mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 15:48:49 -05:00
vtls: move sha256sum into the Curl_ssl struct
The SHA-256 checksumming is also an SSL backend-specific function. Let's include it in the struct declaring the functionality of SSL backends. In contrast to MD5, there is no fall-back code. To indicate this, the respective entries are NULL for those backends that offer no support for SHA-256 checksumming. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin
Daniel Stenberg
parent
e35205a0c4
commit
0a083a66bc
@ -722,7 +722,8 @@ const struct Curl_ssl Curl_ssl_axtls = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_none_md5sum /* md5sum */
|
||||
Curl_none_md5sum, /* md5sum */
|
||||
NULL /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_axtls;
|
||||
|
||||
@ -939,10 +939,10 @@ CURLcode Curl_cyassl_random(struct Curl_easy *data,
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum /* output */,
|
||||
size_t unused)
|
||||
static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum /* output */,
|
||||
size_t unused)
|
||||
{
|
||||
Sha256 SHA256pw;
|
||||
(void)unused;
|
||||
@ -971,7 +971,8 @@ const struct Curl_ssl Curl_ssl_cyassl = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_none_md5sum /* md5sum */
|
||||
Curl_none_md5sum, /* md5sum */
|
||||
Curl_cyassl_sha256sum /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_cyassl;
|
||||
|
||||
@ -54,10 +54,6 @@ CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
|
||||
CURLcode Curl_cyassl_random(struct Curl_easy *data,
|
||||
unsigned char *entropy,
|
||||
size_t length);
|
||||
void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t unused);
|
||||
|
||||
extern const struct Curl_ssl Curl_ssl_cyassl;
|
||||
|
||||
@ -72,7 +68,5 @@ extern const struct Curl_ssl Curl_ssl_cyassl;
|
||||
#define have_curlssl_pinnedpubkey 1
|
||||
#endif
|
||||
|
||||
#define curlssl_sha256sum(a,b,c,d) Curl_cyassl_sha256sum(a,b,c,d)
|
||||
|
||||
#endif /* USE_CYASSL */
|
||||
#endif /* HEADER_CURL_CYASSL_H */
|
||||
|
||||
@ -2733,10 +2733,10 @@ static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len)
|
||||
static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len)
|
||||
{
|
||||
assert(sha256len >= SHA256_DIGEST_LENGTH);
|
||||
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
|
||||
@ -2877,7 +2877,8 @@ const struct Curl_ssl Curl_ssl_darwinssl = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_darwinssl_false_start, /* false_start */
|
||||
Curl_darwinssl_md5sum /* md5sum */
|
||||
Curl_darwinssl_md5sum, /* md5sum */
|
||||
Curl_darwinssl_sha256sum /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_darwinssl;
|
||||
|
||||
@ -44,10 +44,6 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn,
|
||||
|
||||
CURLcode Curl_darwinssl_random(struct Curl_easy *data, unsigned char *entropy,
|
||||
size_t length);
|
||||
void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len);
|
||||
bool Curl_darwinssl_false_start(void);
|
||||
|
||||
extern const struct Curl_ssl Curl_ssl_darwinssl;
|
||||
@ -74,7 +70,5 @@ extern const struct Curl_ssl Curl_ssl_darwinssl;
|
||||
#define have_curlssl_pinnedpubkey 1
|
||||
#endif /* DARWIN_SSL_PINNEDPUBKEY */
|
||||
|
||||
#define curlssl_sha256sum(a,b,c,d) Curl_darwinssl_sha256sum(a, b, c, d)
|
||||
|
||||
#endif /* USE_DARWINSSL */
|
||||
#endif /* HEADER_CURL_DARWINSSL_H */
|
||||
|
||||
@ -1355,7 +1355,8 @@ const struct Curl_ssl Curl_ssl_gskit = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_none_md5sum /* md5sum */
|
||||
Curl_none_md5sum, /* md5sum */
|
||||
NULL /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gskit;
|
||||
|
||||
@ -1758,10 +1758,10 @@ static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /* input */
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len)
|
||||
static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len)
|
||||
{
|
||||
#if defined(USE_GNUTLS_NETTLE)
|
||||
struct sha256_ctx SHA256pw;
|
||||
@ -1806,7 +1806,8 @@ const struct Curl_ssl Curl_ssl_gnutls = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_gtls_md5sum /* md5sum */
|
||||
Curl_gtls_md5sum, /* md5sum */
|
||||
Curl_gtls_sha256sum /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gnutls;
|
||||
|
||||
@ -46,10 +46,6 @@ int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
|
||||
CURLcode Curl_gtls_random(struct Curl_easy *data,
|
||||
unsigned char *entropy,
|
||||
size_t length);
|
||||
void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len);
|
||||
|
||||
bool Curl_gtls_cert_status_request(void);
|
||||
|
||||
@ -70,7 +66,5 @@ extern const struct Curl_ssl Curl_ssl_gnutls;
|
||||
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
|
||||
#define have_curlssl_pinnedpubkey 1
|
||||
|
||||
#define curlssl_sha256sum(a,b,c,d) Curl_gtls_sha256sum(a,b,c,d)
|
||||
|
||||
#endif /* USE_GNUTLS */
|
||||
#endif /* HEADER_CURL_GTLS_H */
|
||||
|
||||
@ -1007,6 +1007,14 @@ bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex)
|
||||
return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
|
||||
}
|
||||
|
||||
static void Curl_mbedtls_sha256sum(const unsigned char *input,
|
||||
size_t inputlen,
|
||||
unsigned char *sha256sum,
|
||||
size_t sha256len UNUSED_PARAM)
|
||||
{
|
||||
mbedtls_sha256(input, inputlen, sha256sum, 0);
|
||||
}
|
||||
|
||||
const struct Curl_ssl Curl_ssl_mbedtls = {
|
||||
"mbedtls", /* name */
|
||||
|
||||
@ -1027,7 +1035,8 @@ const struct Curl_ssl Curl_ssl_mbedtls = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_none_md5sum /* md5sum */
|
||||
Curl_none_md5sum, /* md5sum */
|
||||
Curl_mbedtls_sha256sum /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_mbedtls;
|
||||
|
||||
@ -26,8 +26,6 @@
|
||||
|
||||
#ifdef USE_MBEDTLS
|
||||
|
||||
#include <mbedtls/sha256.h>
|
||||
|
||||
/* Called on first use mbedTLS, setup threading if supported */
|
||||
int Curl_mbedtls_init(void);
|
||||
void Curl_mbedtls_cleanup(void);
|
||||
@ -62,7 +60,6 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
|
||||
extern const struct Curl_ssl Curl_ssl_mbedtls;
|
||||
|
||||
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
|
||||
#define curlssl_sha256sum(a,b,c,d) mbedtls_sha256(a,b,c,0)
|
||||
|
||||
#endif /* USE_MBEDTLS */
|
||||
#endif /* HEADER_CURL_MBEDTLS_H */
|
||||
|
||||
@ -2293,10 +2293,10 @@ static CURLcode Curl_nss_md5sum(unsigned char *tmp, /* input */
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len)
|
||||
static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len)
|
||||
{
|
||||
PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256);
|
||||
unsigned int SHA256out;
|
||||
@ -2346,7 +2346,8 @@ const struct Curl_ssl Curl_ssl_nss = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_nss_false_start, /* false_start */
|
||||
Curl_nss_md5sum /* md5sum */
|
||||
Curl_nss_md5sum, /* md5sum */
|
||||
Curl_nss_sha256sum /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_nss;
|
||||
|
||||
@ -51,10 +51,6 @@ CURLcode Curl_nss_random(struct Curl_easy *data,
|
||||
unsigned char *entropy,
|
||||
size_t length);
|
||||
|
||||
void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum, /* output */
|
||||
size_t sha256len);
|
||||
|
||||
bool Curl_nss_cert_status_request(void);
|
||||
|
||||
@ -77,7 +73,5 @@ extern const struct Curl_ssl Curl_ssl_nss;
|
||||
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
|
||||
#define have_curlssl_pinnedpubkey 1
|
||||
|
||||
#define curlssl_sha256sum(a,b,c,d) Curl_nss_sha256sum(a,b,c,d)
|
||||
|
||||
#endif /* USE_NSS */
|
||||
#endif /* HEADER_CURL_NSSG_H */
|
||||
|
||||
@ -3364,10 +3364,10 @@ static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
|
||||
}
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
||||
void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum /* output */,
|
||||
size_t unused)
|
||||
static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum /* output */,
|
||||
size_t unused)
|
||||
{
|
||||
SHA256_CTX SHA256pw;
|
||||
(void)unused;
|
||||
@ -3407,7 +3407,12 @@ const struct Curl_ssl Curl_ssl_openssl = {
|
||||
Curl_ossl_set_engine_default, /* set_engine_default */
|
||||
Curl_ossl_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_ossl_md5sum /* md5sum */
|
||||
Curl_ossl_md5sum, /* md5sum */
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
||||
Curl_ossl_sha256sum /* sha256sum */
|
||||
#else
|
||||
NULL /* sha256sum */
|
||||
#endif
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_openssl;
|
||||
|
||||
@ -68,10 +68,6 @@ bool Curl_ossl_data_pending(const struct connectdata *conn,
|
||||
/* return 0 if a find random is filled in */
|
||||
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
|
||||
size_t length);
|
||||
void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
||||
size_t tmplen,
|
||||
unsigned char *sha256sum /* output */,
|
||||
size_t unused);
|
||||
|
||||
bool Curl_ossl_cert_status_request(void);
|
||||
|
||||
@ -95,10 +91,6 @@ extern const struct Curl_ssl Curl_ssl_openssl;
|
||||
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
|
||||
#define have_curlssl_pinnedpubkey 1
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
||||
#define curlssl_sha256sum(a,b,c,d) Curl_ossl_sha256sum(a,b,c,d)
|
||||
#endif
|
||||
|
||||
#define DEFAULT_CIPHER_SELECTION \
|
||||
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
||||
|
||||
|
||||
@ -870,6 +870,14 @@ bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex)
|
||||
return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
|
||||
}
|
||||
|
||||
static void Curl_polarssl_sha256sum(const unsigned char *input,
|
||||
size_t inputlen,
|
||||
unsigned char *sha256sum,
|
||||
size_t sha256len UNUSED_PARAM)
|
||||
{
|
||||
sha256(input, inputlen, sha256sum, 0);
|
||||
}
|
||||
|
||||
const struct Curl_ssl Curl_ssl_polarssl = {
|
||||
"polarssl", /* name */
|
||||
|
||||
@ -893,7 +901,8 @@ const struct Curl_ssl Curl_ssl_polarssl = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_none_md5sum /* md5sum */
|
||||
Curl_none_md5sum, /* md5sum */
|
||||
Curl_polarssl_sha256sum /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_polarssl;
|
||||
|
||||
@ -26,8 +26,6 @@
|
||||
|
||||
#ifdef USE_POLARSSL
|
||||
|
||||
#include <polarssl/sha256.h>
|
||||
|
||||
/* Called on first use PolarSSL, setup threading if supported */
|
||||
int Curl_polarssl_init(void);
|
||||
void Curl_polarssl_cleanup(void);
|
||||
@ -58,7 +56,5 @@ extern const struct Curl_ssl Curl_ssl_polarssl;
|
||||
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
|
||||
#define have_curlssl_pinnedpubkey 1
|
||||
|
||||
#define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0)
|
||||
|
||||
#endif /* USE_POLARSSL */
|
||||
#endif /* HEADER_CURL_POLARSSL_H */
|
||||
|
||||
@ -1746,7 +1746,8 @@ const struct Curl_ssl Curl_ssl_schannel = {
|
||||
Curl_none_set_engine_default, /* set_engine_default */
|
||||
Curl_none_engines_list, /* engines_list */
|
||||
Curl_none_false_start, /* false_start */
|
||||
Curl_none_md5sum /* md5sum */
|
||||
Curl_none_md5sum, /* md5sum */
|
||||
NULL /* sha256sum */
|
||||
};
|
||||
|
||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_schannel;
|
||||
|
||||
@ -791,12 +791,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
|
||||
size_t size, pem_len;
|
||||
CURLcode pem_read;
|
||||
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
||||
#ifdef curlssl_sha256sum
|
||||
CURLcode encode;
|
||||
size_t encodedlen, pinkeylen;
|
||||
char *encoded, *pinkeycopy, *begin_pos, *end_pos;
|
||||
unsigned char *sha256sumdigest = NULL;
|
||||
#endif
|
||||
|
||||
/* if a path wasn't specified, don't pin */
|
||||
if(!pinnedpubkey)
|
||||
@ -806,13 +804,17 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
|
||||
|
||||
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
|
||||
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
|
||||
#ifdef curlssl_sha256sum
|
||||
if(!Curl_ssl->sha256sum) {
|
||||
/* without sha256 support, this cannot match */
|
||||
return result;
|
||||
}
|
||||
|
||||
/* compute sha256sum of public key */
|
||||
sha256sumdigest = malloc(SHA256_DIGEST_LENGTH);
|
||||
if(!sha256sumdigest)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
curlssl_sha256sum(pubkey, pubkeylen,
|
||||
sha256sumdigest, SHA256_DIGEST_LENGTH);
|
||||
Curl_ssl->sha256sum(pubkey, pubkeylen,
|
||||
sha256sumdigest, SHA256_DIGEST_LENGTH);
|
||||
encode = Curl_base64_encode(data, (char *)sha256sumdigest,
|
||||
SHA256_DIGEST_LENGTH, &encoded, &encodedlen);
|
||||
Curl_safefree(sha256sumdigest);
|
||||
@ -859,10 +861,6 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
|
||||
} while(end_pos && begin_pos);
|
||||
Curl_safefree(encoded);
|
||||
Curl_safefree(pinkeycopy);
|
||||
#else
|
||||
/* without sha256 support, this cannot match */
|
||||
(void)data;
|
||||
#endif
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
@ -57,6 +57,8 @@ struct Curl_ssl {
|
||||
|
||||
CURLcode (*md5sum)(unsigned char *input, size_t inputlen,
|
||||
unsigned char *md5sum, size_t md5sumlen);
|
||||
void (*sha256sum)(const unsigned char *input, size_t inputlen,
|
||||
unsigned char *sha256sum, size_t sha256sumlen);
|
||||
};
|
||||
|
||||
#ifdef USE_SSL
|
||||
|
||||
Loading…
Reference in New Issue
Block a user