curl_sha512_256: support delegating to wolfSSL API#21077
curl_sha512_256: support delegating to wolfSSL API#21077vszakats wants to merge 14 commits intocurl:masterfrom
Conversation
vszakats
force-pushed
the
curl_sha512_256
branch
from
0e99be9 to
d00864d
Compare
can't redefine because:
```
/home/runner/work/curl/curl/lib/sha256.c:63:22: error: call to undeclared function 'EVP_MD_CTX_create'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
63 | ctx->openssl_ctx = EVP_MD_CTX_create();
| ^
/home/runner/work/curl/curl/lib/sha256.c:63:22: note: did you mean 'EVP_MD_CTX_free'?
/usr/include/openssl/evp.h:700:6: note: 'EVP_MD_CTX_free' declared here
700 | void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
| ^
In file included from /home/runner/work/curl/curl/bld/lib/CMakeFiles/libcurl_static.dir/Unity/unity_0_c.c:310:
/home/runner/work/curl/curl/lib/sha256.c:63:20: error: incompatible integer to pointer conversion assigning to 'EVP_MD_CTX *' (aka 'struct evp_md_ctx_st *') from 'int' [-Wint-conversion]
63 | ctx->openssl_ctx = EVP_MD_CTX_create();
| ^ ~~~~~~~~~~~~~~~~~~~
/home/runner/work/curl/curl/lib/sha256.c:68:5: error: call to undeclared function 'EVP_MD_CTX_destroy'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
68 | EVP_MD_CTX_destroy(ctx->openssl_ctx);
| ^
/home/runner/work/curl/curl/lib/sha256.c:86:3: error: call to undeclared function 'EVP_MD_CTX_destroy'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
86 | EVP_MD_CTX_destroy(ctx->openssl_ctx);
| ^
In file included from /home/runner/work/curl/curl/bld/lib/CMakeFiles/libcurl_static.dir/Unity/unity_0_c.c:439:
/home/runner/work/curl/curl/lib/vtls/openssl.c:5468:11: error: call to undeclared function 'EVP_MD_CTX_create'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
5468 | mdctx = EVP_MD_CTX_create();
| ^
/home/runner/work/curl/curl/lib/vtls/openssl.c:5468:9: error: incompatible integer to pointer conversion assigning to 'EVP_MD_CTX *' (aka 'struct evp_md_ctx_st *') from 'int' [-Wint-conversion]
5468 | mdctx = EVP_MD_CTX_create();
| ^ ~~~~~~~~~~~~~~~~~~~
/home/runner/work/curl/curl/lib/vtls/openssl.c:5472:5: error: call to undeclared function 'EVP_MD_CTX_destroy'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
5472 | EVP_MD_CTX_destroy(mdctx);
| ^
/home/runner/work/curl/curl/lib/vtls/openssl.c:5477:3: error: call to undeclared function 'EVP_MD_CTX_destroy'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
5477 | EVP_MD_CTX_destroy(mdctx);
| ^
8 errors generated.
```
https://github.com/curl/curl/actions/runs/23453717544/job/68237366259?pr=21077
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Pull request overview
Adds wolfSSL (v5.0.0+) support to the SHA-512/256 helper by delegating to wolfSSL’s OpenSSL-compat EVP API when available, so curl can avoid using the internal/other-backend implementations on wolfSSL builds.
Changes:
- Add a wolfSSL selection branch (version-gated) that enables the EVP-based SHA-512/256 implementation.
- Switch the EVP-based implementation to use either OpenSSL or wolfSSL EVP context/types and functions depending on the active backend.
- Update the backend-selection comment describing ordering/selection.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| /* The recommended order of the TLS backends: | ||
| * 1. OpenSSL | ||
| * 2. GnuTLS | ||
| * 3. wolfSSL | ||
| * 4. Schannel SSPI | ||
| * 5. mbedTLS | ||
| * 6. Rustls | ||
| * 1. USE_OPENSSL | ||
| * 2. USE_WOLFSSL | ||
| * 3. USE_GNUTLS | ||
| * 4. USE_MBEDTLS | ||
| * 5. USE_RUSTLS | ||
| * 6. USE_WIN32_CRYPTO | ||
| * Skip the backend if it does not support the required algorithm */ |
There was a problem hiding this comment.
The “recommended order” comment lists backends (USE_MBEDTLS/USE_RUSTLS/USE_WIN32_CRYPTO) that this file doesn’t actually have #if branches for, and it doesn’t include the usual rationale used elsewhere (keeping SSL backend-specific branches in a fixed order to ensure deterministic selection when multiple backends are enabled). Please adjust this comment to match the actual branches present in this file and align with the standard wording used in e.g. lib/sha256.c and lib/curl_ntlm_core.c.
| # include <wolfssl/version.h> | ||
| # if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX >= 0x05000000 | ||
| # include <wolfssl/options.h> |
There was a problem hiding this comment.
wolfSSL headers are typically included with <wolfssl/options.h> before <wolfssl/version.h> (see lib/vtls/wolfssl.c). Consider swapping the include order here to match that convention, since options.h can affect wolfSSL header feature macros.
| # include <wolfssl/version.h> | |
| # if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX >= 0x05000000 | |
| # include <wolfssl/options.h> | |
| # include <wolfssl/options.h> | |
| # include <wolfssl/version.h> | |
| # if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX >= 0x05000000 |
| # if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX >= 0x05000000 | ||
| # include <wolfssl/options.h> | ||
| # include <wolfssl/openssl/evp.h> | ||
| # ifndef WOLFSSL_NOSHA512_256 |
There was a problem hiding this comment.
This wolfSSL feature gate uses WOLFSSL_NOSHA512_256, but other wolfSSL capability checks in this repo use unprefixed NO_* macros from wolfssl/options.h (e.g. NO_MD4/NO_MD5). Please verify that WOLFSSL_NOSHA512_256 is the correct macro exported by wolfSSL; if not, switch to the correct NO_* guard (and/or guard on the presence of the wolfSSL EVP SHA-512/256 symbols) to avoid compiling the EVP path when SHA-512/256 is disabled in wolfSSL.
| # ifndef WOLFSSL_NOSHA512_256 | |
| # ifndef NO_SHA512_256 |
Offered by wolfSSL v5.0.0+ (2021-11-01).