www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: [PATCH] configure.ac: Add single --with-crypto= instead of --with-$backend:s

Re: [PATCH] configure.ac: Add single --with-crypto= instead of --with-$backend:s

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Mon, 31 Oct 2016 13:11:15 +0100

On Friday, October 28, 2016 04:09:17 Peter Stuge wrote:
> The new option replaces the previous backend-specific options and
> fixes several problems while at it:
>
> * libgcrypt and mbedtls would be used if either was found, even if
> --without-libgcrypt or --without-mbedtls were on the command line.
>
> * If --with-$backend was on the command line, configure would not
> fail when the library could not be found, but would instead use
> the first successfully detected crypto library.
>
> * Copypasted code in configure.ac and acinclude.m4 had replicated
> the above bugs for multiple crypto backends.
>
> The new option requires specifying only a backend name in configure.ac.
>
> All crypto backend names are automatically displayed and recognized
> as valid --with-crypto= choices, and an uppercase name AM_CONDITIONAL
> is automatically created for each name.
>
> acinclude.m4 needs one case stanza within LIBSSH2_CRYPTO_CHECK to
> test availability of each library, which must set LIBS as neccessary.
>
> src/Makefile.am still needs an if-block using the AM_CONDITIONAL to
> include a backend-specific Makefile.

The patch does not apply on the current upstream master branch, so I tested
the withcrypto branch at http://git.stuge.se/libssh2.git (68b330d2). Basic
crypto backend selection seems to work.

--with-crypto=auto works fine for OpenSSL but does not work for libgcrypt:

$ ./configure --with-crypto=auto
[...]
configure: ERROR: No openssl crypto library found!
configure: error: Required dependencies are missing!

$ ./configure --with-crypto=libgcrypt
[...]
  Crypto library: libgcrypt
[...]

As a side note, the --with-libssl-prefix option did not take any effect but
it seems unrelated to your patch.

Kamil

> ---
> acinclude.m4 | 150
> ++++++++++++++++++++++++++++---------------------------- configure.ac |
> 137 ++++++++++++++++++++++++++++----------------------- src/Makefile.am |
> 8 +--
> 3 files changed, 155 insertions(+), 140 deletions(-)
>
> diff --git a/acinclude.m4 b/acinclude.m4
> index 734ef07..18a2929 100644
> --- a/acinclude.m4
> +++ b/acinclude.m4
> @@ -382,86 +382,86 @@ AC_DEFUN([CURL_CONFIGURE_REENTRANT], [
> #
> ])
>
> -AC_DEFUN([LIBSSH2_CHECKFOR_MBEDTLS], [
> -
> - old_LDFLAGS=$LDFLAGS
> - old_CFLAGS=$CFLAGS
> - if test -n "$use_mbedtls" && test "$use_mbedtls" != "no"; then
> - LDFLAGS="$LDFLAGS -L$use_mbedtls/lib"
> - CFLAGS="$CFLAGS -I$use_mbedtls/include"
> - fi
> -
> - AC_LIB_HAVE_LINKFLAGS([mbedtls], [], [
> - #include <mbedtls/version.h>
> - ])
> -
> - if test "$ac_cv_libmbedtls" = "yes"; then
> - AC_DEFINE(LIBSSH2_MBEDTLS, 1, [Use mbedtls])
> - LIBSREQUIRED= # mbedtls doesn't provide a .pc file
> - LIBS="$LIBS -lmbedtls -lmbedcrypto"
> - found_crypto=libmbedtls
> - support_clear_memory=yes
> - else
> - # restore
> - LDFLAGS=$old_LDFLAGS
> - CFLAGS=$old_CFLAGS
> - fi
> -])
> -
> -AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [
> -
> - old_LDFLAGS=$LDFLAGS
> - old_CFLAGS=$CFLAGS
> - if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
> - LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
> - CFLAGS="$CFLAGS -I$use_libgcrypt/include"
> - fi
> - AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
> - #include <gcrypt.h>
> - ])
> +AC_DEFUN([LIBSSH2_CHECK_CRYPTO], [
> +if test "$use_crypto" = "auto" && test "$found_crypto" = "none" || test
> "$use_crypto" = "$1"; then + case "$1" in
> + openssl)
> + AC_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include <openssl/ssl.h>])
> +
> + if test "$ac_cv_libssl" = "yes"; then
> + AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use OpenSSL])
> + LIBSREQUIRED=libssl,libcrypto
> + LIBS="$LIBS $LIBSSL"
> +
> + # Not all OpenSSL have AES-CTR functions.
> + AC_CHECK_FUNCS(EVP_aes_128_ctr)
> +
> + found_crypto="$1"
> + found_crypto_str="OpenSSL (AES-CTR:
> ${ac_cv_func_EVP_aes_128_ctr:-N/A})" + fi
> + ;;
>
> - if test "$ac_cv_libgcrypt" = "yes"; then
> - AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt])
> - LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face.
> - LIBS="$LIBS -lgcrypt"
> - found_crypto=libgcrypt
> - else
> - # restore
> - LDFLAGS=$old_LDFLAGS
> - CFLAGS=$old_CFLAGS
> - fi
> -])
> + libgcrypt)
> + AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [#include <gcrypt.h>])
>
> + if test "$ac_cv_libgcrypt" = "yes"; then
> + AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt])
> + LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face.
> + LIBS="$LIBS -lgcrypt"
> + found_crypto="$1"
> + fi
> + ;;
>
> -AC_DEFUN([LIBSSH2_CHECKFOR_WINCNG], [
> + mbedtls)
> + AC_LIB_HAVE_LINKFLAGS([mbedtls], [], [#include <mbedtls/version.h>])
>
> - # Look for Windows Cryptography API: Next Generation
> + if test "$ac_cv_libmbedtls" = "yes"; then
> + AC_DEFINE(LIBSSH2_MBEDTLS, 1, [Use mbedtls])
> + LIBSREQUIRED= # mbedtls doesn't provide a .pc file
> + LIBS="$LIBS -lmbedtls -lmbedcrypto"
> + found_crypto="$1"
> + support_clear_memory=yes
> + fi
> + ;;
>
> - AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [
> - #include <windows.h>
> - #include <bcrypt.h>
> - ])
> - AC_LIB_HAVE_LINKFLAGS([crypt32], [], [
> - #include <windows.h>
> - #include <wincrypt.h>
> - ])
> - AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [
> - #include <windows.h>
> - ])
> - AC_CHECK_DECLS([SecureZeroMemory], [], [], [
> - #include <windows.h>
> - ])
> + wincng)
> + # Look for Windows Cryptography API: Next Generation
> +
> + AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [
> + #include <windows.h>
> + #include <bcrypt.h>
> + ])
> + AC_LIB_HAVE_LINKFLAGS([crypt32], [], [
> + #include <windows.h>
> + #include <wincrypt.h>
> + ])
> + AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [
> + #include <windows.h>
> + ])
> + AC_CHECK_DECLS([SecureZeroMemory], [], [], [
> + #include <windows.h>
> + ])
> +
> + if test "$ac_cv_libbcrypt" = "yes"; then
> + AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])
> + LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face.
> + LIBS="$LIBS -lbcrypt"
> + if test "$ac_cv_libcrypt32" = "yes"; then
> + LIBS="$LIBS -lcrypt32"
> + fi
> + found_crypto="$1"
> + found_crypto_str="Windows Cryptography API: Next Generation"
> + if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then
> + support_clear_memory=yes
> + fi
> + fi
> + ;;
> + esac
>
> - if test "$ac_cv_libbcrypt" = "yes"; then
> - AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG])
> - LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face.
> - LIBS="$LIBS -lbcrypt"
> - if test "$ac_cv_libcrypt32" = "yes"; then
> - LIBS="$LIBS -lcrypt32"
> - fi
> - found_crypto="Windows Cryptography API: Next Generation"
> - if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then
> - support_clear_memory=yes
> - fi
> + if test "$found_crypto" = "none"; then
> + test "${crypto_errors}" != "" && crypto_errors="${crypto_errors}
> +"
> + crypto_errors="${crypto_errors}No $1 crypto library found!"
> fi
> +fi
> ])
> diff --git a/configure.ac b/configure.ac
> index f7fe247..ba84ddf 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -83,81 +83,84 @@ AC_C_BIGENDIAN
> dnl check for how to do large files
> AC_SYS_LARGEFILE
>
> -found_crypto=none
> -
> # Configure parameters
> -AC_ARG_WITH(openssl,
> - AC_HELP_STRING([--with-openssl],[Use OpenSSL for crypto]),
> - use_openssl=$withval,use_openssl=auto)
> -AC_ARG_WITH(libgcrypt,
> - AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]),
> - [ use_libgcrypt=$withval
> - LIBSSH2_CHECKFOR_GCRYPT
> - ], use_libgcrypt=auto)
> -AC_ARG_WITH(wincng,
> - AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]),
> - [ use_wincng=$withval
> - LIBSSH2_CHECKFOR_WINCNG
> - ] ,use_wincng=auto)
> -AC_ARG_WITH([mbedtls],
> - AC_HELP_STRING([--with-mbedtls],[Use mbedTLS for crypto]),
> - [ use_mbedtls=$withval
> - LIBSSH2_CHECKFOR_MBEDTLS
> - ], use_mbedtls=auto
> -)
> -AC_ARG_WITH(libz,
> - AC_HELP_STRING([--with-libz],[Use zlib for compression]),
> - use_libz=$withval,use_libz=auto)
> -
> -support_clear_memory=no
>
> -# Look for OpenSSL
> -if test "$found_crypto" = "none" && test "$use_openssl" != "no"; then
> - AC_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include <openssl/ssl.h>])
> -fi
> -if test "$ac_cv_libssl" = "yes"; then
> - AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use OpenSSL])
> - LIBSREQUIRED=libssl,libcrypto
> -
> - # Not all OpenSSL have AES-CTR functions.
> - save_LIBS="$LIBS"
> - LIBS="$LIBS $LIBSSL"
> - AC_CHECK_FUNCS(EVP_aes_128_ctr)
> - LIBS="$save_LIBS"
> +# libz
>
> - found_crypto="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})"
> -fi
> +AC_ARG_WITH([libz],
> + AC_HELP_STRING([--with-libz],[Use libz for compression]),
> + use_libz=$withval,
> + use_libz=auto)
>
> -AM_CONDITIONAL(OPENSSL, test "$ac_cv_libssl" = "yes")
> -AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes")
> -AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes")
> -AM_CONDITIONAL(MBEDTLS, test "$ac_cv_libmbedtls" = "yes")
> -
> -# Check if crypto library was found
> -if test "$found_crypto" = "none"; then
> - AC_MSG_ERROR([No crypto library found!
> -Try --with-libssl-prefix=PATH
> - or --with-libgcrypt-prefix=PATH
> - or --with-libmbedtls-prefix=PATH
> - or --with-wincng on Windows\
> -])
> -fi
> +found_libz=no
> +libz_errors=""
>
> -# Look for Libz
> -if test "$use_libz" != "no"; then
> +if test "$use_libz" != no; then
> AC_LIB_HAVE_LINKFLAGS([z], [], [#include <zlib.h>])
> if test "$ac_cv_libz" != yes; then
> - AC_MSG_NOTICE([Cannot find zlib, disabling compression])
> - AC_MSG_NOTICE([Try --with-libz-prefix=PATH if you know you have it])
> + if test "$use_libz" = auto; then
> + AC_MSG_NOTICE([Cannot find libz, disabling compression])
> + found_libz="disabled; no libz found"
> + else
> + libz_errors="No libz found!
> +Try --with-libz-prefix=PATH if you know that you have it."
> + AS_MESSAGE([ERROR: $libz_errors])
> + fi
> else
> AC_DEFINE(LIBSSH2_HAVE_ZLIB, 1, [Compile in zlib support])
> if test "${LIBSREQUIRED}" != ""; then
> LIBSREQUIRED="${LIBSREQUIRED},"
> fi
> LIBSREQUIRED="${LIBSREQUIRED}zlib"
> + found_libz="yes"
> fi
> fi
>
> +
> +# Crypto backends
> +
> +found_crypto=none
> +found_crypto_str=""
> +support_clear_memory=no
> +crypto_errors=""
> +
> +m4_set_add([crypto_backends], [openssl])
> +m4_set_add([crypto_backends], [libgcrypt])
> +m4_set_add([crypto_backends], [mbedtls])
> +m4_set_add([crypto_backends], [wincng])
> +
> +AC_ARG_WITH([crypto],
> + AC_HELP_STRING([--with-crypto=auto|]m4_set_contents([crypto_backends],
> [|]), + [Select crypto backend (default: auto)]),
> + use_crypto=$withval,
> + use_crypto=auto
> +)
> +
> +case "${use_crypto}" in
> + auto|m4_set_contents([crypto_backends], [|]))
> + m4_set_map([crypto_backends], [LIBSSH2_CHECK_CRYPTO])
> + ;;
> + *)
> + crypto_errors="Unknown crypto backend '${use_crypto}' specified!"
> + ;;
> +esac
> +
> +if test "$found_crypto" = "none"; then
> + crypto_errors="${crypto_errors}
> +Please specify --with-crypto and/or the neccessary library search prefix.
> +
> +Run configure --help to see all crypto library options."
> + AS_MESSAGE([ERROR: ${crypto_errors}])
> +else
> + if test "$found_crypto_str" = ""; then
> + found_crypto_str="$found_crypto"
> + fi
> +fi
> +
> +m4_set_foreach([crypto_backends], [c_backend],
> + [AM_CONDITIONAL(m4_toupper(c_backend), test "$found_crypto" =
> "c_backend")] +)
> +
> AC_SUBST(LIBSREQUIRED)
>
> #
> @@ -351,6 +354,18 @@ AC_C_INLINE
>
> CURL_CHECK_NONBLOCKING_SOCKET
>
> +if test "${libz_errors}" != ""; then
> + AS_MESSAGE([ERROR: ${libz_errors}])
> +fi
> +
> +if test "${crypto_errors}" != ""; then
> + AS_MESSAGE([ERROR: ${crypto_errors}])
> +fi
> +
> +if test "${libz_errors}${crypto_errors}" != ""; then
> + AC_MSG_ERROR([Required dependencies are missing!])
> +fi
> +
> AC_CONFIG_FILES([Makefile
> src/Makefile
> tests/Makefile
> @@ -367,10 +382,10 @@ AC_MSG_NOTICE([summary of build options:
> Compiler: ${CC}
> Compiler flags: ${CFLAGS}
> Library types: Shared=${enable_shared}, Static=${enable_static}
> - Crypto library: ${found_crypto}
> + Crypto library: ${found_crypto_str}
> Clear memory: $enable_clear_memory
> Debug build: $enable_debug
> Build examples: $build_examples
> Path to sshd: $ac_cv_path_SSHD (only for self-tests)
> - zlib compression: $ac_cv_libz
> + zlib compression: ${found_libz}
> ])
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 1fa0751..3532b81 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -8,12 +8,12 @@ endif
> if LIBGCRYPT
> include ../Makefile.libgcrypt.inc
> endif
> -if WINCNG
> -include ../Makefile.WinCNG.inc
> -endif
> if MBEDTLS
> include ../Makefile.mbedTLS.inc
> endif
> +if WINCNG
> +include ../Makefile.WinCNG.inc
> +endif
>
> # Makefile.inc provides the CSOURCES and HHEADERS defines
> include ../Makefile.inc
> @@ -62,4 +62,4 @@ VERSION=-version-info 1:1:0
>
> libssh2_la_LDFLAGS = $(VERSION) -no-undefined \
> -export-symbols-regex '^libssh2_.*' \
> - $(LTLIBGCRYPT) $(LTLIBSSL) $(LTLIBZ)
> + $(LIBS) $(LTLIBZ)

_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2016-10-31

the libssh2 team