The SHA-256 checksumming is also an SSL backend-specific function.
Let's include it in the struct declaring the functionality of SSL
backends.
In contrast to MD5, there is no fall-back code. To indicate this, the
respective entries are NULL for those backends that offer no support for
SHA-256 checksumming.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_none_md5sum /* md5sum */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_axtls;
return CURLE_OK;
}
-void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum /* output */,
- size_t unused)
+static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum /* output */,
+ size_t unused)
{
Sha256 SHA256pw;
(void)unused;
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_none_md5sum /* md5sum */
+ Curl_none_md5sum, /* md5sum */
+ Curl_cyassl_sha256sum /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_cyassl;
CURLcode Curl_cyassl_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
-void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t unused);
extern const struct Curl_ssl Curl_ssl_cyassl;
#define have_curlssl_pinnedpubkey 1
#endif
-#define curlssl_sha256sum(a,b,c,d) Curl_cyassl_sha256sum(a,b,c,d)
-
#endif /* USE_CYASSL */
#endif /* HEADER_CURL_CYASSL_H */
return CURLE_OK;
}
-void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len)
+static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
{
assert(sha256len >= SHA256_DIGEST_LENGTH);
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_darwinssl_false_start, /* false_start */
- Curl_darwinssl_md5sum /* md5sum */
+ Curl_darwinssl_md5sum, /* md5sum */
+ Curl_darwinssl_sha256sum /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_darwinssl;
CURLcode Curl_darwinssl_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
-void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len);
bool Curl_darwinssl_false_start(void);
extern const struct Curl_ssl Curl_ssl_darwinssl;
#define have_curlssl_pinnedpubkey 1
#endif /* DARWIN_SSL_PINNEDPUBKEY */
-#define curlssl_sha256sum(a,b,c,d) Curl_darwinssl_sha256sum(a, b, c, d)
-
#endif /* USE_DARWINSSL */
#endif /* HEADER_CURL_DARWINSSL_H */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_none_md5sum /* md5sum */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gskit;
return CURLE_OK;
}
-void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len)
+static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
{
#if defined(USE_GNUTLS_NETTLE)
struct sha256_ctx SHA256pw;
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_gtls_md5sum /* md5sum */
+ Curl_gtls_md5sum, /* md5sum */
+ Curl_gtls_sha256sum /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_gnutls;
CURLcode Curl_gtls_random(struct Curl_easy *data,
unsigned char *entropy,
size_t length);
-void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len);
bool Curl_gtls_cert_status_request(void);
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
#define have_curlssl_pinnedpubkey 1
-#define curlssl_sha256sum(a,b,c,d) Curl_gtls_sha256sum(a,b,c,d)
-
#endif /* USE_GNUTLS */
#endif /* HEADER_CURL_GTLS_H */
return mbedtls_ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
}
+static void Curl_mbedtls_sha256sum(const unsigned char *input,
+ size_t inputlen,
+ unsigned char *sha256sum,
+ size_t sha256len UNUSED_PARAM)
+{
+ mbedtls_sha256(input, inputlen, sha256sum, 0);
+}
+
const struct Curl_ssl Curl_ssl_mbedtls = {
"mbedtls", /* name */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_none_md5sum /* md5sum */
+ Curl_none_md5sum, /* md5sum */
+ Curl_mbedtls_sha256sum /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_mbedtls;
#ifdef USE_MBEDTLS
-#include <mbedtls/sha256.h>
-
/* Called on first use mbedTLS, setup threading if supported */
int Curl_mbedtls_init(void);
void Curl_mbedtls_cleanup(void);
extern const struct Curl_ssl Curl_ssl_mbedtls;
#define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
-#define curlssl_sha256sum(a,b,c,d) mbedtls_sha256(a,b,c,0)
#endif /* USE_MBEDTLS */
#endif /* HEADER_CURL_MBEDTLS_H */
return CURLE_OK;
}
-void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len)
+static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum, /* output */
+ size_t sha256len)
{
PK11Context *SHA256pw = PK11_CreateDigestContext(SEC_OID_SHA256);
unsigned int SHA256out;
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_nss_false_start, /* false_start */
- Curl_nss_md5sum /* md5sum */
+ Curl_nss_md5sum, /* md5sum */
+ Curl_nss_sha256sum /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_nss;
unsigned char *entropy,
size_t length);
-void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum, /* output */
- size_t sha256len);
bool Curl_nss_cert_status_request(void);
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
#define have_curlssl_pinnedpubkey 1
-#define curlssl_sha256sum(a,b,c,d) Curl_nss_sha256sum(a,b,c,d)
-
#endif /* USE_NSS */
#endif /* HEADER_CURL_NSSG_H */
}
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
-void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum /* output */,
- size_t unused)
+static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
+ size_t tmplen,
+ unsigned char *sha256sum /* output */,
+ size_t unused)
{
SHA256_CTX SHA256pw;
(void)unused;
Curl_ossl_set_engine_default, /* set_engine_default */
Curl_ossl_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_ossl_md5sum /* md5sum */
+ Curl_ossl_md5sum, /* md5sum */
+#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
+ Curl_ossl_sha256sum /* sha256sum */
+#else
+ NULL /* sha256sum */
+#endif
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_openssl;
/* return 0 if a find random is filled in */
CURLcode Curl_ossl_random(struct Curl_easy *data, unsigned char *entropy,
size_t length);
-void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
- size_t tmplen,
- unsigned char *sha256sum /* output */,
- size_t unused);
bool Curl_ossl_cert_status_request(void);
/* this backend supports CURLOPT_PINNEDPUBLICKEY */
#define have_curlssl_pinnedpubkey 1
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
-#define curlssl_sha256sum(a,b,c,d) Curl_ossl_sha256sum(a,b,c,d)
-#endif
-
#define DEFAULT_CIPHER_SELECTION \
"ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH"
return ssl_get_bytes_avail(&conn->ssl[sockindex].ssl) != 0;
}
+static void Curl_polarssl_sha256sum(const unsigned char *input,
+ size_t inputlen,
+ unsigned char *sha256sum,
+ size_t sha256len UNUSED_PARAM)
+{
+ sha256(input, inputlen, sha256sum, 0);
+}
+
const struct Curl_ssl Curl_ssl_polarssl = {
"polarssl", /* name */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_none_md5sum /* md5sum */
+ Curl_none_md5sum, /* md5sum */
+ Curl_polarssl_sha256sum /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_polarssl;
#ifdef USE_POLARSSL
-#include <polarssl/sha256.h>
-
/* Called on first use PolarSSL, setup threading if supported */
int Curl_polarssl_init(void);
void Curl_polarssl_cleanup(void);
/* this backends supports CURLOPT_PINNEDPUBLICKEY */
#define have_curlssl_pinnedpubkey 1
-#define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0)
-
#endif /* USE_POLARSSL */
#endif /* HEADER_CURL_POLARSSL_H */
Curl_none_set_engine_default, /* set_engine_default */
Curl_none_engines_list, /* engines_list */
Curl_none_false_start, /* false_start */
- Curl_none_md5sum /* md5sum */
+ Curl_none_md5sum, /* md5sum */
+ NULL /* sha256sum */
};
const struct Curl_ssl *Curl_ssl = &Curl_ssl_schannel;
size_t size, pem_len;
CURLcode pem_read;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
-#ifdef curlssl_sha256sum
CURLcode encode;
size_t encodedlen, pinkeylen;
char *encoded, *pinkeycopy, *begin_pos, *end_pos;
unsigned char *sha256sumdigest = NULL;
-#endif
/* if a path wasn't specified, don't pin */
if(!pinnedpubkey)
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
-#ifdef curlssl_sha256sum
+ if(!Curl_ssl->sha256sum) {
+ /* without sha256 support, this cannot match */
+ return result;
+ }
+
/* compute sha256sum of public key */
sha256sumdigest = malloc(SHA256_DIGEST_LENGTH);
if(!sha256sumdigest)
return CURLE_OUT_OF_MEMORY;
- curlssl_sha256sum(pubkey, pubkeylen,
- sha256sumdigest, SHA256_DIGEST_LENGTH);
+ Curl_ssl->sha256sum(pubkey, pubkeylen,
+ sha256sumdigest, SHA256_DIGEST_LENGTH);
encode = Curl_base64_encode(data, (char *)sha256sumdigest,
SHA256_DIGEST_LENGTH, &encoded, &encodedlen);
Curl_safefree(sha256sumdigest);
} while(end_pos && begin_pos);
Curl_safefree(encoded);
Curl_safefree(pinkeycopy);
-#else
- /* without sha256 support, this cannot match */
- (void)data;
-#endif
return result;
}
CURLcode (*md5sum)(unsigned char *input, size_t inputlen,
unsigned char *md5sum, size_t md5sumlen);
+ void (*sha256sum)(const unsigned char *input, size_t inputlen,
+ unsigned char *sha256sum, size_t sha256sumlen);
};
#ifdef USE_SSL
projects / curl / commitdiff