From 0f2507234fbe3bd305404b1267607b9900857523 Mon Sep 17 00:00:00 2001
From: Dean Scarff <deanscarff@google.com>
Date: Mon, 6 Apr 2020 13:19:56 +1000
Subject: Add OpenSSL/BoringSSL crypto provider

Fixes qpdf/qpdf#417
---
 configure.ac | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 39f2bfa8..80a748b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -513,6 +513,53 @@ if test "$USE_CRYPTO_NATIVE" = "1"; then
   DEFAULT_CRYPTO=native
 fi
 
+dnl If the openssl/BoringSSL provider is explicitly requested, require openssl
+dnl If the openssl provider is not explicitly disabled, enable it if
+dnl openssl is available. If the openssl provider is explicitly
+dnl disabled, do not link with openssl even if present.
+
+PKG_CHECK_MODULES([pc_openssl], [openssl], [OPENSSL_FOUND=1], [OPENSSL_FOUND=0])
+if test "$OPENSSL_FOUND" = "0"; then
+  AC_CHECK_HEADER([openssl/evp.h],[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
+  AC_SEARCH_LIBS(EVP_DigestInit_ex,openssl,[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
+fi
+
+IMPLICIT_OPENSSL=0
+USE_CRYPTO_OPENSSL=0
+AC_SUBST(USE_CRYPTO_OPENSSL)
+AC_ARG_ENABLE(crypto-openssl,
+   AS_HELP_STRING([--enable-crypto-openssl],
+                  [whether to include support for the BoringSSL crypto provider]),
+   [if test "$enableval" = "yes"; then
+      USE_CRYPTO_OPENSSL=1
+    else
+      USE_CRYPTO_OPENSSL=0
+    fi],
+   [IMPLICIT_OPENSSL=$IMPLICIT_CRYPTO])
+
+if test "$IMPLICIT_OPENSSL" = "1"; then
+  USE_CRYPTO_OPENSSL=$OPENSSL_FOUND
+  if test "$USE_CRYPTO_OPENSSL" = "1"; then
+    AC_MSG_NOTICE(enabling openssl crypto provider since openssl is available)
+  else
+    AC_MSG_NOTICE(not enabling openssl crypto provider since openssl was not found)
+  fi
+fi
+
+if test "$USE_CRYPTO_OPENSSL" = "1" -a "$OPENSSL_FOUND" = "0"; then
+  AC_MSG_ERROR(unable to use requested openssl crypto provider without openssl)
+fi
+
+if test "$USE_CRYPTO_OPENSSL" = "1"; then
+  CFLAGS="$CFLAGS $pc_openssl_CFLAGS"
+  CXXFLAGS="$CXXFLAGS $pc_openssl_CXXFLAGS"
+  LIBS="$LIBS $pc_openssl_LIBS"
+  AC_DEFINE([USE_CRYPTO_OPENSSL], 1, [Whether to use the openssl crypto provider])
+  DEFAULT_CRYPTO=openssl
+elif test "$OPENSSL_FOUND" = "1"; then
+  AC_MSG_NOTICE(not linking with openssl even though it is available)
+fi
+
 dnl If the gnutls provider is explicitly requested, require gnutls. If
 dnl the gnutls provider is not explicitly disabled, enable it if
 dnl gnutls is available. If the gnutls provider is explicitly
@@ -581,6 +628,11 @@ case "$DEFAULT_CRYPTO" in
       bad_crypto=1
     fi
   ;;
+  "openssl")
+    if test "$USE_CRYPTO_OPENSSL" != "1"; then
+      bad_crypto=1
+    fi
+  ;;
   "gnutls")
     if test "$USE_CRYPTO_GNUTLS" != "1"; then
       bad_crypto=1
-- 
cgit v1.2.3-70-g09d2