mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
vtls: move sha256sum into the Curl_ssl struct
The SHA-256 checksumming is also an SSL backend-specific function. Let's include it in the struct declaring the functionality of SSL backends. In contrast to MD5, there is no fall-back code. To indicate this, the respective entries are NULL for those backends that offer no support for SHA-256 checksumming. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
Johannes Schindelin
Daniel Stenberg
parent
e35205a0c4
commit
0a083a66bc
@ -722,7 +722,8 @@ const struct Curl_ssl Curl_ssl_axtls = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_none_md5sum /* md5sum */
|
Curl_none_md5sum, /* md5sum */
|
||||||
|
NULL /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_axtls;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_axtls;
|
||||||
|
|||||||
@ -939,10 +939,10 @@ CURLcode Curl_cyassl_random(struct Curl_easy *data,
|
|||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
|
static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
|
||||||
size_t tmplen,
|
size_t tmplen,
|
||||||
unsigned char *sha256sum /* output */,
|
unsigned char *sha256sum /* output */,
|
||||||
size_t unused)
|
size_t unused)
|
||||||
{
|
{
|
||||||
Sha256 SHA256pw;
|
Sha256 SHA256pw;
|
||||||
(void)unused;
|
(void)unused;
|
||||||
@ -971,7 +971,8 @@ const struct Curl_ssl Curl_ssl_cyassl = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_none_md5sum /* md5sum */
|
Curl_none_md5sum, /* md5sum */
|
||||||
|
Curl_cyassl_sha256sum /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_cyassl;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_cyassl;
|
||||||
|
|||||||
@ -54,10 +54,6 @@ CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn,
|
|||||||
CURLcode Curl_cyassl_random(struct Curl_easy *data,
|
CURLcode Curl_cyassl_random(struct Curl_easy *data,
|
||||||
unsigned char *entropy,
|
unsigned char *entropy,
|
||||||
size_t length);
|
size_t length);
|
||||||
void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
|
|
||||||
size_t tmplen,
|
|
||||||
unsigned char *sha256sum, /* output */
|
|
||||||
size_t unused);
|
|
||||||
|
|
||||||
extern const struct Curl_ssl Curl_ssl_cyassl;
|
extern const struct Curl_ssl Curl_ssl_cyassl;
|
||||||
|
|
||||||
@ -72,7 +68,5 @@ extern const struct Curl_ssl Curl_ssl_cyassl;
|
|||||||
#define have_curlssl_pinnedpubkey 1
|
#define have_curlssl_pinnedpubkey 1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define curlssl_sha256sum(a,b,c,d) Curl_cyassl_sha256sum(a,b,c,d)
|
|
||||||
|
|
||||||
#endif /* USE_CYASSL */
|
#endif /* USE_CYASSL */
|
||||||
#endif /* HEADER_CURL_CYASSL_H */
|
#endif /* HEADER_CURL_CYASSL_H */
|
||||||
|
|||||||
@ -2733,10 +2733,10 @@ static CURLcode Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
|
|||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
|
static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
|
||||||
size_t tmplen,
|
size_t tmplen,
|
||||||
unsigned char *sha256sum, /* output */
|
unsigned char *sha256sum, /* output */
|
||||||
size_t sha256len)
|
size_t sha256len)
|
||||||
{
|
{
|
||||||
assert(sha256len >= SHA256_DIGEST_LENGTH);
|
assert(sha256len >= SHA256_DIGEST_LENGTH);
|
||||||
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
|
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
|
||||||
@ -2877,7 +2877,8 @@ const struct Curl_ssl Curl_ssl_darwinssl = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_darwinssl_false_start, /* false_start */
|
Curl_darwinssl_false_start, /* false_start */
|
||||||
Curl_darwinssl_md5sum /* md5sum */
|
Curl_darwinssl_md5sum, /* md5sum */
|
||||||
|
Curl_darwinssl_sha256sum /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_darwinssl;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_darwinssl;
|
||||||
|
|||||||
@ -44,10 +44,6 @@ bool Curl_darwinssl_data_pending(const struct connectdata *conn,
|
|||||||
|
|
||||||
CURLcode Curl_darwinssl_random(struct Curl_easy *data, unsigned char *entropy,
|
CURLcode Curl_darwinssl_random(struct Curl_easy *data, unsigned char *entropy,
|
||||||
size_t length);
|
size_t length);
|
||||||
void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
|
|
||||||
size_t tmplen,
|
|
||||||
unsigned char *sha256sum, /* output */
|
|
||||||
size_t sha256len);
|
|
||||||
bool Curl_darwinssl_false_start(void);
|
bool Curl_darwinssl_false_start(void);
|
||||||
|
|
||||||
extern const struct Curl_ssl Curl_ssl_darwinssl;
|
extern const struct Curl_ssl Curl_ssl_darwinssl;
|
||||||
@ -74,7 +70,5 @@ extern const struct Curl_ssl Curl_ssl_darwinssl;
|
|||||||
#define have_curlssl_pinnedpubkey 1
|
#define have_curlssl_pinnedpubkey 1
|
||||||
#endif /* DARWIN_SSL_PINNEDPUBKEY */
|
#endif /* DARWIN_SSL_PINNEDPUBKEY */
|
||||||
|
|
||||||
#define curlssl_sha256sum(a,b,c,d) Curl_darwinssl_sha256sum(a, b, c, d)
|
|
||||||
|
|
||||||
#endif /* USE_DARWINSSL */
|
#endif /* USE_DARWINSSL */
|
||||||
#endif /* HEADER_CURL_DARWINSSL_H */
|
#endif /* HEADER_CURL_DARWINSSL_H */
|
||||||
|
|||||||
@ -1355,7 +1355,8 @@ const struct Curl_ssl Curl_ssl_gskit = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_none_md5sum /* md5sum */
|
Curl_none_md5sum, /* md5sum */
|
||||||
|
NULL /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gskit;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gskit;
|
||||||
|
|||||||
@ -1758,10 +1758,10 @@ static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /* input */
|
|||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
|
static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
|
||||||
size_t tmplen,
|
size_t tmplen,
|
||||||
unsigned char *sha256sum, /* output */
|
unsigned char *sha256sum, /* output */
|
||||||
size_t sha256len)
|
size_t sha256len)
|
||||||
{
|
{
|
||||||
#if defined(USE_GNUTLS_NETTLE)
|
#if defined(USE_GNUTLS_NETTLE)
|
||||||
struct sha256_ctx SHA256pw;
|
struct sha256_ctx SHA256pw;
|
||||||
@ -1806,7 +1806,8 @@ const struct Curl_ssl Curl_ssl_gnutls = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_gtls_md5sum /* md5sum */
|
Curl_gtls_md5sum, /* md5sum */
|
||||||
|
Curl_gtls_sha256sum /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gnutls;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gnutls;
|
||||||
|
|||||||
@ -46,10 +46,6 @@ int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
|
|||||||
CURLcode Curl_gtls_random(struct Curl_easy *data,
|
CURLcode Curl_gtls_random(struct Curl_easy *data,
|
||||||
unsigned char *entropy,
|
unsigned char *entropy,
|
||||||
size_t length);
|
size_t length);
|
||||||
void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
|
|
||||||
size_t tmplen,
|
|
||||||
unsigned char *sha256sum, /* output */
|
|
||||||
size_t sha256len);
|
|
||||||
|
|
||||||
bool Curl_gtls_cert_status_request(void);
|
bool Curl_gtls_cert_status_request(void);
|
||||||
|
|
||||||
@ -70,7 +66,5 @@ extern const struct Curl_ssl Curl_ssl_gnutls;
|
|||||||
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
|
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
|
||||||
#define have_curlssl_pinnedpubkey 1
|
#define have_curlssl_pinnedpubkey 1
|
||||||
|
|
||||||
#define curlssl_sha256sum(a,b,c,d) Curl_gtls_sha256sum(a,b,c,d)
|
|
||||||
|
|
||||||
#endif /* USE_GNUTLS */
|
#endif /* USE_GNUTLS */
|
||||||
#endif /* HEADER_CURL_GTLS_H */
|
#endif /* HEADER_CURL_GTLS_H */
|
||||||
|
|||||||
@ -1007,6 +1007,14 @@ bool Curl_mbedtls_data_pending(const struct connectdata *conn, int sockindex)
|
|||||||
return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
|
return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void Curl_mbedtls_sha256sum(const unsigned char *input,
|
||||||
|
size_t inputlen,
|
||||||
|
unsigned char *sha256sum,
|
||||||
|
size_t sha256len UNUSED_PARAM)
|
||||||
|
{
|
||||||
|
mbedtls_sha256(input, inputlen, sha256sum, 0);
|
||||||
|
}
|
||||||
|
|
||||||
const struct Curl_ssl Curl_ssl_mbedtls = {
|
const struct Curl_ssl Curl_ssl_mbedtls = {
|
||||||
"mbedtls", /* name */
|
"mbedtls", /* name */
|
||||||
|
|
||||||
@ -1027,7 +1035,8 @@ const struct Curl_ssl Curl_ssl_mbedtls = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_none_md5sum /* md5sum */
|
Curl_none_md5sum, /* md5sum */
|
||||||
|
Curl_mbedtls_sha256sum /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_mbedtls;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_mbedtls;
|
||||||
|
|||||||
@ -26,8 +26,6 @@
|
|||||||
|
|
||||||
#ifdef USE_MBEDTLS
|
#ifdef USE_MBEDTLS
|
||||||
|
|
||||||
#include <mbedtls/sha256.h>
|
|
||||||
|
|
||||||
/* Called on first use mbedTLS, setup threading if supported */
|
/* Called on first use mbedTLS, setup threading if supported */
|
||||||
int Curl_mbedtls_init(void);
|
int Curl_mbedtls_init(void);
|
||||||
void Curl_mbedtls_cleanup(void);
|
void Curl_mbedtls_cleanup(void);
|
||||||
@ -62,7 +60,6 @@ CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy,
|
|||||||
extern const struct Curl_ssl Curl_ssl_mbedtls;
|
extern const struct Curl_ssl Curl_ssl_mbedtls;
|
||||||
|
|
||||||
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
|
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
|
||||||
#define curlssl_sha256sum(a,b,c,d) mbedtls_sha256(a,b,c,0)
|
|
||||||
|
|
||||||
#endif /* USE_MBEDTLS */
|
#endif /* USE_MBEDTLS */
|
||||||
#endif /* HEADER_CURL_MBEDTLS_H */
|
#endif /* HEADER_CURL_MBEDTLS_H */
|
||||||
|
|||||||
@ -2293,10 +2293,10 @@ static CURLcode Curl_nss_md5sum(unsigned char *tmp, /* input */
|
|||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
|
static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
|
||||||
size_t tmplen,
|
size_t tmplen,
|
||||||
unsigned char *sha256sum, /* output */
|
unsigned char *sha256sum, /* output */
|
||||||
size_t sha256len)
|
size_t sha256len)
|
||||||
{
|
{
|
||||||
PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256);
|
PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256);
|
||||||
unsigned int SHA256out;
|
unsigned int SHA256out;
|
||||||
@ -2346,7 +2346,8 @@ const struct Curl_ssl Curl_ssl_nss = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_nss_false_start, /* false_start */
|
Curl_nss_false_start, /* false_start */
|
||||||
Curl_nss_md5sum /* md5sum */
|
Curl_nss_md5sum, /* md5sum */
|
||||||
|
Curl_nss_sha256sum /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_nss;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_nss;
|
||||||
|
|||||||
@ -51,10 +51,6 @@ CURLcode Curl_nss_random(struct Curl_easy *data,
|
|||||||
unsigned char *entropy,
|
unsigned char *entropy,
|
||||||
size_t length);
|
size_t length);
|
||||||
|
|
||||||
void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
|
|
||||||
size_t tmplen,
|
|
||||||
unsigned char *sha256sum, /* output */
|
|
||||||
size_t sha256len);
|
|
||||||
|
|
||||||
bool Curl_nss_cert_status_request(void);
|
bool Curl_nss_cert_status_request(void);
|
||||||
|
|
||||||
@ -77,7 +73,5 @@ extern const struct Curl_ssl Curl_ssl_nss;
|
|||||||
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
|
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
|
||||||
#define have_curlssl_pinnedpubkey 1
|
#define have_curlssl_pinnedpubkey 1
|
||||||
|
|
||||||
#define curlssl_sha256sum(a,b,c,d) Curl_nss_sha256sum(a,b,c,d)
|
|
||||||
|
|
||||||
#endif /* USE_NSS */
|
#endif /* USE_NSS */
|
||||||
#endif /* HEADER_CURL_NSSG_H */
|
#endif /* HEADER_CURL_NSSG_H */
|
||||||
|
|||||||
@ -3364,10 +3364,10 @@ static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /* input */
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
||||||
void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
||||||
size_t tmplen,
|
size_t tmplen,
|
||||||
unsigned char *sha256sum /* output */,
|
unsigned char *sha256sum /* output */,
|
||||||
size_t unused)
|
size_t unused)
|
||||||
{
|
{
|
||||||
SHA256_CTX SHA256pw;
|
SHA256_CTX SHA256pw;
|
||||||
(void)unused;
|
(void)unused;
|
||||||
@ -3407,7 +3407,12 @@ const struct Curl_ssl Curl_ssl_openssl = {
|
|||||||
Curl_ossl_set_engine_default, /* set_engine_default */
|
Curl_ossl_set_engine_default, /* set_engine_default */
|
||||||
Curl_ossl_engines_list, /* engines_list */
|
Curl_ossl_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_ossl_md5sum /* md5sum */
|
Curl_ossl_md5sum, /* md5sum */
|
||||||
|
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
||||||
|
Curl_ossl_sha256sum /* sha256sum */
|
||||||
|
#else
|
||||||
|
NULL /* sha256sum */
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_openssl;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_openssl;
|
||||||
|
|||||||
@ -68,10 +68,6 @@ bool Curl_ossl_data_pending(const struct connectdata *conn,
|
|||||||
/* return 0 if a find random is filled in */
|
/* return 0 if a find random is filled in */
|
||||||
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
|
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
|
||||||
size_t length);
|
size_t length);
|
||||||
void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
|
|
||||||
size_t tmplen,
|
|
||||||
unsigned char *sha256sum /* output */,
|
|
||||||
size_t unused);
|
|
||||||
|
|
||||||
bool Curl_ossl_cert_status_request(void);
|
bool Curl_ossl_cert_status_request(void);
|
||||||
|
|
||||||
@ -95,10 +91,6 @@ extern const struct Curl_ssl Curl_ssl_openssl;
|
|||||||
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
|
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
|
||||||
#define have_curlssl_pinnedpubkey 1
|
#define have_curlssl_pinnedpubkey 1
|
||||||
|
|
||||||
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
|
|
||||||
#define curlssl_sha256sum(a,b,c,d) Curl_ossl_sha256sum(a,b,c,d)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define DEFAULT_CIPHER_SELECTION \
|
#define DEFAULT_CIPHER_SELECTION \
|
||||||
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
|
||||||
|
|
||||||
|
|||||||
@ -870,6 +870,14 @@ bool Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex)
|
|||||||
return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
|
return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void Curl_polarssl_sha256sum(const unsigned char *input,
|
||||||
|
size_t inputlen,
|
||||||
|
unsigned char *sha256sum,
|
||||||
|
size_t sha256len UNUSED_PARAM)
|
||||||
|
{
|
||||||
|
sha256(input, inputlen, sha256sum, 0);
|
||||||
|
}
|
||||||
|
|
||||||
const struct Curl_ssl Curl_ssl_polarssl = {
|
const struct Curl_ssl Curl_ssl_polarssl = {
|
||||||
"polarssl", /* name */
|
"polarssl", /* name */
|
||||||
|
|
||||||
@ -893,7 +901,8 @@ const struct Curl_ssl Curl_ssl_polarssl = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_none_md5sum /* md5sum */
|
Curl_none_md5sum, /* md5sum */
|
||||||
|
Curl_polarssl_sha256sum /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_polarssl;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_polarssl;
|
||||||
|
|||||||
@ -26,8 +26,6 @@
|
|||||||
|
|
||||||
#ifdef USE_POLARSSL
|
#ifdef USE_POLARSSL
|
||||||
|
|
||||||
#include <polarssl/sha256.h>
|
|
||||||
|
|
||||||
/* Called on first use PolarSSL, setup threading if supported */
|
/* Called on first use PolarSSL, setup threading if supported */
|
||||||
int Curl_polarssl_init(void);
|
int Curl_polarssl_init(void);
|
||||||
void Curl_polarssl_cleanup(void);
|
void Curl_polarssl_cleanup(void);
|
||||||
@ -58,7 +56,5 @@ extern const struct Curl_ssl Curl_ssl_polarssl;
|
|||||||
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
|
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
|
||||||
#define have_curlssl_pinnedpubkey 1
|
#define have_curlssl_pinnedpubkey 1
|
||||||
|
|
||||||
#define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0)
|
|
||||||
|
|
||||||
#endif /* USE_POLARSSL */
|
#endif /* USE_POLARSSL */
|
||||||
#endif /* HEADER_CURL_POLARSSL_H */
|
#endif /* HEADER_CURL_POLARSSL_H */
|
||||||
|
|||||||
@ -1746,7 +1746,8 @@ const struct Curl_ssl Curl_ssl_schannel = {
|
|||||||
Curl_none_set_engine_default, /* set_engine_default */
|
Curl_none_set_engine_default, /* set_engine_default */
|
||||||
Curl_none_engines_list, /* engines_list */
|
Curl_none_engines_list, /* engines_list */
|
||||||
Curl_none_false_start, /* false_start */
|
Curl_none_false_start, /* false_start */
|
||||||
Curl_none_md5sum /* md5sum */
|
Curl_none_md5sum, /* md5sum */
|
||||||
|
NULL /* sha256sum */
|
||||||
};
|
};
|
||||||
|
|
||||||
const struct Curl_ssl *Curl_ssl = &Curl_ssl_schannel;
|
const struct Curl_ssl *Curl_ssl = &Curl_ssl_schannel;
|
||||||
|
|||||||
@ -791,12 +791,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
|
|||||||
size_t size, pem_len;
|
size_t size, pem_len;
|
||||||
CURLcode pem_read;
|
CURLcode pem_read;
|
||||||
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
|
||||||
#ifdef curlssl_sha256sum
|
|
||||||
CURLcode encode;
|
CURLcode encode;
|
||||||
size_t encodedlen, pinkeylen;
|
size_t encodedlen, pinkeylen;
|
||||||
char *encoded, *pinkeycopy, *begin_pos, *end_pos;
|
char *encoded, *pinkeycopy, *begin_pos, *end_pos;
|
||||||
unsigned char *sha256sumdigest = NULL;
|
unsigned char *sha256sumdigest = NULL;
|
||||||
#endif
|
|
||||||
|
|
||||||
/* if a path wasn't specified, don't pin */
|
/* if a path wasn't specified, don't pin */
|
||||||
if(!pinnedpubkey)
|
if(!pinnedpubkey)
|
||||||
@ -806,13 +804,17 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
|
|||||||
|
|
||||||
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
|
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
|
||||||
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
|
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
|
||||||
#ifdef curlssl_sha256sum
|
if(!Curl_ssl->sha256sum) {
|
||||||
|
/* without sha256 support, this cannot match */
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
/* compute sha256sum of public key */
|
/* compute sha256sum of public key */
|
||||||
sha256sumdigest = malloc(SHA256_DIGEST_LENGTH);
|
sha256sumdigest = malloc(SHA256_DIGEST_LENGTH);
|
||||||
if(!sha256sumdigest)
|
if(!sha256sumdigest)
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
curlssl_sha256sum(pubkey, pubkeylen,
|
Curl_ssl->sha256sum(pubkey, pubkeylen,
|
||||||
sha256sumdigest, SHA256_DIGEST_LENGTH);
|
sha256sumdigest, SHA256_DIGEST_LENGTH);
|
||||||
encode = Curl_base64_encode(data, (char *)sha256sumdigest,
|
encode = Curl_base64_encode(data, (char *)sha256sumdigest,
|
||||||
SHA256_DIGEST_LENGTH, &encoded, &encodedlen);
|
SHA256_DIGEST_LENGTH, &encoded, &encodedlen);
|
||||||
Curl_safefree(sha256sumdigest);
|
Curl_safefree(sha256sumdigest);
|
||||||
@ -859,10 +861,6 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
|
|||||||
} while(end_pos && begin_pos);
|
} while(end_pos && begin_pos);
|
||||||
Curl_safefree(encoded);
|
Curl_safefree(encoded);
|
||||||
Curl_safefree(pinkeycopy);
|
Curl_safefree(pinkeycopy);
|
||||||
#else
|
|
||||||
/* without sha256 support, this cannot match */
|
|
||||||
(void)data;
|
|
||||||
#endif
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -57,6 +57,8 @@ struct Curl_ssl {
|
|||||||
|
|
||||||
CURLcode (*md5sum)(unsigned char *input, size_t inputlen,
|
CURLcode (*md5sum)(unsigned char *input, size_t inputlen,
|
||||||
unsigned char *md5sum, size_t md5sumlen);
|
unsigned char *md5sum, size_t md5sumlen);
|
||||||
|
void (*sha256sum)(const unsigned char *input, size_t inputlen,
|
||||||
|
unsigned char *sha256sum, size_t sha256sumlen);
|
||||||
};
|
};
|
||||||
|
|
||||||
#ifdef USE_SSL
|
#ifdef USE_SSL
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user