Browse Source

[mod_wolfssl] standalone module

standalone module forked from mod_openssl
master
Glenn Strauss 1 year ago
parent
commit
c3a85c9bf5
  1. 50
      configure.ac
  2. 25
      src/CMakeLists.txt
  3. 35
      src/Makefile.am
  4. 2
      src/SConscript
  5. 2
      src/meson.build
  6. 791
      src/mod_openssl.c
  7. 3447
      src/mod_wolfssl.c
  8. 10
      src/rand.c
  9. 8
      src/sys-crypto-md.h
  10. 2
      src/sys-crypto.h

50
configure.ac

@ -640,6 +640,7 @@ AC_ARG_WITH([openssl],
[WITH_OPENSSL=no]
)
AC_MSG_RESULT([$WITH_OPENSSL])
AM_CONDITIONAL([BUILD_WITH_OPENSSL], test ! "$WITH_OPENSSL" = no)
if test "$WITH_OPENSSL" != no; then
if test "$WITH_OPENSSL" != yes; then
@ -690,13 +691,15 @@ if test "$WITH_OPENSSL" != no; then
[AC_MSG_ERROR([openssl crypto library not found. install it or build without --with-openssl])]
)
AC_CHECK_LIB([ssl], [SSL_new],
[SSL_LIB="-lssl -lcrypto"],
[OPENSSL_LIBS="${openssl_append_LDFLAGS} -lssl -lcrypto"],
[AC_MSG_ERROR([openssl ssl library not found. install it or build without --with-openssl])],
[ -lcrypto "$DL_LIB" ]
)
AC_DEFINE([HAVE_LIBSSL], [1], [Have libssl])
AC_SUBST([SSL_LIB])
OPENSSL_CFLAGS="${openssl_append_CPPFLAGS}"
AC_SUBST([OPENSSL_CFLAGS])
AC_SUBST([OPENSSL_LIBS])
AC_SUBST([CRYPTO_LIB])
fi
@ -711,20 +714,23 @@ AC_ARG_WITH([wolfssl],
[WITH_WOLFSSL=no]
)
AC_MSG_RESULT([$WITH_WOLFSSL])
AM_CONDITIONAL([BUILD_WITH_WOLFSSL], test ! "$WITH_WOLFSSL" = no)
if test "$WITH_WOLFSSL" != no; then
if test "$WITH_WOLFSSL" = yes; then
WITH_WOLFSSL="/usr/local"
CPPFLAGS_SAVE="${CPPFLAGS}"
LDFLAGS_SAVE="${LDFLAGS}"
if test "$WITH_WOLFSSL" != yes; then
WOLFSSL_CFLAGS="-I$WITH_WOLFSSL/include -I$WITH_WOLFSSL/include/wolfssl"
WOLFSSL_LIBS="-L$WITH_WOLFSSL/lib -lwolfssl"
CPPFLAGS="${CPPFLAGS} $WOLFSSL_CFLAGS"
LDFLAGS="${LDFLAGS} $WOLFSSL_LIBS"
fi
CPPFLAGS="${CPPFLAGS} -I$WITH_WOLFSSL/include -I$WITH_WOLFSSL/include/wolfssl"
LDFLAGS="${LDFLAGS} -L$WITH_WOLFSSL/lib"
AC_CHECK_HEADERS([wolfssl/ssl.h], [], [
AC_MSG_ERROR([wolfssl headers not found. install them or build without --with-wolfssl])
])
AC_CHECK_LIB([wolfssl], [wolfSSL_Init],
[CRYPTO_LIB="-lwolfssl"],
[WOLFSSL_CRYPTO_LIB="-lwolfssl"],
[AC_MSG_ERROR([wolfssl crypto library not found. install it or build without --with-wolfssl])]
)
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
@ -733,17 +739,16 @@ if test "$WITH_WOLFSSL" != no; then
#error HAVE_LIGHTY macro not defined
#endif
]])], [], [AC_MSG_ERROR([wolfssl must be built with ./configure --enable-lighty])])
SSL_LIB="-lwolfssl"
AC_SUBST([SSL_LIB])
AC_SUBST([CRYPTO_LIB])
fi
AM_CONDITIONAL([BUILD_WITH_OPENSSL],
[test "$WITH_OPENSSL" != no || test "$WITH_WOLFSSL" != no])
if test "$WITH_OPENSSL" != no && test "$WITH_WOLFSSL" != no; then
AC_MSG_ERROR([lighttpd should not be built with both --with-openssl and --with-wolfssl])
AC_SUBST([WOLFSSL_CFLAGS])
AC_SUBST([WOLFSSL_LIBS])
if test "$WITH_OPENSSL" = no; then
CRYPTO_LIB="$WOLFSSL_CRYPTO_LIB"
AC_SUBST([CRYPTO_LIB])
else
CPPFLAGS="${CPPFLAGS_SAVE}"
LDFLAGS="${LDFLAGS_SAVE}"
fi
fi
dnl Check for mbedTLS
@ -773,7 +778,7 @@ if test "x$use_mbedtls" = "xyes"; then
AC_CHECK_LIB(mbedcrypto,mbedtls_base64_encode,
[AC_CHECK_LIB(mbedx509, mbedtls_x509_get_name,
[AC_CHECK_LIB(mbedtls, mbedtls_cipher_info_from_type,
[MTLS_LIB="-lmbedtls -lmbedx509 -lmbedcrypto"
[MTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"
CRYPTO_LIB="-lmbedcrypto"
AC_DEFINE(HAVE_LIBMBEDTLS, [1], [Have libmbedtls library])
AC_DEFINE(HAVE_LIBMBEDX509, [1], [Have libmbedx509 library])
@ -782,7 +787,7 @@ if test "x$use_mbedtls" = "xyes"; then
],[],[-lmbedcrypto "$DL_LIB"])
],[],[])
LIBS="$OLDLIBS"
AC_SUBST(MTLS_LIB)
AC_SUBST(MTLS_LIBS)
AC_SUBST(CRYPTO_LIB)
fi
@ -1706,7 +1711,7 @@ lighty_track_feature "pam" "mod_authn_pam" \
'test "$WITH_PAM" != no'
lighty_track_feature "network-openssl" "mod_openssl" \
'test "$WITH_OPENSSL" != no || test "$WITH_WOLFSSL" != no'
'test "$WITH_OPENSSL" != no'
lighty_track_feature "network-mbedtls" "mod_mbedtls" \
'test "$WITH_MBEDTLS" != no'
@ -1717,6 +1722,9 @@ lighty_track_feature "network-gnutls" "mod_gnutls" \
lighty_track_feature "network-nss" "mod_nss" \
'test "$WITH_NSS" != no'
lighty_track_feature "network-wolfssl" "mod_wolfssl" \
'test "$WITH_WOLFSSL" != no'
lighty_track_feature "auth-crypt" "" \
'test "$found_crypt" != no'

25
src/CMakeLists.txt

@ -313,6 +313,7 @@ if(WITH_OPENSSL)
if(HAVE_LIBCRYPTO)
set(CRYPTO_LIBRARY crypto)
check_library_exists(ssl SSL_new "" HAVE_LIBSSL)
set(HAVE_OPENSSL 1)
endif()
endif()
else()
@ -362,6 +363,7 @@ if(WITH_WOLFSSL)
if(HAVE_LIBCRYPTO)
set(CRYPTO_LIBRARY ${WOLFSSL_LIBRARY})
add_definitions(-DHAVE_WOLFSSL_SSL_H)
set(HAVE_WOLFSSL 1)
endif()
set(CMAKE_REQUIRED_INCLUDES)
set(CMAKE_REQUIRED_LIBRARIES)
@ -1115,16 +1117,7 @@ if(NOT BUILD_STATIC)
endif()
if(NOT ${CRYPTO_LIBRARY} EQUAL "")
if(NOT WITH_WOLFSSL)
target_link_libraries(lighttpd ssl)
endif()
target_link_libraries(lighttpd ${CRYPTO_LIBRARY})
add_and_install_library(mod_openssl "mod_openssl.c")
if(NOT WITH_WOLFSSL)
set(L_MOD_OPENSSL ${L_MOD_OPENSSL} ssl)
endif()
set(L_MOD_OPENSSL ${L_MOD_OPENSSL} ${CRYPTO_LIBRARY})
target_link_libraries(mod_openssl ${L_MOD_OPENSSL})
target_link_libraries(mod_auth ${CRYPTO_LIBRARY})
set(L_MOD_AUTHN_FILE ${L_MOD_AUTHN_FILE} ${CRYPTO_LIBRARY})
target_link_libraries(mod_authn_file ${L_MOD_AUTHN_FILE})
@ -1132,15 +1125,23 @@ if(NOT ${CRYPTO_LIBRARY} EQUAL "")
target_link_libraries(mod_wstunnel ${CRYPTO_LIBRARY})
endif()
if(HAVE_OPENSSL)
add_and_install_library(mod_openssl "mod_openssl.c")
set(L_MOD_OPENSSL ${L_MOD_OPENSSL} ssl crypto)
target_link_libraries(mod_openssl ${L_MOD_OPENSSL})
endif()
if(HAVE_WOLFSSL)
add_and_install_library(mod_wolfssl "mod_wolfssl.c")
target_link_libraries(mod_wolfssl wolfssl)
endif()
if(HAVE_LIBGNUTLS)
add_and_install_library(mod_gnutls "mod_gnutls.c")
target_link_libraries(mod_gnutls gnutls)
endif()
if(HAVE_LIBMBEDTLS AND HAVE_LIBMEDCRYPTO AND HAVE_LIBMEDX509)
target_link_libraries(lighttpd mbedtls)
target_link_libraries(lighttpd mbedcrypto)
target_link_libraries(lighttpd mbedx509)
add_and_install_library(mod_mbedtls "mod_mbedtls.c")
set(L_MOD_MBEDTLS ${L_MOD_MBEDTLS} mbedtls mbedcrypto mbedx509)
target_link_libraries(mod_mbedtls ${L_MOD_MBEDTLS})

35
src/Makefile.am

@ -392,14 +392,15 @@ if BUILD_WITH_OPENSSL
lib_LTLIBRARIES += mod_openssl.la
mod_openssl_la_SOURCES = mod_openssl.c
mod_openssl_la_LDFLAGS = $(common_module_ldflags)
mod_openssl_la_LIBADD = $(SSL_LIB) $(common_libadd)
mod_openssl_la_LIBADD = $(OPENSSL_LIBS) $(common_libadd)
mod_openssl_la_CPPFLAGS = $(OPENSSL_CFLAGS)
endif
if BUILD_WITH_MBEDTLS
lib_LTLIBRARIES += mod_mbedtls.la
mod_mbedtls_la_SOURCES = mod_mbedtls.c
mod_mbedtls_la_LDFLAGS = $(common_module_ldflags)
mod_mbedtls_la_LIBADD = $(MTLS_LIB) $(common_libadd)
mod_mbedtls_la_LIBADD = $(MTLS_LIBS) $(common_libadd)
endif
if BUILD_WITH_GNUTLS
@ -418,6 +419,14 @@ mod_nss_la_LIBADD = $(NSS_LIBS) $(common_libadd)
mod_nss_la_CPPFLAGS = $(NSS_CFLAGS)
endif
if BUILD_WITH_WOLFSSL
lib_LTLIBRARIES += mod_wolfssl.la
mod_wolfssl_la_SOURCES = mod_wolfssl.c
mod_wolfssl_la_LDFLAGS = $(common_module_ldflags)
mod_wolfssl_la_LIBADD = $(WOLFSSL_LIBS) $(common_libadd)
mod_wolfssl_la_CPPFLAGS = $(WOLFSSL_CFLAGS)
endif
lib_LTLIBRARIES += mod_rewrite.la
mod_rewrite_la_SOURCES = mod_rewrite.c
@ -567,7 +576,27 @@ lighttpd_LDADD += $(DBI_LIBS)
endif
if BUILD_WITH_OPENSSL
lighttpd_SOURCES += mod_openssl.c
lighttpd_LDADD += $(SSL_LIB)
lighttpd_CPPFLAGS += $(OPENSSL_CFLAGS)
lighttpd_LDADD += $(OPENSSL_LIBS)
endif
if BUILD_WITH_MBEDTLS
lighttpd_SOURCES += mod_mbedtls.c
lighttpd_LDADD += $(MTLS_LIBS)
endif
if BUILD_WITH_GNUTLS
lighttpd_SOURCES += mod_gnutls.c
lighttpd_CPPFLAGS += $(GNUTLS_CFLAGS)
lighttpd_LDADD += $(GNUTLS_LIBS)
endif
if BUILD_WITH_NSS
lighttpd_SOURCES += mod_nss.c
lighttpd_CPPFLAGS += $(NSS_CFLAGS)
lighttpd_LDADD += $(NSS_LIBS)
endif
if BUILD_WITH_WOLFSSL
lighttpd_SOURCES += mod_wolfssl.c
lighttpd_CPPFLAGS += $(WOLFSSL_CFLAGS)
lighttpd_LDADD += $(WOLFSSL_LIBS)
endif
if BUILD_WITH_MEMCACHED
lighttpd_CPPFLAGS += $(MEMCACHED_CFLAGS)

2
src/SConscript

@ -178,7 +178,7 @@ if env['with_openssl']:
modules['mod_openssl'] = { 'src' : [ 'mod_openssl.c' ], 'lib' : [ env['LIBSSL'], env['LIBCRYPTO'] ] }
if env['with_wolfssl']:
modules['mod_openssl'] = { 'src' : [ 'mod_openssl.c' ], 'lib' : [ env['LIBCRYPTO'], 'm' ] }
modules['mod_wolfssl'] = { 'src' : [ 'mod_wolfssl.c' ], 'lib' : [ env['LIBCRYPTO'], 'm' ] }
if env['with_mbedtls']:
modules['mod_mbedtls'] = { 'src' : [ 'mod_mbedtls.c' ], 'lib' : [ env['LIBSSL'], env['LIBX509'], env['LIBCRYPTO'] ] }

2
src/meson.build

@ -1026,7 +1026,7 @@ endif
if get_option('with_wolfssl') != 'false'
modules += [
[ 'mod_openssl', [ 'mod_openssl.c' ], libcrypto ],
[ 'mod_wolfssl', [ 'mod_wolfssl.c' ], libcrypto ],
]
endif

791
src/mod_openssl.c

File diff suppressed because it is too large

3447
src/mod_wolfssl.c

File diff suppressed because it is too large

10
src/rand.c

@ -37,16 +37,16 @@
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
#endif
#ifdef USE_WOLFSSL_CRYPTO
#undef USE_OPENSSL_CRYPTO
#undef USE_GNUTLS_CRYPTO
#include <wolfssl/wolfcrypt/random.h>
#endif
#ifdef USE_OPENSSL_CRYPTO
#undef USE_WOLFSSL_CRYPTO
#undef USE_GNUTLS_CRYPTO
#include <openssl/opensslv.h> /* OPENSSL_VERSION_NUMBER */
#include <openssl/rand.h>
#endif
#ifdef USE_WOLFSSL_CRYPTO
#undef USE_GNUTLS_CRYPTO
#include <wolfssl/wolfcrypt/random.h>
#endif
#ifdef USE_GNUTLS_CRYPTO
#include <gnutls/crypto.h>
#endif

8
src/sys-crypto-md.h

@ -144,7 +144,7 @@ SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
}
#endif
#elif defined(USE_WOLFSSL_CRYPTO)
#elif defined(USE_WOLFSSL_CRYPTO) && !defined(USE_OPENSSL_CRYPTO)
/* WolfSSL compatibility API for OpenSSL unnecessarily bounces through an extra
* layer of indirection. However, to avoid conflicting typedefs when includers
@ -164,12 +164,14 @@ SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
static inline int
MD4_Init(MD4_CTX *ctx)
{
return (0 == wc_InitMd4((Md4 *)ctx));
wc_InitMd4((Md4 *)ctx);
return 1;
}
static inline int
MD4_Final(unsigned char *digest, MD4_CTX *ctx)
{
return (0 == wc_Md4Final((Md4 *)ctx, digest));
wc_Md4Final((Md4 *)ctx, digest);
return 1;
}
static inline void
MD4_Update(MD4_CTX *ctx, const void *data, size_t length)

2
src/sys-crypto.h

@ -7,6 +7,7 @@
#define USE_OPENSSL_CRYPTO
#endif
#ifndef USE_OPENSSL_CRYPTO
#ifdef HAVE_WOLFSSL_SSL_H
#define USE_LIB_CRYPTO
#define USE_WOLFSSL_CRYPTO
@ -17,6 +18,7 @@
* for use by lighttpd */
#include <wolfssl/options.h>
#endif
#endif
#ifdef HAVE_LIBMBEDCRYPTO
#define USE_LIB_CRYPTO

Loading…
Cancel
Save