[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 50/178: tls: fix mbedTLS 2.7.0 build + handle sha25
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 50/178: tls: fix mbedTLS 2.7.0 build + handle sha256 failures |
|
Date: |
Wed, 23 May 2018 12:24:45 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 336b6a32c0c9bec6bf6ccfc5942a3ce62ff34281
Author: Wyatt O'Day <address@hidden>
AuthorDate: Mon Apr 2 13:33:00 2018 -0400
tls: fix mbedTLS 2.7.0 build + handle sha256 failures
(mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED)
Closes #2453
---
lib/vtls/cyassl.c | 3 ++-
lib/vtls/darwinssl.c | 3 ++-
lib/vtls/gtls.c | 3 ++-
lib/vtls/mbedtls.c | 9 ++++++++-
lib/vtls/nss.c | 4 +++-
lib/vtls/openssl.c | 3 ++-
lib/vtls/polarssl.c | 3 ++-
lib/vtls/schannel.c | 3 ++-
lib/vtls/vtls.c | 6 +++++-
lib/vtls/vtls.h | 2 +-
10 files changed, 29 insertions(+), 10 deletions(-)
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 1bd42d2c8..913c22d4a 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -966,7 +966,7 @@ static CURLcode Curl_cyassl_random(struct Curl_easy *data,
return CURLE_OK;
}
-static void Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum /* output */,
size_t unused)
@@ -976,6 +976,7 @@ static void Curl_cyassl_sha256sum(const unsigned char *tmp,
/* input */
InitSha256(&SHA256pw);
Sha256Update(&SHA256pw, tmp, (word32)tmplen);
Sha256Final(&SHA256pw, sha256sum);
+ return CURLE_OK;
}
static void *Curl_cyassl_get_internals(struct ssl_connect_data *connssl,
diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index f445302fa..0919f10dc 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -2894,13 +2894,14 @@ static CURLcode Curl_darwinssl_md5sum(unsigned char
*tmp, /* input */
return CURLE_OK;
}
-static void Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_darwinssl_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum, /* output */
size_t sha256len)
{
assert(sha256len >= CURL_SHA256_DIGEST_LENGTH);
(void)CC_SHA256(tmp, (CC_LONG)tmplen, sha256sum);
+ return CURLE_OK;
}
static bool Curl_darwinssl_false_start(void)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 078874103..3f30b6c8c 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1761,7 +1761,7 @@ static CURLcode Curl_gtls_md5sum(unsigned char *tmp, /*
input */
return CURLE_OK;
}
-static void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_gtls_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum, /* output */
size_t sha256len)
@@ -1778,6 +1778,7 @@ static void Curl_gtls_sha256sum(const unsigned char *tmp,
/* input */
memcpy(sha256sum, gcry_md_read(SHA256pw, 0), sha256len);
gcry_md_close(SHA256pw);
#endif
+ return CURLE_OK;
}
static bool Curl_gtls_cert_status_request(void)
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 28251a388..e76e19b09 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -1023,13 +1023,20 @@ static bool Curl_mbedtls_data_pending(const struct
connectdata *conn,
return mbedtls_ssl_get_bytes_avail(&BACKEND->ssl) != 0;
}
-static void Curl_mbedtls_sha256sum(const unsigned char *input,
+static CURLcode Curl_mbedtls_sha256sum(const unsigned char *input,
size_t inputlen,
unsigned char *sha256sum,
size_t sha256len UNUSED_PARAM)
{
(void)sha256len;
+#if MBEDTLS_VERSION_NUMBER < 0x02070000
mbedtls_sha256(input, inputlen, sha256sum, 0);
+#else
+ /* returns 0 on success, otherwise failure */
+ if(mbedtls_sha256_ret(input, inputlen, sha256sum, 0) != 0)
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+#endif
+ return CURLE_OK;
}
static void *Curl_mbedtls_get_internals(struct ssl_connect_data *connssl,
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 458f9d814..edbacc671 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -2314,7 +2314,7 @@ static CURLcode Curl_nss_md5sum(unsigned char *tmp, /*
input */
return CURLE_OK;
}
-static void Curl_nss_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_nss_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum, /* output */
size_t sha256len)
@@ -2325,6 +2325,8 @@ static void Curl_nss_sha256sum(const unsigned char *tmp,
/* input */
PK11_DigestOp(SHA256pw, tmp, curlx_uztoui(tmplen));
PK11_DigestFinal(SHA256pw, sha256sum, &SHA256out, curlx_uztoui(sha256len));
PK11_DestroyContext(SHA256pw, PR_TRUE);
+
+ return CURLE_OK;
}
static bool Curl_nss_cert_status_request(void)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index fc9ad47ad..205d303ed 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3603,7 +3603,7 @@ static CURLcode Curl_ossl_md5sum(unsigned char *tmp, /*
input */
}
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && !defined(OPENSSL_NO_SHA256)
-static void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
+static CURLcode Curl_ossl_sha256sum(const unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *sha256sum /* output */,
size_t unused)
@@ -3617,6 +3617,7 @@ static void Curl_ossl_sha256sum(const unsigned char *tmp,
/* input */
EVP_DigestUpdate(mdctx, tmp, tmplen);
EVP_DigestFinal_ex(mdctx, sha256sum, &len);
EVP_MD_CTX_destroy(mdctx);
+ return CURLE_OK;
}
#endif
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index df29fa945..d36cc70ee 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -882,13 +882,14 @@ static bool Curl_polarssl_data_pending(const struct
connectdata *conn,
return ssl_get_bytes_avail(&BACKEND->ssl) != 0;
}
-static void Curl_polarssl_sha256sum(const unsigned char *input,
+static CURLcode Curl_polarssl_sha256sum(const unsigned char *input,
size_t inputlen,
unsigned char *sha256sum,
size_t sha256len UNUSED_PARAM)
{
(void)sha256len;
sha256(input, inputlen, sha256sum, 0);
+ return CURLE_OK;
}
static void *Curl_polarssl_get_internals(struct ssl_connect_data *connssl,
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index b8afe46f1..76392a1fd 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1949,13 +1949,14 @@ static CURLcode Curl_schannel_md5sum(unsigned char
*input,
return CURLE_OK;
}
-static void Curl_schannel_sha256sum(const unsigned char *input,
+static CURLcode Curl_schannel_sha256sum(const unsigned char *input,
size_t inputlen,
unsigned char *sha256sum,
size_t sha256len)
{
Curl_schannel_checksum(input, inputlen, sha256sum, sha256len,
PROV_RSA_AES, CALG_SHA_256);
+ return CURLE_OK;
}
static void *Curl_schannel_get_internals(struct ssl_connect_data *connssl,
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index def1d30cb..7ad18a3df 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -831,8 +831,12 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
sha256sumdigest = malloc(CURL_SHA256_DIGEST_LENGTH);
if(!sha256sumdigest)
return CURLE_OUT_OF_MEMORY;
- Curl_ssl->sha256sum(pubkey, pubkeylen,
+ encode = Curl_ssl->sha256sum(pubkey, pubkeylen,
sha256sumdigest, CURL_SHA256_DIGEST_LENGTH);
+
+ if(encode != CURLE_OK)
+ return encode;
+
encode = Curl_base64_encode(data, (char *)sha256sumdigest,
CURL_SHA256_DIGEST_LENGTH, &encoded,
&encodedlen);
diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index c5f9d4a3f..4f76cc9e1 100644
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -72,7 +72,7 @@ struct Curl_ssl {
CURLcode (*md5sum)(unsigned char *input, size_t inputlen,
unsigned char *md5sum, size_t md5sumlen);
- void (*sha256sum)(const unsigned char *input, size_t inputlen,
+ CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
unsigned char *sha256sum, size_t sha256sumlen);
};
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 45/178: cookie: store cookies per top-level-domain-specific hash table, (continued)
- [GNUnet-SVN] [gnurl] 45/178: cookie: store cookies per top-level-domain-specific hash table, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 58/178: hash: calculate sizes with size_t instead of longs, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 53/178: FTP: allow PASV on IPv6 connections when a proxy is being used, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 42/178: docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 62/178: curl_setup: provide a CURL_SA_FAMILY_T type if none exists, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 59/178: tool_operate: Fix retry on FTP 4xx to ignore other protocols, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 61/178: build: add picky compiler warning flags for gcc 6 and 7, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 46/178: openssl: fix build with LibreSSL 2.7, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 57/178: RELEASE-NOTES: synced, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 54/178: build-openssl.bat: allow custom paths for VS and perl, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 50/178: tls: fix mbedTLS 2.7.0 build + handle sha256 failures,
gnunet <=
- [GNUnet-SVN] [gnurl] 52/178: file: restore old behavior for file:////foo/bar URLs, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 69/178: travis: use trusty for coverage build, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 70/178: travis: bump to clang 6 and gcc 7, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 85/178: README.md: add backers and sponsors, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 55/178: winbuild: make the clean target work without build-type, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 44/178: cookies: when reading from a file, only remove_expired once, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 68/178: lib: silence null-dereference warnings, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 48/178: cookie: fix and optimize 2nd top level domain name extraction, gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 51/178: Revert "openssl: Don't add verify locations when verifypeer==0", gnunet, 2018/05/23
- [GNUnet-SVN] [gnurl] 73/178: mailmap: add a monnerat fixup [ci skip], gnunet, 2018/05/23