diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-02-25 00:39:23 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-07-08 19:54:30 -0400 |
commit | b28a3714c46d96e4c561a582966465beeeebe73b (patch) | |
tree | 60279ab4e010a0089348e000f46198bf3391e3ea /src/mod_auth.c | |
parent | af836b94d30d088b02899789b74a1d41a35b9eac (diff) | |
download | lighttpd-git-b28a3714c46d96e4c561a582966465beeeebe73b.tar.gz |
[multiple] ./configure --with-nettle to use Nettle
./configure --with-nettle to use Nettle crypto lib for algorithms,
instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS.
x-ref:
"How to use SHA-256 without OpenSSL?"
https://redmine.lighttpd.net/boards/2/topics/8903
Diffstat (limited to 'src/mod_auth.c')
-rw-r--r-- | src/mod_auth.c | 50 |
1 files changed, 42 insertions, 8 deletions
diff --git a/src/mod_auth.c b/src/mod_auth.c index 442fed73..172a6a49 100644 --- a/src/mod_auth.c +++ b/src/mod_auth.c @@ -6,11 +6,45 @@ #include "http_header.h" #include "log.h" -#include "sys-crypto.h" /* USE_OPENSSL_CRYPTO */ -#ifdef USE_OPENSSL_CRYPTO +#include "sys-crypto.h" /* USE_LIB_CRYPTO */ +#ifdef USE_LIB_CRYPTO + +#if defined(USE_NETTLE_CRYPTO) + +#include <nettle/sha.h> +typedef struct sha256_ctx SHA256_CTX; +#define SHA256_Init(ctx) \ + sha256_init(ctx) +#define SHA256_Final(digest, ctx) \ + sha256_digest((ctx),sizeof(digest),(digest)) +static void +SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length) +{ + sha256_update(ctx, length, data); +} + +#ifndef SHA512_256_DIGEST_LENGTH +#define SHA512_256_DIGEST_LENGTH 32 +#endif +typedef struct sha512_ctx SHA512_CTX; +#define SHA512_256_Init(ctx) \ + sha512_256_init(ctx) +#define SHA512_256_Final(digest, ctx) \ + sha512_256_digest((ctx),sizeof(digest),(digest)) +static void +SHA512_256_Update(SHA512_CTX *ctx, const void *data, size_t length) +{ + sha512_256_update(ctx, length, data); +} + +#elif defined(USE_OPENSSL_CRYPTO) + #include <openssl/sha.h> + #endif +#endif /* USE_LIB_CRYPTO */ + #include <stdlib.h> #include <string.h> @@ -132,7 +166,7 @@ static int mod_auth_algorithm_parse(http_auth_info_t *ai, const char *s) { ai->dlen = HTTP_AUTH_DIGEST_MD5_BINLEN; return 1; } - #ifdef USE_OPENSSL_CRYPTO + #ifdef USE_LIB_CRYPTO else if (len >= 7 && 's' == (s[0] | 0x20) && 'h' == (s[1] | 0x20) @@ -613,7 +647,7 @@ static handler_t mod_auth_check_basic(request_st * const r, void *p_d, const str } -#ifdef USE_OPENSSL_CRYPTO +#ifdef USE_LIB_CRYPTO static void mod_auth_digest_mutate_sha256(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) { SHA256_CTX ctx; @@ -761,7 +795,7 @@ static void mod_auth_digest_nonce_sha512_256(buffer *b, time_t cur_ts, int rnd, #endif /* SHA512_256_DIGEST_LENGTH */ -#endif /* USE_OPENSSL_CRYPTO */ +#endif /* USE_LIB_CRYPTO */ static void mod_auth_digest_mutate_md5(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) { li_MD5_CTX ctx; @@ -839,7 +873,7 @@ static void mod_auth_digest_nonce_md5(buffer *b, time_t cur_ts, int rnd, const b static void mod_auth_digest_mutate(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) { if (ai->dalgo & HTTP_AUTH_DIGEST_MD5) mod_auth_digest_mutate_md5(ai, m, uri, nonce, cnonce, nc, qop); - #ifdef USE_OPENSSL_CRYPTO + #ifdef USE_LIB_CRYPTO else if (ai->dalgo & HTTP_AUTH_DIGEST_SHA256) mod_auth_digest_mutate_sha256(ai, m, uri, nonce, cnonce, nc, qop); #ifdef SHA512_256_DIGEST_LENGTH @@ -864,7 +898,7 @@ static void mod_auth_append_nonce(buffer *b, time_t cur_ts, const struct http_au buffer_append_string_len(b, CONST_STR_LEN(":")); } switch (dalgo) { - #ifdef USE_OPENSSL_CRYPTO + #ifdef USE_LIB_CRYPTO #ifdef SHA512_256_DIGEST_LENGTH case HTTP_AUTH_DIGEST_SHA512_256: mod_auth_digest_nonce_sha512_256(b, cur_ts, rnd, nonce_secret); @@ -887,7 +921,7 @@ static void mod_auth_digest_www_authenticate(buffer *b, time_t cur_ts, const str int algoid[3]; unsigned int algolen[3]; const char *algoname[3]; - #ifdef USE_OPENSSL_CRYPTO + #ifdef USE_LIB_CRYPTO #ifdef SHA512_256_DIGEST_LENGTH if (algos & HTTP_AUTH_DIGEST_SHA512_256) { algoid[n] = HTTP_AUTH_DIGEST_SHA512_256; |