1275970Scydnl #################################################################### 2275970Scydnl OpenSSL support shared by top-level and sntp/configure.ac 3275970Scydnl 4275970Scydnl Provides command-line option --with-crypto, as well as deprecated 5275970Scydnl options --with-openssl-incdir, --with-openssl-libdir, and the 6275970Scydnl latter's suboption --with-rpath. 7275970Scydnl 8275970Scydnl Specifying --with-openssl-libdir or --with-openssl-incdir causes any 9275970Scydnl pkg-config openssl information to be ignored in favor of the legacy 10275970Scydnl manual search for directories and specified library names. 11275970Scydnl 12275970Scydnl Output AC_DEFINEs (for config.h) 13275970Scydnl OPENSSL defined only if using OpenSSL 14275970Scydnl 15275970Scydnl Output variables: 16275970Scydnl ntp_openssl yes if using OpenSSL, no otherwise 17275970Scydnl 18275970Scydnl Output substitutions: 19275970Scydnl CFLAGS_NTP OpenSSL-specific flags added as needed, and 20275970Scydnl -Wstrict-prototypes for gcc if it does not 21275970Scydnl trigger a flood of warnings for each file 22275970Scydnl including OpenSSL headers. 23275970Scydnl CPPFLAGS_NTP OpenSSL -Iincludedir flags added as needed. 24275970Scydnl LDADD_NTP OpenSSL -L and -l flags added as needed. 25275970Scydnl LDFLAGS_NTP Other OpenSSL link flags added as needed. 26275970Scydnl 27275970Scydnl #################################################################### 28275970ScyAC_DEFUN([NTP_OPENSSL], [ 29275970ScyAC_REQUIRE([NTP_PKG_CONFIG])dnl 30275970ScyAC_REQUIRE([NTP_VER_SUFFIX])dnl 31275970Scy 32275970ScyAC_ARG_WITH( 33275970Scy [crypto], 34275970Scy [AS_HELP_STRING( 35275970Scy [--with-crypto], 36275970Scy [+ =openssl,libcrypto] 37275970Scy )] 38275970Scy) 39275970ScyAC_ARG_WITH( 40275970Scy [openssl-libdir], 41275970Scy [AS_HELP_STRING( 42275970Scy [--with-openssl-libdir], 43275970Scy [+ =/something/reasonable] 44275970Scy )] 45275970Scy) 46275970ScyAC_ARG_WITH( 47275970Scy [openssl-incdir], 48275970Scy [AS_HELP_STRING( 49275970Scy [--with-openssl-incdir], 50275970Scy [+ =/something/reasonable] 51275970Scy )] 52275970Scy) 53275970ScyAC_ARG_WITH( 54275970Scy [rpath], 55275970Scy [AS_HELP_STRING( 56275970Scy [--without-rpath], 57275970Scy [s Disable auto-added -R linker paths] 58275970Scy )] 59275970Scy) 60316722Sdelphij 61275970Scyntp_openssl=no 62275970Scyntp_openssl_from_pkg_config=no 63316722Sdelphij 64275970Scywith_crypto=${with_crypto:-openssl,libcrypto} 65275970Scycase "$with_crypto" in 66275970Scy yes) 67275970Scy with_crypto=openssl,libcrypto 68275970Scyesac 69316722Sdelphij 70316722Sdelphijdnl AC_MSG_NOTICE(['%with_crypto:%{PKG_CONFIG:+notempty}:%{with_openssl_libdir-notgiven}:%{with_openssl_incdir-notgiven}']) 71316722Sdelphijdnl str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" 72316722Sdelphijdnl AC_MSG_NOTICE([$str]) 73316722Sdelphij 74275970Scycase "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in 75275970Scy no:*) ;; 76275970Scy *:notempty:notgiven:notgiven) 77275970Scy for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do 78275970Scy AC_MSG_CHECKING([pkg-config for $pkg]) 79275970Scy if $PKG_CONFIG --exists $pkg ; then 80275970Scy CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`" 81275970Scy CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`" 82275970Scy LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`" 83316722Sdelphij LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l --static $pkg`" 84275970Scy LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`" 85275970Scy VER_SUFFIX=o 86275970Scy ntp_openssl=yes 87275970Scy ntp_openssl_from_pkg_config=yes 88275970Scy AC_MSG_RESULT([yes]) 89275970Scy 90275970Scy break 91275970Scy fi 92275970Scy AC_MSG_RESULT([no]) 93275970Scy done 94275970Scyesac 95316722Sdelphijdnl AC_MSG_NOTICE([OpenSSL Phase I checks:]) 96316722Sdelphijdnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP]) 97316722Sdelphijdnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP]) 98316722Sdelphijdnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP]) 99316722Sdelphijdnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP]) 100275970Scycase "$with_crypto:$ntp_openssl" in 101275970Scy no:*) ;; 102275970Scy *:no) 103275970Scy need_dash_r= 104275970Scy need_dash_Wlrpath= 105275970Scy case "${with_rpath-notgiven}" in 106275970Scy yes) 107275970Scy # Lame - what to do if we need -Wl... but not -R? 108275970Scy need_dash_r=1 109275970Scy ;; 110275970Scy notgiven) 111275970Scy case "$host" in 112275970Scy *-*-linux*) 113275970Scy # This may really only be true for gcc 114275970Scy need_dash_Wlrpath=1 115275970Scy ;; 116275970Scy *-*-netbsd*) 117275970Scy need_dash_r=1 118275970Scy ;; 119275970Scy *-*-solaris*) 120275970Scy need_dash_r=1 121275970Scy ;; 122275970Scy esac 123275970Scy ;; 124275970Scy esac 125275970Scy 126275970Scy AC_MSG_CHECKING([for openssl library directory]) 127275970Scy with_openssl_libdir=${with_openssl_libdir-notgiven} 128275970Scy case "$with_openssl_libdir" in 129275970Scy notgiven) 130275970Scy case "$build" in 131275970Scy $host) 132275970Scy with_openssl_libdir=default 133275970Scy ;; 134275970Scy *) 135275970Scy with_openssl_libdir=no 136275970Scy ;; 137275970Scy esac 138275970Scy esac 139275970Scy case "$with_openssl_libdir" in 140275970Scy default) 141275970Scy # Look in: 142275970Scy with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib" 143275970Scy with_openssl_libdir="$with_openssl_libdir /usr/local/lib" 144275970Scy with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib" 145275970Scy esac 146275970Scy case "$with_openssl_libdir" in 147275970Scy no) 148275970Scy ;; 149275970Scy *) # Look for libcrypto.a and libssl.a: 150275970Scy for i in $with_openssl_libdir no 151275970Scy do 152275970Scy case "$host" in 153275970Scy *-*-darwin*) 154275970Scy test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break 155275970Scy ;; 156275970Scy *) 157275970Scy test -f $i/libcrypto.so -a -f $i/libssl.so && break 158275970Scy test -f $i/libcrypto.a -a -f $i/libssl.a && break 159275970Scy ;; 160275970Scy esac 161275970Scy done 162275970Scy openssl_libdir=$i 163275970Scy ;; 164275970Scy esac 165275970Scy AC_MSG_RESULT([$openssl_libdir]) 166275970Scy case "$openssl_libdir" in 167275970Scy no) 168275970Scy openssl_libdir= 169275970Scy AC_MSG_WARN([libcrypto and libssl not found in any of $with_openssl_libdir]) 170275970Scy esac 171275970Scy 172275970Scy AC_MSG_CHECKING([for openssl include directory]) 173275970Scy with_openssl_incdir=${with_openssl_incdir-notgiven} 174275970Scy case "$with_openssl_incdir" in 175275970Scy notgiven) 176275970Scy # Look in: 177275970Scy with_openssl_incdir="/usr/include /usr/sfw/include" 178275970Scy with_openssl_incdir="$with_openssl_incdir /usr/local/include" 179275970Scy with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include" 180275970Scy esac 181275970Scy case "$with_openssl_incdir" in 182275970Scy no) 183275970Scy ;; 184275970Scy *) # look for openssl/evp.h: 185275970Scy for i in $with_openssl_incdir no 186275970Scy do 187275970Scy test -f $i/openssl/evp.h && break 188275970Scy done 189275970Scy openssl_incdir=$i 190275970Scy ;; 191275970Scy esac 192275970Scy AS_UNSET([i]) 193275970Scy AC_MSG_RESULT([$openssl_incdir]) 194275970Scy case "$openssl_incdir" in 195275970Scy no) 196275970Scy openssl_incdir= 197275970Scy AC_MSG_WARN([did not find openssl/evp.h in any of $with_openssl_incdir]) 198275970Scy esac 199275970Scy if test -z "$openssl_libdir" -o -z "$openssl_incdir" 200275970Scy then 201275970Scy ntp_openssl=no 202275970Scy else 203275970Scy ntp_openssl=yes 204275970Scy VER_SUFFIX=o 205275970Scy fi 206275970Scy case "$ntp_openssl" in 207275970Scy yes) 208275970Scy # We have OpenSSL inc/lib dirs - use them. 209275970Scy case "$openssl_incdir" in 210275970Scy /usr/include) 211275970Scy ;; 212275970Scy *) 213275970Scy CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir" 214275970Scy ;; 215275970Scy esac 216275970Scy case "$openssl_libdir" in 217275970Scy /usr/lib) 218275970Scy ;; 219275970Scy *) 220275970Scy LDADD_NTP="$LDADD_NTP -L$openssl_libdir" 221275970Scy case "$need_dash_r" in 222275970Scy 1) 223275970Scy LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir" 224275970Scy esac 225275970Scy case "$need_dash_Wlrpath" in 226275970Scy 1) 227275970Scy LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir" 228275970Scy esac 229275970Scy ;; 230275970Scy esac 231275970Scy LDADD_NTP="$LDADD_NTP -lcrypto" 232275970Scy esac 233275970Scyesac 234275970Scy 235275970ScyAC_MSG_CHECKING([if we will use crypto]) 236275970ScyAC_MSG_RESULT([$ntp_openssl]) 237275970Scy 238275970Scycase "$ntp_openssl" in 239275970Scy yes) 240275970Scy AC_DEFINE([OPENSSL], [], [Use OpenSSL?]) 241275970Scy case "$VER_SUFFIX" in 242275970Scy *o*) ;; 243275970Scy *) AC_MSG_ERROR([OPENSSL set but no 'o' in VER_SUFFIX!]) ;; 244275970Scy esac 245275970Scy ;; 246275970Scyesac 247275970Scy 248275970ScyNTPO_SAVED_CPPFLAGS="$CPPFLAGS" 249275970ScyCPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP" 250275970ScyNTPO_SAVED_LIBS="$LIBS" 251275970Scy 252275970Scy# 253275970Scy# check for linking with -lcrypto failure, and try -lcrypto -lz. 254275970Scy# Helps m68k-atari-mint 255275970Scy# 256275970Scycase "$ntp_openssl:$ntp_openssl_from_pkg_config" in 257275970Scy yes:no) 258275970Scy LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" 259275970Scy AC_CACHE_CHECK( 260275970Scy [if linking with -lcrypto alone works], 261275970Scy [ntp_cv_bare_lcrypto], 262275970Scy [AC_LINK_IFELSE( 263275970Scy [AC_LANG_PROGRAM( 264275970Scy [[ 265275970Scy #include "openssl/err.h" 266275970Scy #include "openssl/evp.h" 267275970Scy ]], 268275970Scy [[ 269275970Scy ERR_load_crypto_strings(); 270275970Scy OpenSSL_add_all_algorithms(); 271275970Scy ]] 272275970Scy )], 273275970Scy [ntp_cv_bare_lcrypto=yes], 274275970Scy [ntp_cv_bare_lcrypto=no] 275275970Scy )] 276275970Scy ) 277275970Scy case "$ntp_cv_bare_lcrypto" in 278275970Scy no) 279275970Scy LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz" 280275970Scy AC_CACHE_CHECK( 281275970Scy [if linking with -lcrypto -lz works], 282275970Scy [ntp_cv_lcrypto_lz], 283275970Scy [AC_LINK_IFELSE( 284275970Scy [AC_LANG_PROGRAM( 285275970Scy [[ 286275970Scy #include "openssl/err.h" 287275970Scy #include "openssl/evp.h" 288275970Scy ]], 289275970Scy [[ 290275970Scy ERR_load_crypto_strings(); 291275970Scy OpenSSL_add_all_algorithms(); 292275970Scy ]] 293275970Scy )], 294275970Scy [ntp_cv_lcrypto_lz=yes], 295275970Scy [ntp_cv_lcrypto_lz=no] 296275970Scy )] 297275970Scy ) 298275970Scy case "$ntp_cv_lcrypto_lz" in 299275970Scy yes) 300275970Scy LDADD_NTP="$LDADD_NTP -lz" 301275970Scy esac 302275970Scy esac 303275970Scyesac 304275970Scy 305275970Scy# 306275970Scy# Older OpenSSL headers have a number of callback prototypes inside 307275970Scy# other function prototypes which trigger copious warnings with gcc's 308275970Scy# -Wstrict-prototypes, which is included in -Wall. 309275970Scy# 310275970Scy# An example: 311275970Scy# 312275970Scy# int i2d_RSA_NET(const RSA *a, unsigned char **pp, 313275970Scy# int (*cb)(), int sgckey); 314275970Scy# ^^^^^^^^^^^ 315275970Scy# 316275970Scy# 317275970Scy# 318275970Scyopenssl_triggers_warnings=unknown 319275970ScyNTPO_SAVED_CFLAGS="$CFLAGS" 320275970Scy 321275970Scycase "$ntp_openssl:$GCC" in 322275970Scy yes:yes) 323275970Scy CFLAGS="$CFLAGS -Werror" 324275970Scy AC_COMPILE_IFELSE( 325275970Scy [AC_LANG_PROGRAM( 326275970Scy [[ 327275970Scy ]], 328275970Scy [[ 329275970Scy /* see if -Werror breaks gcc */ 330275970Scy ]] 331275970Scy )], 332275970Scy [gcc_handles_Werror=yes], 333275970Scy [gcc_handles_Werror=no] 334275970Scy ) 335275970Scy case "$gcc_handles_Werror" in 336275970Scy no) 337275970Scy # if this gcc doesn't do -Werror go ahead and use 338275970Scy # -Wstrict-prototypes. 339275970Scy openssl_triggers_warnings=yes 340275970Scy ;; 341275970Scy yes) 342275970Scy CFLAGS="$CFLAGS -Wstrict-prototypes" 343275970Scy AC_COMPILE_IFELSE( 344275970Scy [AC_LANG_PROGRAM( 345275970Scy [[ 346275970Scy #include "openssl/asn1_mac.h" 347275970Scy #include "openssl/bn.h" 348275970Scy #include "openssl/err.h" 349275970Scy #include "openssl/evp.h" 350275970Scy #include "openssl/pem.h" 351275970Scy #include "openssl/rand.h" 352275970Scy #include "openssl/x509v3.h" 353275970Scy ]], 354275970Scy [[ 355275970Scy /* empty body */ 356275970Scy ]] 357275970Scy )], 358275970Scy [openssl_triggers_warnings=no], 359275970Scy [openssl_triggers_warnings=yes] 360275970Scy ) 361275970Scy esac 362275970Scy case "$openssl_triggers_warnings" in 363275970Scy yes) 364275970Scy CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes" 365275970Scy ;; 366275970Scy *) 367275970Scy CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" 368275970Scy esac 369275970Scy ;; 370275970Scy no:yes) 371275970Scy # gcc without OpenSSL 372275970Scy CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" 373275970Scyesac 374275970Scy 375285169Scy# Because we don't want -Werror for the EVP_MD_do_all_sorted check 376275970ScyCFLAGS="$NTPO_SAVED_CFLAGS" 377285169Scy 378285169Scycase "$ntp_openssl" in 379285169Scy yes) 380285169Scy LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" 381285169Scy AC_CHECK_FUNCS([EVP_MD_do_all_sorted]) 382285169Scy ;; 383285169Scyesac 384285169Scy 385316722Sdelphijdnl AC_MSG_NOTICE([OpenSSL final checks:]) 386316722Sdelphijdnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP]) 387316722Sdelphijdnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP]) 388316722Sdelphijdnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP]) 389316722Sdelphijdnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP]) 390316722Sdelphij 391275970ScyCPPFLAGS="$NTPO_SAVED_CPPFLAGS" 392275970ScyLIBS="$NTPO_SAVED_LIBS" 393275970ScyAS_UNSET([NTPO_SAVED_CFLAGS]) 394275970ScyAS_UNSET([NTPO_SAVED_CPPFLAGS]) 395275970ScyAS_UNSET([NTPO_SAVED_LIBS]) 396275970ScyAS_UNSET([openssl_triggers_warnings]) 397275970ScyAS_UNSET([ntp_openssl_from_pkg_config]) 398275970Scy]) 399275970Scydnl ====================================================================== 400