AC_DEFUN([ACX_CRYPTO_BACKEND],[ # First check if we want to support ECC and GOST AC_ARG_ENABLE(ecc, AC_HELP_STRING([--enable-ecc], [Enable support for ECC (default enabled)] ), [enable_ecc="${enableval}"], [enable_ecc="yes"] ) AC_MSG_CHECKING(for ECC support) if test "x${enable_ecc}" = "xyes"; then AC_MSG_RESULT(yes) AC_DEFINE_UNQUOTED( [WITH_ECC], [], [Compile with ECC support] ) else AC_MSG_RESULT(no) fi AM_CONDITIONAL([WITH_ECC], [test "x${enable_ecc}" = "xyes"]) AC_ARG_ENABLE(gost, AC_HELP_STRING([--enable-gost], [Enable support for GOST (default enabled)] ), [enable_gost="${enableval}"], [enable_gost="yes"] ) AC_MSG_CHECKING(for GOST support) if test "x${enable_gost}" = "xyes"; then AC_MSG_RESULT(yes) AC_DEFINE_UNQUOTED( [WITH_GOST], [], [Compile with GOST support] ) else AC_MSG_RESULT(no) fi AM_CONDITIONAL([WITH_GOST], [test "x${enable_gost}" = "xyes"]) # Second check for the FIPS 140-2 mode AC_ARG_ENABLE(fips, AC_HELP_STRING([--enable-fips], [Enable support for FIPS 140-2 mode (default disabled)] ), [enable_fips="${enableval}"], [enable_fips="no"] ) AC_MSG_CHECKING(for FIPS 140-2 mode) if test "x${enable_fips}" = "xyes"; then AC_MSG_RESULT(yes) AC_DEFINE_UNQUOTED( [WITH_FIPS], [], [Compile with FIPS 140-2 mode] ) else AC_MSG_RESULT(no) fi AM_CONDITIONAL([WITH_GOST], [test "x${enable_fips}" = "xyes"]) # Then check what crypto library we want to use AC_ARG_WITH(crypto-backend, AC_HELP_STRING([--with-crypto-backend], [Select crypto backend (openssl|botan)] ), [crypto_backend="${withval}"], [crypto_backend="openssl"] ) AC_MSG_CHECKING(for crypto backend) if test "x${crypto_backend}" = "xopenssl"; then AC_MSG_RESULT(OpenSSL) if test "x${enable_fips}" = "xyes"; then ACX_OPENSSL(1,0,1) else ACX_OPENSSL(1,0,0) fi CRYPTO_INCLUDES=$OPENSSL_INCLUDES CRYPTO_LIBS=$OPENSSL_LIBS if test "x${enable_ecc}" = "xyes"; then ACX_OPENSSL_ECC fi if test "x${enable_gost}" = "xyes"; then if test "x${enable_fips}" = "xyes"; then AC_MSG_ERROR([GOST is not FIPS approved]) fi ACX_OPENSSL_GOST fi if test "x${enable_fips}" = "xyes"; then ACX_OPENSSL_FIPS else ACX_OPENSSL_EVPAESWRAP fi AC_DEFINE_UNQUOTED( [WITH_RAW_PSS], [1], [Compile with raw RSA PKCS PSS] ) AC_DEFINE_UNQUOTED( [WITH_AES_GCM], [1], [Compile with AES_GCM] ) AC_DEFINE_UNQUOTED( [WITH_OPENSSL], [], [Compile with OpenSSL support] ) elif test "x${crypto_backend}" = "xbotan"; then AC_MSG_RESULT(Botan) ACX_BOTAN(1,10,0) CRYPTO_INCLUDES=$BOTAN_INCLUDES CRYPTO_LIBS=$BOTAN_LIBS if test "x${enable_ecc}" = "xyes"; then ACX_BOTAN_ECC fi if test "x${enable_fips}" = "xyes"; then AC_MSG_ERROR([Botan does not support FIPS 140-2 mode]) fi if test "x${enable_gost}" = "xyes"; then ACX_BOTAN_GOST fi if test "x${BOTAN_VERSION_MAJOR}" = "x1" -a "x${BOTAN_VERSION_MINOR}" = "x10"; then ACX_BOTAN_GNUMP fi ACX_BOTAN_RFC5649 ACX_BOTAN_RAWPSS ACX_BOTAN_AES_GCM AC_DEFINE_UNQUOTED( [WITH_BOTAN], [], [Compile with Botan support] ) else AC_MSG_RESULT(Unknown) AC_MSG_ERROR([Crypto backend ${crypto_backend} not supported. Use openssl or botan.]) fi AC_SUBST(CRYPTO_INCLUDES) AC_SUBST(CRYPTO_LIBS) AM_CONDITIONAL([WITH_OPENSSL], [test "x${crypto_backend}" = "xopenssl"]) AM_CONDITIONAL([WITH_BOTAN], [test "x${crypto_backend}" = "xbotan"]) ])