1dnl ####################################################################
2dnl OpenSSL support shared by top-level and sntp/configure.ac
3dnl
4dnl Provides command-line option --with-crypto, as well as deprecated
5dnl options --with-openssl-incdir, --with-openssl-libdir, and the
6dnl latter's suboption --with-rpath.
7dnl
8dnl Specifying --with-openssl-libdir or --with-openssl-incdir causes any
9dnl pkg-config openssl information to be ignored in favor of the legacy
10dnl manual search for directories and specified library names.
11dnl
12dnl Output AC_DEFINEs (for config.h)
13dnl	OPENSSL		defined only if using OpenSSL
14dnl
15dnl Output variables:
16dnl	ntp_openssl	yes if using OpenSSL, no otherwise
17dnl
18dnl Output substitutions:
19dnl	CFLAGS_NTP	OpenSSL-specific flags added as needed, and
20dnl			-Wstrict-prototypes for gcc if it does not
21dnl			trigger a flood of warnings for each file
22dnl			including OpenSSL headers.
23dnl	CPPFLAGS_NTP	OpenSSL -Iincludedir flags added as needed.
24dnl	LDADD_NTP	OpenSSL -L and -l flags added as needed.
25dnl	LDFLAGS_NTP	Other OpenSSL link flags added as needed.
26dnl
27dnl ####################################################################
28AC_DEFUN([NTP_OPENSSL], [
29AC_REQUIRE([NTP_PKG_CONFIG])dnl
30AC_REQUIRE([NTP_VER_SUFFIX])dnl
31
32AC_ARG_WITH(
33    [crypto],
34    [AS_HELP_STRING(
35	[--with-crypto],
36	[+ =openssl,libcrypto]
37    )]
38)
39AC_ARG_WITH(
40    [openssl-libdir],
41    [AS_HELP_STRING(
42	[--with-openssl-libdir],
43	[+ =/something/reasonable]
44    )]
45)
46AC_ARG_WITH(
47    [openssl-incdir],
48    [AS_HELP_STRING(
49	[--with-openssl-incdir],
50	[+ =/something/reasonable]
51    )]
52)
53AC_ARG_WITH(
54    [rpath],
55    [AS_HELP_STRING(
56	[--without-rpath],
57	[s Disable auto-added -R linker paths]
58    )]
59)
60
61ntp_openssl=no
62ntp_openssl_from_pkg_config=no
63
64with_crypto=${with_crypto:-openssl,libcrypto}
65case "$with_crypto" in
66 yes)
67    with_crypto=openssl,libcrypto
68esac
69
70dnl AC_MSG_NOTICE(['%with_crypto:%{PKG_CONFIG:+notempty}:%{with_openssl_libdir-notgiven}:%{with_openssl_incdir-notgiven}'])
71dnl str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}"
72dnl AC_MSG_NOTICE([$str])
73
74case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in
75 no:*) ;;
76 *:notempty:notgiven:notgiven)
77    for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do
78	AC_MSG_CHECKING([pkg-config for $pkg])
79	if $PKG_CONFIG --exists $pkg ; then
80	    CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`"
81	    CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`"
82	    LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`"
83	    LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l --static $pkg`"
84	    LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`"
85	    VER_SUFFIX=o
86	    ntp_openssl=yes
87	    ntp_openssl_from_pkg_config=yes
88	    ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`"
89	    case "$ntp_openssl_version" in
90	     *.*) ;;
91	     *) ntp_openssl_version='(unknown)' ;;
92	    esac
93	    AC_MSG_RESULT([yes, version $ntp_openssl_version])
94
95	    break
96	fi
97	AC_MSG_RESULT([no])
98    done
99esac
100dnl AC_MSG_NOTICE([OpenSSL Phase I checks:])
101dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP])
102dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP])
103dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP])
104dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP])
105case "$with_crypto:$ntp_openssl" in
106 no:*) ;;
107 *:no)
108    need_dash_r=
109    need_dash_Wlrpath=
110    case "${with_rpath-notgiven}" in
111     yes)
112	# Lame - what to do if we need -Wl... but not -R?
113	need_dash_r=1
114	;;
115     notgiven)
116	case "$host" in
117	 *-*-linux*)
118	    # This may really only be true for gcc
119	    need_dash_Wlrpath=1
120	    ;;
121	 *-*-netbsd*)
122	    need_dash_r=1
123	    ;;
124	 *-*-solaris*)
125	    need_dash_r=1
126	    ;;
127	esac
128	;;
129    esac
130
131    AC_MSG_CHECKING([for openssl library directory])
132    with_openssl_libdir=${with_openssl_libdir-notgiven}
133    case "$with_openssl_libdir" in
134     notgiven)
135	case "$build" in
136	 $host)
137	    with_openssl_libdir=default
138	    ;;
139	 *)
140	    with_openssl_libdir=no
141	    ;;
142	esac
143    esac
144    case "$with_openssl_libdir" in
145     default)
146	# Look in:
147	with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib"
148	with_openssl_libdir="$with_openssl_libdir /usr/local/lib"
149	with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib"
150    esac
151    case "$with_openssl_libdir" in
152     no)
153	;;
154     *) # Look for libcrypto.a and libssl.a:
155	for i in $with_openssl_libdir no
156	do
157	    case "$host" in
158	     *-*-darwin*)
159		test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break
160		;;
161	     *)
162		test -f $i/libcrypto.so -a -f $i/libssl.so && break
163		test -f $i/libcrypto.a -a -f $i/libssl.a && break
164		;;
165	    esac
166	done
167	openssl_libdir=$i
168	;;
169    esac
170    AC_MSG_RESULT([$openssl_libdir])
171    case "$openssl_libdir" in
172     no)
173	openssl_libdir=
174	AC_MSG_WARN([libcrypto and libssl not found in any of $with_openssl_libdir])
175    esac
176
177    AC_MSG_CHECKING([for openssl include directory])
178    with_openssl_incdir=${with_openssl_incdir-notgiven}
179    case "$with_openssl_incdir" in
180     notgiven)
181	# Look in:
182	with_openssl_incdir="/usr/include /usr/sfw/include"
183	with_openssl_incdir="$with_openssl_incdir /usr/local/include"
184	with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include"
185    esac
186    case "$with_openssl_incdir" in
187     no)
188	;;
189     *) # look for openssl/evp.h:
190	for i in $with_openssl_incdir no
191	do
192	    test -f $i/openssl/evp.h && break
193	done
194	openssl_incdir=$i
195	;;
196    esac
197    AS_UNSET([i])
198    AC_MSG_RESULT([$openssl_incdir])
199    case "$openssl_incdir" in
200     no)
201	openssl_incdir=
202	AC_MSG_WARN([did not find openssl/evp.h in any of $with_openssl_incdir])
203    esac
204    if test -z "$openssl_libdir" -o -z "$openssl_incdir"
205    then
206	ntp_openssl=no
207    else
208	ntp_openssl=yes
209	VER_SUFFIX=o
210    fi
211    case "$ntp_openssl" in
212     yes)
213	# We have OpenSSL inc/lib dirs - use them.
214	case "$openssl_incdir" in
215	 /usr/include)
216	    ;;
217	 *)
218	    CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir"
219	    ;;
220	esac
221	case "$openssl_libdir" in
222	 /usr/lib)
223	    ;;
224	 *)
225	    LDADD_NTP="$LDADD_NTP -L$openssl_libdir"
226	    case "$need_dash_r" in
227	     1)
228		LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir"
229	    esac
230	    case "$need_dash_Wlrpath" in
231	     1)
232		LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir"
233	    esac
234	    ;;
235	esac
236	LDADD_NTP="$LDADD_NTP -lcrypto"
237    esac
238esac
239
240AC_MSG_CHECKING([if we will use crypto])
241AC_MSG_RESULT([$ntp_openssl])
242
243case "$ntp_openssl" in
244 yes)
245    AC_CHECK_HEADERS([openssl/cmac.h openssl/hmac.h])
246    AC_DEFINE([OPENSSL], [], [Use OpenSSL?])
247    case "$VER_SUFFIX" in
248     *o*) ;;
249     *) AC_MSG_ERROR([OPENSSL set but no 'o' in VER_SUFFIX!]) ;;
250    esac
251    ;;
252esac
253
254NTPO_SAVED_CPPFLAGS="$CPPFLAGS"
255CPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP"
256NTPO_SAVED_LIBS="$LIBS"
257
258#
259# check for linking with -lcrypto failure, and try -lcrypto -lz.
260# Helps m68k-atari-mint
261#
262case "$ntp_openssl:$ntp_openssl_from_pkg_config" in
263 yes:no)
264    LIBS="$NTPO_SAVED_LIBS $LDADD_NTP"
265    AC_CACHE_CHECK(
266	[if linking with -lcrypto alone works],
267	[ntp_cv_bare_lcrypto],
268	[AC_LINK_IFELSE(
269	    [AC_LANG_PROGRAM(
270		[[
271		    #include "openssl/err.h"
272		    #include "openssl/evp.h"
273		]],
274		[[
275		    ERR_load_crypto_strings();
276		    OpenSSL_add_all_algorithms();
277		]]
278	    )],
279	    [ntp_cv_bare_lcrypto=yes],
280	    [ntp_cv_bare_lcrypto=no]
281	)]
282    )
283    case "$ntp_cv_bare_lcrypto" in
284     no)
285	LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz"
286	AC_CACHE_CHECK(
287	    [if linking with -lcrypto -lz works],
288	    [ntp_cv_lcrypto_lz],
289	    [AC_LINK_IFELSE(
290		[AC_LANG_PROGRAM(
291		    [[
292			#include "openssl/err.h"
293			#include "openssl/evp.h"
294		    ]],
295		    [[
296			ERR_load_crypto_strings();
297			OpenSSL_add_all_algorithms();
298		    ]]
299		)],
300		[ntp_cv_lcrypto_lz=yes],
301		[ntp_cv_lcrypto_lz=no]
302	    )]
303	)
304	case "$ntp_cv_lcrypto_lz" in
305	 yes)
306	     LDADD_NTP="$LDADD_NTP -lz"
307	esac
308    esac
309esac
310
311#
312# Older OpenSSL headers have a number of callback prototypes inside
313# other function prototypes which trigger copious warnings with gcc's
314# -Wstrict-prototypes, which is included in -Wall.
315#
316# An example:
317#
318# int i2d_RSA_NET(const RSA *a, unsigned char **pp,
319#		  int (*cb)(), int sgckey);
320#		  ^^^^^^^^^^^
321#
322#
323#
324openssl_triggers_warnings=unknown
325NTPO_SAVED_CFLAGS="$CFLAGS"
326
327case "$ntp_openssl:$GCC" in
328 yes:yes)
329    CFLAGS="$CFLAGS -Werror"
330    AC_COMPILE_IFELSE(
331	[AC_LANG_PROGRAM(
332	    [[
333	    ]],
334	    [[
335		/* see if -Werror breaks gcc */
336	    ]]
337	)],
338	[gcc_handles_Werror=yes],
339	[gcc_handles_Werror=no]
340    )
341    case "$gcc_handles_Werror" in
342     no)
343	# if this gcc doesn't do -Werror go ahead and use
344	# -Wstrict-prototypes.
345	openssl_triggers_warnings=yes
346	;;
347     yes)
348	CFLAGS="$CFLAGS -Wstrict-prototypes"
349	AC_COMPILE_IFELSE(
350	    [AC_LANG_PROGRAM(
351		[[
352		    #include "openssl/asn1_mac.h"
353		    #include "openssl/bn.h"
354		    #include "openssl/err.h"
355		    #include "openssl/evp.h"
356		    #include "openssl/pem.h"
357		    #include "openssl/rand.h"
358		    #include "openssl/x509v3.h"
359		]],
360		[[
361		    /* empty body */
362		]]
363	    )],
364	    [openssl_triggers_warnings=no],
365	    [openssl_triggers_warnings=yes]
366	)
367    esac
368    case "$openssl_triggers_warnings" in
369     yes)
370	CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes"
371	;;
372     *)
373	CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes"
374    esac
375    ;;
376 no:yes)
377    # gcc without OpenSSL
378    CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes"
379esac
380
381# Because we don't want -Werror for the EVP_MD_do_all_sorted check
382CFLAGS="$NTPO_SAVED_CFLAGS"
383
384case "$ntp_openssl" in
385 yes)
386    LIBS="$NTPO_SAVED_LIBS $LDADD_NTP"
387    AC_CHECK_FUNCS([EVP_MD_do_all_sorted])
388    ;;
389esac
390
391dnl AC_MSG_NOTICE([OpenSSL final checks:])
392dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP])
393dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP])
394dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP])
395dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP])
396
397CPPFLAGS="$NTPO_SAVED_CPPFLAGS"
398LIBS="$NTPO_SAVED_LIBS"
399AS_UNSET([NTPO_SAVED_CFLAGS])
400AS_UNSET([NTPO_SAVED_CPPFLAGS])
401AS_UNSET([NTPO_SAVED_LIBS])
402AS_UNSET([openssl_triggers_warnings])
403AS_UNSET([ntp_openssl_from_pkg_config])
404])
405dnl ======================================================================
406