Browse Source

[multiple] ./configure --with-nettle to use Nettle

./configure --with-nettle to use Nettle crypto lib for algorithms,
instead of OpenSSL or wolfSSL.  Note: Nettle does not provide TLS.

x-ref:
  "How to use SHA-256 without OpenSSL?"
  https://redmine.lighttpd.net/boards/2/topics/8903
personal/stbuehler/ci-build
Glenn Strauss 2 years ago
parent
commit
b28a3714c4
  1. 9
      SConstruct
  2. 29
      configure.ac
  3. 5
      meson_options.txt
  4. 19
      src/CMakeLists.txt
  5. 2
      src/algo_sha1.c
  6. 26
      src/algo_sha1.h
  7. 4
      src/md5.c
  8. 7
      src/meson.build
  9. 50
      src/mod_auth.c
  10. 58
      src/mod_authn_file.c
  11. 30
      src/mod_secdownload.c
  12. 66
      src/rand.c
  13. 7
      src/sys-crypto.h

9
SConstruct

@ -253,6 +253,7 @@ vars.AddVariables(
PackageVariable('with_mysql', 'enable mysql support', 'no'),
BoolVariable('with_openssl', 'enable openssl support', 'no'),
PackageVariable('with_wolfssl', 'enable wolfSSL support', 'no'),
BoolVariable('with_nettle', 'enable Nettle support', 'no'),
BoolVariable('with_pam', 'enable PAM auth support', 'no'),
PackageVariable('with_pcre', 'enable pcre support', 'yes'),
PackageVariable('with_pgsql', 'enable pgsql support', 'no'),
@ -608,6 +609,14 @@ if 1:
LIBCRYPTO = 'wolfssl',
)
if env['with_nettle']:
if not autoconf.CheckLibWithHeader('nettle', 'nettle/nettle-types.h', 'C'):
fail("Couldn't find Nettle")
autoconf.env.Append(
CPPFLAGS = [ '-DHAVE_NETTLE_NETTLE_TYPES_H' ],
LIBCRYPTO = 'nettle',
)
if env['with_pam']:
if not autoconf.CheckLibWithHeader('pam', 'security/pam_appl.h', 'C'):
fail("Couldn't find pam")

29
configure.ac

@ -737,6 +737,35 @@ if test "$WITH_OPENSSL" != no && test "$WITH_WOLFSSL" != no; then
AC_MSG_ERROR([lighttpd should not be built with both --with-openssl and --with-wolfssl])
fi
dnl Check for Nettle (and overwrite CRYPTO_LIB if set by OpenSSL or wolfSSL)
AC_MSG_NOTICE([----------------------------------------])
AC_MSG_CHECKING([for Nettle])
AC_ARG_WITH([nettle],
[AC_HELP_STRING([--with-nettle@<:@=DIR@:>@],
[Include Nettle support (default no)]
)],
[WITH_NETTLE=$withval],
[WITH_NETTLE=no]
)
AC_MSG_RESULT([$WITH_NETTLE])
if test "$WITH_NETTLE" != no; then
if test "$WITH_NETTLE" != yes; then
CPPFLAGS="${CPPFLAGS} -I$WITH_NETTLE/include"
LDFLAGS="${LDFLAGS} -L$WITH_NETTLE/lib"
fi
AC_CHECK_HEADERS([nettle/nettle-types.h], [], [
AC_MSG_ERROR([nettle headers not found. install them or build without --with-nettle])
])
AC_CHECK_LIB([nettle], [nettle_md5_init],
[CRYPTO_LIB="-lnettle"],
[AC_MSG_ERROR([nettle crypto library not found. install it or build without --with-nettle])]
)
AC_SUBST([CRYPTO_LIB])
fi
dnl pcre support
AC_MSG_NOTICE([----------------------------------------])

5
meson_options.txt

@ -63,6 +63,11 @@ option('with_mysql',
value: false,
description: 'with mysql-support for mod_vhostdb_mysql [default: off]',
)
option('with_nettle',
type: 'boolean',
value: false,
description: 'with Nettle-support [default: off]',
)
option('with_openssl',
type: 'boolean',
value: false,

19
src/CMakeLists.txt

@ -22,6 +22,7 @@ option(WITH_PGSQL "with postgres-support for mod_vhostdb_pgsql [default: off]")
option(WITH_DBI "with dbi-support for mod_vhostdb_dbi [default: off]")
option(WITH_OPENSSL "with openssl-support [default: off]")
option(WITH_WOLFSSL "with wolfSSL-support [default: off]")
option(WITH_NETTLE "with Nettle-support [default: off]")
option(WITH_PCRE "with regex support [default: on]" ON)
option(WITH_WEBDAV_PROPS "with property-support for mod_webdav [default: off]")
option(WITH_WEBDAV_LOCKS "locks in webdav [default: off]")
@ -370,6 +371,24 @@ if(WITH_OPENSSL AND WITH_WOLFSSL)
message(FATAL_ERROR "lighttpd should not be built with both --with-openssl and --with-wolfssl")
endif()
if(WITH_NETTLE)
if(APPLE)
set(CMAKE_REQUIRED_INCLUDES /opt/local/include)
endif()
check_include_files(nettle/nettle-types.h HAVE_NETTLE_NETTLE_TYPES_H)
if(APPLE)
set(CMAKE_REQUIRED_INCLUDES)
endif()
if(HAVE_NETTLE_NETTLE_TYPES_H)
check_library_exists(nettle nettle_md5_init "" HAVE_LIBCRYPTO)
if(HAVE_LIBCRYPTO)
set(CRYPTO_LIBRARY nettle)
endif()
endif()
else()
unset(HAVE_NETTLE_NETTLE_TYPES_H)
endif()
if(WITH_PCRE)
## if we have pcre-config, use it
xconfig(pcre-config PCRE_INCDIR PCRE_LIBDIR PCRE_LDFLAGS PCRE_CFLAGS)

2
src/algo_sha1.c

@ -2,7 +2,7 @@
typedef int innocuous_typedef_to_quiet_empty_translation_unit_compiler_warning;
#include "sys-crypto.h"
#ifndef USE_OPENSSL_CRYPTO
#ifndef USE_LIB_CRYPTO
#include "sys-endian.h"
#include "algo_sha1.h"

26
src/algo_sha1.h

@ -2,12 +2,32 @@
#define INCLUDED_ALGO_SHA1_H
#include "first.h"
#include "sys-crypto.h"
#ifdef USE_OPENSSL_CRYPTO
#include "sys-crypto.h" /* USE_LIB_CRYPTO */
#ifdef USE_LIB_CRYPTO
#ifdef USE_NETTLE_CRYPTO
#include <nettle/sha.h>
#ifndef SHA_DIGEST_LENGTH
#define SHA_DIGEST_LENGTH 20
#endif
typedef struct sha1_ctx SHA_CTX;
#define SHA1_Init(ctx) \
sha1_init(ctx)
#define SHA1_Final(digest, ctx) \
sha1_digest((ctx),sizeof(digest),(digest))
static void
SHA1_Update(SHA_CTX *ctx, const void *data, size_t length)
{
sha1_update(ctx, length, data);
}
#elif defined(USE_OPENSSL_CRYPTO)
#include <openssl/sha.h>
#else
#endif
#else /* ! USE_LIB_CRYPTO */
/*
* sha.h

4
src/md5.c

@ -33,10 +33,10 @@ documentation and/or software.
#define POINTER unsigned char *
#if 0 /* Note: not defined here or in lighttpd local "md5.h" */
#include "sys-crypto.h" /* USE_OPENSSL_CRYPTO */
#include "sys-crypto.h" /* USE_LIB_CRYPTO */
#endif
#ifndef USE_OPENSSL_CRYPTO
#ifndef USE_LIB_CRYPTO
#include <string.h>
/* Constants for MD5Transform routine.

7
src/meson.build

@ -420,6 +420,13 @@ if get_option('with_wolfssl') != 'false'
libcrypto += libwolfssl_includes_dep
conf_data.set('HAVE_WOLFSSL_SSL_H', true)
endif
if get_option('with_nettle') != 'false'
# manual search:
# header: nettle/nettle-types.h
# function: nettle_md5_init (-lnettle)
libcrypto = [ dependency('libnettle') ]
conf_data.set('HAVE_NETTLE_NETTLE_TYPES_H', true)
endif
libpcre = []
if get_option('with_pcre')

50
src/mod_auth.c

@ -6,11 +6,45 @@
#include "http_header.h"
#include "log.h"
#include "sys-crypto.h" /* USE_OPENSSL_CRYPTO */
#ifdef USE_OPENSSL_CRYPTO
#include "sys-crypto.h" /* USE_LIB_CRYPTO */
#ifdef USE_LIB_CRYPTO
#if defined(USE_NETTLE_CRYPTO)
#include <nettle/sha.h>
typedef struct sha256_ctx SHA256_CTX;
#define SHA256_Init(ctx) \
sha256_init(ctx)
#define SHA256_Final(digest, ctx) \
sha256_digest((ctx),sizeof(digest),(digest))
static void
SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
{
sha256_update(ctx, length, data);
}
#ifndef SHA512_256_DIGEST_LENGTH
#define SHA512_256_DIGEST_LENGTH 32
#endif
typedef struct sha512_ctx SHA512_CTX;
#define SHA512_256_Init(ctx) \
sha512_256_init(ctx)
#define SHA512_256_Final(digest, ctx) \
sha512_256_digest((ctx),sizeof(digest),(digest))
static void
SHA512_256_Update(SHA512_CTX *ctx, const void *data, size_t length)
{
sha512_256_update(ctx, length, data);
}
#elif defined(USE_OPENSSL_CRYPTO)
#include <openssl/sha.h>
#endif
#endif /* USE_LIB_CRYPTO */
#include <stdlib.h>
#include <string.h>
@ -132,7 +166,7 @@ static int mod_auth_algorithm_parse(http_auth_info_t *ai, const char *s) {
ai->dlen = HTTP_AUTH_DIGEST_MD5_BINLEN;
return 1;
}
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
else if (len >= 7
&& 's' == (s[0] | 0x20)
&& 'h' == (s[1] | 0x20)
@ -613,7 +647,7 @@ static handler_t mod_auth_check_basic(request_st * const r, void *p_d, const str
}
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
static void mod_auth_digest_mutate_sha256(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) {
SHA256_CTX ctx;
@ -761,7 +795,7 @@ static void mod_auth_digest_nonce_sha512_256(buffer *b, time_t cur_ts, int rnd,
#endif /* SHA512_256_DIGEST_LENGTH */
#endif /* USE_OPENSSL_CRYPTO */
#endif /* USE_LIB_CRYPTO */
static void mod_auth_digest_mutate_md5(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) {
li_MD5_CTX ctx;
@ -839,7 +873,7 @@ static void mod_auth_digest_nonce_md5(buffer *b, time_t cur_ts, int rnd, const b
static void mod_auth_digest_mutate(http_auth_info_t *ai, const char *m, const char *uri, const char *nonce, const char *cnonce, const char *nc, const char *qop) {
if (ai->dalgo & HTTP_AUTH_DIGEST_MD5)
mod_auth_digest_mutate_md5(ai, m, uri, nonce, cnonce, nc, qop);
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
else if (ai->dalgo & HTTP_AUTH_DIGEST_SHA256)
mod_auth_digest_mutate_sha256(ai, m, uri, nonce, cnonce, nc, qop);
#ifdef SHA512_256_DIGEST_LENGTH
@ -864,7 +898,7 @@ static void mod_auth_append_nonce(buffer *b, time_t cur_ts, const struct http_au
buffer_append_string_len(b, CONST_STR_LEN(":"));
}
switch (dalgo) {
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
#ifdef SHA512_256_DIGEST_LENGTH
case HTTP_AUTH_DIGEST_SHA512_256:
mod_auth_digest_nonce_sha512_256(b, cur_ts, rnd, nonce_secret);
@ -887,7 +921,7 @@ static void mod_auth_digest_www_authenticate(buffer *b, time_t cur_ts, const str
int algoid[3];
unsigned int algolen[3];
const char *algoname[3];
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
#ifdef SHA512_256_DIGEST_LENGTH
if (algos & HTTP_AUTH_DIGEST_SHA512_256) {
algoid[n] = HTTP_AUTH_DIGEST_SHA512_256;

58
src/mod_authn_file.c

@ -14,11 +14,59 @@
# define HAVE_CRYPT
#endif
#include "sys-crypto.h"
#ifdef USE_OPENSSL_CRYPTO
#include "sys-crypto.h" /* USE_LIB_CRYPTO */
#ifdef USE_LIB_CRYPTO
#if defined(USE_NETTLE_CRYPTO)
#include <nettle/md4.h>
#include <nettle/sha.h>
typedef struct md4_ctx MD4_CTX;
#define MD4_Init(ctx) \
md4_init(ctx)
#define MD4_Final(digest, ctx) \
md4_digest((ctx),sizeof(digest),(digest))
static void
MD4_Update(MD4_CTX *ctx, const void *data, size_t length)
{
md4_update(ctx, length, data);
}
typedef struct sha256_ctx SHA256_CTX;
#define SHA256_Init(ctx) \
sha256_init(ctx)
#define SHA256_Final(digest, ctx) \
sha256_digest((ctx),sizeof(digest),(digest))
static void
SHA256_Update(SHA256_CTX *ctx, const void *data, size_t length)
{
sha256_update(ctx, length, data);
}
#ifndef SHA512_256_DIGEST_LENGTH
#define SHA512_256_DIGEST_LENGTH 32
#endif
typedef struct sha512_ctx SHA512_CTX;
#define SHA512_256_Init(ctx) \
sha512_256_init(ctx)
#define SHA512_256_Final(digest, ctx) \
sha512_256_digest((ctx),sizeof(digest),(digest))
static void
SHA512_256_Update(SHA512_CTX *ctx, const void *data, size_t length)
{
sha512_256_update(ctx, length, data);
}
#elif defined(USE_OPENSSL_CRYPTO)
#include <openssl/md4.h>
#include <openssl/sha.h>
#endif
#endif /* USE_LIB_CRYPTO */
#include "safe_memclear.h"
/*(htpasswd)*/
@ -159,7 +207,7 @@ SETDEFAULTS_FUNC(mod_authn_file_set_defaults) {
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
static void mod_authn_file_digest_sha256(http_auth_info_t *ai, const char *pw, size_t pwlen) {
SHA256_CTX ctx;
@ -202,7 +250,7 @@ static void mod_authn_file_digest(http_auth_info_t *ai, const char *pw, size_t p
if (ai->dalgo & HTTP_AUTH_DIGEST_MD5)
mod_authn_file_digest_md5(ai, pw, pwlen);
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
else if (ai->dalgo & HTTP_AUTH_DIGEST_SHA256)
mod_authn_file_digest_sha256(ai, pw, pwlen);
#ifdef SHA512_256_DIGEST_LENGTH
@ -644,7 +692,7 @@ static handler_t mod_authn_file_htpasswd_basic(request_st * const r, void *p_d,
crypt_tmp_data.initialized = 0;
#endif
#endif
#ifdef USE_OPENSSL_CRYPTO /* (for MD4_*() (e.g. MD4_Update())) */
#ifdef USE_LIB_CRYPTO /*(for MD4_*() (e.g. MD4_Update()))*/
#ifndef NO_MD4 /*(e.g. wolfSSL built without MD4)*/
if (0 == memcmp(password->ptr, CONST_STR_LEN("$1+ntlm$"))) {
/* CRYPT-MD5-NTLM algorithm

30
src/mod_secdownload.c

@ -12,10 +12,14 @@
#include <string.h>
#include "sys-crypto.h"
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
#if defined(USE_NETTLE_CRYPTO)
#include <nettle/hmac.h>
#elif defined(USE_OPENSSL_CRYPTO)
#include <openssl/evp.h>
#include <openssl/hmac.h>
#endif
#endif
#include "md5.h"
@ -177,11 +181,17 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
return const_time_memeq((char *)HA1, (char *)md5bin, sizeof(md5bin));
}
case SECDL_HMAC_SHA1:
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
{
unsigned char digest[20];
char base64_digest[27];
#if defined(USE_NETTLE_CRYPTO)
struct hmac_sha1_ctx ctx;
hmac_sha1_set_key(&ctx, buffer_string_length(config->secret), (const uint8_t *)config->secret->ptr);
hmac_sha1_update(&ctx, strlen(protected_path), (const uint8_t *)protected_path);
hmac_sha1_digest(&ctx, sizeof(digest), (uint8_t *)digest);
#elif defined(USE_OPENSSL_CRYPTO)
if (NULL == HMAC(
EVP_sha1(),
(unsigned char const*) config->secret->ptr, buffer_string_length(config->secret),
@ -191,6 +201,9 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
"hmac-sha1: HMAC() failed");
return 0;
}
#else
#error "unexpected; crypto lib not configured for use by mod_secdownload"
#endif
li_to_base64_no_padding(base64_digest, 27, digest, 20, BASE64_URL);
@ -199,11 +212,17 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
#endif
break;
case SECDL_HMAC_SHA256:
#ifdef USE_OPENSSL_CRYPTO
#ifdef USE_LIB_CRYPTO
{
unsigned char digest[32];
char base64_digest[43];
#if defined(USE_NETTLE_CRYPTO)
struct hmac_sha256_ctx ctx;
hmac_sha256_set_key(&ctx, buffer_string_length(config->secret), (const uint8_t *)config->secret->ptr);
hmac_sha256_update(&ctx, strlen(protected_path), (const uint8_t *)protected_path);
hmac_sha256_digest(&ctx, sizeof(digest), (uint8_t *)digest);
#elif defined(USE_OPENSSL_CRYPTO)
if (NULL == HMAC(
EVP_sha256(),
(unsigned char const*) config->secret->ptr, buffer_string_length(config->secret),
@ -213,6 +232,9 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
"hmac-sha256: HMAC() failed");
return 0;
}
#else
#error "unexpected; crypto lib not configured for use by mod_secdownload"
#endif
li_to_base64_no_padding(base64_digest, 43, digest, 32, BASE64_URL);
@ -236,7 +258,7 @@ static int mod_secdownload_parse_algorithm(config_plugin_value_t * const cpv, lo
log_error(errh, __FILE__, __LINE__,
"invalid secdownload.algorithm: %s", cpv->v.b->ptr);
return 0;
#ifndef USE_OPENSSL_CRYPTO
#ifndef USE_LIB_CRYPTO
case SECDL_HMAC_SHA1:
case SECDL_HMAC_SHA256:
log_error(errh, __FILE__, __LINE__,

66
src/rand.c

@ -13,7 +13,13 @@
#include <time.h>
#include <unistd.h>
#include "sys-crypto.h"
#include "sys-crypto.h" /* USE_LIB_CRYPTO */
#ifdef USE_NETTLE_CRYPTO
#undef USE_OPENSSL_CRYPTO
#include <nettle/knuth-lfib.h>
#include <nettle/arcfour.h>
#include <nettle/yarrow.h>
#endif
#ifdef USE_OPENSSL_CRYPTO
#include <openssl/opensslv.h> /* OPENSSL_VERSION_NUMBER */
#include <openssl/rand.h>
@ -126,6 +132,39 @@ static int li_rand_device_bytes (unsigned char *buf, int num)
static int li_rand_inited;
static unsigned short xsubi[3];
#ifdef USE_NETTLE_CRYPTO
static struct knuth_lfib_ctx knuth_lfib_ctx;
static struct arcfour_ctx arcfour_ctx;
static struct yarrow256_ctx yarrow256_ctx;
#endif
#ifdef USE_NETTLE_CRYPTO
/* adapted from Nettle documentation arcfour_set_key_hashed() in nettle.pdf */
/* A more robust key setup function for ARCFOUR */
static void
li_arcfour_init_random_key_hashed(struct arcfour_ctx *ctx)
{
uint8_t key[ARCFOUR_KEY_SIZE];
const size_t length = sizeof(key);
if (1 != li_rand_device_bytes(key, (int)sizeof(key))) {
log_failed_assert(__FILE__, __LINE__,
"gathering entropy for arcfour seed failed");
}
memset(ctx, 0, sizeof(*ctx));
struct sha256_ctx hash;
uint8_t digest[SHA256_DIGEST_SIZE];
uint8_t buf[0x200];
memset(buf, 0, sizeof(buf));
sha256_init(&hash);
sha256_update(&hash, length, key);
sha256_digest(&hash, SHA256_DIGEST_SIZE, digest);
nettle_arcfour_set_key(ctx, SHA256_DIGEST_SIZE, digest);
nettle_arcfour_crypt(ctx, sizeof(buf), buf, buf);
nettle_arcfour_crypt(ctx, sizeof(buf), buf, buf);
nettle_arcfour_crypt(ctx, sizeof(buf), buf, buf);
}
#endif
static void li_rand_init (void)
{
@ -158,6 +197,11 @@ static void li_rand_init (void)
#ifdef HAVE_SRANDOM
srandom(u); /*(initialize just in case random() used elsewhere)*/
#endif
#ifdef USE_NETTLE_CRYPTO
nettle_knuth_lfib_init(&knuth_lfib_ctx, u);
nettle_yarrow256_init(&yarrow256_ctx, 0, NULL);
li_arcfour_init_random_key_hashed(&arcfour_ctx);
#endif
#ifdef USE_OPENSSL_CRYPTO
RAND_poll();
RAND_seed(xsubi, (int)sizeof(xsubi));
@ -180,6 +224,11 @@ int li_rand_pseudo (void)
#endif
#endif
if (!li_rand_inited) li_rand_init();
#ifdef USE_NETTLE_CRYPTO
int i = (int)nettle_knuth_lfib_get(&knuth_lfib_ctx);
nettle_arcfour_crypt(&arcfour_ctx, sizeof(i), (uint8_t *)&i, (uint8_t *)&i);
if (i) return i; /*(cond to avoid compiler warning for code after return)*/
#endif
#ifdef HAVE_ARC4RANDOM_BUF
return (int)arc4random();
#elif defined(HAVE_SRANDOM)
@ -203,6 +252,21 @@ void li_rand_pseudo_bytes (unsigned char *buf, int num)
int li_rand_bytes (unsigned char *buf, int num)
{
#ifdef USE_NETTLE_CRYPTO
#if 0 /* not implemented: periodic nettle_yarrow256_update() and reseed */
if (!nettle_yarrow256_is_seeded(&yarrow256_ctx)) {
uint8_t seed_file[YARROW256_SEED_FILE_SIZE];
if (1 == li_rand_device_bytes((unsigned char *)seed_file,
(int)sizeof(seed_file))) {
nettle_yarrow256_seed(&yarrow256_ctx, sizeof(seed_file), seed_file);
}
}
if (nettle_yarrow256_is_seeded(&yarrow256_ctx)) {
nettle_yarrow256_random(&yarrow256_ctx, (size_t)num, (uint8_t *)buf);
return 1;
}
#endif
#endif
#ifdef USE_OPENSSL_CRYPTO
int rc = RAND_bytes(buf, num);
if (-1 != rc) {

7
src/sys-crypto.h

@ -3,10 +3,12 @@
#include "first.h"
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
#define USE_LIB_CRYPTO
#define USE_OPENSSL_CRYPTO
#endif
#ifdef HAVE_WOLFSSL_SSL_H
#define USE_LIB_CRYPTO
#define USE_OPENSSL_CRYPTO
/* wolfSSL needs to be built with ./configure --enable-lighty for lighttpd.
* Doing so defines OPENSSL_EXTRA and HAVE_LIGHTY in <wolfssl/options.h>, and
@ -16,4 +18,9 @@
#include <wolfssl/options.h>
#endif
#ifdef HAVE_NETTLE_NETTLE_TYPES_H
#define USE_LIB_CRYPTO
#define USE_NETTLE_CRYPTO
#endif
#endif

Loading…
Cancel
Save