summaryrefslogtreecommitdiffstats
path: root/gl/m4/gl-openssl.m4
blob: c5e1f7bafb091f66f6e3ea2a66623b02f9271cdb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# gl-openssl.m4
# serial 7
dnl Copyright (C) 2013-2024 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.

AC_DEFUN([gl_SET_CRYPTO_CHECK_DEFAULT],
[
  m4_define([gl_CRYPTO_CHECK_DEFAULT], [$1])
])
gl_SET_CRYPTO_CHECK_DEFAULT([no])

AC_DEFUN([gl_CRYPTO_CHECK],
[
  dnl gnulib users set this before gl_INIT with gl_SET_CRYPTO_CHECK_DEFAULT()
  m4_divert_once([DEFAULTS], [with_openssl_default='gl_CRYPTO_CHECK_DEFAULT'])

  dnl Only clear once, so crypto routines can be checked for individually
  m4_divert_once([DEFAULTS], [LIB_CRYPTO=])

  AC_ARG_WITH([openssl],
    [[  --with-openssl[=ARG]    use libcrypto hash routines for the hash functions
                          MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512.
                          Valid ARGs are:
                            'yes',
                            'no',
                            'auto' => use if any version available,
                            'auto-gpl-compat' => use if GPL compatible version
                                                 available,
                            'optional' => use if available
                                          and warn if not available;
                          Default is ']gl_CRYPTO_CHECK_DEFAULT['.]m4_ifdef([gl_AF_ALG], [
                          Note also --with-linux-crypto, which will enable the
                          use of Linux kernel crypto routines (if available),
                          which has precedence for files.])],
    [],
    [with_openssl=$with_openssl_default])

  AC_SUBST([LIB_CRYPTO])
  if test "x$with_openssl" != xno; then
    if test "x$with_openssl" = xauto-gpl-compat; then
      dnl OpenSSL versions < 3 are under the OpenSSL license, which is not
      dnl GPL compatible.
      dnl See <https://www.gnu.org/licenses/license-list.en.html#OpenSSL>.
      AC_CACHE_CHECK([whether openssl is GPL compatible],
                     [gl_cv_openssl_gpl_compat],
        [AC_COMPILE_IFELSE(
           [AC_LANG_PROGRAM([[
                #include <openssl/opensslv.h>
                #if OPENSSL_VERSION_MAJOR < 3
                  #error "openssl >= version 3 not found"
                #endif
              ]])],
           [gl_cv_openssl_gpl_compat=yes],
           [gl_cv_openssl_gpl_compat=no])])
    fi
    if test "x$with_openssl" != xauto-gpl-compat ||
       test "x$gl_cv_openssl_gpl_compat" = xyes; then
      AC_CHECK_LIB([crypto], [$1],
        [AC_CHECK_HEADERS(
           m4_if([$1], [MD5], [openssl/md5.h], [openssl/sha.h]),
           [LIB_CRYPTO=-lcrypto
            AC_DEFINE([HAVE_OPENSSL_$1], [1],
              [Define to 1 if libcrypto is used for $1.])])])
    fi
    if test "x$LIB_CRYPTO" = x; then
      message='openssl development library not found for $1.
  If you want to install it, first find the pre-built package name:
    - On Debian and Debian-based systems: libssl-dev,
    - On Red Hat distributions: openssl-devel.
    - Other: https://repology.org/project/openssl/versions'
      if test "x$with_openssl" = xyes; then
        AC_MSG_ERROR([$message])
      elif test "x$with_openssl" = xoptional; then
        AC_MSG_WARN([$message])
      fi
    fi
  fi
])