Update OpenSSL autoconf checks

- Checks explicitly for versions >= 1.1.0 with pkg-config - Refactor the fallback checks. Previously they were copied from the gnutls logic, but could be slightly surprising (it's not obvious that they're for the case where pkg-config returns a false negative, and it's weird that the linker check overode the header check) - Fix the AC_SEARCH_LIBS check to try -lcrypto instead of -lopenssl (-lcrypto is the standard library OpenSSL ships the crypto symbols in). - Fix the AC_SEARCH_LIBS check to look for EVP_MD_CTX_new, which is not present in versions prior to 1.1.0. Fixes qpdf/qpdf#429 (although I haven't verified on cygwin)
author: Dean Scarff <deanscarff@google.com> 2020-07-02 11:24:04 +0200
committer: Jay Berkenbilt <ejb@ql.org> 2020-10-17 02:04:36 +0200
commit: a99ad2b9007d1775e9598bc78698cbc5d5ba0f60 (patch)
tree: 3f23cbfdc410a96e8317aded4397377a14f14b84
parent: 2ff84aa2c95eba295e374f239b47e314d59e59cb (diff)
download: qpdf-a99ad2b9007d1775e9598bc78698cbc5d5ba0f60.tar.zst
3 files changed, 40 insertions, 39 deletions
diff --git a/autofiles.sums b/autofiles.sums
index 89be5836..c0c1cc30 100644
--- a/autofiles.sums
+++ b/autofiles.sums
@@ -1,4 +1,4 @@
-055e54a34d94a0c2ed9451042a1c747e47b29259a9035af9e7327401a5c3fbd1  configure.ac
+d2cb3f80935a7e6e265a04da6ba9c0df4eabae3de33c6a48384a9fa50a15143b  configure.ac
 d3f9ee6f6f0846888d9a10fd3dad2e4b1258be84205426cf04d7cef02d61dad7  aclocal.m4
 cf2c764639c4c94abc183a0976eca6ae500b80790ea25e3d0af97b23587363b7  libqpdf/qpdf/qpdf-config.h.in
 5297971a0ef90bcd5563eb3f7127a032bb76d3ae2af7258bf13479caf8983a60  m4/ax_cxx_compile_stdcxx.m4
diff --git a/configure b/configure
index 47e08dad..2b21fc79 100755
--- a/configure
+++ b/configure
@@ -1477,7 +1477,7 @@ Optional Features:
                           are not explicitly requested; true by default
   --enable-crypto-native  whether to include support for native crypto
                           provider
-  --enable-crypto-openssl whether to include support for the BoringSSL crypto
+  --enable-crypto-openssl whether to include support for the openssl crypto
                           provider
   --enable-crypto-gnutls  whether to include support for gnutls crypto
                           provider
@@ -17811,12 +17811,12 @@ if test -n "$pc_openssl_CFLAGS"; then
     pkg_cv_pc_openssl_CFLAGS="$pc_openssl_CFLAGS"
  elif test -n "$PKG_CONFIG"; then
     if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.1.0\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "openssl >= 1.1.0") 2>&5
   ac_status=$?
   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-  pkg_cv_pc_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null`
+  pkg_cv_pc_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 1.1.0" 2>/dev/null`
 		      test "x$?" != "x0" && pkg_failed=yes
 else
   pkg_failed=yes
@@ -17828,12 +17828,12 @@ if test -n "$pc_openssl_LIBS"; then
     pkg_cv_pc_openssl_LIBS="$pc_openssl_LIBS"
  elif test -n "$PKG_CONFIG"; then
     if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.1.0\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "openssl >= 1.1.0") 2>&5
   ac_status=$?
   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
   test $ac_status = 0; }; then
-  pkg_cv_pc_openssl_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null`
+  pkg_cv_pc_openssl_LIBS=`$PKG_CONFIG --libs "openssl >= 1.1.0" 2>/dev/null`
 		      test "x$?" != "x0" && pkg_failed=yes
 else
   pkg_failed=yes
@@ -17854,9 +17854,9 @@ else
         _pkg_short_errors_supported=no
 fi
         if test $_pkg_short_errors_supported = yes; then
-	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl" 2>&1`
+	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 1.1.0" 2>&1`
         else
-	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl" 2>&1`
+	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 1.1.0" 2>&1`
         fi
 	# Put the nasty error message in config.log where it belongs
 	echo "$pc_openssl_PKG_ERRORS" >&5
@@ -17873,18 +17873,13 @@ else
 $as_echo "yes" >&6; }
 	OPENSSL_FOUND=1
 fi
-if test "$OPENSSL_FOUND" = "0"; then
+
+if test "$OPENSSL_FOUND" = "0"; then :
   ac_fn_c_check_header_mongrel "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default"
 if test "x$ac_cv_header_openssl_evp_h" = xyes; then :
-  OPENSSL_FOUND=1
-else
-  OPENSSL_FOUND=0
-fi
-
-
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_DigestInit_ex" >&5
-$as_echo_n "checking for library containing EVP_DigestInit_ex... " >&6; }
-if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_MD_CTX_new" >&5
+$as_echo_n "checking for library containing EVP_MD_CTX_new... " >&6; }
+if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
   $as_echo_n "(cached) " >&6
 else
   ac_func_search_save_LIBS=$LIBS
@@ -17897,16 +17892,16 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 #ifdef __cplusplus
 extern "C"
 #endif
-char EVP_DigestInit_ex ();
+char EVP_MD_CTX_new ();
 int
 main ()
 {
-return EVP_DigestInit_ex ();
+return EVP_MD_CTX_new ();
   ;
   return 0;
 }
 _ACEOF
-for ac_lib in '' openssl; do
+for ac_lib in '' crypto; do
   if test -z "$ac_lib"; then
     ac_res="none required"
   else
@@ -17914,34 +17909,36 @@ for ac_lib in '' openssl; do
     LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
   fi
   if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_DigestInit_ex=$ac_res
+  ac_cv_search_EVP_MD_CTX_new=$ac_res
 fi
 rm -f core conftest.err conftest.$ac_objext \
     conftest$ac_exeext
-  if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
+  if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
   break
 fi
 done
-if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
+if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
 
 else
-  ac_cv_search_EVP_DigestInit_ex=no
+  ac_cv_search_EVP_MD_CTX_new=no
 fi
 rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_DigestInit_ex" >&5
-$as_echo "$ac_cv_search_EVP_DigestInit_ex" >&6; }
-ac_res=$ac_cv_search_EVP_DigestInit_ex
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_MD_CTX_new" >&5
+$as_echo "$ac_cv_search_EVP_MD_CTX_new" >&6; }
+ac_res=$ac_cv_search_EVP_MD_CTX_new
 if test "$ac_res" != no; then :
   test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
   OPENSSL_FOUND=1
-else
-  OPENSSL_FOUND=0
 fi
 
 fi
 
+
+
+fi
+
 IMPLICIT_OPENSSL=0
 USE_CRYPTO_OPENSSL=0
 
diff --git a/configure.ac b/configure.ac
index 83587b82..bd2ee15a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -586,23 +586,27 @@ if test "$USE_CRYPTO_NATIVE" = "1"; then
   DEFAULT_CRYPTO=native
 fi
 
-dnl If the openssl/BoringSSL provider is explicitly requested, require openssl
+dnl If the openssl/BoringSSL provider is explicitly requested, require openssl.
 dnl If the openssl provider is not explicitly disabled, enable it if
 dnl openssl is available. If the openssl provider is explicitly
 dnl disabled, do not link with openssl even if present.
 
-PKG_CHECK_MODULES([pc_openssl], [openssl], [OPENSSL_FOUND=1], [OPENSSL_FOUND=0])
-if test "$OPENSSL_FOUND" = "0"; then
-  AC_CHECK_HEADER([openssl/evp.h],[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
-  AC_SEARCH_LIBS(EVP_DigestInit_ex,openssl,[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
-fi
+PKG_CHECK_MODULES([pc_openssl], [openssl >= 1.1.0],
+                  [OPENSSL_FOUND=1], [OPENSSL_FOUND=0])
+
+dnl Override pkg-config if headers and libraries are present.
+AS_IF([test "$OPENSSL_FOUND" = "0"],
+      [AC_CHECK_HEADER(
+       [openssl/evp.h],
+       [AC_SEARCH_LIBS(EVP_MD_CTX_new,crypto,[OPENSSL_FOUND=1])])
+      ])
 
 IMPLICIT_OPENSSL=0
 USE_CRYPTO_OPENSSL=0
 AC_SUBST(USE_CRYPTO_OPENSSL)
 AC_ARG_ENABLE(crypto-openssl,
    AS_HELP_STRING([--enable-crypto-openssl],
-                  [whether to include support for the BoringSSL crypto provider]),
+                  [whether to include support for the openssl crypto provider]),
    [if test "$enableval" = "yes"; then
       USE_CRYPTO_OPENSSL=1
     else
author	Dean Scarff <deanscarff@google.com>	2020-07-02 11:24:04 +0200
committer	Jay Berkenbilt <ejb@ql.org>	2020-10-17 02:04:36 +0200
commit	a99ad2b9007d1775e9598bc78698cbc5d5ba0f60 (patch)
tree	3f23cbfdc410a96e8317aded4397377a14f14b84
parent	2ff84aa2c95eba295e374f239b47e314d59e59cb (diff)
download	qpdf-a99ad2b9007d1775e9598bc78698cbc5d5ba0f60.tar.zst