autoconf pieces for U2F support

Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
author: Damien Miller <djm@mindrot.org> 2019-11-01 13:34:49 +1100
committer: Damien Miller <djm@mindrot.org> 2019-11-01 13:35:34 +1100
commit: 764d51e04460ec0da12e05e4777bc90c116accb9 (patch)
tree: 7bd6cd697ffcf62cea723059bebd1968cef8cb32 /configure.ac
parent: 45f17a159acfc5a8e450bfbcc2cffe72950ed7a3 (diff)
1 files changed, 48 insertions, 9 deletions
diff --git a/configure.ac b/configure.ac
index 9b4a7ee62..8f007e635 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1878,16 +1878,53 @@ AC_ARG_ENABLE([pkcs11],
        ]
 )
-# PKCS11 depends on OpenSSL.
+disable_sk=
-if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then
+AC_ARG_ENABLE([security-key],
-        # PKCS#11 support requires dlopen() and co
+        [  --disable-security-key  disable U2F/FIDO support code [no]],
-        AC_SEARCH_LIBS([dlopen], [dl],
+        [
-            AC_CHECK_DECL([RTLD_NOW],
+                if test "x$enableval" = "xno" ; then
-                AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]),
+                        disable_sk=1
-                [], [#include <dlfcn.h>]
+                fi
-            )
+        ]
-        )
+)
+# PKCS11/U2F depend on OpenSSL and dlopen().
+AC_SEARCH_LIBS([dlopen], [dl])
+AC_CHECK_FUNCS([dlopen])
+AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
+enable_pkcs11=yes
+enable_sk=yes
+if test "x$openssl" != "xyes" ; then
+        enable_pkcs11="disabled; missing libcrypto"
+        enable_sk="disabled; missing libcrypto"
+fi
+if test "x$ac_cv_func_dlopen" != "xyes" ; then
+        enable_pkcs11="disabled; missing dlopen(3)"
+        enable_sk="disabled; missing dlopen(3)"
+fi
+if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
+        enable_pkcs11="disabled; missing RTLD_NOW"
+        enable_sk="disabled; missing RTLD_NOW"
+fi
+if test ! -z "$disable_pkcs11" ; then
+        enable_pkcs11="disabled by user"
+fi
+if test ! -z "$disable_sk" ; then
+        enable_sk="disabled by user"
+fi
+AC_MSG_CHECKING([whether to enable PKCS11])
+if test "x$enable_pkcs11" = "xyes" ; then
+        AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
+fi
+AC_MSG_RESULT([$enable_pkcs11])
+AC_MSG_CHECKING([whether to enable U2F])
+if test "x$enable_sk" = "xyes" ; then
+        AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
 fi
+AC_MSG_RESULT([$enable_sk])
 # IRIX has a const char return value for gai_strerror()
 AC_CHECK_FUNCS([gai_strerror], [
@@ -5247,6 +5284,8 @@ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
 echo "              Random number source: $RAND_MSG"
 echo "             Privsep sandbox style: $SANDBOX_STYLE"
+echo "                   PKCS#11 support: $enable_pkcs11"
+echo "                  U2F/FIDO support: $enable_sk"
 echo ""
author	Damien Miller <djm@mindrot.org>	2019-11-01 13:34:49 +1100
committer	Damien Miller <djm@mindrot.org>	2019-11-01 13:35:34 +1100
commit	764d51e04460ec0da12e05e4777bc90c116accb9 (patch)
tree	7bd6cd697ffcf62cea723059bebd1968cef8cb32 /configure.ac
parent	45f17a159acfc5a8e450bfbcc2cffe72950ed7a3 (diff)

diff --git a/configure.ac b/configure.ac index 9b4a7ee62..8f007e635 100644 --- a/configure.ac +++ b/configure.ac
@@ -1878,16 +1878,53 @@ AC_ARG_ENABLE([pkcs11],
1878	]	1878	]
1879	)	1879	)
1880		1880
1881	# PKCS11 depends on OpenSSL.	1881	disable_sk=
1882	if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then	1882	AC_ARG_ENABLE([security-key],
1883	# PKCS#11 support requires dlopen() and co	1883	[ --disable-security-key disable U2F/FIDO support code [no]],
1884	AC_SEARCH_LIBS([dlopen], [dl],	1884	[
1885	AC_CHECK_DECL([RTLD_NOW],	1885	if test "x$enableval" = "xno" ; then
1886	AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]),	1886	disable_sk=1
1887	[], [#include <dlfcn.h>]	1887	fi
1888	)	1888	]
1889	)	1889	)
		1890
		1891	# PKCS11/U2F depend on OpenSSL and dlopen().
		1892	AC_SEARCH_LIBS([dlopen], [dl])
		1893	AC_CHECK_FUNCS([dlopen])
		1894	AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>])
		1895
		1896	enable_pkcs11=yes
		1897	enable_sk=yes
		1898	if test "x$openssl" != "xyes" ; then
		1899	enable_pkcs11="disabled; missing libcrypto"
		1900	enable_sk="disabled; missing libcrypto"
		1901	fi
		1902	if test "x$ac_cv_func_dlopen" != "xyes" ; then
		1903	enable_pkcs11="disabled; missing dlopen(3)"
		1904	enable_sk="disabled; missing dlopen(3)"
		1905	fi
		1906	if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then
		1907	enable_pkcs11="disabled; missing RTLD_NOW"
		1908	enable_sk="disabled; missing RTLD_NOW"
		1909	fi
		1910	if test ! -z "$disable_pkcs11" ; then
		1911	enable_pkcs11="disabled by user"
		1912	fi
		1913	if test ! -z "$disable_sk" ; then
		1914	enable_sk="disabled by user"
		1915	fi
		1916
		1917	AC_MSG_CHECKING([whether to enable PKCS11])
		1918	if test "x$enable_pkcs11" = "xyes" ; then
		1919	AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])
		1920	fi
		1921	AC_MSG_RESULT([$enable_pkcs11])
		1922
		1923	AC_MSG_CHECKING([whether to enable U2F])
		1924	if test "x$enable_sk" = "xyes" ; then
		1925	AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support])
1890	fi	1926	fi
		1927	AC_MSG_RESULT([$enable_sk])
1891		1928
1892	# IRIX has a const char return value for gai_strerror()	1929	# IRIX has a const char return value for gai_strerror()
1893	AC_CHECK_FUNCS([gai_strerror], [	1930	AC_CHECK_FUNCS([gai_strerror], [
@@ -5247,6 +5284,8 @@ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5247	echo " BSD Auth support: $BSD_AUTH_MSG"	5284	echo " BSD Auth support: $BSD_AUTH_MSG"
5248	echo " Random number source: $RAND_MSG"	5285	echo " Random number source: $RAND_MSG"
5249	echo " Privsep sandbox style: $SANDBOX_STYLE"	5286	echo " Privsep sandbox style: $SANDBOX_STYLE"
		5287	echo " PKCS#11 support: $enable_pkcs11"
		5288	echo " U2F/FIDO support: $enable_sk"
5250		5289
5251	echo ""	5290	echo ""
5252		5291