configure: Auto-enable kdf plugin if necessary

This ensures the plugin is available if AES-based PRFs could get used or
none of the third-party crypto plugins is enabled and it's required for
HMAC-based PRFs as well.

References strongswan/strongswan#1026

diff --git a/configure.ac b/configure.ac
index 9c40416151732b98dde6ef36dfcbd50073cef1df..8ddcd52b70f86db8ca9e3b06e205d6e8f9f535bf 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -514,6 +514,20 @@ if test x$stroke = xtrue; then
        counters=true
 fi
 
+if test x$kdf = xfalse; then
+       if test x$aesni = xtrue -o x$cmac = xtrue -o x$xcbc = xtrue; then
+               AC_MSG_WARN(m4_normalize([
+                       kdf plugin is required for possible use of PRF_AES128_XCBC/CMAC
+                       by one of these plugins: aesni, cmac, xcbc]))
+               kdf=true
+       elif test x$botan = xfalse -a x$openssl = xfalse -a x$wolfssl = xfalse; then
+               AC_MSG_WARN(m4_normalize([
+                       kdf plugin is required because none of the following plugins is
+                       enabled: botan, openssl, wolfssl]))
+               kdf=true
+       fi
+fi
+
 # ===========================================
 #  check required libraries and header files
 # ===========================================