From: Fred Morcos <fred.morcos@open-xchange.com>
Date: Wed, 16 Aug 2023 12:13:31 +0000 (+0200)
Subject: Meson: Cleanup libcrypto modules
X-Git-Tag: rec-5.1.0-alpha1~80^2~213
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ccf104ad254939261560e91c5952e4e03068da4;p=thirdparty%2Fpdns.git

Meson: Cleanup libcrypto modules
---

diff --git a/meson.build b/meson.build
index c0276513f4..ed8ac40267 100644
--- a/meson.build
+++ b/meson.build
@@ -190,6 +190,7 @@ deps = [
   dep_netlibs,
   dep_libsodium,
   dep_libdecaf,
+  dep_libcrypto,
   dep_gss_tsig,
   dep_pkcs11,
   dep_yahttp,
diff --git a/meson/libcrypto/bn_new.cc b/meson/libcrypto/bn_new.cc
new file mode 100644
index 0000000000..31e0e4f464
--- /dev/null
+++ b/meson/libcrypto/bn_new.cc
@@ -0,0 +1,6 @@
+#include <openssl/bn.h>
+
+int main() {
+  BN_new();
+  return 0;
+}
diff --git a/meson/libcrypto/ecdsa/meson.build b/meson/libcrypto/ecdsa/meson.build
index ad6eb58808..69419a8908 100644
--- a/meson/libcrypto/ecdsa/meson.build
+++ b/meson/libcrypto/ecdsa/meson.build
@@ -1,17 +1,33 @@
-# libcrypto ECDSA signers
-# Inputs: libcrypto_incs libcrypto_args dep_libcrypto conf
-
-found = cxx.has_header('openssl/ecdsa.h', args: libcrypto_args, include_directories: libcrypto_incs, dependencies: dep_libcrypto, prefix: prefix, required: false)
+prefix = '''
+#include <stdarg.h>
+#include <stddef.h>
+'''
+found = cxx.has_header(
+  'openssl/ecdsa.h',
+  dependencies: dep_libcrypto,
+  prefix: prefix,
+  required: false
+)
 
 if found
-  syms = ['NID_X9_62_prime256v1', 'NID_secp384r1']
+  syms = [
+    'NID_X9_62_prime256v1',
+    'NID_secp384r1',
+  ]
+
   foreach sym: syms
-    if not cxx.has_header_symbol('openssl/evp.h', sym, args: libcrypto_args, include_directories: libcrypto_incs, dependencies: dep_libcrypto, required: false)
-      found = false
+    found = cxx.has_header_symbol(
+      'openssl/evp.h',
+      sym,
+      dependencies: dep_libcrypto,
+      required: false
+    )
+
+    if not found
       break
     endif
   endforeach
 endif
 
-conf.set10('HAVE_LIBCRYPTO_ECDSA', found, description: 'Whether we have OpenSSL libcrypto ECDSA support')
-summary('ECDSA', found, bool_yn: found or opt_libcrypto != 'auto', section: 'OpenSSL libcrypto Features')
+conf.set('HAVE_LIBCRYPTO_ECDSA', found, description: 'OpenSSL libcrypto ECDSA')
+summary('OpenSSL libcrypto ECDSA', found, bool_yn: true, section: 'Crypto')
diff --git a/meson/libcrypto/eddsa/meson.build b/meson/libcrypto/eddsa/meson.build
index 8c22c93f59..95157ab44e 100644
--- a/meson/libcrypto/eddsa/meson.build
+++ b/meson/libcrypto/eddsa/meson.build
@@ -1,17 +1,24 @@
-# Libcrypto EdDSA signers
-# Inputs: libcrypto_args libcrypto_incs dep_libcrypto conf
+syms = [
+  'ED25519',
+  'ED448',
+]
 
-syms = ['ED25519', 'ED448']
 found = false
 foreach sym: syms
-  res = cxx.has_header_symbol('openssl/evp.h', 'NID_' + sym, args: libcrypto_args, include_directories: libcrypto_incs, dependencies: dep_libcrypto, required: false)
-  if res
+  has = cxx.has_header_symbol(
+    'openssl/evp.h',
+    'NID_' + sym,
+    dependencies: dep_libcrypto,
+    required: false,
+  )
+
+  conf.set('HAVE_LIBCRYPTO_' + sym, has, description: 'OpenSSL libcrypto ' + sym)
+  summary('OpenSSL libcrypto ' + sym, has, bool_yn: true, section: 'Crypto')
+
+  if has
     found = true
-    conf.set10('HAVE_LIBCRYPTO_' + sym, true, description: 'Whether we have OpenSSL libcrypto ' + sym + ' support')
   endif
-
-  summary(sym, res, bool_yn: res or opt_libcrypto != 'auto', section: 'OpenSSL libcrypto Features')
 endforeach
 
-conf.set10('HAVE_LIBCRYPTO_EDDSA', found, description: 'Whether we have OpenSSL EdDSA support')
-summary('EdDSA', found, bool_yn: found or opt_libcrypto != 'auto', section: 'OpenSSL libcrypto Features')
+conf.set('HAVE_LIBCRYPTO_EDDSA', found, description: 'OpenSSL EdDSA support')
+summary('OpenSSL libcrypto EdDSA', found, bool_yn: true, section: 'Crypto')
diff --git a/meson/libcrypto/meson.build b/meson/libcrypto/meson.build
index 91d97aaed3..79fee21633 100644
--- a/meson/libcrypto/meson.build
+++ b/meson/libcrypto/meson.build
@@ -1,38 +1,35 @@
-# OpenSSL-based signers
-# Inputs: deps conf
-# Outputs: have_libcrypto dep_libcrypto
-
 opt_libcrypto = get_option('signers-libcrypto')
+opt_libcrypto_path = get_option('signers-libcrypto-path')
 dep_libcrypto = dependency('', required: false)
 
 ssldirs = []
-have_libcrypto = false
-if opt_libcrypto == ''
-  error('Invalid value for libcrypto option, either use auto, enabled, disabled, ' +
-        'or pass a directory where the library can be found. ' +
-        'See `meson configure` for more info.')
-endif
 
-if opt_libcrypto == 'disabled'
+if opt_libcrypto.disabled()
+  if opt_libcrypto_path != ''
+    warning('The signers-libcrypto option is set to `disabled` ' +
+            'but a path (' + opt_libcrypto_path + ') was given ' +
+            'for signers-libcrypto-path: It is going to be ignored.')
+  endif
+
+  summary('OpenSSL libcrypto', false, bool_yn: true, section: 'Crypto')
   subdir_done()
 endif
 
-# Generally, try to find libcrypto using the mechanisms provided by meson
-# (e.g. pkg-config). If an explicit directory for libcrypto was passed, use that instead.
-if opt_libcrypto == 'auto' or opt_libcrypto == 'enabled'
+# Give precedence to the custom path passed in by the user. If not, the try to find
+# libcrypto using the mechanisms provided by meson (e.g. pkg-config). If that cannot be
+# found, then look in some hard-coded paths below.
+if opt_libcrypto_path == ''
   dep_libcrypto = dependency('libcrypto', required: false)
-  have_libcrypto = dep_libcrypto.found()
 else
-  ssldirs = [opt_libcrypto]
+  ssldirs = [opt_libcrypto_path]
 endif
 
-libdir = ''
-if not have_libcrypto
+if not dep_libcrypto.found()
   warning('Could not find the libcrypto dependency, going to try to find it manually')
 
-  # Could not find libcrypto through e.g. pkg-config, and no explicit directory was passed
-  # to find the library and its headers, so try to find it in some default locations.
   if ssldirs.length() == 0
+    # Could not find libcrypto through pkg-config and no custom directory was passed to
+    # find the library and its headers, so try to find it in some default locations.
     ssldirs = [
       '/usr/local/ssl',
       '/usr/lib/ssl',
@@ -44,56 +41,38 @@ if not have_libcrypto
   endif
 
   foreach dir: ssldirs
-    have_libcrypto = cxx.has_header(dir / 'include/openssl/crypto.h')
-    if have_libcrypto
-      libdir = dir
+    have = cxx.has_header(dir / 'include/openssl/crypto.h')
+    if have
+      dep_libcrypto = declare_dependency(
+        compile_args: ['-L' + dir / 'lib'],
+        link_args: ['-lcrypto'],
+        include_directories: include_directories(dir / 'include', is_system: false),
+      )
       break
     endif
   endforeach
 endif
 
-if not have_libcrypto
-  dirs_str = ', '.join(ssldirs)
-  err_msg = 'Could not find libcrypto in ' + dirs_str
+if not dep_libcrypto.found()
+  err_msg = 'Could not find libcrypto in ' + ', '.join(ssldirs)
 
-  # It's fine if we couldn't find libcrypto anywhere, the user didn't require it anyway.
   if opt_libcrypto == 'auto'
+    # We could not find libcrypto anywhere, and the user did not require it.
     warning(err_msg)
+    summary('OpenSSL libcrypto', false, bool_yn: true, section: 'Crypto')
     subdir_done()
   endif
 
   error(err_msg)
 endif
 
-# Now, either we have a meson dependency object because we could detect libcrypto through
-# e.g. pkg-config, or we found it manually either through a user-provided directory or by
-# finding it in some default locations (see the list of hard-coded directories above).
-#
-# In the first case, we use the existing dep_libcrypto object as a dependency and keep the
-# _args and _incs lists empty. In the latter cases we do the opposite (we expect the
-# dep_libcrypto object to be empty anyway).
-
-libcrypto_args = []             # Compiler arguments
-libcrypto_incs = []             # Include directories
-if libdir != ''
-  libcrypto_args = ['-L' + libdir / 'lib', '-lcrypto']
-  libcrypto_incs = include_directories(libdir / 'include', is_system: false)
-endif
-
-prog = '''
-#include <openssl/bn.h>
-
-int main() {
-  BN_new();
-  return 0;
-}
-'''
-if not cxx.links(prog, name: 'libcrypto test program', args: libcrypto_args, include_directories: libcrypto_incs, dependencies: dep_libcrypto)
+if not cxx.links(fs.read('bn_new.cc'), name: 'libcrypto test program', dependencies: dep_libcrypto)
   err_msg = 'Cannot link against libcrypto'
 
-  # It's fine if we couldn't link against libcrypto, the user didn't require it anyway.
   if opt_libcrypto == 'auto'
+    # We could not link against libcrypto, and the user did not require it.
     warning(err_msg)
+    summary('OpenSSL libcrypto', false, bool_yn: true, section: 'Crypto')
     subdir_done()
   endif
 
@@ -110,26 +89,31 @@ funcs = [
   'RSA_get0_key',
   'OCSP_basic_sign',
 ]
+
 foreach func: funcs
-  has = cxx.has_function(func, args: libcrypto_args, include_directories: libcrypto_incs, dependencies: dep_libcrypto)
-  conf.set10('HAVE_' + func.to_upper(), has, description: 'Whether we have ' + func)
+  has = cxx.has_function(func, dependencies: dep_libcrypto)
+  conf.set('HAVE_' + func.to_upper(), has, description: 'Have libcrypto ' + func)
 endforeach
 
 prefix = '''
 #include <stdarg.h>
 #include <stddef.h>
 '''
-has = cxx.has_header_symbol('openssl/kdf.h', 'EVP_PKEY_CTX_set1_scrypt_salt', args: libcrypto_args, include_directories: libcrypto_incs, dependencies: dep_libcrypto, prefix: prefix, required: true)
-conf.set10('HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT', has, description: 'Whether we have EVP_PKEY_CTX_set1_scrypt_salt')
-
-if libdir != ''
-  dep_libcrypto = declare_dependency(compile_args: libcrypto_args + ['-I' + libdir / 'include'])
-endif
-
-deps += dep_libcrypto
-
-conf.set10('HAVE_LIBCRYPTO', have_libcrypto, description: 'Whether we build OpenSSL libcrypto-based signers')
-summary('OpenSSL libcrypto', have_libcrypto, bool_yn: true, section: 'Configuration')
+has = cxx.has_header_symbol(
+  'openssl/kdf.h',
+  'EVP_PKEY_CTX_set1_scrypt_salt',
+  dependencies: dep_libcrypto,
+  prefix: prefix,
+  required: true,
+)
+conf.set(
+  'HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT',
+  has,
+  description: 'Have libcrypto EVP_PKEY_CTX_set1_scrypt_salt',
+)
+
+conf.set('HAVE_LIBCRYPTO', dep_libcrypto.found(), description: 'OpenSSL libcrypto-based signers')
+summary('OpenSSL libcrypto', dep_libcrypto.found(), bool_yn: true, section: 'Crypto')
 
 subdir('ecdsa')                 # ECDSA signers
 subdir('eddsa')                 # EDDSA signers
diff --git a/meson_options.txt b/meson_options.txt
index fab289fd47..42c4d97ecd 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -4,7 +4,8 @@ option('fortify-source', type: 'combo', choices: ['auto', 'disabled', '1', '2',
 option('rng-kiss', type: 'boolean', value: false, description: 'Use the unsafe KISS RNG')
 option('signers-libsodium', type: 'feature', value: 'auto', description: 'Enable libsodium-based signers')
 option('signers-libdecaf', type: 'feature', value: 'auto', description: 'Enable libdecaf-based signers')
-option('signers-libcrypto', type: 'string', value: 'auto', description: 'Enable libcrypto-based signers (auto, enabled, disabled, or a path)')
+option('signers-libcrypto', type: 'feature', value: 'auto', description: 'Enable OpenSSL libcrypto-based signers)')
+option('signers-libcrypto-path', type: 'string', value: '', description: 'Custom path to find OpenSSL libcrypto')
 option('tls-libssl', type: 'feature', value: 'auto', description: 'Enable OpenSSL-based TLS')
 option('tls-gnutls', type: 'feature', value: 'auto', description: 'Enable GnuTLS-based TLS')
 option('dns-over-tls', type: 'boolean', value: false, description: 'Enable DNS over TLS (requires GnuTLS or OpenSSL)')