diff --git a/CHANGELOG b/CHANGELOG index 40c9ace44..bdc66ba2b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ #Nmap Changelog ($Id$); -*-text-*- +o [GH#2420][GH#2436] Support for EC crypto was not properly enabled if Nmap + was compiled with OpenSSL in a custom location. [nnposter] + o [GH#2388] Fix TDS7 password encoding for mssql.lua, which had been assuming ASCII input even though other parts of the library had been passing it Unicode. diff --git a/configure b/configure index f8e1358f0..a2077eef1 100755 --- a/configure +++ b/configure @@ -5893,6 +5893,64 @@ fi +# OpenSSL and NSE C modules can require dlopen +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +$as_echo_n "checking for library containing dlopen... " >&6; } +if ${ac_cv_search_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_dlopen=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_dlopen+:} false; then : + break +fi +done +if ${ac_cv_search_dlopen+:} false; then : + +else + ac_cv_search_dlopen=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +$as_echo "$ac_cv_search_dlopen" >&6; } +ac_res=$ac_cv_search_dlopen +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + # We test whether they specified openssl desires explicitly use_openssl="yes" specialssldir="" @@ -5917,12 +5975,15 @@ fi # If they didn't specify it, we try to find it -if test "$use_openssl" = "yes" -a -z "$specialssldir"; then +if test "$use_openssl" = "yes"; then ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default" if test "x$ac_cv_header_openssl_ssl_h" = xyes; then : else use_openssl="no" + if test -n "$specialssldir"; then + as_fn_error $? "Specific OpenSSL location was requested but openssl/ssl.h was not found. Try correcting the --with-openssl=DIR argument." "$LINENO" 5 + fi if test "$with_openssl" = "yes"; then as_fn_error $? "OpenSSL was explicitly requested but openssl/ssl.h was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 fi @@ -5932,10 +5993,11 @@ $as_echo "$as_me: WARNING: Failed to find openssl/ssl.h so OpenSSL will not be u fi +fi # use_openssl="yes" given explicitly in next 2 rules to avoid adding lib to $LIBS - if test "$use_openssl" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BIO_int_ctrl in -lcrypto" >&5 +if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BIO_int_ctrl in -lcrypto" >&5 $as_echo_n "checking for BIO_int_ctrl in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_BIO_int_ctrl+:} false; then : $as_echo_n "(cached) " >&6 @@ -5975,18 +6037,21 @@ if test "x$ac_cv_lib_crypto_BIO_int_ctrl" = xyes; then : use_openssl="yes" else use_openssl="no" - if test "$with_openssl" = "yes"; then - as_fn_error $? "OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 + if test -n "$specialssldir"; then + as_fn_error $? "Specific OpenSSL location was requested but libcrypto was not found. Try correcting the --with-openssl=DIR argument." "$LINENO" 5 + fi + if test "$with_openssl" = "yes"; then + as_fn_error $? "OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 $as_echo "$as_me: WARNING: Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&2;} fi - fi +fi - if test "$use_openssl" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 +if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5 $as_echo_n "checking for SSL_new in -lssl... " >&6; } if ${ac_cv_lib_ssl_SSL_new+:} false; then : $as_echo_n "(cached) " >&6 @@ -6026,17 +6091,21 @@ if test "x$ac_cv_lib_ssl_SSL_new" = xyes; then : use_openssl="yes" else use_openssl="no" - if test "$with_openssl" = "yes"; then - as_fn_error $? "OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 + if test -n "$specialssldir"; then + as_fn_error $? "Specific OpenSSL location was requested but libssl was not found. Try correcting the --with-openssl=DIR argument." "$LINENO" 5 + fi + if test "$with_openssl" = "yes"; then + as_fn_error $? "OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl." "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&5 $as_echo "$as_me: WARNING: Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument" >&2;} + fi - fi +fi - if test "$use_openssl" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_PKEY_get1_EC_KEY in -lcrypto" >&5 +if test "$use_openssl" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_PKEY_get1_EC_KEY in -lcrypto" >&5 $as_echo_n "checking for EVP_PKEY_get1_EC_KEY in -lcrypto... " >&6; } if ${ac_cv_lib_crypto_EVP_PKEY_get1_EC_KEY+:} false; then : $as_echo_n "(cached) " >&6 @@ -6081,7 +6150,6 @@ else $as_echo "$as_me: WARNING: Disabling support for EC crypto" >&2;} fi - fi fi OPENSSL_LIBS= @@ -6999,64 +7067,6 @@ $as_echo "#define LUA_INCLUDED 1" >>confdefs.h fi -# OpenSSL and NSE C modules can require dlopen -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 -$as_echo_n "checking for library containing dlopen... " >&6; } -if ${ac_cv_search_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char dlopen (); -int -main () -{ -return dlopen (); - ; - return 0; -} -_ACEOF -for ac_lib in '' dl; do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dlopen=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext - if ${ac_cv_search_dlopen+:} false; then : - break -fi -done -if ${ac_cv_search_dlopen+:} false; then : - -else - ac_cv_search_dlopen=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 -$as_echo "$ac_cv_search_dlopen" >&6; } -ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - - # They don't want lua if test "$no_lua" = "yes"; then trace_no_use="$trace_no_use lua" diff --git a/configure.ac b/configure.ac index ac123afd6..8a38367fb 100644 --- a/configure.ac +++ b/configure.ac @@ -342,6 +342,9 @@ AC_SUBST(UNINSTALLNPING) AC_SUBST(NPING_CLEAN) AC_SUBST(NPING_DIST_CLEAN) +# OpenSSL and NSE C modules can require dlopen +AC_SEARCH_LIBS(dlopen, dl) + # We test whether they specified openssl desires explicitly use_openssl="yes" specialssldir="" @@ -363,43 +366,53 @@ AC_HELP_STRING([--with-openssl=DIR],[Use optional openssl libs and includes from ) # If they didn't specify it, we try to find it -if test "$use_openssl" = "yes" -a -z "$specialssldir"; then +if test "$use_openssl" = "yes"; then AC_CHECK_HEADER(openssl/ssl.h,, [ use_openssl="no" + if test -n "$specialssldir"; then + AC_MSG_ERROR([Specific OpenSSL location was requested but openssl/ssl.h was not found. Try correcting the --with-openssl=DIR argument.]) + fi if test "$with_openssl" = "yes"; then AC_MSG_ERROR([OpenSSL was explicitly requested but openssl/ssl.h was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) fi AC_MSG_WARN([Failed to find openssl/ssl.h so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ]) +fi # use_openssl="yes" given explicitly in next 2 rules to avoid adding lib to $LIBS - if test "$use_openssl" = "yes"; then - AC_CHECK_LIB(crypto, BIO_int_ctrl, +if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(crypto, BIO_int_ctrl, [ use_openssl="yes"], [ use_openssl="no" - if test "$with_openssl" = "yes"; then - AC_MSG_ERROR([OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) - fi - AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) - ]) - fi + if test -n "$specialssldir"; then + AC_MSG_ERROR([Specific OpenSSL location was requested but libcrypto was not found. Try correcting the --with-openssl=DIR argument.]) + fi + if test "$with_openssl" = "yes"; then + AC_MSG_ERROR([OpenSSL was explicitly requested but libcrypto was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) + fi + AC_MSG_WARN([Failed to find libcrypto so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) + ]) +fi - if test "$use_openssl" = "yes"; then - AC_CHECK_LIB(ssl, SSL_new, +if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(ssl, SSL_new, [ use_openssl="yes" ], [ use_openssl="no" - if test "$with_openssl" = "yes"; then - AC_MSG_ERROR([OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) - fi - AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) ], + if test -n "$specialssldir"; then + AC_MSG_ERROR([Specific OpenSSL location was requested but libssl was not found. Try correcting the --with-openssl=DIR argument.]) + fi + if test "$with_openssl" = "yes"; then + AC_MSG_ERROR([OpenSSL was explicitly requested but libssl was not found. Try the --with-openssl=DIR argument to give the location of OpenSSL or run configure with --without-openssl.]) + fi + AC_MSG_WARN([Failed to find libssl so OpenSSL will not be used. If it is installed you can try the --with-openssl=DIR argument]) + ], [ -lcrypto ]) - fi +fi - if test "$use_openssl" = "yes"; then - AC_CHECK_LIB(crypto, EVP_PKEY_get1_EC_KEY, - [AC_DEFINE(HAVE_OPENSSL_EC, 1, [Have EVP_PKEY_get1_EC_KEY])], - [AC_MSG_WARN([Disabling support for EC crypto])]) - fi +if test "$use_openssl" = "yes"; then + AC_CHECK_LIB(crypto, EVP_PKEY_get1_EC_KEY, + [AC_DEFINE(HAVE_OPENSSL_EC, 1, [Have EVP_PKEY_get1_EC_KEY])], + [AC_MSG_WARN([Disabling support for EC crypto])]) fi OPENSSL_LIBS= @@ -808,9 +821,6 @@ AC_HELP_STRING([--without-liblua], [Compile without lua (this will exclude all o esac] ) -# OpenSSL and NSE C modules can require dlopen -AC_SEARCH_LIBS(dlopen, dl) - # They don't want lua if test "$no_lua" = "yes"; then trace_no_use="$trace_no_use lua"