sha256: use high-level EVP interface for OpenSSL

Available since OpenSSL 0.9.7. The low-level SHA256 interface is deprecated in OpenSSL v3, and its usage was discouraged even before. Closes https://github.com/curl/curl/pull/7808
2021-10-02 12:32:42 +02:00 · 2021-10-02 12:32:42 +02:00 · 94696e1b51
commit 94696e1b51
parent 802d864450
1 changed files with 70 additions and 41 deletions
--- a/lib/sha256.c
+++ b/lib/sha256.c
@ -40,7 +40,7 @@

 #include <openssl/opensslv.h>

-#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090700fL)
 #define USE_OPENSSL_SHA256
 #endif

@ -70,7 +70,36 @@
 #if defined(USE_OPENSSL_SHA256)

 /* When OpenSSL is available we use the SHA256-function from OpenSSL */
-#include <openssl/sha.h>
+#include <openssl/evp.h>
+
+#include "curl_memory.h"
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+struct sha256_ctx {
+  EVP_MD_CTX *openssl_ctx;
+};
+typedef struct sha256_ctx my_sha256_ctx;
+
+static void my_sha256_init(my_sha256_ctx *ctx)
+{
+  ctx->openssl_ctx = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL);
+}
+
+static void my_sha256_update(my_sha256_ctx *ctx,
+                             const unsigned char *data,
+                             unsigned int length)
+{
+  EVP_DigestUpdate(ctx->openssl_ctx, data, length);
+}
+
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
+{
+  EVP_DigestFinal_ex(ctx->openssl_ctx, digest, NULL);
+  EVP_MD_CTX_destroy(ctx->openssl_ctx);
+}

 #elif defined(USE_GNUTLS)

@ -81,21 +110,21 @@
 /* The last #include file should be: */
 #include "memdebug.h"

-typedef struct sha256_ctx SHA256_CTX;
+typedef struct sha256_ctx my_sha256_ctx;

-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
 {
  sha256_init(ctx);
 }

-static void SHA256_Update(SHA256_CTX *ctx,
-                          const unsigned char *data,
-                          unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+                             const unsigned char *data,
+                             unsigned int length)
 {
  sha256_update(ctx, length, data);
 }

-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
 {
  sha256_digest(ctx, SHA256_DIGEST_SIZE, digest);
 }
@ -109,9 +138,9 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
 /* The last #include file should be: */
 #include "memdebug.h"

-typedef mbedtls_sha256_context SHA256_CTX;
+typedef mbedtls_sha256_context my_sha256_ctx;

-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
 {
 #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS)
  (void) mbedtls_sha256_starts(ctx, 0);
@ -120,9 +149,9 @@ static void SHA256_Init(SHA256_CTX *ctx)
 #endif
 }

-static void SHA256_Update(SHA256_CTX *ctx,
-                          const unsigned char *data,
-                          unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+                             const unsigned char *data,
+                             unsigned int length)
 {
 #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS)
  (void) mbedtls_sha256_update(ctx, data, length);
@ -131,7 +160,7 @@ static void SHA256_Update(SHA256_CTX *ctx,
 #endif
 }

-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
 {
 #if !defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS)
  (void) mbedtls_sha256_finish(ctx, digest);
@ -152,21 +181,21 @@ static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
 /* The last #include file should be: */
 #include "memdebug.h"

-typedef CC_SHA256_CTX SHA256_CTX;
+typedef CC_SHA256_CTX my_sha256_ctx;

-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
 {
  (void) CC_SHA256_Init(ctx);
 }

-static void SHA256_Update(SHA256_CTX *ctx,
-                          const unsigned char *data,
-                          unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+                             const unsigned char *data,
+                             unsigned int length)
 {
  (void) CC_SHA256_Update(ctx, data, length);
 }

-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
 {
  (void) CC_SHA256_Final(digest, ctx);
 }
@ -179,13 +208,13 @@ struct sha256_ctx {
  HCRYPTPROV hCryptProv;
  HCRYPTHASH hHash;
 };
-typedef struct sha256_ctx SHA256_CTX;
+typedef struct sha256_ctx my_sha256_ctx;

 #if !defined(CALG_SHA_256)
 #define CALG_SHA_256 0x0000800c
 #endif

-static void SHA256_Init(SHA256_CTX *ctx)
+static void my_sha256_init(my_sha256_ctx *ctx)
 {
  if(CryptAcquireContext(&ctx->hCryptProv, NULL, NULL, PROV_RSA_AES,
                         CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
@ -193,14 +222,14 @@ static void SHA256_Init(SHA256_CTX *ctx)
  }
 }

-static void SHA256_Update(SHA256_CTX *ctx,
-                          const unsigned char *data,
-                          unsigned int length)
+static void my_sha256_update(my_sha256_ctx *ctx,
+                             const unsigned char *data,
+                             unsigned int length)
 {
  CryptHashData(ctx->hHash, (unsigned char *) data, length, 0);
 }

-static void SHA256_Final(unsigned char *digest, SHA256_CTX *ctx)
+static void my_sha256_final(unsigned char *digest, my_sha256_ctx *ctx)
 {
  unsigned long length = 0;

@ -269,7 +298,7 @@ struct sha256_state {
  unsigned long state[8], curlen;
  unsigned char buf[64];
 };
-typedef struct sha256_state SHA256_CTX;
+typedef struct sha256_state my_sha256_ctx;

 /* The K array */
 static const unsigned long K[64] = {
@ -346,7 +375,7 @@ static int sha256_compress(struct sha256_state *md,
 }

 /* Initialize the hash state */
-static void SHA256_Init(struct sha256_state *md)
+static void my_sha256_init(struct sha256_state *md)
 {
  md->curlen = 0;
  md->length = 0;
@ -367,9 +396,9 @@ static void SHA256_Init(struct sha256_state *md)
   @param inlen  The length of the data (octets)
   @return CRYPT_OK if successful
 */
-static int SHA256_Update(struct sha256_state *md,
-                         const unsigned char *in,
-                         unsigned long inlen)
+static int my_sha256_update(struct sha256_state *md,
+                            const unsigned char *in,
+                            unsigned long inlen)
 {
  unsigned long n;

@ -408,8 +437,8 @@ static int SHA256_Update(struct sha256_state *md,
   @param out [out] The destination of the hash (32 bytes)
   @return CRYPT_OK if successful
 */
-static int SHA256_Final(unsigned char *out,
-                        struct sha256_state *md)
+static int my_sha256_final(unsigned char *out,
+                           struct sha256_state *md)
 {
  int i;

@ -466,24 +495,24 @@ static int SHA256_Final(unsigned char *out,
 void Curl_sha256it(unsigned char *output, const unsigned char *input,
                   const size_t length)
 {
-  SHA256_CTX ctx;
+  my_sha256_ctx ctx;

-  SHA256_Init(&ctx);
-  SHA256_Update(&ctx, input, curlx_uztoui(length));
-  SHA256_Final(output, &ctx);
+  my_sha256_init(&ctx);
+  my_sha256_update(&ctx, input, curlx_uztoui(length));
+  my_sha256_final(output, &ctx);
 }


 const struct HMAC_params Curl_HMAC_SHA256[] = {
  {
    /* Hash initialization function. */
-    CURLX_FUNCTION_CAST(HMAC_hinit_func, SHA256_Init),
+    CURLX_FUNCTION_CAST(HMAC_hinit_func, my_sha256_init),
    /* Hash update function. */
-    CURLX_FUNCTION_CAST(HMAC_hupdate_func, SHA256_Update),
+    CURLX_FUNCTION_CAST(HMAC_hupdate_func, my_sha256_update),
    /* Hash computation end function. */
-    CURLX_FUNCTION_CAST(HMAC_hfinal_func, SHA256_Final),
+    CURLX_FUNCTION_CAST(HMAC_hfinal_func, my_sha256_final),
    /* Size of hash context structure. */
-    sizeof(SHA256_CTX),
+    sizeof(my_sha256_ctx),
    /* Maximum key length. */
    64,
    /* Result size. */