fips: check library soname during configuretmp-check-soname

Previously, we hard-coded the sonames of linked libraries for FIPS
integrity checking.  That required downstream packagers to manually
adjust the relevant code in lib/fips.c, when a new interface version
of the dependent libraries (nettle, gmp) becomes available and linked
to libgnutls.

This patch automates that process with the configure script.

Signed-off-by: Daiki Ueno <dueno@redhat.com>

4 files changed, 53 insertions, 6 deletions

diff --git a/.gitignore b/.gitignore
index a8b748435c..766595b5e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+/.#configure.ac
 *~
 /ABOUT-NLS
 AUTHORS
@@ -207,6 +208,7 @@ guile/src/Makefile.in
 guile/tests/Makefile
 guile/tests/Makefile.in
 INSTALL
+ldd.sh
 lib/accelerated/aarch64/libaarch64.la
 lib/accelerated/libaccelerated.la
 lib/accelerated/x86/libx86.la
diff --git a/bootstrap.conf b/bootstrap.conf
index 9a5b3639b0..04e670ddeb 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -25,10 +25,10 @@ checkout_only_file=
 local_gl_dir=gl/override/
 required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle"
 
-# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf warnings
+# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf verify vsnprintf warnings
 
 gnulib_modules="
-alloca byteswap c-ctype c-strcase extensions func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types time_r unistd valgrind-tests vasprintf verify vsnprintf warnings
+alloca byteswap c-ctype c-strcase extensions func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types time_r unistd valgrind-tests vasprintf verify vsnprintf warnings
 "
 
 unistring_modules="
diff --git a/configure.ac b/configure.ac
index 7d70d205c7..2d0a42665e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -669,6 +669,49 @@ LIBS="$LIBS $NETTLE_LIBS $HOGWEED_LIBS"
 AC_CHECK_FUNCS(nettle_gostdsa_vko)
 LIBS=$save_LIBS
 
+# Check sonames of the linked libraries needed for FIPS selftests.
+save_LIBS=$LIBS
+LIBS="$LIBS $GMP_LIBS"
+AC_MSG_CHECKING([gmp soname])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+	[gmp_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libgmp\.so'`],
+	[gmp_so=none])
+if test -z "$gmp_so"; then
+	gmp_so=none
+fi
+AC_MSG_RESULT($gmp_so)
+AC_DEFINE_UNQUOTED([GMP_LIBRARY_SONAME], ["$gmp_so"], [The soname of gmp library])
+LIBS=$save_LIBS
+
+save_LIBS=$LIBS
+LIBS="$LIBS $NETTLE_LIBS"
+AC_MSG_CHECKING([nettle soname])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+	[nettle_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libnettle\.so'`],
+	[nettle_so=none])
+if test -z "$nettle_so"; then
+	nettle_so=none
+fi
+AC_MSG_RESULT($nettle_so)
+AC_DEFINE_UNQUOTED([NETTLE_LIBRARY_SONAME], ["$nettle_so"], [The soname of nettle library])
+LIBS=$save_LIBS
+
+save_LIBS=$LIBS
+LIBS="$LIBS $HOGWEED_LIBS"
+AC_MSG_CHECKING([hogweed soname])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+	[hogweed_so=`(eval "$LDDPROG conftest$EXEEXT $LDDPOSTPROC") | grep '^libhogweed\.so'`],
+	[hogweed_so=none])
+if test -z "$hogweed_so"; then
+	hogweed_so=none
+fi
+AC_MSG_RESULT($hogweed_so)
+AC_DEFINE_UNQUOTED([HOGWEED_LIBRARY_SONAME], ["$hogweed_so"], [The soname of hogweed library])
+LIBS=$save_LIBS
+
+gnutls_so=libgnutls.so.`expr "$LT_CURRENT" - "$LT_AGE"`
+AC_DEFINE_UNQUOTED([GNUTLS_LIBRARY_SONAME], ["$gnutls_so"], [The soname of gnutls library])
+
 AC_MSG_CHECKING([whether to build libdane])
 AC_ARG_ENABLE(libdane,
     AS_HELP_STRING([--disable-libdane],
diff --git a/lib/fips.c b/lib/fips.c
index 902af56749..3c43250aaf 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -135,10 +135,12 @@ void _gnutls_fips_mode_reset_zombie(void)
 	}
 }
 
-#define GNUTLS_LIBRARY_NAME "libgnutls.so.30"
-#define NETTLE_LIBRARY_NAME "libnettle.so.6"
-#define HOGWEED_LIBRARY_NAME "libhogweed.so.4"
-#define GMP_LIBRARY_NAME "libgmp.so.10"
+/* These only works with the platform where SONAME is part of the ABI.
+ * For example, *_SONAME will be set to "none" on Windows platforms. */
+#define GNUTLS_LIBRARY_NAME GNUTLS_LIBRARY_SONAME
+#define NETTLE_LIBRARY_NAME NETTLE_LIBRARY_SONAME
+#define HOGWEED_LIBRARY_NAME HOGWEED_LIBRARY_SONAME
+#define GMP_LIBRARY_NAME GMP_LIBRARY_SONAME
 
 #define HMAC_SUFFIX ".hmac"
 #define HMAC_SIZE 32