[TLS] mark code that uses -lcrypto but not -lssl
mark code that uses openssl -lcrypto with USE_OPENSSL_CRYPTO to note that it does not depend on openssl -lssl (USE_OPENSSL)
This commit is contained in:
parent
b0d63e31e8
commit
a801ef55a0
|
|
@ -28,7 +28,13 @@ documentation and/or software.
|
|||
|
||||
#include "md5.h"
|
||||
|
||||
#ifndef USE_OPENSSL
|
||||
#if 0 /* Note: not defined here or in lighttpd local "md5.h" */
|
||||
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
|
||||
#define USE_OPENSSL_CRYPTO
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef USE_OPENSSL_CRYPTO
|
||||
#include <string.h>
|
||||
|
||||
/* Constants for MD5Transform routine.
|
||||
|
|
|
|||
|
|
@ -14,9 +14,11 @@
|
|||
# define HAVE_CRYPT
|
||||
#endif
|
||||
|
||||
#include "base.h"
|
||||
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
|
||||
#define USE_OPENSSL_CRYPTO
|
||||
#endif
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
#include "base64.h"
|
||||
#include <openssl/md4.h>
|
||||
#include <openssl/sha.h>
|
||||
|
|
@ -26,6 +28,7 @@
|
|||
/*(htpasswd)*/
|
||||
|
||||
|
||||
#include "base.h"
|
||||
#include "plugin.h"
|
||||
#include "http_auth.h"
|
||||
#include "log.h"
|
||||
|
|
@ -594,7 +597,7 @@ static void apr_md5_encode(const char *pw, const char *salt, char *result, size_
|
|||
apr_cpystrn(result, passwd, nbytes - 1);
|
||||
}
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
static void apr_sha_encode(const char *pw, char *result, size_t nbytes) {
|
||||
unsigned char digest[20];
|
||||
size_t base64_written;
|
||||
|
|
@ -629,7 +632,7 @@ static handler_t mod_authn_file_htpasswd_basic(server *srv, connection *con, voi
|
|||
apr_md5_encode(pw, password->ptr, sample, sizeof(sample));
|
||||
rc = strcmp(sample, password->ptr);
|
||||
}
|
||||
#ifdef USE_OPENSSL
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
else if (0 == strncmp(password->ptr, "{SHA}", 5)) {
|
||||
apr_sha_encode(pw, sample, sizeof(sample));
|
||||
rc = strcmp(sample, password->ptr);
|
||||
|
|
@ -647,7 +650,7 @@ static handler_t mod_authn_file_htpasswd_basic(server *srv, connection *con, voi
|
|||
crypt_tmp_data.initialized = 0;
|
||||
#endif
|
||||
#endif
|
||||
#ifdef USE_OPENSSL /* (for MD4_*() (e.g. MD4_Update())) */
|
||||
#ifdef USE_OPENSSL_CRYPTO /* (for MD4_*() (e.g. MD4_Update())) */
|
||||
if (0 == memcmp(password->ptr, CONST_STR_LEN("$1+ntlm$"))) {
|
||||
/* CRYPT-MD5-NTLM algorithm
|
||||
* This algorithm allows for the construction of (slight more)
|
||||
|
|
|
|||
|
|
@ -11,7 +11,11 @@
|
|||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(USE_OPENSSL)
|
||||
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
|
||||
#define USE_OPENSSL_CRYPTO
|
||||
#endif
|
||||
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/hmac.h>
|
||||
#endif
|
||||
|
|
@ -181,7 +185,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
|
|||
return (32 == maclen) && const_time_memeq(mac, hexmd5, 32);
|
||||
}
|
||||
case SECDL_HMAC_SHA1:
|
||||
#if defined(USE_OPENSSL)
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
{
|
||||
unsigned char digest[20];
|
||||
char base64_digest[27];
|
||||
|
|
@ -203,7 +207,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
|
|||
#endif
|
||||
break;
|
||||
case SECDL_HMAC_SHA256:
|
||||
#if defined(USE_OPENSSL)
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
{
|
||||
unsigned char digest[32];
|
||||
char base64_digest[43];
|
||||
|
|
@ -318,7 +322,7 @@ SETDEFAULTS_FUNC(mod_secdownload_set_defaults) {
|
|||
algorithm);
|
||||
buffer_free(algorithm);
|
||||
return HANDLER_ERROR;
|
||||
#if !defined(USE_OPENSSL)
|
||||
#ifndef USE_OPENSSL_CRYPTO
|
||||
case SECDL_HMAC_SHA1:
|
||||
case SECDL_HMAC_SHA256:
|
||||
log_error_write(srv, __FILE__, __LINE__, "sb",
|
||||
|
|
|
|||
13
src/rand.c
13
src/rand.c
|
|
@ -15,7 +15,10 @@
|
|||
#include <time.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#ifdef USE_OPENSSL
|
||||
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
|
||||
#define USE_OPENSSL_CRYPTO
|
||||
#endif
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
#include <openssl/rand.h>
|
||||
#endif
|
||||
#ifdef HAVE_LINUX_RANDOM_H
|
||||
|
|
@ -154,7 +157,7 @@ static void li_rand_init (void)
|
|||
#ifdef HAVE_SRANDOM
|
||||
srandom(u); /*(initialize just in case random() used elsewhere)*/
|
||||
#endif
|
||||
#ifdef USE_OPENSSL
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
RAND_poll();
|
||||
RAND_seed(xsubi, (int)sizeof(xsubi));
|
||||
#endif
|
||||
|
|
@ -169,7 +172,7 @@ int li_rand_pseudo_bytes (void)
|
|||
{
|
||||
/* randomness *is not* cryptographically strong */
|
||||
/* (attempt to use better mechanisms to replace the more portable rand()) */
|
||||
#ifdef USE_OPENSSL /* (RAND_pseudo_bytes() is deprecated in openssl 1.1.0) */
|
||||
#ifdef USE_OPENSSL_CRYPTO /* (openssl 1.1.0 deprecates RAND_pseudo_bytes()) */
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
int i;
|
||||
if (-1 != RAND_pseudo_bytes((unsigned char *)&i, sizeof(i))) return i;
|
||||
|
|
@ -193,7 +196,7 @@ int li_rand_pseudo_bytes (void)
|
|||
|
||||
int li_rand_bytes (unsigned char *buf, int num)
|
||||
{
|
||||
#ifdef USE_OPENSSL
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
int rc = RAND_bytes(buf, num);
|
||||
if (-1 != rc) {
|
||||
return rc;
|
||||
|
|
@ -213,7 +216,7 @@ int li_rand_bytes (unsigned char *buf, int num)
|
|||
|
||||
void li_rand_cleanup (void)
|
||||
{
|
||||
#ifdef USE_OPENSSL
|
||||
#ifdef USE_OPENSSL_CRYPTO
|
||||
RAND_cleanup();
|
||||
#endif
|
||||
safe_memclear(xsubi, sizeof(xsubi));
|
||||
|
|
|
|||
Loading…
Reference in New Issue