Update OpenSSL autoconf checks

- Checks explicitly for versions >= 1.1.0 with pkg-config - Refactor the fallback checks. Previously they were copied from the gnutls logic, but could be slightly surprising (it's not obvious that they're for the case where pkg-config returns a false negative, and it's weird that the linker check overode the header check) - Fix the AC_SEARCH_LIBS check to try -lcrypto instead of -lopenssl (-lcrypto is the standard library OpenSSL ships the crypto symbols in). - Fix the AC_SEARCH_LIBS check to look for EVP_MD_CTX_new, which is not present in versions prior to 1.1.0. Fixes qpdf/qpdf#429 (although I haven't verified on cygwin)
2020-07-02 19:24:04 +10:00 · 2020-07-02 19:24:04 +10:00 · a99ad2b900
parent 2ff84aa2c9
commit a99ad2b900
3 changed files with 40 additions and 39 deletions
--- a/autofiles.sums
+++ b/autofiles.sums
@ -1,4 +1,4 @@
-055e54a34d94a0c2ed9451042a1c747e47b29259a9035af9e7327401a5c3fbd1  configure.ac
+d2cb3f80935a7e6e265a04da6ba9c0df4eabae3de33c6a48384a9fa50a15143b  configure.ac
 d3f9ee6f6f0846888d9a10fd3dad2e4b1258be84205426cf04d7cef02d61dad7  aclocal.m4
 cf2c764639c4c94abc183a0976eca6ae500b80790ea25e3d0af97b23587363b7  libqpdf/qpdf/qpdf-config.h.in
 5297971a0ef90bcd5563eb3f7127a032bb76d3ae2af7258bf13479caf8983a60  m4/ax_cxx_compile_stdcxx.m4
--- a/59
+++ b/59
@ -1477,7 +1477,7 @@ Optional Features:
                          are not explicitly requested; true by default
  --enable-crypto-native  whether to include support for native crypto
                          provider
-  --enable-crypto-openssl whether to include support for the BoringSSL crypto
+  --enable-crypto-openssl whether to include support for the openssl crypto
                          provider
  --enable-crypto-gnutls  whether to include support for gnutls crypto
                          provider
@ -17811,12 +17811,12 @@ if test -n "$pc_openssl_CFLAGS"; then
    pkg_cv_pc_openssl_CFLAGS="$pc_openssl_CFLAGS"
 elif test -n "$PKG_CONFIG"; then
    if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.1.0\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "openssl >= 1.1.0") 2>&5
  ac_status=$?
  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
  test $ac_status = 0; }; then
-  pkg_cv_pc_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null`
+  pkg_cv_pc_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 1.1.0" 2>/dev/null`
 		      test "x$?" != "x0" && pkg_failed=yes
 else
  pkg_failed=yes
@ -17828,12 +17828,12 @@ if test -n "$pc_openssl_LIBS"; then
    pkg_cv_pc_openssl_LIBS="$pc_openssl_LIBS"
 elif test -n "$PKG_CONFIG"; then
    if test -n "$PKG_CONFIG" && \
-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
-  ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
+    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.1.0\""; } >&5
+  ($PKG_CONFIG --exists --print-errors "openssl >= 1.1.0") 2>&5
  ac_status=$?
  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
  test $ac_status = 0; }; then
-  pkg_cv_pc_openssl_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null`
+  pkg_cv_pc_openssl_LIBS=`$PKG_CONFIG --libs "openssl >= 1.1.0" 2>/dev/null`
 		      test "x$?" != "x0" && pkg_failed=yes
 else
  pkg_failed=yes
@ -17854,9 +17854,9 @@ else
        _pkg_short_errors_supported=no
 fi
        if test $_pkg_short_errors_supported = yes; then
-	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl" 2>&1`
+	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 1.1.0" 2>&1`
        else
-	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl" 2>&1`
+	        pc_openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 1.1.0" 2>&1`
        fi
 	# Put the nasty error message in config.log where it belongs
 	echo "$pc_openssl_PKG_ERRORS" >&5
@ -17873,18 +17873,13 @@ else
 $as_echo "yes" >&6; }
 	OPENSSL_FOUND=1
 fi
-if test "$OPENSSL_FOUND" = "0"; then
+
+if test "$OPENSSL_FOUND" = "0"; then :
  ac_fn_c_check_header_mongrel "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default"
 if test "x$ac_cv_header_openssl_evp_h" = xyes; then :
-  OPENSSL_FOUND=1
-else
-  OPENSSL_FOUND=0
-fi
-
-
-  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_DigestInit_ex" >&5
-$as_echo_n "checking for library containing EVP_DigestInit_ex... " >&6; }
-if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_MD_CTX_new" >&5
+$as_echo_n "checking for library containing EVP_MD_CTX_new... " >&6; }
+if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
  $as_echo_n "(cached) " >&6
 else
  ac_func_search_save_LIBS=$LIBS
@ -17897,16 +17892,16 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 #ifdef __cplusplus
 extern "C"
 #endif
-char EVP_DigestInit_ex ();
+char EVP_MD_CTX_new ();
 int
 main ()
 {
-return EVP_DigestInit_ex ();
+return EVP_MD_CTX_new ();
  ;
  return 0;
 }
 _ACEOF
-for ac_lib in '' openssl; do
+for ac_lib in '' crypto; do
  if test -z "$ac_lib"; then
    ac_res="none required"
  else
@ -17914,32 +17909,34 @@ for ac_lib in '' openssl; do
    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
  fi
  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_DigestInit_ex=$ac_res
+  ac_cv_search_EVP_MD_CTX_new=$ac_res
 fi
 rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext
-  if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
+  if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
  break
 fi
 done
-if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
+if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :

 else
-  ac_cv_search_EVP_DigestInit_ex=no
+  ac_cv_search_EVP_MD_CTX_new=no
 fi
 rm conftest.$ac_ext
 LIBS=$ac_func_search_save_LIBS
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_DigestInit_ex" >&5
-$as_echo "$ac_cv_search_EVP_DigestInit_ex" >&6; }
-ac_res=$ac_cv_search_EVP_DigestInit_ex
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_MD_CTX_new" >&5
+$as_echo "$ac_cv_search_EVP_MD_CTX_new" >&6; }
+ac_res=$ac_cv_search_EVP_MD_CTX_new
 if test "$ac_res" != no; then :
  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
  OPENSSL_FOUND=1
-else
-  OPENSSL_FOUND=0
 fi

+fi
+
+
+
 fi

 IMPLICIT_OPENSSL=0
--- a/configure.ac
+++ b/configure.ac
@ -586,23 +586,27 @@ if test "$USE_CRYPTO_NATIVE" = "1"; then
  DEFAULT_CRYPTO=native
 fi

-dnl If the openssl/BoringSSL provider is explicitly requested, require openssl
+dnl If the openssl/BoringSSL provider is explicitly requested, require openssl.
 dnl If the openssl provider is not explicitly disabled, enable it if
 dnl openssl is available. If the openssl provider is explicitly
 dnl disabled, do not link with openssl even if present.

-PKG_CHECK_MODULES([pc_openssl], [openssl], [OPENSSL_FOUND=1], [OPENSSL_FOUND=0])
-if test "$OPENSSL_FOUND" = "0"; then
-  AC_CHECK_HEADER([openssl/evp.h],[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
-  AC_SEARCH_LIBS(EVP_DigestInit_ex,openssl,[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
-fi
+PKG_CHECK_MODULES([pc_openssl], [openssl >= 1.1.0],
+                  [OPENSSL_FOUND=1], [OPENSSL_FOUND=0])
+
+dnl Override pkg-config if headers and libraries are present.
+AS_IF([test "$OPENSSL_FOUND" = "0"],
+      [AC_CHECK_HEADER(
+       [openssl/evp.h],
+       [AC_SEARCH_LIBS(EVP_MD_CTX_new,crypto,[OPENSSL_FOUND=1])])
+      ])

 IMPLICIT_OPENSSL=0
 USE_CRYPTO_OPENSSL=0
 AC_SUBST(USE_CRYPTO_OPENSSL)
 AC_ARG_ENABLE(crypto-openssl,
   AS_HELP_STRING([--enable-crypto-openssl],
-                  [whether to include support for the BoringSSL crypto provider]),
+                  [whether to include support for the openssl crypto provider]),
   [if test "$enableval" = "yes"; then
      USE_CRYPTO_OPENSSL=1
    else