curl_sha512_256: support delegating to wolfSSL API

Offered by wolfSSL v5.0.0+ (2021-11-01).

Closes #21077

diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c
index 648e3e38e960be028a92a3b48a576f41bbc6a0ac..24fea0c5b3777ffd69c82f69cd15b85593d622c3 100644 (file)
--- a/lib/curl_sha512_256.c
+++ b/lib/curl_sha512_256.c
@@ -28,12 +28,12 @@
 #include "curl_sha512_256.h"
 
 /* The recommended order of the TLS backends:
- * 1. OpenSSL
- * 2. GnuTLS
- * 3. wolfSSL
- * 4. Schannel SSPI
- * 5. mbedTLS
- * 6. Rustls
+ * 1. USE_OPENSSL
+ * 2. USE_WOLFSSL
+ * 3. USE_GNUTLS
+ * 4. USE_MBEDTLS
+ * 5. USE_RUSTLS
+ * 6. USE_WIN32_CRYPTO
  * Skip the backend if it does not support the required algorithm */
 
 #ifdef USE_OPENSSL
@@ -64,7 +64,17 @@
 #      endif
 #    endif
 #  endif
-#endif /* USE_OPENSSL */
+#elif defined(USE_WOLFSSL)
+#  include <wolfssl/version.h>
+#  if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX >= 0x05000000
+#    include <wolfssl/options.h>
+#    include <wolfssl/openssl/evp.h>
+#    ifndef WOLFSSL_NOSHA512_256
+#      define USE_OPENSSL_SHA512_256          1
+#      define HAS_SHA512_256_IMPLEMENTATION   1
+#    endif
+#  endif
+#endif
 
 #if !defined(HAS_SHA512_256_IMPLEMENTATION) && defined(USE_GNUTLS)
 #  include <nettle/sha.h>
@@ -91,7 +101,11 @@
 /**
  * Context type used for SHA-512/256 calculations
  */
+#ifdef USE_OPENSSL
 typedef EVP_MD_CTX *Curl_sha512_256_ctx;
+#else
+typedef WOLFSSL_EVP_MD_CTX *Curl_sha512_256_ctx;
+#endif
 
 /**
  * Initialise structure for SHA-512/256 calculation.
@@ -104,21 +118,36 @@ static CURLcode Curl_sha512_256_init(void *context)
 {
   Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context;
 
+#ifdef USE_OPENSSL
   *ctx = EVP_MD_CTX_create();
+#else
+  *ctx = wolfSSL_EVP_MD_CTX_new();
+#endif
   if(!*ctx)
     return CURLE_OUT_OF_MEMORY;
 
+#ifdef USE_OPENSSL
   if(EVP_DigestInit_ex(*ctx, EVP_sha512_256(), NULL)) {
     /* Check whether the header and this file use the same numbers */
     DEBUGASSERT(EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE);
     /* Check whether the block size is correct */
     DEBUGASSERT(EVP_MD_CTX_block_size(*ctx) == CURL_SHA512_256_BLOCK_SIZE);
+#else
+  if(wolfSSL_EVP_DigestInit_ex(*ctx, wolfSSL_EVP_sha512_256(), NULL)) {
+    /* Check whether the header and this file use the same numbers */
+    DEBUGASSERT(wolfSSL_EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE);
+    /* wolfSSL_EVP_MD_CTX_block_size() returns zero as of v5.9.0 */
+#endif
 
     return CURLE_OK; /* Success */
   }
 
   /* Cleanup */
+#ifdef USE_OPENSSL
   EVP_MD_CTX_destroy(*ctx);
+#else
+  wolfSSL_EVP_MD_CTX_free(*ctx);
+#endif
   return CURLE_FAILED_INIT;
 }
 
@@ -136,7 +165,11 @@ static CURLcode Curl_sha512_256_update(void *context,
 {
   Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context;
 
+#ifdef USE_OPENSSL
   if(!EVP_DigestUpdate(*ctx, data, length))
+#else
+  if(!wolfSSL_EVP_DigestUpdate(*ctx, data, length))
+#endif
     return CURLE_SSL_CIPHER;
 
   return CURLE_OK;
@@ -166,10 +199,19 @@ static CURLcode Curl_sha512_256_finish(unsigned char *digest, void *context)
     memcpy(digest, tmp_digest, CURL_SHA512_256_DIGEST_SIZE);
   explicit_memset(tmp_digest, 0, sizeof(tmp_digest));
 #else /* !NEED_NETBSD_SHA512_256_WORKAROUND */
+#ifdef USE_OPENSSL
   ret = EVP_DigestFinal_ex(*ctx, digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER;
+#else
+  ret = wolfSSL_EVP_DigestFinal_ex(*ctx, digest, NULL) ?
+    CURLE_OK : CURLE_SSL_CIPHER;
+#endif
 #endif /* NEED_NETBSD_SHA512_256_WORKAROUND */
 
+#ifdef USE_OPENSSL
   EVP_MD_CTX_destroy(*ctx);
+#else
+  wolfSSL_EVP_MD_CTX_free(*ctx);
+#endif
   *ctx = NULL;
 
   return ret;