diff --git a/INSTALL b/INSTALL index fe57f918a..bcbd14ed7 100644 --- a/INSTALL +++ b/INSTALL @@ -557,7 +557,8 @@ Authentication options: Use GNU crypt's SHA-2 message digest functions instead of the ones bundled with sudo (or in the system's C library). If specified, DIR should contain the GNU crypt include and - lib directories. + lib directories. This option is ignored when the + --enable-openssl option is also specified. --enable-openssl[=DIR] Use OpenSSL's TLS and SHA-2 message digest functions. diff --git a/configure b/configure index d8f827ab7..852498359 100755 --- a/configure +++ b/configure @@ -1675,8 +1675,7 @@ Optional Features: --enable-warnings Whether to enable compiler warnings --enable-werror Whether to enable the -Werror compiler option --enable-openssl Use OpenSSL's TLS and sha2 functions - --enable-gcrypt Use GNU crypt's message digest functions instead of - sudo's + --enable-gcrypt Use GNU crypt's sha2 functions --disable-hardening Do not use compiler/linker exploit mitigation options --enable-pie Build sudo as a position independent executable. @@ -6490,128 +6489,19 @@ fi # Check whether --enable-openssl was given. if test "${enable_openssl+set}" = set; then : - enableval=$enable_openssl; case $enableval in - no) ;; - *) $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h -;; - esac - + enableval=$enable_openssl; fi # Check whether --enable-gcrypt was given. if test "${enable_gcrypt+set}" = set; then : - enableval=$enable_gcrypt; case $enableval in - no) ;; - *) LIBMD="-lgcrypt" - DIGEST=digest_gcrypt.lo - $as_echo "#define HAVE_GCRYPT 1" >>confdefs.h - - if test "$enableval" != "yes"; then - -if ${CPPFLAGS+:} false; then : - - case " $CPPFLAGS " in #( - *" -I${enableval}/include "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enableval}/include"; } >&5 - (: CPPFLAGS already contains -I${enableval}/include) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CPPFLAGS " -I${enableval}/include" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - CPPFLAGS=-I${enableval}/include - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 - (: CPPFLAGS="$CPPFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - - - -if ${LDFLAGS+:} false; then : - - case " $LDFLAGS " in #( - *" -L${enableval}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enableval}/lib"; } >&5 - (: LDFLAGS already contains -L${enableval}/lib) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append LDFLAGS " -L${enableval}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 - (: LDFLAGS="$LDFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - LDFLAGS=-L${enableval}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 - (: LDFLAGS="$LDFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - - if test X"$enable_rpath" = X"yes"; then - -if ${LDFLAGS_R+:} false; then : - - case " $LDFLAGS_R " in #( - *" -R${enableval}/lib "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enableval}/lib"; } >&5 - (: LDFLAGS_R already contains -R${enableval}/lib) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append LDFLAGS_R " -R${enableval}/lib" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 - (: LDFLAGS_R="$LDFLAGS_R") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - LDFLAGS_R=-R${enableval}/lib - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 - (: LDFLAGS_R="$LDFLAGS_R") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - + enableval=$enable_gcrypt; + if test "${enable_openssl-no}" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Ignoring --enable-gcrypt when OpenSSL is enabled." >&5 +$as_echo "$as_me: WARNING: Ignoring --enable-gcrypt when OpenSSL is enabled." >&2;} + enable_gcrypt=no fi - fi - ;; - esac - fi @@ -21652,163 +21542,6 @@ fi fi -# Look for sha2 functions if not using openssl -if test "$DIGEST" = "digest.lo"; then - FOUND_SHA2=no - ac_fn_c_check_header_mongrel "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" -if test "x$ac_cv_header_sha2_h" = xyes; then : - - FOUND_SHA2=yes - for ac_func in SHA224Update -do : - ac_fn_c_check_func "$LINENO" "SHA224Update" "ac_cv_func_SHA224Update" -if test "x$ac_cv_func_SHA224Update" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SHA224UPDATE 1 -_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 -$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } -if ${sudo_cv_func_sha2_void_ptr+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -#include -void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - sudo_cv_func_sha2_void_ptr=yes -else - sudo_cv_func_sha2_void_ptr=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 -$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } - if test $sudo_cv_func_sha2_void_ptr = yes; then - -$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h - - fi - -else - - # On some systems, SHA224Update is in libmd - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA224Update in -lmd" >&5 -$as_echo_n "checking for SHA224Update in -lmd... " >&6; } -if ${ac_cv_lib_md_SHA224Update+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lmd $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SHA224Update (); -int -main () -{ -return SHA224Update (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_md_SHA224Update=yes -else - ac_cv_lib_md_SHA224Update=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_md_SHA224Update" >&5 -$as_echo "$ac_cv_lib_md_SHA224Update" >&6; } -if test "x$ac_cv_lib_md_SHA224Update" = xyes; then : - - $as_echo "#define HAVE_SHA224UPDATE 1" >>confdefs.h - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 -$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } -if ${sudo_cv_func_sha2_void_ptr+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$ac_includes_default -#include -void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - sudo_cv_func_sha2_void_ptr=yes -else - sudo_cv_func_sha2_void_ptr=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 -$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } - if test $sudo_cv_func_sha2_void_ptr = yes; then - -$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h - - fi - - LIBMD="-lmd" - -else - - # Does not have SHA224Update - FOUND_SHA2=no - -fi - - -fi -done - - -fi - - - if test X"$FOUND_SHA2" = X"no"; then - case " $LIBOBJS " in - *" sha2.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS sha2.$ac_objext" - ;; -esac - - - for _sym in sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update; do - COMPAT_EXP="${COMPAT_EXP}${_sym} -" - done - - fi -fi for ac_func in vsyslog do : ac_fn_c_check_func "$LINENO" "vsyslog" "ac_cv_func_vsyslog" @@ -21944,6 +21677,11 @@ _ACEOF fi if test "${enable_openssl-no}" != no; then + # Use OpenSSL's sha2 functions + $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h + + DIGEST=digest_openssl.lo + # Use pkg-config to find the openssl cflags and libs if possible. if test "$enable_openssl" != "yes"; then PKG_CONFIG_LIBDIR="${enable_openssl}/lib/pkgconfig:${enable_openssl}/lib64/pkgconfig:${enable_openssl}/share/pkgconfig" @@ -22239,6 +21977,270 @@ if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes; then : fi LIBS="$OLIBS" +elif test "${enable_gcrypt-no}" != no; then + # Use gcrypt's sha2 functions + $as_echo "#define HAVE_GCRYPT 1" >>confdefs.h + + DIGEST=digest_gcrypt.lo + LIBMD="-lgcrypt" + if test "$enable_gcrypt" != "yes"; then + +if ${CPPFLAGS+:} false; then : + + case " $CPPFLAGS " in #( + *" -I${enable_gcrypt}/include "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS already contains -I\${enable_gcrypt}/include"; } >&5 + (: CPPFLAGS already contains -I${enable_gcrypt}/include) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append CPPFLAGS " -I${enable_gcrypt}/include" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + CPPFLAGS=-I${enable_gcrypt}/include + { { $as_echo "$as_me:${as_lineno-$LINENO}: : CPPFLAGS=\"\$CPPFLAGS\""; } >&5 + (: CPPFLAGS="$CPPFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + + +if ${LDFLAGS+:} false; then : + + case " $LDFLAGS " in #( + *" -L${enable_gcrypt}/lib "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains -L\${enable_gcrypt}/lib"; } >&5 + (: LDFLAGS already contains -L${enable_gcrypt}/lib) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS " -L${enable_gcrypt}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + LDFLAGS=-L${enable_gcrypt}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + (: LDFLAGS="$LDFLAGS") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + if test X"$enable_rpath" = X"yes"; then + +if ${LDFLAGS_R+:} false; then : + + case " $LDFLAGS_R " in #( + *" -R${enable_gcrypt}/lib "*) : + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R already contains -R\${enable_gcrypt}/lib"; } >&5 + (: LDFLAGS_R already contains -R${enable_gcrypt}/lib) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } ;; #( + *) : + + as_fn_append LDFLAGS_R " -R${enable_gcrypt}/lib" + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + ;; +esac + +else + + LDFLAGS_R=-R${enable_gcrypt}/lib + { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS_R=\"\$LDFLAGS_R\""; } >&5 + (: LDFLAGS_R="$LDFLAGS_R") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + +fi + + fi + + fi +fi +if test "$DIGEST" = "digest.lo"; then + FOUND_SHA2=no + ac_fn_c_check_header_mongrel "$LINENO" "sha2.h" "ac_cv_header_sha2_h" "$ac_includes_default" +if test "x$ac_cv_header_sha2_h" = xyes; then : + + FOUND_SHA2=yes + for ac_func in SHA224Update +do : + ac_fn_c_check_func "$LINENO" "SHA224Update" "ac_cv_func_SHA224Update" +if test "x$ac_cv_func_SHA224Update" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SHA224UPDATE 1 +_ACEOF + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 +$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } +if ${sudo_cv_func_sha2_void_ptr+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +#include +void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + sudo_cv_func_sha2_void_ptr=yes +else + sudo_cv_func_sha2_void_ptr=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 +$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } + if test $sudo_cv_func_sha2_void_ptr = yes; then + +$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h + + fi + +else + + # On some systems, SHA224Update is in libmd + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA224Update in -lmd" >&5 +$as_echo_n "checking for SHA224Update in -lmd... " >&6; } +if ${ac_cv_lib_md_SHA224Update+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lmd $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char SHA224Update (); +int +main () +{ +return SHA224Update (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_md_SHA224Update=yes +else + ac_cv_lib_md_SHA224Update=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_md_SHA224Update" >&5 +$as_echo "$ac_cv_lib_md_SHA224Update" >&6; } +if test "x$ac_cv_lib_md_SHA224Update" = xyes; then : + + $as_echo "#define HAVE_SHA224UPDATE 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the data argument of SHA224Update() is void *" >&5 +$as_echo_n "checking whether the data argument of SHA224Update() is void *... " >&6; } +if ${sudo_cv_func_sha2_void_ptr+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +#include +void SHA224Update(SHA2_CTX *context, const void *data, size_t len) {return;} +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + sudo_cv_func_sha2_void_ptr=yes +else + sudo_cv_func_sha2_void_ptr=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sudo_cv_func_sha2_void_ptr" >&5 +$as_echo "$sudo_cv_func_sha2_void_ptr" >&6; } + if test $sudo_cv_func_sha2_void_ptr = yes; then + +$as_echo "#define SHA2_VOID_PTR 1" >>confdefs.h + + fi + + LIBMD="-lmd" + +else + + # Does not have SHA224Update + FOUND_SHA2=no + +fi + + +fi +done + + +fi + + + if test X"$FOUND_SHA2" = X"no"; then + case " $LIBOBJS " in + *" sha2.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS sha2.$ac_objext" + ;; +esac + + + for _sym in sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update; do + COMPAT_EXP="${COMPAT_EXP}${_sym} +" + done + + fi fi OLIBS="$LIBS" LIBS="${LIBS} ${NET_LIBS}" diff --git a/configure.ac b/configure.ac index 838d3b89a..8f76b2489 100644 --- a/configure.ac +++ b/configure.ac @@ -1503,26 +1503,14 @@ AC_ARG_ENABLE(werror, ]) AC_ARG_ENABLE(openssl, -[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])], -[ case $enableval in - no) ;; - *) AC_DEFINE(HAVE_OPENSSL);; - esac -]) +[AS_HELP_STRING([--enable-openssl], [Use OpenSSL's TLS and sha2 functions])]) AC_ARG_ENABLE(gcrypt, -[AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's message digest functions instead of sudo's])], -[ case $enableval in - no) ;; - *) LIBMD="-lgcrypt" - DIGEST=digest_gcrypt.lo - AC_DEFINE(HAVE_GCRYPT) - if test "$enableval" != "yes"; then - AX_APPEND_FLAG([-I${enableval}/include], [CPPFLAGS]) - SUDO_APPEND_LIBPATH(LDFLAGS, [${enableval}/lib]) - fi - ;; - esac +[AS_HELP_STRING([--enable-gcrypt], [Use GNU crypt's sha2 functions])], [ + if test "${enable_openssl-no}" != no; then + AC_MSG_WARN([Ignoring --enable-gcrypt when OpenSSL is enabled.]) + enable_gcrypt=no + fi ]) AC_ARG_ENABLE(hardening, @@ -2962,28 +2950,6 @@ AC_CHECK_MEMBER([struct stat.st_mtim], [AC_CHECK_MEMBER([struct stat.st_nmtime], AC_DEFINE(HAVE_ST_NMTIME))]) ] ) -# Look for sha2 functions if not using openssl -if test "$DIGEST" = "digest.lo"; then - FOUND_SHA2=no - AC_CHECK_HEADER([sha2.h], [ - FOUND_SHA2=yes - AC_CHECK_FUNCS([SHA224Update], [SUDO_FUNC_SHA2_VOID_PTR], [ - # On some systems, SHA224Update is in libmd - AC_CHECK_LIB(md, SHA224Update, [ - AC_DEFINE(HAVE_SHA224UPDATE) - SUDO_FUNC_SHA2_VOID_PTR - LIBMD="-lmd" - ], [ - # Does not have SHA224Update - FOUND_SHA2=no - ]) - ]) - ]) - if test X"$FOUND_SHA2" = X"no"; then - AC_LIBOBJ(sha2) - SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update) - fi -fi AC_CHECK_FUNCS([vsyslog], [], [ AC_LIBOBJ(vsyslog) SUDO_APPEND_COMPAT_EXP(sudo_vsyslog) @@ -3019,6 +2985,10 @@ dnl dnl Check for functions only present in OpenSSL 1.1 and above dnl if test "${enable_openssl-no}" != no; then + # Use OpenSSL's sha2 functions + AC_DEFINE(HAVE_OPENSSL) + DIGEST=digest_openssl.lo + # Use pkg-config to find the openssl cflags and libs if possible. if test "$enable_openssl" != "yes"; then PKG_CONFIG_LIBDIR="${enable_openssl}/lib/pkgconfig:${enable_openssl}/lib64/pkgconfig:${enable_openssl}/share/pkgconfig" @@ -3060,6 +3030,39 @@ if test "${enable_openssl-no}" != no; then #include ]) LIBS="$OLIBS" +elif test "${enable_gcrypt-no}" != no; then + # Use gcrypt's sha2 functions + AC_DEFINE(HAVE_GCRYPT) + DIGEST=digest_gcrypt.lo + LIBMD="-lgcrypt" + if test "$enable_gcrypt" != "yes"; then + AX_APPEND_FLAG([-I${enable_gcrypt}/include], [CPPFLAGS]) + SUDO_APPEND_LIBPATH(LDFLAGS, [${enable_gcrypt}/lib]) + fi +fi +dnl +dnl Check for sha2 functions if not using openssl or gcrypt +dnl +if test "$DIGEST" = "digest.lo"; then + FOUND_SHA2=no + AC_CHECK_HEADER([sha2.h], [ + FOUND_SHA2=yes + AC_CHECK_FUNCS([SHA224Update], [SUDO_FUNC_SHA2_VOID_PTR], [ + # On some systems, SHA224Update is in libmd + AC_CHECK_LIB(md, SHA224Update, [ + AC_DEFINE(HAVE_SHA224UPDATE) + SUDO_FUNC_SHA2_VOID_PTR + LIBMD="-lmd" + ], [ + # Does not have SHA224Update + FOUND_SHA2=no + ]) + ]) + ]) + if test X"$FOUND_SHA2" = X"no"; then + AC_LIBOBJ(sha2) + SUDO_APPEND_COMPAT_EXP(sudo_SHA224Final sudo_SHA224Init sudo_SHA224Pad sudo_SHA224Transform sudo_SHA224Update sudo_SHA256Final sudo_SHA256Init sudo_SHA256Pad sudo_SHA256Transform sudo_SHA256Update sudo_SHA384Final sudo_SHA384Init sudo_SHA384Pad sudo_SHA384Transform sudo_SHA384Update sudo_SHA512Final sudo_SHA512Init sudo_SHA512Pad sudo_SHA512Transform sudo_SHA512Update) + fi fi dnl dnl If socket(2) not in libc, check -lsocket and -linet