summaryrefslogtreecommitdiff
path: root/src/sys-crypto.h
Commit message (Collapse)AuthorAgeFilesLines
* [core] preprocessor option to force crypto libGlenn Strauss2022-07-261-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | add preprocessor option to force crypto lib used by lighttpd base -DFORCE_MBEDTLS_CRYPTO for mbed TLS or -DFORCE_WOLFSSL_CRYPTO for WolfSSL This allows building lighttpd with support for multiple TLS modules, and at the same time specifying the lighttpd base crypto lib dependency. (Packages such as OpenWRT lighttpd package would need to update package dependency along with specifying the preprocessor define) If lighttpd is built with meson and without "-Dwith_nettle=true", then lighttpd will use mbed TLS if built with "-Dwith_mbedtls", so the preprocessor option is not strictly necessary for mbed TLS. However, if built with "-Dwith_mbedtls" and "-Dwith_wolfssl" *and* without "-Dwith_nettle=true" *and* lighttpd base crypto dependency on WolfSSL is desired, then CFLAGS -DFORCE_WOLFSSL_CRYPTO is needed, e.g. with a patch to add it to 'defs' near the top of src/meson.build. x-ref: "lighttpd authentication modules depends on libnettle" https://github.com/openwrt/packages/issues/18851
* [core] set NSS_VER_INCLUDE after crypto lib selectGlenn Strauss2020-10-291-5/+0
|
* [multiple] include wolfssl/options.h after selectGlenn Strauss2020-10-291-25/+0
| | | | | | | | | | | | | include wolfssl/options.h crypto lib config after selecting crypto lib to use wolfSSL does not prefix its defines with a wolfSSL-specific namespace (so we would like to avoid unnecessarily polluting preproc namespace) This commit further isolates wolfSSL after split from mod_openssl. Cleans up some preprocessor logic that was put in place when using the wolfSSL compatibility layer for openssl, before creating a dedicated mod_wolfssl.
* [multiple] include mbedtls/config.h after selectGlenn Strauss2020-10-291-1/+0
| | | | | include mbedtls/config.h crypto lib config after selecting crypto lib to use
* [core] adjust wolfssl workaround for another caselighttpd-1.4.56-rc5Glenn Strauss2020-10-291-1/+1
| | | | adjust wolfssl types.h workaround for another edge case
* [core] workaround fragile code in wolfssl types.hlighttpd-1.4.56-rc4Glenn Strauss2020-10-291-0/+17
| | | | | | | | | | workaround fragile code in wolfssl/wolfcrypto/types.h Including header blows up compile in 32-bit when lighttpd meson build in OpenWRT on a 32-bit platform generates lighttpd config.h containing define of SIZEOF_LONG, but not SIZEOF_LONG_LONG, and the wolfssl types.h flubs and fails to choose an enum value used by a macro that is unused by most consumers of the wolfssl header.
* [build] WITHOUT_LIB_CRYPTO option in codeGlenn Strauss2020-10-271-0/+4
| | | | | | | | | | | | | (not (yet?) an end-user option in the build system) (If extended to build system, build system should also unset CRYPTO_LIB) If WITHOUT_LIB_CRYPTO is defined in sys-crypto.h, then non-TLS modules will have access to MD5() and SHA1() built with lighttpd (algo_md5.[ch] and algo_sha1.[ch]), but not to other message digest algorithms. As of this commit, this affects only mod_secdownload with SHA256 digest and mod_auth* modules using HTTP Digest Auth with digest=SHA-256, which is not currently well-supported by client browers (besides Opera)
* [build] detect nss3/nss.h or nss/nss.h for NSSGlenn Strauss2020-10-271-0/+4
|
* [multiple] test for nss includesGlenn Strauss2020-10-221-0/+5
| | | | | some distro packages deploy NSS includes under nss/, others nss3/ (and similar for nspr/ vs nspr4/)
* [multiple] use NSS crypto if no other crypto availGlenn Strauss2020-10-191-0/+1
| | | | | | | use NSS crypto if no other crypto avail, but NSS crypto is available "NSS crypto support" is not included in tests/LightyTest.pm:has_crypto() due to NSS libraries (freebl3) lacking public export for HMAC funcs
* [mod_wolfssl] standalone moduleGlenn Strauss2020-10-111-0/+2
| | | | standalone module forked from mod_openssl
* [mod_openssl] prefer some WolfSSL native APIsGlenn Strauss2020-07-081-1/+1
| | | | | | | | Prefer some WolfSSL native APIs when building with WolfSSL. However, some functionality in WolfSSL is available only through the WolfSSL compatibility layer for OpenSSL, so the effort to create a native mod_wolfssl halted here.
* [mod_nss] NSS option for TLS (fixes #1218)Glenn Strauss2020-07-081-0/+4
| | | | | | | | | | | | (experimental) WARNING: EXPERIMENTAL code sketch; mod_nss is INCOMPLETE and UNTESTED mod_nss supports most ssl.* config options supported by mod_openssl x-ref: "alternate ssl backend" https://redmine.lighttpd.net/issues/1218
* [mod_gnutls] GnuTLS option for TLS (fixes #109)Glenn Strauss2020-07-081-0/+5
| | | | | | | | | | (experimental) mod_gnutls supports most ssl.* config options supported by mod_openssl x-ref: "GnuTLS support for the mod_ssl" https://redmine.lighttpd.net/issues/109
* [mod_mbedtls] mbedTLS option for TLSGlenn Strauss2020-07-081-0/+6
| | | | | | | | | (experimental) mod_mbedtls supports most ssl.* config options supported by mod_openssl thx Ward Willats for the initial discussion and attempt in the comments https://redmine.lighttpd.net/boards/3/topics/7029
* [multiple] ./configure --with-nettle to use NettleGlenn Strauss2020-07-081-0/+7
| | | | | | | | | ./configure --with-nettle to use Nettle crypto lib for algorithms, instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS. x-ref: "How to use SHA-256 without OpenSSL?" https://redmine.lighttpd.net/boards/2/topics/8903
* [mod_openssl] add support for wolfSSLGlenn Strauss2018-10-071-0/+10
| | | | | | | | | | | | requires wolfSSL library version 3.15.3 or later https://www.wolfssl.com/ https://github.com/wolfSSL/wolfssl (thx dgarske) x-ref: "Adds support for building Lighttpd with wolfSSL" https://github.com/lighttpd/lighttpd1.4/pull/92
* [TLS] sys-crypto.h abstractionGlenn Strauss2018-09-261-0/+9
(add the header)
View Lorry Controller Status