From b2fbbd6b77044f04edefc33b248d6f31ace9a7ab Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Tue, 9 Jul 2024 21:44:44 -0700 Subject: [PATCH] autotools: use pkg-config and Homebrew when looking for libcrypto. Grab the stuff from libpcap's configure script that looks for libssl (and libcrypto) and adapt it to look for libcrypto. his includes some macros to check using pkg-config (and other macros, such as macros to save and restore CFLAGS, LIBS, and LDFLAGS; any resemblance between their names and the cmake_push_check_state() and cmake_pop_check_state() commands is *entirely* coincidental :-)). Instead of checking for DES_cbc_encrypt(), which we don't use, to determine whether the libcrypto we found is usable, check for EVP_CIPHER_CTX_block_size(), which we *do* use. (We also check whether the openssl/evp.h header exists; if it doesn't, we might have found the libcrypto that Apple bundles with macOS, for which they do *NOT* provide the header in newer versions of Xcode.) See also #1174. This means that we don't need to check wehether we have openssl/evp.h at compile time - now, if we don't, we don't even set HAVE_LIBCRYPTO, so there's no need to check HAVE_OPENSSL_EVP_H. --- aclocal.m4 | 287 ++++++++++++++++++++++++++++++++++++++++++++++++- configure.ac | 255 ++++++++++++++++++++++++++++++++++++------- print-esp.c | 8 -- print-isakmp.c | 7 -- 4 files changed, 500 insertions(+), 57 deletions(-) diff --git a/aclocal.m4 b/aclocal.m4 index 269c4ed129..c532b1357e 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -127,6 +127,29 @@ AC_DEFUN(AC_LBL_C_INIT, fi ]) +dnl +dnl Save the values of various variables that affect compilation and +dnl linking, and that we don't ourselves modify persistently; done +dnl before a test involving compiling or linking is done, so that we +dnl can restore those variables after the test is done. +dnl +AC_DEFUN(AC_LBL_SAVE_CHECK_STATE, +[ + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + save_LDFLAGS="$LDFLAGS" +]) + +dnl +dnl Restore the values of variables saved by AC_LBL_SAVE_CHECK_STATE. +dnl +AC_DEFUN(AC_LBL_RESTORE_CHECK_STATE, +[ + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" + LDFLAGS="$save_LDFLAGS" +]) + dnl dnl Check whether the compiler option specified as the second argument dnl is supported by the compiler and, if so, add it to the macro @@ -372,7 +395,6 @@ AC_DEFUN(AC_LBL_LIBPCAP, # We didn't find a local libpcap. # Look for an installed pkg-config. # - AC_PATH_TOOL(PKG_CONFIG, pkg-config) if test -n "$PKG_CONFIG" ; then # # We have it. Are there .pc files for libpcap? @@ -860,3 +882,266 @@ AC_DEFUN(AC_LBL_LIBRARY_NET, [ ], -lnsl) ]) ]) + +m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) +dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +dnl serial 11 (pkg-config-0.29) +dnl +dnl Copyright © 2004 Scott James Remnant . +dnl Copyright © 2012-2015 Dan Nicholson +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +dnl 02111-1307, USA. +dnl +dnl As a special exception to the GNU General Public License, if you +dnl distribute this file as part of a program that contains a +dnl configuration script generated by Autoconf, you may include it under +dnl the same distribution terms that you use for the rest of that +dnl program. + +dnl PKG_PREREQ(MIN-VERSION) +dnl ----------------------- +dnl Since: 0.29 +dnl +dnl Verify that the version of the pkg-config macros are at least +dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's +dnl installed version of pkg-config, this checks the developer's version +dnl of pkg.m4 when generating configure. +dnl +dnl To ensure that this macro is defined, also add: +dnl m4_ifndef([PKG_PREREQ], +dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) +dnl +dnl See the "Since" comment for each macro you use to see what version +dnl of the macros you require. +m4_defun([PKG_PREREQ], +[m4_define([PKG_MACROS_VERSION], [0.29]) +m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) +])dnl PKG_PREREQ + +dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) +dnl ---------------------------------- +dnl Since: 0.16 +dnl +dnl Search for the pkg-config tool and set the PKG_CONFIG variable to +dnl first found in the path. Checks that the version of pkg-config found +dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.17.0 is +dnl used since that's the first version where --static was supported. +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) +m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.17.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi +fi[]dnl +])dnl PKG_PROG_PKG_CONFIG + +dnl PKG_CHECK_EXISTS(MODULE, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------------------------------- +dnl Since: 0.18 +dnl +dnl Check to see whether a particular module exists. Similar to +dnl PKG_CHECK_MODULE(), but does not set variables or print errors. +AC_DEFUN([PKG_CHECK_EXISTS], +[ +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_default([$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + +dnl _PKG_CONFIG_WITH_FLAGS([VARIABLE], [FLAGS], [MODULE]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and, if +dnl pkg-config fails, reporting the error and quitting. +m4_define([_PKG_CONFIG_WITH_FLAGS], +[if test ! -n "$$1"; then + $1=`$PKG_CONFIG $2 "$3" 2>/dev/null` + if test "x$?" != "x0"; then + # + # That failed - report an error. + # Re-run the command, telling pkg-config to print an error + # message, capture the error message, and report it. + # This causes the configuration script to fail, as it means + # the script is almost certainly doing something wrong. + # + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + _pkg_error_string=`$PKG_CONFIG --short-errors --print-errors $2 "$3" 2>&1` + else + _pkg_error_string=`$PKG_CONFIG --print-errors $2 "$3" 2>&1` + fi + AC_MSG_ERROR([$PKG_CONFIG $2 "$3" failed: $_pkg_error_string]) + fi + fi[]dnl +])dnl _PKG_CONFIG_WITH_FLAGS + + +dnl _PKG_CONFIG([VARIABLE], [FLAGS], [MODULE]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting +dnl pkg_failed based on the result. +m4_define([_PKG_CONFIG], +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG $2 "$3" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes ], + [pkg_failed=yes]) + else + pkg_failed=untried +fi[]dnl +])dnl _PKG_CONFIG + +dnl _PKG_SHORT_ERRORS_SUPPORTED +dnl --------------------------- +dnl Internal check to see if pkg-config supports short errors. +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[ +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])dnl _PKG_SHORT_ERRORS_SUPPORTED + + +dnl PKG_CHECK_MODULE(VARIABLE-PREFIX, MODULE, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl -------------------------------------------------------------- +dnl Since: 0.4.0 +AC_DEFUN([PKG_CHECK_MODULE], +[ +AC_MSG_CHECKING([for $2 with pkg-config]) +if test -n "$PKG_CONFIG"; then + AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $2, overriding pkg-config])dnl + AC_ARG_VAR([$1][_LIBS], [linker flags for $2, overriding pkg-config])dnl + AC_ARG_VAR([$1][_LIBS_STATIC], [static-link linker flags for $2, overriding pkg-config])dnl + + if AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$2"]); then + # + # The package was found, so try to get its C flags and + # libraries. + # + AC_MSG_RESULT([found]) + _PKG_CONFIG_WITH_FLAGS([$1][_CFLAGS], [--cflags], [$2]) + _PKG_CONFIG_WITH_FLAGS([$1][_LIBS], [--libs], [$2]) + _PKG_CONFIG_WITH_FLAGS([$1][_LIBS_STATIC], [--libs --static], [$2]) + m4_default([$3], [:]) + else + AC_MSG_RESULT([not found]) + m4_default([$4], [:]) + fi +else + # No pkg-config, so obviously not found with pkg-config. + AC_MSG_RESULT([pkg-config not found]) + m4_default([$4], [:]) +fi +])dnl PKG_CHECK_MODULE + + +dnl PKG_CHECK_MODULE_STATIC(VARIABLE-PREFIX, MODULE, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl --------------------------------------------------------------------- +dnl Since: 0.29 +dnl +dnl Checks for existence of MODULE and gathers its build flags with +dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags +dnl and VARIABLE-PREFIX_LIBS from --libs. +AC_DEFUN([PKG_CHECK_MODULE_STATIC], +[ +_save_PKG_CONFIG=$PKG_CONFIG +PKG_CONFIG="$PKG_CONFIG --static" +PKG_CHECK_MODULE($@) +PKG_CONFIG=$_save_PKG_CONFIG[]dnl +])dnl PKG_CHECK_MODULE_STATIC + + +dnl PKG_INSTALLDIR([DIRECTORY]) +dnl ------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable pkgconfigdir as the location where a module +dnl should install pkg-config .pc files. By default the directory is +dnl $libdir/pkgconfig, but the default can be changed by passing +dnl DIRECTORY. The user can override through the --with-pkgconfigdir +dnl parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_INSTALLDIR + + +dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) +dnl -------------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable noarch_pkgconfigdir as the location where a +dnl module should install arch-independent pkg-config .pc files. By +dnl default the directory is $datadir/pkgconfig, but the default can be +dnl changed by passing DIRECTORY. The user can override through the +dnl --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_NOARCH_INSTALLDIR + + +dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------- +dnl Since: 0.28 +dnl +dnl Retrieves the value of the pkg-config variable for the given module. +AC_DEFUN([PKG_CHECK_VAR], +[ +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + +_PKG_CONFIG([$1], [--variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) + +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])dnl PKG_CHECK_VAR diff --git a/configure.ac b/configure.ac index 250e7db077..aa88927211 100644 --- a/configure.ac +++ b/configure.ac @@ -71,6 +71,16 @@ darwin*) ;; esac +# +# Do we have pkg-config? +# +PKG_PROG_PKG_CONFIG + +# +# Do we have the brew command from Homebrew? +# +AC_PATH_PROG([BREW], [brew]) + AC_ARG_WITH([smi], [AS_HELP_STRING([--with-smi], [link with libsmi (allows to load MIBs on the fly to decode SNMP packets) [default=yes, if available]])], @@ -737,17 +747,6 @@ AC_ARG_WITH(crypto, want_libcrypto=yes libcrypto_root=$withval AC_MSG_RESULT([yes, using the version installed in $withval]) - - # - # Put the subdirectories of the libcrypto root directory - # at the end of the header and library search path, to - # make sure they come after any -I or -L flags for - # a local libpcap - those must take precedence of any - # directory that might contain an installed version of - # libpcap. - # - V_INCLS="$V_INCLS -I$withval/include" - LIBS="$LIBS -L$withval/lib" fi ],[ # @@ -759,42 +758,216 @@ AC_ARG_WITH(crypto, ]) if test "$want_libcrypto" != "no"; then # - # Don't check for libcrypto unless we have its headers; - # Apple, bless their pointy little heads, apparently ship - # libcrypto as a library, but not the header files, in - # El Capitan, probably because they don't want you writing - # nasty portable code that could run on other UN*Xes, they - # want you writing code that uses their Shiny New Crypto - # Library and that only runs on macOS. + # Were we told where to look for libcrypto? # - AC_CHECK_HEADER(openssl/crypto.h, - [ - AC_CHECK_LIB(crypto, DES_cbc_encrypt) - if test "$ac_cv_lib_crypto_DES_cbc_encrypt" = "yes"; then - AC_CHECK_HEADERS(openssl/evp.h) + if test -z "$libcrypto_root"; then + # + # No. + # + # First, try looking for it with pkg-config, if we have it. + # + # Homebrew's pkg-config does not, by default, look for + # pkg-config files for packages it has installed. + # Furthermore, at least for OpenSSL, they appear to be + # dumped in package-specific directories whose paths are + # not only package-specific but package-version-specific. + # + # So the only way to find openssl is to get the value of + # PKG_CONFIG_PATH from "brew --env openssl" and add that + # to PKG_CONFIG_PATH. (No, we can't just assume it's under + # /usr/local; Homebrew have conveniently chosen to put it + # under /opt/homebrew on ARM.) + # + # That's the nice thing about Homebrew - it makes things easier! + # Thanks! + # + save_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" + if test -n "$BREW"; then + openssl_pkgconfig_dir=`$BREW --env --plain openssl | sed -n 's/PKG_CONFIG_PATH: //p'` + PKG_CONFIG_PATH="$openssl_pkgconfig_dir:$PKG_CONFIG_PATH" + fi + PKG_CHECK_MODULE(LIBCRYPTO, libcrypto, + [ # - # OK, then: + # We found OpenSSL/libressl libcrypto. # - # 1) do we have EVP_CIPHER_CTX_new? - # If so, we use it to allocate an - # EVP_CIPHER_CTX, as EVP_CIPHER_CTX may be - # opaque; otherwise, we allocate it ourselves. + HAVE_LIBCRYPTO=yes + ]) + PKG_CONFIG_PATH="$save_PKG_CONFIG_PATH" + + # + # If it wasn't found, and we have Homebrew installed, see + # if it's in Homebrew. + # + if test "x$HAVE_LIBCRYPTO" != "xyes" -a -n "$BREW"; then + AC_MSG_CHECKING(for openssl in Homebrew) # - # 2) do we have EVP_DecryptInit_ex()? - # If so, we use it, because we need to be - # able to make two "initialize the cipher" - # calls, one with the cipher and key, and - # one with the IV, and, as of OpenSSL 1.1, - # You Can't Do That with EVP_DecryptInit(), - # because a call to EVP_DecryptInit() will - # unconditionally clear the context, and - # if you don't supply a cipher, it'll - # clear the cipher, rendering the context - # unusable and causing a crash. + # The brew man page lies when it speaks of + # $BREW --prefix --installed + # outputting nothing. In Homebrew 3.3.16, + # it produces output regardless of whether + # the formula is installed or not, so we + # send the standard output and error to + # the bit bucket. # - AC_CHECK_FUNCS(EVP_CIPHER_CTX_new EVP_DecryptInit_ex) + # libcrypto isn't a formula, openssl is a formula. + # + if $BREW --prefix --installed openssl >/dev/null 2>&1; then + # + # Yes. Get the include directory and library + # directory. (No, we can't just assume it's + # under /usr/local; Homebrew have conveniently + # chosen to put it under /opt/homebrew on ARM.) + # + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + openssl_path=`$BREW --prefix openssl` + LIBCRYPTO_CFLAGS="-I$openssl_path/include" + LIBCRYPTO_LIBS="-L$openssl_path/lib -lcrypto" + else + AC_MSG_RESULT(no) + fi fi - ]) + + # + # If it wasn't found, and /usr/local/include and /usr/local/lib + # exist, check if it's in /usr/local. (We check whether they + # exist because, if they don't exist, the compiler will warn + # about that and then ignore the argument, so they test + # using just the system header files and libraries.) + # + # We include the standard include file to 1) make sure that + # it's installed (if it's just a shared library for the + # benefit of existing programs, that's not useful) and 2) + # because SSL_library_init() is a library routine in some + # versions and a #defined wrapper around OPENSSL_init_ssl() + # in others. + # + if test "x$HAVE_LIBCRYPTO" != "xyes" -a -d "/usr/local/include" -a -d "/usr/local/lib"; then + AC_LBL_SAVE_CHECK_STATE + CFLAGS="$CFLAGS -I/usr/local/include" + LIBS="$LIBS -L/usr/local/lib -lcrypto" + AC_MSG_CHECKING(whether we have an OpenSSL/libressl libcrypto in /usr/local that we can use) + AC_LINK_IFELSE([AC_LANG_PROGRAM( + [[ +#include + ]], + [[ +EVP_CIPHER_CTX_block_size((EVP_CIPHER_CTX *)0); +return 0; + ]])], + [ + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + LIBCRYPTO_CFLAGS="-I/usr/local/include" + LIBCRYPTO_LIBS="-L/usr/local/lib -lcrypto" + ], + AC_MSG_RESULT(no)) + AC_LBL_RESTORE_CHECK_STATE + fi + + # + # If it wasn't found, check if it's a system library. + # + # We include the standard include file to 1) make sure that + # it's installed (if it's just a shared library for the + # benefit of existing programs, that's not useful) and 2) + # make sure this isn't a newer macOS that provides libcrypto + # as a shared library but doesn't provide headers - Apple, + # bless their pointy little heads, apparently ship libcrypto + # as a library, but not the header files, in El Capitan and + # later, probably because they don't want you writing nasty + # portable code that could run on other UN*Xes, they want you + # writing code that uses their Shiny New Crypto Library and + # that thus only runs on macOS. + # + if test "x$HAVE_LIBCRYPTO" != "xyes"; then + AC_LBL_SAVE_CHECK_STATE + LIBS="$LIBS -lcrypto" + AC_MSG_CHECKING(whether we have a system OpenSSL/libressl that we can use) + AC_LINK_IFELSE([AC_LANG_PROGRAM( + [[ +#include + ]], + [[ +EVP_CIPHER_CTX_block_size((EVP_CIPHER_CTX *)0); +return 0; + ]])], + [ + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + LIBCRYPTO_LIBS="-lcrypto" + ], + AC_MSG_RESULT(no)) + AC_LBL_RESTORE_CHECK_STATE + fi + else + # + # Yes. + # + # Look for it there. + # + AC_LBL_SAVE_CHECK_STATE + CFLAGS="$CFLAGS -I$libcrypto_root/include" + LIBS="$LIBS -L$libcrypto_root/lib -lcrypto" + AC_MSG_CHECKING(whether we have a system OpenSSL/libressl that we can use) + AC_LINK_IFELSE([AC_LANG_PROGRAM( + [[ +#include + ]], + [[ +EVP_CIPHER_CTX_block_size((EVP_CIPHER_CTX *)0); +return 0; + ]])], + [ + AC_MSG_RESULT(yes) + HAVE_LIBCRYPTO=yes + LIBCRYPTO_CFLAGS="-I$libcrypto_root/include" + LIBCRYPTO_LIBS="-L$libcrypto_root/lib -lcrypto" + ], + AC_MSG_RESULT(no)) + AC_LBL_RESTORE_CHECK_STATE + fi + + # + # OK, did we find it? + # + if test "x$HAVE_LIBCRYPTO" = "xyes"; then + AC_DEFINE([HAVE_LIBCRYPTO], [1], [Define to 1 if you have a usable `crypto' library (-lcrypto).]) + + # + # Put the subdirectories of the libcrypto root directory + # at the end of the header and library search path, to + # make sure they come after any -I or -L flags for + # a local libpcap - those must take precedence of any + # directory that might contain an installed version of + # libpcap. + # + V_INCLS="$V_INCLS $LIBCRYPTO_CFLAGS" + LIBS="$LIBS $LIBCRYPTO_LIBS" + + # + # OK, then: + # + # 1) do we have EVP_CIPHER_CTX_new? + # If so, we use it to allocate an EVP_CIPHER_CTX, as + # EVP_CIPHER_CTX may be opaque; otherwise, we allocate it + # ourselves. + # + # 2) do we have EVP_DecryptInit_ex()? + # If so, we use it, because we need to be able to make + # two "initialize the cipher" calls, one with the cipher + # and key, and one with the IV, and, as of OpenSSL 1.1, + # You Can't Do That with EVP_DecryptInit(), because a + # call to EVP_DecryptInit() will unconditionally clear + # the context, and if you don't supply a cipher, it'll + # clear the cipher, rendering the context unusable and + # causing a crash. + # + AC_CHECK_FUNCS(EVP_CIPHER_CTX_new EVP_DecryptInit_ex) + else + AC_MSG_NOTICE(OpenSSL/libressl libcrypto not found) + fi fi # Check for libcap-ng diff --git a/print-esp.c b/print-esp.c index c35db7c942..834dd7411b 100644 --- a/print-esp.c +++ b/print-esp.c @@ -30,16 +30,8 @@ #include #include -/* Any code in this file that depends on HAVE_LIBCRYPTO depends on - * HAVE_OPENSSL_EVP_H too. Undefining the former when the latter isn't defined - * is the simplest way of handling the dependency. - */ #ifdef HAVE_LIBCRYPTO -#ifdef HAVE_OPENSSL_EVP_H #include -#else -#undef HAVE_LIBCRYPTO -#endif #endif #include "netdissect.h" diff --git a/print-isakmp.c b/print-isakmp.c index a3c06d1dd2..25b538abce 100644 --- a/print-isakmp.c +++ b/print-isakmp.c @@ -34,13 +34,6 @@ #include -/* The functions from print-esp.c used in this file are only defined when both - * OpenSSL and evp.h are detected. Employ the same preprocessor device here. - */ -#ifndef HAVE_OPENSSL_EVP_H -#undef HAVE_LIBCRYPTO -#endif - #include "netdissect-stdinc.h" #include