Commit Graph

23 Commits

Author SHA1 Message Date
Glenn Strauss b17c37c5e5 [mod_openssl] boringssl compat 2021-10-03 11:01:40 -04:00
Glenn Strauss 624d66b625 [core] add wolfssl-specific include
x-ref:
  https://github.com/lighttpd/lighttpd1.4/pull/107
2021-09-08 15:06:06 -04:00
Glenn Strauss 1cd73b08a6 [core] move backtrace and assert macros to ck.[ch] 2021-08-27 02:16:53 -04:00
Glenn Strauss db4af125c0 [core] add iovec wrappers to sys-crypto-md.h 2021-08-27 02:16:53 -04:00
Glenn Strauss 073f57e51a [core] avoid multiple definition of SHA512_CTX
avoid multiple definition of SHA512_CTX when using Nettle
2021-01-16 20:11:12 -05:00
Glenn Strauss fdf45433c8 [core] check ifdef WOLFSSL_SHA512 for SHA512 avail 2021-01-16 15:51:49 -05:00
Glenn Strauss 083b3fb992 [core] SHA512_Init, SHA512_Update, SHA512_Final 2020-12-06 19:59:24 -05:00
Glenn Strauss 5ec13918d3 [core] define SHA*_DIGEST_LENGTH macros if missing 2020-11-10 07:44:53 -05:00
Glenn Strauss bcac9b5785 [core] set NSS_VER_INCLUDE after crypto lib select 2020-10-29 16:49:35 -04:00
Glenn Strauss 8187e98897 [multiple] include wolfssl/options.h after select
include wolfssl/options.h crypto lib config
after selecting crypto lib to use

wolfSSL does not prefix its defines with a wolfSSL-specific namespace
(so we would like to avoid unnecessarily polluting preproc namespace)

This commit further isolates wolfSSL after split from mod_openssl.
Cleans up some preprocessor logic that was put in place when using
the wolfSSL compatibility layer for openssl, before creating a
dedicated mod_wolfssl.
2020-10-29 16:42:55 -04:00
Glenn Strauss 6fb63fa8d6 [multiple] include mbedtls/config.h after select
include mbedtls/config.h crypto lib config
after selecting crypto lib to use
2020-10-29 16:41:27 -04:00
Glenn Strauss 033209393e [multiple] test for nss includes
some distro packages deploy NSS includes under nss/, others nss3/
(and similar for nspr/ vs nspr4/)
2020-10-22 00:48:40 -04:00
Glenn Strauss 23fdff645a [core] init NSS lib for basic crypto algorithms
basic algorithms fail if NSS library has not been init'd (WTH)

lighttpd defers initialization of rand and crypto until first use
to attempt to avoid long, blocking init at startup while waiting
for sufficient system entropy to become available
2020-10-21 18:18:40 -04:00
Glenn Strauss 2209c0cf6e [core] use inline funcs in sys-crypto-md.h
use inline funcs in sys-crypto-md.h for consistency
and to avoid compiler warnings when result is ignored
2020-10-21 00:57:24 -04:00
Glenn Strauss a46f519eb2 [multiple] use NSS crypto if no other crypto avail
use NSS crypto if no other crypto avail, but NSS crypto is available

"NSS crypto support" is not included in tests/LightyTest.pm:has_crypto()
due to NSS libraries (freebl3) lacking public export for HMAC funcs
2020-10-19 21:40:14 -04:00
Glenn Strauss cf8cefceb6 [core] sys-crypto-md.h consistent interfaces
return values for sys-crypto-md.h interfaces

While some library implementations do not fail and have no return value,
others might fail on memory allocation or on failure to communicate with
an external or dedicated engine or device, e.g. which might store a
private key.

future: lighttpd callers of sys-crypto-md.h do not currently expect
        or check for errors from these digest functions, but should
        consider doing so.
2020-10-19 21:40:14 -04:00
Glenn Strauss 7553ef7f44 [multiple] openssl 3.0.0 digest interface migrate
provide implementations for conventional digest interfaces
but use the newer openssl digest interfaces under the hood

<rant>
It is baffling that the openssl library -- with *thousands* of public
interfaces -- does not provide these, and suggests that openssl
developers do not frequently write apps which utilize these interfaces.
</rant>
2020-10-19 21:40:14 -04:00
Glenn Strauss e1bcdb5e9f [multiple] ignore openssl 3.0.0 deprecation warns
quiet openssl 3.0.0 deprecation warnings for
low-level digest algorithm interfaces

future: migrate to openssl interfaces:
  EVP_DigestInit_ex(3), EVP_DigestUpdate(3), and EVP_DigestFinal_ex(3)

x-ref:
  https://github.com/openssl/openssl/pull/10791
  https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit_ex.html
  https://wiki.openssl.org/index.php/EVP_Message_Digests
2020-10-19 21:40:14 -04:00
Glenn Strauss c3a85c9bf5 [mod_wolfssl] standalone module
standalone module forked from mod_openssl
2020-10-11 12:19:26 -04:00
Glenn Strauss 6c8160e5a4 [core] rename md5.[ch] to algo_md5.[ch] 2020-10-11 12:19:26 -04:00
Glenn Strauss dba4a328c2 [core] Nettle assert()s if buffer len > digest sz 2020-07-13 17:39:30 -04:00
Glenn Strauss 98a224a4a2 [mod_openssl] prefer some WolfSSL native APIs
Prefer some WolfSSL native APIs when building with WolfSSL.

However, some functionality in WolfSSL is available only through the
WolfSSL compatibility layer for OpenSSL, so the effort to create a
native mod_wolfssl halted here.
2020-07-08 22:51:32 -04:00
Glenn Strauss 1fc8a3e1f2 [core] sys-crypto-md.h w/ inline message digest fn
sys-crypto-md.h w/ inline message digest functions; shared code
2020-07-08 22:51:31 -04:00