12b15cb3dSCy Schubert# SYNOPSIS -*- Autoconf -*- 22b15cb3dSCy Schubert# 32b15cb3dSCy Schubert# NTP_CRYPTO_RAND 42b15cb3dSCy Schubert# 52b15cb3dSCy Schubert# DESCRIPTION 62b15cb3dSCy Schubert# 72b15cb3dSCy Schubert# AUTHOR 82b15cb3dSCy Schubert# 92b15cb3dSCy Schubert# Harlan Stenn 102b15cb3dSCy Schubert# 112b15cb3dSCy Schubert# LICENSE 122b15cb3dSCy Schubert# 132b15cb3dSCy Schubert# This file is Copyright (c) 2014 Network Time Foundation 142b15cb3dSCy Schubert# 152b15cb3dSCy Schubert# Copying and distribution of this file, with or without modification, are 162b15cb3dSCy Schubert# permitted in any medium without royalty provided the copyright notice, 172b15cb3dSCy Schubert# author attribution and this notice are preserved. This file is offered 182b15cb3dSCy Schubert# as-is, without any warranty. 192b15cb3dSCy Schubert 202b15cb3dSCy SchubertAC_DEFUN([NTP_CRYPTO_RAND], [ 21a466cc55SCy SchubertAC_REQUIRE([NTP_OPENSSL])dnl 222b15cb3dSCy Schubert 232b15cb3dSCy Schubertdnl check for --disable-openssl-random 242b15cb3dSCy Schubertdnl if that's not specified: 252b15cb3dSCy Schubertdnl - Look for RAND_poll and RAND_bytes 262b15cb3dSCy Schubertdnl - if they exist, define USE_OPENSSL_CRYPTO_RAND 272b15cb3dSCy Schubert 28*f5f40dd6SCy SchubertAC_MSG_CHECKING([if we want to use SSL library's secure random numbers]) 292b15cb3dSCy SchubertAC_ARG_ENABLE( 302b15cb3dSCy Schubert [openssl-random], 312b15cb3dSCy Schubert [AS_HELP_STRING( 322b15cb3dSCy Schubert [--enable-openssl-random], 33*f5f40dd6SCy Schubert [+ Use SSL lib's secure random numbers] 342b15cb3dSCy Schubert )], 35*f5f40dd6SCy Schubert [ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval], 36*f5f40dd6SCy Schubert [ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no] 372b15cb3dSCy Schubert) 382b15cb3dSCy SchubertAC_MSG_RESULT([$ntp_use_openssl_random]) 392b15cb3dSCy Schubert 402b15cb3dSCy Schubert# The following might need extra libraries 412b15cb3dSCy SchubertNTPO_SAVED_LIBS="$LIBS" 422b15cb3dSCy SchubertLIBS="$NTPO_SAVED_LIBS $LDADD_NTP" 432b15cb3dSCy Schubertdnl AC_MSG_NOTICE([LIBS is <$LIBS>]) 442b15cb3dSCy SchubertAC_CHECK_FUNCS([RAND_bytes RAND_poll]) 452b15cb3dSCy SchubertLIBS="$NTPO_SAVED_LIBS" 46a466cc55SCy Schubertcase "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in 47a466cc55SCy Schubert yesyesyesyes) 48*f5f40dd6SCy Schubert AC_MSG_NOTICE([Using SSL library's secure random number generator]) 492b15cb3dSCy Schubert AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) 502b15cb3dSCy Schubert ;; 51*f5f40dd6SCy Schubert *) 52*f5f40dd6SCy Schubert ntp_use_openssl_random=no 53*f5f40dd6SCy Schubert AC_MSG_NOTICE([SSL library's secure random number generator unavailable.]) 54*f5f40dd6SCy Schubert case "$ntp_ssl_random_mandatory" in 55*f5f40dd6SCy Schubert yes) 56*f5f40dd6SCy Schubert AC_MSG_ERROR( 57*f5f40dd6SCy Schubert[No suitable SSL library was found and 58*f5f40dd6SCy Schubert--enable-openssl-random was given.. Remove --enable-openssl-random 59*f5f40dd6SCy Schubertif you wish to build without a cryptographically secure random number 60*f5f40dd6SCy Schubertgenerator. 61*f5f40dd6SCy Schubert 62*f5f40dd6SCy SchubertWARNING: Use of ntp-keygen without a secure RNG may generate 63*f5f40dd6SCy Schubert------- keys that are predictable.] 64*f5f40dd6SCy Schubert ) 65*f5f40dd6SCy Schubert ;; 66*f5f40dd6SCy Schubert *) 67*f5f40dd6SCy Schubert AC_MSG_WARN( 68*f5f40dd6SCy Schubert[WARNING: Use of ntp-keygen without a secure RNG may generate 69*f5f40dd6SCy Schubert------- keys that are predictable.] 70*f5f40dd6SCy Schubert ) 712b15cb3dSCy Schubert esac 72*f5f40dd6SCy Schubertesac 73*f5f40dd6SCy Schubert 74*f5f40dd6SCy SchubertAS_UNSET([ntp_ssl_random_mandatory]) 752b15cb3dSCy Schubert 762b15cb3dSCy Schubert]) dnl NTP_CRYPTO_RAND 772b15cb3dSCy Schubert 78