From 28f0932073bfbcb977e2638e137e2519cb2b14e2 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 23 Mar 2026 18:23:39 +0100 Subject: [PATCH] curl_sha512_256: support delegating to wolfSSL API Offered by wolfSSL v5.0.0+ (2021-11-01). Closes #21077 --- lib/curl_sha512_256.c | 56 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 49 insertions(+), 7 deletions(-) diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c index 648e3e38e9..24fea0c5b3 100644 --- a/lib/curl_sha512_256.c +++ b/lib/curl_sha512_256.c @@ -28,12 +28,12 @@ #include "curl_sha512_256.h" /* The recommended order of the TLS backends: - * 1. OpenSSL - * 2. GnuTLS - * 3. wolfSSL - * 4. Schannel SSPI - * 5. mbedTLS - * 6. Rustls + * 1. USE_OPENSSL + * 2. USE_WOLFSSL + * 3. USE_GNUTLS + * 4. USE_MBEDTLS + * 5. USE_RUSTLS + * 6. USE_WIN32_CRYPTO * Skip the backend if it does not support the required algorithm */ #ifdef USE_OPENSSL @@ -64,7 +64,17 @@ # endif # endif # endif -#endif /* USE_OPENSSL */ +#elif defined(USE_WOLFSSL) +# include +# if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX >= 0x05000000 +# include +# include +# ifndef WOLFSSL_NOSHA512_256 +# define USE_OPENSSL_SHA512_256 1 +# define HAS_SHA512_256_IMPLEMENTATION 1 +# endif +# endif +#endif #if !defined(HAS_SHA512_256_IMPLEMENTATION) && defined(USE_GNUTLS) # include @@ -91,7 +101,11 @@ /** * Context type used for SHA-512/256 calculations */ +#ifdef USE_OPENSSL typedef EVP_MD_CTX *Curl_sha512_256_ctx; +#else +typedef WOLFSSL_EVP_MD_CTX *Curl_sha512_256_ctx; +#endif /** * Initialise structure for SHA-512/256 calculation. @@ -104,21 +118,36 @@ static CURLcode Curl_sha512_256_init(void *context) { Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context; +#ifdef USE_OPENSSL *ctx = EVP_MD_CTX_create(); +#else + *ctx = wolfSSL_EVP_MD_CTX_new(); +#endif if(!*ctx) return CURLE_OUT_OF_MEMORY; +#ifdef USE_OPENSSL if(EVP_DigestInit_ex(*ctx, EVP_sha512_256(), NULL)) { /* Check whether the header and this file use the same numbers */ DEBUGASSERT(EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE); /* Check whether the block size is correct */ DEBUGASSERT(EVP_MD_CTX_block_size(*ctx) == CURL_SHA512_256_BLOCK_SIZE); +#else + if(wolfSSL_EVP_DigestInit_ex(*ctx, wolfSSL_EVP_sha512_256(), NULL)) { + /* Check whether the header and this file use the same numbers */ + DEBUGASSERT(wolfSSL_EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE); + /* wolfSSL_EVP_MD_CTX_block_size() returns zero as of v5.9.0 */ +#endif return CURLE_OK; /* Success */ } /* Cleanup */ +#ifdef USE_OPENSSL EVP_MD_CTX_destroy(*ctx); +#else + wolfSSL_EVP_MD_CTX_free(*ctx); +#endif return CURLE_FAILED_INIT; } @@ -136,7 +165,11 @@ static CURLcode Curl_sha512_256_update(void *context, { Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context; +#ifdef USE_OPENSSL if(!EVP_DigestUpdate(*ctx, data, length)) +#else + if(!wolfSSL_EVP_DigestUpdate(*ctx, data, length)) +#endif return CURLE_SSL_CIPHER; return CURLE_OK; @@ -166,10 +199,19 @@ static CURLcode Curl_sha512_256_finish(unsigned char *digest, void *context) memcpy(digest, tmp_digest, CURL_SHA512_256_DIGEST_SIZE); explicit_memset(tmp_digest, 0, sizeof(tmp_digest)); #else /* !NEED_NETBSD_SHA512_256_WORKAROUND */ +#ifdef USE_OPENSSL ret = EVP_DigestFinal_ex(*ctx, digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER; +#else + ret = wolfSSL_EVP_DigestFinal_ex(*ctx, digest, NULL) ? + CURLE_OK : CURLE_SSL_CIPHER; +#endif #endif /* NEED_NETBSD_SHA512_256_WORKAROUND */ +#ifdef USE_OPENSSL EVP_MD_CTX_destroy(*ctx); +#else + wolfSSL_EVP_MD_CTX_free(*ctx); +#endif *ctx = NULL; return ret;