xref: /freebsd/contrib/ntp/sntp/m4/ntp_openssl.m4 (revision 119b75925c562202145d7bac7b676b98029c6cb9)
1dnl ####################################################################
2dnl OpenSSL support shared by top-level and sntp/configure.ac
3dnl
4dnl Provides command-line option --with-crypto, as well as deprecated
5dnl options --with-openssl-incdir, --with-openssl-libdir, and the
6dnl latter's suboption --with-rpath.
7dnl
8dnl Specifying --with-openssl-libdir or --with-openssl-incdir causes any
9dnl pkg-config openssl information to be ignored in favor of the legacy
10dnl manual search for directories and specified library names.
11dnl
12dnl Output AC_DEFINEs (for config.h)
13dnl	OPENSSL		defined only if using OpenSSL
14dnl
15dnl Output variables:
16dnl	ntp_openssl	yes if using OpenSSL, no otherwise
17dnl
18dnl Output substitutions:
19dnl	CFLAGS_NTP	OpenSSL-specific flags added as needed, and
20dnl			-Wstrict-prototypes for gcc if it does not
21dnl			trigger a flood of warnings for each file
22dnl			including OpenSSL headers.
23dnl	CPPFLAGS_NTP	OpenSSL -Iincludedir flags added as needed.
24dnl	LDADD_NTP	OpenSSL -L and -l flags added as needed.
25dnl	LDFLAGS_NTP	Other OpenSSL link flags added as needed.
26dnl
27dnl ####################################################################
28AC_DEFUN([NTP_OPENSSL], [
29AC_REQUIRE([NTP_PKG_CONFIG])dnl
30AC_REQUIRE([NTP_VER_SUFFIX])dnl
31
32AC_ARG_WITH(
33    [crypto],
34    [AS_HELP_STRING(
35	[--with-crypto],
36	[+ =openssl,libcrypto]
37    )]
38)
39AC_ARG_WITH(
40    [openssl-libdir],
41    [AS_HELP_STRING(
42	[--with-openssl-libdir],
43	[+ =/something/reasonable]
44    )]
45)
46AC_ARG_WITH(
47    [openssl-incdir],
48    [AS_HELP_STRING(
49	[--with-openssl-incdir],
50	[+ =/something/reasonable]
51    )]
52)
53AC_ARG_WITH(
54    [rpath],
55    [AS_HELP_STRING(
56	[--without-rpath],
57	[s Disable auto-added -R linker paths]
58    )]
59)
60ntp_openssl=no
61ntp_openssl_from_pkg_config=no
62with_crypto=${with_crypto:-openssl,libcrypto}
63case "$with_crypto" in
64 yes)
65    with_crypto=openssl,libcrypto
66esac
67case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in
68 no:*) ;;
69 *:notempty:notgiven:notgiven)
70    for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do
71	AC_MSG_CHECKING([pkg-config for $pkg])
72	if $PKG_CONFIG --exists $pkg ; then
73	    CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`"
74	    CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`"
75	    LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`"
76	    LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l $pkg`"
77	    LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`"
78	    VER_SUFFIX=o
79	    ntp_openssl=yes
80	    ntp_openssl_from_pkg_config=yes
81	    AC_MSG_RESULT([yes])
82
83	    break
84	fi
85	AC_MSG_RESULT([no])
86    done
87esac
88case "$with_crypto:$ntp_openssl" in
89 no:*) ;;
90 *:no)
91    need_dash_r=
92    need_dash_Wlrpath=
93    case "${with_rpath-notgiven}" in
94     yes)
95	# Lame - what to do if we need -Wl... but not -R?
96	need_dash_r=1
97	;;
98     notgiven)
99	case "$host" in
100	 *-*-linux*)
101	    # This may really only be true for gcc
102	    need_dash_Wlrpath=1
103	    ;;
104	 *-*-netbsd*)
105	    need_dash_r=1
106	    ;;
107	 *-*-solaris*)
108	    need_dash_r=1
109	    ;;
110	esac
111	;;
112    esac
113
114    AC_MSG_CHECKING([for openssl library directory])
115    with_openssl_libdir=${with_openssl_libdir-notgiven}
116    case "$with_openssl_libdir" in
117     notgiven)
118	case "$build" in
119	 $host)
120	    with_openssl_libdir=default
121	    ;;
122	 *)
123	    with_openssl_libdir=no
124	    ;;
125	esac
126    esac
127    case "$with_openssl_libdir" in
128     default)
129	# Look in:
130	with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib"
131	with_openssl_libdir="$with_openssl_libdir /usr/local/lib"
132	with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib"
133    esac
134    case "$with_openssl_libdir" in
135     no)
136	;;
137     *) # Look for libcrypto.a and libssl.a:
138	for i in $with_openssl_libdir no
139	do
140	    case "$host" in
141	     *-*-darwin*)
142		test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break
143		;;
144	     *)
145		test -f $i/libcrypto.so -a -f $i/libssl.so && break
146		test -f $i/libcrypto.a -a -f $i/libssl.a && break
147		;;
148	    esac
149	done
150	openssl_libdir=$i
151	;;
152    esac
153    AC_MSG_RESULT([$openssl_libdir])
154    case "$openssl_libdir" in
155     no)
156	openssl_libdir=
157	AC_MSG_WARN([libcrypto and libssl not found in any of $with_openssl_libdir])
158    esac
159
160    AC_MSG_CHECKING([for openssl include directory])
161    with_openssl_incdir=${with_openssl_incdir-notgiven}
162    case "$with_openssl_incdir" in
163     notgiven)
164	# Look in:
165	with_openssl_incdir="/usr/include /usr/sfw/include"
166	with_openssl_incdir="$with_openssl_incdir /usr/local/include"
167	with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include"
168    esac
169    case "$with_openssl_incdir" in
170     no)
171	;;
172     *) # look for openssl/evp.h:
173	for i in $with_openssl_incdir no
174	do
175	    test -f $i/openssl/evp.h && break
176	done
177	openssl_incdir=$i
178	;;
179    esac
180    AS_UNSET([i])
181    AC_MSG_RESULT([$openssl_incdir])
182    case "$openssl_incdir" in
183     no)
184	openssl_incdir=
185	AC_MSG_WARN([did not find openssl/evp.h in any of $with_openssl_incdir])
186    esac
187    if test -z "$openssl_libdir" -o -z "$openssl_incdir"
188    then
189	ntp_openssl=no
190    else
191	ntp_openssl=yes
192	VER_SUFFIX=o
193    fi
194    case "$ntp_openssl" in
195     yes)
196	# We have OpenSSL inc/lib dirs - use them.
197	case "$openssl_incdir" in
198	 /usr/include)
199	    ;;
200	 *)
201	    CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir"
202	    ;;
203	esac
204	case "$openssl_libdir" in
205	 /usr/lib)
206	    ;;
207	 *)
208	    LDADD_NTP="$LDADD_NTP -L$openssl_libdir"
209	    case "$need_dash_r" in
210	     1)
211		LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir"
212	    esac
213	    case "$need_dash_Wlrpath" in
214	     1)
215		LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir"
216	    esac
217	    ;;
218	esac
219	LDADD_NTP="$LDADD_NTP -lcrypto"
220    esac
221esac
222
223AC_MSG_CHECKING([if we will use crypto])
224AC_MSG_RESULT([$ntp_openssl])
225
226case "$ntp_openssl" in
227 yes)
228    AC_DEFINE([OPENSSL], [], [Use OpenSSL?])
229    case "$VER_SUFFIX" in
230     *o*) ;;
231     *) AC_MSG_ERROR([OPENSSL set but no 'o' in VER_SUFFIX!]) ;;
232    esac
233    ;;
234esac
235
236NTPO_SAVED_CPPFLAGS="$CPPFLAGS"
237CPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP"
238NTPO_SAVED_LIBS="$LIBS"
239
240#
241# check for linking with -lcrypto failure, and try -lcrypto -lz.
242# Helps m68k-atari-mint
243#
244case "$ntp_openssl:$ntp_openssl_from_pkg_config" in
245 yes:no)
246    LIBS="$NTPO_SAVED_LIBS $LDADD_NTP"
247    AC_CACHE_CHECK(
248	[if linking with -lcrypto alone works],
249	[ntp_cv_bare_lcrypto],
250	[AC_LINK_IFELSE(
251	    [AC_LANG_PROGRAM(
252		[[
253		    #include "openssl/err.h"
254		    #include "openssl/evp.h"
255		]],
256		[[
257		    ERR_load_crypto_strings();
258		    OpenSSL_add_all_algorithms();
259		]]
260	    )],
261	    [ntp_cv_bare_lcrypto=yes],
262	    [ntp_cv_bare_lcrypto=no]
263	)]
264    )
265    case "$ntp_cv_bare_lcrypto" in
266     no)
267	LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz"
268	AC_CACHE_CHECK(
269	    [if linking with -lcrypto -lz works],
270	    [ntp_cv_lcrypto_lz],
271	    [AC_LINK_IFELSE(
272		[AC_LANG_PROGRAM(
273		    [[
274			#include "openssl/err.h"
275			#include "openssl/evp.h"
276		    ]],
277		    [[
278			ERR_load_crypto_strings();
279			OpenSSL_add_all_algorithms();
280		    ]]
281		)],
282		[ntp_cv_lcrypto_lz=yes],
283		[ntp_cv_lcrypto_lz=no]
284	    )]
285	)
286	case "$ntp_cv_lcrypto_lz" in
287	 yes)
288	     LDADD_NTP="$LDADD_NTP -lz"
289	esac
290    esac
291esac
292
293#
294# Older OpenSSL headers have a number of callback prototypes inside
295# other function prototypes which trigger copious warnings with gcc's
296# -Wstrict-prototypes, which is included in -Wall.
297#
298# An example:
299#
300# int i2d_RSA_NET(const RSA *a, unsigned char **pp,
301#		  int (*cb)(), int sgckey);
302#		  ^^^^^^^^^^^
303#
304#
305#
306openssl_triggers_warnings=unknown
307NTPO_SAVED_CFLAGS="$CFLAGS"
308
309case "$ntp_openssl:$GCC" in
310 yes:yes)
311    CFLAGS="$CFLAGS -Werror"
312    AC_COMPILE_IFELSE(
313	[AC_LANG_PROGRAM(
314	    [[
315	    ]],
316	    [[
317		/* see if -Werror breaks gcc */
318	    ]]
319	)],
320	[gcc_handles_Werror=yes],
321	[gcc_handles_Werror=no]
322    )
323    case "$gcc_handles_Werror" in
324     no)
325	# if this gcc doesn't do -Werror go ahead and use
326	# -Wstrict-prototypes.
327	openssl_triggers_warnings=yes
328	;;
329     yes)
330	CFLAGS="$CFLAGS -Wstrict-prototypes"
331	AC_COMPILE_IFELSE(
332	    [AC_LANG_PROGRAM(
333		[[
334		    #include "openssl/asn1_mac.h"
335		    #include "openssl/bn.h"
336		    #include "openssl/err.h"
337		    #include "openssl/evp.h"
338		    #include "openssl/pem.h"
339		    #include "openssl/rand.h"
340		    #include "openssl/x509v3.h"
341		]],
342		[[
343		    /* empty body */
344		]]
345	    )],
346	    [openssl_triggers_warnings=no],
347	    [openssl_triggers_warnings=yes]
348	)
349    esac
350    case "$openssl_triggers_warnings" in
351     yes)
352	CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes"
353	;;
354     *)
355	CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes"
356    esac
357    ;;
358 no:yes)
359    # gcc without OpenSSL
360    CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes"
361esac
362
363# Because we don't want -Werror for the EVP_MD_do_all_sorted check
364CFLAGS="$NTPO_SAVED_CFLAGS"
365
366case "$ntp_openssl" in
367 yes)
368    LIBS="$NTPO_SAVED_LIBS $LDADD_NTP"
369    AC_CHECK_FUNCS([EVP_MD_do_all_sorted])
370    ;;
371esac
372
373CPPFLAGS="$NTPO_SAVED_CPPFLAGS"
374LIBS="$NTPO_SAVED_LIBS"
375AS_UNSET([NTPO_SAVED_CFLAGS])
376AS_UNSET([NTPO_SAVED_CPPFLAGS])
377AS_UNSET([NTPO_SAVED_LIBS])
378AS_UNSET([openssl_triggers_warnings])
379AS_UNSET([ntp_openssl_from_pkg_config])
380])
381dnl ======================================================================
382