xref: /freebsd/contrib/ntp/sntp/m4/ntp_openssl.m4 (revision 63a938566d524836885917d95bd491aa4400b181) 
1dnl ####################################################################
2dnl OpenSSL support shared by top-level and sntp/configure.ac
3dnl
4dnl Provides command-line option --with-crypto, as well as deprecated
5dnl options --with-openssl-incdir, --with-openssl-libdir, and the
6dnl latter's suboption --with-rpath.
7dnl
8dnl Specifying --with-openssl-libdir or --with-openssl-incdir causes any
9dnl pkg-config openssl information to be ignored in favor of the legacy
10dnl manual search for directories and specified library names.
11dnl
12dnl Output AC_DEFINEs (for config.h)
13dnl	OPENSSL		defined only if using OpenSSL
14dnl
15dnl Output variables:
16dnl	ntp_openssl	yes if using OpenSSL, no otherwise
17dnl
18dnl Output substitutions:
19dnl	CFLAGS_NTP	OpenSSL-specific flags added as needed, and
20dnl			-Wstrict-prototypes for gcc if it does not
21dnl			trigger a flood of warnings for each file
22dnl			including OpenSSL headers.
23dnl	CPPFLAGS_NTP	OpenSSL -Iincludedir flags added as needed.
24dnl	LDADD_NTP	OpenSSL -L and -l flags added as needed.
25dnl	LDFLAGS_NTP	Other OpenSSL link flags added as needed.
26dnl
27dnl ####################################################################
28AC_DEFUN([NTP_OPENSSL], [
29AC_REQUIRE([NTP_PKG_CONFIG])dnl
30AC_REQUIRE([NTP_VER_SUFFIX])dnl
31
32AC_ARG_WITH(
33    [crypto],
34    [AS_HELP_STRING(
35	[--with-crypto],
36	[+ =openssl,libcrypto]
37    )]
38)
39AC_ARG_WITH(
40    [openssl-libdir],
41    [AS_HELP_STRING(
42	[--with-openssl-libdir],
43	[+ =/something/reasonable]
44    )]
45)
46AC_ARG_WITH(
47    [openssl-incdir],
48    [AS_HELP_STRING(
49	[--with-openssl-incdir],
50	[+ =/something/reasonable]
51    )]
52)
53AC_ARG_WITH(
54    [rpath],
55    [AS_HELP_STRING(
56	[--without-rpath],
57	[s Disable auto-added -R linker paths]
58    )]
59)
60
61ntp_openssl=no
62ntp_openssl_from_pkg_config=no
63
64with_crypto=${with_crypto:-openssl,libcrypto}
65case "$with_crypto" in
66 yes)
67    with_crypto=openssl,libcrypto
68esac
69
70dnl AC_MSG_NOTICE(['%with_crypto:%{PKG_CONFIG:+notempty}:%{with_openssl_libdir-notgiven}:%{with_openssl_incdir-notgiven}'])
71dnl str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}"
72dnl AC_MSG_NOTICE([$str])
73
74case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in
75 no:*) ;;
76 *:notempty:notgiven:notgiven)
77    for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do
78	AC_MSG_CHECKING([pkg-config for $pkg])
79	if $PKG_CONFIG --exists $pkg ; then
80	    CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`"
81	    CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`"
82	    LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`"
83	    LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l --static $pkg`"
84	    LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`"
85	    VER_SUFFIX=o
86	    ntp_openssl=yes
87	    ntp_openssl_from_pkg_config=yes
88	    ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`"
89	    case "$ntp_openssl_version" in
90	     *.*) ;;
91	     *) ntp_openssl_version='(unknown)' ;;
92	    esac
93	    AC_MSG_RESULT([yes, version $ntp_openssl_version])
94
95	    break
96	fi
97	AC_MSG_RESULT([no])
98    done
99esac
100dnl AC_MSG_NOTICE([OpenSSL Phase I checks:])
101dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP])
102dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP])
103dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP])
104dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP])
105case "$with_crypto:$ntp_openssl" in
106 no:*) ;;
107 *:no)
108    need_dash_r=
109    need_dash_Wlrpath=
110    case "${with_rpath-notgiven}" in
111     yes)
112	# Lame - what to do if we need -Wl... but not -R?
113	need_dash_r=1
114	;;
115     notgiven)
116	case "$host" in
117	 *-*-linux*)
118	    # This may really only be true for gcc
119	    need_dash_Wlrpath=1
120	    ;;
121	 *-*-netbsd*)
122	    need_dash_r=1
123	    ;;
124	 *-*-solaris*)
125	    need_dash_r=1
126	    ;;
127	esac
128	;;
129    esac
130
131    AC_MSG_CHECKING([for openssl library directory])
132    with_openssl_libdir=${with_openssl_libdir-notgiven}
133    case "$with_openssl_libdir" in
134     notgiven)
135	case "$build" in
136	 $host)
137	    with_openssl_libdir=default
138	    ;;
139	 *)
140	    with_openssl_libdir=no
141	    ;;
142	esac
143    esac
144    case "$with_openssl_libdir" in
145     default)
146	# Look in:
147	with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib"
148	with_openssl_libdir="$with_openssl_libdir /usr/local/lib"
149	with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib"
150    esac
151    case "$with_openssl_libdir" in
152     no)
153	;;
154     *) # Look for libcrypto.a and libssl.a:
155	for i in $with_openssl_libdir no
156	do
157	    case "$host" in
158	     *-*-darwin*)
159		test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break
160		;;
161	     *)
162		test -f $i/libcrypto.so -a -f $i/libssl.so && break
163		test -f $i/libcrypto.a -a -f $i/libssl.a && break
164		;;
165	    esac
166	done
167	openssl_libdir=$i
168	;;
169    esac
170    AC_MSG_RESULT([$openssl_libdir])
171    case "$openssl_libdir" in
172     no)
173	openssl_libdir=
174	AC_MSG_WARN([libcrypto and libssl not found in any of $with_openssl_libdir])
175    esac
176
177    AC_MSG_CHECKING([for openssl include directory])
178    with_openssl_incdir=${with_openssl_incdir-notgiven}
179    case "$with_openssl_incdir" in
180     notgiven)
181	# Look in:
182	with_openssl_incdir="/usr/include /usr/sfw/include"
183	with_openssl_incdir="$with_openssl_incdir /usr/local/include"
184	with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include"
185    esac
186    case "$with_openssl_incdir" in
187     no)
188	;;
189     *) # look for openssl/evp.h:
190	for i in $with_openssl_incdir no
191	do
192	    test -f $i/openssl/evp.h && break
193	done
194	openssl_incdir=$i
195	;;
196    esac
197    AS_UNSET([i])
198    AC_MSG_RESULT([$openssl_incdir])
199    case "$openssl_incdir" in
200     no)
201	openssl_incdir=
202	AC_MSG_WARN([did not find openssl/evp.h in any of $with_openssl_incdir])
203    esac
204    if test -z "$openssl_libdir" -o -z "$openssl_incdir"
205    then
206	ntp_openssl=no
207    else
208	ntp_openssl=yes
209	VER_SUFFIX=o
210    fi
211    case "$ntp_openssl" in
212     yes)
213	# We have OpenSSL inc/lib dirs - use them.
214	case "$openssl_incdir" in
215	 /usr/include)
216	    ;;
217	 *)
218	    CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir"
219	    ;;
220	esac
221	case "$openssl_libdir" in
222	 /usr/lib)
223	    ;;
224	 *)
225	    LDADD_NTP="$LDADD_NTP -L$openssl_libdir"
226	    case "$need_dash_r" in
227	     1)
228		LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir"
229	    esac
230	    case "$need_dash_Wlrpath" in
231	     1)
232		LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir"
233	    esac
234	    ;;
235	esac
236	LDADD_NTP="$LDADD_NTP -lcrypto"
237    esac
238esac
239
240AC_MSG_CHECKING([if we will use crypto])
241AC_MSG_RESULT([$ntp_openssl])
242
243case "$ntp_openssl" in
244 yes)
245    AC_DEFINE([OPENSSL], [], [Use OpenSSL?])
246    case "$VER_SUFFIX" in
247     *o*) ;;
248     *) AC_MSG_ERROR([OPENSSL set but no 'o' in VER_SUFFIX!]) ;;
249    esac
250    ;;
251esac
252
253NTPO_SAVED_CPPFLAGS="$CPPFLAGS"
254CPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP"
255NTPO_SAVED_LIBS="$LIBS"
256
257#
258# check for linking with -lcrypto failure, and try -lcrypto -lz.
259# Helps m68k-atari-mint
260#
261case "$ntp_openssl:$ntp_openssl_from_pkg_config" in
262 yes:no)
263    LIBS="$NTPO_SAVED_LIBS $LDADD_NTP"
264    AC_CACHE_CHECK(
265	[if linking with -lcrypto alone works],
266	[ntp_cv_bare_lcrypto],
267	[AC_LINK_IFELSE(
268	    [AC_LANG_PROGRAM(
269		[[
270		    #include "openssl/err.h"
271		    #include "openssl/evp.h"
272		]],
273		[[
274		    ERR_load_crypto_strings();
275		    OpenSSL_add_all_algorithms();
276		]]
277	    )],
278	    [ntp_cv_bare_lcrypto=yes],
279	    [ntp_cv_bare_lcrypto=no]
280	)]
281    )
282    case "$ntp_cv_bare_lcrypto" in
283     no)
284	LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz"
285	AC_CACHE_CHECK(
286	    [if linking with -lcrypto -lz works],
287	    [ntp_cv_lcrypto_lz],
288	    [AC_LINK_IFELSE(
289		[AC_LANG_PROGRAM(
290		    [[
291			#include "openssl/err.h"
292			#include "openssl/evp.h"
293		    ]],
294		    [[
295			ERR_load_crypto_strings();
296			OpenSSL_add_all_algorithms();
297		    ]]
298		)],
299		[ntp_cv_lcrypto_lz=yes],
300		[ntp_cv_lcrypto_lz=no]
301	    )]
302	)
303	case "$ntp_cv_lcrypto_lz" in
304	 yes)
305	     LDADD_NTP="$LDADD_NTP -lz"
306	esac
307    esac
308esac
309
310#
311# Older OpenSSL headers have a number of callback prototypes inside
312# other function prototypes which trigger copious warnings with gcc's
313# -Wstrict-prototypes, which is included in -Wall.
314#
315# An example:
316#
317# int i2d_RSA_NET(const RSA *a, unsigned char **pp,
318#		  int (*cb)(), int sgckey);
319#		  ^^^^^^^^^^^
320#
321#
322#
323openssl_triggers_warnings=unknown
324NTPO_SAVED_CFLAGS="$CFLAGS"
325
326case "$ntp_openssl:$GCC" in
327 yes:yes)
328    CFLAGS="$CFLAGS -Werror"
329    AC_COMPILE_IFELSE(
330	[AC_LANG_PROGRAM(
331	    [[
332	    ]],
333	    [[
334		/* see if -Werror breaks gcc */
335	    ]]
336	)],
337	[gcc_handles_Werror=yes],
338	[gcc_handles_Werror=no]
339    )
340    case "$gcc_handles_Werror" in
341     no)
342	# if this gcc doesn't do -Werror go ahead and use
343	# -Wstrict-prototypes.
344	openssl_triggers_warnings=yes
345	;;
346     yes)
347	CFLAGS="$CFLAGS -Wstrict-prototypes"
348	AC_COMPILE_IFELSE(
349	    [AC_LANG_PROGRAM(
350		[[
351		    #include "openssl/asn1_mac.h"
352		    #include "openssl/bn.h"
353		    #include "openssl/err.h"
354		    #include "openssl/evp.h"
355		    #include "openssl/pem.h"
356		    #include "openssl/rand.h"
357		    #include "openssl/x509v3.h"
358		]],
359		[[
360		    /* empty body */
361		]]
362	    )],
363	    [openssl_triggers_warnings=no],
364	    [openssl_triggers_warnings=yes]
365	)
366    esac
367    case "$openssl_triggers_warnings" in
368     yes)
369	CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes"
370	;;
371     *)
372	CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes"
373    esac
374    ;;
375 no:yes)
376    # gcc without OpenSSL
377    CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes"
378esac
379
380# Because we don't want -Werror for the EVP_MD_do_all_sorted check
381CFLAGS="$NTPO_SAVED_CFLAGS"
382
383case "$ntp_openssl" in
384 yes)
385    LIBS="$NTPO_SAVED_LIBS $LDADD_NTP"
386    AC_CHECK_FUNCS([EVP_MD_do_all_sorted])
387    ;;
388esac
389
390dnl AC_MSG_NOTICE([OpenSSL final checks:])
391dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP])
392dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP])
393dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP])
394dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP])
395
396CPPFLAGS="$NTPO_SAVED_CPPFLAGS"
397LIBS="$NTPO_SAVED_LIBS"
398AS_UNSET([NTPO_SAVED_CFLAGS])
399AS_UNSET([NTPO_SAVED_CPPFLAGS])
400AS_UNSET([NTPO_SAVED_LIBS])
401AS_UNSET([openssl_triggers_warnings])
402AS_UNSET([ntp_openssl_from_pkg_config])
403])
404dnl ======================================================================
405