summaryrefslogtreecommitdiffstats
path: root/configure.ac
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@dtucker.net>2024-03-30 08:20:16 +0100
committerDarren Tucker <dtucker@dtucker.net>2024-03-30 08:22:09 +0100
commit281ea25a44bff53eefb4af7bab7aa670b1f8b6b2 (patch)
tree54fa29e9d77cbaaebf50571ad2a11c5e1a18578c /configure.ac
parentupstream: in OpenSSH private key format, correct type for subsequent (diff)
downloadopenssh-281ea25a44bff53eefb4af7bab7aa670b1f8b6b2.tar.xz
openssh-281ea25a44bff53eefb4af7bab7aa670b1f8b6b2.zip
Check if OpenSSL implementation supports DSA.
If --enable/disable-dsa-keys is not specified, set based on what OpenSSL supports. If specified as enabled, but not supported by OpenSSL error out. ok djm@
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac39
1 files changed, 31 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac
index 081e2bc75..c04349f35 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2075,17 +2075,11 @@ AC_ARG_WITH([security-key-builtin],
[ enable_sk_internal=$withval ]
)
-disable_ecdsa=
+enable_dsa=
AC_ARG_ENABLE([dsa-keys],
[ --disable-dsa-keys disable DSA key support [no]],
- [
- if test "x$enableval" = "xno" ; then
- disable_ecdsa=1
- fi
- ]
+ [ enable_dsa="$enableval" ]
)
-test -z "$disable_ecdsa" &&
- AC_DEFINE([WITH_DSA], [1], [Define if to enable DSA keys.])
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
@@ -3196,6 +3190,35 @@ if test "x$openssl" = "xyes" ; then
AC_MSG_RESULT([no])
]
)
+ openssl_dsa=no
+ if test -z "$enable_dsa" || test "x$enable_dsa" = "xyes"; then
+ AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
+ AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
+ [ openssl_dsa=yes ],
+ [ #include <openssl/opensslconf.h> ]
+ )
+ ],
+ [ #include <openssl/opensslconf.h> ]
+ )
+ AC_MSG_CHECKING([whether to enable DSA key support])
+ if test -z "$enable_dsa"; then
+ if test "x$openssl_dsa" = "xno"; then
+ AC_MSG_RESULT([not supported by OpenSSL])
+ else
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([WITH_DSA], [1],
+ [DSA keys enabled by default])
+ fi
+ else
+ if test "x$openssl_dsa" = "xno"; then
+ AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
+ else
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([WITH_DSA], [1],
+ [DSA keys explicitly enabled])
+ fi
+ fi
+ fi
fi
# PKCS11/U2F depend on OpenSSL and dlopen().
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 22:41:55 +0100