1b5e14a13SCy Schubert# SYNOPSIS -*- Autoconf -*- 2b5e14a13SCy Schubert# 3b5e14a13SCy Schubert# NTP_CRYPTO_RAND 4b5e14a13SCy Schubert# 5b5e14a13SCy Schubert# DESCRIPTION 6b5e14a13SCy Schubert# 7b5e14a13SCy Schubert# AUTHOR 8b5e14a13SCy Schubert# 9b5e14a13SCy Schubert# Harlan Stenn 10b5e14a13SCy Schubert# 11b5e14a13SCy Schubert# LICENSE 12b5e14a13SCy Schubert# 13b5e14a13SCy Schubert# This file is Copyright (c) 2014 Network Time Foundation 14b5e14a13SCy Schubert# 15b5e14a13SCy Schubert# Copying and distribution of this file, with or without modification, are 16b5e14a13SCy Schubert# permitted in any medium without royalty provided the copyright notice, 17b5e14a13SCy Schubert# author attribution and this notice are preserved. This file is offered 18b5e14a13SCy Schubert# as-is, without any warranty. 19b5e14a13SCy Schubert 20b5e14a13SCy SchubertAC_DEFUN([NTP_CRYPTO_RAND], [ 2126fd3d56SCy SchubertAC_REQUIRE([NTP_OPENSSL])dnl 22b5e14a13SCy Schubert 23b5e14a13SCy Schubertdnl check for --disable-openssl-random 24b5e14a13SCy Schubertdnl if that's not specified: 25b5e14a13SCy Schubertdnl - Look for RAND_poll and RAND_bytes 26b5e14a13SCy Schubertdnl - if they exist, define USE_OPENSSL_CRYPTO_RAND 27b5e14a13SCy Schubert 281f833b3fSCy SchubertAC_MSG_CHECKING([if we want to use SSL library's secure random numbers]) 29b5e14a13SCy SchubertAC_ARG_ENABLE( 30b5e14a13SCy Schubert [openssl-random], 31b5e14a13SCy Schubert [AS_HELP_STRING( 32b5e14a13SCy Schubert [--enable-openssl-random], 331f833b3fSCy Schubert [+ Use SSL lib's secure random numbers] 34b5e14a13SCy Schubert )], 351f833b3fSCy Schubert [ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval], 361f833b3fSCy Schubert [ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no] 37b5e14a13SCy Schubert) 38b5e14a13SCy SchubertAC_MSG_RESULT([$ntp_use_openssl_random]) 39b5e14a13SCy Schubert 40b5e14a13SCy Schubert# The following might need extra libraries 41b5e14a13SCy SchubertNTPO_SAVED_LIBS="$LIBS" 42b5e14a13SCy SchubertLIBS="$NTPO_SAVED_LIBS $LDADD_NTP" 43b5e14a13SCy Schubertdnl AC_MSG_NOTICE([LIBS is <$LIBS>]) 44b5e14a13SCy SchubertAC_CHECK_FUNCS([RAND_bytes RAND_poll]) 45b5e14a13SCy SchubertLIBS="$NTPO_SAVED_LIBS" 4626fd3d56SCy Schubertcase "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in 4726fd3d56SCy Schubert yesyesyesyes) 481f833b3fSCy Schubert AC_MSG_NOTICE([Using SSL library's secure random number generator]) 49b5e14a13SCy Schubert AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) 50b5e14a13SCy Schubert ;; 511f833b3fSCy Schubert *) 521f833b3fSCy Schubert ntp_use_openssl_random=no 531f833b3fSCy Schubert AC_MSG_NOTICE([SSL library's secure random number generator unavailable.]) 541f833b3fSCy Schubert case "$ntp_ssl_random_mandatory" in 551f833b3fSCy Schubert yes) 561f833b3fSCy Schubert AC_MSG_ERROR( 571f833b3fSCy Schubert[No suitable SSL library was found and 581f833b3fSCy Schubert--enable-openssl-random was given.. Remove --enable-openssl-random 591f833b3fSCy Schubertif you wish to build without a cryptographically secure random number 601f833b3fSCy Schubertgenerator. 611f833b3fSCy Schubert 621f833b3fSCy SchubertWARNING: Use of ntp-keygen without a secure RNG may generate 631f833b3fSCy Schubert------- keys that are predictable.] 641f833b3fSCy Schubert ) 651f833b3fSCy Schubert ;; 661f833b3fSCy Schubert *) 671f833b3fSCy Schubert AC_MSG_WARN( 681f833b3fSCy Schubert[WARNING: Use of ntp-keygen without a secure RNG may generate 691f833b3fSCy Schubert------- keys that are predictable.] 701f833b3fSCy Schubert ) 71b5e14a13SCy Schubert esac 721f833b3fSCy Schubertesac 731f833b3fSCy Schubert 741f833b3fSCy SchubertAS_UNSET([ntp_ssl_random_mandatory]) 75b5e14a13SCy Schubert 76b5e14a13SCy Schubert]) dnl NTP_CRYPTO_RAND 77b5e14a13SCy Schubert 78