1
  
2
  
3
  
4
  
5
  
6
  
7
  
8
  
9
  
10
  
11
  
12
  
13
  
14
  
15
  
16
  
17
  
18
  
19
  
20
  
21
  
22
  
23
  
24
  
25
  
26
  
27
  
28
  
29
  
30
  
31
  
32
  
33
  
34
  
35
  
36
  
37
  
38
  
39
  
40
  
41
  
42
  
43
  
44
  
45
  
46
  
47
  
48
  
49
  
50
  
51
  
52
  
53
  
54
  
55
  
56
  
57
  
58
  
59
  
60
  
61
  
62
  
63
  
64
  
65
  
66
  
67
  
68
  
69
  
70
  
71
  
72
  
73
  
74
  
75
  
76
  
77
  
78
  
79
  
80
  
81
  
82
  
83
  
84
  
85
  
86
  
87
  
88
  
89
  
90
  
91
  
92
  
93
  
94
  
95
  
96
  
97
  
98
  
99
  
100
  
101
  
102
  
103
  
104
  
105
  
106
  
107
  
108
  
109
  
110
  
111
  
112
  
113
  
114
  
115
  
116
  
117
  
118
  
119
  
120
  
121
  
122
  
123
  
124
  
125
  
126
  
127
  
128
  
129
  
130
  
131
  
132
  
133
  
134
  
135
  
136
  
137
  
138
  
139
  
140
  
141
  
142
  
143
  
144
  
145
  
146
  
147
  
148
  
149
  
150
  
151
  
152
  
153
  
154
  
155
  
156
  
157
  
158
  
159
  
160
  
161
  
162
  
163
  
164
  
165
  
166
  
167
  
168
  
169
  
170
  
171
  
172
  
173
  
174
  
175
  
176
  
177
  
178
  
179
  
AC_INIT(nettle.cmod) 
AC_CONFIG_HEADER(nettle_config.h) 
 
AC_SET_MAKE 
 
AC_MODULE_INIT() 
 
if test "$with_nettle" = "no"; then 
  PIKE_FEATURE_WITHOUT(Nettle) 
else 
  dnl GMP is required and tested for in Gmp module. We just want LIBS 
  dnl updated here. 
  AC_CHECK_LIB(gmp, main) 
  AC_MSG_CHECKING(CryptAcquireContext in -ladvapi32) 
  AC_CACHE_VAL(pike_cv_nettle_advapi32_CryptAcquireContext, 
  [ 
    OLDLIBS="$LIBS" 
    LIBS="-ladvapi32 $LIBS" 
    AC_TRY_LINK([#ifndef _WIN32_WINNT 
#define _WIN32_WINNT 0x0400 
#endif 
#include <windows.h> 
#include <wincrypt.h> 
    ],[CryptAcquireContext(0,0,0,0,0);], 
      [pike_cv_nettle_advapi32_CryptAcquireContext=yes], 
      [pike_cv_nettle_advapi32_CryptAcquireContext=no]) 
    LIBS="$OLDLIBS" 
  ]) 
  AC_MSG_RESULT($pike_cv_nettle_advapi32_CryptAcquireContext) 
  if test x"$pike_cv_nettle_advapi32_CryptAcquireContext" = xyes; then 
    LIBS="-ladvapi32 $LIBS" 
  fi 
  AC_CHECK_LIB(nettle, nettle_md5_init) 
  AC_CHECK_LIB(nettle, md5_init) 
  AC_CHECK_LIB(hogweed, nettle_rsa_generate_keypair) 
  if test "x$ac_cv_lib_hogweed_nettle_rsa_generate_keypair" = "xyes" ; then 
    AC_MSG_CHECKING([if nettle_*_generate_keypair takes qbits]) 
    AC_CACHE_VAL(pike_cv_nettle_hogweed_keypair_args, [ 
      pike_cv_nettle_hogweed_keypair_args=no 
      AC_TRY_COMPILE([ 
#include <nettle/dsa.h> 
#include <nettle/rsa.h> 
     ], [ 
  struct dsa_public_key pub; 
  struct dsa_private_key key; 
  nettle_dsa_generate_keypair(&pub, &key, 0, 0, 0, 0, 2048, 384); 
      ], [ 
        pike_cv_nettle_hogweed_keypair_args=yes 
      ]) 
    ]) 
    AC_MSG_RESULT($pike_cv_nettle_hogweed_keypair_args); 
    if test "x$pike_cv_nettle_hogweed_keypair_args" = "xyes"; then 
      AC_DEFINE(HAVE_DSA_QBITS_KEYPAIR_ARG, [], [Define if generate_dsa_keypair takes the qbits argument]) 
    fi 
  fi 
 
  # NB: Some versions of RedHat have censored the weaker curves 
  #     (secp_192r1 and secp_224r1 (cf [LysLysKOM 21863021])), and 
  #     there are no identifying macros, so we need to probe for them. 
  define(PIKE_CHECK_ECC_CURVE, [ 
    AC_MSG_CHECKING(if curve $1 is available) 
    AC_CACHE_VAL(pike_cv_have_curve_$1, [ 
      AC_TRY_LINK([#include <nettle/ecc-curve.h>], 
                  [ struct ecc_curve *c = &$1; ], 
                  [ pike_cv_have_curve_$1=yes ], 
                  [ pike_cv_have_curve_$1=no ]) 
    ]) 
    AC_MSG_RESULT($pike_cv_have_curve_$1); 
    if test "x$pike_cv_have_curve_$1" = "xyes"; then 
      AC_DEFINE(translit(HAVE_CURVE_$1,[a-z],[A-Z]), 1, 
                [Define if your libnettle has the curve $1.]) 
    fi 
  ]) 
 
  PIKE_CHECK_ECC_CURVE(nettle_secp_192r1) 
  PIKE_CHECK_ECC_CURVE(nettle_secp_224r1) 
  PIKE_CHECK_ECC_CURVE(nettle_secp_256r1) 
  PIKE_CHECK_ECC_CURVE(nettle_secp_384r1) 
  PIKE_CHECK_ECC_CURVE(nettle_secp_521r1) 
 
  AC_SUBST(IDEA_OBJ) 
 
  if test "x$ac_cv_lib_nettle_nettle_md5_init" = "xyes" -o \ 
          "x$ac_cv_lib_nettle_md5_init" = "xyes"; then 
    PIKE_FEATURE_OK(Nettle) 
 
    # md4 is available in Nettle 1.8 and later. 
    # arctwo is available in Nettle 1.11 and later. 
    # ctr is available in Nettle 1.13 and later. 
    # camellia is available in Nettle 2.1 and later. 
    # gcm is available in Nettle 2.2 and later. 
    # ripemd160 is available in Nettle 2.3 and later. 
    # sha3 and gosthash94 are available in Nettle 2.6 and later. 
    # chacha, poly1305 and eax are available in Nettle 3.0 and later. 
    AC_CHECK_HEADERS(nettle/md4.h \ 
                     nettle/arctwo.h \ 
                     nettle/ctr.h \ 
                     nettle/camellia.h \ 
                     nettle/gcm.h \ 
                     nettle/ripemd160.h \ 
                     nettle/sha3.h nettle/gosthash94.h \ 
                     nettle/chacha.h nettle/chacha-poly1305.h \ 
                     nettle/poly1305.h nettle/eax.h \ 
                     nettle/dsa.h nettle/umac.h nettle/ecdsa.h \ 
                    ) 
    # Check that the libraries match. 
    # 
    # Note that there can be false positives in the test above 
    # when multiple versions of Nettle are installed concurrently. 
    AC_CHECK_FUNCS(nettle_md4_init \ 
                   nettle_arctwo_encrypt \ 
                   nettle_ctr_crypt \ 
                   nettle_camellia128_crypt \ 
                   nettle_gcm_encrypt \ 
                   nettle_ripemd160_init \ 
                   nettle_sha3_256_init nettle_gosthash94_init \ 
                   nettle_chacha_crypt nettle_chacha_poly1305_encrypt \ 
                   nettle_poly1305_digest nettle_eax_encrypt \ 
                   nettle_dsa_sign nettle_umac128_digest nettle_ecdsa_sign \ 
                   ) 
 
    AC_MSG_CHECKING([for idea.c]) 
    # Have the patent-encumbered idea files been purged? 
    if test -f "$srcdir/idea.c" ; then 
      AC_MSG_RESULT([found]) 
      AC_DEFINE([WITH_IDEA], 1, [idea.c available]) 
      IDEA_OBJ=idea.o 
    else 
      AC_MSG_RESULT([no]) 
      IDEA_OBJ="" 
    fi 
 
    # These may have been purged from the Nettle lib to avoid GPL 
    # contamination. 
    AC_CHECK_FUNCS(nettle_blowfish_decrypt nettle_serpent_decrypt) 
 
    # This is the recomended interface in Nettle 2.0. 
    AC_CHECK_FUNCS(nettle_yarrow256_slow_reseed) 
 
    # These weren't present in old Nettles. 
    AC_CHECK_FUNCS(nettle_salsa20_crypt nettle_sha224_init \ 
                   memxor3 nettle_memxor3) 
 
    AC_MSG_CHECKING([whether nettle_crypt_func is a pointer type]) 
    AC_CACHE_VAL(pike_cv_nettle_crypt_func_is_pointer, [ 
      pike_cv_nettle_crypt_func_is_pointer=no 
      AC_TRY_COMPILE([ 
/* Note: Old Nettles had the nettle_crypt_func typedef directly 
 *       in <nettle/nettle-meta.h> while more modern have it in 
 *       <nettle/nettle-types.h>. Since <nettle/nettle-meta.h> 
 *       pulls in <nettle/nettle-types.h> it should be sufficient. 
 */ 
#include <nettle/nettle-meta.h> 
      ], [ 
  nettle_crypt_func foo = (nettle_crypt_func)(void *)0; 
  return (int)foo; 
      ], [ 
        pike_cv_nettle_crypt_func_is_pointer=yes 
      ]) 
    ]) 
    AC_MSG_RESULT($pike_cv_nettle_crypt_func_is_pointer); 
    if test "x$pike_cv_nettle_crypt_func_is_pointer" = "xyes"; then 
      AC_DEFINE(HAVE_NETTLE_CRYPT_FUNC_IS_POINTER) 
    fi 
  else 
    AC_ERROR([Cannot compile --with-nettle without the Nettle library. 
It is highly recommended that you install a working Nettle library on 
your system as that will add features to Pike required by many 
applications. These features include ciphers, hash algorithms and 
random generators. If you know that you do not need cryptographic 
functions, you can re-run configure with the option --without-nettle 
instead. Nettle is available at http://www.lysator.liu.se/~nisse/nettle/. 
    ]) 
    PIKE_FEATURE_NODEP(Nettle) 
  fi 
fi 
 
AC_OUTPUT(Makefile,echo FOO >stamp-h )