-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SHA-512/256 real implementation #12897
Conversation
9269faa
to
92e01e1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome! Just some nits from me...
Is there a particular reason you did not use the TLS library's crypto functions for this? OpenSSL etc provide functions for this. |
Frankly, I didn't check the latest (read "five years old") OpenSSL versions. Previously OpenSSL supported only SHA-512, which is quite different. |
92e01e1
to
c55d4bb
Compare
The only failing test is 1165, reported sync CURL_DISABLE not in sync.
|
Unrelated: regexps in |
f710b8f
to
1f2c640
Compare
PR #12903 published |
Are there any crypto libraries used by libcurl that still lack SHA2 functions? SHA-256 support was added to libcurl before OpenSSL supported it, but I don't see a need to carry a local version of this calculation today. There are optimized functions already available that curl could use instead. |
I think MD5 and SHA-256 are supported by most of TLS libs. However, I'm not sure that all libs are providing digest calculation API as digest is not the primary function of TLS lib. SHA-256 and MD5 are provided by some C libraries and the kernels. |
a935115
to
c93e63d
Compare
@bagder Everything was corrected except one comment. Also CURL_DISABLE_xxx macro check was muted in unpolite way. Please give me some hints what to do. |
VS2010 and VS2008 failures are related. |
c93e63d
to
4853713
Compare
86f7fb4
to
5e0d192
Compare
@bagder I found that Line 500 in 07e5b3e
I would suggest to add CMake code like check_c_source_compiles("
inline int foo_func(void){return 0;}
int main(void)
{
return foo_func();
}" HAVE_KEYWORD_INLINE)
if(not HAVE_KEYWORD_INLINE)
check_c_source_compiles("
__inline int foo_func(void){return 0;}
int main(void)
{
return foo_func();
}" HAVE_KEYWORD___INLINE)
endif() The if both are not supported, add Also, for VS projects to work with old compilers, add somewhere in the code (to some header that included globally): #if !defined(inline) && defined(_MSC_VER)
# if _MSC_VER < 1900
# define inline __inline
# endif
#endif Currently curl code has |
1dbb750
to
4032cdb
Compare
Rebased and updated as my another PR #12903 has been merged. |
4032cdb
to
a3dae6e
Compare
No need to undef |
This comment was marked as outdated.
This comment was marked as outdated.
This could work for both VS and CMake builds (maybe for autotools even): --- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -117,6 +117,17 @@
#endif /* HAVE_CONFIG_H */
+#ifndef inline
+# if defined(__GNUC__)
+# define inline __inline__
+# elif defined(_MSC_VER) && _MSC_VER < 1900
+# define inline __inline
+# elif !defined(__cplusplus) && \
+ !(defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L)
+# define inline
+# endif
+#endif
+
/* ================================================================ */
/* Definition of preprocessor macros/symbols which modify compiler */
/* behavior or generated code characteristics must be done here, */ |
Yep, for simple However, this fix is a general fix for libcurl/curl. For this particular code force inline is better. It can be also made a part of global header, if needed. |
I'm against adding this to cmake if there is a reasonably good in-source solution for it, because adding each of these detections cripple build performance and spread redundant complexity to the build-tool level. Many targets need an in-source solution anyway. If performance of this code is so critical to require |
It would be nice to use TLS-backend implementation of I'd emphasize:
|
0fec7b2
to
8f3daaa
Compare
Updated with even more careful and correct detection of supported |
Note: this code may break some preprocessors #if defined(SOME_MACRO) && SOME_MACRO >= 3
#define SOMETHING something
#endif The correct way is #ifdef SOME_MACRO
#if SOME_MACRO >= 3
#define SOMETHING something
#endif
#endif Making comparison against C-like constants in preprocessor directives is not always processed correctly. #if SOME_VALUE >= 5000000L
#define SOMETHING something
#endif Correct: #if SOME_VALUE >= 5000000
#define SOMETHING something
#endif |
I would argue that is a broken preprocessor. We use this construct in several places in the code already and so far no one has reported a problem with this. |
Or can be just undetected... No problem, let me know if you prefer a shorted merged preprocessor constructs and I'll adapt the code. |
Also fix the tests. New implementation tested with GNU libmicrohttpd. The new numbers in tests are real SHA-512/256 numbers (not just some random ;) numbers ).
8f3daaa
to
b8f0405
Compare
OK, macros are merged and simplified. |
Thanks! |
- cmake: `-DCURL_DISABLE_SHA512_256=ON` - autotools: `--disable-sha512-256` Also drop the exception from `test1165.pl`. Follow-up to cbe41d1 curl#12897
- cmake: `-DCURL_DISABLE_SHA512_256=ON` - autotools: `--disable-sha512-256` Also drop the exception from `test1165.pl`. Follow-up to cbe41d1 curl#12897
This PR adds real support for SHA-512/256 hashing algorithm.
Currently curl implementation of Digest Auth fakes SHA-512/256 by using SHA-256 algorithm which is completely wrong.
The new implementation added as an optional and can be disabled if needed (the related tests are automatically disabled). The disabling machinery is here, but the support for disabling in
configure
and CMake is not implemented and can be added when/if needed.