From: Viktor Szakats Date: Wed, 1 Feb 2023 09:44:57 +0000 (+0000) Subject: tls: fixes for wolfssl + openssl combo builds X-Git-Tag: curl-7_88_0~84 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=48eb71ade41d4b37f416b643063cab846ac027a2;p=thirdparty%2Fcurl.git tls: fixes for wolfssl + openssl combo builds 1. Add `USE_WOLFSSL` to the TLS backend priority list in `lib/curl_ntlm_core.c`. 2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing it in sync with the above list and `lib/curl_ntlm_core.c` itself. Reported-by: Mark Roszko Ref: https://github.com/curl/curl/issues/10321 3. Allow enabling both wolfSSL and OpenSSL at the same time in `lib/Makefile.mk` bringing this in line with cmake/autotools builds. Update logic to select the crypto-specific lib for `ngtcp2`, which supports a single TLS backend at the same time. Closes #10322 --- diff --git a/lib/Makefile.mk b/lib/Makefile.mk index a0bd03fa5d..3418ad14ad 100644 --- a/lib/Makefile.mk +++ b/lib/Makefile.mk @@ -183,13 +183,6 @@ ifneq ($(findstring -ssl,$(CFG)),) OPENSSL_LIBS ?= -lssl -lcrypto _LIBS += $(OPENSSL_LIBS) - ifneq ($(wildcard $(OPENSSL_INCLUDE)/openssl/aead.h),) - OPENSSL := boringssl - else - # including libressl - OPENSSL := openssl - endif - ifneq ($(findstring -srp,$(CFG)),) ifneq ($(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h),) # OpenSSL 1.0.1 and later. @@ -197,14 +190,14 @@ ifneq ($(findstring -ssl,$(CFG)),) endif endif SSLLIBS += 1 -else ifneq ($(findstring -wolfssl,$(CFG)),) +endif +ifneq ($(findstring -wolfssl,$(CFG)),) WOLFSSL_PATH ?= $(PROOT)/../wolfssl CPPFLAGS += -DUSE_WOLFSSL CPPFLAGS += -DSIZEOF_LONG_LONG=8 CPPFLAGS += -I"$(WOLFSSL_PATH)/include" _LDFLAGS += -L"$(WOLFSSL_PATH)/lib" _LIBS += -lwolfssl - OPENSSL := wolfssl SSLLIBS += 1 endif ifneq ($(findstring -mbedtls,$(CFG)),) @@ -239,9 +232,20 @@ ifeq ($(findstring -nghttp3,$(CFG))$(findstring -ngtcp2,$(CFG)),-nghttp3-ngtcp2) CPPFLAGS += -DUSE_NGTCP2 CPPFLAGS += -I"$(NGTCP2_PATH)/include" _LDFLAGS += -L"$(NGTCP2_PATH)/lib" - ifneq ($(OPENSSL),) - NGTCP2_LIBS ?= -lngtcp2_crypto_$(OPENSSL) + + NGTCP2_LIBS ?= + ifeq ($(NGTCP2_LIBS),) + ifneq ($(findstring -ssl,$(CFG)),) + ifneq ($(wildcard $(OPENSSL_INCLUDE)/openssl/aead.h),) + NGTCP2_LIBS := -lngtcp2_crypto_boringssl + else # including libressl + NGTCP2_LIBS := -lngtcp2_crypto_openssl + endif + else ifneq ($(findstring -wolfssl,$(CFG)),) + NGTCP2_LIBS := -lngtcp2_crypto_wolfssl + endif endif + _LIBS += -lngtcp2 $(NGTCP2_LIBS) endif diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index 0cc532a06a..25d2526025 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -36,12 +36,13 @@ /* Please keep the SSL backend-specific #if branches in this order: 1. USE_OPENSSL - 2. USE_GNUTLS - 3. USE_NSS - 4. USE_MBEDTLS - 5. USE_SECTRANSP - 6. USE_OS400CRYPTO - 7. USE_WIN32_CRYPTO + 2. USE_WOLFSSL + 3. USE_GNUTLS + 4. USE_NSS + 5. USE_MBEDTLS + 6. USE_SECTRANSP + 7. USE_OS400CRYPTO + 8. USE_WIN32_CRYPTO This ensures that: - the same SSL branch gets activated throughout this source diff --git a/lib/curl_ntlm_core.h b/lib/curl_ntlm_core.h index 92ba7b46cb..33b651f5ea 100644 --- a/lib/curl_ntlm_core.h +++ b/lib/curl_ntlm_core.h @@ -37,11 +37,11 @@ #define NTLM_NEEDS_NSS_INIT #endif -#ifdef USE_WOLFSSL +#if defined(USE_OPENSSL) +# include +#elif defined(USE_WOLFSSL) # include # include -#elif defined(USE_OPENSSL) -# include #endif /* Helpers to generate function byte arguments in little endian order */