romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:31:41 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/m4/curl-mbedtls.m4
Viktor Szakats 3a305831d1
mbedtls: add support for 4.0.0 
After this patch libcurl requires (as already documented)
the `curl_global_init()` call when using the `curl_formadd()` API with
mbedTLS.

Note: NTLM is not supported with mbedTLS 4+, because it lacks
the necessary crypto primitive: DES.

Also:
- lib: de-dupe mbedTLS minimum version checks into `curl_setup.h`.
- lib: initialize PSA Crypto as part of `curl_global_init()`.
  For MD5, SHA-256, `curl_formadd()`, and MultiSSL builds with mbedTLS
  but where mbedTLS isn't the default backend.
- lib1308: fix to call `curl_global_init()` (for the Form API).
- curl_ntlm_core: disable with mbedTLS 4+.
- md4: disable mbedTLS implementation when building against 4.x.
- md5: use mbedTLS PSA Crypto API when available, otherwise use
  the default local implementation.
- sha256: use mbedTLS PSA Crypto API when available, otherwise use
  the default local implementation.
- vtls/mbedtls: drop PSA Crypto initialization in favor of
  `curl_global_init()`.
- vtls/mbedtls: use PSA Crypto random API with all mbedTLS versions.
- vtls/mbedtls: do the same for the SHA-256 callback.
- autotools: detect mbedTLS 4+, and disable NTLM for 3.x.
- cmake: disable NTLM for mbedTLS 3.x.
- GHA/linux: keep building mbedTLS 3.x manually and use it in
  an existing job, while also enabling pytest in it.
- GHA/linux: bump to mbedTLS 4.0.0.
  Closes #19075
  Closes #19074

Refs:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.0.0
https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-4.0.0/docs/4.0-migration-guide.md
https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-4.0.0/tf-psa-crypto/docs/1.0-migration-guide.md [404]
https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/tf-psa-crypto-1.0.0/docs/1.0-migration-guide.md
https://github.com/Mbed-TLS/TF-PSA-Crypto/blob/tf-psa-crypto-1.0.0/docs/psa-transition.md
627f727bbe/docs/4.0-migration-guide

Closes #19077
2025-10-17 11:50:48 +02:00

135 lines
4.1 KiB
Text
Raw Blame History

#***************************************************************************
# _ _ ____ _
# Project ___| | | | _ \| |
# / __| | | | |_) | |
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
# Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is
# furnished to do so, under the terms of the COPYING file.
#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
# SPDX-License-Identifier: curl
#
#***************************************************************************
dnl ----------------------------------------------------
dnl check for mbedTLS
dnl ----------------------------------------------------
AC_DEFUN([CURL_WITH_MBEDTLS], [
if test "x$OPT_MBEDTLS" != xno; then
_cppflags=$CPPFLAGS
_ldflags=$LDFLAGS
_ldflagspc=$LDFLAGSPC
ssl_msg=
if test X"$OPT_MBEDTLS" != Xno; then
if test "$OPT_MBEDTLS" = "yes"; then
OPT_MBEDTLS=""
fi
if test -z "$OPT_MBEDTLS" ; then
dnl check for lib first without setting any new path
AC_CHECK_LIB(mbedtls, mbedtls_havege_init,
dnl libmbedtls found, set the variable
[
AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
ssl_msg="mbedTLS"
test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
], [], -lmbedx509 -lmbedcrypto)
fi
addld=""
addlib=""
addcflags=""
mbedtlslib=""
if test "x$USE_MBEDTLS" != "xyes"; then
dnl add the path and test again
addld=-L$OPT_MBEDTLS/lib$libsuff
addcflags=-I$OPT_MBEDTLS/include
mbedtlslib=$OPT_MBEDTLS/lib$libsuff
LDFLAGS="$LDFLAGS $addld"
LDFLAGSPC="$LDFLAGSPC $addld"
if test "$addcflags" != "-I/usr/include"; then
CPPFLAGS="$CPPFLAGS $addcflags"
fi
AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
[
AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
ssl_msg="mbedTLS"
test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
],
[
CPPFLAGS=$_cppflags
LDFLAGS=$_ldflags
LDFLAGSPC=$_ldflagspc
], -lmbedx509 -lmbedcrypto)
fi
if test "x$USE_MBEDTLS" = "xyes"; then
AC_MSG_NOTICE([detected mbedTLS])
check_for_ca_bundle=1
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
if test -n "$mbedtlslib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
dnl CURL_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$mbedtlslib"
export CURL_LIBRARY_PATH
AC_MSG_NOTICE([Added $mbedtlslib to CURL_LIBRARY_PATH])
fi
fi
dnl FIXME: Enable when mbedTLS was detected via pkg-config
if false; then
LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE mbedtls mbedx509 mbedcrypto"
fi
mbedtls_4=0
AC_MSG_CHECKING([for mbedTLS >= v4])
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM([[
#include <mbedtls/version.h>
]],[[
#if (MBEDTLS_VERSION_NUMBER >= 0x04000000)
return 0;
#else
#error older than 4
#endif
]])
],[
mbedtls_4=1
AC_MSG_RESULT([yes])
],[
AC_MSG_RESULT([no])
])
fi
fi dnl mbedTLS not disabled
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi
])
Reference in a new issue View git blame Copy permalink