[mod_wolfssl] standalone module

standalone module forked from mod_openssl
1 year ago · c3a85c9bf5
10 changed files with 3552 additions and 820 deletions
--- a/configure.ac
+++ b/configure.ac
@ -640,6 +640,7 @@ AC_ARG_WITH([openssl],
  [WITH_OPENSSL=no]
 )
 AC_MSG_RESULT([$WITH_OPENSSL])
+AM_CONDITIONAL([BUILD_WITH_OPENSSL], test ! "$WITH_OPENSSL" = no)

 if test "$WITH_OPENSSL" != no; then
  if test "$WITH_OPENSSL" != yes; then
@ -690,13 +691,15 @@ if test "$WITH_OPENSSL" != no; then
    [AC_MSG_ERROR([openssl crypto library not found. install it or build without --with-openssl])]
  )
  AC_CHECK_LIB([ssl], [SSL_new],
-    [SSL_LIB="-lssl -lcrypto"],
+    [OPENSSL_LIBS="${openssl_append_LDFLAGS} -lssl -lcrypto"],
    [AC_MSG_ERROR([openssl ssl library not found. install it or build without --with-openssl])],
    [ -lcrypto "$DL_LIB" ]
  )

  AC_DEFINE([HAVE_LIBSSL], [1], [Have libssl])
-  AC_SUBST([SSL_LIB])
+  OPENSSL_CFLAGS="${openssl_append_CPPFLAGS}"
+  AC_SUBST([OPENSSL_CFLAGS])
+  AC_SUBST([OPENSSL_LIBS])
  AC_SUBST([CRYPTO_LIB])
 fi

@ -711,20 +714,23 @@ AC_ARG_WITH([wolfssl],
  [WITH_WOLFSSL=no]
 )
 AC_MSG_RESULT([$WITH_WOLFSSL])
+AM_CONDITIONAL([BUILD_WITH_WOLFSSL], test ! "$WITH_WOLFSSL" = no)

 if test "$WITH_WOLFSSL" != no; then
-  if test "$WITH_WOLFSSL" = yes; then
-    WITH_WOLFSSL="/usr/local"
+  CPPFLAGS_SAVE="${CPPFLAGS}"
+  LDFLAGS_SAVE="${LDFLAGS}"
+  if test "$WITH_WOLFSSL" != yes; then
+    WOLFSSL_CFLAGS="-I$WITH_WOLFSSL/include -I$WITH_WOLFSSL/include/wolfssl"
+    WOLFSSL_LIBS="-L$WITH_WOLFSSL/lib -lwolfssl"
+    CPPFLAGS="${CPPFLAGS} $WOLFSSL_CFLAGS"
+    LDFLAGS="${LDFLAGS} $WOLFSSL_LIBS"
  fi

-  CPPFLAGS="${CPPFLAGS} -I$WITH_WOLFSSL/include -I$WITH_WOLFSSL/include/wolfssl"
-  LDFLAGS="${LDFLAGS} -L$WITH_WOLFSSL/lib"
-
  AC_CHECK_HEADERS([wolfssl/ssl.h], [], [
    AC_MSG_ERROR([wolfssl headers not found. install them or build without --with-wolfssl])
  ])
  AC_CHECK_LIB([wolfssl], [wolfSSL_Init],
-    [CRYPTO_LIB="-lwolfssl"],
+    [WOLFSSL_CRYPTO_LIB="-lwolfssl"],
    [AC_MSG_ERROR([wolfssl crypto library not found. install it or build without --with-wolfssl])]
  )
  AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
@ -733,17 +739,16 @@ if test "$WITH_WOLFSSL" != no; then
    #error HAVE_LIGHTY macro not defined
    #endif
  ]])], [], [AC_MSG_ERROR([wolfssl must be built with ./configure --enable-lighty])])
-  SSL_LIB="-lwolfssl"
-
-  AC_SUBST([SSL_LIB])
-  AC_SUBST([CRYPTO_LIB])
-fi

-AM_CONDITIONAL([BUILD_WITH_OPENSSL],
-               [test "$WITH_OPENSSL" != no || test "$WITH_WOLFSSL" != no])
-
-if test "$WITH_OPENSSL" != no && test "$WITH_WOLFSSL" != no; then
-  AC_MSG_ERROR([lighttpd should not be built with both --with-openssl and --with-wolfssl])
+  AC_SUBST([WOLFSSL_CFLAGS])
+  AC_SUBST([WOLFSSL_LIBS])
+  if test "$WITH_OPENSSL" = no; then
+    CRYPTO_LIB="$WOLFSSL_CRYPTO_LIB"
+    AC_SUBST([CRYPTO_LIB])
+  else
+    CPPFLAGS="${CPPFLAGS_SAVE}"
+    LDFLAGS="${LDFLAGS_SAVE}"
+  fi
 fi

 dnl Check for mbedTLS
@ -773,7 +778,7 @@ if test "x$use_mbedtls" = "xyes"; then
  AC_CHECK_LIB(mbedcrypto,mbedtls_base64_encode,
    [AC_CHECK_LIB(mbedx509, mbedtls_x509_get_name,
      [AC_CHECK_LIB(mbedtls, mbedtls_cipher_info_from_type,
-        [MTLS_LIB="-lmbedtls -lmbedx509 -lmbedcrypto"
+        [MTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"
         CRYPTO_LIB="-lmbedcrypto"
         AC_DEFINE(HAVE_LIBMBEDTLS, [1], [Have libmbedtls library])
         AC_DEFINE(HAVE_LIBMBEDX509, [1], [Have libmbedx509 library])
@ -782,7 +787,7 @@ if test "x$use_mbedtls" = "xyes"; then
      ],[],[-lmbedcrypto "$DL_LIB"])
    ],[],[])
  LIBS="$OLDLIBS"
-  AC_SUBST(MTLS_LIB)
+  AC_SUBST(MTLS_LIBS)
  AC_SUBST(CRYPTO_LIB)
 fi

@ -1706,7 +1711,7 @@ lighty_track_feature "pam" "mod_authn_pam" \
  'test "$WITH_PAM" != no'

 lighty_track_feature "network-openssl" "mod_openssl" \
-  'test "$WITH_OPENSSL" != no || test "$WITH_WOLFSSL" != no'
+  'test "$WITH_OPENSSL" != no'

 lighty_track_feature "network-mbedtls" "mod_mbedtls" \
  'test "$WITH_MBEDTLS" != no'
@ -1717,6 +1722,9 @@ lighty_track_feature "network-gnutls" "mod_gnutls" \
 lighty_track_feature "network-nss" "mod_nss" \
  'test "$WITH_NSS" != no'

+lighty_track_feature "network-wolfssl" "mod_wolfssl" \
+  'test "$WITH_WOLFSSL" != no'
+
 lighty_track_feature "auth-crypt" "" \
  'test "$found_crypt" != no'

--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -313,6 +313,7 @@ if(WITH_OPENSSL)
 		if(HAVE_LIBCRYPTO)
 			set(CRYPTO_LIBRARY crypto)
 			check_library_exists(ssl SSL_new "" HAVE_LIBSSL)
+			set(HAVE_OPENSSL 1)
 		endif()
 	endif()
 else()
@ -362,6 +363,7 @@ if(WITH_WOLFSSL)
 		if(HAVE_LIBCRYPTO)
 			set(CRYPTO_LIBRARY ${WOLFSSL_LIBRARY})
 			add_definitions(-DHAVE_WOLFSSL_SSL_H)
+			set(HAVE_WOLFSSL 1)
 		endif()
 		set(CMAKE_REQUIRED_INCLUDES)
 		set(CMAKE_REQUIRED_LIBRARIES)
@ -1115,16 +1117,7 @@ if(NOT BUILD_STATIC)
 endif()

 if(NOT ${CRYPTO_LIBRARY} EQUAL "")
-	if(NOT WITH_WOLFSSL)
-		target_link_libraries(lighttpd ssl)
-	endif()
 	target_link_libraries(lighttpd ${CRYPTO_LIBRARY})
-	add_and_install_library(mod_openssl "mod_openssl.c")
-	if(NOT WITH_WOLFSSL)
-		set(L_MOD_OPENSSL ${L_MOD_OPENSSL} ssl)
-	endif()
-	set(L_MOD_OPENSSL ${L_MOD_OPENSSL} ${CRYPTO_LIBRARY})
-	target_link_libraries(mod_openssl ${L_MOD_OPENSSL})
 	target_link_libraries(mod_auth ${CRYPTO_LIBRARY})
 	set(L_MOD_AUTHN_FILE ${L_MOD_AUTHN_FILE} ${CRYPTO_LIBRARY})
 	target_link_libraries(mod_authn_file ${L_MOD_AUTHN_FILE})
@ -1132,15 +1125,23 @@ if(NOT ${CRYPTO_LIBRARY} EQUAL "")
 	target_link_libraries(mod_wstunnel ${CRYPTO_LIBRARY})
 endif()

+if(HAVE_OPENSSL)
+	add_and_install_library(mod_openssl "mod_openssl.c")
+	set(L_MOD_OPENSSL ${L_MOD_OPENSSL} ssl crypto)
+	target_link_libraries(mod_openssl ${L_MOD_OPENSSL})
+endif()
+
+if(HAVE_WOLFSSL)
+	add_and_install_library(mod_wolfssl "mod_wolfssl.c")
+	target_link_libraries(mod_wolfssl wolfssl)
+endif()
+
 if(HAVE_LIBGNUTLS)
 	add_and_install_library(mod_gnutls "mod_gnutls.c")
 	target_link_libraries(mod_gnutls gnutls)
 endif()

 if(HAVE_LIBMBEDTLS AND HAVE_LIBMEDCRYPTO AND HAVE_LIBMEDX509)
-	target_link_libraries(lighttpd mbedtls)
-	target_link_libraries(lighttpd mbedcrypto)
-	target_link_libraries(lighttpd mbedx509)
 	add_and_install_library(mod_mbedtls "mod_mbedtls.c")
 	set(L_MOD_MBEDTLS ${L_MOD_MBEDTLS} mbedtls mbedcrypto mbedx509)
 	target_link_libraries(mod_mbedtls ${L_MOD_MBEDTLS})
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -392,14 +392,15 @@ if BUILD_WITH_OPENSSL
 lib_LTLIBRARIES += mod_openssl.la
 mod_openssl_la_SOURCES = mod_openssl.c
 mod_openssl_la_LDFLAGS = $(common_module_ldflags)
-mod_openssl_la_LIBADD = $(SSL_LIB) $(common_libadd)
+mod_openssl_la_LIBADD = $(OPENSSL_LIBS) $(common_libadd)
+mod_openssl_la_CPPFLAGS = $(OPENSSL_CFLAGS)
 endif

 if BUILD_WITH_MBEDTLS
 lib_LTLIBRARIES += mod_mbedtls.la
 mod_mbedtls_la_SOURCES = mod_mbedtls.c
 mod_mbedtls_la_LDFLAGS = $(common_module_ldflags)
-mod_mbedtls_la_LIBADD = $(MTLS_LIB) $(common_libadd)
+mod_mbedtls_la_LIBADD = $(MTLS_LIBS) $(common_libadd)
 endif

 if BUILD_WITH_GNUTLS
@ -418,6 +419,14 @@ mod_nss_la_LIBADD = $(NSS_LIBS) $(common_libadd)
 mod_nss_la_CPPFLAGS = $(NSS_CFLAGS)
 endif

+if BUILD_WITH_WOLFSSL
+lib_LTLIBRARIES += mod_wolfssl.la
+mod_wolfssl_la_SOURCES = mod_wolfssl.c
+mod_wolfssl_la_LDFLAGS = $(common_module_ldflags)
+mod_wolfssl_la_LIBADD = $(WOLFSSL_LIBS) $(common_libadd)
+mod_wolfssl_la_CPPFLAGS = $(WOLFSSL_CFLAGS)
+endif
+

 lib_LTLIBRARIES += mod_rewrite.la
 mod_rewrite_la_SOURCES = mod_rewrite.c
@ -567,7 +576,27 @@ lighttpd_LDADD += $(DBI_LIBS)
 endif
 if BUILD_WITH_OPENSSL
 lighttpd_SOURCES += mod_openssl.c
-lighttpd_LDADD += $(SSL_LIB)
+lighttpd_CPPFLAGS += $(OPENSSL_CFLAGS)
+lighttpd_LDADD += $(OPENSSL_LIBS)
+endif
+if BUILD_WITH_MBEDTLS
+lighttpd_SOURCES += mod_mbedtls.c
+lighttpd_LDADD += $(MTLS_LIBS)
+endif
+if BUILD_WITH_GNUTLS
+lighttpd_SOURCES += mod_gnutls.c
+lighttpd_CPPFLAGS += $(GNUTLS_CFLAGS)
+lighttpd_LDADD += $(GNUTLS_LIBS)
+endif
+if BUILD_WITH_NSS
+lighttpd_SOURCES += mod_nss.c
+lighttpd_CPPFLAGS += $(NSS_CFLAGS)
+lighttpd_LDADD += $(NSS_LIBS)
+endif
+if BUILD_WITH_WOLFSSL
+lighttpd_SOURCES += mod_wolfssl.c
+lighttpd_CPPFLAGS += $(WOLFSSL_CFLAGS)
+lighttpd_LDADD += $(WOLFSSL_LIBS)
 endif
 if BUILD_WITH_MEMCACHED
 lighttpd_CPPFLAGS += $(MEMCACHED_CFLAGS)
--- a/src/SConscript
+++ b/src/SConscript
@ -178,7 +178,7 @@ if env['with_openssl']:
 	modules['mod_openssl'] = { 'src' : [ 'mod_openssl.c' ], 'lib' : [ env['LIBSSL'], env['LIBCRYPTO'] ] }

 if env['with_wolfssl']:
-	modules['mod_openssl'] = { 'src' : [ 'mod_openssl.c' ], 'lib' : [ env['LIBCRYPTO'], 'm' ] }
+	modules['mod_wolfssl'] = { 'src' : [ 'mod_wolfssl.c' ], 'lib' : [ env['LIBCRYPTO'], 'm' ] }

 if env['with_mbedtls']:
 	modules['mod_mbedtls'] = { 'src' : [ 'mod_mbedtls.c' ], 'lib' : [ env['LIBSSL'], env['LIBX509'], env['LIBCRYPTO'] ] }
--- a/src/meson.build
+++ b/src/meson.build
@ -1026,7 +1026,7 @@ endif

 if get_option('with_wolfssl') != 'false'
 	modules += [
-		[ 'mod_openssl', [ 'mod_openssl.c' ], libcrypto ],
+		[ 'mod_wolfssl', [ 'mod_wolfssl.c' ], libcrypto ],
 	]
 endif

--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
--- a/src/mod_wolfssl.c
+++ b/src/mod_wolfssl.c
--- a/src/rand.c
+++ b/src/rand.c
@ -37,16 +37,16 @@
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #endif
-#ifdef USE_WOLFSSL_CRYPTO
-#undef USE_OPENSSL_CRYPTO
-#undef USE_GNUTLS_CRYPTO
-#include <wolfssl/wolfcrypt/random.h>
-#endif
 #ifdef USE_OPENSSL_CRYPTO
+#undef USE_WOLFSSL_CRYPTO
 #undef USE_GNUTLS_CRYPTO
 #include <openssl/opensslv.h> /* OPENSSL_VERSION_NUMBER */
 #include <openssl/rand.h>
 #endif
+#ifdef USE_WOLFSSL_CRYPTO
+#undef USE_GNUTLS_CRYPTO
+#include <wolfssl/wolfcrypt/random.h>
+#endif
 #ifdef USE_GNUTLS_CRYPTO
 #include <gnutls/crypto.h>
 #endif
--- a/src/sys-crypto-md.h
+++ b/src/sys-crypto-md.h
@ -144,7 +144,7 @@ SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
 }
 #endif

-#elif defined(USE_WOLFSSL_CRYPTO)
+#elif defined(USE_WOLFSSL_CRYPTO) && !defined(USE_OPENSSL_CRYPTO)

 /* WolfSSL compatibility API for OpenSSL unnecessarily bounces through an extra
 * layer of indirection.  However, to avoid conflicting typedefs when includers
@ -164,12 +164,14 @@ SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
 static inline int
 MD4_Init(MD4_CTX *ctx)
 {
-    return (0 == wc_InitMd4((Md4 *)ctx));
+    wc_InitMd4((Md4 *)ctx);
+    return 1;
 }
 static inline int
 MD4_Final(unsigned char *digest, MD4_CTX *ctx)
 {
-    return (0 == wc_Md4Final((Md4 *)ctx, digest));
+    wc_Md4Final((Md4 *)ctx, digest);
+    return 1;
 }
 static inline void
 MD4_Update(MD4_CTX *ctx, const void *data, size_t length)
--- a/src/sys-crypto.h
+++ b/src/sys-crypto.h
@ -7,6 +7,7 @@
 #define USE_OPENSSL_CRYPTO
 #endif

+#ifndef USE_OPENSSL_CRYPTO
 #ifdef HAVE_WOLFSSL_SSL_H
 #define USE_LIB_CRYPTO
 #define USE_WOLFSSL_CRYPTO
@ -17,6 +18,7 @@
 * for use by lighttpd */
 #include <wolfssl/options.h>
 #endif
+#endif

 #ifdef HAVE_LIBMBEDCRYPTO
 #define USE_LIB_CRYPTO