diff options
author | Ben Wiederhake <BenWiederhake.GitHub@gmx> | 2015-09-30 23:23:33 +0300 |
---|---|---|
committer | Ben Wiederhake <BenWiederhake.GitHub@gmx> | 2015-10-01 21:59:54 +0300 |
commit | dd7c8567908bf32f1af390ef138b9e48441c9d24 (patch) | |
tree | 45fc46233d76ca0e15a69827630a9599ea20a136 | |
parent | 3fd7894f5edaf44f7eafb0c069a8d38ccaaba7f5 (diff) |
Implement the big OpenSSL switch.
Do note that --without-openssl can't be made to work, sadly.
-rw-r--r-- | config.h.in | 4 | ||||
-rwxr-xr-x | configure | 263 | ||||
-rw-r--r-- | configure.ac | 16 | ||||
-rw-r--r-- | crypto/aes.h | 4 | ||||
-rw-r--r-- | crypto/aes_altern.c | 4 | ||||
-rw-r--r-- | crypto/aes_openssl.c | 4 | ||||
-rw-r--r-- | crypto/bn_altern.c | 4 | ||||
-rw-r--r-- | crypto/bn_openssl.c | 4 | ||||
-rw-r--r-- | crypto/crypto-config.h | 31 | ||||
-rw-r--r-- | crypto/err_altern.c | 4 | ||||
-rw-r--r-- | crypto/err_openssl.c | 4 | ||||
-rw-r--r-- | crypto/md5_altern.c | 4 | ||||
-rw-r--r-- | crypto/md5_openssl.c | 4 | ||||
-rw-r--r-- | crypto/rand_altern.c | 4 | ||||
-rw-r--r-- | crypto/rand_openssl.c | 4 | ||||
-rw-r--r-- | crypto/rsa_pem_altern.c | 4 | ||||
-rw-r--r-- | crypto/rsa_pem_openssl.c | 4 | ||||
-rw-r--r-- | crypto/sha_altern.c | 4 | ||||
-rw-r--r-- | crypto/sha_openssl.c | 4 |
19 files changed, 265 insertions, 109 deletions
diff --git a/config.h.in b/config.h.in index 3aae472..3bfcf78 100644 --- a/config.h.in +++ b/config.h.in @@ -140,6 +140,10 @@ /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS +/* avoid OpenSSL entirely, use libgcrypt instead (this can't read *.pub files, + though.) */ +#undef TGL_AVOID_OPENSSL + /* fixed for correct valgrind work */ #undef VALGRIND_FIXES @@ -679,6 +679,7 @@ SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking +enable_openssl with_openssl with_zlib enable_extf @@ -1314,6 +1315,8 @@ Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-openssl disables OpenSSL, and don't link against it + (this can't read *.pub files, though.) --enable-extf enables extended queries system --enable-libevent include libevent-based net and timers --enable-valgrind fixes for correct valgrind work @@ -3256,51 +3259,6 @@ _ACEOF fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcry_md_open in -lgcrypt" >&5 -$as_echo_n "checking for gcry_md_open in -lgcrypt... " >&6; } -if ${ac_cv_lib_gcrypt_gcry_md_open+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lgcrypt $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char gcry_md_open (); -int -main () -{ -return gcry_md_open (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_gcrypt_gcry_md_open=yes -else - ac_cv_lib_gcrypt_gcry_md_open=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcrypt_gcry_md_open" >&5 -$as_echo "$ac_cv_lib_gcrypt_gcry_md_open" >&6; } -if test "x$ac_cv_lib_gcrypt_gcry_md_open" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBGCRYPT 1 -_ACEOF - - LIBS="-lgcrypt $LIBS" - -fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 $as_echo_n "checking for library containing clock_gettime... " >&6; } if ${ac_cv_search_clock_gettime+:} false; then : @@ -3365,6 +3323,215 @@ EXTRA_OBJECTS="" # OPENSSL_LIBS to the -l directives required # OPENSSL_LDFLAGS to the -L or -R flags required +# Check whether --enable-openssl was given. +if test "${enable_openssl+set}" = set; then : + enableval=$enable_openssl; + if test "x$enableval" = "xno" ; then + +$as_echo "#define TGL_AVOID_OPENSSL 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcry_md_open in -lgcrypt" >&5 +$as_echo_n "checking for gcry_md_open in -lgcrypt... " >&6; } +if ${ac_cv_lib_gcrypt_gcry_md_open+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgcrypt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gcry_md_open (); +int +main () +{ +return gcry_md_open (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gcrypt_gcry_md_open=yes +else + ac_cv_lib_gcrypt_gcry_md_open=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcrypt_gcry_md_open" >&5 +$as_echo "$ac_cv_lib_gcrypt_gcry_md_open" >&6; } +if test "x$ac_cv_lib_gcrypt_gcry_md_open" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBGCRYPT 1 +_ACEOF + + LIBS="-lgcrypt $LIBS" + +fi + + else + # Don't be annoying, so don't inform the user about --disable-openssl + + found=false + +# Check whether --with-openssl was given. +if test "${with_openssl+set}" = set; then : + withval=$with_openssl; + case "$withval" in + "" | y | ye | yes | n | no) + as_fn_error $? "Invalid --with-openssl value" "$LINENO" 5 + ;; + *) ssldirs="$withval" + ;; + esac + +else + + # if pkg-config is installed and openssl has installed a .pc file, + # then use that information and don't search ssldirs + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test x"$PKG_CONFIG" != x""; then + OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null` + if test $? = 0; then + OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null` + OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null` + found=true + fi + fi + + # no such luck; use some default ssldirs + if ! $found; then + ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" + fi + + +fi + + + + # note that we #include <openssl/foo.h>, so the OpenSSL headers have to be in + # an 'openssl' subdirectory + + if ! $found; then + OPENSSL_INCLUDES= + for ssldir in $ssldirs; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/ssl.h in $ssldir" >&5 +$as_echo_n "checking for openssl/ssl.h in $ssldir... " >&6; } + if test -f "$ssldir/include/openssl/ssl.h"; then + OPENSSL_INCLUDES="-I$ssldir/include" + OPENSSL_LDFLAGS="-L$ssldir/lib" + OPENSSL_LIBS="-lssl -lcrypto" + found=true + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + done + + # if the file wasn't found, well, go ahead and try the link anyway -- maybe + # it will just work! + fi + + # try the preprocessor and linker with our new flags, + # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiling and linking against OpenSSL works" >&5 +$as_echo_n "checking whether compiling and linking against OpenSSL works... " >&6; } + echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \ + "OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&5 + + save_LIBS="$LIBS" + save_LDFLAGS="$LDFLAGS" + save_CPPFLAGS="$CPPFLAGS" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" + LIBS="$OPENSSL_LIBS $LIBS" + CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <openssl/ssl.h> +int +main () +{ +SSL_new(NULL) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "No openssl found." "$LINENO" 5 + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + + + + + + fi + +else + found=false @@ -3503,7 +3670,7 @@ else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - as_fn_error $? "No openssl found" "$LINENO" 5 + as_fn_error $? "No openssl found. With --disable-openssl, libtgl will use libgcrypt instead." "$LINENO" 5 fi rm -f core conftest.err conftest.$ac_objext \ @@ -3516,6 +3683,10 @@ rm -f core conftest.err conftest.$ac_objext \ + +fi + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' diff --git a/configure.ac b/configure.ac index 4d2074b..45c3a19 100644 --- a/configure.ac +++ b/configure.ac @@ -16,7 +16,6 @@ LDFLAGS="$LDFLAGS -L/usr/local/lib" # Checks for libraries. AC_CHECK_LIB([m], [sqrt]) -AC_CHECK_LIB([gcrypt], [gcry_md_open]) AC_SEARCH_LIBS([clock_gettime], [rt]) EVENT_VER="" @@ -26,7 +25,20 @@ EXTRA_OBJECTS="" # OPENSSL_LIBS to the -l directives required # OPENSSL_LDFLAGS to the -L or -R flags required -AX_CHECK_OPENSSL(,[AC_MSG_ERROR([No openssl found])]) +AC_ARG_ENABLE(openssl,[ --disable-openssl disables OpenSSL, and don't link against it + (this can't read *.pub files, though.)], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([TGL_AVOID_OPENSSL],[1],[avoid OpenSSL entirely, use libgcrypt instead (this can't read *.pub files, though.)]) + AC_CHECK_LIB([gcrypt], [gcry_md_open]) + else + # Don't be annoying, so don't inform the user about --disable-openssl + AX_CHECK_OPENSSL(,[AC_MSG_ERROR([No openssl found.])]) + fi + ],[ + AX_CHECK_OPENSSL(,[AC_MSG_ERROR([No openssl found. With --disable-openssl, libtgl will use libgcrypt instead.])]) + ]) + AX_CHECK_ZLIB(, [AC_MSG_ERROR([No zlib found])]) AC_ARG_ENABLE(extf,[ --enable-extf enables extended queries system], diff --git a/crypto/aes.h b/crypto/aes.h index 1ebf0b6..f0c61aa 100644 --- a/crypto/aes.h +++ b/crypto/aes.h @@ -23,11 +23,11 @@ #include <stddef.h> /* size_t */ -#include "crypto-config.h" +#include "../config.h" typedef struct TGLC_aes_key { char _dummy[ -#ifdef TGL_AVOID_OPENSSL_AES +#ifdef TGL_AVOID_OPENSSL 32 #else 244 diff --git a/crypto/aes_altern.c b/crypto/aes_altern.c index 5f99c44..463b114 100644 --- a/crypto/aes_altern.c +++ b/crypto/aes_altern.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifdef TGL_AVOID_OPENSSL_AES +#ifdef TGL_AVOID_OPENSSL /* Marginally speed up compilation */ #define GCRYPT_NO_MPI_MACROS diff --git a/crypto/aes_openssl.c b/crypto/aes_openssl.c index 4402d90..c6c1840 100644 --- a/crypto/aes_openssl.c +++ b/crypto/aes_openssl.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifndef TGL_AVOID_OPENSSL_AES +#ifndef TGL_AVOID_OPENSSL #include <openssl/aes.h> diff --git a/crypto/bn_altern.c b/crypto/bn_altern.c index d2d8e34..605f9e2 100644 --- a/crypto/bn_altern.c +++ b/crypto/bn_altern.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifdef TGL_AVOID_OPENSSL_BN +#ifdef TGL_AVOID_OPENSSL /* Fail-fast when something becomes deprecated. */ #define GCRYPT_NO_DEPRECATED diff --git a/crypto/bn_openssl.c b/crypto/bn_openssl.c index a475fd9..73f3c69 100644 --- a/crypto/bn_openssl.c +++ b/crypto/bn_openssl.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifndef TGL_AVOID_OPENSSL_BN +#ifndef TGL_AVOID_OPENSSL #include <assert.h> diff --git a/crypto/crypto-config.h b/crypto/crypto-config.h deleted file mode 100644 index 5ace727..0000000 --- a/crypto/crypto-config.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - This file is part of tgl-library - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - - Copyright Ben Wiederhake 2015 -*/ - -#ifndef __TGL_CRYPTO_CRYPTO_CONFIG_H__ -#define __TGL_CRYPTO_CRYPTO_CONFIG_H__ - -#define TGL_AVOID_OPENSSL_AES -#define TGL_AVOID_OPENSSL_ERR -#define TGL_AVOID_OPENSSL_BN -#define TGL_AVOID_OPENSSL_MD5 -#define TGL_AVOID_OPENSSL_RAND -#define TGL_AVOID_OPENSSL_SHA - -#endif diff --git a/crypto/err_altern.c b/crypto/err_altern.c index d8b6678..219b161 100644 --- a/crypto/err_altern.c +++ b/crypto/err_altern.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifdef TGL_AVOID_OPENSSL_ERR +#ifdef TGL_AVOID_OPENSSL #include <gcrypt.h> diff --git a/crypto/err_openssl.c b/crypto/err_openssl.c index 852ab8b..b9dab5c 100644 --- a/crypto/err_openssl.c +++ b/crypto/err_openssl.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifndef TGL_AVOID_OPENSSL_ERR +#ifndef TGL_AVOID_OPENSSL #include <openssl/err.h> diff --git a/crypto/md5_altern.c b/crypto/md5_altern.c index 20af2de..30c3018 100644 --- a/crypto/md5_altern.c +++ b/crypto/md5_altern.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifdef TGL_AVOID_OPENSSL_MD5 +#ifdef TGL_AVOID_OPENSSL /* Marginally speed up compilation */ #define GCRYPT_NO_MPI_MACROS diff --git a/crypto/md5_openssl.c b/crypto/md5_openssl.c index 4365f87..1ba3c9e 100644 --- a/crypto/md5_openssl.c +++ b/crypto/md5_openssl.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifndef TGL_AVOID_OPENSSL_MD5 +#ifndef TGL_AVOID_OPENSSL #include <openssl/md5.h> diff --git a/crypto/rand_altern.c b/crypto/rand_altern.c index 477fa6b..aca536f 100644 --- a/crypto/rand_altern.c +++ b/crypto/rand_altern.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifdef TGL_AVOID_OPENSSL_RAND +#ifdef TGL_AVOID_OPENSSL /* Marginally speed up compilation */ #define GCRYPT_NO_MPI_MACROS diff --git a/crypto/rand_openssl.c b/crypto/rand_openssl.c index fc1a70d..bb2d504 100644 --- a/crypto/rand_openssl.c +++ b/crypto/rand_openssl.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifndef TGL_AVOID_OPENSSL_RAND +#ifndef TGL_AVOID_OPENSSL #include <openssl/rand.h> diff --git a/crypto/rsa_pem_altern.c b/crypto/rsa_pem_altern.c index 524321d..2ae54f1 100644 --- a/crypto/rsa_pem_altern.c +++ b/crypto/rsa_pem_altern.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifdef TGL_AVOID_OPENSSL_BN +#ifdef TGL_AVOID_OPENSSL #include <gcrypt.h> diff --git a/crypto/rsa_pem_openssl.c b/crypto/rsa_pem_openssl.c index 3ea1631..db653f2 100644 --- a/crypto/rsa_pem_openssl.c +++ b/crypto/rsa_pem_openssl.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifndef TGL_AVOID_OPENSSL_BN +#ifndef TGL_AVOID_OPENSSL //#include <stddef.h> /* NULL */ diff --git a/crypto/sha_altern.c b/crypto/sha_altern.c index 1fec3c1..7615cfd 100644 --- a/crypto/sha_altern.c +++ b/crypto/sha_altern.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifdef TGL_AVOID_OPENSSL_SHA +#ifdef TGL_AVOID_OPENSSL /* Marginally speed up compilation */ #define GCRYPT_NO_MPI_MACROS diff --git a/crypto/sha_openssl.c b/crypto/sha_openssl.c index 120a17c..eb40467 100644 --- a/crypto/sha_openssl.c +++ b/crypto/sha_openssl.c @@ -18,9 +18,9 @@ Copyright Ben Wiederhake 2015 */ -#include "crypto-config.h" +#include "../config.h" -#ifndef TGL_AVOID_OPENSSL_SHA +#ifndef TGL_AVOID_OPENSSL #include <openssl/sha.h> |