xref: /freebsd/contrib/ntp/sntp/m4/ntp_openssl.m4 (revision b64c5a0ace59af62eff52bfe110a521dc73c937b)
1dnl ####################################################################
2dnl OpenSSL support shared by top-level and sntp/configure.ac
3dnl
4dnl Provides command-line option --with-crypto, as well as deprecated
5dnl options --with-openssl-incdir, --with-openssl-libdir..
6dnl
7dnl Specifying --with-openssl-libdir or --with-openssl-incdir skips
8dnl pkg-config search.
9dnl
10dnl In the past, use of crypto would be silently disabled if the needed
11dnl headers and library were not found.  Now --without-crypto must be
12dnl used or configure will fail with an error.  It is now uncommon
13dnl to want to build ntpd without crypto, so don't be quiet about it.
14dnl
15dnl Output AC_DEFINEs (for config.h)
16dnl	OPENSSL		defined only if using OpenSSL
17dnl
18dnl Output variables:
19dnl	ntp_openssl	yes if using OpenSSL, no otherwise
20dnl	VER_SUFFIX	"o" if using OpenSSL
21dnl
22dnl Output substitutions:
23dnl	CFLAGS_NTP	OpenSSL-specific flags added as needed, and
24dnl			-Wstrict-prototypes for gcc if it does not
25dnl			trigger a flood of warnings for each file
26dnl			including OpenSSL headers.
27dnl	CPPFLAGS_NTP	OpenSSL -Iincludedir flags added as needed.
28dnl	LDADD_NTP	OpenSSL -L and -l flags added as needed.
29dnl	LDFLAGS_NTP	OpenSSL runpath flags as needed.
30dnl
31dnl ####################################################################
32dnl
33AC_DEFUN([NTP_OPENSSL], [
34AC_REQUIRE([AC_PROG_SED])dnl
35AC_REQUIRE([NTP_PKG_CONFIG])dnl
36AC_REQUIRE([NTP_VER_SUFFIX])dnl
37AC_REQUIRE([NTP_OPENSSL_VERBOSE_MSG])dnl
38
39AC_ARG_WITH(
40    [crypto],
41    [AS_HELP_STRING(
42	[--with-crypto],
43	[+ =openssl,libcrypto]
44    )],
45    [	dnl if given
46	case "$with_crypto" in
47	 yes)
48	    with_crypto=openssl,libcrypto
49	esac
50    ],
51    [with_crypto=openssl,libcrypto]	dnl if not given
52)
53AC_ARG_WITH(
54    [openssl-libdir],
55    [AS_HELP_STRING(
56	[--with-openssl-libdir],
57	[+ =/something/reasonable]
58    )]
59)
60AC_ARG_WITH(
61    [openssl-incdir],
62    [AS_HELP_STRING(
63	[--with-openssl-incdir],
64	[+ =search likely dirs]
65    )]
66)
67AC_ARG_ENABLE(
68    [verbose-ssl],
69    [AS_HELP_STRING(
70	[--enable-verbose-ssl],
71	[- show crypto lib detection details]
72    )],
73    [],
74    [enable_verbose_ssl=no]	dnl default to quiet
75)
76
77ntp_openssl=no
78ntp_openssl_from_pkg_config=no
79ntp_ssl_incdir=
80ntp_ssl_cflags=
81ntp_ssl_cppflags=
82ntp_ssl_libdir=
83ntp_ssl_libs_L=
84ntp_ssl_libs_l=
85ntp_ssl_libs=
86ntp_ssl_ldflags=
87
88NTPSSL_SAVED_CFLAGS="$CFLAGS"
89NTPSSL_SAVED_CPPFLAGS="$CPPFLAGS"
90NTPSSL_SAVED_LIBS="$LIBS"
91NTPSSL_SAVED_LDFLAGS="$LDFLAGS"
92
93AC_PATH_PROG([PATH_OPENSSL], [openssl])
94
95str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}"
96NTP_OPENSSL_VERBOSE_MSG([$str])
97AS_UNSET([str])
98
99# Make sure neither/both --with_openssl-{inc,lib}dir are given
100case "${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in
101 notgiven:notgiven) ;;
102 *notgiven*)
103    AC_MSG_ERROR([only one of --with-openssl-{inc,lib}dir=... given - provide both or neither])
104    ;;
105esac
106
107# HMS: Today there are only 2 case options.  We probably want a third
108# *:*:notgiven:notgiven
109# and in that case we would validate the path in PKG_CONFIG_PATH.
110# Unless we can do it with 2 cases, where the 2nd case is *:*:...
111# and we do a reality check on execpath and the headers/libraries.
112#
113##
114# if $with_crypto is not "no":
115#   if --with-openssl-{inc,lib}dir are not given:
116#     we should use pkg-config to find openssl
117#     if we don't have pkg-config, if openssl is in the base OS, use that.
118##
119case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in
120 no:*) ;;
121 *:notempty:notgiven:notgiven)
122    # If PKG_CONFIG is notempty and we haven't been given openssl paths,
123    # then let's make sure that the openssl executable's path corresponds
124    # to the path in openssl.pc, and 'openssl version' matches the Version
125    # in openssl.pc.  If $PKG_CONFIG tells us an INCPATH and/or a LIBPATH,
126    # then should we reality check them?
127    ## INCPATH
128    # harlan@ntp-testbuild.tal1> openssl version
129    # OpenSSL 1.1.1t  7 Feb 2023
130    # harlan@ntp-testbuild.tal1> grep 1.1.1t /ntpbuild/include/openssl/*
131    # /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1t  7 Feb 2023"
132    # harlan@ntp-testbuild.tal1>
133    ## LIBPATH
134    # harlan@ntp-testbuild.tal1> strings -a /ntpbuild/lib/libcrypto.* | fgrep 1.1.1t
135    # OpenSSL 1.1.1t  7 Feb 2023
136    # OpenSSL 1.1.1t  7 Feb 2023
137    # OpenSSL 1.1.1t  7 Feb 2023
138    # harlan@ntp-testbuild.tal1> ls /ntpbuild/lib/libcrypto.*
139    # /ntpbuild/lib/libcrypto.a       /ntpbuild/lib/libcrypto.so.1.1*
140    # /ntpbuild/lib/libcrypto.so@
141    # harlan@ntp-testbuild.tal1>
142    ##
143    # Having said this, do we really care if the openssl executable that
144    # we have found is matched with the INCPATH and LIBPATH?
145    # One answer: Probably not, but we should complain on a mismatch as
146    # otherwise runtime differences could easily cause problems/drama.
147
148    ##BO
149    # ntp_cv_build_framework_help=yes
150    save_PKG_CONFIG_PATH=${PKG_CONFIG_PATH}
151    for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do
152        case "$pkg" in
153	 openssl)
154	    if $PKG_CONFIG --exists $pkg ; then
155		# Found it - yay
156		# Do we want to check we found the right one?
157		# --modver
158		# --variable={libdir,includedir} (varname)
159		overf=`openssl version`
160		overs=`echo $overf | awk '{print $2}'`
161		case "$overs" in
162		 0.*) ;;	# Should we squawk?
163		 1.0.*) ;;	# Should we squawk?
164		 1.1.*) ;;	# Should we squawk?
165		 3.*)
166		    oinc=`openssl --variable=includedir`
167		    olib=`openssl --variable=libdir`
168		    # How should we use these?
169		    ;;
170		 *) ;;	# Should we squawk?
171		esac
172		# /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1t  7 Feb 2023"
173		# grep 1.1.1t /ntpbuild/lib/libcrypto.a
174		# strings -a /ntpbuild/lib/libcrypto.a | grep 1.1.1t
175		# OpenSSL 1.1.1t  7 Feb 2023
176		# harlan@ntp-testbuild.tal1>
177		# which should match $overf
178		##
179		# harlan@ntp-testbuild.tal1> echo '"OpenSSL 1.1.1t  7 Feb 2023"' | cut -f 2 -d\"
180		# OpenSSL 1.1.1t  7 Feb 2023
181		# harlan@ntp-testbuild.tal1> grep OPENSSL_VERSION_TEXT /ntpbuild/include/openssl/opensslv.h
182		# # define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1t  7 Feb 2023"
183		# harlan@ntp-testbuild.tal1>
184		##
185
186	    else
187		# This is a hack, but it's reasonable.
188		pkgpath="`echo $PATH_OPENSSL | sed -e 's:/bin/openssl$::'`/lib/pkgconfig"
189		test -d "$pkgpath" || pkgpath=
190		# echo "pkgpath is <$pkgpath>"
191		# echo "PKG_CONFIG_PATH is <$PKG_CONFIG_PATH>"
192		case "$pkgpath" in
193		 '') ;;	# Nothing to see here...
194		 *) case ":$PKG_CONFIG_PATH:" in
195		     ::)
196			PKG_CONFIG_PATH=$pkgpath
197			export PKG_CONFIG_PATH
198			;;
199		     *:$pkgpath:*)
200			# Already there...
201			;;
202		     *)
203			PKG_CONFIG_PATH="$pkgpath:$PKG_CONFIG_PATH"
204			export PKG_CONFIG_PATH
205			;;
206		    esac
207		    ;;
208		esac
209	    fi
210	    ;;
211        esac
212    done
213    ##EO
214
215    for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do
216	AC_MSG_CHECKING([pkg-config for $pkg])
217	if $PKG_CONFIG --exists $pkg ; then
218	    ntp_ssl_cppflags="`$PKG_CONFIG --cflags-only-I $pkg`"
219	    case "$ntp_ssl_cppflags" in
220	     '')
221		ntp_ssl_incdir='not needed'
222		;;
223	     *)
224		ntp_ssl_incdir="`echo $ntp_ssl_cppflags | $SED -e 's/-I//'`"
225	    esac
226	    ntp_ssl_cflags="`$PKG_CONFIG --cflags-only-other $pkg`"
227	    ntp_ssl_libs_L="`$PKG_CONFIG --libs-only-L $pkg`"
228	    case "$ntp_ssl_libs_L" in
229	     '')
230		ntp_ssl_libdir='not needed'
231		;;
232	     *)
233		ntp_ssl_libdir="`echo $ntp_ssl_libs_L | $SED -e 's/-L//'`"
234	    esac
235	    ntp_ssl_libs_l="`$PKG_CONFIG --libs-only-l $pkg`"
236	    ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l"
237	    ntp_ssl_ldflags="`$PKG_CONFIG --libs-only-other $pkg`"
238	    ntp_openssl=yes
239	    ntp_openssl_from_pkg_config=yes
240	    ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`"
241	    case "$ntp_openssl_version" in
242	     *.*) ;;
243	     *) ntp_openssl_version='(unknown)' ;;
244	    esac
245	    AC_MSG_RESULT([yes, version $ntp_openssl_version])
246
247	    break
248	fi
249	AC_MSG_RESULT([no])
250    done
251    AS_UNSET([pkg])
252esac
253case "$with_crypto" in
254 no) ;;
255 *)
256    case "$with_openssl_libdir" in
257     '') ;;
258     *)
259	ntp_ssl_libdir="$with_openssl_libdir"
260	ntp_ssl_libs_L="-L$with_openssl_libdir"
261	ntp_ssl_libs_l="-lcrypto"
262	ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l"
263    esac
264    case "$with_openssl_incdir" in
265     '') ;;
266     *)
267	ntp_ssl_incdir="$with_openssl_incdir"
268	ntp_ssl_cppflags="-I$with_openssl_incdir"
269    esac
270esac
271
272NTP_OPENSSL_VERBOSE_MSG([OpenSSL Phase I checks:])
273NTP_OPENSSL_VERBOSE_MSG([CPPFLAGS_NTP: ($CPPFLAGS_NTP)])
274NTP_OPENSSL_VERBOSE_MSG([CFLAGS_NTP:   ($CFLAGS_NTP)])
275NTP_OPENSSL_VERBOSE_MSG([LDADD_NTP:    ($LDADD_NTP)])
276NTP_OPENSSL_VERBOSE_MSG([LDFLAGS_NTP:  ($LDFLAGS_NTP)])
277NTP_OPENSSL_VERBOSE_MSG([ntp_openssl_from_pkg_config: $ntp_openssl_from_pkg_config])
278NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_incdir:   ($ntp_ssl_incdir)])
279NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libdir:   ($ntp_ssl_libdir)])
280NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cflags:   ($ntp_ssl_cflags)])
281NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cppflags: ($ntp_ssl_cppflags)])
282NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_L:   ($ntp_ssl_libs_L)])
283NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_l:   ($ntp_ssl_libs_l)])
284NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs:     ($ntp_ssl_libs)])
285NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_ldflags:  ($ntp_ssl_ldflags)])
286
287case "$with_crypto" in
288 no)
289    ntp_openssl=no
290    ;;
291 *)
292    ntp_ssl_libs_l="${ntp_ssl_libs_l:--lcrypto}"
293    ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l"
294    case "$ntp_ssl_libdir" in
295     '')
296	dnl ### set ntp_ssl_libdir ###
297
298	dnl unconventional, using AC_CHECK_LIB repeatedly, clear cached result.
299	AS_UNSET([ac_cv_lib_crypto_EVP_MD_CTX_new])
300	AC_MSG_NOTICE([Searching for libcrypto without -L])
301	AC_CHECK_LIB(
302	    [crypto],
303	    [EVP_MD_CTX_new],
304	    [ntp_ssl_libdir='not needed']
305	)
306	dnl unconventional, using AC_CHECK_LIB repeatedly, clear cached result.
307	AS_UNSET([ac_cv_lib_crypto_EVP_MD_CTX_new])
308    esac
309    case "$ntp_ssl_libdir" in
310     '')
311	ntp_ssl_libdir_search="/usr/lib /usr/lib/openssl /usr/sfw/lib"
312	ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/lib"
313	ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/ssl/lib"
314	ntp_ssl_libdir_search="$ntp_ssl_libdir_search /opt/local/lib"
315	ntp_ssl_libdir_search="$ntp_ssl_libdir_search /lib /lib64"
316	;;
317     *)
318	ntp_ssl_libdir_search="$ntp_ssl_libdir"
319    esac
320    case $ntp_ssl_libdir_search in
321     'not needed') ;;
322     *)
323	for i in $ntp_ssl_libdir_search not_found
324	do
325	    case "$i" in
326	     not_found) ;;
327	     *)
328		AC_MSG_NOTICE([Searching for libcrypto in $i])
329		LIBS="-L$i $NTPSSL_SAVED_LIBS"
330		AC_CHECK_LIB(
331		    [crypto],
332		    [EVP_MD_CTX_new],
333		    [break]
334		)
335		dnl unconventional, using AC_CHECK_LIB repeatedly, clear cached result.
336		AS_UNSET([ac_cv_lib_crypto_EVP_MD_CTX_new])
337	    esac
338	done
339	ntp_ssl_libdir="$i"
340	ntp_ssl_libs_L="-L$i"
341	ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l"
342	LIBS="$NTPSSL_SAVED_LIBS"
343	case "$ntp_ssl_libdir" in
344	 not_found)
345	    AC_MSG_ERROR(
346[You may want to use --without-crypto, or add
347openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the
348--with-openssl-libdir=/some/path option to configure.
349libcrypto not found in any of the following directories:
350$ntp_ssl_libdir_search]
351	    )
352	esac
353	AC_MSG_NOTICE([libcrypto found in $ntp_ssl_libdir])
354    esac
355
356    case "$ntp_openssl_from_pkg_config:$ntp_ssl_incdir" in
357     'yes:not needed' | no:)
358	AC_MSG_NOTICE([Searching for openssl/evp.h without -I])
359	dnl force uncached AC_CHECK_HEADER
360	AS_UNSET([ac_cv_header_openssl_evp_h])
361	AC_CHECK_HEADER(
362	    [openssl/evp.h],
363	    [ntp_ssl_incdir='not needed']
364	    )
365    esac
366    case "$ntp_ssl_incdir" in
367     'not needed')
368	ntp_ssl_incdir_search="$ntp_ssl_incdir"
369	;;
370     *)
371	AC_MSG_NOTICE([Searching for openssl include directory])
372	case "$with_openssl_incdir" in
373	 '')
374	    case "$ntp_ssl_incdir" in
375	     '')
376		ntp_ssl_incdir_search="/usr/include /usr/sfw/include"
377		ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/include"
378		ntp_ssl_incdir_search="$ntp_ssl_incdir_search /opt/local/include"
379		ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/ssl/include"
380		;;
381	     *)
382	    esac
383	    ;;
384	 *)
385	    ntp_ssl_incdir_search="$with_openssl_incdir"
386	esac
387	case $ntp_ssl_incdir_search in
388	 'not needed') ;;
389	 *)
390	    for i in $ntp_ssl_incdir_search
391	    do
392		AC_MSG_NOTICE([Searching for openssl/evp.h in $i])
393		CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS -I$i"
394		dnl force uncached AC_CHECK_HEADER
395		AS_UNSET([ac_cv_header_openssl_evp_h])
396		AC_CHECK_HEADER(
397		    [openssl/evp.h],
398		    [ntp_ssl_incdir="$i" ; break]
399		    )
400	    done
401	    AS_UNSET([ac_cv_header_openssl_evp_h])
402	    AS_UNSET([i])
403	    CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS"
404	    case "$ntp_ssl_incdir" in
405	     '')
406		AC_MSG_ERROR(
407[You may want to use --without-crypto, or add
408openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the
409-with-openssl-incdir=/some/path option to configure.
410No usable openssl/evp.h found in any of the following direcotries:
411$ntp_ssl_incdir_search]
412		)
413	    esac
414	    ntp_ssl_cppflags="-I$ntp_ssl_incdir"
415	    AC_MSG_NOTICE([Found evp.h in $ntp_ssl_incdir/openssl])
416	esac
417    esac
418    ntp_openssl=yes
419esac	dnl building with SSL ($with_crypto not "no")
420
421case "$ntp_openssl:$ntp_ssl_libdir" in
422 'yes:not needed')
423    ;;
424 yes:*)
425    CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags"
426    CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags"
427    LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS"
428    LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS"
429    dnl ### test if runpath is needed for crypto ###
430    AC_CACHE_CHECK(
431	[if crypto works without runpath],
432	[ntp_cv_ssl_without_runpath],
433	[AC_RUN_IFELSE(
434	    [AC_LANG_PROGRAM(
435		[[
436		    #include "openssl/evp.h"
437		]],
438		[[
439		    if (!EVP_MD_CTX_new()) {
440			return 1;
441		    }
442		]]
443	    )],
444	    [ntp_cv_ssl_without_runpath=yes],
445	    [ntp_cv_ssl_without_runpath=no],
446	    [ntp_cv_ssl_without_runpath=yes]		dnl cross-compile
447	)]
448    )
449    case "$ntp_cv_ssl_without_runpath" in
450     no)
451	AC_CACHE_CHECK(
452	    [if crypto needs -Wl,-rpath,$ntp_ssl_libdir],
453	    [ntp_cv_ssl_needs_dashWl_rpath],
454	    [
455		LDFLAGS="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir $NTPSSL_SAVED_LDFLAGS"
456		AC_RUN_IFELSE(
457		    [AC_LANG_PROGRAM(
458			[[
459			    #include "openssl/evp.h"
460			]],
461			[[
462			    if (!EVP_MD_CTX_new()) {
463				return 1;
464			    }
465			]]
466		    )],
467		    [ntp_cv_ssl_needs_dashWl_rpath=yes],
468		    [ntp_cv_ssl_needs_dashWl_rpath=no]
469		)
470	    ]
471	)
472	case "$ntp_cv_ssl_needs_dashWl_rpath" in
473	 yes)
474	    ntp_ssl_ldflags="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir"
475	    ;;
476	 no)
477	    AC_CACHE_CHECK(
478		[if crypto needs -R$ntp_ssl_libdir],
479		[ntp_cv_ssl_needs_dashR],
480		[
481		    LDFLAGS="$NTPSSL_SAVED_LDFLAGS $ntp_ssl_ldflags -R$ntp_ssl_libdir"
482		    AC_RUN_IFELSE(
483			[AC_LANG_PROGRAM(
484			    [[
485				#include "openssl/evp.h"
486			    ]],
487			    [[
488				if (!EVP_MD_CTX_new()) {
489				    return 1;
490				}
491			    ]]
492			)],
493			[ntp_cv_ssl_needs_dashR=yes],
494			[ntp_cv_ssl_needs_dashR=no]
495		    )
496		]
497	    )
498	    case "$ntp_cv_ssl_needs_dashR" in
499	     yes)
500		ntp_ssl_ldflags="$ntp_ssl_ldflags -R$ntp_ssl_libdir"
501	    esac
502	    case "$build:$ntp_cv_ssl_needs_dashR" in
503	     $host:no)
504		AC_MSG_FAILURE(
505[Unable to run program using crypto, check openssl.pc
506or libcrypto.pc are in PKG_CONFIG_PATH, or provide the
507 --with-openssl-libdir=/some/path option to configure.]
508		)
509	    esac
510	esac
511    esac
512esac	dnl ntp_openssl was yes
513
514NTP_OPENSSL_VERBOSE_MSG([OpenSSL Phase II checks:])
515NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_incdir:   ($ntp_ssl_incdir)])
516NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libdir:   ($ntp_ssl_libdir)])
517NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cflags:   ($ntp_ssl_cflags)])
518NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cppflags: ($ntp_ssl_cppflags)])
519NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_L:   ($ntp_ssl_libs_L)])
520NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_l:   ($ntp_ssl_libs_l)])
521NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs:     ($ntp_ssl_libs)])
522NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_ldflags:  ($ntp_ssl_ldflags)])
523
524dnl check for linking with -lcrypto failure, and try -lcrypto -lz.
525dnl Helps m68k-atari-mint
526dnl
527dnl Needs work with the changes to run-test whether runpath is needed.
528dnl Probably needs to be moved ahead of runpath testing.
529dnl hart@ is reaching out to MiNT users to try to find a tester.
530dnl Meanwhile can be forced by passing both ntp_cv_bare_lcrypto=no
531dnl and ntp_cv_lcrypto_lz=yes on the configure command line.
532dnl
533case "$ntp_openssl:$ntp_openssl_from_pkg_config" in
534 yes:no)
535    CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags"
536    CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags"
537    LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS"
538    LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS"
539    AC_CACHE_CHECK(
540	[if linking with $ntp_ssl_libs_l alone works],
541	[ntp_cv_bare_lcrypto],
542	[AC_LINK_IFELSE(
543	    [AC_LANG_PROGRAM(
544		[[
545		    #include "openssl/evp.h"
546		]],
547		[[
548		    EVP_MD_CTX_new();
549		]]
550	    )],
551	    [ntp_cv_bare_lcrypto=yes],
552	    [ntp_cv_bare_lcrypto=no]
553	)]
554    )
555    case "$ntp_cv_bare_lcrypto" in
556     no)
557	LIBS="-$ntp_ssl_libs -lz $NTPSSL_SAVED_LIBS"
558	AC_CACHE_CHECK(
559	    [if linking with $ntp_ssl_libs_l -lz works],
560	    [ntp_cv_lcrypto_lz],
561	    [AC_LINK_IFELSE(
562		[AC_LANG_PROGRAM(
563		    [[
564			#include "openssl/evp.h"
565		    ]],
566		    [[
567			EVP_MD_CTX_new();
568		    ]]
569		)],
570		[ntp_cv_lcrypto_lz=yes],
571		[ntp_cv_lcrypto_lz=no]
572	    )]
573	)
574	case "$ntp_cv_lcrypto_lz" in
575	 yes)
576	     ntp_ssl_libs_l="$ntp_ssl_libs_l -lz"
577	     ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l"
578	esac
579    esac	dnl linking with -lcrypto alone fails
580esac		dnl using SSL and not from pkg-config
581
582dnl
583dnl Older OpenSSL headers have a number of callback prototypes inside
584dnl other function prototypes which trigger copious warnings with gcc's
585dnl -Wstrict-prototypes, which is included in -Wall.
586dnl
587dnl An example:
588dnl
589dnl int i2d_RSA_NET(const RSA *a, unsigned char **pp,
590dnl		  int (*cb)(), int sgckey);
591dnl		  ^^^^^^^^^^^
592dnl
593case "$ntp_openssl:$GCC" in
594 yes:yes)
595    CFLAGS="$NTP_SAVED_CFLAGS $ntp_ssl_cflags -Werror"
596    CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags"
597    LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS"
598    LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS"
599    AC_CACHE_CHECK(
600	[If $CC supports -Werror],
601	[ntp_cv_gcc_supports_Werror],
602	[AC_COMPILE_IFELSE(
603	    [AC_LANG_PROGRAM([], [])],
604	    [ntp_cv_gcc_supports_Werror=yes],
605	    [ntp_cv_gcc_supports_Werror=no]
606	)]
607    )
608    case "ntp_cv_gcc_supports_Werror" in
609     no)
610	ntp_use_Wstrict_prototypes=yes
611	;;
612     yes)
613	CFLAGS="$CFLAGS -Wstrict-prototypes"
614	AC_CACHE_CHECK(
615	    [if OpenSSL triggers warnings],
616	    [ntp_cv_ssl_triggers_warnings],
617	    [AC_COMPILE_IFELSE(
618		[AC_LANG_PROGRAM(
619		    [[
620			#include "openssl/asn1_mac.h"
621			#include "openssl/bn.h"
622			#include "openssl/err.h"
623			#include "openssl/evp.h"
624			#include "openssl/pem.h"
625			#include "openssl/rand.h"
626			#include "openssl/x509v3.h"
627		    ]],
628		    [[
629			/* empty body */
630		    ]]
631		)],
632		[ntp_cv_ssl_triggers_warnings=no],
633		[ntp_cv_ssl_triggers_warnings=yes]
634	    )]
635	)
636	case "$ntp_cv_ssl_triggers_warnings" in
637	 yes)
638	    ntp_use_Wstrict_prototypes=no
639	    ;;
640	 *)
641	    ntp_use_Wstrict_prototypes=yes
642	esac
643    esac
644    case "$ntp_use_Wstrict_prototypes" in
645     no)
646	ntp_ssl_cflags="$ntp_ssl_cflags -Wno-strict-prototypes"
647	;;
648     *)
649	ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes"
650    esac
651    ;;
652 no:yes)
653    dnl gcc without OpenSSL
654    ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes"
655esac	dnl checking for gcc problems with -Werror and -Wstrict-prototypes
656
657AC_MSG_CHECKING([if we will link to ssl library])
658AC_MSG_RESULT([$ntp_openssl])
659
660case "$ntp_openssl" in
661 yes)
662    VER_SUFFIX=o
663    AC_CHECK_HEADERS(
664	[openssl/cmac.h],
665	[ntp_enable_cmac=yes],
666	[ntp_enable_cmac=no]
667    )
668    case "$ntp_enable_cmac" in
669     yes)
670    	AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?])
671    esac
672    AC_DEFINE([OPENSSL], [], [Use OpenSSL?])
673    dnl OpenSSL 3 deprecates a bunch of functions used by Autokey.
674    dnl Adapting our code to the bold new way is not a priority
675    dnl for us because we do not want to require OpenSSL 3 yet.
676    dnl The deprecation warnings clutter up the build output
677    dnl encouraging the habit of ignoring warnings.
678    dnl So, tell it to the hand, OpenSSL deprecation warnings...
679    AC_DEFINE([OPENSSL_SUPPRESS_DEPRECATED], [1],
680	      [Suppress OpenSSL 3 deprecation warnings])
681    dnl We don't want -Werror for the EVP_MD_do_all_sorted check
682    CFLAGS="$NTPSSL_SAVED_CFLAGS"
683    AC_CHECK_FUNCS([EVP_MD_do_all_sorted])
684    CPPFLAGS_NTP="$CPPFLAGS_NTP $ntp_ssl_cppflags"
685    CFLAGS_NTP="$CFLAGS_NTP $ntp_ssl_cflags"
686    LDADD_NTP="$ntp_ssl_libs $LDADD_NTP"
687    LDFLAGS_NTP="$ntp_ssl_ldflags $LDFLAGS_NTP"
688esac
689
690NTP_OPENSSL_VERBOSE_MSG([OpenSSL final checks:])
691NTP_OPENSSL_VERBOSE_MSG([ntp_openssl:  $ntp_openssl])
692NTP_OPENSSL_VERBOSE_MSG([CPPFLAGS_NTP: ($CPPFLAGS_NTP)])
693NTP_OPENSSL_VERBOSE_MSG([CFLAGS_NTP:   ($CFLAGS_NTP)])
694NTP_OPENSSL_VERBOSE_MSG([LDADD_NTP:    ($LDADD_NTP)])
695NTP_OPENSSL_VERBOSE_MSG([LDFLAGS_NTP:  ($LDFLAGS_NTP)])
696
697CFLAGS="$NTPSSL_SAVED_CFLAGS"
698CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS"
699LIBS="$NTPSSL_SAVED_LIBS"
700LDFLAGS="$NTPSSL_SAVED_LDFLAGS"
701
702AS_UNSET([NTPSSL_SAVED_CFLAGS])
703AS_UNSET([NTPSSL_SAVED_CPPFLAGS])
704AS_UNSET([NTPSSL_SAVED_LIBS])
705AS_UNSET([NTPSSL_SAVED_LDFLAGS])
706AS_UNSET([ntp_enable_cmac])
707AS_UNSET([ntp_use_Wstrict_prototypes])
708AS_UNSET([ntp_openssl_from_pkg_config])
709AS_UNSET([ntp_openssl_version])
710AS_UNSET([ntp_ssl_cflags])
711AS_UNSET([ntp_ssl_cppflags])
712AS_UNSET([ntp_ssl_libdir_search])
713AS_UNSET([ntp_ssl_incdir_search])
714AS_UNSET([ntp_ssl_libdir])
715AS_UNSET([ntp_ssl_incdir])
716AS_UNSET([ntp_ssl_libs_l])
717AS_UNSET([ntp_ssl_libs_L])
718AS_UNSET([ntp_ssl_ldflags])
719
720])
721dnl end of AC_DEFUN([NTP_OPENSSL])
722dnl
723AC_DEFUN(
724    [NTP_OPENSSL_VERBOSE_MSG],
725    [dnl
726	case "$enable_verbose_ssl" in
727	 yes) AC_MSG_NOTICE([$1])
728	esac
729    ]
730)
731dnl
732dnl ======================================================================
733