summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--configure.ac8
-rw-r--r--src/conf_macros.m422
-rw-r--r--src/external/crypto.m420
-rw-r--r--src/tests/crypto-tests.c19
4 files changed, 52 insertions, 17 deletions
diff --git a/configure.ac b/configure.ac
index 18aa823b9..f88846648 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,6 +95,7 @@ WITH_SELINUX
WITH_NSCD
WITH_SEMANAGE
WITH_LIBNL
+WITH_CRYPTO
m4_include([src/external/pkg.m4])
m4_include([src/external/libpopt.m4])
@@ -175,6 +176,13 @@ if test x$HAVE_SYSTEMD_UNIT != x; then
AM_CHECK_SYSTEMD
fi
+if test x$cryptolib = xnss; then
+ AM_CHECK_NSS
+fi
+if test x$cryptolib = xlibcrypto; then
+ AM_CHECK_LIBCRYPTO
+fi
+
AC_CHECK_HEADERS([sys/inotify.h])
AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
diff --git a/src/conf_macros.m4 b/src/conf_macros.m4
index 273a52704..31048d3de 100644
--- a/src/conf_macros.m4
+++ b/src/conf_macros.m4
@@ -295,3 +295,25 @@ AC_DEFUN([WITH_LIBNL],
fi
])
+AC_DEFUN([WITH_CRYPTO],
+ [ AC_ARG_WITH([crypto],
+ [AC_HELP_STRING([--with-crypto=CRYPTO_LIB],
+ [The cryptographic library to use (nss|libcrypto). The default is nss.]
+ )
+ ],
+ [],
+ with_crypto=nss
+ )
+
+ cryptolib=""
+ if test x"$with_crypto" != x; then
+ if test x"$with_crypto" = xnss || \
+ test x"$with_crypto" = xlibcrypto; then
+ cryptolib="$with_crypto";
+ else
+ AC_MSG_ERROR([Illegal value -$with_crypto- for option --with-crypto])
+ fi
+ fi
+ AM_CONDITIONAL([HAVE_NSS], [test x"$cryptolib" = xnss])
+ AM_CONDITIONAL([HAVE_LIBCRYPTO], [test x"$cryptolib" = xlibcrypto])
+ ])
diff --git a/src/external/crypto.m4 b/src/external/crypto.m4
index d1bcf40ac..19a064d3a 100644
--- a/src/external/crypto.m4
+++ b/src/external/crypto.m4
@@ -1,13 +1,9 @@
-AC_ARG_ENABLE(crypto,
- [ --enable-crypto Use OpenSSL crypto instead of NSS],
- [CRYPTO="$enableval"],
- [CRYPTO="no"]
-)
+AC_DEFUN([AM_CHECK_NSS],
+ [PKG_CHECK_MODULES([NSS],[nss])
+ AC_DEFINE_UNQUOTED(HAVE_NSS, 1, [Build with NSS crypto back end])
+])
-if test x$CRYPTO != xyes; then
- PKG_CHECK_MODULES([NSS],[nss],[have_nss=1],[have_nss=])
-else
- PKG_CHECK_MODULES([CRYPTO],[libcrypto],[have_crypto=1],[have_crypto=])
-fi
-AM_CONDITIONAL([HAVE_NSS], [test x$have_nss != x])
-AM_CONDITIONAL([HAVE_CRYPTO], [test x$have_crypto != x])
+AC_DEFUN([AM_CHECK_LIBCRYPTO],
+ [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
+ AC_DEFINE_UNQUOTED(HAVE_LIBCRYPTO, 1, [Build with libcrypt crypto back end])
+])
diff --git a/src/tests/crypto-tests.c b/src/tests/crypto-tests.c
index f802c119d..286bc2356 100644
--- a/src/tests/crypto-tests.c
+++ b/src/tests/crypto-tests.c
@@ -55,9 +55,18 @@ START_TEST(test_encrypt_decrypt)
"", /* empty */
NULL}; /* sentinel */
int i;
- char *obfpwd;
- char *ctpwd;
+ char *obfpwd = NULL;
+ char *ctpwd = NULL;
int ret;
+ int expected;
+
+#ifdef HAVE_NSS
+ expected = EOK;
+#elif HAVE_LIBCRYPTO
+ expected = ENOSYS;
+#else
+#error Unknown crypto back end
+#endif
test_ctx = talloc_new(NULL);
fail_if(test_ctx == NULL);
@@ -66,12 +75,12 @@ START_TEST(test_encrypt_decrypt)
for (i=0; password[i]; i++) {
ret = sss_password_encrypt(test_ctx, password[i], strlen(password[i])+1,
AES_256, &obfpwd);
- fail_if(ret != EOK);
+ fail_if(ret != expected);
ret = sss_password_decrypt(test_ctx, obfpwd, &ctpwd);
- fail_if(ret != EOK);
+ fail_if(ret != expected);
- fail_if(strcmp(password[i], ctpwd) != 0);
+ fail_if(ctpwd && strcmp(password[i], ctpwd) != 0);
talloc_free(obfpwd);
talloc_free(ctpwd);