diff options
Diffstat (limited to 'sntp/m4/ntp_crypto_rand.m4')
| -rw-r--r-- | sntp/m4/ntp_crypto_rand.m4 | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/sntp/m4/ntp_crypto_rand.m4 b/sntp/m4/ntp_crypto_rand.m4 index 9d554226f44c..391f1cbd5992 100644 --- a/sntp/m4/ntp_crypto_rand.m4 +++ b/sntp/m4/ntp_crypto_rand.m4 @@ -25,15 +25,15 @@ dnl if that's not specified: dnl - Look for RAND_poll and RAND_bytes dnl - if they exist, define USE_OPENSSL_CRYPTO_RAND -AC_MSG_CHECKING([if we want to use OpenSSL's crypto random (if available)]) +AC_MSG_CHECKING([if we want to use SSL library's secure random numbers]) AC_ARG_ENABLE( [openssl-random], [AS_HELP_STRING( [--enable-openssl-random], - [Use OpenSSL's crypto random number functions, if available (default is yes)] + [+ Use SSL lib's secure random numbers] )], - [ntp_use_openssl_random=$enableval], - [ntp_use_openssl_random=yes] + [ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval], + [ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no] ) AC_MSG_RESULT([$ntp_use_openssl_random]) @@ -45,10 +45,33 @@ AC_CHECK_FUNCS([RAND_bytes RAND_poll]) LIBS="$NTPO_SAVED_LIBS" case "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in yesyesyesyes) - AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) - ;; - *) ntp_use_openssl_random=no ;; + AC_MSG_NOTICE([Using SSL library's secure random number generator]) + AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) + ;; + *) + ntp_use_openssl_random=no + AC_MSG_NOTICE([SSL library's secure random number generator unavailable.]) + case "$ntp_ssl_random_mandatory" in + yes) + AC_MSG_ERROR( +[No suitable SSL library was found and +--enable-openssl-random was given.. Remove --enable-openssl-random +if you wish to build without a cryptographically secure random number +generator. + +WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable.] + ) + ;; + *) + AC_MSG_WARN( +[WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable.] + ) + esac esac +AS_UNSET([ntp_ssl_random_mandatory]) + ]) dnl NTP_CRYPTO_RAND |