commit c5d3799c58d94343f735fa0cbd26387fef1b0fc5
parent 4cc6bd209feaba1548f127d6f2f5eeccc94c0f03
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 23 Nov 2025 20:07:47 +0100
modify build system to detect hash function support / TLS libs (undertested)
Diffstat:
6 files changed, 442 insertions(+), 188 deletions(-)
diff --git a/configure.ac b/configure.ac
@@ -6574,17 +6574,19 @@ AC_ARG_ENABLE([[md5]],
)
AS_CASE([${enable_md5}],[yes|tlslib],
[
- AS_IF([test "x${enable_compact_code}" != "xno" || test "x$enable_md5" = "xtlslib"],
+ found_md5_tls="no"
+ AS_IF([test "x$enable_https" = "xyes"],
[
- AS_IF([test "x$enable_https" = "xyes"],
+ # Check GnuTLS
+ AS_VAR_IF([have_gnutls],["yes"],
[
AC_CACHE_CHECK([whether GnuTLS supports MD5 hashing],[mhd_cv_gnutls_md5],
[
- CPPFLAGS="${CPPFLAGS_ac} ${MHD_TLS_LIB_CPPFLAGS} ${user_CPPFLAGS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${GNUTLS_CPPFLAGS} ${user_CPPFLAGS}"
CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
- LDFLAGS="${LDFLAGS_ac} ${MHD_TLS_LIB_LDFLAGS} ${user_LDFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${GNUTLS_LDFLAGS} ${user_LDFLAGS}"
save_LIBS="$LIBS"
- LIBS="${MHD_TLS_LIBDEPS} ${LIBS}"
+ LIBS="${GNUTLS_LIBS} ${LIBS}"
AC_LINK_IFELSE(
[
AC_LANG_PROGRAM(
@@ -6612,8 +6614,7 @@ AS_CASE([${enable_md5}],[yes|tlslib],
}
else
exit_code = 2;
- if (exit_code)
- return exit_code;
+ return exit_code;
]]
)
],
@@ -6629,27 +6630,135 @@ AS_CASE([${enable_md5}],[yes|tlslib],
AS_VAR_IF([mhd_cv_gnutls_md5],["no"],
[
AS_VAR_IF([enable_md5],["tlslib"],
- [AC_MSG_FAILURE([TLS library MD5 implementation is not available])]
+ [AC_MSG_WARN([GnuTLS MD5 implementation is not available])]
)
- enable_md5="builtin"
],
- [enable_md5="tlslib"]
+ [
+ AC_DEFINE([[MHD_MD5_EXTR_GNUTLS]],[[1]],
++ [Define to 1 if libmicrohttpd is compiled with MD5 hashing by GnuTLS.])
++ found_md5_tls="yes"
+ ]
)
- ],
- [
- AS_VAR_IF([enable_md5],["tlslib"],
- [AC_MSG_ERROR([HTTPS is not enabled, TLS library MD5 implementation cannot be used])]
+ ]
+ ) # end GnuTLS check
+
+ # Check OpenSSL
+ AS_VAR_IF([have_openssl],["yes"],
+ [
+ AC_CACHE_CHECK([whether OpenSSL supports MD5 hashing],[mhd_cv_openssl_md5],
+ [
+ CPPFLAGS="${CPPFLAGS_ac} ${OPENSSL_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${OPENSSL_LDFLAGS} ${user_LDFLAGS}"
+ save_LIBS="$LIBS"
+ LIBS="${OPENSSL_LIBS} ${LIBS}"
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM(
+ [[
+#include <openssl/evp.h>
+ ]],
+ [[
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ unsigned char digest[16];
+ unsigned int len;
+ if (ctx) {
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(ctx, "", 1);
+ EVP_DigestFinal_ex(ctx, digest, &len);
+ EVP_MD_CTX_free(ctx);
+ }
+ ]]
+ )
+ ],
+ [mhd_cv_openssl_md5='yes'],[mhd_cv_openssl_md5='no']
+ )
+ LIBS="${save_LIBS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
+ ]
+ )
+ AS_VAR_IF([mhd_cv_openssl_md5],["no"],
+ [
+ AS_VAR_IF([enable_md5],["tlslib"],
+ [AC_MSG_WARN([OpenSSL MD5 implementation is not available])]
+ )
+ ],
+ [
+ AC_DEFINE([[MHD_MD5_EXTR_OPENSSL]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with MD5 hashing by OpenSSL.])
+ found_md5_tls="yes"
+ ]
)
- enable_md5="builtin"
]
)
- ],
- [
- enable_md5="builtin"
+
+ # Check mbedTLS
+ AS_VAR_IF([have_mbedtls],["yes"],
+ [
+ AC_CACHE_CHECK([whether mbedTLS supports MD5 hashing],[mhd_cv_mbedtls_md5],
+ [
+ CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_LDFLAGS} ${user_LDFLAGS}"
+ save_LIBS="$LIBS"
+ LIBS="${MBEDTLS_LIBS} ${LIBS}"
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM(
+ [[
+#include <mbedtls/md5.h>
+ ]],
+ [[
+ mbedtls_md5_context ctx;
+ unsigned char digest[16];
+ mbedtls_md5_init(&ctx);
+ mbedtls_md5_starts(&ctx);
+ mbedtls_md5_update(&ctx, (const unsigned char *)"", 1);
+ mbedtls_md5_finish(&ctx, digest);
+ mbedtls_md5_free(&ctx);
+ ]]
+ )
+ ],
+ [mhd_cv_mbedtls_md5='yes'],[mhd_cv_mbedtls_md5='no']
+ )
+ LIBS="${save_LIBS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
+ ]
+ )
+ AS_VAR_IF([mhd_cv_mbedtls_md5],["no"],
+ [
+ AS_VAR_IF([enable_md5],["tlslib"],
+ [AC_MSG_WARN([mbedTLS MD5 implementation is not available])]
+ )
+ ],
+ [
+ AC_DEFINE([[MHD_MD5_EXTR_MBEDTLS]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with MD5 hashing by mbedTLS.])
+ found_md5_tls="yes"
+ ]
+ )
+ ]
+ ) # end mbedtls check
]
+ ) # end AS_IF (enable_https)
+
+ AS_IF([test "x$enable_md5" = "xyes"],
+ [AS_VAR_IF([found_md5_tls],["yes"],
+ [enable_md5="tlslib"],
+ [enable_md5="builtin"]
+ )],
+ [AS_VAR_IF([found_md5_tls],["yes"],
+ [enable_md5="tlslib"],
+ [AC_MSG_ERROR([TLS library support requested for MD5, but no library supports it])]
+ )]
)
]
-)
+) # end "enable_md5 in yes|tlslib"
+
AC_MSG_CHECKING([[whether to support MD5]])
AS_UNSET([enable_md5_MSG])
AS_CASE([${enable_md5}],
@@ -6673,6 +6782,9 @@ AS_IF([test "x${enable_md5}" = "xtlslib" ],
)
AM_CONDITIONAL([MHD_SUPPORT_MD5], [[test "x${enable_md5}" = "xbuiltin" || test "x${enable_md5}" = "xtlslib" ]])
AM_CONDITIONAL([MHD_MD5_EXTR], [[test "x${enable_md5}" = "xtlslib" ]])
+AM_CONDITIONAL([MHD_MD5_GNUTLS], [[test "x$mhd_cv_gnutls_md5" = "xyes"]])
+AM_CONDITIONAL([MHD_MD5_OPENSSL], [[test "x$mhd_cv_openssl_md5" = "xyes"]])
+AM_CONDITIONAL([MHD_MD5_MBEDTLS], [[test "x$mhd_cv_mbedtls_md5" = "xyes"]])
AC_MSG_RESULT([[${enable_md5_MSG}]])
# optional: SHA-256 support for Digest Auth. Enabled by default.
@@ -6696,17 +6808,19 @@ AC_ARG_ENABLE([[sha256]],
)
AS_CASE([${enable_sha256}],[yes|tlslib],
[
- AS_IF([test "x${enable_compact_code}" != "xno" || test "x$enable_sha256" = "xtlslib"],
+ found_sha256_tls="no"
+ AS_IF([test "x$enable_https" = "xyes"],
[
- AS_IF([test "x$enable_https" = "xyes"],
+ # Check GnuTLS
+ AS_VAR_IF([have_gnutls],["yes"],
[
AC_CACHE_CHECK([whether GnuTLS supports sha256 hashing],[mhd_cv_gnutls_sha256],
[
- CPPFLAGS="${CPPFLAGS_ac} ${MHD_TLS_LIB_CPPFLAGS} ${user_CPPFLAGS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${GNUTLS_LIB_CPPFLAGS} ${user_CPPFLAGS}"
CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
- LDFLAGS="${LDFLAGS_ac} ${MHD_TLS_LIB_LDFLAGS} ${user_LDFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${GNUTLS_LDFLAGS} ${user_LDFLAGS}"
save_LIBS="$LIBS"
- LIBS="${MHD_TLS_LIBDEPS} ${LIBS}"
+ LIBS="${GNUTLS_LIBS} ${LIBS}"
AC_LINK_IFELSE(
[
AC_LANG_PROGRAM(
@@ -6734,8 +6848,7 @@ AS_CASE([${enable_sha256}],[yes|tlslib],
}
else
exit_code = 2;
- if (exit_code)
- return exit_code;
+ return exit_code;
]]
)
],
@@ -6751,24 +6864,131 @@ AS_CASE([${enable_sha256}],[yes|tlslib],
AS_VAR_IF([mhd_cv_gnutls_sha256],["no"],
[
AS_VAR_IF([enable_sha256],["tlslib"],
- [AC_MSG_FAILURE([TLS library SHA-256 implementation is not available])]
+ [AC_MSG_WARN([GnuTLS SHA-256 implementation is not available])]
)
- enable_sha256="builtin"
],
- [enable_sha256="tlslib"]
+ [
+ AC_DEFINE([[MHD_SHA256_EXTR_GNUTLS]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with SHA-256 hashing by GnuTLS.])
+ found_sha256_tls="yes"
+ ]
)
- ],
+ ]
+ ) # end check GnuTLS
+
+ # Check OpenSSL
+ AS_VAR_IF([have_openssl],["yes"],
[
- AS_VAR_IF([enable_sha256],["tlslib"],
- [AC_MSG_ERROR([HTTPS is not enabled, TLS library SHA-256 implementation cannot be used])]
+ AC_CACHE_CHECK([whether OpenSSL supports SHA-256 hashing],[mhd_cv_openssl_sha256],
+ [
+ CPPFLAGS="${CPPFLAGS_ac} ${OPENSSL_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${OPENSSL_LDFLAGS} ${user_LDFLAGS}"
+ save_LIBS="$LIBS"
+ LIBS="${OPENSSL_LIBS} ${LIBS}"
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM(
+ [[
+#include <openssl/evp.h>
+ ]],
+ [[
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ unsigned char digest[32];
+ unsigned int len;
+ if (ctx) {
+ EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
+ EVP_DigestUpdate(ctx, "", 1);
+ EVP_DigestFinal_ex(ctx, digest, &len);
+ EVP_MD_CTX_free(ctx);
+ }
+ ]]
+ )
+ ],
+ [mhd_cv_openssl_sha256='yes'],[mhd_cv_openssl_sha256='no']
+ )
+ LIBS="${save_LIBS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
+ ]
+ )
+ AS_VAR_IF([mhd_cv_openssl_sha256],["no"],
+ [
+ AS_VAR_IF([enable_sha256],["tlslib"],
+ [AC_MSG_WARN([OpenSSL SHA-256 implementation is not available])]
+ )
+ ],
+ [
+ AC_DEFINE([[MHD_SHA256_EXTR_OPENSSL]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with SHA-256 hashing by OpenSSL.])
+ found_sha256_tls="yes"
+ ]
)
- enable_sha256="builtin"
]
- )
- ],
- [
- enable_sha256="builtin"
+ ) # end check OpenSSL
+
+ # Check mbedTLS
+ AS_VAR_IF([have_mbedtls],["yes"],
+ [
+ AC_CACHE_CHECK([whether mbedTLS supports SHA256 hashing],[mhd_cv_mbedtls_sha256],
+ [
+ CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_LDFLAGS} ${user_LDFLAGS}"
+ save_LIBS="$LIBS"
+ LIBS="${MBEDTLS_LIBS} ${LIBS}"
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM(
+ [[
+#include <mbedtls/sha256.h>
+ ]],
+ [[
+ mbedtls_sha256_context ctx;
+ unsigned char digest[16];
+ mbedtls_sha256_init(&ctx);
+ mbedtls_sha256_starts(&ctx);
+ mbedtls_sha256_update(&ctx, (const unsigned char *)"", 1);
+ mbedtls_sha256_finish(&ctx, digest);
+ mbedtls_sha256_free(&ctx);
+ ]]
+ )
+ ],
+ [mhd_cv_mbedtls_sha256='yes'],[mhd_cv_mbedtls_sha256='no']
+ )
+ LIBS="${save_LIBS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
+ ]
+ )
+ AS_VAR_IF([mhd_cv_mbedtls_sha256],["no"],
+ [
+ AS_VAR_IF([enable_sha256],["tlslib"],
+ [AC_MSG_WARN([mbedTLS SHA256 implementation is not available])]
+ )
+ ],
+ [
+ AC_DEFINE([[MHD_SHA256_EXTR_MBEDTLS]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with SHA256 hashing by mbedTLS.])
+ found_sha256_tls="yes"
+ ]
+ )
+ ]
+ ) # end mbedtls check
]
+ ) # end AS_IF (enable_https)
+
+ AS_IF([test "x$enable_sha256" = "xyes"],
+ [AS_VAR_IF([found_sha256_tls],["yes"],
+ [enable_sha256="tlslib"],
+ [enable_sha256="builtin"]
+ )],
+ [AS_VAR_IF([found_sha256_tls],["yes"],
+ [enable_sha256="tlslib"],
+ [AC_MSG_ERROR([TLS library support requested for SHA256, but no library supports it])]
+ )]
)
]
)
@@ -6795,6 +7015,9 @@ AS_IF([test "x${enable_sha256}" = "xtlslib" ],
)
AM_CONDITIONAL([MHD_SUPPORT_SHA256], [[test "x${enable_sha256}" = "xbuiltin" || test "x${enable_sha256}" = "xtlslib" ]])
AM_CONDITIONAL([MHD_SHA256_EXTR], [[test "x${enable_sha256}" = "xtlslib" ]])
+AM_CONDITIONAL([MHD_SHA256_GNUTLS], [[test "x$mhd_cv_gnutls_sha256" = "xyes"]])
+AM_CONDITIONAL([MHD_SHA256_OPENSSL], [[test "x$mhd_cv_openssl_sha256" = "xyes"]])
+AM_CONDITIONAL([MHD_SHA256_MBEDTLS], [[test "x$mhd_cv_mbedtls_sha256" = "xyes"]])
AC_MSG_RESULT([[${enable_sha256_MSG}]])
# optional: SHA-512/256 support for Digest Auth. Enabled by default.
@@ -6814,6 +7037,134 @@ AC_ARG_ENABLE([[sha512-256]],
)
], [[enable_sha512_256="${enable_digest_auth}"]]
)
+
+# optional: SHA-512/256 support for Digest Auth. Enabled by default.
+AC_ARG_ENABLE([[sha512-256]],
+ [AS_HELP_STRING([[--disable-sha512-256]],
+ [disable SHA-512/256 hashing support for Digest Authentication])],
+ [
+ AS_VAR_IF([[enable_sha512_256]],[["yes"]],
+ [
+ AS_VAR_IF([enable_digest_auth],["yes"],[],
+ [
+ AC_MSG_WARN([The parameter --enable-sha512-256 is ignored as Digest Authentication is disabled])
+ enable_sha512_256='no'
+ ]
+ )
+ ],[[enable_sha512_256='no']]
+ )
+ ], [[enable_sha512_256="${enable_digest_auth}"]]
+)
+
+# SHA-512/256 external vs internal check
+AS_CASE([${enable_sha512_256}],[yes],
+ [
+ found_sha512_256_tls="no"
+ AS_IF([test "x$enable_https" = "xyes"],
+ [
+ # Check OpenSSL
+ AS_VAR_IF([have_openssl],["yes"],
+ [
+ AC_CACHE_CHECK([whether OpenSSL supports SHA-512/256 hashing],[mhd_cv_openssl_sha512_256],
+ [
+ CPPFLAGS="${CPPFLAGS_ac} ${OPENSSL_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${OPENSSL_LDFLAGS} ${user_LDFLAGS}"
+ save_LIBS="$LIBS"
+ LIBS="${OPENSSL_LIBS} ${LIBS}"
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM(
+ [[
+#include <openssl/evp.h>
+ ]],
+ [[
+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ unsigned char digest[32];
+ unsigned int len;
+ if (ctx) {
+ EVP_DigestInit_ex(ctx, EVP_sha512_256(), NULL);
+ EVP_DigestUpdate(ctx, "", 1);
+ EVP_DigestFinal_ex(ctx, digest, &len);
+ EVP_MD_CTX_free(ctx);
+ }
+ ]]
+ )
+ ],
+ [mhd_cv_openssl_sha512_256='yes'],[mhd_cv_openssl_sha512_256='no']
+ )
+ LIBS="${save_LIBS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
+ ]
+ )
+ AS_VAR_IF([mhd_cv_openssl_sha512_256],["yes"],
+ [
+ AC_DEFINE([[MHD_SHA512_256_EXTR_OPENSSL]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with SHA-512/256 hashing by OpenSSL.])
+ found_sha512_256_tls="yes"
+ ]
+ )
+ ]
+ )
+ # Check mbedTLS - test for SHA-512 support (C code uses SHA-512 implementation)
+ AS_VAR_IF([have_mbedtls],["yes"],
+ [
+ AC_CACHE_CHECK([whether mbedTLS supports SHA-512 hashing for SHA-512/256],[mhd_cv_mbedtls_sha512],
+ [
+ CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_LDFLAGS} ${user_LDFLAGS}"
+ save_LIBS="$LIBS"
+ LIBS="${MBEDTLS_LIBS} ${LIBS}"
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM(
+ [[
+#include <mbedtls/sha512.h>
+ ]],
+ [[
+ mbedtls_sha512_context ctx;
+ unsigned char digest[64];
+ mbedtls_sha512_init(&ctx);
+ mbedtls_sha512_starts(&ctx, 0);
+ mbedtls_sha512_update(&ctx, (const unsigned char *)"", 1);
+ mbedtls_sha512_finish(&ctx, digest);
+ mbedtls_sha512_free(&ctx);
+ ]]
+ )
+ ],
+ [mhd_cv_mbedtls_sha512='yes'],[mhd_cv_mbedtls_sha512='no']
+ )
+ LIBS="${save_LIBS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
+ ]
+ )
+ AS_VAR_IF([mhd_cv_mbedtls_sha512],["yes"],
+ [
+ AC_DEFINE([[MHD_SHA512_EXTR_MBEDTLS]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with SHA-512 hashing by mbedTLS.])
+ found_sha512_256_tls="yes"
+ ]
+ )
+ ]
+ )
+ ],
+ []
+ )
+ AS_VAR_IF([found_sha512_256_tls],["yes"],
+ [
+ AC_DEFINE([[MHD_SHA512_256_EXTR]],[[1]],
+ [Define to 1 if libmicrohttpd is compiled with SHA-512/256 hashing by TLS library.])
+ ]
+ )
+ ]
+)
+
+
AC_MSG_CHECKING([[whether to support SHA-512/256]])
AS_UNSET([enable_sha512_256_MSG])
AS_CASE([${enable_sha512_256}],
@@ -6828,8 +7179,15 @@ AS_VAR_IF([[enable_sha512_256]],[["yes"]],
]
)
AM_CONDITIONAL([MHD_SUPPORT_SHA512_256], [[test "x${enable_sha512_256}" = "xyes"]])
+AM_CONDITIONAL([MHD_SHA512_256_EXTR], [[test "x${found_sha512_256_tls}" = "xyes"]])
+AM_CONDITIONAL([MHD_SHA512_256_OPENSSL], [[test "x$mhd_cv_openssl_sha512_256" = "xyes"]])
+AM_CONDITIONAL([MHD_SHA512_MBEDTLS], [[test "x$mhd_cv_mbedtls_sha512" = "xyes"]])
+
+
AC_MSG_RESULT([[${enable_sha512_256_MSG}]])
+
+# Check if digest auth can be enabled, requires at least one hash algo
AS_IF([test "x$enable_digest_auth" != "xno"],
[
AS_IF([test "x${enable_md5}" = "xno" && test "x${enable_sha256}" = "xno" && test "x${enable_sha512_256}" != "xyes"],
diff --git a/src/mhd2/Makefile.am b/src/mhd2/Makefile.am
@@ -156,13 +156,26 @@ auth_basic_OPTSOURCES = \
response_auth_basic.c
if MHD_MD5_EXTR
-md5_OPTSOURCES = \
- md5_ext_gnutls.c md5_ext.h \
- mhd_md5.h
+ md5_OPTSOURCES = \
+ md5_ext.h \
+ mhd_md5.h
+
+if MHD_SUPPORT_OPENSSL
+ md5_OPTSOURCES += \
+ md5_ext_openssl.c
+else
+if MHD_SUPPORT_GNUTLS
+ md5_OPTSOURCES += \
+ md5_ext_gnutls.c
else
-md5_OPTSOURCES = \
- md5_int.c md5_int.h \
- mhd_md5.h
+ md5_OPTSOURCES += \
+ md5_ext_mbedtls.c
+endif
+endif
+else
+ md5_OPTSOURCES = \
+ md5_int.c md5_int.h \
+ mhd_md5.h
endif
if MHD_SHA256_EXTR
@@ -170,18 +183,18 @@ if MHD_SHA256_EXTR
sha256_ext.h \
mhd_sha256.h
- if MHD_SUPPORT_OPENSSL
+if MHD_SUPPORT_OPENSSL
sha256_OPTSOURCES += \
sha256_ext_openssl.c
- else
- if MHD_SUPPORT_GNUTLS
+else
+if MHD_SUPPORT_GNUTLS
sha256_OPTSOURCES += \
sha256_ext_gnutls.c
- else
+else
sha256_OPTSOURCES += \
sha256_ext_mbedtls.c
- endif
- endif
+endif
+endif
else
sha256_OPTSOURCES = \
@@ -189,9 +202,23 @@ else
mhd_sha256.h
endif
-sha512_256_OPTSOURCES = \
- sha512_256_int.c sha512_256_int.h \
- mhd_sha512_256.h
+if MHD_SHA512_256_EXTR
+ sha512_256_OPTSOURCES = \
+ sha512_256_ext.h \
+ mhd_sha512_256.h
+
+if MHD_SUPPORT_OPENSSL
+ sha256_OPTSOURCES += \
+ sha512_256_ext_openssl.c
+else
+ sha256_OPTSOURCES += \
+ sha512_256_ext_mbedtls.c
+endif
+else
+ sha512_256_OPTSOURCES = \
+ sha512_256_int.c sha512_256_int.h \
+ mhd_sha512_256.h
+endif
auth_digest_OPTSOURCES = \
mhd_digest_auth_data.h mhd_auth_digest_hdr.h \
@@ -199,15 +226,15 @@ auth_digest_OPTSOURCES = \
auth_digest.c auth_digest.h
if MHD_SUPPORT_MD5
-auth_digest_OPTSOURCES += $(md5_OPTSOURCES)
+ auth_digest_OPTSOURCES += $(md5_OPTSOURCES)
endif
if MHD_SUPPORT_SHA256
-auth_digest_OPTSOURCES += $(sha256_OPTSOURCES)
+ auth_digest_OPTSOURCES += $(sha256_OPTSOURCES)
endif
if MHD_SUPPORT_SHA512_256
-auth_digest_OPTSOURCES += $(sha512_256_OPTSOURCES)
+ auth_digest_OPTSOURCES += $(sha512_256_OPTSOURCES)
endif
upgrade_OPTSOURCES = \
diff --git a/src/mhd2/auth_digest.c b/src/mhd2/auth_digest.c
@@ -1547,7 +1547,7 @@ digest_deinit (struct DigestAlgorithm *da)
#endif /* mhd_SHA256_HAS_DEINIT */
#ifdef mhd_SHA512_256_HAS_DEINIT
if (MHD_DIGEST_BASE_ALGO_SHA512_256 == da->algo)
- mhd_SHA512_256_deinit (&(da->ctx.sha256_ctx));
+ mhd_SHA512_256_deinit (&(da->ctx.sha512_256_ctx));
else
#endif /* mhd_SHA512_256_HAS_DEINIT */
(void) 0;
diff --git a/src/mhd2/sha512_256_ext_gnutls.c b/src/mhd2/sha512_256_ext_gnutls.c
@@ -1,130 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1-or-later OR (GPL-2.0-or-later WITH eCos-exception-2.0) */
-/*
- This file is part of GNU libmicrohttpd.
- Copyright (C) 2025 Christian Grothoff
-
- GNU libmicrohttpd is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- GNU libmicrohttpd is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- Alternatively, you can redistribute GNU libmicrohttpd and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version, together
- with the eCos exception, as follows:
-
- As a special exception, if other files instantiate templates or
- use macros or inline functions from this file, or you compile this
- file and link it with other works to produce a work based on this
- file, this file does not by itself cause the resulting work to be
- covered by the GNU General Public License. However the source code
- for this file must still be made available in accordance with
- section (3) of the GNU General Public License v2.
-
- This exception does not invalidate any other reasons why a work
- based on this file might be covered by the GNU General Public
- License.
-
- You should have received copies of the GNU Lesser General Public
- License and the GNU General Public License along with this library;
- if not, see <https://www.gnu.org/licenses/>.
-*/
-
-/**
- * @file microhttpd/sha512_256_ext_gnutls.c
- * @brief Wrapper for SHA-512/256 calculation performed by GnuTLS library
- * @author Christian Grothoff
- */
-
-#include <gnutls/crypto.h>
-#define MHD_SHA512_256_Context struct hash_hd_st
-#include "sha512_256_ext.h"
-#include "mhd_assert.h"
-
-
-/**
- * Initialise structure for SHA-512/256 calculation, allocate resources.
- *
- * This function must not be called more than one time for @a ctx.
- *
- * @param ctx the calculation context
- */
-void
-mhd_SHA512_256_init_one_time (struct mhd_Sha512_256CtxExt *ctx)
-{
- ctx->handle = NULL;
- ctx->ext_error = gnutls_hash_init (&ctx->handle,
- GNUTLS_DIG_SHA512_256);
- if ((0 != ctx->ext_error) && (NULL != ctx->handle))
- {
- /* GnuTLS may return initialisation error and set the handle at the
- same time. Such handle cannot be used for calculations.
- Note: GnuTLS may also return an error and NOT set the handle. */
- mhd_SHA512_256_deinit (ctx);
- }
-
- /* If handle is NULL, the error must be set */
- mhd_assert ((NULL != ctx->handle) || (0 != ctx->ext_error));
- /* If error is set, the handle must be NULL */
- mhd_assert ((0 == ctx->ext_error) || (NULL == ctx->handle));
-}
-
-
-/**
- * Process portion of bytes.
- *
- * @param ctx the calculation context
- * @param data bytes to add to hash
- * @param length number of bytes in @a data
- */
-void
-mhd_SHA512_256_update (struct mhd_Sha512_256CtxExt *ctx,
- size_t size,
- const uint8_t *data)
-{
- mhd_assert (0 != size);
-
- if (0 == ctx->ext_error)
- ctx->ext_error = gnutls_hash (ctx->handle,
- data,
- size);
-}
-
-
-/**
- * Finalise SHA-512/256 calculation, return digest, reset hash calculation.
- *
- * @param ctx the calculation context
- * @param[out] digest set to the hash, must be #mhd_SHA512_256_DIGEST_SIZE bytes
- */
-void
-mhd_SHA512_256_finish_reset (struct mhd_Sha512_256CtxExt *ctx,
- uint8_t digest[mhd_SHA512_256_DIGEST_SIZE])
-{
- if (0 == ctx->ext_error)
- gnutls_hash_output (ctx->handle,
- digest);
-}
-
-
-/**
- * Free allocated resources.
- *
- * @param ctx the calculation context
- */
-void
-mhd_SHA512_256_deinit (struct mhd_Sha512_256CtxExt *ctx)
-{
- if (NULL != ctx->handle)
- {
- gnutls_hash_deinit (ctx->handle,
- NULL);
- ctx->handle = NULL;
- }
-}
diff --git a/src/mhd2/sha512_256_ext_openssl.c b/src/mhd2/sha512_256_ext_openssl.c
@@ -151,6 +151,6 @@ mhd_SHA512_256_deinit (struct mhd_Sha512_256CtxExt *ctx)
if (NULL != ctx->handle)
{
EVP_MD_CTX_free (ctx->handle);
- ctx->handle = NULL:
+ ctx->handle = NULL;
}
}
diff --git a/src/tests/client_server/Makefile.am b/src/tests/client_server/Makefile.am
@@ -56,7 +56,6 @@ libmhdt_la_SOURCES = \
libtest.c libtest.h \
libtest_convenience.c \
libtest_convenience_client_request.c \
- libtest_convenience_client2_request.c \
libtest_convenience_server_reply.c
# TODO: fix out-of-tree 'make check'
