Merge pull request #5913 from douzzer/20221219-no-sha-1-all-crypto

20221219-no-sha-1-all-crypto
2022-12-22 17:02:58 -08:00
parent 1b18da7e87 455e76873c
commit 49d23cf60a
7 changed files with 147 additions and 41 deletions
@@ -2998,9 +2998,12 @@ AC_ARG_ENABLE([dsa],
    [ ENABLED_DSA=no ]
    )

-if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
+if test "$enable_dsa" = ""
 then
-    ENABLED_DSA="yes"
+    if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
+    then
+        ENABLED_DSA="yes"
+    fi
 fi

 if test "$ENABLED_DSA" = "no"
@@ -4115,6 +4118,11 @@ else
    fi
 fi

+if test "$ENABLED_SHA" = "no" && test "$ENABLED_DSA" != "no"
+then
+    AC_MSG_ERROR([please disable DSA if disabling SHA-1.])
+fi
+

 # SipHash
 AC_ARG_ENABLE([siphash],
@@ -7746,8 +7754,9 @@ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
      [AC_MSG_ERROR([please enable ecc or rsa if enabling pkcs7.])])

 AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
-       test "x$ENABLED_SHA" = "xno"],
-      [AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
+       test "x$ENABLED_SHA" = "xno" && \
+       test "x$ENABLED_SHA256" = "xno"],
+      [AC_MSG_ERROR([please enable sha or sha256 if enabling pkcs7.])])

 AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
       test "x$ENABLED_AES" = "xno" && \