Project

General

Profile

[Solved] How to use SHA-256 without OpenSSL?

Added by bupthebroker almost 5 years ago

Hi
can i somehow configure lighttpd to use SHA-256 instead of the usual MD5 without using the openssl module?

Something like this:

auth.backend = "htdigest"                                                          
auth.backend.htdigest.userfile = "/home/program/lighttpd/.htpasswd" 
auth.require = ( "/test.html" =>
    (
    "method"    => "digest",
    "algorithm" => "SHA-256",
    "realm"   => "realmzz",
    "require" => "valid-user" 
    ),
)

It tells me the following:
2020-01-22 14:05:37: (../../lighttpd-1.4.54/src/mod_auth.c.406) invalid algorithm in: auth.require = ( "..." => ( ..., "algorithm" => "..." ) )

Thanks in advance!


Replies (18)

RE: How to use SHA-256 without OpenSSL? - Added by gstrauss almost 5 years ago

You can use SHA-256 without lighttpd mod_openssl, but your lighttpd executable must be linked against openssl or compatible crypto library (e.g. libreSSL, boringSSL, wolfSSL) to provide the SHA-256 algorithm.

RE: How to use SHA-256 without OpenSSL? - Added by bupthebroker almost 5 years ago

Thanks for the reply.

It seems i am screwed then, there is no room in the device to include an ssl library.

RE: How to use SHA-256 without OpenSSL? - Added by gstrauss almost 5 years ago

Try wolfSSL for a smaller crypto library. Compile lighttpd -Os to optimize for size. strip the binaries to reduce disk footprint.

RE: How to use SHA-256 without OpenSSL? - Added by bupthebroker almost 5 years ago

Thanks, i will need a freeware one. Is there a complete list of supported ssl libraries available?

You mentioned three initially: (e.g. libreSSL, boringSSL, wolfSSL)

RE: How to use SHA-256 without OpenSSL? - Added by gstrauss almost 5 years ago

If a library has an openssl-compatible API layer, it will likely work.

For what you appear to need, libcrypto from openssl is what you need, not libssl. In lighttpd, only mod_openssl links against libssl, so if you're not using TLS, then you do not need that part of openssl (libssl), you need only libcrypto.

RE: How to use SHA-256 without OpenSSL? - Added by bupthebroker almost 5 years ago

Thanks for the info.

I just compiled libressl with arm-poky-linux-musleabi (-Os) and i can see that librypto.so is 7.8MB (amounts to about 3MB on the compressed JFFS2 fs). I would need something in the range of a few hundred kilobytes to a megabyte at the extreme maximum.

RE: How to use SHA-256 without OpenSSL? - Added by bupthebroker almost 5 years ago

Oh, stripping did some wonders, it may just work..

RE: How to use SHA-256 without OpenSSL? - Added by bupthebroker almost 5 years ago

Do i need to generate the hashes the same way as with md5 (over user/realm/pass)? It does not seem to be working like this:

mkpasswd --method=sha-256 my-user:my-realm:my-pass
And i get: $5$9nPXQgIxM$VaK3hOYWW1Xg6wZ7ydUmpfgUghaPHTDrPDTwXLNUfF8

Add it to the .htpasswd file like this:

RE: How to use SHA-256 without OpenSSL? - Added by gstrauss almost 5 years ago

The lighttpd format for the htdigest file does not contain "additionally" salted hashes. The "username:realm:" is the "salt" to differentiate hashes with the same password.
echo -n "my-user:my-realm:my-pass" | sha256sum
(Don't forget to use echo -n to omit the final '\n' when computing the sha256sum)

To add a line to the .htpasswd file:

user=my-user
realm=my-realm
pass=my-pass
printf "%s:%s:%s\n" "$user" "$realm" "$(printf "%s" "$user:$realm:$pass" | sha256sum | awk '{print $1}')" >> .htpasswd

You can test with curl -v --digest --user my-user:my-pass http://...

.

Additionally, I mocked up some code on my development branch to use Nettle for crypto rather than libcrypto from OpenSSL. Nettle is substantially smaller than libcrypto from OpenSSL. If you want to play with it, see DevelGit and you can cherry-pick to the master branch from my development branch personal/gstrauss/master git cherry-pick -X ours ca3ed6fd and build with ./configure --with-nettle (You'll also have to install nettle and nettle-devel packages for your system.)

RE: How to use SHA-256 without OpenSSL? - Added by bupthebroker almost 5 years ago

Hi,
thanks for the reply. I will definitely check it out in my next release.

For now i already made a quick patch in the mod_auth module to use the sha256sum utility instead of any external libraries.

RE: How to use SHA-256 without OpenSSL? - Added by gstrauss almost 5 years ago

FYI: in addition to the option to use Nettle for crypto algorithms instead of openssl, there is now also (very) experimental support for mbedTLS on my lighttpd development branch https://git.lighttpd.net/lighttpd/lighttpd1.4.git/?h=personal%2Fgstrauss%2Fmaster

RE: How to use SHA-256 without OpenSSL? - Added by levi over 4 years ago

Should the requirement for open-ssl for SHA-256 get a mention in the optional dependencies page?

https://redmine.lighttpd.net/projects/lighttpd/wiki/OptionalLibraries

I couldn't figure out why SHA-256 wasn't supported in my build until I read this thread.

RE: How to use SHA-256 without OpenSSL? - Added by gstrauss over 4 years ago

Yes. It looks like that page needs a refresh for multiple reasons. Thanks for pointing it out.

Regarding SHA-256, please be aware that while HTTP Digest auth with SHA-256 is supported by lighttpd, HTTP Digest auth with SHA-256 might not be supported by all current popular client browsers.

RE: How to use SHA-256 without OpenSSL? - Added by bupthebroker over 4 years ago

gstrauss wrote in RE: How to use SHA-256 without OpenSSL?:

Yes. It looks like that page needs a refresh for multiple reasons. Thanks for pointing it out.

Regarding SHA-256, please be aware that while HTTP Digest auth with SHA-256 is supported by lighttpd, HTTP Digest auth with SHA-256 might not be supported by all current popular client browsers.

I can vouch for that. I ended up writing a custom patch for SHA-256 inside mod_auth only to discover that it only works with Opera browser..

RE: How to use SHA-256 without OpenSSL? - Added by levi over 4 years ago

Yep I figured this out shortly after getting SHA-256 working in lightty!

RE: How to use SHA-256 without OpenSSL? - Added by gstrauss almost 4 years ago

I wrote and submitted patches to Mozilla to add support in Firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=472823 "SHA 256 Digest Authentication"
https://bugzilla.mozilla.org/show_bug.cgi?id=281851 "CVE-2005-2395 Wrong scheme used when server offers both Basic and Digest auth"
https://phabricator.services.mozilla.com/D106241 "support SHA-256 HTTP Digest auth"

Open issue in Chrome:
https://bugs.chromium.org/p/chromium/issues/detail?id=1160478 "SHA-256 for HTTP Digest Access Authentication in accordance with rfc7616"

RE: [Solved] How to use SHA-256 without OpenSSL? - Added by gstrauss almost 4 years ago

Resolving the original topic of this post.

How to use SHA-256 without OpenSSL?

lighttpd 1.4.56 provides an option to use Nettle for the SHA256 algorithm. If lighttpd is not built against Nettle, lighttpd will use the SHA256 algorithm provided by lighttpd TLS modules (if lighttpd is built with TLS).

RE: [Solved] How to use SHA-256 without OpenSSL? - Added by gstrauss over 3 years ago

Firefox 93.0 supports SHA-256 for RFC 7616 HTTP Digest Access Authentication
(Firefox 93.0 is currently in alpha and general release is scheduled for 5 Oct 2021)

    (1-18/18)