diff options
| author | Dean Scarff <deanscarff@google.com> | 2020-04-06 05:19:56 +0200 |
|---|---|---|
| committer | Jay Berkenbilt <jberkenbilt@users.noreply.github.com> | 2020-04-06 15:01:55 +0200 |
| commit | 0f2507234fbe3bd305404b1267607b9900857523 (patch) | |
| tree | 9484ca1d93d3def6125f94b512b6c5b8e390c9a4 /configure.ac | |
| parent | 08379321645133ba74dad4ce130055c087130bab (diff) | |
| download | qpdf-0f2507234fbe3bd305404b1267607b9900857523.tar.zst | |
Add OpenSSL/BoringSSL crypto provider
Fixes qpdf/qpdf#417
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 39f2bfa8..80a748b9 100644 --- a/configure.ac +++ b/configure.ac @@ -513,6 +513,53 @@ if test "$USE_CRYPTO_NATIVE" = "1"; then DEFAULT_CRYPTO=native fi +dnl If the openssl/BoringSSL provider is explicitly requested, require openssl +dnl If the openssl provider is not explicitly disabled, enable it if +dnl openssl is available. If the openssl provider is explicitly +dnl disabled, do not link with openssl even if present. + +PKG_CHECK_MODULES([pc_openssl], [openssl], [OPENSSL_FOUND=1], [OPENSSL_FOUND=0]) +if test "$OPENSSL_FOUND" = "0"; then + AC_CHECK_HEADER([openssl/evp.h],[OPENSSL_FOUND=1],[OPENSSL_FOUND=0]) + AC_SEARCH_LIBS(EVP_DigestInit_ex,openssl,[OPENSSL_FOUND=1],[OPENSSL_FOUND=0]) +fi + +IMPLICIT_OPENSSL=0 +USE_CRYPTO_OPENSSL=0 +AC_SUBST(USE_CRYPTO_OPENSSL) +AC_ARG_ENABLE(crypto-openssl, + AS_HELP_STRING([--enable-crypto-openssl], + [whether to include support for the BoringSSL crypto provider]), + [if test "$enableval" = "yes"; then + USE_CRYPTO_OPENSSL=1 + else + USE_CRYPTO_OPENSSL=0 + fi], + [IMPLICIT_OPENSSL=$IMPLICIT_CRYPTO]) + +if test "$IMPLICIT_OPENSSL" = "1"; then + USE_CRYPTO_OPENSSL=$OPENSSL_FOUND + if test "$USE_CRYPTO_OPENSSL" = "1"; then + AC_MSG_NOTICE(enabling openssl crypto provider since openssl is available) + else + AC_MSG_NOTICE(not enabling openssl crypto provider since openssl was not found) + fi +fi + +if test "$USE_CRYPTO_OPENSSL" = "1" -a "$OPENSSL_FOUND" = "0"; then + AC_MSG_ERROR(unable to use requested openssl crypto provider without openssl) +fi + +if test "$USE_CRYPTO_OPENSSL" = "1"; then + CFLAGS="$CFLAGS $pc_openssl_CFLAGS" + CXXFLAGS="$CXXFLAGS $pc_openssl_CXXFLAGS" + LIBS="$LIBS $pc_openssl_LIBS" + AC_DEFINE([USE_CRYPTO_OPENSSL], 1, [Whether to use the openssl crypto provider]) + DEFAULT_CRYPTO=openssl +elif test "$OPENSSL_FOUND" = "1"; then + AC_MSG_NOTICE(not linking with openssl even though it is available) +fi + dnl If the gnutls provider is explicitly requested, require gnutls. If dnl the gnutls provider is not explicitly disabled, enable it if dnl gnutls is available. If the gnutls provider is explicitly @@ -581,6 +628,11 @@ case "$DEFAULT_CRYPTO" in bad_crypto=1 fi ;; + "openssl") + if test "$USE_CRYPTO_OPENSSL" != "1"; then + bad_crypto=1 + fi + ;; "gnutls") if test "$USE_CRYPTO_GNUTLS" != "1"; then bad_crypto=1 |