diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2021-10-12 15:23:17 +0900 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2021-10-12 15:23:17 +0900 |
| commit | 10e02b90f65f3a85d72a719806b9d8873377c1a4 (patch) | |
| tree | 6919a241eb58e5017991eb49978f90f8c8513480 | |
| parent | 0709359657633271c8c018d67b40d9052c630022 (diff) | |
| download | libgcrypt-10e02b90f65f3a85d72a719806b9d8873377c1a4.tar.gz | |
build: Support specifying HMAC key by --enable-hmac-binary-check.
* configure.ac (DEF_HMAC_BINARY_CHECK): New SUBSTITUTION.
(DL_LIBS): Fix the condition.
* src/Makefile.am (libgcrypt_la_CFLAGS): Use DEF_HMAC_BINARY_CHECK.
(hmac256_CFLAGS): Likewise.
--
GnuPG-bug-id: 5550
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
| -rw-r--r-- | configure.ac | 14 | ||||
| -rw-r--r-- | src/Makefile.am | 5 |
2 files changed, 13 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac index 88d6718c..56d2a25e 100644 --- a/configure.ac +++ b/configure.ac @@ -594,15 +594,21 @@ AC_MSG_CHECKING([whether a HMAC binary check is requested]) AC_ARG_ENABLE(hmac-binary-check, AS_HELP_STRING([--enable-hmac-binary-check], [Enable library integrity check]), - [use_hmac_binary_check=$enableval], + [use_hmac_binary_check="$enableval"], [use_hmac_binary_check=no]) AC_MSG_RESULT($use_hmac_binary_check) -if test "$use_hmac_binary_check" = yes ; then +if test "$use_hmac_binary_check" = no ; then + DEF_HMAC_BINARY_CHECK='' +else AC_DEFINE(ENABLE_HMAC_BINARY_CHECK,1, [Define to support an HMAC based integrity check]) AC_CHECK_TOOL(OBJCOPY, [objcopy]) + if test "$use_hmac_binary_check" != yes ; then + DEF_HMAC_BINARY_CHECK=-DKEY_FOR_BINARY_CHECK="'\"""$use_hmac_binary_check""\"'" + fi fi -AM_CONDITIONAL(USE_HMAC_BINARY_CHECK, test x$use_hmac_binary_check = xyes) +AM_CONDITIONAL(USE_HMAC_BINARY_CHECK, test "x$use_hmac_binary_check" != xno) +AC_SUBST(DEF_HMAC_BINARY_CHECK) # Implementation of the --with-fips-module-version. AC_ARG_WITH(fips-module-version, @@ -2199,7 +2205,7 @@ AC_REPLACE_FUNCS([getpid clock]) # Check whether it is necessary to link against libdl. # DL_LIBS="" -if test "$use_hmac_binary_check" = yes ; then +if test "$use_hmac_binary_check" != no ; then _gcry_save_libs="$LIBS" LIBS="" AC_SEARCH_LIBS(dlopen, c dl,,,) diff --git a/src/Makefile.am b/src/Makefile.am index f0669f6e..4b062234 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -56,7 +56,7 @@ else libgcrypt_version_script_cmd = endif -libgcrypt_la_CFLAGS = $(GPG_ERROR_CFLAGS) +libgcrypt_la_CFLAGS = $(GPG_ERROR_CFLAGS) @DEF_HMAC_BINARY_CHECK@ libgcrypt_la_SOURCES = \ gcrypt-int.h g10lib.h visibility.c visibility.h types.h \ gcrypt-testapi.h cipher.h cipher-proto.h \ @@ -138,7 +138,8 @@ mpicalc_LDADD = libgcrypt.la $(GPG_ERROR_LIBS) EXTRA_mpicalc_DEPENDENCIES = libgcrypt.la.done hmac256_SOURCES = hmac256.c hmac256.h -hmac256_CFLAGS = -DSTANDALONE $(arch_gpg_error_cflags) +hmac256_CFLAGS = -DSTANDALONE @DEF_HMAC_BINARY_CHECK@ \ + $(arch_gpg_error_cflags) hmac256_LDADD = $(arch_gpg_error_libs) if USE_RANDOM_DAEMON |