This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new 281ea25a Check if OpenSSL implementation supports DSA.
281ea25a is described below
commit 281ea25a44bff53eefb4af7bab7aa670b1f8b6b2
Author: Darren Tucker <dtucker@dtucker.net>
AuthorDate: Sat Mar 30 18:20:16 2024 +1100
Check if OpenSSL implementation supports DSA.
If --enable/disable-dsa-keys is not specified, set based on what OpenSSL
supports. If specified as enabled, but not supported by OpenSSL error
out. ok djm@
---
configure.ac | 39 +++++++++++++++++++++++++++++++--------
1 file changed, 31 insertions(+), 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index 081e2bc7..c04349f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2075,17 +2075,11 @@ AC_ARG_WITH([security-key-builtin],
[ enable_sk_internal=$withval ]
)
-disable_ecdsa=
+enable_dsa=
AC_ARG_ENABLE([dsa-keys],
[ --disable-dsa-keys disable DSA key support [no]],
- [.
- if test "x$enableval" = "xno" ; then
- disable_ecdsa=1
- fi
- ]
+ [ enable_dsa="$enableval" ]
)
-test -z "$disable_ecdsa" &&
- AC_DEFINE([WITH_DSA], [1], [Define if to enable DSA keys.])
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
@@ -3196,6 +3190,35 @@ if test "x$openssl" = "xyes" ; then
AC_MSG_RESULT([no])
]
)
+ openssl_dsa=no
+ if test -z "$enable_dsa" || test "x$enable_dsa" = "xyes"; then
+ AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
+ AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
+ [ openssl_dsa=yes ],
+ [ #include <openssl/opensslconf.h> ]
+ )
+ ],
+ [ #include <openssl/opensslconf.h> ]
+ )
+ AC_MSG_CHECKING([whether to enable DSA key support])
+ if test -z "$enable_dsa"; then
+ if test "x$openssl_dsa" = "xno"; then
+ AC_MSG_RESULT([not supported by OpenSSL])
+ else
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([WITH_DSA], [1],
+ [DSA keys enabled by default])
+ fi
+ else
+ if test "x$openssl_dsa" = "xno"; then
+ AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
+ else
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([WITH_DSA], [1],
+ [DSA keys explicitly enabled])
+ fi
+ fi
+ fi
fi
# PKCS11/U2F depend on OpenSSL and dlopen().
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
dtucker pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new 281ea25a Check if OpenSSL implementation supports DSA.
281ea25a is described below
commit 281ea25a44bff53eefb4af7bab7aa670b1f8b6b2
Author: Darren Tucker <dtucker@dtucker.net>
AuthorDate: Sat Mar 30 18:20:16 2024 +1100
Check if OpenSSL implementation supports DSA.
If --enable/disable-dsa-keys is not specified, set based on what OpenSSL
supports. If specified as enabled, but not supported by OpenSSL error
out. ok djm@
---
configure.ac | 39 +++++++++++++++++++++++++++++++--------
1 file changed, 31 insertions(+), 8 deletions(-)
diff --git a/configure.ac b/configure.ac
index 081e2bc7..c04349f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2075,17 +2075,11 @@ AC_ARG_WITH([security-key-builtin],
[ enable_sk_internal=$withval ]
)
-disable_ecdsa=
+enable_dsa=
AC_ARG_ENABLE([dsa-keys],
[ --disable-dsa-keys disable DSA key support [no]],
- [.
- if test "x$enableval" = "xno" ; then
- disable_ecdsa=1
- fi
- ]
+ [ enable_dsa="$enableval" ]
)
-test -z "$disable_ecdsa" &&
- AC_DEFINE([WITH_DSA], [1], [Define if to enable DSA keys.])
AC_SEARCH_LIBS([dlopen], [dl])
AC_CHECK_FUNCS([dlopen])
@@ -3196,6 +3190,35 @@ if test "x$openssl" = "xyes" ; then
AC_MSG_RESULT([no])
]
)
+ openssl_dsa=no
+ if test -z "$enable_dsa" || test "x$enable_dsa" = "xyes"; then
+ AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
+ AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
+ [ openssl_dsa=yes ],
+ [ #include <openssl/opensslconf.h> ]
+ )
+ ],
+ [ #include <openssl/opensslconf.h> ]
+ )
+ AC_MSG_CHECKING([whether to enable DSA key support])
+ if test -z "$enable_dsa"; then
+ if test "x$openssl_dsa" = "xno"; then
+ AC_MSG_RESULT([not supported by OpenSSL])
+ else
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([WITH_DSA], [1],
+ [DSA keys enabled by default])
+ fi
+ else
+ if test "x$openssl_dsa" = "xno"; then
+ AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
+ else
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([WITH_DSA], [1],
+ [DSA keys explicitly enabled])
+ fi
+ fi
+ fi
fi
# PKCS11/U2F depend on OpenSSL and dlopen().
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits