You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2006/04/16 14:27:59 UTC
svn commit: r394473 - in /xml/security/trunk/c/src: configure configure.ac
Author: blautenb
Date: Sun Apr 16 05:27:59 2006
New Revision: 394473
URL: http://svn.apache.org/viewcvs?rev=394473&view=rev
Log:
Detect broken OpenSSL builds on Solaris 10
Modified:
xml/security/trunk/c/src/configure
xml/security/trunk/c/src/configure.ac
Modified: xml/security/trunk/c/src/configure
URL: http://svn.apache.org/viewcvs/xml/security/trunk/c/src/configure?rev=394473&r1=394472&r2=394473&view=diff
==============================================================================
--- xml/security/trunk/c/src/configure (original)
+++ xml/security/trunk/c/src/configure Sun Apr 16 05:27:59 2006
@@ -5227,33 +5227,35 @@
fi
rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: checking whether EVP_aes_128_cbc is declared" >&5
-echo $ECHO_N "checking whether EVP_aes_128_cbc is declared... $ECHO_C" >&6
-if test "${ac_cv_have_decl_EVP_aes_128_cbc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
+# Check for full strength AES - Solaris 10 install is broken
+# and only supports low end AES. As the library does not have
+# this granularity, we have to disable AES in this instance.
+
+# AC_CHECK_DECL(EVP_aes_256_cbc,
+# [AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
+# ,[#include <openssl/evp.h>])
+
+echo "$as_me:$LINENO: checking for non-broken AES support" >&5
+echo $ECHO_N "checking for non-broken AES support... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <openssl/evp.h>
-
int
main ()
{
-#ifndef EVP_aes_128_cbc
- char *p = (char *) EVP_aes_128_cbc;
-#endif
+ EVP_aes_256_cbc();
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>conftest.er1
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
@@ -5266,30 +5268,27 @@
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; } &&
- { ac_try='test -s conftest.$ac_objext'
+ { ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
- ac_cv_have_decl_EVP_aes_128_cbc=yes
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ cat >>confdefs.h <<\_ACEOF
+#define XSEC_OPENSSL_HAVE_AES 1
+_ACEOF
+
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-ac_cv_have_decl_EVP_aes_128_cbc=no
+echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
fi
-rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_decl_EVP_aes_128_cbc" >&5
-echo "${ECHO_T}$ac_cv_have_decl_EVP_aes_128_cbc" >&6
-if test $ac_cv_have_decl_EVP_aes_128_cbc = yes; then
- cat >>confdefs.h <<\_ACEOF
-#define XSEC_OPENSSL_HAVE_AES 1
-_ACEOF
-
-fi
-
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
echo "$as_me:$LINENO: checking whether EVP_CIPHER_CTX_set_padding(NULL,0) is declared" >&5
echo $ECHO_N "checking whether EVP_CIPHER_CTX_set_padding(NULL,0) is declared... $ECHO_C" >&6
Modified: xml/security/trunk/c/src/configure.ac
URL: http://svn.apache.org/viewcvs/xml/security/trunk/c/src/configure.ac?rev=394473&r1=394472&r2=394473&view=diff
==============================================================================
--- xml/security/trunk/c/src/configure.ac (original)
+++ xml/security/trunk/c/src/configure.ac Sun Apr 16 05:27:59 2006
@@ -665,9 +665,21 @@
[AC_DEFINE(XSEC_OPENSSL_CONST_BUFFERS)],
[AC_MSG_RESULT([no])])
-AC_CHECK_DECL(EVP_aes_128_cbc,
+# Check for full strength AES - Solaris 10 install is broken
+# and only supports low end AES. As the library does not have
+# this granularity, we have to disable AES in this instance.
+
+# AC_CHECK_DECL(EVP_aes_256_cbc,
+# [AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
+# ,[#include <openssl/evp.h>])
+
+AC_MSG_CHECKING([for non-broken AES support])
+AC_TRY_LINK([#include <openssl/evp.h>],
+ [ EVP_aes_256_cbc();
+ ],
+ [AC_MSG_RESULT([yes])]
[AC_DEFINE(XSEC_OPENSSL_HAVE_AES)],
- ,[#include <openssl/evp.h>])
+ [AC_MSG_RESULT([no])])
AC_CHECK_DECL(EVP_CIPHER_CTX_set_padding(NULL,0),
[AC_DEFINE(XSEC_OPENSSL_CANSET_PADDING)],