1
  
2
  
3
  
4
  
5
  
6
  
7
  
8
  
9
  
10
  
11
  
12
  
13
  
14
  
15
  
16
  
17
  
18
  
19
  
20
  
21
  
22
  
23
  
24
  
25
  
26
  
27
  
28
  
29
  
30
  
31
  
32
  
33
  
34
  
35
  
36
  
37
  
38
  
39
  
40
  
41
  
42
  
43
  
44
  
45
  
46
  
47
  
48
  
49
  
50
  
51
  
52
  
53
  
54
  
55
  
56
  
57
  
58
  
59
  
60
  
61
  
62
  
63
  
64
  
65
  
66
  
67
  
68
  
69
  
70
  
71
  
72
  
73
  
74
  
75
  
76
  
77
  
78
  
79
  
80
  
81
  
82
  
83
  
84
  
85
  
86
  
87
  
88
  
89
  
90
  
91
  
92
  
93
  
94
  
95
  
96
  
97
  
98
  
99
  
100
  
101
  
102
  
103
  
104
  
105
  
106
  
107
  
108
  
109
  
110
  
111
  
112
  
113
  
114
  
115
  
116
  
117
  
118
  
119
  
120
  
121
  
122
  
123
  
124
  
125
  
126
  
127
  
128
  
129
  
130
  
131
  
132
  
133
  
134
  
135
  
136
  
137
  
138
  
139
  
140
  
141
  
142
  
143
  
144
  
145
  
146
  
147
  
148
  
149
  
150
  
151
  
152
  
153
  
154
  
155
  
156
  
157
  
158
  
159
  
160
  
161
  
162
  
163
  
164
  
165
  
166
  
167
  
168
  
169
  
170
  
171
  
172
  
173
  
174
  
175
  
176
  
177
  
178
  
179
  
180
  
181
  
182
  
183
  
184
  
185
  
186
  
187
  
188
  
189
  
190
  
191
  
192
  
193
  
194
  
195
  
196
  
197
  
198
  
199
  
200
  
201
  
202
  
203
  
204
  
205
  
206
  
207
  
208
  
209
  
210
  
211
  
212
  
213
  
214
  
215
  
216
  
AC_INIT(nettle.cmod) 
AC_CONFIG_HEADER(nettle_config.h) 
 
AC_SET_MAKE 
 
AC_MODULE_INIT() 
 
if test "$with_nettle" = "no"; then 
  PIKE_FEATURE_WITHOUT(Nettle) 
else 
  dnl GMP is required and tested for in Gmp module. We just want LIBS 
  dnl updated here. 
  AC_CHECK_LIB(gmp, main) 
  AC_MSG_CHECKING(CryptAcquireContext in -ladvapi32) 
  AC_CACHE_VAL(pike_cv_nettle_advapi32_CryptAcquireContext, 
  [ 
    OLDLIBS="$LIBS" 
    LIBS="-ladvapi32 $LIBS" 
    AC_TRY_LINK([#ifndef _WIN32_WINNT 
#define _WIN32_WINNT 0x0400 
#endif 
#include <windows.h> 
#include <wincrypt.h> 
    ],[CryptAcquireContext(0,0,0,0,0);], 
      [pike_cv_nettle_advapi32_CryptAcquireContext=yes], 
      [pike_cv_nettle_advapi32_CryptAcquireContext=no]) 
    LIBS="$OLDLIBS" 
  ]) 
  AC_MSG_RESULT($pike_cv_nettle_advapi32_CryptAcquireContext) 
  if test x"$pike_cv_nettle_advapi32_CryptAcquireContext" = xyes; then 
    LIBS="-ladvapi32 $LIBS" 
  fi 
  AC_CHECK_LIB(nettle, nettle_ctr_crypt) dnl CTR came in Nettle 1.13 
  AC_CHECK_LIB(hogweed, nettle_rsa_generate_keypair) 
  if test "x$ac_cv_lib_hogweed_nettle_rsa_generate_keypair" = "xyes" ; then 
    AC_MSG_CHECKING([if nettle_*_generate_keypair takes qbits]) 
    AC_CACHE_VAL(pike_cv_nettle_hogweed_keypair_args, [ 
      pike_cv_nettle_hogweed_keypair_args=no 
      AC_TRY_COMPILE([ 
#include <nettle/dsa.h> 
#include <nettle/rsa.h> 
     ], [ 
  struct dsa_public_key pub; 
  struct dsa_private_key key; 
  nettle_dsa_generate_keypair(&pub, &key, 0, 0, 0, 0, 2048, 384); 
      ], [ 
        pike_cv_nettle_hogweed_keypair_args=yes 
      ]) 
    ]) 
    AC_MSG_RESULT($pike_cv_nettle_hogweed_keypair_args); 
    if test "x$pike_cv_nettle_hogweed_keypair_args" = "xyes"; then 
      AC_DEFINE(HAVE_DSA_QBITS_KEYPAIR_ARG, [], [Define if generate_dsa_keypair takes the qbits argument]) 
    fi 
  fi 
 
  # NB: Some versions of RedHat have censored the weaker curves 
  #     (secp_192r1 and secp_224r1 (cf [LysLysKOM 21863021])), and 
  #     there are no identifying macros, so we need to probe for them. 
  define(PIKE_CHECK_NETTLE_ECC_CURVE, [ 
    AC_CHECK_FUNC(nettle_get_$1, [ 
      AC_DEFINE(translit(HAVE_CURVE_NETTLE_$1,[a-z],[A-Z]), 1, 
                [Define if your libnettle has the nettle curve $1.]) 
    ], [ 
      AC_MSG_CHECKING(if legacy declaration of nettle curve $1 is available) 
 
      AC_CACHE_VAL(pike_cv_have_curve_nettle_$1, [ 
        AC_TRY_LINK([#include <nettle/ecc-curve.h>], 
                    [ struct ecc_curve *c = &nettle_$1; ], 
                    [ pike_cv_have_curve_nettle_$1=yes ], 
                    [ pike_cv_have_curve_nettle_$1=no ]) 
      ]) 
      AC_MSG_RESULT($pike_cv_have_curve_nettle_$1); 
      if test "x$pike_cv_have_curve_nettle_$1" = "xyes"; then 
        AC_DEFINE(translit(HAVE_CURVE_NETTLE_$1,[a-z],[A-Z]), 1, 
                  [Define if your libnettle has the nettle curve $1.]) 
        AC_DEFINE(translit(NEED_WRAPPER_FOR_CURVE_NETTLE_$1,[a-z],[A-Z]), 1, 
                  [Define if your libnettle is missing the getter for the nettle curve $1.]) 
      fi 
    ]) 
  ]) 
 
  AC_ARG_WITH(weak-curves, [  --with-weak-curves      Include SECP192R1 and SECP224R1, frequently removed from Nettle binary dists], [weak_curves=yes], []) 
  if test "x$weak_curves" = "xyes" ; then 
    PIKE_CHECK_NETTLE_ECC_CURVE(secp_192r1) 
    PIKE_CHECK_NETTLE_ECC_CURVE(secp_224r1) 
  fi 
  PIKE_CHECK_NETTLE_ECC_CURVE(secp_256r1) 
  PIKE_CHECK_NETTLE_ECC_CURVE(secp_384r1) 
  PIKE_CHECK_NETTLE_ECC_CURVE(secp_521r1) 
 
  AC_SUBST(IDEA_OBJ) 
 
  if test "x$ac_cv_lib_nettle_nettle_ctr_crypt" = "xyes"; then 
    PIKE_FEATURE_OK(Nettle) 
 
    # camellia is available in Nettle 2.1 and later. 
    # gcm is available in Nettle 2.2 and later. 
    # ripemd160 is available in Nettle 2.3 and later. 
    # sha3 and gosthash94 are available in Nettle 2.6 and later. 
    # chacha, poly1305 and eax are available in Nettle 3.0 and later. 
    # curve25519 and eddsa are available in Nettle 3.1 and later. 
    # pbkdf2 is available in Nettle 3.1 and later. 
    # version.h was added in Nettle 3.1.1, but nettle_version_{major,minor}() 
    # are first available in Nettle 3.2 and later. 
    # cmac is available in Nettle 3.5 and later. 
    AC_CHECK_HEADERS(nettle/camellia.h \ 
                     nettle/gcm.h \ 
                     nettle/ripemd160.h \ 
                     nettle/sha3.h nettle/gosthash94.h \ 
                     nettle/chacha.h nettle/chacha-poly1305.h \ 
                     nettle/poly1305.h nettle/eax.h \ 
                     nettle/dsa.h nettle/umac.h nettle/ecdsa.h \ 
                     nettle/curve25519.h nettle/eddsa.h \ 
                     nettle/version.h nettle/pbkdf2.h nettle/hmac.h \ 
                     nettle/cmac.h \ 
                    ) 
    # Check that the libraries match. 
    # 
    # Note that there can be false positives in the test above 
    # when multiple versions of Nettle are installed concurrently. 
    AC_CHECK_FUNCS(nettle_camellia128_crypt \ 
                   nettle_gcm_encrypt \ 
                   nettle_ripemd160_init \ 
                   nettle_sha3_256_init nettle_gosthash94_init \ 
                   nettle_chacha_crypt nettle_chacha_poly1305_encrypt \ 
                   nettle_poly1305_digest nettle_eax_encrypt \ 
                   nettle_dsa_sign nettle_umac128_digest nettle_ecdsa_sign \ 
                   nettle_curve25519_mul nettle_ed25519_sha512_sign \ 
                   nettle_version_major \ 
                   nettle_cmac128_set_key \ 
                   nettle_blowfish_bcrypt_hash \ 
                   ) 
 
    AC_MSG_CHECKING([for idea.c]) 
    # Have the patent-encumbered idea files been purged? 
    if test -f "$srcdir/idea.c" ; then 
      AC_MSG_RESULT([found]) 
      AC_DEFINE([WITH_IDEA], 1, [idea.c available]) 
      IDEA_OBJ=idea.o 
    else 
      AC_MSG_RESULT([no]) 
      IDEA_OBJ="" 
    fi 
 
    # These may have been purged from the Nettle lib to avoid GPL 
    # contamination. 
    AC_CHECK_FUNCS(nettle_blowfish_decrypt nettle_serpent_decrypt) 
 
    # This is the recomended interface in Nettle 2.0. 
    AC_CHECK_FUNCS(nettle_yarrow256_slow_reseed) 
 
    # nettle_salsa20_crypt was added in Nettle 2.5. 
    # nettle_sha224_init was added in Nettle 2.1. 
    # nettle_memxor3 replaced memxor3 in Nettle 3.0 
    AC_CHECK_FUNCS(nettle_salsa20_crypt nettle_sha224_init \ 
                   memxor3 nettle_memxor3) 
 
    # This was added in Nettle 3.0. 
    AC_CHECK_FUNCS(nettle_ecc_bit_size) 
 
    # The generic AES functions were marked deprecated in Nettle 3.5. 
    # Check for the more recent size-specific API. 
    AC_CHECK_FUNCS(nettle_aes128_encrypt) 
 
    # nettle_crypt_func was changed in Nettle 2.0. 
    AC_MSG_CHECKING([whether nettle_crypt_func is a pointer type]) 
    AC_CACHE_VAL(pike_cv_nettle_crypt_func_is_pointer, [ 
      pike_cv_nettle_crypt_func_is_pointer=no 
      AC_TRY_COMPILE([ 
#include <nettle/nettle-meta.h> 
      ], [ 
  nettle_crypt_func foo = (nettle_crypt_func)(void *)0; 
  return (int)foo; 
      ], [ 
        pike_cv_nettle_crypt_func_is_pointer=yes 
      ]) 
    ]) 
    AC_MSG_RESULT($pike_cv_nettle_crypt_func_is_pointer); 
    if test "x$pike_cv_nettle_crypt_func_is_pointer" = "xyes"; then 
      AC_DEFINE(HAVE_NETTLE_CRYPT_FUNC_IS_POINTER) 
    fi 
 
    # struct aes_ctx was changed in Nettle 3.5... 
    AC_MSG_CHECKING([whether struct aes_ctx has the field key_size]) 
    AC_CACHE_VAL(pike_cv_nettle_struct_aes_ctx_field_key_size, [ 
      pike_cv_nettle_struct_aes_ctx_field_key_size=no 
      AC_TRY_COMPILE([ 
#include <nettle/aes.h> 
      ], [ 
  struct aes_ctx ctx; 
  ctx.key_size = 0; 
  return (int)ctx.key_size; 
      ], [ 
        pike_cv_nettle_struct_aes_ctx_field_key_size=yes 
      ]) 
    ]) 
    AC_MSG_RESULT($pike_cv_nettle_struct_aes_ctx_field_key_size); 
    if test "x$pike_cv_nettle_struct_aes_ctx_field_key_size" = "xyes"; then 
      AC_DEFINE(HAVE_NETTLE_STRUCT_AES_CTX_FIELD_KEY_SIZE) 
    fi 
  else 
    AC_ERROR([Cannot compile --with-nettle without the Nettle library. 
It is highly recommended that you install a working Nettle, 1.13 or 
later, library on your system as that will add features to Pike 
required by many applications. These features include ciphers, hash 
algorithms and random generators. If you know that you do not need 
cryptographic functions, you can re-run configure with the option 
--without-nettle instead. Nettle is available at 
http://www.lysator.liu.se/~nisse/nettle/. 
    ]) 
    PIKE_FEATURE_NODEP(Nettle) 
  fi 
fi 
 
AC_OUTPUT(Makefile,echo FOO >stamp-h )