From edd6d699e53b258dcf2f523286674bea1f532758 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sun, 16 Jan 2022 12:17:39 +0100
Subject: configure.ac: emit feature summary as C macro

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 configure.ac | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index a4f8c183ae..ef4878d7ea 100644
--- a/configure.ac
+++ b/configure.ac
@@ -864,7 +864,7 @@ AM_CONDITIONAL(P11KIT_0_23_11_API, $PKG_CONFIG --atleast-version=0.23.11 p11-kit
 
 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
 
-AC_ARG_WITH(tpm,
+AC_ARG_WITH(tpm2,
 	AS_HELP_STRING([--without-tpm2],
 		[Disable TPM2 support.]),
 	[with_tpm2=$withval], [with_tpm2=auto])
@@ -1142,6 +1142,70 @@ AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes")
 
 AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
 
+hw_features=
+if test "$enable_cryptodev" = yes; then
+	hw_features="$hw_features cryptodev"
+fi
+if test "$enable_afalg" = yes; then
+	hw_features="$hw_features afalg"
+fi
+if test "$use_padlock" = yes; then
+	hw_features="$hw_features padlock"
+fi
+if test "$with_p11_kit" = yes; then
+	hw_features="$hw_features pkcs11"
+fi
+if test "$with_tpm" = yes; then
+	hw_features="$hw_features tpm"
+fi
+if test "$have_tpm2" = yes; then
+	hw_features="$hw_features tpm2"
+fi
+if test "$enable_ktls" = yes; then
+	hw_features="$hw_features ktls"
+fi
+hw_features=`eval 'expr "$hw_features" : " \(.*\)"'`
+AC_DEFINE_UNQUOTED([HW_FEATURES], ["$hw_features"],
+	[The enabled hardware features])
+
+tls_features=
+if test "$ac_enable_ssl3" = yes; then
+	tls_features="$tls_features ssl3"
+fi
+if test "$ac_enable_ssl2" = yes; then
+	tls_features="$tls_features ssl2-compat"
+fi
+if test "$ac_enable_srtp" = yes; then
+	tls_features="$tls_features srtp"
+fi
+if test "$ac_enable_alpn" = yes; then
+	tls_features="$tls_features alpn"
+fi
+if test "$ac_enable_ocsp" = yes; then
+	tls_features="$tls_features ocsp"
+fi
+if test "$ac_enable_srp" = yes; then
+	tls_features="$tls_features srp"
+fi
+if test "$ac_enable_psk" = yes; then
+	tls_features="$tls_features psk"
+fi
+if test "$ac_enable_dhe" = yes; then
+	tls_features="$tls_features dhe"
+fi
+if test "$ac_enable_ecdhe" = yes; then
+	tls_features="$tls_features ecdhe"
+fi
+if test "$ac_enable_anon" = yes; then
+	tls_features="$tls_features auth-anon"
+fi
+if test "$ac_enable_heartbeat" = yes; then
+	tls_features="$tls_features heartbeat"
+fi
+tls_features=`eval 'expr "$tls_features" : " \(.*\)"'`
+AC_DEFINE_UNQUOTED([TLS_FEATURES], ["$tls_features"],
+	[The enabled TLS features])
+
 AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename])
 AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename])
 
-- 
cgit v1.2.1


From d8931291f08c947667ab86e6804a5027fa706f4b Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 11 Jan 2022 07:34:59 +0100
Subject: global: add API to retrieve library configuration at run time

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 devel/libgnutls.abignore        |  3 +++
 devel/symbols.last              |  1 +
 doc/Makefile.am                 |  2 ++
 doc/manpages/Makefile.am        |  1 +
 lib/global.c                    | 38 ++++++++++++++++++++++++++++++++++++++
 lib/includes/gnutls/gnutls.h.in |  7 +++++++
 lib/libgnutls.map               |  1 +
 7 files changed, 53 insertions(+)

diff --git a/devel/libgnutls.abignore b/devel/libgnutls.abignore
index afa9168b79..8c7e7f2abe 100644
--- a/devel/libgnutls.abignore
+++ b/devel/libgnutls.abignore
@@ -123,3 +123,6 @@ name = gnutls_fips140_get_operation_state
 
 [suppress_type]
 name = gnutls_fips140_operation_state_t
+
+[suppress_function]
+name = gnutls_get_library_config
diff --git a/devel/symbols.last b/devel/symbols.last
index d10b12d3ed..7535696f83 100644
--- a/devel/symbols.last
+++ b/devel/symbols.last
@@ -258,6 +258,7 @@ gnutls_fips140_pop_context@GNUTLS_3_7_3
 gnutls_fips140_push_context@GNUTLS_3_7_3
 gnutls_fips140_set_mode@GNUTLS_3_6_3
 gnutls_free@GNUTLS_3_4
+gnutls_get_library_config@GNUTLS_3_7_3
 gnutls_get_system_config_file@GNUTLS_3_6_9
 gnutls_global_deinit@GNUTLS_3_4
 gnutls_global_init@GNUTLS_3_4
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 833c75ef6e..9d54110ac9 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1072,6 +1072,8 @@ FUNCS += functions/gnutls_fips140_push_context
 FUNCS += functions/gnutls_fips140_push_context.short
 FUNCS += functions/gnutls_fips140_set_mode
 FUNCS += functions/gnutls_fips140_set_mode.short
+FUNCS += functions/gnutls_get_library_config
+FUNCS += functions/gnutls_get_library_config.short
 FUNCS += functions/gnutls_get_system_config_file
 FUNCS += functions/gnutls_get_system_config_file.short
 FUNCS += functions/gnutls_global_deinit
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 8e1e25d06e..2037bf91a9 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -376,6 +376,7 @@ APIMANS += gnutls_fips140_mode_enabled.3
 APIMANS += gnutls_fips140_pop_context.3
 APIMANS += gnutls_fips140_push_context.3
 APIMANS += gnutls_fips140_set_mode.3
+APIMANS += gnutls_get_library_config.3
 APIMANS += gnutls_get_system_config_file.3
 APIMANS += gnutls_global_deinit.3
 APIMANS += gnutls_global_init.3
diff --git a/lib/global.c b/lib/global.c
index 77039d9ded..8a84bb6e1f 100644
--- a/lib/global.c
+++ b/lib/global.c
@@ -531,3 +531,41 @@ static void _DESTRUCTOR lib_deinit(void)
 
 	_gnutls_global_deinit(1);
 }
+
+static const struct gnutls_library_config_st _gnutls_library_config[] = {
+	{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
+	{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
+	{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
+	{ "libgmp-soname", GMP_LIBRARY_SONAME },
+	{ "hardware-features", HW_FEATURES },
+	{ "tls-features", TLS_FEATURES },
+	{ NULL, NULL }
+};
+
+/**
+ * gnutls_get_library_config:
+ *
+ * Returns the library configuration as key value pairs.
+ * Currently defined keys are:
+ *
+ *  - libgnutls-soname: the SONAME of the library itself
+ *
+ *  - libnettle-soname: the library SONAME of linked libnettle
+ *
+ *  - libhogweed-soname: the library SONAME of linked libhogweed
+ *
+ *  - libgmp-soname: the library SONAME of linked libgmp
+ *
+ *  - hardware-features: enabled hardware support features
+ *
+ *  - tls-features: enabled TLS protocol features
+ *
+ * Returns: a NUL-terminated %gnutls_library_config_st array
+ *
+ * Since: 3.7.3
+ */
+const gnutls_library_config_st *
+gnutls_get_library_config(void)
+{
+	return _gnutls_library_config;
+}
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 0e96be81e8..6359a0edb6 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1232,6 +1232,11 @@ typedef struct {
 	unsigned int size;
 } gnutls_datum_t;
 
+typedef struct gnutls_library_config_st {
+	const char *name;
+	const char *value;
+} gnutls_library_config_st;
+
 
 typedef struct gnutls_params_st {
 	gnutls_params_type_t type;
@@ -2284,6 +2289,8 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred,
 int gnutls_global_init(void);
 void gnutls_global_deinit(void);
 
+const gnutls_library_config_st *gnutls_get_library_config(void);
+
   /**
    * gnutls_time_func:
    * @t: where to store time.
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 40a3984cbf..30e96abafe 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1375,6 +1375,7 @@ GNUTLS_3_7_3
 	gnutls_fips140_get_operation_state;
 	gnutls_fips140_push_context;
 	gnutls_fips140_pop_context;
+	gnutls_get_library_config;
  local:
 	*;
 } GNUTLS_3_7_2;
-- 
cgit v1.2.1


From 53bd182ef262be22ad4fc3bcba33a0ca64e7e6c3 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 11 Jan 2022 07:36:27 +0100
Subject: fips: add build option to embed FIPS module info in library config

This adds a couple of configure options, --with-fips140-module-name
and --with-fips140-module-version, which packagers can use to embed
FIPS module information in the library.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 configure.ac | 18 ++++++++++++++++++
 lib/global.c | 10 ++++++++++
 2 files changed, 28 insertions(+)

diff --git a/configure.ac b/configure.ac
index ef4878d7ea..895f845872 100644
--- a/configure.ac
+++ b/configure.ac
@@ -594,6 +594,24 @@ if [ test "$enable_fips" = "yes" ];then
             fips_key="orboDeJITITejsirpADONivirpUkvarP")
 
     AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key])
+
+    AC_ARG_WITH(fips140-module-name, AS_HELP_STRING([--with-fips140-module-name],
+                                 [specify the FIPS140 module name]),
+            fips_module_name="$withval",
+            fips_module_name=none)
+
+    if test "x$fips_module_name" != xnone; then
+       AC_DEFINE_UNQUOTED([FIPS_MODULE_NAME], ["$fips_module_name"], [The FIPS140 module name])
+    fi
+
+    AC_ARG_WITH(fips140-module-version, AS_HELP_STRING([--with-fips140-module-version],
+                                 [specify the FIPS140 module version]),
+            fips_module_version="$withval",
+            fips_module_version=none)
+
+    if test "x$fips_module_version" != xnone; then
+       AC_DEFINE_UNQUOTED([FIPS_MODULE_VERSION], ["$fips_module_version"], [The FIPS140 module version])
+    fi
   else
     enable_fips=no
     AC_MSG_WARN([[
diff --git a/lib/global.c b/lib/global.c
index 8a84bb6e1f..65c0b81709 100644
--- a/lib/global.c
+++ b/lib/global.c
@@ -533,6 +533,12 @@ static void _DESTRUCTOR lib_deinit(void)
 }
 
 static const struct gnutls_library_config_st _gnutls_library_config[] = {
+#ifdef FIPS_MODULE_NAME
+	{ "fips-module-name", FIPS_MODULE_NAME },
+#endif
+#ifdef FIPS_MODULE_VERSION
+	{ "fips-module-version", FIPS_MODULE_VERSION },
+#endif
 	{ "libgnutls-soname", GNUTLS_LIBRARY_SONAME },
 	{ "libnettle-soname", NETTLE_LIBRARY_SONAME },
 	{ "libhogweed-soname", HOGWEED_LIBRARY_SONAME },
@@ -548,6 +554,10 @@ static const struct gnutls_library_config_st _gnutls_library_config[] = {
  * Returns the library configuration as key value pairs.
  * Currently defined keys are:
  *
+ *  - fips-module-name: the name of the FIPS140 module
+ *
+ *  - fips-module-version: the version of the FIPS140 module
+ *
  *  - libgnutls-soname: the SONAME of the library itself
  *
  *  - libnettle-soname: the library SONAME of linked libnettle
-- 
cgit v1.2.1


From e256951eab4cc44367f8cc7bd2a51eeaacc10f7d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Sun, 16 Jan 2022 07:57:02 +0100
Subject: cli: add --list-config option

With this option gnutls-cli prints the build-time configuration of the
library, retrieved through gnutls_get_library_config.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
---
 src/cli.c                   | 9 +++++++++
 src/gnutls-cli-options.json | 7 ++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/cli.c b/src/cli.c
index 09f7efc2c3..5378b72256 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1640,6 +1640,15 @@ static void cmd_parser(int argc, char **argv)
 		exit(1);
 	}
 
+	if (HAVE_OPT(LIST_CONFIG)) {
+		const gnutls_library_config_st *p;
+
+		for (p = gnutls_get_library_config(); p->name; p++) {
+			log_msg(stdout, "%s: %s\n", p->name, p->value);
+		}
+		exit(0);
+	}
+
 	if (HAVE_OPT(BENCHMARK_CIPHERS)) {
 		benchmark_cipher(OPT_VALUE_DEBUG);
 		exit(0);
diff --git a/src/gnutls-cli-options.json b/src/gnutls-cli-options.json
index 0777e6b198..bffa18e365 100644
--- a/src/gnutls-cli-options.json
+++ b/src/gnutls-cli-options.json
@@ -386,6 +386,11 @@
         "long-option": "fips140-mode",
         "desc": "Reports the status of the FIPS140-2 mode in gnutls library"
       },
+      {
+        "detail": "",
+        "long-option": "list-config",
+        "desc": "Reports the configuration of the library"
+      },
       {
         "desc": "Redirect informational messages to a specific file.",
         "arg-type": "string",
@@ -418,4 +423,4 @@
       }
     ]
   }
-]
\ No newline at end of file
+]
-- 
cgit v1.2.1