[openssh-commits] [openssh] branch master updated: Check if OpenSSL implementation supports DSA.

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Mar 30 18:22:30 AEDT 2024 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

The following commit(s) were added to refs/heads/master by this push:
     new 281ea25a Check if OpenSSL implementation supports DSA.
281ea25a is described below

commit 281ea25a44bff53eefb4af7bab7aa670b1f8b6b2
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Sat Mar 30 18:20:16 2024 +1100

    Check if OpenSSL implementation supports DSA.
    
    If --enable/disable-dsa-keys is not specified, set based on what OpenSSL
    supports.  If specified as enabled, but not supported by OpenSSL error
    out.  ok djm@
---
 configure.ac | 39 +++++++++++++++++++++++++++++++--------
 1 file changed, 31 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index 081e2bc7..c04349f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2075,17 +2075,11 @@ AC_ARG_WITH([security-key-builtin],
 	[ enable_sk_internal=$withval ]
 )
 
-disable_ecdsa=
+enable_dsa=
 AC_ARG_ENABLE([dsa-keys],
 	[  --disable-dsa-keys      disable DSA key support [no]],
-	[
-		if test "x$enableval" = "xno" ; then
-			disable_ecdsa=1
-		fi
-	]
+	[  enable_dsa="$enableval" ]
 )
-test -z "$disable_ecdsa" &&
-    AC_DEFINE([WITH_DSA], [1], [Define if to enable DSA keys.])
 
 AC_SEARCH_LIBS([dlopen], [dl])
 AC_CHECK_FUNCS([dlopen])
@@ -3196,6 +3190,35 @@ if test "x$openssl" = "xyes" ; then
 			AC_MSG_RESULT([no])
 		]
 	)
+	openssl_dsa=no
+	if test -z "$enable_dsa" || test "x$enable_dsa" = "xyes"; then
+		AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
+			AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
+			    [ openssl_dsa=yes ],
+			    [ #include <openssl/opensslconf.h> ]
+			)
+		    ],
+		    [ #include <openssl/opensslconf.h> ]
+		)
+		AC_MSG_CHECKING([whether to enable DSA key support])
+		if test -z "$enable_dsa"; then
+			if test "x$openssl_dsa" = "xno"; then
+				AC_MSG_RESULT([not supported by OpenSSL])
+			else
+				AC_MSG_RESULT([yes])
+				AC_DEFINE([WITH_DSA], [1],
+				   [DSA keys enabled by default])
+			fi
+		else
+			if test "x$openssl_dsa" = "xno"; then
+				AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
+			else
+				AC_MSG_RESULT([yes])
+				AC_DEFINE([WITH_DSA], [1],
+				   [DSA keys explicitly enabled])
+			fi
+		fi
+	fi
 fi
 
 # PKCS11/U2F depend on OpenSSL and dlopen().

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list