diff options
| author | Carlo Marcelo Arenas Belón <carenas@gmail.com> | 2022-04-04 21:28:26 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2022-04-06 09:04:50 -0700 |
| commit | 5b52d9f15e311b82ee5f5c5ed9927c65b63731bf (patch) | |
| tree | a4eb036738b7ca97fb2862e32b7676007353634b | |
| parent | wrapper: use a CSPRNG to generate random file names (diff) | |
| download | git-5b52d9f15e311b82ee5f5c5ed9927c65b63731bf.tar.gz git-5b52d9f15e311b82ee5f5c5ed9927c65b63731bf.zip | |
git-compat-util: really support openssl as a source of entropy
05cd988dce5 (wrapper: add a helper to generate numbers from a CSPRNG,
2022-01-17), configure openssl as the source for entropy in NON-STOP
but doesn't add the needed header or link options.
Since the only system that is configured to use openssl as a source
of entropy is NON-STOP, add the header unconditionally, and -lcrypto
to the list of external libraries.
An additional change is required to make sure a NO_OPENSSL=1 build
will be able to work as well (tested on Linux with a modified value
of CSPRNG_METHOD = openssl), and the more complex logic that allows
for compatibility with APPLE_COMMON_CRYPTO or allowing for simpler
ways to link (without libssl) has been punted for now.
Reported-by: Randall Becker <rsbecker@nexbridge.com>
Signed-off-by: Carlo Marcelo Arenas Belón <carenas@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Makefile | 1 | ||||
| -rw-r--r-- | git-compat-util.h | 4 | ||||
| -rw-r--r-- | imap-send.c | 2 |
3 files changed, 6 insertions, 1 deletions
@@ -1940,6 +1940,7 @@ endif ifneq ($(findstring openssl,$(CSPRNG_METHOD)),) BASIC_CFLAGS += -DHAVE_OPENSSL_CSPRNG + EXTLIBS += -lcrypto -lssl endif ifneq ($(PROCFS_EXECUTABLE_PATH),) diff --git a/git-compat-util.h b/git-compat-util.h index 50597c76be..f439f2691d 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -521,6 +521,10 @@ void warning_errno(const char *err, ...) __attribute__((format (printf, 1, 2))); #include <openssl/x509v3.h> #endif /* NO_OPENSSL */ +#ifdef HAVE_OPENSSL_CSPRNG +#include <openssl/rand.h> +#endif + /* * Let callers be aware of the constant return value; this can help * gcc with -Wuninitialized analysis. We restrict this trick to gcc, though, diff --git a/imap-send.c b/imap-send.c index e6090a0346..c091b4e94b 100644 --- a/imap-send.c +++ b/imap-send.c @@ -27,7 +27,7 @@ #include "exec-cmd.h" #include "run-command.h" #include "parse-options.h" -#ifdef NO_OPENSSL +#if defined(NO_OPENSSL) && !defined(HAVE_OPENSSL_CSPRNG) typedef void *SSL; #endif #ifdef USE_CURL_FOR_IMAP_SEND |