Browse Source

[TLS] mark code that uses -lcrypto but not -lssl

mark code that uses openssl -lcrypto with USE_OPENSSL_CRYPTO
to note that it does not depend on openssl -lssl (USE_OPENSSL)
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
a801ef55a0
  1. 8
      src/md5.c
  2. 13
      src/mod_authn_file.c
  3. 12
      src/mod_secdownload.c
  4. 13
      src/rand.c

8
src/md5.c

@ -28,7 +28,13 @@ documentation and/or software.
#include "md5.h"
#ifndef USE_OPENSSL
#if 0 /* Note: not defined here or in lighttpd local "md5.h" */
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
#define USE_OPENSSL_CRYPTO
#endif
#endif
#ifndef USE_OPENSSL_CRYPTO
#include <string.h>
/* Constants for MD5Transform routine.

13
src/mod_authn_file.c

@ -14,9 +14,11 @@
# define HAVE_CRYPT
#endif
#include "base.h"
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
#define USE_OPENSSL_CRYPTO
#endif
#ifdef USE_OPENSSL
#ifdef USE_OPENSSL_CRYPTO
#include "base64.h"
#include <openssl/md4.h>
#include <openssl/sha.h>
@ -26,6 +28,7 @@
/*(htpasswd)*/
#include "base.h"
#include "plugin.h"
#include "http_auth.h"
#include "log.h"
@ -594,7 +597,7 @@ static void apr_md5_encode(const char *pw, const char *salt, char *result, size_
apr_cpystrn(result, passwd, nbytes - 1);
}
#ifdef USE_OPENSSL
#ifdef USE_OPENSSL_CRYPTO
static void apr_sha_encode(const char *pw, char *result, size_t nbytes) {
unsigned char digest[20];
size_t base64_written;
@ -629,7 +632,7 @@ static handler_t mod_authn_file_htpasswd_basic(server *srv, connection *con, voi
apr_md5_encode(pw, password->ptr, sample, sizeof(sample));
rc = strcmp(sample, password->ptr);
}
#ifdef USE_OPENSSL
#ifdef USE_OPENSSL_CRYPTO
else if (0 == strncmp(password->ptr, "{SHA}", 5)) {
apr_sha_encode(pw, sample, sizeof(sample));
rc = strcmp(sample, password->ptr);
@ -647,7 +650,7 @@ static handler_t mod_authn_file_htpasswd_basic(server *srv, connection *con, voi
crypt_tmp_data.initialized = 0;
#endif
#endif
#ifdef USE_OPENSSL /* (for MD4_*() (e.g. MD4_Update())) */
#ifdef USE_OPENSSL_CRYPTO /* (for MD4_*() (e.g. MD4_Update())) */
if (0 == memcmp(password->ptr, CONST_STR_LEN("$1+ntlm$"))) {
/* CRYPT-MD5-NTLM algorithm
* This algorithm allows for the construction of (slight more)

12
src/mod_secdownload.c

@ -11,7 +11,11 @@
#include <stdlib.h>
#include <string.h>
#if defined(USE_OPENSSL)
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
#define USE_OPENSSL_CRYPTO
#endif
#ifdef USE_OPENSSL_CRYPTO
#include <openssl/evp.h>
#include <openssl/hmac.h>
#endif
@ -181,7 +185,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
return (32 == maclen) && const_time_memeq(mac, hexmd5, 32);
}
case SECDL_HMAC_SHA1:
#if defined(USE_OPENSSL)
#ifdef USE_OPENSSL_CRYPTO
{
unsigned char digest[20];
char base64_digest[27];
@ -203,7 +207,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
#endif
break;
case SECDL_HMAC_SHA256:
#if defined(USE_OPENSSL)
#ifdef USE_OPENSSL_CRYPTO
{
unsigned char digest[32];
char base64_digest[43];
@ -318,7 +322,7 @@ SETDEFAULTS_FUNC(mod_secdownload_set_defaults) {
algorithm);
buffer_free(algorithm);
return HANDLER_ERROR;
#if !defined(USE_OPENSSL)
#ifndef USE_OPENSSL_CRYPTO
case SECDL_HMAC_SHA1:
case SECDL_HMAC_SHA256:
log_error_write(srv, __FILE__, __LINE__, "sb",

13
src/rand.c

@ -15,7 +15,10 @@
#include <time.h>
#include <unistd.h>
#ifdef USE_OPENSSL
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
#define USE_OPENSSL_CRYPTO
#endif
#ifdef USE_OPENSSL_CRYPTO
#include <openssl/rand.h>
#endif
#ifdef HAVE_LINUX_RANDOM_H
@ -154,7 +157,7 @@ static void li_rand_init (void)
#ifdef HAVE_SRANDOM
srandom(u); /*(initialize just in case random() used elsewhere)*/
#endif
#ifdef USE_OPENSSL
#ifdef USE_OPENSSL_CRYPTO
RAND_poll();
RAND_seed(xsubi, (int)sizeof(xsubi));
#endif
@ -169,7 +172,7 @@ int li_rand_pseudo_bytes (void)
{
/* randomness *is not* cryptographically strong */
/* (attempt to use better mechanisms to replace the more portable rand()) */
#ifdef USE_OPENSSL /* (RAND_pseudo_bytes() is deprecated in openssl 1.1.0) */
#ifdef USE_OPENSSL_CRYPTO /* (openssl 1.1.0 deprecates RAND_pseudo_bytes()) */
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
int i;
if (-1 != RAND_pseudo_bytes((unsigned char *)&i, sizeof(i))) return i;
@ -193,7 +196,7 @@ int li_rand_pseudo_bytes (void)
int li_rand_bytes (unsigned char *buf, int num)
{
#ifdef USE_OPENSSL
#ifdef USE_OPENSSL_CRYPTO
int rc = RAND_bytes(buf, num);
if (-1 != rc) {
return rc;
@ -213,7 +216,7 @@ int li_rand_bytes (unsigned char *buf, int num)
void li_rand_cleanup (void)
{
#ifdef USE_OPENSSL
#ifdef USE_OPENSSL_CRYPTO
RAND_cleanup();
#endif
safe_memclear(xsubi, sizeof(xsubi));

Loading…
Cancel
Save