=`eval echo $sysconfdir/tor`
1612 AH_TEMPLATE([CONFDIR],[tor's configuration directory])
1613 AC_DEFINE_UNQUOTED(CONFDIR,"$CONFDIR")
1615 BINDIR=`eval echo $bindir`
1617 LOCALSTATEDIR=`eval echo $localstatedir`
1618 AC_SUBST(LOCALSTATEDIR)
1620 if test "$bwin32" = "true"; then
1621 # Test if the linker supports the --nxcompat and --dynamicbase options
1623 save_LDFLAGS="$LDFLAGS"
1624 LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase"
1625 AC_MSG_CHECKING([whether the linker supports DllCharacteristics])
1626 AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
1627 [AC_MSG_RESULT([yes])]
1628 [save_LDFLAGS="$save_LDFLAGS $LDFLAGS"],
1629 [AC_MSG_RESULT([no])]
1631 LDFLAGS="$save_LDFLAGS"
1634 # Set CFLAGS _after_ all the above checks, since our warnings are stricter
1635 # than autoconf's macros like.
1636 if test "$GCC" = "yes"; then
1637 # Disable GCC's strict aliasing checks. They are an hours-to-debug
1638 # accident waiting to happen.
1639 CFLAGS="$CFLAGS -Wall -fno-strict-aliasing"
1641 # Override optimization level for non-gcc compilers
1643 enable_gcc_warnings=no
1644 enable_gcc_warnings_advisory=no
1647 # Warnings implies advisory-warnings and -Werror.
1648 if test "$enable_gcc_warnings" = "yes"; then
1649 enable_gcc_warnings_advisory=yes
1650 enable_fatal_warnings=yes
1653 # OS X Lion started deprecating the system openssl. Let's just disable
1654 # all deprecation warnings on OS X. Also, to potentially make the binary
1655 # a little smaller, let's enable dead_strip.
1659 CFLAGS="$CFLAGS -Wno-deprecated-declarations"
1660 LDFLAGS="$LDFLAGS -dead_strip" ;;
1663 # Add some more warnings which we use in development but not in the
1664 # released versions. (Some relevant gcc versions can't handle these.)
1666 # Note that we have to do this near the end of the autoconf process, or
1667 # else we may run into problems when these warnings hit on the testing C
1668 # programs that autoconf wants to build.
1669 if test "x$enable_gcc_warnings_advisory" != "xno"; then
1672 *-*-openbsd* | *-*-bitrig*)
1673 # Some OpenBSD versions (like 4.8) have -Wsystem-headers by default.
1674 # That's fine, except that the headers don't pass -Wredundant-decls.
1675 # Therefore, let's disable -Wsystem-headers when we're building
1676 # with maximal warnings on OpenBSD.
1677 CFLAGS="$CFLAGS -Wno-system-headers" ;;
1680 # GCC4.3 users once report trouble with -Wstrict-overflow=5. GCC5 users
1681 # have it work better.
1682 # CFLAGS="$CFLAGS -Wstrict-overflow=1"
1684 # This warning was added in gcc 4.3, but it appears to generate
1685 # spurious warnings in gcc 4.4. I don't know if it works in 4.5.
1686 #CFLAGS="$CFLAGS -Wlogical-op"
1688 m4_foreach_w([warning_flag], [
1690 -Waddress-of-array-temporary
1691 -Waddress-of-temporary
1693 -Wanonymous-pack-parens
1696 -Warc-bridge-casts-disallowed-in-nonarc
1697 -Warc-maybe-repeated-use-of-weak
1698 -Warc-performSelector-leaks
1699 -Warc-repeated-use-of-weak
1701 -Warray-bounds-pointer-arithmetic
1703 -Wasm-operand-widths
1705 -Watomic-property-with-user-defined-accessor
1707 -Wauto-storage-class
1710 -Wbackslash-newline-escape
1711 -Wbad-array-new-length
1712 -Wbind-to-temporary-copy
1713 -Wbitfield-constant-conversion
1716 -Wbuiltin-requires-header
1718 -Wcompare-distinct-pointer-types
1719 -Wcomplex-component-init
1720 -Wconditional-type-mismatch
1722 -Wconstant-conversion
1723 -Wconstant-logical-operand
1724 -Wconstexpr-not-const
1725 -Wcustom-atomic-properties
1727 -Wdangling-initializer-list
1729 -Wdelegating-ctor-cycles
1730 -Wdeprecated-implementations
1731 -Wdeprecated-register
1732 -Wdirect-ivar-access
1734 -Wdistributed-object-modifiers
1736 -Wdollar-in-identifier-extension
1738 -Wduplicate-decl-specifier
1740 -Wduplicate-method-arg
1741 -Wduplicate-method-match
1743 -Wdynamic-class-memaccess
1744 -Wembedded-directive
1745 -Wempty-translation-unit
1747 -Wexit-time-destructors
1748 -Wexplicit-ownership-type
1749 -Wextern-initializer
1753 -Wflexible-array-extensions
1756 -Wfour-char-constants
1758 -Wglobal-constructors
1759 -Wgnu-array-member-paren-init
1761 -Wgnu-static-float-init
1764 -Widiomatic-parentheses
1765 -Wignored-attributes
1766 -Wimplicit-atomic-properties
1767 -Wimplicit-conversion-floating-point-to-bool
1768 -Wimplicit-exception-spec-mismatch
1769 -Wimplicit-fallthrough
1770 -Wimplicit-fallthrough-per-function
1771 -Wimplicit-retain-self
1772 -Wimport-preprocessor-directive-pedantic
1773 -Wincompatible-library-redeclaration
1774 -Wincompatible-pointer-types-discards-qualifiers
1775 -Wincomplete-implementation
1777 -Wincomplete-umbrella
1780 -Wint-to-void-pointer-cast
1786 -Winvalid-source-encoding
1787 -Winvalid-token-paste
1788 -Wknr-promoted-parameter
1789 -Wlanguage-extension-token
1790 -Wlarge-by-value-copy
1791 -Wliteral-conversion
1793 -Wlocal-type-template-args
1797 -Wmalformed-warning-check
1801 -Wmismatched-parameter-types
1802 -Wmismatched-return-types
1803 -Wmissing-field-initializers
1804 -Wmissing-format-attribute
1806 -Wmissing-selector-name
1808 -Wmissing-variable-declarations
1812 -Wnon-literal-null-conversion
1814 -Wnonportable-cfstrings
1820 -Wout-of-line-declaration
1822 -Woverlength-strings
1824 -Woverriding-method-mismatch
1825 -Wpointer-type-mismatch
1826 -Wpredefined-identifier-outside-function
1827 -Wprotocol-property-synthesis-ambiguity
1828 -Wreadonly-iboutlet-property
1829 -Wreadonly-setter-attrs
1831 -Wreceiver-forward-class
1833 -Wreinterpret-base-class
1834 -Wrequires-super-attribute
1835 -Wreserved-user-defined-literal
1836 -Wreturn-stack-address
1838 -Wselector-type-mismatch
1840 -Wserialized-diagnostics
1842 -Wshift-count-negative
1843 -Wshift-count-overflow
1844 -Wshift-negative-value
1846 -Wshift-sign-overflow
1848 -Wsizeof-array-argument
1849 -Wsource-uses-openmp
1852 -Wstatic-local-in-inline
1856 -Wstrlcpy-strlcat-size
1858 -Wsuggest-attribute=format
1859 -Wsuggest-attribute=noreturn
1860 -Wsuper-class-method-mismatch
1863 -Wtautological-constant-out-of-range-compare
1864 -Wtentative-definition-incomplete-type
1867 -Wtypedef-redefinition
1870 -Wundefined-internal
1871 -Wundefined-reinterpret-cast
1873 -Wunicode-whitespace
1874 -Wunknown-warning-option
1875 -Wunnamed-type-template-args
1876 -Wunneeded-member-function
1878 -Wunsupported-visibility
1879 -Wunused-but-set-parameter
1880 -Wunused-but-set-variable
1881 -Wunused-command-line-argument
1882 -Wunused-const-variable=2
1883 -Wunused-exception-parameter
1884 -Wunused-local-typedefs
1885 -Wunused-member-function
1886 -Wunused-sanitize-argument
1887 -Wunused-volatile-lvalue
1888 -Wuser-defined-literals
1891 -Wvector-conversions
1896 ], [ TOR_CHECK_CFLAGS([warning_flag]) ])
1898 dnl We should re-enable this in some later version. Clang doesn't
1899 dnl mind, but it causes trouble with GCC.
1900 dnl -Wstrict-overflow=2
1902 dnl These seem to require annotations that we don't currently use,
1903 dnl and they give false positives in our pthreads wrappers. (Clang 4)
1905 dnl -Wthread-safety-analysis
1906 dnl -Wthread-safety-attributes
1907 dnl -Wthread-safety-beta
1908 dnl -Wthread-safety-precise
1910 CFLAGS="$CFLAGS -W -Wfloat-equal -Wundef -Wpointer-arith"
1911 CFLAGS="$CFLAGS -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings"
1912 CFLAGS="$CFLAGS -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat=2"
1913 CFLAGS="$CFLAGS -Wwrite-strings"
1914 CFLAGS="$CFLAGS -Wnested-externs -Wbad-function-cast -Wswitch-enum"
1915 CFLAGS="$CFLAGS -Waggregate-return -Wpacked -Wunused"
1916 CFLAGS="$CFLAGS -Wunused-parameter "
1917 # These interfere with building main() { return 0; }, which autoconf
1918 # likes to use as its default program.
1919 CFLAGS="$CFLAGS -Wold-style-definition -Wmissing-declarations"
1921 if test "$tor_cv_cflags__Wnull_dereference" = "yes"; then
1922 AC_DEFINE([HAVE_CFLAG_WNULL_DEREFERENCE], 1, [True if we have -Wnull-dereference])
1924 if test "$tor_cv_cflags__Woverlength_strings" = "yes"; then
1925 AC_DEFINE([HAVE_CFLAG_WOVERLENGTH_STRINGS], 1, [True if we have -Woverlength-strings])
1928 if test "x$enable_fatal_warnings" = "xyes"; then
1929 # I'd like to use TOR_CHECK_CFLAGS here, but I can't, since the
1930 # default autoconf programs are full of errors.
1931 CFLAGS="$CFLAGS -Werror"
1936 if test "$enable_coverage" = "yes" && test "$have_clang" = "no"; then
1939 AC_MSG_WARN([Tried to enable coverage on OSX without using the clang compiler. This might not work! If coverage fails, use CC=clang when configuring with --enable-coverage.])
1943 CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent $TOR_CPPFLAGS_openssl $TOR_CPPFLAGS_zlib"
1948 contrib/dist/suse/tor.sh
1949 contrib/operator-tools/tor.logrotate
1952 contrib/dist/tor.service
1953 src/config/torrc.sample
1954 src/config/torrc.minimal
1955 scripts/maint/checkOptionDocs.pl
1956 scripts/maint/updateVersions.pl
1959 if test "x$asciidoc" = "xtrue" && test "$ASCIIDOC" = "none"; then
1960 regular_mans="doc/tor doc/tor-gencert doc/tor-resolve doc/torify"
1961 for file in $regular_mans ; do
1962 if ! [[ -f "$srcdir/$file.1.in" ]] || ! [[ -f "$srcdir/$file.html.in" ]] ; then
1963 echo "==================================";
1965 echo "Building Tor has failed since manpages cannot be built.";
1967 echo "You need asciidoc installed to be able to build the manpages.";
1968 echo "To build without manpages, use the --disable-asciidoc argument";
1969 echo "when calling configure.";
1971 echo "==================================";
1977 if test "$fragile_hardening" = "yes"; then
1981 Warning! Building Tor with --enable-fragile-hardening (also known as
1982 --enable-expensive-hardening) makes some kinds of attacks harder, but makes
1983 other kinds of attacks easier. A Tor instance build with this option will be
1984 somewhat less vulnerable to remote code execution, arithmetic overflow, or
1985 out-of-bounds read/writes... but at the cost of becoming more vulnerable to
1986 denial of service attacks. For more information, see
1987 https://trac.torproject.org/projects/tor/wiki/doc/TorFragileHardening