1dnl #################################################################### 2dnl OpenSSL support shared by top-level and sntp/configure.ac 3dnl 4dnl Provides command-line option --with-crypto, as well as deprecated 5dnl options --with-openssl-incdir, --with-openssl-libdir, and the 6dnl latter's suboption --with-rpath. 7dnl 8dnl Specifying --with-openssl-libdir or --with-openssl-incdir causes any 9dnl pkg-config openssl information to be ignored in favor of the legacy 10dnl manual search for directories and specified library names. 11dnl 12dnl Output AC_DEFINEs (for config.h) 13dnl OPENSSL defined only if using OpenSSL 14dnl 15dnl Output variables: 16dnl ntp_openssl yes if using OpenSSL, no otherwise 17dnl 18dnl Output substitutions: 19dnl CFLAGS_NTP OpenSSL-specific flags added as needed, and 20dnl -Wstrict-prototypes for gcc if it does not 21dnl trigger a flood of warnings for each file 22dnl including OpenSSL headers. 23dnl CPPFLAGS_NTP OpenSSL -Iincludedir flags added as needed. 24dnl LDADD_NTP OpenSSL -L and -l flags added as needed. 25dnl LDFLAGS_NTP Other OpenSSL link flags added as needed. 26dnl 27dnl #################################################################### 28AC_DEFUN([NTP_OPENSSL], [ 29AC_REQUIRE([NTP_PKG_CONFIG])dnl 30AC_REQUIRE([NTP_VER_SUFFIX])dnl 31 32AC_ARG_WITH( 33 [crypto], 34 [AS_HELP_STRING( 35 [--with-crypto], 36 [+ =openssl,libcrypto] 37 )] 38) 39AC_ARG_WITH( 40 [openssl-libdir], 41 [AS_HELP_STRING( 42 [--with-openssl-libdir], 43 [+ =/something/reasonable] 44 )] 45) 46AC_ARG_WITH( 47 [openssl-incdir], 48 [AS_HELP_STRING( 49 [--with-openssl-incdir], 50 [+ =/something/reasonable] 51 )] 52) 53AC_ARG_WITH( 54 [rpath], 55 [AS_HELP_STRING( 56 [--without-rpath], 57 [s Disable auto-added -R linker paths] 58 )] 59) 60 61ntp_openssl=no 62ntp_openssl_from_pkg_config=no 63 64with_crypto=${with_crypto:-openssl,libcrypto} 65case "$with_crypto" in 66 yes) 67 with_crypto=openssl,libcrypto 68esac 69 70dnl AC_MSG_NOTICE(['%with_crypto:%{PKG_CONFIG:+notempty}:%{with_openssl_libdir-notgiven}:%{with_openssl_incdir-notgiven}']) 71dnl str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" 72dnl AC_MSG_NOTICE([$str]) 73 74case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in 75 no:*) ;; 76 *:notempty:notgiven:notgiven) 77 for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do 78 AC_MSG_CHECKING([pkg-config for $pkg]) 79 if $PKG_CONFIG --exists $pkg ; then 80 CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`" 81 CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`" 82 LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`" 83 LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l --static $pkg`" 84 LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`" 85 VER_SUFFIX=o 86 ntp_openssl=yes 87 ntp_openssl_from_pkg_config=yes 88 AC_MSG_RESULT([yes]) 89 90 break 91 fi 92 AC_MSG_RESULT([no]) 93 done 94esac 95dnl AC_MSG_NOTICE([OpenSSL Phase I checks:]) 96dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP]) 97dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP]) 98dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP]) 99dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP]) 100case "$with_crypto:$ntp_openssl" in 101 no:*) ;; 102 *:no) 103 need_dash_r= 104 need_dash_Wlrpath= 105 case "${with_rpath-notgiven}" in 106 yes) 107 # Lame - what to do if we need -Wl... but not -R? 108 need_dash_r=1 109 ;; 110 notgiven) 111 case "$host" in 112 *-*-linux*) 113 # This may really only be true for gcc 114 need_dash_Wlrpath=1 115 ;; 116 *-*-netbsd*) 117 need_dash_r=1 118 ;; 119 *-*-solaris*) 120 need_dash_r=1 121 ;; 122 esac 123 ;; 124 esac 125 126 AC_MSG_CHECKING([for openssl library directory]) 127 with_openssl_libdir=${with_openssl_libdir-notgiven} 128 case "$with_openssl_libdir" in 129 notgiven) 130 case "$build" in 131 $host) 132 with_openssl_libdir=default 133 ;; 134 *) 135 with_openssl_libdir=no 136 ;; 137 esac 138 esac 139 case "$with_openssl_libdir" in 140 default) 141 # Look in: 142 with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib" 143 with_openssl_libdir="$with_openssl_libdir /usr/local/lib" 144 with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib" 145 esac 146 case "$with_openssl_libdir" in 147 no) 148 ;; 149 *) # Look for libcrypto.a and libssl.a: 150 for i in $with_openssl_libdir no 151 do 152 case "$host" in 153 *-*-darwin*) 154 test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break 155 ;; 156 *) 157 test -f $i/libcrypto.so -a -f $i/libssl.so && break 158 test -f $i/libcrypto.a -a -f $i/libssl.a && break 159 ;; 160 esac 161 done 162 openssl_libdir=$i 163 ;; 164 esac 165 AC_MSG_RESULT([$openssl_libdir]) 166 case "$openssl_libdir" in 167 no) 168 openssl_libdir= 169 AC_MSG_WARN([libcrypto and libssl not found in any of $with_openssl_libdir]) 170 esac 171 172 AC_MSG_CHECKING([for openssl include directory]) 173 with_openssl_incdir=${with_openssl_incdir-notgiven} 174 case "$with_openssl_incdir" in 175 notgiven) 176 # Look in: 177 with_openssl_incdir="/usr/include /usr/sfw/include" 178 with_openssl_incdir="$with_openssl_incdir /usr/local/include" 179 with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include" 180 esac 181 case "$with_openssl_incdir" in 182 no) 183 ;; 184 *) # look for openssl/evp.h: 185 for i in $with_openssl_incdir no 186 do 187 test -f $i/openssl/evp.h && break 188 done 189 openssl_incdir=$i 190 ;; 191 esac 192 AS_UNSET([i]) 193 AC_MSG_RESULT([$openssl_incdir]) 194 case "$openssl_incdir" in 195 no) 196 openssl_incdir= 197 AC_MSG_WARN([did not find openssl/evp.h in any of $with_openssl_incdir]) 198 esac 199 if test -z "$openssl_libdir" -o -z "$openssl_incdir" 200 then 201 ntp_openssl=no 202 else 203 ntp_openssl=yes 204 VER_SUFFIX=o 205 fi 206 case "$ntp_openssl" in 207 yes) 208 # We have OpenSSL inc/lib dirs - use them. 209 case "$openssl_incdir" in 210 /usr/include) 211 ;; 212 *) 213 CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir" 214 ;; 215 esac 216 case "$openssl_libdir" in 217 /usr/lib) 218 ;; 219 *) 220 LDADD_NTP="$LDADD_NTP -L$openssl_libdir" 221 case "$need_dash_r" in 222 1) 223 LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir" 224 esac 225 case "$need_dash_Wlrpath" in 226 1) 227 LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir" 228 esac 229 ;; 230 esac 231 LDADD_NTP="$LDADD_NTP -lcrypto" 232 esac 233esac 234 235AC_MSG_CHECKING([if we will use crypto]) 236AC_MSG_RESULT([$ntp_openssl]) 237 238case "$ntp_openssl" in 239 yes) 240 AC_DEFINE([OPENSSL], [], [Use OpenSSL?]) 241 case "$VER_SUFFIX" in 242 *o*) ;; 243 *) AC_MSG_ERROR([OPENSSL set but no 'o' in VER_SUFFIX!]) ;; 244 esac 245 ;; 246esac 247 248NTPO_SAVED_CPPFLAGS="$CPPFLAGS" 249CPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP" 250NTPO_SAVED_LIBS="$LIBS" 251 252# 253# check for linking with -lcrypto failure, and try -lcrypto -lz. 254# Helps m68k-atari-mint 255# 256case "$ntp_openssl:$ntp_openssl_from_pkg_config" in 257 yes:no) 258 LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" 259 AC_CACHE_CHECK( 260 [if linking with -lcrypto alone works], 261 [ntp_cv_bare_lcrypto], 262 [AC_LINK_IFELSE( 263 [AC_LANG_PROGRAM( 264 [[ 265 #include "openssl/err.h" 266 #include "openssl/evp.h" 267 ]], 268 [[ 269 ERR_load_crypto_strings(); 270 OpenSSL_add_all_algorithms(); 271 ]] 272 )], 273 [ntp_cv_bare_lcrypto=yes], 274 [ntp_cv_bare_lcrypto=no] 275 )] 276 ) 277 case "$ntp_cv_bare_lcrypto" in 278 no) 279 LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz" 280 AC_CACHE_CHECK( 281 [if linking with -lcrypto -lz works], 282 [ntp_cv_lcrypto_lz], 283 [AC_LINK_IFELSE( 284 [AC_LANG_PROGRAM( 285 [[ 286 #include "openssl/err.h" 287 #include "openssl/evp.h" 288 ]], 289 [[ 290 ERR_load_crypto_strings(); 291 OpenSSL_add_all_algorithms(); 292 ]] 293 )], 294 [ntp_cv_lcrypto_lz=yes], 295 [ntp_cv_lcrypto_lz=no] 296 )] 297 ) 298 case "$ntp_cv_lcrypto_lz" in 299 yes) 300 LDADD_NTP="$LDADD_NTP -lz" 301 esac 302 esac 303esac 304 305# 306# Older OpenSSL headers have a number of callback prototypes inside 307# other function prototypes which trigger copious warnings with gcc's 308# -Wstrict-prototypes, which is included in -Wall. 309# 310# An example: 311# 312# int i2d_RSA_NET(const RSA *a, unsigned char **pp, 313# int (*cb)(), int sgckey); 314# ^^^^^^^^^^^ 315# 316# 317# 318openssl_triggers_warnings=unknown 319NTPO_SAVED_CFLAGS="$CFLAGS" 320 321case "$ntp_openssl:$GCC" in 322 yes:yes) 323 CFLAGS="$CFLAGS -Werror" 324 AC_COMPILE_IFELSE( 325 [AC_LANG_PROGRAM( 326 [[ 327 ]], 328 [[ 329 /* see if -Werror breaks gcc */ 330 ]] 331 )], 332 [gcc_handles_Werror=yes], 333 [gcc_handles_Werror=no] 334 ) 335 case "$gcc_handles_Werror" in 336 no) 337 # if this gcc doesn't do -Werror go ahead and use 338 # -Wstrict-prototypes. 339 openssl_triggers_warnings=yes 340 ;; 341 yes) 342 CFLAGS="$CFLAGS -Wstrict-prototypes" 343 AC_COMPILE_IFELSE( 344 [AC_LANG_PROGRAM( 345 [[ 346 #include "openssl/asn1_mac.h" 347 #include "openssl/bn.h" 348 #include "openssl/err.h" 349 #include "openssl/evp.h" 350 #include "openssl/pem.h" 351 #include "openssl/rand.h" 352 #include "openssl/x509v3.h" 353 ]], 354 [[ 355 /* empty body */ 356 ]] 357 )], 358 [openssl_triggers_warnings=no], 359 [openssl_triggers_warnings=yes] 360 ) 361 esac 362 case "$openssl_triggers_warnings" in 363 yes) 364 CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes" 365 ;; 366 *) 367 CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" 368 esac 369 ;; 370 no:yes) 371 # gcc without OpenSSL 372 CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" 373esac 374 375# Because we don't want -Werror for the EVP_MD_do_all_sorted check 376CFLAGS="$NTPO_SAVED_CFLAGS" 377 378case "$ntp_openssl" in 379 yes) 380 LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" 381 AC_CHECK_FUNCS([EVP_MD_do_all_sorted]) 382 ;; 383esac 384 385dnl AC_MSG_NOTICE([OpenSSL final checks:]) 386dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP]) 387dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP]) 388dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP]) 389dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP]) 390 391CPPFLAGS="$NTPO_SAVED_CPPFLAGS" 392LIBS="$NTPO_SAVED_LIBS" 393AS_UNSET([NTPO_SAVED_CFLAGS]) 394AS_UNSET([NTPO_SAVED_CPPFLAGS]) 395AS_UNSET([NTPO_SAVED_LIBS]) 396AS_UNSET([openssl_triggers_warnings]) 397AS_UNSET([ntp_openssl_from_pkg_config]) 398]) 399dnl ====================================================================== 400