diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-12-05 16:45:18 -0700 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2022-12-05 16:45:18 -0700 |
commit | aca0f5ed5aee3152387867b614ab8897906d08c8 (patch) | |
tree | 378792bd72b226af4dde0da9cdeb5255932faea1 | |
parent | 14c24a37a41f63d379e60ede64db88b92f57584b (diff) | |
download | sudo-aca0f5ed5aee3152387867b614ab8897906d08c8.tar.gz |
Move OpenSSL/wolfSSL checks to m4/openssl.m4
-rw-r--r-- | MANIFEST | 1 | ||||
-rw-r--r-- | aclocal.m4 | 1 | ||||
-rwxr-xr-x | configure | 744 | ||||
-rw-r--r-- | configure.ac | 351 | ||||
-rw-r--r-- | m4/openssl.m4 | 294 |
5 files changed, 706 insertions, 685 deletions
@@ -431,6 +431,7 @@ m4/ltoptions.m4 m4/ltsugar.m4 m4/ltversion.m4 m4/lt~obsolete.m4 +m4/openssl.m4 m4/pie.m4 m4/python.m4 m4/runlog.m4 diff --git a/aclocal.m4 b/aclocal.m4 index 762f79644..caebbac4a 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -24,6 +24,7 @@ m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) m4_include([m4/ltversion.m4]) m4_include([m4/lt~obsolete.m4]) +m4_include([m4/openssl.m4]) m4_include([m4/pie.m4]) m4_include([m4/python.m4]) m4_include([m4/runlog.m4]) @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72a.69-9c123-dirty for sudo 1.9.12p1. +# Generated by GNU Autoconf 2.72a for sudo 1.9.12p1. # # Report bugs to <https://bugzilla.sudo.ws/>. # @@ -1992,7 +1992,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF sudo configure 1.9.12p1 -generated by GNU Autoconf 2.72a.69-9c123-dirty +generated by GNU Autoconf 2.72a Copyright (C) 2022 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation @@ -2670,7 +2670,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by sudo $as_me 1.9.12p1, which was -generated by GNU Autoconf 2.72a.69-9c123-dirty. Invocation command line was +generated by GNU Autoconf 2.72a. Invocation command line was $ $0$ac_configure_args_raw @@ -24514,42 +24514,44 @@ printf "%s\n" "#define HAVE_STRUCT_DIRENT_D_NAMLEN 1" >>confdefs.h fi -openssl_missing=no -if test "${enable_openssl-no}" != no; then - # Use pkg-config to find the openssl cflags and libs if possible. - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - PKG_CONFIG_LIBDIR= - for d in ${enable_openssl}/*/pkgconfig; do - if test -d "$d"; then - PKG_CONFIG_LIBDIR="$PKG_CONFIG_LIBDIR:$d" + + + openssl_missing=no + if test "${enable_openssl-no}" != no; then + # Use pkg-config to find the openssl cflags and libs if possible. + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + PKG_CONFIG_LIBDIR= + for d in ${enable_openssl}/*/pkgconfig; do + if test -d "$d"; then + PKG_CONFIG_LIBDIR="$PKG_CONFIG_LIBDIR:$d" + fi + done + if test -n "$PKG_CONFIG_LIBDIR"; then + PKG_CONFIG_LIBDIR=${PKG_CONFIG_LIBDIR#:} + export PKG_CONFIG_LIBDIR fi - done - if test -n "$PKG_CONFIG_LIBDIR"; then - PKG_CONFIG_LIBDIR=${PKG_CONFIG_LIBDIR#:} - export PKG_CONFIG_LIBDIR - fi - elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then - # Cannot use pkg-config when cross-compiling - PKG_CONFIG=false - fi - : ${PKG_CONFIG='pkg-config'} - pkg_openssl=`printf $enable_openssl_pkgconfig_template "openssl"` - pkg_libcrypto=lib`printf $enable_openssl_pkgconfig_template "crypto"` - if $PKG_CONFIG --exists "$pkg_openssl >= 1.0.1" >/dev/null 2>&1; then - printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h - - if test "$enable_openssl" = "maybe"; then - enable_openssl=yes + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false fi + : ${PKG_CONFIG='pkg-config'} + pkg_openssl=`printf $enable_openssl_pkgconfig_template "openssl"` + pkg_libcrypto=lib`printf $enable_openssl_pkgconfig_template "crypto"` + if $PKG_CONFIG --exists "$pkg_openssl >= 1.0.1" >/dev/null 2>&1; then + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h - # Check whether --static is needed (don't assume name of ssl lib) - # There may be dependent libraries or -pthread. - O_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L $pkg_openssl`" - libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`" - libssl_extra="`echo $libssl | sed 's/^[^ ]* *//'`" - libssl="`echo $libssl | sed 's/ .*//'`" - as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_SSL_new$libssl_extra" | sed "$as_sed_sh"` + if test "$enable_openssl" = "maybe"; then + enable_openssl=yes + fi + + # Check whether --static is needed (don't assume name of ssl lib) + # There may be dependent libraries or -pthread. + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L $pkg_openssl`" + libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`" + libssl_extra="`echo $libssl | sed 's/^[^ ]* *//'`" + libssl="`echo $libssl | sed 's/ .*//'`" + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_SSL_new$libssl_extra" | sed "$as_sed_sh"` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -l$libssl" >&5 printf %s "checking for SSL_new in -l$libssl... " >&6; } if eval test \${$as_ac_Lib+y} @@ -24602,13 +24604,13 @@ else case e in #( esac fi - LDFLAGS="$O_LDFLAGS" + LDFLAGS="$O_LDFLAGS" - # Use pkg-config to determine OpenSSL libs and cflags - for f in `$PKG_CONFIG $STATIC --libs $pkg_openssl`; do - case "$f" in - -L*) - f="${f#-L}" + # Use pkg-config to determine OpenSSL libs and cflags + for f in `$PKG_CONFIG $STATIC --libs $pkg_openssl`; do + case "$f" in + -L*) + f="${f#-L}" if test ${LIBTLS+y} @@ -24681,8 +24683,8 @@ fi fi - ;; - *) + ;; + *) if test ${LIBTLS+y} then : @@ -24717,24 +24719,24 @@ else case e in #( esac fi - ;; - esac - done - if $PKG_CONFIG --exists $pkg_libcrypto >/dev/null 2>&1; then - # Use OpenSSL's sha2 functions if possible (don't assume name of crypto) - O_LDFLAGS="$LDFLAGS" - libcrypto= - libcrypto_extra= - for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do - case "$f" in - -l*) - if test -z "$libcrypto"; then - libcrypto="${f#-l}" - else - libcrypto_extra="$libcrypto_extra $f" - fi ;; - *) + esac + done + if $PKG_CONFIG --exists $pkg_libcrypto >/dev/null 2>&1; then + # Use OpenSSL's sha2 functions if possible (don't assume name of crypto) + O_LDFLAGS="$LDFLAGS" + libcrypto= + libcrypto_extra= + for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do + case "$f" in + -l*) + if test -z "$libcrypto"; then + libcrypto="${f#-l}" + else + libcrypto_extra="$libcrypto_extra $f" + fi + ;; + *) if test ${LDFLAGS+y} then : @@ -24769,10 +24771,10 @@ else case e in #( esac fi - ;; - esac - done - as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libcrypto""_EVP_MD_CTX_new$libcrypto_extra" | sed "$as_sed_sh"` + ;; + esac + done + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libcrypto""_EVP_MD_CTX_new$libcrypto_extra" | sed "$as_sed_sh"` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l$libcrypto" >&5 printf %s "checking for EVP_MD_CTX_new in -l$libcrypto... " >&6; } if eval test \${$as_ac_Lib+y} @@ -24822,13 +24824,13 @@ then : DIGEST=digest_openssl.lo fi - LDFLAGS="$O_LDFLAGS" + LDFLAGS="$O_LDFLAGS" - # Use pkg-config to determine libcrypto libs and cflags - for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do - case "$f" in - -L*) - f="${f#-L}" + # Use pkg-config to determine libcrypto libs and cflags + for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do + case "$f" in + -L*) + f="${f#-L}" if test ${LIBCRYPTO+y} @@ -24901,8 +24903,8 @@ fi fi - ;; - *) + ;; + *) if test ${LIBCRYPTO+y} then : @@ -24937,15 +24939,15 @@ else case e in #( esac fi - ;; - esac - done - else - # No separate pkg config for libcrypto - LIBCRYPTO="$LIBTLS" - LIBCRYPTO_R="$LIBTLS_R" - fi - for f in `$PKG_CONFIG --cflags-only-I $pkg_openssl`; do + ;; + esac + done + else + # No separate pkg config for libcrypto + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" + fi + for f in `$PKG_CONFIG --cflags-only-I $pkg_openssl`; do if test ${CPPFLAGS+y} then : @@ -24980,11 +24982,11 @@ else case e in #( esac fi - done - else - # No pkg-config file present, try to do it manually - O_LDFLAGS="$LDFLAGS" - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + done + else + # No pkg-config file present, try to do it manually + O_LDFLAGS="$LDFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then if test ${LDFLAGS+y} @@ -25057,8 +25059,8 @@ fi fi - fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 printf %s "checking for SSL_new in -lssl... " >&6; } if test ${ac_cv_lib_ssl_SSL_new_lcrypto+y} then : @@ -25104,10 +25106,10 @@ printf "%s\n" "$ac_cv_lib_ssl_SSL_new_lcrypto" >&6; } if test "x$ac_cv_lib_ssl_SSL_new_lcrypto" = xyes then : - # Check OPENSSL_VERSION_NUMBER in headers - O_CPPFLAGS="$CPPFLAGS" - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - # Note: we only reset CPPFLAGS on failure + # Check OPENSSL_VERSION_NUMBER in headers + O_CPPFLAGS="$CPPFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + # Note: we only reset CPPFLAGS on failure if test ${CPPFLAGS+y} then : @@ -25142,8 +25144,8 @@ else case e in #( esac fi - fi - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + fi + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <openssl/opensslv.h> #if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1000100fL @@ -25161,10 +25163,10 @@ _ACEOF if ac_fn_c_try_cpp "$LINENO" then : - # OpenSSL >= 1.0.1 detected, use it. - printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h + # OpenSSL >= 1.0.1 detected, use it. + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then if test ${LIBCRYPTO+y} @@ -25309,14 +25311,14 @@ fi fi - else - enable_openssl=yes - fi - LIBCRYPTO="${LIBCRYPTO} -lcrypto" - LIBTLS="${LIBTLS} -lssl -lcrypto" + else + enable_openssl=yes + fi + LIBCRYPTO="${LIBCRYPTO} -lcrypto" + LIBTLS="${LIBTLS} -lssl -lcrypto" - # Use OpenSSL's sha2 functions if possible - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -lcrypto" >&5 + # Use OpenSSL's sha2 functions if possible + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -lcrypto" >&5 printf %s "checking for EVP_MD_CTX_new in -lcrypto... " >&6; } if test ${ac_cv_lib_crypto_EVP_MD_CTX_new+y} then : @@ -25362,49 +25364,53 @@ printf "%s\n" "$ac_cv_lib_crypto_EVP_MD_CTX_new" >&6; } if test "x$ac_cv_lib_crypto_EVP_MD_CTX_new" = xyes then : - DIGEST=digest_openssl.lo + DIGEST=digest_openssl.lo fi else case e in #( e) - # OpenSSL < 1.0.1 detected, ignore it. - if test "$enable_openssl" = "maybe"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted." >&5 + # OpenSSL < 1.0.1 detected, ignore it. + if test "$enable_openssl" = "maybe"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted." >&5 printf "%s\n" "$as_me: WARNING: OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted." >&2;} - enable_openssl=no - else - as_fn_error $? "OpenSSL too old (1.0.1 or higher required)." "$LINENO" 5 - fi - CPPFLAGS="$O_CPPFLAGS" - ;; + openssl_missing=yes + enable_openssl=no + else + as_fn_error $? "OpenSSL too old (1.0.1 or higher required)." "$LINENO" 5 + fi + CPPFLAGS="$O_CPPFLAGS" + ;; esac fi rm -f conftest.err conftest.i conftest.$ac_ext else case e in #( e) - if test "$enable_openssl" = "maybe"; then - openssl_missing=yes - enable_openssl=no - else - as_fn_error $? "OpenSSL development libraries not found." "$LINENO" 5 - fi - ;; + if test "$enable_openssl" = "maybe"; then + openssl_missing=yes + enable_openssl=no + else + as_fn_error $? "OpenSSL development libraries not found." "$LINENO" 5 + fi + ;; esac fi - LDFLAGS="$O_LDFLAGS" - fi - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - unset PKG_CONFIG_LIBDIR + LDFLAGS="$O_LDFLAGS" + fi + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + unset PKG_CONFIG_LIBDIR + fi fi -fi -if test "${enable_openssl-no}" != no; then - OLIBS="$LIBS" - LIBS="$LIBS $LIBTLS" - ac_fn_c_check_func "$LINENO" "X509_STORE_CTX_get0_cert" "ac_cv_func_X509_STORE_CTX_get0_cert" + # + # Note that enable_openssl may be reset above. + # + if test "${enable_openssl-no}" != no; then + OLIBS="$LIBS" + LIBS="$LIBS $LIBTLS" + ac_fn_c_check_func "$LINENO" "X509_STORE_CTX_get0_cert" "ac_cv_func_X509_STORE_CTX_get0_cert" if test "x$ac_cv_func_X509_STORE_CTX_get0_cert" = xyes then : printf "%s\n" "#define HAVE_X509_STORE_CTX_GET0_CERT 1" >>confdefs.h @@ -25435,10 +25441,10 @@ then : fi - # SSL_CTX_set_min_proto_version may be a macro - ac_fn_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " - $ac_includes_default - #include <openssl/ssl.h> + # SSL_CTX_set_min_proto_version may be a macro + ac_fn_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " + $ac_includes_default + #include <openssl/ssl.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes @@ -25446,14 +25452,14 @@ then : printf "%s\n" "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h fi - # LibreSSL TLS 1.3 support may not be enabled, check for declaration too. - ac_fn_c_check_func "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_func_SSL_CTX_set_ciphersuites" + # LibreSSL TLS 1.3 support may not be enabled, check for declaration too. + ac_fn_c_check_func "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_func_SSL_CTX_set_ciphersuites" if test "x$ac_cv_func_SSL_CTX_set_ciphersuites" = xyes then : - ac_fn_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" " - $ac_includes_default - #include <openssl/ssl.h> + ac_fn_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" " + $ac_includes_default + #include <openssl/ssl.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_SSL_CTX_set_ciphersuites" = xyes @@ -25464,148 +25470,34 @@ fi fi - LIBS="$OLIBS" -elif test "${enable_gcrypt-no}" != no; then - # Use gcrypt's sha2 functions - printf "%s\n" "#define HAVE_GCRYPT 1" >>confdefs.h - - DIGEST=digest_gcrypt.lo - LIBMD="-lgcrypt" - if test "$enable_gcrypt" != "yes"; then - -if test ${CPPFLAGS+y} -then : - - case " $CPPFLAGS " in #( - *" -I${enable_gcrypt}/include "*) : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_gcrypt}/include"; } >&5 - (: CPPFLAGS already contains -I${enable_gcrypt}/include) 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CPPFLAGS " -I${enable_gcrypt}/include" - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else case e in #( - e) - CPPFLAGS=-I${enable_gcrypt}/include - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac -fi - - - -if test ${LDFLAGS+y} -then : - - case " $LDFLAGS " in #( - *" -L${enable_gcrypt}/lib "*) : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enable_gcrypt}/lib"; } >&5 - (: LDFLAGS already contains -L${enable_gcrypt}/lib) 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append LDFLAGS " -L${enable_gcrypt}/lib" - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 - (: LDFLAGS="$LDFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else case e in #( - e) - LDFLAGS=-L${enable_gcrypt}/lib - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 - (: LDFLAGS="$LDFLAGS") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac -fi - - if test X"$enable_rpath" = X"yes"; then - -if test ${LDFLAGS_R+y} -then : - - case " $LDFLAGS_R " in #( - *" -R${enable_gcrypt}/lib "*) : - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enable_gcrypt}/lib"; } >&5 - (: LDFLAGS_R already contains -R${enable_gcrypt}/lib) 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append LDFLAGS_R " -R${enable_gcrypt}/lib" - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 - (: LDFLAGS_R="$LDFLAGS_R") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else case e in #( - e) - LDFLAGS_R=-R${enable_gcrypt}/lib - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 - (: LDFLAGS_R="$LDFLAGS_R") 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac -fi - - fi + LIBS="$OLIBS" + elif test "${enable_wolfssl-no}" != no; then + # Check for OpenSSL compatibility functions in wolfSSL. + # Use pkg-config to find the wolfssl cflags and libs if possible. + if test "$enable_wolfssl" != "yes"; then + PKG_CONFIG_LIBDIR="${enable_wolfssl}/lib/pkgconfig:${enable_wolfssl}/lib64/pkgconfig:${enable_wolfssl}/share/pkgconfig" + export PKG_CONFIG_LIBDIR + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false + fi + : ${PKG_CONFIG='pkg-config'} + if $PKG_CONFIG --exists wolfssl >/dev/null 2>&1; then + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h - fi -fi -if test "${enable_wolfssl-no}" != no; then - # Use pkg-config to find the wolfssl cflags and libs if possible. - if test "$enable_wolfssl" != "yes"; then - PKG_CONFIG_LIBDIR="${enable_wolfssl}/lib/pkgconfig:${enable_wolfssl}/lib64/pkgconfig:${enable_wolfssl}/share/pkgconfig" - export PKG_CONFIG_LIBDIR - elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then - # Cannot use pkg-config when cross-compiling - PKG_CONFIG=false - fi - : ${PKG_CONFIG='pkg-config'} - if $PKG_CONFIG --exists wolfssl >/dev/null 2>&1; then - printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h + printf "%s\n" "#define HAVE_WOLFSSL 1" >>confdefs.h - printf "%s\n" "#define HAVE_WOLFSSL 1" >>confdefs.h + O_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags-only-I wolfssl`" + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L wolfssl`" - O_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags-only-I wolfssl`" - O_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L wolfssl`" - - # Check whether --static is needed - libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`" - libssl_extra=`echo $libssl | sed 's/^[^ ]* *//'` - libssl=`echo $libssl | sed 's/ .*//'` - as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_wolfSSL_new$libssl_extra" | sed "$as_sed_sh"` + # Check whether --static is needed + libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`" + libssl_extra=`echo $libssl | sed 's/^[^ ]* *//'` + libssl=`echo $libssl | sed 's/ .*//'` + as_ac_Lib=`printf "%s\n" "ac_cv_lib_$libssl""_wolfSSL_new$libssl_extra" | sed "$as_sed_sh"` { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for wolfSSL_new in -l$libssl" >&5 printf %s "checking for wolfSSL_new in -l$libssl... " >&6; } if eval test \${$as_ac_Lib+y} @@ -25659,25 +25551,25 @@ esac fi - # Use wolfSSL's sha2 functions if possible - ac_fn_check_decl "$LINENO" "EVP_MD_CTX_new" "ac_cv_have_decl_EVP_MD_CTX_new" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/evp.h> + # Use wolfSSL's sha2 functions if possible + ac_fn_check_decl "$LINENO" "EVP_MD_CTX_new" "ac_cv_have_decl_EVP_MD_CTX_new" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/evp.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_EVP_MD_CTX_new" = xyes then : DIGEST=digest_openssl.lo fi - CPPFLAGS="$O_CPPFLAGS" - LDFLAGS="$O_LDFLAGS" + CPPFLAGS="$O_CPPFLAGS" + LDFLAGS="$O_LDFLAGS" - # Use pkg-config to determine wolfSSL libs and cflags - for f in `$PKG_CONFIG $STATIC --libs wolfssl`; do - case "$f" in - -L*) - f="${f#-L}" + # Use pkg-config to determine wolfSSL libs and cflags + for f in `$PKG_CONFIG $STATIC --libs wolfssl`; do + case "$f" in + -L*) + f="${f#-L}" if test ${LIBTLS+y} @@ -25750,8 +25642,8 @@ fi fi - ;; - *) + ;; + *) if test ${LIBTLS+y} then : @@ -25786,13 +25678,13 @@ else case e in #( esac fi - ;; - esac - done - # No separate pkg config for libcrypto - LIBCRYPTO="$LIBTLS" - LIBCRYPTO_R="$LIBTLS_R" - for f in `$PKG_CONFIG --cflags-only-I wolfssl`; do + ;; + esac + done + # No separate pkg config for libcrypto + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" + for f in `$PKG_CONFIG --cflags-only-I wolfssl`; do if test ${CPPFLAGS+y} then : @@ -25827,7 +25719,7 @@ else case e in #( esac fi - # So we find the openssl compat headers under wolfssl + # So we find the openssl compat headers under wolfssl if test ${CPPFLAGS+y} then : @@ -25862,9 +25754,9 @@ else case e in #( esac fi - done - if test "$CPPFLAGS" = "$O_CPPFLAGS"; then - # So we find the openssl compat headers under wolfssl (XXX) + done + if test "$CPPFLAGS" = "$O_CPPFLAGS"; then + # So we find the openssl compat headers under wolfssl (XXX) if test ${CPPFLAGS+y} then : @@ -25899,15 +25791,15 @@ else case e in #( esac fi - fi - else - printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h + fi + else + printf "%s\n" "#define HAVE_OPENSSL 1" >>confdefs.h - printf "%s\n" "#define HAVE_WOLFSSL 1" >>confdefs.h + printf "%s\n" "#define HAVE_WOLFSSL 1" >>confdefs.h - # No pkg-config file present, try to do it manually - if test "$enable_wolfssl" != "yes"; then + # No pkg-config file present, try to do it manually + if test "$enable_wolfssl" != "yes"; then if test ${LIBCRYPTO+y} @@ -26086,7 +25978,7 @@ else case e in #( esac fi - # So we find the openssl compat headers under wolfssl + # So we find the openssl compat headers under wolfssl if test ${CPPFLAGS+y} then : @@ -26121,8 +26013,8 @@ else case e in #( esac fi - else - # So we find the openssl compat headers under wolfssl (XXX) + else + # So we find the openssl compat headers under wolfssl (XXX) if test ${CPPFLAGS+y} then : @@ -26157,26 +26049,26 @@ else case e in #( esac fi - fi - LIBTLS="${LIBTLS} -lwolfssl" - LIBCRYPTO="${LIBCRYPTO} -lwolfssl" + fi + LIBTLS="${LIBTLS} -lwolfssl" + LIBCRYPTO="${LIBCRYPTO} -lwolfssl" - # Use wolfSSL's sha2 functions if possible - ac_fn_check_decl "$LINENO" "EVP_MD_CTX_new" "ac_cv_have_decl_EVP_MD_CTX_new" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/evp.h> + # Use wolfSSL's sha2 functions if possible + ac_fn_check_decl "$LINENO" "EVP_MD_CTX_new" "ac_cv_have_decl_EVP_MD_CTX_new" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/evp.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_EVP_MD_CTX_new" = xyes then : DIGEST=digest_openssl.lo fi - fi - ac_fn_check_decl "$LINENO" "X509_STORE_CTX_get0_cert" "ac_cv_have_decl_X509_STORE_CTX_get0_cert" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/x509.h> + fi + ac_fn_check_decl "$LINENO" "X509_STORE_CTX_get0_cert" "ac_cv_have_decl_X509_STORE_CTX_get0_cert" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/x509.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_X509_STORE_CTX_get0_cert" = xyes @@ -26184,10 +26076,10 @@ then : printf "%s\n" "#define HAVE_X509_STORE_CTX_GET0_CERT 1" >>confdefs.h fi - ac_fn_check_decl "$LINENO" "ASN1_STRING_get0_data" "ac_cv_have_decl_ASN1_STRING_get0_data" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/asn1.h> + ac_fn_check_decl "$LINENO" "ASN1_STRING_get0_data" "ac_cv_have_decl_ASN1_STRING_get0_data" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/asn1.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_ASN1_STRING_get0_data" = xyes @@ -26195,10 +26087,10 @@ then : printf "%s\n" "#define HAVE_ASN1_STRING_GET0_DATA 1" >>confdefs.h fi - ac_fn_check_decl "$LINENO" "SSL_CTX_get0_certificate" "ac_cv_have_decl_SSL_CTX_get0_certificate" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> + ac_fn_check_decl "$LINENO" "SSL_CTX_get0_certificate" "ac_cv_have_decl_SSL_CTX_get0_certificate" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_SSL_CTX_get0_certificate" = xyes @@ -26206,10 +26098,10 @@ then : printf "%s\n" "#define HAVE_SSL_CTX_GET0_CERTIFICATE 1" >>confdefs.h fi - ac_fn_check_decl "$LINENO" "SSL_CTX_set0_tmp_dh_pkey" "ac_cv_have_decl_SSL_CTX_set0_tmp_dh_pkey" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> + ac_fn_check_decl "$LINENO" "SSL_CTX_set0_tmp_dh_pkey" "ac_cv_have_decl_SSL_CTX_set0_tmp_dh_pkey" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_SSL_CTX_set0_tmp_dh_pkey" = xyes @@ -26217,10 +26109,10 @@ then : printf "%s\n" "#define HAVE_SSL_CTX_SET0_TMP_DH_PKEY 1" >>confdefs.h fi - ac_fn_check_decl "$LINENO" "TLS_method" "ac_cv_have_decl_TLS_method" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> + ac_fn_check_decl "$LINENO" "TLS_method" "ac_cv_have_decl_TLS_method" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_TLS_method" = xyes @@ -26228,10 +26120,10 @@ then : printf "%s\n" "#define HAVE_TLS_METHOD 1" >>confdefs.h fi - ac_fn_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> + ac_fn_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes @@ -26239,10 +26131,10 @@ then : printf "%s\n" "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h fi - ac_fn_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" " - $ac_includes_default - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> + ac_fn_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" " + $ac_includes_default + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> " "$ac_c_undeclared_builtin_options" "CFLAGS" if test "x$ac_cv_have_decl_SSL_CTX_set_ciphersuites" = xyes @@ -26250,14 +26142,132 @@ then : printf "%s\n" "#define HAVE_SSL_CTX_SET_CIPHERSUITES 1" >>confdefs.h fi -fi + fi + + if test "$DIGEST" = "digest.lo"; then - FOUND_SHA2=no - ac_fn_c_check_header_compile "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" + if test "${enable_gcrypt-no}" != no; then + # Use gcrypt's sha2 functions + printf "%s\n" "#define HAVE_GCRYPT 1" >>confdefs.h + + DIGEST=digest_gcrypt.lo + LIBMD="-lgcrypt" + if test "$enable_gcrypt" != "yes"; then + +if test ${CPPFLAGS+y} +then : + + case " $CPPFLAGS " in #( + *" -I${enable_gcrypt}/include "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_gcrypt}/include"; } >&5 + (: CPPFLAGS already contains -I${enable_gcrypt}/include) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " -I${enable_gcrypt}/include" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else case e in #( + e) + CPPFLAGS=-I${enable_gcrypt}/include + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac +fi + + + +if test ${LDFLAGS+y} +then : + + case " $LDFLAGS " in #( + *" -L${enable_gcrypt}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enable_gcrypt}/lib"; } >&5 + (: LDFLAGS already contains -L${enable_gcrypt}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS " -L${enable_gcrypt}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else case e in #( + e) + LDFLAGS=-L${enable_gcrypt}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac +fi + + if test X"$enable_rpath" = X"yes"; then + +if test ${LDFLAGS_R+y} +then : + + case " $LDFLAGS_R " in #( + *" -R${enable_gcrypt}/lib "*) : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enable_gcrypt}/lib"; } >&5 + (: LDFLAGS_R already contains -R${enable_gcrypt}/lib) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS_R " -R${enable_gcrypt}/lib" + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else case e in #( + e) + LDFLAGS_R=-R${enable_gcrypt}/lib + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac +fi + + fi + + fi + else + # Use sudo's sha2 functions if not in libmd or libc. + FOUND_SHA2=no + ac_fn_c_check_header_compile "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" if test "x$ac_cv_header_sha2_h" = xyes then : - FOUND_SHA2=yes + FOUND_SHA2=yes for ac_func in SHA224Update do : @@ -26305,8 +26315,8 @@ printf "%s\n" "#define SHA2_VOID_PTR 1" >>confdefs.h else case e in #( e) - # On some systems, SHA224Update is in libmd - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SHA224Update in -lmd" >&5 + # On some systems, SHA224Update is in libmd + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SHA224Update in -lmd" >&5 printf %s "checking for SHA224Update in -lmd... " >&6; } if test ${ac_cv_lib_md_SHA224Update+y} then : @@ -26352,9 +26362,9 @@ printf "%s\n" "$ac_cv_lib_md_SHA224Update" >&6; } if test "x$ac_cv_lib_md_SHA224Update" = xyes then : - printf "%s\n" "#define HAVE_SHA224UPDATE 1" >>confdefs.h + printf "%s\n" "#define HAVE_SHA224UPDATE 1" >>confdefs.h - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 printf %s "checking whether the data argument of SHA224Update() is void *... " >&6; } if test ${sudo_cv_func_sha2_void_ptr+y} then : @@ -26392,17 +26402,17 @@ printf "%s\n" "#define SHA2_VOID_PTR 1" >>confdefs.h fi - LIBMD="-lmd" + LIBMD="-lmd" else case e in #( e) - # Does not have SHA224Update - FOUND_SHA2=no - ;; + # Does not have SHA224Update + FOUND_SHA2=no + ;; esac fi - ;; + ;; esac fi @@ -26410,8 +26420,8 @@ done fi - if test X"$FOUND_SHA2" = X"no"; then - case " $LIBOBJS " in + if test X"$FOUND_SHA2" = X"no"; then + case " $LIBOBJS " in *" sha2.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS sha2.$ac_objext" ;; @@ -26423,8 +26433,10 @@ esac " done + fi fi fi + OLIBS="$LIBS" LIBS="${LIBS} ${NET_LIBS}" ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" @@ -34978,7 +34990,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # values after options handling. ac_log=" This file was extended by sudo $as_me 1.9.12p1, which was -generated by GNU Autoconf 2.72a.69-9c123-dirty. Invocation command line was +generated by GNU Autoconf 2.72a. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -35046,7 +35058,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ sudo config.status 1.9.12p1 -configured by $0, generated by GNU Autoconf 2.72a.69-9c123-dirty, +configured by $0, generated by GNU Autoconf 2.72a, with options \\"\$ac_cs_config\\" Copyright (C) 2022 Free Software Foundation, Inc. diff --git a/configure.ac b/configure.ac index cef994bc8..8574015fc 100644 --- a/configure.ac +++ b/configure.ac @@ -2975,336 +2975,49 @@ AC_CHECK_MEMBERS([struct dirent.d_type, struct dirent.d_namlen], [], [], [ AC_INCLUDES_DEFAULT #include <$ac_header_dirent> ]) -dnl -dnl Check for functions only present in OpenSSL 1.1 and above -dnl -openssl_missing=no -if test "${enable_openssl-no}" != no; then - # Use pkg-config to find the openssl cflags and libs if possible. - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - PKG_CONFIG_LIBDIR= - for d in ${enable_openssl}/*/pkgconfig; do - if test -d "$d"; then - PKG_CONFIG_LIBDIR="$PKG_CONFIG_LIBDIR:$d" - fi - done - if test -n "$PKG_CONFIG_LIBDIR"; then - PKG_CONFIG_LIBDIR=${PKG_CONFIG_LIBDIR#:} - export PKG_CONFIG_LIBDIR - fi - elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then - # Cannot use pkg-config when cross-compiling - PKG_CONFIG=false - fi - : ${PKG_CONFIG='pkg-config'} - pkg_openssl=`printf $enable_openssl_pkgconfig_template "openssl"` - pkg_libcrypto=lib`printf $enable_openssl_pkgconfig_template "crypto"` - if $PKG_CONFIG --exists "$pkg_openssl >= 1.0.1" >/dev/null 2>&1; then - AC_DEFINE(HAVE_OPENSSL) - if test "$enable_openssl" = "maybe"; then - enable_openssl=yes - fi - # Check whether --static is needed (don't assume name of ssl lib) - # There may be dependent libraries or -pthread. - O_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L $pkg_openssl`" - libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`" - libssl_extra="`echo $libssl | sed 's/^[[^ ]]* *//'`" - libssl="`echo $libssl | sed 's/ .*//'`" - AC_CHECK_LIB([$libssl], [SSL_new], [STATIC=""], [STATIC="--static"], [$libssl_extra]) - LDFLAGS="$O_LDFLAGS" - - # Use pkg-config to determine OpenSSL libs and cflags - for f in `$PKG_CONFIG $STATIC --libs $pkg_openssl`; do - case "$f" in - -L*) - f="${f#-L}" - SUDO_APPEND_LIBPATH([LIBTLS], [$f]) - ;; - *) - AX_APPEND_FLAG([$f], [LIBTLS]) - ;; - esac - done - if $PKG_CONFIG --exists $pkg_libcrypto >/dev/null 2>&1; then - # Use OpenSSL's sha2 functions if possible (don't assume name of crypto) - O_LDFLAGS="$LDFLAGS" - libcrypto= - libcrypto_extra= - for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do - case "$f" in - -l*) - if test -z "$libcrypto"; then - libcrypto="${f#-l}" - else - libcrypto_extra="$libcrypto_extra $f" - fi - ;; - *) - AX_APPEND_FLAG([$f], [LDFLAGS]) - ;; - esac - done - AC_CHECK_LIB([$libcrypto], [EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [$libcrypto_extra]) - LDFLAGS="$O_LDFLAGS" - - # Use pkg-config to determine libcrypto libs and cflags - for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do - case "$f" in - -L*) - f="${f#-L}" - SUDO_APPEND_LIBPATH([LIBCRYPTO], [$f]) - ;; - *) - AX_APPEND_FLAG([$f], [LIBCRYPTO]) - ;; - esac - done - else - # No separate pkg config for libcrypto - LIBCRYPTO="$LIBTLS" - LIBCRYPTO_R="$LIBTLS_R" - fi - for f in `$PKG_CONFIG --cflags-only-I $pkg_openssl`; do - AX_APPEND_FLAG([$f], [CPPFLAGS]) - done - else - # No pkg-config file present, try to do it manually - O_LDFLAGS="$LDFLAGS" - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_openssl}/lib]) - fi - AC_CHECK_LIB([ssl], [SSL_new], [ - # Check OPENSSL_VERSION_NUMBER in headers - O_CPPFLAGS="$CPPFLAGS" - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - # Note: we only reset CPPFLAGS on failure - AX_APPEND_FLAG([-I${enable_openssl}/include], [CPPFLAGS]) - fi - AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <openssl/opensslv.h> -#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1000100fL -#error "OpenSSL too old" -#endif -]])], [ - # OpenSSL >= 1.0.1 detected, use it. - AC_DEFINE(HAVE_OPENSSL) - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - SUDO_APPEND_LIBPATH(LIBCRYPTO, [${enable_openssl}/lib]) - SUDO_APPEND_LIBPATH(LIBTLS, [${enable_openssl}/lib]) - else - enable_openssl=yes - fi - LIBCRYPTO="${LIBCRYPTO} -lcrypto" - LIBTLS="${LIBTLS} -lssl -lcrypto" - - # Use OpenSSL's sha2 functions if possible - AC_CHECK_LIB([crypto], [EVP_MD_CTX_new], [ - DIGEST=digest_openssl.lo - ]) -], [ - # OpenSSL < 1.0.1 detected, ignore it. - if test "$enable_openssl" = "maybe"; then - AC_MSG_WARN([OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted.]) - enable_openssl=no - else - AC_MSG_ERROR([OpenSSL too old (1.0.1 or higher required).]) - fi - CPPFLAGS="$O_CPPFLAGS" -]) - ], [ - if test "$enable_openssl" = "maybe"; then - openssl_missing=yes - enable_openssl=no - else - AC_MSG_ERROR([OpenSSL development libraries not found.]) - fi - ], [-lcrypto]) - LDFLAGS="$O_LDFLAGS" - fi - if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then - unset PKG_CONFIG_LIBDIR - fi -fi dnl -dnl Note that enable_openssl may be reset above. +dnl Check for OpenSSL or wolfSSL dnl -if test "${enable_openssl-no}" != no; then - OLIBS="$LIBS" - LIBS="$LIBS $LIBTLS" - AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate SSL_CTX_set0_tmp_dh_pkey TLS_method]) - # SSL_CTX_set_min_proto_version may be a macro - AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ - AC_INCLUDES_DEFAULT - #include <openssl/ssl.h> - ]) - # LibreSSL TLS 1.3 support may not be enabled, check for declaration too. - AC_CHECK_FUNC([SSL_CTX_set_ciphersuites], [ - AC_CHECK_DECL([SSL_CTX_set_ciphersuites], [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [ - AC_INCLUDES_DEFAULT - #include <openssl/ssl.h> - ]) - ]) - LIBS="$OLIBS" -elif test "${enable_gcrypt-no}" != no; then - # Use gcrypt's sha2 functions - AC_DEFINE(HAVE_GCRYPT) - DIGEST=digest_gcrypt.lo - LIBMD="-lgcrypt" - if test "$enable_gcrypt" != "yes"; then - AX_APPEND_FLAG([-I${enable_gcrypt}/include], [CPPFLAGS]) - SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_gcrypt}/lib]) - fi -fi -dnl -dnl Check for OpenSSL compatibility functions in wolfSSL -dnl -if test "${enable_wolfssl-no}" != no; then - # Use pkg-config to find the wolfssl cflags and libs if possible. - if test "$enable_wolfssl" != "yes"; then - PKG_CONFIG_LIBDIR="${enable_wolfssl}/lib/pkgconfig:${enable_wolfssl}/lib64/pkgconfig:${enable_wolfssl}/share/pkgconfig" - export PKG_CONFIG_LIBDIR - elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then - # Cannot use pkg-config when cross-compiling - PKG_CONFIG=false - fi - : ${PKG_CONFIG='pkg-config'} - if $PKG_CONFIG --exists wolfssl >/dev/null 2>&1; then - AC_DEFINE(HAVE_OPENSSL) - AC_DEFINE(HAVE_WOLFSSL) - - O_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags-only-I wolfssl`" - O_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L wolfssl`" - - # Check whether --static is needed - libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`" - libssl_extra=`echo $libssl | sed 's/^[[^ ]]* *//'` - libssl=`echo $libssl | sed 's/ .*//'` - AC_CHECK_LIB([$libssl], [wolfSSL_new], [STATIC=""], [STATIC="--static"], [$libssl_extra]) - - # Use wolfSSL's sha2 functions if possible - AC_CHECK_DECL([EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/evp.h> - ]) - CPPFLAGS="$O_CPPFLAGS" - LDFLAGS="$O_LDFLAGS" - - # Use pkg-config to determine wolfSSL libs and cflags - for f in `$PKG_CONFIG $STATIC --libs wolfssl`; do - case "$f" in - -L*) - f="${f#-L}" - SUDO_APPEND_LIBPATH([LIBTLS], [$f]) - ;; - *) - AX_APPEND_FLAG([$f], [LIBTLS]) - ;; - esac - done - # No separate pkg config for libcrypto - LIBCRYPTO="$LIBTLS" - LIBCRYPTO_R="$LIBTLS_R" - for f in `$PKG_CONFIG --cflags-only-I wolfssl`; do - AX_APPEND_FLAG([$f], [CPPFLAGS]) - # So we find the openssl compat headers under wolfssl - AX_APPEND_FLAG([$f/wolfssl], [CPPFLAGS]) - done - if test "$CPPFLAGS" = "$O_CPPFLAGS"; then - # So we find the openssl compat headers under wolfssl (XXX) - AX_APPEND_FLAG([-I/usr/include/wolfssl], [CPPFLAGS]) - fi - else - AC_DEFINE(HAVE_OPENSSL) - AC_DEFINE(HAVE_WOLFSSL) - - # No pkg-config file present, try to do it manually - if test "$enable_wolfssl" != "yes"; then - SUDO_APPEND_LIBPATH(LIBCRYPTO, [${enable_wolfssl}/lib]) - SUDO_APPEND_LIBPATH(LIBTLS, [${enable_wolfssl}/lib]) - AX_APPEND_FLAG([-I${enable_wolfssl}/include], [CPPFLAGS]) - # So we find the openssl compat headers under wolfssl - AX_APPEND_FLAG([-I${enable_wolfssl}/include/wolfssl], [CPPFLAGS]) - else - # So we find the openssl compat headers under wolfssl (XXX) - AX_APPEND_FLAG([-I/usr/include/wolfssl], [CPPFLAGS]) - fi - LIBTLS="${LIBTLS} -lwolfssl" - LIBCRYPTO="${LIBCRYPTO} -lwolfssl" +SUDO_CHECK_OPENSSL - # Use wolfSSL's sha2 functions if possible - AC_CHECK_DECL([EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/evp.h> - ]) - fi - dnl - dnl Check for specific OpenSSL API compatibility macros - dnl - AC_CHECK_DECL([X509_STORE_CTX_get0_cert], [AC_DEFINE(HAVE_X509_STORE_CTX_GET0_CERT)], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/x509.h> - ]) - AC_CHECK_DECL([ASN1_STRING_get0_data], [AC_DEFINE(HAVE_ASN1_STRING_GET0_DATA)], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/asn1.h> - ]) - AC_CHECK_DECL([SSL_CTX_get0_certificate], [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE)], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> - ]) - AC_CHECK_DECL([SSL_CTX_set0_tmp_dh_pkey], [AC_DEFINE(HAVE_SSL_CTX_SET0_TMP_DH_PKEY)], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> - ]) - AC_CHECK_DECL([TLS_method], [AC_DEFINE(HAVE_TLS_METHOD)], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> - ]) - AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> - ]) - AC_CHECK_DECL([SSL_CTX_set_ciphersuites], [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [ - AC_INCLUDES_DEFAULT - #include <wolfssl/options.h> - #include <wolfssl/openssl/ssl.h> - ]) -fi dnl -dnl Check for sha2 functions if not using openssl, wolfssl or gcrypt +dnl Check for sha2 functions if not using openssl or wolfssl dnl if test "$DIGEST" = "digest.lo"; then - FOUND_SHA2=no - AC_CHECK_HEADER([sha2.h], [ - FOUND_SHA2=yes - AC_CHECK_FUNCS([SHA224Update], [SUDO_FUNC_SHA2_VOID_PTR], [ - # On some systems, SHA224Update is in libmd - AC_CHECK_LIB([md], [SHA224Update], [ - AC_DEFINE(HAVE_SHA224UPDATE) - SUDO_FUNC_SHA2_VOID_PTR - LIBMD="-lmd" - ], [ - # Does not have SHA224Update - FOUND_SHA2=no + if test "${enable_gcrypt-no}" != no; then + # Use gcrypt's sha2 functions + AC_DEFINE(HAVE_GCRYPT) + DIGEST=digest_gcrypt.lo + LIBMD="-lgcrypt" + if test "$enable_gcrypt" != "yes"; then + AX_APPEND_FLAG([-I${enable_gcrypt}/include], [CPPFLAGS]) + SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_gcrypt}/lib]) + fi + else + # Use sudo's sha2 functions if not in libmd or libc. + FOUND_SHA2=no + AC_CHECK_HEADER([sha2.h], [ + FOUND_SHA2=yes + AC_CHECK_FUNCS([SHA224Update], [SUDO_FUNC_SHA2_VOID_PTR], [ + # On some systems, SHA224Update is in libmd + AC_CHECK_LIB([md], [SHA224Update], [ + AC_DEFINE(HAVE_SHA224UPDATE) + SUDO_FUNC_SHA2_VOID_PTR + LIBMD="-lmd" + ], [ + # Does not have SHA224Update + FOUND_SHA2=no + ]) ]) ]) - ]) - if test X"$FOUND_SHA2" = X"no"; then - AC_LIBOBJ(sha2) - SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update) + if test X"$FOUND_SHA2" = X"no"; then + AC_LIBOBJ(sha2) + SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update) + fi fi fi + dnl dnl If socket(2) not in libc, check -lsocket and -linet dnl May need to link with *both* -lnsl and -lsocket due to unresolved symbols diff --git a/m4/openssl.m4 b/m4/openssl.m4 new file mode 100644 index 000000000..a2e4941ae --- /dev/null +++ b/m4/openssl.m4 @@ -0,0 +1,294 @@ +AC_DEFUN([SUDO_CHECK_OPENSSL], [ + openssl_missing=no + if test "${enable_openssl-no}" != no; then + # Use pkg-config to find the openssl cflags and libs if possible. + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + PKG_CONFIG_LIBDIR= + for d in ${enable_openssl}/*/pkgconfig; do + if test -d "$d"; then + PKG_CONFIG_LIBDIR="$PKG_CONFIG_LIBDIR:$d" + fi + done + if test -n "$PKG_CONFIG_LIBDIR"; then + PKG_CONFIG_LIBDIR=${PKG_CONFIG_LIBDIR#:} + export PKG_CONFIG_LIBDIR + fi + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false + fi + : ${PKG_CONFIG='pkg-config'} + pkg_openssl=`printf $enable_openssl_pkgconfig_template "openssl"` + pkg_libcrypto=lib`printf $enable_openssl_pkgconfig_template "crypto"` + if $PKG_CONFIG --exists "$pkg_openssl >= 1.0.1" >/dev/null 2>&1; then + AC_DEFINE(HAVE_OPENSSL) + if test "$enable_openssl" = "maybe"; then + enable_openssl=yes + fi + + # Check whether --static is needed (don't assume name of ssl lib) + # There may be dependent libraries or -pthread. + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L $pkg_openssl`" + libssl="`$PKG_CONFIG --libs-only-l $pkg_openssl | sed 's/^ *-l//'`" + libssl_extra="`echo $libssl | sed 's/^[[^ ]]* *//'`" + libssl="`echo $libssl | sed 's/ .*//'`" + AC_CHECK_LIB([$libssl], [SSL_new], [STATIC=""], [STATIC="--static"], [$libssl_extra]) + LDFLAGS="$O_LDFLAGS" + + # Use pkg-config to determine OpenSSL libs and cflags + for f in `$PKG_CONFIG $STATIC --libs $pkg_openssl`; do + case "$f" in + -L*) + f="${f#-L}" + SUDO_APPEND_LIBPATH([LIBTLS], [$f]) + ;; + *) + AX_APPEND_FLAG([$f], [LIBTLS]) + ;; + esac + done + if $PKG_CONFIG --exists $pkg_libcrypto >/dev/null 2>&1; then + # Use OpenSSL's sha2 functions if possible (don't assume name of crypto) + O_LDFLAGS="$LDFLAGS" + libcrypto= + libcrypto_extra= + for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do + case "$f" in + -l*) + if test -z "$libcrypto"; then + libcrypto="${f#-l}" + else + libcrypto_extra="$libcrypto_extra $f" + fi + ;; + *) + AX_APPEND_FLAG([$f], [LDFLAGS]) + ;; + esac + done + AC_CHECK_LIB([$libcrypto], [EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [$libcrypto_extra]) + LDFLAGS="$O_LDFLAGS" + + # Use pkg-config to determine libcrypto libs and cflags + for f in `$PKG_CONFIG $STATIC --libs $pkg_libcrypto`; do + case "$f" in + -L*) + f="${f#-L}" + SUDO_APPEND_LIBPATH([LIBCRYPTO], [$f]) + ;; + *) + AX_APPEND_FLAG([$f], [LIBCRYPTO]) + ;; + esac + done + else + # No separate pkg config for libcrypto + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" + fi + for f in `$PKG_CONFIG --cflags-only-I $pkg_openssl`; do + AX_APPEND_FLAG([$f], [CPPFLAGS]) + done + else + # No pkg-config file present, try to do it manually + O_LDFLAGS="$LDFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_openssl}/lib]) + fi + AC_CHECK_LIB([ssl], [SSL_new], [ + # Check OPENSSL_VERSION_NUMBER in headers + O_CPPFLAGS="$CPPFLAGS" + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + # Note: we only reset CPPFLAGS on failure + AX_APPEND_FLAG([-I${enable_openssl}/include], [CPPFLAGS]) + fi + AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <openssl/opensslv.h> +#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x1000100fL +#error "OpenSSL too old" +#endif + ]])], [ + # OpenSSL >= 1.0.1 detected, use it. + AC_DEFINE(HAVE_OPENSSL) + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + SUDO_APPEND_LIBPATH(LIBCRYPTO, [${enable_openssl}/lib]) + SUDO_APPEND_LIBPATH(LIBTLS, [${enable_openssl}/lib]) + else + enable_openssl=yes + fi + LIBCRYPTO="${LIBCRYPTO} -lcrypto" + LIBTLS="${LIBTLS} -lssl -lcrypto" + + # Use OpenSSL's sha2 functions if possible + AC_CHECK_LIB([crypto], [EVP_MD_CTX_new], [ + DIGEST=digest_openssl.lo + ]) + ], [ + # OpenSSL < 1.0.1 detected, ignore it. + if test "$enable_openssl" = "maybe"; then + AC_MSG_WARN([OpenSSL too old (1.0.1 or higher required), Sudo logsrv connections will not be encrypted.]) + openssl_missing=yes + enable_openssl=no + else + AC_MSG_ERROR([OpenSSL too old (1.0.1 or higher required).]) + fi + CPPFLAGS="$O_CPPFLAGS" + ]) + ], [ + if test "$enable_openssl" = "maybe"; then + openssl_missing=yes + enable_openssl=no + else + AC_MSG_ERROR([OpenSSL development libraries not found.]) + fi + ], [-lcrypto]) + LDFLAGS="$O_LDFLAGS" + fi + if test "$enable_openssl" != "yes" -a "$enable_openssl" != "maybe"; then + unset PKG_CONFIG_LIBDIR + fi + fi + # + # Note that enable_openssl may be reset above. + # + if test "${enable_openssl-no}" != no; then + OLIBS="$LIBS" + LIBS="$LIBS $LIBTLS" + AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate SSL_CTX_set0_tmp_dh_pkey TLS_method]) + # SSL_CTX_set_min_proto_version may be a macro + AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ + AC_INCLUDES_DEFAULT + #include <openssl/ssl.h> + ]) + # LibreSSL TLS 1.3 support may not be enabled, check for declaration too. + AC_CHECK_FUNC([SSL_CTX_set_ciphersuites], [ + AC_CHECK_DECL([SSL_CTX_set_ciphersuites], [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [ + AC_INCLUDES_DEFAULT + #include <openssl/ssl.h> + ]) + ]) + LIBS="$OLIBS" + elif test "${enable_wolfssl-no}" != no; then + # Check for OpenSSL compatibility functions in wolfSSL. + # Use pkg-config to find the wolfssl cflags and libs if possible. + if test "$enable_wolfssl" != "yes"; then + PKG_CONFIG_LIBDIR="${enable_wolfssl}/lib/pkgconfig:${enable_wolfssl}/lib64/pkgconfig:${enable_wolfssl}/share/pkgconfig" + export PKG_CONFIG_LIBDIR + elif test "$cross_compiling" = "yes" -a -z "$PKG_CONFIG"; then + # Cannot use pkg-config when cross-compiling + PKG_CONFIG=false + fi + : ${PKG_CONFIG='pkg-config'} + if $PKG_CONFIG --exists wolfssl >/dev/null 2>&1; then + AC_DEFINE(HAVE_OPENSSL) + AC_DEFINE(HAVE_WOLFSSL) + + O_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags-only-I wolfssl`" + O_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS `$PKG_CONFIG --libs-only-L wolfssl`" + + # Check whether --static is needed + libssl="`$PKG_CONFIG --libs-only-l wolfssl | sed 's/^ *-l//'`" + libssl_extra=`echo $libssl | sed 's/^[[^ ]]* *//'` + libssl=`echo $libssl | sed 's/ .*//'` + AC_CHECK_LIB([$libssl], [wolfSSL_new], [STATIC=""], [STATIC="--static"], [$libssl_extra]) + + # Use wolfSSL's sha2 functions if possible + AC_CHECK_DECL([EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/evp.h> + ]) + CPPFLAGS="$O_CPPFLAGS" + LDFLAGS="$O_LDFLAGS" + + # Use pkg-config to determine wolfSSL libs and cflags + for f in `$PKG_CONFIG $STATIC --libs wolfssl`; do + case "$f" in + -L*) + f="${f#-L}" + SUDO_APPEND_LIBPATH([LIBTLS], [$f]) + ;; + *) + AX_APPEND_FLAG([$f], [LIBTLS]) + ;; + esac + done + # No separate pkg config for libcrypto + LIBCRYPTO="$LIBTLS" + LIBCRYPTO_R="$LIBTLS_R" + for f in `$PKG_CONFIG --cflags-only-I wolfssl`; do + AX_APPEND_FLAG([$f], [CPPFLAGS]) + # So we find the openssl compat headers under wolfssl + AX_APPEND_FLAG([$f/wolfssl], [CPPFLAGS]) + done + if test "$CPPFLAGS" = "$O_CPPFLAGS"; then + # So we find the openssl compat headers under wolfssl (XXX) + AX_APPEND_FLAG([-I/usr/include/wolfssl], [CPPFLAGS]) + fi + else + AC_DEFINE(HAVE_OPENSSL) + AC_DEFINE(HAVE_WOLFSSL) + + # No pkg-config file present, try to do it manually + if test "$enable_wolfssl" != "yes"; then + SUDO_APPEND_LIBPATH(LIBCRYPTO, [${enable_wolfssl}/lib]) + SUDO_APPEND_LIBPATH(LIBTLS, [${enable_wolfssl}/lib]) + AX_APPEND_FLAG([-I${enable_wolfssl}/include], [CPPFLAGS]) + # So we find the openssl compat headers under wolfssl + AX_APPEND_FLAG([-I${enable_wolfssl}/include/wolfssl], [CPPFLAGS]) + else + # So we find the openssl compat headers under wolfssl (XXX) + AX_APPEND_FLAG([-I/usr/include/wolfssl], [CPPFLAGS]) + fi + LIBTLS="${LIBTLS} -lwolfssl" + LIBCRYPTO="${LIBCRYPTO} -lwolfssl" + + # Use wolfSSL's sha2 functions if possible + AC_CHECK_DECL([EVP_MD_CTX_new], [DIGEST=digest_openssl.lo], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/evp.h> + ]) + fi + dnl + dnl Check for specific OpenSSL API compatibility macros + dnl + AC_CHECK_DECL([X509_STORE_CTX_get0_cert], [AC_DEFINE(HAVE_X509_STORE_CTX_GET0_CERT)], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/x509.h> + ]) + AC_CHECK_DECL([ASN1_STRING_get0_data], [AC_DEFINE(HAVE_ASN1_STRING_GET0_DATA)], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/asn1.h> + ]) + AC_CHECK_DECL([SSL_CTX_get0_certificate], [AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE)], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> + ]) + AC_CHECK_DECL([SSL_CTX_set0_tmp_dh_pkey], [AC_DEFINE(HAVE_SSL_CTX_SET0_TMP_DH_PKEY)], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> + ]) + AC_CHECK_DECL([TLS_method], [AC_DEFINE(HAVE_TLS_METHOD)], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> + ]) + AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> + ]) + AC_CHECK_DECL([SSL_CTX_set_ciphersuites], [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [ + AC_INCLUDES_DEFAULT + #include <wolfssl/options.h> + #include <wolfssl/openssl/ssl.h> + ]) + fi +]) |