diff options
| author | Marcel Raad <Marcel.Raad@teamviewer.com> | 2021-10-02 12:32:42 +0200 |
|---|---|---|
| committer | Marcel Raad <Marcel.Raad@teamviewer.com> | 2021-10-07 18:41:27 +0200 |
| commit | 94696e1b51bc05caed7ece734162edfcd3bcd619 (patch) | |
| tree | 15c3678d2c5b0d1d461b1206a8bc30bcf138e79c /lib/sha256.c | |
| parent | 802d8644500f5b18c895b77a23d85e029766d65e (diff) | |
| download | curl-94696e1b51bc05caed7ece734162edfcd3bcd619.tar.gz | |
sha256: use high-level EVP interface for OpenSSL
Available since OpenSSL 0.9.7. The low-level SHA256 interface is
deprecated in OpenSSL v3, and its usage was discouraged even before.
Closes https://github.com/curl/curl/pull/7808
Diffstat (limited to 'lib/sha256.c')
| -rw-r--r-- | lib/sha256.c | 111 |
1 files changed, 70 insertions, 41 deletions
diff --git a/lib/sha256.c b/lib/sha256.c index 270be1c67..1391412ce 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -40,7 +40,7 @@ #include <openssl/opensslv.h> -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) +#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) #define USE_OPENSSL_SHA256 #endif @@ -70,7 +70,36 @@ #if defined(USE_OPENSSL_SHA256) /* When OpenSSL is available we use the SHA256-function from OpenSSL */ -#include <openssl/sha.h> +#include <openssl/evp.h> + +#include "curl_memory.h" + +/* The last #include file should be: */ +#include "memdebug.h" + +struct sha256_ctx { + EVP_MD_CTX *openssl_ctx; +}; +typedef struct sha256_ctx my_sha256_ctx; + +static void my_sha256_init(my_sha256_ctx *ctx) +{ + ctx->openssl_ctx = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL); +} + +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) +{ + EVP_DigestUpdate(ctx->openssl_ctx, data, length); +} + +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) +{ + EVP_DigestFinal_ex(ctx->openssl_ctx, digest, NULL); + EVP_MD_CTX_destroy(ctx->openssl_ctx); +} #elif defined(USE_GNUTLS) @@ -81,21 +110,21 @@ /* The last #include file should be: */ #include "memdebug.h" -typedef struct sha256_ctx SHA256_CTX; +typedef struct sha256_ctx my_sha256_ctx; -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { sha256_init(ctx); } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { sha256_update(ctx, length, data); } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { sha256_digest(ctx, SHA256_DIGEST_SIZE, digest); } @@ -109,9 +138,9 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) /* The last #include file should be: */ #include "memdebug.h" -typedef mbedtls_sha256_context SHA256_CTX; +typedef mbedtls_sha256_context my_sha256_ctx; -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_starts(ctx, 0); @@ -120,9 +149,9 @@ static void SHA256_Init(SHA256_CTX *ctx) #endif } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_update(ctx, data, length); @@ -131,7 +160,7 @@ static void SHA256_Update(SHA256_CTX *ctx, #endif } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) (void) mbedtls_sha256_finish(ctx, digest); @@ -152,21 +181,21 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) /* The last #include file should be: */ #include "memdebug.h" -typedef CC_SHA256_CTX SHA256_CTX; +typedef CC_SHA256_CTX my_sha256_ctx; -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { (void) CC_SHA256_Init(ctx); } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { (void) CC_SHA256_Update(ctx, data, length); } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { (void) CC_SHA256_Final(digest, ctx); } @@ -179,13 +208,13 @@ struct sha256_ctx { HCRYPTPROV hCryptProv; HCRYPTHASH hHash; }; -typedef struct sha256_ctx SHA256_CTX; +typedef struct sha256_ctx my_sha256_ctx; #if !defined(CALG_SHA_256) #define CALG_SHA_256 0x0000800c #endif -static void SHA256_Init(SHA256_CTX *ctx) +static void my_sha256_init(my_sha256_ctx *ctx) { if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { @@ -193,14 +222,14 @@ static void SHA256_Init(SHA256_CTX *ctx) } } -static void SHA256_Update(SHA256_CTX *ctx, - const unsigned char *data, - unsigned int length) +static void my_sha256_update(my_sha256_ctx *ctx, + const unsigned char *data, + unsigned int length) { CryptHashData(ctx->hHash, (unsigned char *) data, length, 0); } -static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx) +static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx) { unsigned long length = 0; @@ -269,7 +298,7 @@ struct sha256_state { unsigned long state[8], curlen; unsigned char buf[64]; }; -typedef struct sha256_state SHA256_CTX; +typedef struct sha256_state my_sha256_ctx; /* The K array */ static const unsigned long K[64] = { @@ -346,7 +375,7 @@ static int sha256_compress(struct sha256_state *md, } /* Initialize the hash state */ -static void SHA256_Init(struct sha256_state *md) +static void my_sha256_init(struct sha256_state *md) { md->curlen = 0; md->length = 0; @@ -367,9 +396,9 @@ static void SHA256_Init(struct sha256_state *md) @param inlen The length of the data (octets) @return CRYPT_OK if successful */ -static int SHA256_Update(struct sha256_state *md, - const unsigned char *in, - unsigned long inlen) +static int my_sha256_update(struct sha256_state *md, + const unsigned char *in, + unsigned long inlen) { unsigned long n; @@ -408,8 +437,8 @@ static int SHA256_Update(struct sha256_state *md, @param out [out] The destination of the hash (32 bytes) @return CRYPT_OK if successful */ -static int SHA256_Final(unsigned char *out, - struct sha256_state *md) +static int my_sha256_final(unsigned char *out, + struct sha256_state *md) { int i; @@ -466,24 +495,24 @@ static int SHA256_Final(unsigned char *out, void Curl_sha256it(unsigned char *output, const unsigned char *input, const size_t length) { - SHA256_CTX ctx; + my_sha256_ctx ctx; - SHA256_Init(&ctx); - SHA256_Update(&ctx, input, curlx_uztoui(length)); - SHA256_Final(output, &ctx); + my_sha256_init(&ctx); + my_sha256_update(&ctx, input, curlx_uztoui(length)); + my_sha256_final(output, &ctx); } const struct HMAC_params Curl_HMAC_SHA256[] = { { /* Hash initialization function. */ - CURLX_FUNCTION_CAST(HMAC_hinit_func, SHA256_Init), + CURLX_FUNCTION_CAST(HMAC_hinit_func, my_sha256_init), /* Hash update function. */ - CURLX_FUNCTION_CAST(HMAC_hupdate_func, SHA256_Update), + CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_sha256_update), /* Hash computation end function. */ - CURLX_FUNCTION_CAST(HMAC_hfinal_func, SHA256_Final), + CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_sha256_final), /* Size of hash context structure. */ - sizeof(SHA256_CTX), + sizeof(my_sha256_ctx), /* Maximum key length. */ 64, /* Result size. */ |