Require openssl-devel is libcrypto backend is selected

4 files changed, 52 insertions, 17 deletions

diff --git a/configure.ac b/configure.ac
index 18aa823b9..f88846648 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,6 +95,7 @@ WITH_SELINUX
 WITH_NSCD
 WITH_SEMANAGE
 WITH_LIBNL
+WITH_CRYPTO
 
 m4_include([src/external/pkg.m4])
 m4_include([src/external/libpopt.m4])
@@ -175,6 +176,13 @@ if test x$HAVE_SYSTEMD_UNIT != x; then
     AM_CHECK_SYSTEMD
 fi
 
+if test x$cryptolib = xnss; then
+    AM_CHECK_NSS
+fi
+if test x$cryptolib = xlibcrypto; then
+    AM_CHECK_LIBCRYPTO
+fi
+
 AC_CHECK_HEADERS([sys/inotify.h])
 
 AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 273a52704..31048d3de 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -295,3 +295,25 @@ AC_DEFUN([WITH_LIBNL],
     fi
   ])
 
+AC_DEFUN([WITH_CRYPTO],
+    [ AC_ARG_WITH([crypto],
+                  [AC_HELP_STRING([--with-crypto=CRYPTO_LIB],
+                                  [The cryptographic library to use (nss|libcrypto). The default is nss.]
+                                 )
+                  ],
+                  [],
+                  with_crypto=nss
+                 )
+
+      cryptolib=""
+      if test x"$with_crypto" != x; then
+          if test x"$with_crypto" = xnss || \
+          test x"$with_crypto" = xlibcrypto; then
+              cryptolib="$with_crypto";
+          else
+              AC_MSG_ERROR([Illegal value -$with_crypto- for option --with-crypto])
+          fi
+      fi
+      AM_CONDITIONAL([HAVE_NSS], [test x"$cryptolib" = xnss])
+      AM_CONDITIONAL([HAVE_LIBCRYPTO], [test x"$cryptolib" = xlibcrypto])
+    ])
diff --git a/src/external/crypto.m4 b/src/external/crypto.m4
index d1bcf40ac..19a064d3a 100644
--- a/src/external/crypto.m4
+++ b/src/external/crypto.m4
@@ -1,13 +1,9 @@
-AC_ARG_ENABLE(crypto,
-    [  --enable-crypto         Use OpenSSL crypto instead of NSS],
-    [CRYPTO="$enableval"],
-    [CRYPTO="no"]
-)
+AC_DEFUN([AM_CHECK_NSS],
+         [PKG_CHECK_MODULES([NSS],[nss])
+          AC_DEFINE_UNQUOTED(HAVE_NSS, 1, [Build with NSS crypto back end])
+])
 
-if test x$CRYPTO != xyes; then
-    PKG_CHECK_MODULES([NSS],[nss],[have_nss=1],[have_nss=])
-else
-    PKG_CHECK_MODULES([CRYPTO],[libcrypto],[have_crypto=1],[have_crypto=])
-fi
-AM_CONDITIONAL([HAVE_NSS], [test x$have_nss != x])
-AM_CONDITIONAL([HAVE_CRYPTO], [test x$have_crypto != x])
+AC_DEFUN([AM_CHECK_LIBCRYPTO],
+         [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
+          AC_DEFINE_UNQUOTED(HAVE_LIBCRYPTO, 1, [Build with libcrypt crypto back end])
+])
diff --git a/src/tests/crypto-tests.c b/src/tests/crypto-tests.c
index f802c119d..286bc2356 100644
--- a/src/tests/crypto-tests.c
+++ b/src/tests/crypto-tests.c
@@ -55,9 +55,18 @@ START_TEST(test_encrypt_decrypt)
                                "",                    /* empty */
                                NULL};                 /* sentinel */
     int i;
-    char *obfpwd;
-    char *ctpwd;
+    char *obfpwd = NULL;
+    char *ctpwd = NULL;
     int ret;
+    int expected;
+
+#ifdef HAVE_NSS
+    expected = EOK;
+#elif HAVE_LIBCRYPTO
+    expected = ENOSYS;
+#else
+#error Unknown crypto back end
+#endif
 
     test_ctx = talloc_new(NULL);
     fail_if(test_ctx == NULL);
@@ -66,12 +75,12 @@ START_TEST(test_encrypt_decrypt)
     for (i=0; password[i]; i++) {
         ret = sss_password_encrypt(test_ctx, password[i], strlen(password[i])+1,
                                    AES_256, &obfpwd);
-        fail_if(ret != EOK);
+        fail_if(ret != expected);
 
         ret = sss_password_decrypt(test_ctx, obfpwd, &ctpwd);
-        fail_if(ret != EOK);
+        fail_if(ret != expected);
 
-        fail_if(strcmp(password[i], ctpwd) != 0);
+        fail_if(ctpwd && strcmp(password[i], ctpwd) != 0);
 
         talloc_free(obfpwd);
         talloc_free(ctpwd);