[openssh-commits] [openssh] 01/01: Only enable U2F if OpenSSL supports ECC.
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Nov 2 16:40:49 AEDT 2019
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit f5cc5816aaddb8eca3cba193f53e99d6a0b37d05
Author: Darren Tucker <dtucker at dtucker.net>
Date: Sat Nov 2 16:39:38 2019 +1100
Only enable U2F if OpenSSL supports ECC.
This requires moving the U2F bits to below the OpenSSL parts so we have
the required information. ok djm@
---
configure.ac | 74 ++++++++++++++++++++++++++++++++----------------------------
1 file changed, 40 insertions(+), 34 deletions(-)
diff --git a/configure.ac b/configure.ac
index 4baaa62a..bc28d074 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1909,44 +1909,10 @@ AC_ARG_ENABLE([security-key],
]
)
-# PKCS11/U2F depend on OpenSSL and dlopen().
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
-enable_pkcs11=yes
-enable_sk=yes
-if test "x$openssl" != "xyes" ; then
- enable_pkcs11="disabled; missing libcrypto"
- enable_sk="disabled; missing libcrypto"
-fi
-if test "x$ac_cv_func_dlopen" != "xyes" ; then
- enable_pkcs11="disabled; missing dlopen(3)"
- enable_sk="disabled; missing dlopen(3)"
-fi
-if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
- enable_pkcs11="disabled; missing RTLD_NOW"
- enable_sk="disabled; missing RTLD_NOW"
-fi
-if test ! -z "$disable_pkcs11" ; then
- enable_pkcs11="disabled by user"
-fi
-if test ! -z "$disable_sk" ; then
- enable_sk="disabled by user"
-fi
-
-AC_MSG_CHECKING([whether to enable PKCS11])
-if test "x$enable_pkcs11" = "xyes" ; then
- AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
-fi
-AC_MSG_RESULT([$enable_pkcs11])
-
-AC_MSG_CHECKING([whether to enable U2F])
-if test "x$enable_sk" = "xyes" ; then
- AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
-fi
-AC_MSG_RESULT([$enable_sk])
-
# IRIX has a const char return value for gai_strerror()
AC_CHECK_FUNCS([gai_strerror], [
AC_DEFINE([HAVE_GAI_STRERROR])
@@ -3015,6 +2981,9 @@ if test "x$openssl" = "xyes" ; then
test x$enable_nistp521 = x1; then
AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
AC_CHECK_FUNCS([EC_KEY_METHOD_new])
+ openssl_ecc=yes
+ else
+ openssl_ecc=no
fi
if test x$enable_nistp256 = x1; then
AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
@@ -3055,6 +3024,43 @@ else
AC_CHECK_FUNCS([crypt])
fi
+# PKCS11/U2F depend on OpenSSL and dlopen().
+enable_pkcs11=yes
+enable_sk=yes
+if test "x$openssl" != "xyes" ; then
+ enable_pkcs11="disabled; missing libcrypto"
+ enable_sk="disabled; missing libcrypto"
+fi
+if test "x$openssl_ecc" != "xyes" ; then
+ enable_sk="disabled; OpenSSL has no ECC support"
+fi
+if test "x$ac_cv_func_dlopen" != "xyes" ; then
+ enable_pkcs11="disabled; missing dlopen(3)"
+ enable_sk="disabled; missing dlopen(3)"
+fi
+if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
+ enable_pkcs11="disabled; missing RTLD_NOW"
+ enable_sk="disabled; missing RTLD_NOW"
+fi
+if test ! -z "$disable_pkcs11" ; then
+ enable_pkcs11="disabled by user"
+fi
+if test ! -z "$disable_sk" ; then
+ enable_sk="disabled by user"
+fi
+
+AC_MSG_CHECKING([whether to enable PKCS11])
+if test "x$enable_pkcs11" = "xyes" ; then
+ AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
+fi
+AC_MSG_RESULT([$enable_pkcs11])
+
+AC_MSG_CHECKING([whether to enable U2F])
+if test "x$enable_sk" = "xyes" ; then
+ AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
+fi
+AC_MSG_RESULT([$enable_sk])
+
AC_CHECK_FUNCS([ \
arc4random \
arc4random_buf \
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list