summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@dtucker.net>2019-11-02 16:39:38 +1100
committerDarren Tucker <dtucker@dtucker.net>2019-11-02 16:39:38 +1100
commitf5cc5816aaddb8eca3cba193f53e99d6a0b37d05 (patch)
tree806820158e00a433744f3742d8eafe10fe8faf93
parentad38406fc95fa223b0ef2edf8ff50508f8ab1cb6 (diff)
Only enable U2F if OpenSSL supports ECC.
This requires moving the U2F bits to below the OpenSSL parts so we have the required information. ok djm@
-rw-r--r--configure.ac74
1 files changed, 40 insertions, 34 deletions
diff --git a/configure.ac b/configure.ac
index 4baaa62a..bc28d074 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1909,44 +1909,10 @@ AC_ARG_ENABLE([security-key],
]
)
-# PKCS11/U2F depend on OpenSSL and dlopen().
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
-enable_pkcs11=yes
-enable_sk=yes
-if test "x$openssl" != "xyes" ; then
- enable_pkcs11="disabled; missing libcrypto"
- enable_sk="disabled; missing libcrypto"
-fi
-if test "x$ac_cv_func_dlopen" != "xyes" ; then
- enable_pkcs11="disabled; missing dlopen(3)"
- enable_sk="disabled; missing dlopen(3)"
-fi
-if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
- enable_pkcs11="disabled; missing RTLD_NOW"
- enable_sk="disabled; missing RTLD_NOW"
-fi
-if test ! -z "$disable_pkcs11" ; then
- enable_pkcs11="disabled by user"
-fi
-if test ! -z "$disable_sk" ; then
- enable_sk="disabled by user"
-fi
-
-AC_MSG_CHECKING([whether to enable PKCS11])
-if test "x$enable_pkcs11" = "xyes" ; then
- AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
-fi
-AC_MSG_RESULT([$enable_pkcs11])
-
-AC_MSG_CHECKING([whether to enable U2F])
-if test "x$enable_sk" = "xyes" ; then
- AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
-fi
-AC_MSG_RESULT([$enable_sk])
-
# IRIX has a const char return value for gai_strerror()
AC_CHECK_FUNCS([gai_strerror], [
AC_DEFINE([HAVE_GAI_STRERROR])
@@ -3015,6 +2981,9 @@ if test "x$openssl" = "xyes" ; then
test x$enable_nistp521 = x1; then
AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
AC_CHECK_FUNCS([EC_KEY_METHOD_new])
+ openssl_ecc=yes
+ else
+ openssl_ecc=no
fi
if test x$enable_nistp256 = x1; then
AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
@@ -3055,6 +3024,43 @@ else
AC_CHECK_FUNCS([crypt])
fi
+# PKCS11/U2F depend on OpenSSL and dlopen().
+enable_pkcs11=yes
+enable_sk=yes
+if test "x$openssl" != "xyes" ; then
+ enable_pkcs11="disabled; missing libcrypto"
+ enable_sk="disabled; missing libcrypto"
+fi
+if test "x$openssl_ecc" != "xyes" ; then
+ enable_sk="disabled; OpenSSL has no ECC support"
+fi
+if test "x$ac_cv_func_dlopen" != "xyes" ; then
+ enable_pkcs11="disabled; missing dlopen(3)"
+ enable_sk="disabled; missing dlopen(3)"
+fi
+if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
+ enable_pkcs11="disabled; missing RTLD_NOW"
+ enable_sk="disabled; missing RTLD_NOW"
+fi
+if test ! -z "$disable_pkcs11" ; then
+ enable_pkcs11="disabled by user"
+fi
+if test ! -z "$disable_sk" ; then
+ enable_sk="disabled by user"
+fi
+
+AC_MSG_CHECKING([whether to enable PKCS11])
+if test "x$enable_pkcs11" = "xyes" ; then
+ AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
+fi
+AC_MSG_RESULT([$enable_pkcs11])
+
+AC_MSG_CHECKING([whether to enable U2F])
+if test "x$enable_sk" = "xyes" ; then
+ AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
+fi
+AC_MSG_RESULT([$enable_sk])
+
AC_CHECK_FUNCS([ \
arc4random \
arc4random_buf \