1 dnl sxe-crypto.m4 -- Cryptographical stuff
6 AC_DEFUN([SXE_PATH_OPENSSL_BIN], [dnl
7 AC_CHECK_PROG([have_openssl_bin], [openssl], [yes], [no])
8 AC_PATH_PROG([OPENSSL_BIN], [openssl], [echo])
9 ])dnl SXE_PATH_OPENSSL_BIN
11 AC_DEFUN([SXE_OPENSSL_VERSION], [dnl
12 ## assumes SXE_PATH_OPENSSL_BIN has been run already
13 AC_MSG_CHECKING([for openssl version])
14 if test "$have_openssl_bin" = "yes"; then
15 OPENSSL_VERSION=`$OPENSSL_BIN version`
17 OPENSSL_VERSION="unknown"
19 AC_MSG_RESULT([$OPENSSL_VERSION])
21 AC_MSG_CHECKING([whether OpenSSL version is recent enough])
22 ## we allow 0.9.7e-?, 0.9.8* and 0.9.9*
23 allowed_versions="0.9.7[e-z] 0.9.8* 0.9.9* 1.0.0*"
25 for ver in $allowed_versions; do
26 if echo "$OPENSSL_VERSION" | ${GREP-grep} -q "$ver"; then
31 AC_MSG_RESULT([$OPENSSL_SANE_P])
32 ])dnl SXE_OPENSSL_VERSION
34 AC_DEFUN([SXE_TRY_OPENSSL_HISTORICAL_PREFIX], [dnl
35 ## ooh, maybe this historical trap to install at /usr/local/ssl
36 OPENSSL_CPPFLAGS="-I/usr/local/ssl/include"
37 OPENSSL_LDFLAGS="-L/usr/local/ssl/lib"
39 ## now append these candidates to our c_switch and ld_switch
41 SXE_APPEND_UNDUP([$OPENSSL_CPPFLAGS], [CPPFLAGS])
42 SXE_APPEND_UNDUP([$OPENSSL_LDFLAGS], [LDFLAGS])
45 SXE_CHECK_HEADERS([openssl/crypto.h])
46 SXE_CHECK_HEADERS([openssl/x509.h openssl/pem.h])
47 SXE_CHECK_HEADERS([openssl/ssl.h openssl/bio.h])
48 AC_CHECK_LIB([crypto], [OPENSSL_cleanse],
49 [have_libcrypto=yes], [have_libcrypto=no])
53 if test "$ac_cv_header_openssl_crypto_h $have_libcrypto" != "yes yes"; then
56 openssl_historical_prefix_worked="no"
58 openssl_historical_prefix_worked="yes"
60 ])dnl SXE_TRY_OPENSSL_HISTORICAL_PREFIX
62 AC_DEFUN([SXE_TRY_OPENSSL_BIN_PREFIX], [dnl
63 ## use the dirname of the openssl binary to determine the prefix of SSL
64 openssl_bindir=`dirname $OPENSSL_BIN`
65 openssl_prefix_maybe=`dirname $openssl_bindir`
66 OPENSSL_CPPFLAGS="-I$openssl_prefix_maybe/include"
67 OPENSSL_LDFLAGS="-L$openssl_prefix_maybe/lib"
69 ## now append these candidates to our c_switch and ld_switch
71 SXE_APPEND_UNDUP([$OPENSSL_CPPFLAGS], [CPPFLAGS])
72 SXE_APPEND_UNDUP([$OPENSSL_LDFLAGS], [LDFLAGS])
75 SXE_CHECK_HEADERS([openssl/crypto.h])
76 SXE_CHECK_HEADERS([openssl/x509.h openssl/pem.h])
77 SXE_CHECK_HEADERS([openssl/ssl.h openssl/bio.h])
78 AC_CHECK_LIB([ssl], [SSL_connect],
79 [have_libssl=yes], [have_libssl=no])
80 AC_CHECK_LIB([crypto], [OPENSSL_cleanse],
81 [have_libcrypto=yes], [have_libcrypto=no])
85 if test "$ac_cv_header_openssl_crypto_h $have_libcrypto $have_libssl " != "yes yes yes"; then
88 openssl_bin_prefix_worked="no"
90 openssl_bin_prefix_worked="yes"
92 ])dnl SXE_TRY_OPENSSL_BIN_PREFIX
94 AC_DEFUN([SXE_CHECK_OPENSSL_LOCS], [dnl
95 ## defines OPENSSL_CPPFLAGS and OPENSSL_LDFLAGS if needed
97 dnl Look for these standard header file locations
98 OPENSSL_LIBS="-lssl -lcrypto"
99 SXE_CHECK_HEADERS([openssl/crypto.h])
100 SXE_CHECK_HEADERS([openssl/x509.h openssl/pem.h])
101 SXE_CHECK_HEADERS([openssl/ssl.h openssl/bio.h])
102 AC_CHECK_LIB([crypto], [OPENSSL_cleanse],
103 [have_libcrypto=yes], [have_libcrypto=no])
104 AC_CHECK_LIB([ssl], [SSL_connect],
105 [have_libssl=yes], [have_libssl=no])
106 if test "$ac_cv_header_openssl_crypto_h $have_libcrypto $have_libssl" != "yes yes yes"; then
108 unset ac_cv_header_openssl_crypto_h
109 unset ac_cv_lib_crypto_OPENSSL_cleanse
110 SXE_TRY_OPENSSL_BIN_PREFIX
111 if test "$openssl_bin_prefix_worked" != "yes"; then
113 unset ac_cv_header_openssl_crypto_h
114 unset ac_cv_lib_crypto_OPENSSL_cleanse
115 SXE_TRY_OPENSSL_HISTORICAL_PREFIX
118 ## the location was known already, nothing to do now
121 ])dnl SXE_CHECK_OPENSSL_LOCS
123 AC_DEFUN([SXE_CHECK_OPENSSL_FEATURES], [dnl
124 dnl test for some special purpose stuff in libcrypto
125 AC_CHECK_LIB([crypto], [RSA_new], [openssl_no_rsa=no], [openssl_no_rsa=yes])
126 AC_CHECK_LIB([crypto], [DSA_new], [openssl_no_dsa=no], [openssl_no_dsa=yes])
127 AC_CHECK_LIB([crypto], [ECDSA_SIG_new], [openssl_no_ecdsa=no],
128 [openssl_no_ecdsa=yes])
129 AC_CHECK_LIB([crypto], [ECDH_OpenSSL], [openssl_no_ecdh=no],
130 [openssl_no_ecdh=yes])
131 AC_CHECK_LIB([crypto], [EC_KEY_new], [openssl_no_ec=no], [openssl_no_ec=yes])
132 AC_CHECK_LIB([crypto], [DH_new], [openssl_no_dh=no], [openssl_no_dh=yes])
133 if test "$openssl_no_rsa" = "yes"; then
134 AC_DEFINE([OPENSSL_NO_RSA], [1], [Description here!])
136 if test "$openssl_no_dsa" = "yes"; then
137 AC_DEFINE([OPENSSL_NO_DSA], [1], [Description here!])
139 if test "$openssl_no_ecdsa" = "yes"; then
140 AC_DEFINE([OPENSSL_NO_ECDSA], [1], [Description here!])
142 if test "$openssl_no_ecdh" = "yes"; then
143 AC_DEFINE([OPENSSL_NO_ECDH], [1], [Description here!])
145 if test "$openssl_no_ec" = "yes"; then
146 AC_DEFINE([OPENSSL_NO_EC], [1], [Description here!])
148 if test "$openssl_no_dh" = "yes"; then
149 AC_DEFINE([OPENSSL_NO_DH], [1], [Description here!])
152 dnl check for libssl support
153 AC_CHECK_LIB([ssl], [SSL_new], [openssl_ssl=yes], [openssl_ssl=no])
154 if test "$openssl_ssl" = "yes"; then
155 AC_DEFINE([OPENSSL_SSL], [1], [Description here!])
157 ])dnl SXE_CHECK_OPENSSL_FEATURES
159 AC_DEFUN([SXE_CHECK_OPENSSL_FUNCS], [dnl
161 LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
162 CPPFLAGS="$CPPFLAGS $OPENSSL_CPPFLAGS"
163 LIBS="$LIBS $OPENSSL_LIBS"
165 OpenSSL_add_all_digests OpenSSL_add_all_ciphers dnl
166 RAND_bytes RAND_query_egd_bytes RAND_status dnl
167 EVP_cleanup EVP_MD_CTX_init EVP_DigestInit_ex dnl
168 EVP_DigestUpdate EVP_DigestFinal_ex EVP_MD_CTX_cleanup dnl
169 HMAC_CTX_init HMAC_Init HMAC_Update HMAC_Final HMAC_CTX_cleanup dnl
170 EVP_BytesToKey EVP_CIPHER_CTX_init EVP_EncryptInit dnl
171 EVP_EncryptUpdate EVP_EncryptFinal EVP_DecryptInit dnl
172 EVP_DecryptUpdate EVP_DecryptFinal EVP_CIPHER_CTX_cleanup dnl
173 EVP_PKEY_new RSA_generate_key DSA_generate_parameters dnl
174 DSA_generate_key EC_get_builtin_curves dnl
175 EC_KEY_new_by_curve_name EC_KEY_generate_key dnl
176 EC_KEY_set_private_key EC_KEY_dup dnl
177 EVP_SealInit EVP_SealFinal EVP_OpenInit EVP_OpenFinal dnl
178 EVP_SignFinal EVP_VerifyFinal dnl
179 PEM_read_X509 PEM_read_PUBKEY PEM_read_PrivateKey dnl
180 PEM_write_PUBKEY PEM_write_PKCS8PrivateKey dnl
181 BIO_new BIO_free BIO_printf BIO_dump BIO_get_callback_arg dnl
182 BIO_set_callback BIO_set_callback_arg BIO_read dnl
183 SSL_library_init SSL_load_error_strings dnl
184 SSLv2_client_method SSLv3_client_method dnl
185 SSLv23_client_method TLSv1_client_method dnl
186 SSLv2_server_method SSLv3_server_method dnl
187 SSLv23_server_method TLSv1_server_method dnl
188 SSL_CTX_new SSL_CTX_free SSL_CTX_add_client_CA dnl
189 SSL_CTX_load_verify_locations SSL_CTX_use_certificate dnl
190 SSL_CTX_use_PrivateKey SSL_CTX_check_private_key dnl
191 SSL_CTX_use_certificate_file SSL_CTX_use_PrivateKey_file dnl
192 SSL_do_handshake SSL_get_error ssl_verify_cert_chain dnl
193 SSL_get_peer_cert_chain SSL_pending SSL_get_certificate dnl
194 SSL_get_peer_certificate X509_verify_cert_error_string dnl
195 SSL_get_verify_result SSL_get_current_cipher SSL_CIPHER_get_bits])
196 if test x"$ac_TLSv1_client_method" = xyes; then
197 AC_DEFINE([HAVE_TLSV1_CLIENT_METHOD], 1, [TLSv1 client methods available])
199 if test x"$ac_SSLv2_client_method" = xyes; then
200 AC_DEFINE([HAVE_SSLV2_CLIENT_METHOD], 1, [SSLv2 client methods available])
202 if test x"$ac_SSLv3_client_method" = xyes; then
203 AC_DEFINE([HAVE_SSLV3_CLIENT_METHOD], 1, [SSLv3 client methods available])
205 if test x"$ac_SSLv23_client_method" = xyes; then
206 AC_DEFINE([HAVE_SSLV23_CLIENT_METHOD], 1, [SSLv23 client methods available])
208 if test x"$ac_TLSv1_server_method" = xyes; then
209 AC_DEFINE([HAVE_TLSV1_SERVER_METHOD], 1, [TLSv1 server methods available])
211 if test x"$ac_SSLv2_server_method" = xyes; then
212 AC_DEFINE([HAVE_SSLV2_SERVER_METHOD], 1, [SSLv2 server methods available])
214 if test x"$ac_SSLv3_server_method" = xyes; then
215 AC_DEFINE([HAVE_SSLV3_SERVER_METHOD], 1, [SSLv3 server methods available])
217 if test x"$ac_SSLv23_server_method" = xyes; then
218 AC_DEFINE([HAVE_SSLV23_SERVER_METHOD], 1, [SSLv23 server methods available])
220 if test x"$ac_ssl_verify_cert_chain" = xyes; then
221 AC_DEFINE([HAVE_SSL_VERIFY_CERT_CHAIN], 1, [ssl_verify_cert_chain available])
224 ])dnl SXE_CHECK_OPENSSL_FUNCS
226 AC_DEFUN([SXE_CHECK_OPENSSL], [dnl
227 AC_MSG_CHECKING([for OpenSSL])
231 dnl defines OPENSSL_VERSION and OPENSSL_SANE_P
233 if test "$OPENSSL_SANE_P" = "yes"; then
234 SXE_CHECK_OPENSSL_LOCS
235 if test "$have_libssl $have_libcrypto" = "yes yes"; then
237 SXE_CHECK_OPENSSL_FEATURES
238 SXE_CHECK_OPENSSL_FUNCS
241 ])dnl SXE_CHECK_OPENSSL
244 dnl Kerberos detection
245 dnl ==================
247 AC_DEFUN([SXE_CHECK_KERBEROS], [dnl
248 ## defines sxe_cv_feat_kerberos
249 ## call like this SXE_CHECK_GMP([<if-found>], [<if-not-found>])
250 pushdef([ACTION_IF_FOUND], [$1])
251 pushdef([ACTION_IF_NOT_FOUND], [$2])
253 AC_CACHE_CHECK([for kerberos support],
254 [sxe_cv_feat_kerberos], [_SXE_CHECK_KERBEROS])
256 if test "$sxe_cv_feat_kerberos5" = "yes"; then
257 AC_DEFINE([HAVE_KERBEROS5], [1],
258 [Whether kerberos5 support is available!])
260 if test "$sxe_cv_feat_kerberos" = "yes"; then
262 AC_DEFINE([HAVE_KERBEROS], [1],
263 [Whether kerberos support is available!])
270 popdef([ACTION_IF_FOUND])
271 popdef([ACTION_IF_NOT_FOUND])
272 ])dnl SXE_CHECK_KERBEROS
274 AC_DEFUN([SXE_CHECK_KERBEROS5], [dnl
275 ## defines sxe_cv_feat_kerberos
276 ## call like this SXE_CHECK_GMP([<if-found>], [<if-not-found>])
277 pushdef([ACTION_IF_FOUND], [$1])
278 pushdef([ACTION_IF_NOT_FOUND], [$2])
280 AC_CACHE_CHECK([for kerberos5 support],
281 [sxe_cv_feat_kerberos5], [_SXE_CHECK_KERBEROS])
283 if test "$sxe_cv_feat_kerberos5" = "yes"; then
285 AC_DEFINE([HAVE_KERBEROS5], [1],
286 [Whether kerberos5 support is available!])
293 popdef([ACTION_IF_FOUND])
294 popdef([ACTION_IF_NOT_FOUND])
295 ])dnl SXE_CHECK_KERBEROS5
297 AC_DEFUN([_SXE_CHECK_KERBEROS], [dnl
298 AC_REQUIRE([SXE_CHECK_KERBEROS_HEADERS])
299 AC_REQUIRE([SXE_CHECK_KERBEROS_LIBS])
301 if test "$ac_cv_header_krb5_krb5_h" = "yes" -a \
302 "$ac_cv_lib_krb5_krb5_sendauth" = "yes" -o \
303 "$ac_cv_header_krb5_h" = "yes" -a \
304 "$ac_cv_lib_krb5_krb5_sendauth" = "yes"; then
305 sxe_cv_feat_kerberos="yes"
306 sxe_cv_feat_kerberos5="yes"
307 KERBEROS_LIBS="-lkrb5"
308 elif test "$ac_cv_header_krb_krb_h" = "yes" -a \
309 "$ac_cv_lib_krb_krb_sendauth" = "yes" -o \
310 "$ac_cv_header_krb_h" = "yes" -a \
311 "$ac_cv_lib_krb_krb_sendauth" = "yes"; then
312 sxe_cv_feat_kerberos="yes"
313 sxe_cv_feat_kerberos5="no"
314 KERBEROS_LIBS="-lkrb"
315 elif test "$ac_cv_header_kerberos_krb_h" = "yes" -a \
316 "$ac_cv_lib_krb_krb_sendauth" = "yes" -o \
317 "$ac_cv_header_kerberosIV_krb_h" = "yes" -a \
318 "$ac_cv_lib_krb_krb_sendauth" = "yes"; then
319 sxe_cv_feat_kerberos="yes"
320 sxe_cv_feat_kerberos5="no"
321 KERBEROS_LIBS="-lkrb"
323 sxe_cv_feat_kerberos="no"
324 sxe_cv_feat_kerberos5="no"
327 ])dnl _SXE_CHECK_KERBEROS
329 AC_DEFUN([SXE_CHECK_KERBEROS_HEADERS], [dnl
330 AC_CHECK_HEADERS([des.h krb.h krb/krb.h])
331 AC_CHECK_HEADERS([kerberos/krb.h kerberosIV/krb.h])
332 AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
333 AC_CHECK_HEADERS([com_err.h krb/com_err.h kerberosIV/krb_err.h])
334 ])dnl SXE_CHECK_KERBEROS_HEADERS
336 AC_DEFUN([SXE_CHECK_KERBEROS_LIBS], [dnl
337 AC_CHECK_LIB([krb], [krb_sendauth], [:])
338 AC_CHECK_LIB([krb5], [krb5_sendauth], [:])
339 ])dnl SXE_CHECK_KERBEROS_LIBS
341 dnl sxe-maths.m4 ends here