From 624b20c63790942630f1768f7f6dbb7f65b6c5a8 Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Mon, 12 Aug 2024 00:57:41 +0200
Subject: [PATCH] lib: prefer `CURL_SHA256_DIGEST_LENGTH` over the unprefixed
 name

Already used in `vtls.h`. Prefer this curl-namespaced name over the
unprefixed `SHA256_DIGEST_LENGTH`. The latter is also defined by TLS
backends with a potential to cause issues.

Also stop relying on externel headers setting this constant. It's
already defined in `vtls.h` on curl's behalf, do this also for `lib`.

Cherry-picked from #14495
Closes #14513
---
 lib/curl_sha256.h     |  9 ++-------
 lib/http_aws_sigv4.c  | 10 +++++-----
 lib/sha256.c          |  2 +-
 tests/unit/unit1610.c |  6 +++---
 4 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/lib/curl_sha256.h b/lib/curl_sha256.h
index d99f958f90..c3cf00a217 100644
--- a/lib/curl_sha256.h
+++ b/lib/curl_sha256.h
@@ -33,13 +33,8 @@
 
 extern const struct HMAC_params Curl_HMAC_SHA256[1];
 
-#ifdef USE_WOLFSSL
-/* SHA256_DIGEST_LENGTH is an enum value in wolfSSL. Need to import it from
- * sha.h */
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/sha.h>
-#else
-#define SHA256_DIGEST_LENGTH 32
+#ifndef CURL_SHA256_DIGEST_LENGTH
+#define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */
 #endif
 
 CURLcode Curl_sha256it(unsigned char *outbuffer, const unsigned char *input,
diff --git a/lib/http_aws_sigv4.c b/lib/http_aws_sigv4.c
index 7fe24a4c6f..a2c8ac1c89 100644
--- a/lib/http_aws_sigv4.c
+++ b/lib/http_aws_sigv4.c
@@ -60,11 +60,11 @@
 #define TIMESTAMP_SIZE 17
 
 /* hex-encoded with trailing null */
-#define SHA256_HEX_LENGTH (2 * SHA256_DIGEST_LENGTH + 1)
+#define SHA256_HEX_LENGTH (2 * CURL_SHA256_DIGEST_LENGTH + 1)
 
 static void sha256_to_hex(char *dst, unsigned char *sha)
 {
-  Curl_hexencode(sha, SHA256_DIGEST_LENGTH,
+  Curl_hexencode(sha, CURL_SHA256_DIGEST_LENGTH,
                  (unsigned char *)dst, SHA256_HEX_LENGTH);
 }
 
@@ -604,7 +604,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
   const char *method = NULL;
   char *payload_hash = NULL;
   size_t payload_hash_len = 0;
-  unsigned char sha_hash[SHA256_DIGEST_LENGTH];
+  unsigned char sha_hash[CURL_SHA256_DIGEST_LENGTH];
   char sha_hex[SHA256_HEX_LENGTH];
   char content_sha256_hdr[CONTENT_SHA256_HDR_LEN + 2] = ""; /* add \r\n */
   char *canonical_request = NULL;
@@ -613,8 +613,8 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy)
   char *str_to_sign = NULL;
   const char *user = data->state.aptr.user ? data->state.aptr.user : "";
   char *secret = NULL;
-  unsigned char sign0[SHA256_DIGEST_LENGTH] = {0};
-  unsigned char sign1[SHA256_DIGEST_LENGTH] = {0};
+  unsigned char sign0[CURL_SHA256_DIGEST_LENGTH] = {0};
+  unsigned char sign1[CURL_SHA256_DIGEST_LENGTH] = {0};
   char *auth_headers = NULL;
 
   DEBUGASSERT(!proxy);
diff --git a/lib/sha256.c b/lib/sha256.c
index 04bc432ffa..91dc950161 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -247,7 +247,7 @@ static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
   unsigned long length = 0;
 
   CryptGetHashParam(ctx->hHash, HP_HASHVAL, NULL, &length, 0);
-  if(length == SHA256_DIGEST_LENGTH)
+  if(length == CURL_SHA256_DIGEST_LENGTH)
     CryptGetHashParam(ctx->hHash, HP_HASHVAL, digest, &length, 0);
 
   if(ctx->hHash)
diff --git a/tests/unit/unit1610.c b/tests/unit/unit1610.c
index b4c6ef4d34..b9d6117a74 100644
--- a/tests/unit/unit1610.c
+++ b/tests/unit/unit1610.c
@@ -44,7 +44,7 @@ UNITTEST_START
 
   const char string1[] = "1";
   const char string2[] = "hello-you-fool";
-  unsigned char output[SHA256_DIGEST_LENGTH];
+  unsigned char output[CURL_SHA256_DIGEST_LENGTH];
   unsigned char *testp = output;
 
   Curl_sha256it(output, (const unsigned char *) string1, strlen(string1));
@@ -52,14 +52,14 @@ UNITTEST_START
   verify_memory(testp,
                 "\x6b\x86\xb2\x73\xff\x34\xfc\xe1\x9d\x6b\x80\x4e\xff\x5a\x3f"
                 "\x57\x47\xad\xa4\xea\xa2\x2f\x1d\x49\xc0\x1e\x52\xdd\xb7\x87"
-                "\x5b\x4b", SHA256_DIGEST_LENGTH);
+                "\x5b\x4b", CURL_SHA256_DIGEST_LENGTH);
 
   Curl_sha256it(output, (const unsigned char *) string2, strlen(string2));
 
   verify_memory(testp,
                 "\xcb\xb1\x6a\x8a\xb9\xcb\xb9\x35\xa8\xcb\xa0\x2e\x28\xc0\x26"
                 "\x30\xd1\x19\x9c\x1f\x02\x17\xf4\x7c\x96\x20\xf3\xef\xe8\x27"
-                "\x15\xae", SHA256_DIGEST_LENGTH);
+                "\x15\xae", CURL_SHA256_DIGEST_LENGTH);
 #endif
 
 
-- 
2.47.3