tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only enable U2F if OpenSSL supports ECC. 

This requires moving the U2F bits to below the OpenSSL parts so we have
the required information.  ok djm@
This commit is contained in:
Darren Tucker 2019-11-02 16:39:38 +11:00
parent ad38406fc9
commit f5cc5816aa
1 changed files with 40 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
configure.ac
View File

@ -1909,44 +1909,10 @@ AC_ARG_ENABLE([security-key],
]
)
# PKCS11/U2F depend on OpenSSL and dlopen().
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
enable_pkcs11=yes
enable_sk=yes
if test "x$openssl" != "xyes" ; then
enable_pkcs11="disabled; missing libcrypto"
enable_sk="disabled; missing libcrypto"
fi
if test "x$ac_cv_func_dlopen" != "xyes" ; then
enable_pkcs11="disabled; missing dlopen(3)"
enable_sk="disabled; missing dlopen(3)"
fi
if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
enable_pkcs11="disabled; missing RTLD_NOW"
enable_sk="disabled; missing RTLD_NOW"
fi
if test ! -z "$disable_pkcs11" ; then
enable_pkcs11="disabled by user"
fi
if test ! -z "$disable_sk" ; then
enable_sk="disabled by user"
fi
AC_MSG_CHECKING([whether to enable PKCS11])
if test "x$enable_pkcs11" = "xyes" ; then
AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
fi
AC_MSG_RESULT([$enable_pkcs11])
AC_MSG_CHECKING([whether to enable U2F])
if test "x$enable_sk" = "xyes" ; then
AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
fi
AC_MSG_RESULT([$enable_sk])
# IRIX has a const char return value for gai_strerror()
AC_CHECK_FUNCS([gai_strerror], [
AC_DEFINE([HAVE_GAI_STRERROR])
@ -3015,6 +2981,9 @@ if test "x$openssl" = "xyes" ; then
test x$enable_nistp521 = x1; then
AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
AC_CHECK_FUNCS([EC_KEY_METHOD_new])
openssl_ecc=yes
else
openssl_ecc=no
fi
if test x$enable_nistp256 = x1; then
AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
@ -3055,6 +3024,43 @@ else
AC_CHECK_FUNCS([crypt])
fi
# PKCS11/U2F depend on OpenSSL and dlopen().
enable_pkcs11=yes
enable_sk=yes
if test "x$openssl" != "xyes" ; then
enable_pkcs11="disabled; missing libcrypto"
enable_sk="disabled; missing libcrypto"
fi
if test "x$openssl_ecc" != "xyes" ; then
enable_sk="disabled; OpenSSL has no ECC support"
fi
if test "x$ac_cv_func_dlopen" != "xyes" ; then
enable_pkcs11="disabled; missing dlopen(3)"
enable_sk="disabled; missing dlopen(3)"
fi
if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
enable_pkcs11="disabled; missing RTLD_NOW"
enable_sk="disabled; missing RTLD_NOW"
fi
if test ! -z "$disable_pkcs11" ; then
enable_pkcs11="disabled by user"
fi
if test ! -z "$disable_sk" ; then
enable_sk="disabled by user"
fi
AC_MSG_CHECKING([whether to enable PKCS11])
if test "x$enable_pkcs11" = "xyes" ; then
AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
fi
AC_MSG_RESULT([$enable_pkcs11])
AC_MSG_CHECKING([whether to enable U2F])
if test "x$enable_sk" = "xyes" ; then
AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
fi
AC_MSG_RESULT([$enable_sk])
AC_CHECK_FUNCS([ \
arc4random \
arc4random_buf \