svn commit: r394473 - in /xml/security/trunk/c/src: configure configure.ac

[bl...@apache.org]

Author: blautenb
Date: Sun Apr 16 05:27:59 2006
New Revision: 394473

URL: http://svn.apache.org/viewcvs?rev=394473&view=rev
Log:
Detect broken OpenSSL builds on Solaris 10

Modified:
    xml/security/trunk/c/src/configure
    xml/security/trunk/c/src/configure.ac

Modified: xml/security/trunk/c/src/configure
URL: http://svn.apache.org/viewcvs/xml/security/trunk/c/src/configure?rev=394473&r1=394472&r2=394473&view=diff
==============================================================================
--- xml/security/trunk/c/src/configure (original)
+++ xml/security/trunk/c/src/configure Sun Apr 16 05:27:59 2006
@@ -5227,33 +5227,35 @@
 fi
 rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
 
-echo "$as_me:$LINENO: checking whether EVP_aes_128_cbc is declared" >&5
-echo $ECHO_N "checking whether EVP_aes_128_cbc is declared... $ECHO_C" >&6
-if test "${ac_cv_have_decl_EVP_aes_128_cbc+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-  cat >conftest.$ac_ext <<_ACEOF
+# Check for full strength AES - Solaris 10 install is broken
+# and only supports low end AES.  As the library does not have
+# this granularity, we have to disable AES in this instance.
+
+# AC_CHECK_DECL(EVP_aes_256_cbc,
+# 	[AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
+# 	,[#include <openssl/evp.h>])
+
+echo "$as_me:$LINENO: checking for non-broken AES support" >&5
+echo $ECHO_N "checking for non-broken AES support... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
 #include <openssl/evp.h>
-
 int
 main ()
 {
-#ifndef EVP_aes_128_cbc
-  char *p = (char *) EVP_aes_128_cbc;
-#endif
+ EVP_aes_256_cbc();
 
   ;
   return 0;
 }
 _ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
-  (eval $ac_compile) 2>conftest.er1
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
   ac_status=$?
   grep -v '^ *+' conftest.er1 >conftest.err
   rm -f conftest.er1
@@ -5266,30 +5268,27 @@
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; } &&
-	 { ac_try='test -s conftest.$ac_objext'
+	 { ac_try='test -s conftest$ac_exeext'
   { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
   (eval $ac_try) 2>&5
   ac_status=$?
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
   (exit $ac_status); }; }; then
-  ac_cv_have_decl_EVP_aes_128_cbc=yes
+  echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+	cat >>confdefs.h <<\_ACEOF
+#define XSEC_OPENSSL_HAVE_AES 1
+_ACEOF
+
 else
   echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-ac_cv_have_decl_EVP_aes_128_cbc=no
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
 fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_decl_EVP_aes_128_cbc" >&5
-echo "${ECHO_T}$ac_cv_have_decl_EVP_aes_128_cbc" >&6
-if test $ac_cv_have_decl_EVP_aes_128_cbc = yes; then
-  cat >>confdefs.h <<\_ACEOF
-#define XSEC_OPENSSL_HAVE_AES 1
-_ACEOF
-
-fi
-
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
 
 echo "$as_me:$LINENO: checking whether EVP_CIPHER_CTX_set_padding(NULL,0) is declared" >&5
 echo $ECHO_N "checking whether EVP_CIPHER_CTX_set_padding(NULL,0) is declared... $ECHO_C" >&6

Modified: xml/security/trunk/c/src/configure.ac
URL: http://svn.apache.org/viewcvs/xml/security/trunk/c/src/configure.ac?rev=394473&r1=394472&r2=394473&view=diff
==============================================================================
--- xml/security/trunk/c/src/configure.ac (original)
+++ xml/security/trunk/c/src/configure.ac Sun Apr 16 05:27:59 2006
@@ -665,9 +665,21 @@
 	[AC_DEFINE(XSEC_OPENSSL_CONST_BUFFERS)],
 	[AC_MSG_RESULT([no])])
 
-AC_CHECK_DECL(EVP_aes_128_cbc,
+# Check for full strength AES - Solaris 10 install is broken
+# and only supports low end AES.  As the library does not have
+# this granularity, we have to disable AES in this instance.
+
+# AC_CHECK_DECL(EVP_aes_256_cbc,
+# 	[AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
+# 	,[#include <openssl/evp.h>])
+
+AC_MSG_CHECKING([for non-broken AES support])
+AC_TRY_LINK([#include <openssl/evp.h>],
+	[ EVP_aes_256_cbc();
+	],
+	[AC_MSG_RESULT([yes])]
 	[AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
-	,[#include <openssl/evp.h>])
+	[AC_MSG_RESULT([no])])
 
 AC_CHECK_DECL(EVP_CIPHER_CTX_set_padding(NULL,0),
 	[AC_DEFINE(XSEC_OPENSSL_CANSET_PADDING)],