Lighttpd

You can use SHA-256 without lighttpd mod_openssl, but your lighttpd executable must be linked against openssl or compatible crypto library (e.g. libreSSL, boringSSL, wolfSSL) to provide the SHA-256 algorithm.

Thanks for the reply.

It seems i am screwed then, there is no room in the device to include an ssl library.

Try wolfSSL for a smaller crypto library. Compile lighttpd -Os to optimize for size. strip the binaries to reduce disk footprint.

Thanks, i will need a freeware one. Is there a complete list of supported ssl libraries available?

You mentioned three initially: (e.g. libreSSL, boringSSL, wolfSSL)

If a library has an openssl-compatible API layer, it will likely work.

For what you appear to need, libcrypto from openssl is what you need, not libssl. In lighttpd, only mod_openssl links against libssl, so if you're not using TLS, then you do not need that part of openssl (libssl), you need only libcrypto.

Thanks for the info.

I just compiled libressl with arm-poky-linux-musleabi (-Os) and i can see that librypto.so is 7.8MB (amounts to about 3MB on the compressed JFFS2 fs). I would need something in the range of a few hundred kilobytes to a megabyte at the extreme maximum.

Oh, stripping did some wonders, it may just work..

Do i need to generate the hashes the same way as with md5 (over user/realm/pass)? It does not seem to be working like this:

mkpasswd --method=sha-256 my-user:my-realm:my-pass
And i get: $5$9nPXQgIxM$VaK3hOYWW1Xg6wZ7ydUmpfgUghaPHTDrPDTwXLNUfF8

Add it to the .htpasswd file like this:

The lighttpd format for the htdigest file does not contain "additionally" salted hashes. The "username:realm:" is the "salt" to differentiate hashes with the same password.
echo -n "my-user:my-realm:my-pass" | sha256sum
(Don't forget to use echo -n to omit the final '\n' when computing the sha256sum)

To add a line to the .htpasswd file:

user=my-user
realm=my-realm
pass=my-pass
printf "%s:%s:%s\n" "$user" "$realm" "$(printf "%s" "$user:$realm:$pass" | sha256sum | awk '{print $1}')" >> .htpasswd

You can test with curl -v --digest --user my-user:my-pass http://...

.

Additionally, I mocked up some code on my development branch to use Nettle for crypto rather than libcrypto from OpenSSL. Nettle is substantially smaller than libcrypto from OpenSSL. If you want to play with it, see DevelGit and you can cherry-pick to the master branch from my development branch personal/gstrauss/master git cherry-pick -X ours ca3ed6fd and build with ./configure --with-nettle (You'll also have to install nettle and nettle-devel packages for your system.)

Hi,
thanks for the reply. I will definitely check it out in my next release.

For now i already made a quick patch in the mod_auth module to use the sha256sum utility instead of any external libraries.

FYI: in addition to the option to use Nettle for crypto algorithms instead of openssl, there is now also (very) experimental support for mbedTLS on my lighttpd development branch https://git.lighttpd.net/lighttpd/lighttpd1.4.git/?h=personal%2Fgstrauss%2Fmaster

Should the requirement for open-ssl for SHA-256 get a mention in the optional dependencies page?

https://redmine.lighttpd.net/projects/lighttpd/wiki/OptionalLibraries

I couldn't figure out why SHA-256 wasn't supported in my build until I read this thread.

Yes. It looks like that page needs a refresh for multiple reasons. Thanks for pointing it out.

Regarding SHA-256, please be aware that while HTTP Digest auth with SHA-256 is supported by lighttpd, HTTP Digest auth with SHA-256 might not be supported by all current popular client browsers.

gstrauss wrote in RE: How to use SHA-256 without OpenSSL?:

Yes. It looks like that page needs a refresh for multiple reasons. Thanks for pointing it out.

Regarding SHA-256, please be aware that while HTTP Digest auth with SHA-256 is supported by lighttpd, HTTP Digest auth with SHA-256 might not be supported by all current popular client browsers.

I can vouch for that. I ended up writing a custom patch for SHA-256 inside mod_auth only to discover that it only works with Opera browser..

Yep I figured this out shortly after getting SHA-256 working in lightty!

I wrote and submitted patches to Mozilla to add support in Firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=472823 "SHA 256 Digest Authentication"
https://bugzilla.mozilla.org/show_bug.cgi?id=281851 "CVE-2005-2395 Wrong scheme used when server offers both Basic and Digest auth"
https://phabricator.services.mozilla.com/D106241 "support SHA-256 HTTP Digest auth"

Open issue in Chrome:
https://bugs.chromium.org/p/chromium/issues/detail?id=1160478 "SHA-256 for HTTP Digest Access Authentication in accordance with rfc7616"

Resolving the original topic of this post.

How to use SHA-256 without OpenSSL?

lighttpd 1.4.56 provides an option to use Nettle for the SHA256 algorithm. If lighttpd is not built against Nettle, lighttpd will use the SHA256 algorithm provided by lighttpd TLS modules (if lighttpd is built with TLS).

Firefox 93.0 supports SHA-256 for RFC 7616 HTTP Digest Access Authentication
(Firefox 93.0 is currently in alpha and general release is scheduled for 5 Oct 2021)