This check is admittedly lame. But it's all I have time for at the
moment. A better check would be a program that includes the correct
headers and succeeds if the OpenSSL version macro indicates it's at
3.0 or higher. Or perhaps we could run the openssl(1) version command-
line and parse its output. But checking for functions that are in 3.0
and not 1.1 will do for the time being.
For consistency make "-I" part of the macro value set by autoconf.
For now, don't attempt to handle OpenSSL rpath in cf/crypto.m4.
That's much easier by just setting LDFLAGS when running configure.
Otherwise too many Makefiles to edit and libtool and automake do
their best to undo the rpath.
This adds a new backend for libhcrypto: the OpenSSL backend.
Now libhcrypto has these backends:
- hcrypto itself (i.e., the algorithms coded in lib/hcrypto)
- Common Crypto (OS X)
- PKCS#11 (specifically for Solaris, but not Solaris-specific)
- Windows CNG (Windows)
- OpenSSL (generic)
The ./configure --with-openssl=... option no longer disables the use of
hcrypto. Instead it enables the use of OpenSSL as a (and the default)
backend in libhcrypto. The libhcrypto framework is now always used.
OpenSSL should no longer be used directly within Heimdal, except in the
OpenSSL hcrypto backend itself, and files where elliptic curve (EC)
crypto is needed.
Because libhcrypto's EC support is incomplete, we can only use OpenSSL
for EC. Currently that means separating all EC-using code so that it
does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has
been moved out of the files it used to be in.
The EGD daemon is completely unmaintained and has not seen a release
since 13 years which is not an acceptable timeframe for cryptographic
software. It is not packaged in any linux distribution I know of
and definitely not in *BSD.
LibreSSL has already dropped support for RAND_egd.
check for <hcrypto/...> headers since make_crypto.c assumes that the
name of the files.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16587 ec53bebd-3082-4978-b11e-865c3cabbd6b
${with_openssl_include} if its are set (not ${with_openssl}/include)
same for with_openssl_lib
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11960 ec53bebd-3082-4978-b11e-865c3cabbd6b
requested, but the crypto library is not the same as krb4
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11429 ec53bebd-3082-4978-b11e-865c3cabbd6b
des_cbc_encrypt, so we need to feed it a variable, not just NULL (from
Magnus Holmberg)
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11065 ec53bebd-3082-4978-b11e-865c3cabbd6b
openssl's libcrypto or krb4's libdes that has all the required
functionality (md4, md5, sha1, des, rc4). if there is no such
library, the included lib/des is built.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10519 ec53bebd-3082-4978-b11e-865c3cabbd6b
