lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-08-08 19:02:07 +03:00
Code Activity

configure.ac: Add --with-crypto= instead of many different --with-$backend

Browse Source 
The new --with-crypto option replaces the previous backend-specific
--with-{openssl,libgcrypt,mbedtls,wincng} options and fixes some issues.

* libgcrypt or mbedtls would previously be used whenever found, even
  if configure was passed --without-libgcrypt or --without-mbedtls.

* If --with-$backend was specified then configure would not fail even
  if that library could not be found, and would instead use whichever
  crypto library was found first.

The new option defaults to `auto`, which makes configure check for all
supported crypto libraries in turn, choosing the first one found, or
exiting with an error if none can be found.
This commit is contained in:
Peter Stuge
2016-10-28 03:41:50 +02:00
committed by Alexander Lamaison
parent e83bbc48ab
commit e70e71a3b1
8 changed files with 178 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile.OpenSSL.inc
View File

@@ -1,2 +1,3 @@
CRYPTO_CSOURCES = openssl.c CRYPTO_CSOURCES = openssl.c
CRYPTO_HHEADERS = openssl.h CRYPTO_HHEADERS = openssl.h
CRYPTO_LTLIBS = $(LTLIBSSL)

1
Makefile.WinCNG.inc
View File

@@ -1,2 +1,3 @@
CRYPTO_CSOURCES = wincng.c CRYPTO_CSOURCES = wincng.c
CRYPTO_HHEADERS = wincng.h CRYPTO_HHEADERS = wincng.h
CRYPTO_LTLIBS = $(LTLIBBCRYPT) $(LTLIBCRYPT32)

1
Makefile.libgcrypt.inc
View File

@@ -1,2 +1,3 @@
CRYPTO_CSOURCES = libgcrypt.c CRYPTO_CSOURCES = libgcrypt.c
CRYPTO_HHEADERS = libgcrypt.h CRYPTO_HHEADERS = libgcrypt.h
CRYPTO_LTLIBS = $(LTLIBGCRYPT)

1
Makefile.mbedTLS.inc
View File

@@ -1,2 +1,3 @@
CRYPTO_CSOURCES = mbedtls.c CRYPTO_CSOURCES = mbedtls.c
CRYPTO_HHEADERS = mbedtls.h CRYPTO_HHEADERS = mbedtls.h
CRYPTO_LTLIBS = $(LTLIBMBEDTLS)

133
acinclude.m4
View File

@@ -382,86 +382,85 @@ AC_DEFUN([CURL_CONFIGURE_REENTRANT], [
# #
]) ])
AC_DEFUN([LIBSSH2_CHECKFOR_MBEDTLS], [ dnl LIBSSH2_LIB_HAVE_LINKFLAGS
dnl --------------------------
dnl Wrapper around AC_LIB_HAVE_LINKFLAGS to also check $prefix/lib, if set.
dnl
dnl autoconf only checks $prefix/lib64 if gcc -print-search-dirs output
dnl includes a directory named lib64. So, to find libraries in $prefix/lib
dnl we append -L$prefix/lib to LDFLAGS before checking.
dnl
dnl For conveniece, $4 is expanded if [lib]$1 is found.
old_LDFLAGS=$LDFLAGS AC_DEFUN([LIBSSH2_LIB_HAVE_LINKFLAGS], [
old_CFLAGS=$CFLAGS libssh2_lib_have_linkflags_LDFLAGS="$LDFLAGS"
if test -n "$use_mbedtls" && test "$use_mbedtls" != "no"; then
LDFLAGS="$LDFLAGS -L$use_mbedtls/lib" test "${with_lib$1_prefix+set}" = set &&
CFLAGS="$CFLAGS -I$use_mbedtls/include" LDFLAGS="$LDFLAGS${LDFLAGS:+ }-L${with_lib$1_prefix}/lib"
AC_LIB_HAVE_LINKFLAGS([$1], [$2], [$3])
LDFLAGS="$libssh2_lib_have_linkflags_LDFLAGS"
if test "$ac_cv_lib$1" = "yes"; then :
$4
fi fi
AC_LIB_HAVE_LINKFLAGS([mbedtls], [], [
#include <mbedtls/version.h>
]) ])
if test "$ac_cv_libmbedtls" = "yes"; then AC_DEFUN([LIBSSH2_CHECK_CRYPTO], [
AC_DEFINE(LIBSSH2_MBEDTLS, 1, [Use mbedtls]) if test "$use_crypto" = "auto" && test "$found_crypto" = "none" || test "$use_crypto" = "$1"; then
LIBSREQUIRED= # mbedtls doesn't provide a .pc file m4_case([$1],
LIBS="$LIBS -lmbedtls -lmbedcrypto" [openssl], [
found_crypto=libmbedtls LIBSSH2_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include <openssl/ssl.h>], [
AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use $1])
LIBSREQUIRED="$LIBSREQUIRED${LIBSREQUIRED:+ }libssl libcrypto"
# Not all OpenSSL have AES-CTR functions.
AC_CHECK_FUNCS(EVP_aes_128_ctr)
found_crypto="$1"
found_crypto_str="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})"
])
],
[libgcrypt], [
LIBSSH2_LIB_HAVE_LINKFLAGS([gcrypt], [], [#include <gcrypt.h>], [
AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use $1])
found_crypto="$1"
])
],
[mbedtls], [
LIBSSH2_LIB_HAVE_LINKFLAGS([mbedtls], [], [#include <mbedtls/version.h>], [
AC_DEFINE(LIBSSH2_MBEDTLS, 1, [Use $1])
found_crypto="$1"
support_clear_memory=yes support_clear_memory=yes
else
# restore
LDFLAGS=$old_LDFLAGS
CFLAGS=$old_CFLAGS
fi
]) ])
],
AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [ [wincng], [
old_LDFLAGS=$LDFLAGS
old_CFLAGS=$CFLAGS
if test -n "$with_libgcrypt_prefix" && test "$use_libgcrypt" != "no"; then
LDFLAGS="$LDFLAGS -L$with_libgcrypt_prefix/lib"
CFLAGS="$CFLAGS -I$with_libgcrypt_prefix/include"
fi
AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
#include <gcrypt.h>
])
if test "$ac_cv_libgcrypt" = "yes"; then
AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt])
LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face.
LIBS="$LIBS -lgcrypt"
found_crypto=libgcrypt
else
# restore
LDFLAGS=$old_LDFLAGS
CFLAGS=$old_CFLAGS
fi
])
AC_DEFUN([LIBSSH2_CHECKFOR_WINCNG], [
# Look for Windows Cryptography API: Next Generation # Look for Windows Cryptography API: Next Generation
AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [ AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [#include <windows.h>])
#include <windows.h> AC_CHECK_DECLS([SecureZeroMemory], [], [], [#include <windows.h>])
#include <bcrypt.h>
]) LIBSSH2_LIB_HAVE_LINKFLAGS([crypt32], [], [
AC_LIB_HAVE_LINKFLAGS([crypt32], [], [
#include <windows.h> #include <windows.h>
#include <wincrypt.h> #include <wincrypt.h>
]) ])
AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [ LIBSSH2_LIB_HAVE_LINKFLAGS([bcrypt], [], [
#include <windows.h> #include <windows.h>
#include <bcrypt.h>
], [
AC_DEFINE(LIBSSH2_WINCNG, 1, [Use $1])
found_crypto="$1"
found_crypto_str="Windows Cryptography API: Next Generation"
support_clear_memory="$ac_cv_have_decl_SecureZeroMemory"
]) ])
AC_CHECK_DECLS([SecureZeroMemory], [], [], [ ],
#include <windows.h> )
]) test "$found_crypto" = "none" &&
crypto_errors="${crypto_errors}No $1 crypto library found!
if test "$ac_cv_libbcrypt" = "yes"; then "
AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])
LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face.
LIBS="$LIBS -lbcrypt"
if test "$ac_cv_libcrypt32" = "yes"; then
LIBS="$LIBS -lcrypt32"
fi
found_crypto="Windows Cryptography API: Next Generation"
if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then
support_clear_memory=yes
fi
fi fi
]) ])

139
configure.ac
View File

@@ -83,78 +83,81 @@ AC_C_BIGENDIAN
dnl check for how to do large files dnl check for how to do large files
AC_SYS_LARGEFILE AC_SYS_LARGEFILE
found_crypto=none
# Configure parameters # Configure parameters
AC_ARG_WITH(openssl,
AC_HELP_STRING([--with-openssl],[Use OpenSSL for crypto]),
use_openssl=$withval,use_openssl=auto)
AC_ARG_WITH(libgcrypt,
AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]),
[ use_libgcrypt=$withval
LIBSSH2_CHECKFOR_GCRYPT
], use_libgcrypt=auto)
AC_ARG_WITH(wincng,
AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]),
[ use_wincng=$withval
LIBSSH2_CHECKFOR_WINCNG
] ,use_wincng=auto)
AC_ARG_WITH([mbedtls],
AC_HELP_STRING([--with-mbedtls],[Use mbedTLS for crypto]),
[ use_mbedtls=$withval
LIBSSH2_CHECKFOR_MBEDTLS
], use_mbedtls=auto
)
AC_ARG_WITH(libz,
AC_HELP_STRING([--with-libz],[Use zlib for compression]),
use_libz=$withval,use_libz=auto)
# Crypto backends
found_crypto=none
found_crypto_str=""
support_clear_memory=no support_clear_memory=no
crypto_errors=""
# Look for OpenSSL m4_set_add([crypto_backends], [openssl])
if test "$found_crypto" = "none" && test "$use_openssl" != "no"; then m4_set_add([crypto_backends], [libgcrypt])
AC_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include <openssl/ssl.h>]) m4_set_add([crypto_backends], [mbedtls])
fi m4_set_add([crypto_backends], [wincng])
if test "$ac_cv_libssl" = "yes"; then
AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use OpenSSL])
LIBSREQUIRED=libssl,libcrypto
# Not all OpenSSL have AES-CTR functions. AC_ARG_WITH([crypto],
save_LIBS="$LIBS" AC_HELP_STRING([--with-crypto=auto|]m4_set_contents([crypto_backends], [|]),
LIBS="$LIBS $LIBSSL" [Select crypto backend (default: auto)]),
AC_CHECK_FUNCS(EVP_aes_128_ctr) use_crypto=$withval,
LIBS="$save_LIBS" use_crypto=auto
)
found_crypto="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})" case "${use_crypto}" in
fi auto|m4_set_contents([crypto_backends], [|]))
m4_set_map([crypto_backends], [LIBSSH2_CHECK_CRYPTO])
;;
yes|"")
crypto_errors="No crypto backend specified!"
;;
*)
crypto_errors="Unknown crypto backend '${use_crypto}' specified!"
;;
esac
AM_CONDITIONAL(OPENSSL, test "$ac_cv_libssl" = "yes")
AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes")
AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes")
AM_CONDITIONAL(MBEDTLS, test "$ac_cv_libmbedtls" = "yes")
# Check if crypto library was found
if test "$found_crypto" = "none"; then if test "$found_crypto" = "none"; then
AC_MSG_ERROR([No crypto library found! crypto_errors="${crypto_errors}
Try --with-libssl-prefix=PATH Specify --with-crypto=\$backend and/or the neccessary library search prefix.
or --with-libgcrypt-prefix=PATH
or --with-libmbedtls-prefix=PATH Known crypto backends: auto, m4_set_contents([crypto_backends], [, ])"
or --with-wincng on Windows\ AS_MESSAGE([ERROR: ${crypto_errors}])
]) else
test "$found_crypto_str" = "" && found_crypto_str="$found_crypto"
fi fi
# Look for Libz m4_set_foreach([crypto_backends], [backend],
if test "$use_libz" != "no"; then [AM_CONDITIONAL(m4_toupper(backend), test "$found_crypto" = "backend")]
)
m4_undefine([backend])
# libz
AC_ARG_WITH([libz],
AC_HELP_STRING([--with-libz],[Use libz for compression]),
use_libz=$withval,
use_libz=auto)
found_libz=no
libz_errors=""
if test "$use_libz" != no; then
AC_LIB_HAVE_LINKFLAGS([z], [], [#include <zlib.h>]) AC_LIB_HAVE_LINKFLAGS([z], [], [#include <zlib.h>])
if test "$ac_cv_libz" != yes; then if test "$ac_cv_libz" != yes; then
AC_MSG_NOTICE([Cannot find zlib, disabling compression]) if test "$use_libz" = auto; then
AC_MSG_NOTICE([Try --with-libz-prefix=PATH if you know you have it]) AC_MSG_NOTICE([Cannot find libz, disabling compression])
found_libz="disabled; no libz found"
else
libz_errors="No libz found!
Try --with-libz-prefix=PATH if you know that you have it."
AS_MESSAGE([ERROR: $libz_errors])
fi
else else
AC_DEFINE(LIBSSH2_HAVE_ZLIB, 1, [Compile in zlib support]) AC_DEFINE(LIBSSH2_HAVE_ZLIB, 1, [Compile in zlib support])
if test "${LIBSREQUIRED}" != ""; then LIBSREQUIRED="$LIBSREQUIRED${LIBSREQUIRED:+ }zlib"
LIBSREQUIRED="${LIBSREQUIRED}," found_libz="yes"
fi
LIBSREQUIRED="${LIBSREQUIRED}zlib"
fi fi
fi fi
@@ -351,6 +354,22 @@ AC_C_INLINE
CURL_CHECK_NONBLOCKING_SOCKET CURL_CHECK_NONBLOCKING_SOCKET
missing_required_deps=0
if test "${libz_errors}" != ""; then
AS_MESSAGE([ERROR: ${libz_errors}])
missing_required_deps=1
fi
if test "$found_crypto" = "none"; then
AS_MESSAGE([ERROR: ${crypto_errors}])
missing_required_deps=1
fi
if test $missing_required_deps = 1; then
AC_MSG_ERROR([Required dependencies are missing!])
fi
AC_CONFIG_FILES([Makefile AC_CONFIG_FILES([Makefile
src/Makefile src/Makefile
tests/Makefile tests/Makefile
@@ -367,10 +386,10 @@ AC_MSG_NOTICE([summary of build options:
Compiler: ${CC} Compiler: ${CC}
Compiler flags: ${CFLAGS} Compiler flags: ${CFLAGS}
Library types: Shared=${enable_shared}, Static=${enable_static} Library types: Shared=${enable_shared}, Static=${enable_static}
Crypto library: ${found_crypto} Crypto library: ${found_crypto_str}
Clear memory: $enable_clear_memory Clear memory: $enable_clear_memory
Debug build: $enable_debug Debug build: $enable_debug
Build examples: $build_examples Build examples: $build_examples
Path to sshd: $ac_cv_path_SSHD (only for self-tests) Path to sshd: $ac_cv_path_SSHD (only for self-tests)
zlib compression: $ac_cv_libz zlib compression: ${found_libz}
]) ])

27
docs/HACKING.CRYPTO
View File

@@ -13,6 +13,33 @@ Procedures listed as "void" may indeed have a result type: the void indication
indicates the libssh2 core modules never use the function result. indicates the libssh2 core modules never use the function result.
0) Build system.
Add a new crypto backend to the autotools build system (./configure) as such:
* Add one new line to configure.ac:
m4_set_add([crypto_backends], [newname])
This automatically creates a new --with-crypto=newname option which users can
specify when invoking configure at compile-time to select the new backend.
* Add a new m4_case stanza to acinclude.m4 within LIBSSH2_CRYPTO_CHECK,
with checks for library availability. A successful check should set
library linking variables. The LIBSSH2_LIB_HAVE_LINKFLAGS macro creates
such a variable automatically if the checked library can be found.
* Add a Makefile.newname.inc in the top-level directory which sets
CRYPTO_CSOURCES and CRYPTO_HHEADERS to the new backend source files,
and CRYPTO_LTLIBS to the libtool linking parameters for the library, set
e.g. by a LIBSSH2_LIB_HAVE_LINKFLAGS call in LIBSSH2_CRYPTO_CHECK.
* Add a new block to src/Makefile.am:
if NEWNAME
include ../Makefile.newname.inc
endif
1) Crypto library initialization/termination. 1) Crypto library initialization/termination.
void libssh2_crypto_init(void); void libssh2_crypto_init(void);

4
src/Makefile.am
View File

@@ -1,7 +1,7 @@
# $Id: Makefile.am,v 1.21 2009/05/07 17:21:56 bagder Exp $ # $Id: Makefile.am,v 1.21 2009/05/07 17:21:56 bagder Exp $
AUTOMAKE_OPTIONS = foreign nostdinc AUTOMAKE_OPTIONS = foreign nostdinc
# Get the CRYPTO_CSOURCES and CRYPTO_HHEADERS defines # Get the CRYPTO_CSOURCES, CRYPTO_HHEADERS and CRYPTO_LTLIBS defines
if OPENSSL if OPENSSL
include ../Makefile.OpenSSL.inc include ../Makefile.OpenSSL.inc
endif endif
@@ -62,4 +62,4 @@ VERSION=-version-info 1:1:0
libssh2_la_LDFLAGS = $(VERSION) -no-undefined \ libssh2_la_LDFLAGS = $(VERSION) -no-undefined \
-export-symbols-regex '^libssh2_.*' \ -export-symbols-regex '^libssh2_.*' \
$(LTLIBGCRYPT) $(LTLIBSSL) $(LTLIBZ) $(CRYPTO_LTLIBS) $(LTLIBZ)