[trac3482] Check OpenSSL SHA-2 support in configure

ChangeLog

@@ -1,3 +1,9 @@
+835.	[build]		fdupont
+	The configure script checks if OpenSSL supports SHA-2, in order
+	to avoid very old (and likely subject to unfixed security bugs)
+	OpenSSL versions.
+	(Trac #3482, git xxx)
+
 834.	[bug]		marcin
 	Corrected the definition of the example DHCPv4 and DHCPv6 address
 	pools in the default kea.conf file.

configure.ac

@@ -817,6 +817,23 @@ EOF
     #CRYPTO_LDFLAGS="-ldl"
     CRYPTO_LDFLAGS=""
     CRYPTO_RPATH=""
+    dnl Check avaibility of SHA-2
+    AC_MSG_CHECKING([support of SHA-2])
+    LIBS_SAVED=${LIBS}
+    LIBS="$LIBS $CRYPTO_LIBS"
+    CPPFLAGS_SAVED=${CPPFLAGS}
+    CPPFLAGS="$CRYPTO_INCLUDES $CPPFLAGS"
+    AC_LINK_IFELSE(
+        [AC_LANG_PROGRAM([#include <openssl/evp.h>],
+                         [const EVP_MD* h224 = EVP_sha224();
+                          const EVP_MD* h256 = EVP_sha256();
+                          const EVP_MD* h384 = EVP_sha384();
+                          const EVP_MD* h512 = EVP_sha512();
+                          ])],
+        [AC_MSG_RESULT([yes])],
+        [AC_MSG_ERROR([missing EVP entry for SHA-2])])
+    LIBS=${LIBS_SAVED}
+    CPPFLAGS=${CPPFLAGS_SAVED}
 fi
 
 AM_CONDITIONAL(HAVE_BOTAN, test "$CRYPTO_NAME" = "Botan")