[TLS] mark code that uses -lcrypto but not -lssl

mark code that uses openssl -lcrypto with USE_OPENSSL_CRYPTO to note that it does not depend on openssl -lssl (USE_OPENSSL)
5 years ago · a801ef55a0
4 changed files with 31 additions and 15 deletions
--- a/src/md5.c
+++ b/src/md5.c
@ -28,7 +28,13 @@ documentation and/or software.

 #include "md5.h"

-#ifndef USE_OPENSSL
+#if 0 /* Note: not defined here or in lighttpd local "md5.h" */
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+#define USE_OPENSSL_CRYPTO
+#endif
+#endif
+
+#ifndef USE_OPENSSL_CRYPTO
 #include <string.h>

 /* Constants for MD5Transform routine.
--- a/src/mod_authn_file.c
+++ b/src/mod_authn_file.c
@ -14,9 +14,11 @@
 # define HAVE_CRYPT
 #endif

-#include "base.h"
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+#define USE_OPENSSL_CRYPTO
+#endif

-#ifdef USE_OPENSSL
+#ifdef USE_OPENSSL_CRYPTO
 #include "base64.h"
 #include <openssl/md4.h>
 #include <openssl/sha.h>
@ -26,6 +28,7 @@
 /*(htpasswd)*/


+#include "base.h"
 #include "plugin.h"
 #include "http_auth.h"
 #include "log.h"
@ -594,7 +597,7 @@ static void apr_md5_encode(const char *pw, const char *salt, char *result, size_
    apr_cpystrn(result, passwd, nbytes - 1);
 }

-#ifdef USE_OPENSSL
+#ifdef USE_OPENSSL_CRYPTO
 static void apr_sha_encode(const char *pw, char *result, size_t nbytes) {
    unsigned char digest[20];
    size_t base64_written;
@ -629,7 +632,7 @@ static handler_t mod_authn_file_htpasswd_basic(server *srv, connection *con, voi
            apr_md5_encode(pw, password->ptr, sample, sizeof(sample));
            rc = strcmp(sample, password->ptr);
        }
-      #ifdef USE_OPENSSL
+      #ifdef USE_OPENSSL_CRYPTO
        else if (0 == strncmp(password->ptr, "{SHA}", 5)) {
            apr_sha_encode(pw, sample, sizeof(sample));
            rc = strcmp(sample, password->ptr);
@ -647,7 +650,7 @@ static handler_t mod_authn_file_htpasswd_basic(server *srv, connection *con, voi
            crypt_tmp_data.initialized = 0;
            #endif
           #endif
-           #ifdef USE_OPENSSL /* (for MD4_*() (e.g. MD4_Update())) */
+           #ifdef USE_OPENSSL_CRYPTO /* (for MD4_*() (e.g. MD4_Update())) */
            if (0 == memcmp(password->ptr, CONST_STR_LEN("$1+ntlm$"))) {
                /* CRYPT-MD5-NTLM algorithm
                 * This algorithm allows for the construction of (slight more)
--- a/src/mod_secdownload.c
+++ b/src/mod_secdownload.c
@ -11,7 +11,11 @@
 #include <stdlib.h>
 #include <string.h>

-#if defined(USE_OPENSSL)
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+#define USE_OPENSSL_CRYPTO
+#endif
+
+#ifdef USE_OPENSSL_CRYPTO
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #endif
@ -181,7 +185,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
 			return (32 == maclen) && const_time_memeq(mac, hexmd5, 32);
 		}
 	case SECDL_HMAC_SHA1:
-#if defined(USE_OPENSSL)
+#ifdef USE_OPENSSL_CRYPTO
 		{
 			unsigned char digest[20];
 			char base64_digest[27];
@ -203,7 +207,7 @@ static int secdl_verify_mac(server *srv, plugin_config *config, const char* prot
 #endif
 		break;
 	case SECDL_HMAC_SHA256:
-#if defined(USE_OPENSSL)
+#ifdef USE_OPENSSL_CRYPTO
 		{
 			unsigned char digest[32];
 			char base64_digest[43];
@ -318,7 +322,7 @@ SETDEFAULTS_FUNC(mod_secdownload_set_defaults) {
 					algorithm);
 				buffer_free(algorithm);
 				return HANDLER_ERROR;
-#if !defined(USE_OPENSSL)
+#ifndef USE_OPENSSL_CRYPTO
 			case SECDL_HMAC_SHA1:
 			case SECDL_HMAC_SHA256:
 				log_error_write(srv, __FILE__, __LINE__, "sb",
--- a/src/rand.c
+++ b/src/rand.c
@ -15,7 +15,10 @@
 #include <time.h>
 #include <unistd.h>

-#ifdef USE_OPENSSL
+#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
+#define USE_OPENSSL_CRYPTO
+#endif
+#ifdef USE_OPENSSL_CRYPTO
 #include <openssl/rand.h>
 #endif
 #ifdef HAVE_LINUX_RANDOM_H
@ -154,7 +157,7 @@ static void li_rand_init (void)
  #ifdef HAVE_SRANDOM
    srandom(u); /*(initialize just in case random() used elsewhere)*/
  #endif
-  #ifdef USE_OPENSSL
+  #ifdef USE_OPENSSL_CRYPTO
    RAND_poll();
    RAND_seed(xsubi, (int)sizeof(xsubi));
  #endif
@ -169,7 +172,7 @@ int li_rand_pseudo_bytes (void)
 {
    /* randomness *is not* cryptographically strong */
    /* (attempt to use better mechanisms to replace the more portable rand()) */
-  #ifdef USE_OPENSSL  /* (RAND_pseudo_bytes() is deprecated in openssl 1.1.0) */
+  #ifdef USE_OPENSSL_CRYPTO /* (openssl 1.1.0 deprecates RAND_pseudo_bytes()) */
  #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
    int i;
    if (-1 != RAND_pseudo_bytes((unsigned char *)&i, sizeof(i))) return i;
@ -193,7 +196,7 @@ int li_rand_pseudo_bytes (void)

 int li_rand_bytes (unsigned char *buf, int num)
 {
-  #ifdef USE_OPENSSL
+  #ifdef USE_OPENSSL_CRYPTO
    int rc = RAND_bytes(buf, num);
    if (-1 != rc) {
        return rc;
@ -213,7 +216,7 @@ int li_rand_bytes (unsigned char *buf, int num)

 void li_rand_cleanup (void)
 {
-  #ifdef USE_OPENSSL
+  #ifdef USE_OPENSSL_CRYPTO
    RAND_cleanup();
  #endif
    safe_memclear(xsubi, sizeof(xsubi));