From babfb438730e2629f7a99a0b8b83b34e7c540d07 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Tue, 27 Oct 2020 16:47:33 -0400
Subject: [PATCH] [build] WITHOUT_LIB_CRYPTO option in code

(not (yet?) an end-user option in the build system)
(If extended to build system, build system should also unset CRYPTO_LIB)

If WITHOUT_LIB_CRYPTO is defined in sys-crypto.h, then non-TLS modules
will have access to MD5() and SHA1() built with lighttpd (algo_md5.[ch]
and algo_sha1.[ch]), but not to other message digest algorithms.

As of this commit, this affects only mod_secdownload with SHA256 digest
and mod_auth* modules using HTTP Digest Auth with digest=SHA-256, which
is not currently well-supported by client browers (besides Opera)
---
 src/rand.c       | 8 ++++++++
 src/sys-crypto.h | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/src/rand.c b/src/rand.c
index aaf489ec..239700a5 100644
--- a/src/rand.c
+++ b/src/rand.c
@@ -64,6 +64,14 @@
 #include <nss/pk11pub.h>
 #endif
 #endif
+#ifndef USE_LIB_CRYPTO
+#undef USE_NETTLE_CRYPTO
+#undef USE_MBEDTLS_CRYPTO
+#undef USE_WOLFSSL_CRYPTO
+#undef USE_OPENSSL_CRYPTO
+#undef USE_GNUTLS_CRYPTO
+#undef USE_NSS_CRYPTO
+#endif
 #ifdef HAVE_GETENTROPY
 #include <sys/random.h>
 #endif
diff --git a/src/sys-crypto.h b/src/sys-crypto.h
index fb60e4d3..aad3d0f3 100644
--- a/src/sys-crypto.h
+++ b/src/sys-crypto.h
@@ -50,4 +50,8 @@
 #define USE_GNUTLS_CRYPTO
 #endif
 
+#ifdef WITHOUT_LIB_CRYPTO
+#undef USE_LIB_CRYPTO
+#endif
+
 #endif