0001-sha512-256-support-delegating-to-patched-bearssl.patch (3494B)
1 From d1d4f8d4effdb9729bcdca711910bd418651f3fe Mon Sep 17 00:00:00 2001 2 From: Michael Forney <mforney@mforney.org> 3 Date: Fri, 15 May 2026 03:02:00 -0700 4 Subject: [PATCH] sha512-256: support delegating to (patched) bearssl 5 6 --- 7 lib/curl_sha512_256.c | 81 ++++++++++++++++++++++++++++++++++++++++--- 8 1 file changed, 77 insertions(+), 4 deletions(-) 9 10 diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c 11 index 75a7765931..2ac9002ea6 100644 12 --- a/lib/curl_sha512_256.c 13 +++ b/lib/curl_sha512_256.c 14 @@ -31,10 +31,10 @@ 15 * 1. USE_OPENSSL 16 * 2. USE_WOLFSSL 17 * 3. USE_GNUTLS 18 - * 4. USE_MBEDTLS (TBD) 19 - * 5. USE_RUSTLS (TBD) 20 - * 6. USE_WIN32_CRYPTO (TBD) 21 - * 7. USE_BEARSSL (TBD) 22 + * 4. USE_BEARSSL 23 + * 5. USE_MBEDTLS (TBD) 24 + * 6. USE_RUSTLS (TBD) 25 + * 7. USE_WIN32_CRYPTO (TBD) 26 * Skip the backend if it does not support the required algorithm */ 27 28 #ifdef USE_OPENSSL 29 @@ -79,9 +79,16 @@ 30 # include <nettle/sha.h> 31 # ifdef SHA512_256_DIGEST_SIZE 32 # define USE_GNUTLS_SHA512_256 1 33 +# define HAS_SHA512_256_IMPLEMENTATION 1 34 # endif 35 #endif /* !HAS_SHA512_256_IMPLEMENTATION && USE_GNUTLS */ 36 37 +#if !defined(HAS_SHA512_256_IMPLEMENTATION) && defined(USE_BEARSSL) 38 +# include <bearssl.h> 39 +# define USE_BEARSSL_SHA512_256 1 40 +# define HAS_SHA512_256_IMPLEMENTATION 1 41 +#endif /* !HAS_SHA512_256_IMPLEMENTATION && USE_BEARSSL */ 42 + 43 #ifdef USE_OPENSSL_SHA512_256 44 45 /* OpenSSL does not provide macros for SHA-512/256 sizes */ 46 @@ -288,6 +295,72 @@ static CURLcode Curl_sha512_256_finish(unsigned char *digest, void *context) 47 return CURLE_OK; 48 } 49 50 +#elif defined(USE_BEARSSL_SHA512_256) 51 + 52 +#define CURL_SHA512_256_BLOCK_SIZE 128 53 +#define CURL_SHA512_256_DIGEST_SIZE br_sha512_256_SIZE 54 + 55 +/** 56 + * Context type used for SHA-512/256 calculations 57 + */ 58 +typedef br_sha512_256_context Curl_sha512_256_ctx; 59 + 60 +/** 61 + * Initialise structure for SHA-512/256 calculation. 62 + * 63 + * @param context the calculation context 64 + * @return always CURLE_OK 65 + */ 66 +static CURLcode Curl_sha512_256_init(void *context) 67 +{ 68 + Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context; 69 + 70 + /* Check whether the header and this file use the same numbers */ 71 + DEBUGASSERT(CURL_SHA512_256_DIGEST_LENGTH == CURL_SHA512_256_DIGEST_SIZE); 72 + 73 + br_sha512_256_init(ctx); 74 + 75 + return CURLE_OK; 76 +} 77 + 78 +/** 79 + * Process portion of bytes. 80 + * 81 + * @param context the calculation context 82 + * @param data bytes to add to hash 83 + * @param length number of bytes in @a data 84 + * @return always CURLE_OK 85 + */ 86 +static CURLcode Curl_sha512_256_update(void *context, 87 + const unsigned char *data, 88 + size_t length) 89 +{ 90 + Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context; 91 + 92 + DEBUGASSERT((data != NULL) || (length == 0)); 93 + 94 + br_sha512_256_update(ctx, data, length); 95 + 96 + return CURLE_OK; 97 +} 98 + 99 +/** 100 + * Finalise SHA-512/256 calculation, return digest. 101 + * 102 + * @param context the calculation context 103 + * @param[out] digest set to the hash, must be #CURL_SHA512_256_DIGEST_SIZE 104 + * bytes 105 + * @return always CURLE_OK 106 + */ 107 +static CURLcode Curl_sha512_256_finish(unsigned char *digest, void *context) 108 +{ 109 + Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context; 110 + 111 + br_sha512_256_out(ctx, digest); 112 + 113 + return CURLE_OK; 114 +} 115 + 116 #else /* No system or TLS backend SHA-512/256 implementation available */ 117 118 /* ** This implementation of SHA-512/256 hash calculation was originally ** * 119 -- 120 2.54.0 121