From 0f2507234fbe3bd305404b1267607b9900857523 Mon Sep 17 00:00:00 2001 From: Dean Scarff Date: Mon, 6 Apr 2020 13:19:56 +1000 Subject: Add OpenSSL/BoringSSL crypto provider Fixes qpdf/qpdf#417 --- configure | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) (limited to 'configure') diff --git a/configure b/configure index dfee048f..9276bac0 100755 --- a/configure +++ b/configure @@ -646,6 +646,9 @@ DEFAULT_CRYPTO USE_CRYPTO_GNUTLS pc_gnutls_LIBS pc_gnutls_CFLAGS +USE_CRYPTO_OPENSSL +pc_openssl_LIBS +pc_openssl_CFLAGS USE_CRYPTO_NATIVE WINDOWS_MAIN_XLINK_FLAGS WINDOWS_WMAIN_XLINK_FLAGS @@ -785,6 +788,7 @@ enable_werror enable_int_warnings enable_implicit_crypto enable_crypto_native +enable_crypto_openssl enable_crypto_gnutls with_default_crypto enable_test_compare_images @@ -818,6 +822,8 @@ pc_zlib_CFLAGS pc_zlib_LIBS pc_libjpeg_CFLAGS pc_libjpeg_LIBS +pc_openssl_CFLAGS +pc_openssl_LIBS pc_gnutls_CFLAGS pc_gnutls_LIBS' @@ -1474,6 +1480,8 @@ Optional Features: are not explicitly requested; true by default --enable-crypto-native whether to include support for native crypto provider + --enable-crypto-openssl whether to include support for the BoringSSL crypto + provider --enable-crypto-gnutls whether to include support for gnutls crypto provider --enable-test-compare-images @@ -1545,6 +1553,10 @@ Some influential environment variables: C compiler flags for pc_libjpeg, overriding pkg-config pc_libjpeg_LIBS linker flags for pc_libjpeg, overriding pkg-config + pc_openssl_CFLAGS + C compiler flags for pc_openssl, overriding pkg-config + pc_openssl_LIBS + linker flags for pc_openssl, overriding pkg-config pc_gnutls_CFLAGS C compiler flags for pc_gnutls, overriding pkg-config pc_gnutls_LIBS @@ -17650,6 +17662,190 @@ fi +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pc_openssl" >&5 +$as_echo_n "checking for pc_openssl... " >&6; } + +if test -n "$pc_openssl_CFLAGS"; then + pkg_cv_pc_openssl_CFLAGS="$pc_openssl_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_pc_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$pc_openssl_LIBS"; then + pkg_cv_pc_openssl_LIBS="$pc_openssl_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "openssl") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_pc_openssl_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + pc_openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl" 2>&1` + else + pc_openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$pc_openssl_PKG_ERRORS" >&5 + + OPENSSL_FOUND=0 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + OPENSSL_FOUND=0 +else + pc_openssl_CFLAGS=$pkg_cv_pc_openssl_CFLAGS + pc_openssl_LIBS=$pkg_cv_pc_openssl_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + OPENSSL_FOUND=1 +fi +if test "$OPENSSL_FOUND" = "0"; then + ac_fn_c_check_header_mongrel "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_evp_h" = xyes; then : + OPENSSL_FOUND=1 +else + OPENSSL_FOUND=0 +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_DigestInit_ex" >&5 +$as_echo_n "checking for library containing EVP_DigestInit_ex... " >&6; } +if ${ac_cv_search_EVP_DigestInit_ex+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char EVP_DigestInit_ex (); +int +main () +{ +return EVP_DigestInit_ex (); + ; + return 0; +} +_ACEOF +for ac_lib in '' openssl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_EVP_DigestInit_ex=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_EVP_DigestInit_ex+:} false; then : + break +fi +done +if ${ac_cv_search_EVP_DigestInit_ex+:} false; then : + +else + ac_cv_search_EVP_DigestInit_ex=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_DigestInit_ex" >&5 +$as_echo "$ac_cv_search_EVP_DigestInit_ex" >&6; } +ac_res=$ac_cv_search_EVP_DigestInit_ex +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + OPENSSL_FOUND=1 +else + OPENSSL_FOUND=0 +fi + +fi + +IMPLICIT_OPENSSL=0 +USE_CRYPTO_OPENSSL=0 + +# Check whether --enable-crypto-openssl was given. +if test "${enable_crypto_openssl+set}" = set; then : + enableval=$enable_crypto_openssl; if test "$enableval" = "yes"; then + USE_CRYPTO_OPENSSL=1 + else + USE_CRYPTO_OPENSSL=0 + fi +else + IMPLICIT_OPENSSL=$IMPLICIT_CRYPTO +fi + + +if test "$IMPLICIT_OPENSSL" = "1"; then + USE_CRYPTO_OPENSSL=$OPENSSL_FOUND + if test "$USE_CRYPTO_OPENSSL" = "1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: enabling openssl crypto provider since openssl is available" >&5 +$as_echo "$as_me: enabling openssl crypto provider since openssl is available" >&6;} + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not enabling openssl crypto provider since openssl was not found" >&5 +$as_echo "$as_me: not enabling openssl crypto provider since openssl was not found" >&6;} + fi +fi + +if test "$USE_CRYPTO_OPENSSL" = "1" -a "$OPENSSL_FOUND" = "0"; then + as_fn_error $? "unable to use requested openssl crypto provider without openssl" "$LINENO" 5 +fi + +if test "$USE_CRYPTO_OPENSSL" = "1"; then + CFLAGS="$CFLAGS $pc_openssl_CFLAGS" + CXXFLAGS="$CXXFLAGS $pc_openssl_CXXFLAGS" + LIBS="$LIBS $pc_openssl_LIBS" + +$as_echo "#define USE_CRYPTO_OPENSSL 1" >>confdefs.h + + DEFAULT_CRYPTO=openssl +elif test "$OPENSSL_FOUND" = "1"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: not linking with openssl even though it is available" >&5 +$as_echo "$as_me: not linking with openssl even though it is available" >&6;} +fi + + + pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pc_gnutls" >&5 $as_echo_n "checking for pc_gnutls... " >&6; } @@ -17858,6 +18054,11 @@ case "$DEFAULT_CRYPTO" in bad_crypto=1 fi ;; + "openssl") + if test "$USE_CRYPTO_OPENSSL" != "1"; then + bad_crypto=1 + fi + ;; "gnutls") if test "$USE_CRYPTO_GNUTLS" != "1"; then bad_crypto=1 -- cgit v1.2.3-54-g00ecf