USE_GNUTLS_NETTLE=
# First check if we can detect either crypto library via transitive linking
AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
- if test "$USE_GNUTLS_NETTLE" = ""; then
- AC_CHECK_LIB(gnutls, gcry_control, [ USE_GNUTLS_NETTLE=0 ])
- fi
+
# If not, try linking directly to both of them to see if they are available
if test "$USE_GNUTLS_NETTLE" = ""; then
AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
fi
if test "$USE_GNUTLS_NETTLE" = ""; then
- AC_CHECK_LIB(gcrypt, gcry_control, [ USE_GNUTLS_NETTLE=0 ])
- fi
- if test "$USE_GNUTLS_NETTLE" = ""; then
- AC_MSG_ERROR([GnuTLS found, but neither gcrypt nor nettle found])
- fi
- if test "$USE_GNUTLS_NETTLE" = "1"; then
- AC_DEFINE(USE_GNUTLS_NETTLE, 1, [if GnuTLS uses nettle as crypto backend])
- AC_SUBST(USE_GNUTLS_NETTLE, [1])
- LIBS="-lnettle $LIBS"
- else
- LIBS="-lgcrypt $LIBS"
+ AC_MSG_ERROR([GnuTLS found, but nettle was not found])
fi
+ LIBS="-lnettle $LIBS"
fi
dnl ---
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
/* Please keep the SSL backend-specific #if branches in this order:
1. USE_OPENSSL
- 2. USE_GNUTLS_NETTLE
- 3. USE_GNUTLS
- 4. USE_NSS
- 5. USE_MBEDTLS
- 6. USE_SECTRANSP
- 7. USE_OS400CRYPTO
- 8. USE_WIN32_CRYPTO
+ 2. USE_GNUTLS
+ 3. USE_NSS
+ 4. USE_MBEDTLS
+ 5. USE_SECTRANSP
+ 6. USE_OS400CRYPTO
+ 7. USE_WIN32_CRYPTO
This ensures that:
- the same SSL branch gets activated throughout this source
# define DESKEY(x) &x
# endif
-#elif defined(USE_GNUTLS_NETTLE)
-
-# include <nettle/des.h>
-
#elif defined(USE_GNUTLS)
-# include <gcrypt.h>
+# include <nettle/des.h>
#elif defined(USE_NSS)
DES_set_key(&key, ks);
}
-#elif defined(USE_GNUTLS_NETTLE)
+#elif defined(USE_GNUTLS)
static void setup_des_key(const unsigned char *key_56,
struct des_ctx *des)
des_set_key(des, (const uint8_t *) key);
}
-#elif defined(USE_GNUTLS)
-
-/*
- * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.
- */
-static void setup_des_key(const unsigned char *key_56,
- gcry_cipher_hd_t *des)
-{
- char key[8];
-
- /* Expand the 56-bit key to 64-bits */
- extend_key_56_to_64(key_56, key);
-
- /* Set the key parity to odd */
- Curl_des_set_odd_parity((unsigned char *) key, sizeof(key));
-
- /* Set the key */
- gcry_cipher_setkey(*des, key, sizeof(key));
-}
-
#elif defined(USE_NSS)
/*
setup_des_key(keys + 14, DESKEY(ks));
DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16),
DESKEY(ks), DES_ENCRYPT);
-#elif defined(USE_GNUTLS_NETTLE)
+#elif defined(USE_GNUTLS)
struct des_ctx des;
setup_des_key(keys, &des);
des_encrypt(&des, 8, results, plaintext);
des_encrypt(&des, 8, results + 8, plaintext);
setup_des_key(keys + 14, &des);
des_encrypt(&des, 8, results + 16, plaintext);
-#elif defined(USE_GNUTLS)
- gcry_cipher_hd_t des;
-
- gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
- setup_des_key(keys, &des);
- gcry_cipher_encrypt(des, results, 8, plaintext, 8);
- gcry_cipher_close(des);
-
- gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
- setup_des_key(keys + 7, &des);
- gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8);
- gcry_cipher_close(des);
-
- gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
- setup_des_key(keys + 14, &des);
- gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
- gcry_cipher_close(des);
#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \
|| defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(plaintext, results, keys);
setup_des_key(pw + 7, DESKEY(ks));
DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8),
DESKEY(ks), DES_ENCRYPT);
-#elif defined(USE_GNUTLS_NETTLE)
+#elif defined(USE_GNUTLS)
struct des_ctx des;
setup_des_key(pw, &des);
des_encrypt(&des, 8, lmbuffer, magic);
setup_des_key(pw + 7, &des);
des_encrypt(&des, 8, lmbuffer + 8, magic);
-#elif defined(USE_GNUTLS)
- gcry_cipher_hd_t des;
-
- gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
- setup_des_key(pw, &des);
- gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8);
- gcry_cipher_close(des);
-
- gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
- setup_des_key(pw + 7, &des);
- gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
- gcry_cipher_close(des);
#elif defined(USE_NSS) || defined(USE_MBEDTLS) || defined(USE_SECTRANSP) \
|| defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO)
encrypt_des(magic, lmbuffer, pw);
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#endif
#endif /* USE_MBEDTLS */
-#if defined(USE_GNUTLS_NETTLE)
+#if defined(USE_GNUTLS)
#include <nettle/md4.h>
md4_digest(ctx, MD4_DIGEST_SIZE, result);
}
-#elif defined(USE_GNUTLS)
-
-#include <gcrypt.h>
-
-#include "curl_memory.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-typedef gcry_md_hd_t MD4_CTX;
-
-static void MD4_Init(MD4_CTX *ctx)
-{
- gcry_md_open(ctx, GCRY_MD_MD4, 0);
-}
-
-static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
-{
- gcry_md_write(*ctx, data, size);
-}
-
-static void MD4_Final(unsigned char *result, MD4_CTX *ctx)
-{
- memcpy(result, gcry_md_read(*ctx, 0), MD4_DIGEST_LENGTH);
- gcry_md_close(*ctx);
-}
-
#elif defined(USE_OPENSSL) && !defined(OPENSSL_NO_MD4)
/* When OpenSSL is available we use the MD4-functions from OpenSSL */
#include <openssl/md4.h>
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
#endif
#endif /* USE_MBEDTLS */
-#if defined(USE_GNUTLS_NETTLE)
+#if defined(USE_GNUTLS)
#include <nettle/md5.h>
#include "curl_memory.h"
md5_digest(ctx, 16, digest);
}
-#elif defined(USE_GNUTLS)
-
-#include <gcrypt.h>
-#include "curl_memory.h"
-/* The last #include file should be: */
-#include "memdebug.h"
-
-typedef gcry_md_hd_t MD5_CTX;
-
-static void MD5_Init(MD5_CTX *ctx)
-{
- gcry_md_open(ctx, GCRY_MD_MD5, 0);
-}
-
-static void MD5_Update(MD5_CTX *ctx,
- const unsigned char *input,
- unsigned int inputLen)
-{
- gcry_md_write(*ctx, input, inputLen);
-}
-
-static void MD5_Final(unsigned char *digest, MD5_CTX *ctx)
-{
- memcpy(digest, gcry_md_read(*ctx, 0), 16);
- gcry_md_close(*ctx);
-}
-
#elif defined(USE_OPENSSL) && !defined(USE_AMISSL)
/* When OpenSSL is available we use the MD5-function from OpenSSL */
#include <openssl/md5.h>
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2017, Florin Petriuc, <petriuc.florin@gmail.com>
- * Copyright (C) 2018 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2018 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
/* Please keep the SSL backend-specific #if branches in this order:
*
* 1. USE_OPENSSL
- * 2. USE_GNUTLS_NETTLE
- * 3. USE_GNUTLS
- * 4. USE_MBEDTLS
- * 5. USE_COMMON_CRYPTO
- * 6. USE_WIN32_CRYPTO
+ * 2. USE_GNUTLS
+ * 3. USE_MBEDTLS
+ * 4. USE_COMMON_CRYPTO
+ * 5. USE_WIN32_CRYPTO
*
* This ensures that the same SSL branch gets activated throughout this source
* file even if multiple backends are enabled at the same time.
/* When OpenSSL is available we use the SHA256-function from OpenSSL */
#include <openssl/sha.h>
-#elif defined(USE_GNUTLS_NETTLE)
+#elif defined(USE_GNUTLS)
#include <nettle/sha.h>
sha256_digest(ctx, SHA256_DIGEST_SIZE, digest);
}
-#elif defined(USE_GNUTLS)
-
-#include <gcrypt.h>
-
-#include "curl_memory.h"
-
-/* The last #include file should be: */
-#include "memdebug.h"
-
-typedef gcry_md_hd_t SHA256_CTX;
-
-static void SHA256_Init(SHA256_CTX *ctx)
-{
- gcry_md_open(ctx, GCRY_MD_SHA256, 0);
-}
-
-static void SHA256_Update(SHA256_CTX *ctx,
- const unsigned char *data,
- unsigned int length)
-{
- gcry_md_write(*ctx, data, length);
-}
-
-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
-{
- memcpy(digest, gcry_md_read(*ctx, 0), SHA256_DIGEST_LENGTH);
- gcry_md_close(*ctx);
-}
-
#elif defined(USE_MBEDTLS)
#include <mbedtls/sha256.h>
#include <gnutls/abstract.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
-
-#ifdef USE_GNUTLS_NETTLE
#include <gnutls/crypto.h>
-#include <nettle/md5.h>
#include <nettle/sha2.h>
-#else
-#include <gcrypt.h>
-#endif
#include "urldata.h"
#include "sendf.h"
return msnprintf(buffer, size, "GnuTLS/%s", gnutls_check_version(NULL));
}
-#ifndef USE_GNUTLS_NETTLE
-static int gtls_seed(struct Curl_easy *data)
-{
- /* we have the "SSL is seeded" boolean static to prevent multiple
- time-consuming seedings in vain */
- static bool ssl_seeded = FALSE;
-
- /* Quickly add a bit of entropy */
- gcry_fast_random_poll();
-
- if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
- data->set.str[STRING_SSL_EGDSOCKET]) {
- ssl_seeded = TRUE;
- }
- return 0;
-}
-#endif
-
/* data might be NULL! */
static CURLcode gtls_random(struct Curl_easy *data,
unsigned char *entropy, size_t length)
{
-#if defined(USE_GNUTLS_NETTLE)
int rc;
(void)data;
rc = gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
return rc?CURLE_FAILED_INIT:CURLE_OK;
-#elif defined(USE_GNUTLS)
- if(data)
- gtls_seed(data); /* Initiate the seed if not already done */
- gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
-#endif
- return CURLE_OK;
}
static CURLcode gtls_sha256sum(const unsigned char *tmp, /* input */
unsigned char *sha256sum, /* output */
size_t sha256len)
{
-#if defined(USE_GNUTLS_NETTLE)
struct sha256_ctx SHA256pw;
sha256_init(&SHA256pw);
sha256_update(&SHA256pw, (unsigned int)tmplen, tmp);
sha256_digest(&SHA256pw, (unsigned int)sha256len, sha256sum);
-#elif defined(USE_GNUTLS)
- gcry_md_hd_t SHA256pw;
- gcry_md_open(&SHA256pw, GCRY_MD_SHA256, 0);
- gcry_md_write(SHA256pw, tmp, tmplen);
- memcpy(sha256sum, gcry_md_read(SHA256pw, 0), sha256len);
- gcry_md_close(SHA256pw);
-#endif
return CURLE_OK;
}
projects / thirdparty / curl.git / commitdiff
