|
@ -1,34 +0,0 @@ |
|
|
From 9126ec99ca9e136666cbba5b48a8a02cb11350e0 Mon Sep 17 00:00:00 2001 |
|
|
|
|
|
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
|
|
|
|
|
Date: Mon, 15 Oct 2018 11:16:54 -0400 |
|
|
|
|
|
Subject: [PATCH] Automatically detect whether Curve25519 is available in NSS |
|
|
|
|
|
for USE_DH31 |
|
|
|
|
|
|
|
|
|
|
|
currently, USE_DH31 defaults to true. |
|
|
|
|
|
|
|
|
|
|
|
On some platforms, where older versions of NSS are in use, this should |
|
|
|
|
|
default to false. |
|
|
|
|
|
|
|
|
|
|
|
This patch automatically detects such systems and disables USE_DH31 on |
|
|
|
|
|
those platforms. |
|
|
|
|
|
|
|
|
|
|
|
It produces some amount of noise on stderr about CURVE_25519 during |
|
|
|
|
|
the build on those older platforms, but that seems ok to me, since |
|
|
|
|
|
those platforms should know that they're missing a modern feature. |
|
|
|
|
|
|
|
|
|
|
|
If you prefer less noise, i'd be happy with any modification that does |
|
|
|
|
|
a similar sort of autodetection. |
|
|
|
|
|
|
|
|
|
|
|
diff --git a/mk/userland-cflags.mk b/mk/userland-cflags.mk
|
|
|
|
|
|
index d0a88b1aa1..7d88874b1c 100644
|
|
|
|
|
|
--- a/mk/userland-cflags.mk
|
|
|
|
|
|
+++ b/mk/userland-cflags.mk
|
|
|
|
|
|
@@ -240,7 +240,7 @@ ifeq ($(USE_DH24),true)
|
|
|
|
|
|
USERLAND_CFLAGS += -DUSE_DH24 |
|
|
|
|
|
endif |
|
|
|
|
|
|
|
|
|
|
|
-USE_DH31 ?= true
|
|
|
|
|
|
+USE_DH31 ?= $(shell if printf '\#include <secoidt.h>\nint main() { return SEC_OID_CURVE25519; }\n'| $(CC) -x c $$(pkg-config --cflags nss) -o /dev/null -; then echo true; else echo false; fi )
|
|
|
|
|
|
ifeq ($(USE_DH31),true) |
|
|
|
|
|
USERLAND_CFLAGS += -DUSE_DH31 |
|
|
|
|
|
endif |
|
|
|