sha256, sha512_256: switch to wolfCrypt API

Replacing the OpenSSL-like compatibility interface, and syncing with
existing API use within lib/wolfssl.c for SHA-256.

Ref: https://www.wolfssl.com/documentation/manuals/wolfssl/group__SHA.html

Follow-up to 28f0932073 #21077
Follow-up to 988b352f91 #21078

Closes #21090

lib/curl_sha512_256.c

@@ -31,9 +31,9 @@
  * 1. USE_OPENSSL
  * 2. USE_WOLFSSL
  * 3. USE_GNUTLS
- * 4. USE_MBEDTLS
+ * 4. USE_MBEDTLS (TBD)
- * 5. USE_RUSTLS
+ * 5. USE_RUSTLS (TBD)
- * 6. USE_WIN32_CRYPTO
+ * 6. USE_WIN32_CRYPTO (TBD)
  * Skip the backend if it does not support the required algorithm */
 
 #ifdef USE_OPENSSL
@@ -64,15 +64,13 @@
 #      endif
 #    endif
 #  endif
-#elif defined(USE_WOLFSSL)
+#endif /* USE_OPENSSL */
-#  include <wolfssl/version.h>
+
-#  if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX >= 0x05000000
+#if !defined(HAS_SHA512_256_IMPLEMENTATION) && defined(USE_WOLFSSL)
-#    include <wolfssl/options.h>
+#  include <wolfssl/options.h>
-#    include <wolfssl/openssl/evp.h>
+#  ifndef WOLFSSL_NOSHA512_256
-#    ifndef WOLFSSL_NOSHA512_256
+#    define USE_WOLFSSL_SHA512_256          1
-#      define USE_OPENSSL_SHA512_256          1
+#    define HAS_SHA512_256_IMPLEMENTATION   1
-#      define HAS_SHA512_256_IMPLEMENTATION   1
-#    endif
 #  endif
 #endif
 
@@ -101,11 +99,7 @@
 /**
  * Context type used for SHA-512/256 calculations
  */
-#ifdef USE_OPENSSL
 typedef EVP_MD_CTX *Curl_sha512_256_ctx;
-#else
-typedef WOLFSSL_EVP_MD_CTX *Curl_sha512_256_ctx;
-#endif
 
 /**
  * Initialise structure for SHA-512/256 calculation.
@@ -118,36 +112,21 @@ static CURLcode Curl_sha512_256_init(void *context)
 {
   Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context;
 
-#ifdef USE_OPENSSL
   *ctx = EVP_MD_CTX_create();
-#else
-  *ctx = wolfSSL_EVP_MD_CTX_new();
-#endif
   if(!*ctx)
     return CURLE_OUT_OF_MEMORY;
 
-#ifdef USE_OPENSSL
   if(EVP_DigestInit_ex(*ctx, EVP_sha512_256(), NULL)) {
     /* Check whether the header and this file use the same numbers */
     DEBUGASSERT(EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE);
     /* Check whether the block size is correct */
     DEBUGASSERT(EVP_MD_CTX_block_size(*ctx) == CURL_SHA512_256_BLOCK_SIZE);
-#else
-  if(wolfSSL_EVP_DigestInit_ex(*ctx, wolfSSL_EVP_sha512_256(), NULL)) {
-    /* Check whether the header and this file use the same numbers */
-    DEBUGASSERT(wolfSSL_EVP_MD_CTX_size(*ctx) == CURL_SHA512_256_DIGEST_SIZE);
-    /* wolfSSL_EVP_MD_CTX_block_size() returns zero as of v5.9.0 */
-#endif
 
     return CURLE_OK; /* Success */
   }
 
   /* Cleanup */
-#ifdef USE_OPENSSL
   EVP_MD_CTX_destroy(*ctx);
-#else
-  wolfSSL_EVP_MD_CTX_free(*ctx);
-#endif
   return CURLE_FAILED_INIT;
 }
 
@@ -165,11 +144,7 @@ static CURLcode Curl_sha512_256_update(void *context,
 {
   Curl_sha512_256_ctx * const ctx = (Curl_sha512_256_ctx *)context;
 
-#ifdef USE_OPENSSL
   if(!EVP_DigestUpdate(*ctx, data, length))
-#else
-  if(!wolfSSL_EVP_DigestUpdate(*ctx, data, length))
-#endif
     return CURLE_SSL_CIPHER;
 
   return CURLE_OK;
@@ -199,24 +174,46 @@ static CURLcode Curl_sha512_256_finish(unsigned char *digest, void *context)
     memcpy(digest, tmp_digest, CURL_SHA512_256_DIGEST_SIZE);
   explicit_memset(tmp_digest, 0, sizeof(tmp_digest));
 #else /* !NEED_NETBSD_SHA512_256_WORKAROUND */
-#ifdef USE_OPENSSL
   ret = EVP_DigestFinal_ex(*ctx, digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER;
-#else
-  ret = wolfSSL_EVP_DigestFinal_ex(*ctx, digest, NULL) ?
-    CURLE_OK : CURLE_SSL_CIPHER;
-#endif
 #endif /* NEED_NETBSD_SHA512_256_WORKAROUND */
 
-#ifdef USE_OPENSSL
   EVP_MD_CTX_destroy(*ctx);
-#else
-  wolfSSL_EVP_MD_CTX_free(*ctx);
-#endif
   *ctx = NULL;
 
   return ret;
 }
 
+#elif defined(USE_WOLFSSL_SHA512_256)
+#include <wolfssl/wolfcrypt/sha512.h>
+
+#define CURL_SHA512_256_DIGEST_SIZE WC_SHA512_256_DIGEST_SIZE
+#define CURL_SHA512_256_BLOCK_SIZE  WC_SHA512_256_BLOCK_SIZE
+
+typedef struct wc_Sha512 Curl_sha512_256_ctx;
+
+static CURLcode Curl_sha512_256_init(void *ctx)
+{
+  if(wc_InitSha512_256(ctx))
+    return CURLE_FAILED_INIT;
+  return CURLE_OK;
+}
+
+static CURLcode Curl_sha512_256_update(void *ctx,
+                                       const unsigned char *data,
+                                       size_t length)
+{
+  if(wc_Sha512_256Update(ctx, data, (word32)length))
+    return CURLE_SSL_CIPHER;
+  return CURLE_OK;
+}
+
+static CURLcode Curl_sha512_256_finish(unsigned char *digest, void *ctx)
+{
+  if(wc_Sha512_256Final(ctx, digest))
+    return CURLE_SSL_CIPHER;
+  return CURLE_OK;
+}
+
 #elif defined(USE_GNUTLS_SHA512_256)
 
 #define CURL_SHA512_256_BLOCK_SIZE  SHA512_256_BLOCK_SIZE

lib/sha256.c

@@ -50,41 +50,23 @@
  * file even if multiple backends are enabled at the same time.
  */
 
-#if defined(USE_OPENSSL) || defined(USE_WOLFSSL)
 #ifdef USE_OPENSSL
 #include <openssl/evp.h>
-#else
-#include <wolfssl/options.h>
-#include <wolfssl/openssl/evp.h>
-#endif
 
 struct ossl_sha256_ctx {
-#ifdef USE_OPENSSL
   EVP_MD_CTX *openssl_ctx;
-#else
-  WOLFSSL_EVP_MD_CTX *openssl_ctx;
-#endif
 };
 typedef struct ossl_sha256_ctx my_sha256_ctx;
 
 static CURLcode my_sha256_init(void *in)
 {
   my_sha256_ctx *ctx = (my_sha256_ctx *)in;
-#ifdef USE_OPENSSL
   ctx->openssl_ctx = EVP_MD_CTX_create();
-#else
-  ctx->openssl_ctx = wolfSSL_EVP_MD_CTX_new();
-#endif
   if(!ctx->openssl_ctx)
     return CURLE_OUT_OF_MEMORY;
 
-#ifdef USE_OPENSSL
   if(!EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL)) {
     EVP_MD_CTX_destroy(ctx->openssl_ctx);
-#else
-  if(!wolfSSL_EVP_DigestInit_ex(ctx->openssl_ctx, EVP_sha256(), NULL)) {
-    wolfSSL_EVP_MD_CTX_free(ctx->openssl_ctx);
-#endif
     return CURLE_FAILED_INIT;
   }
   return CURLE_OK;
@@ -95,23 +77,39 @@ static void my_sha256_update(void *in,
                              unsigned int length)
 {
   my_sha256_ctx *ctx = (my_sha256_ctx *)in;
-#ifdef USE_OPENSSL
   EVP_DigestUpdate(ctx->openssl_ctx, data, length);
-#else
-  wolfSSL_EVP_DigestUpdate(ctx->openssl_ctx, data, length);
-#endif
 }
 
 static void my_sha256_final(unsigned char *digest, void *in)
 {
   my_sha256_ctx *ctx = (my_sha256_ctx *)in;
-#ifdef USE_OPENSSL
   EVP_DigestFinal_ex(ctx->openssl_ctx, digest, NULL);
   EVP_MD_CTX_destroy(ctx->openssl_ctx);
-#else
+}
-  wolfSSL_EVP_DigestFinal_ex(ctx->openssl_ctx, digest, NULL);
+
-  wolfSSL_EVP_MD_CTX_free(ctx->openssl_ctx);
+#elif defined(USE_WOLFSSL)
-#endif
+#include <wolfssl/options.h>
+#include <wolfssl/wolfcrypt/sha256.h>
+
+typedef struct wc_Sha256 my_sha256_ctx;
+
+static CURLcode my_sha256_init(void *in)
+{
+  if(wc_InitSha256(in))
+    return CURLE_FAILED_INIT;
+  return CURLE_OK;
+}
+
+static void my_sha256_update(void *in,
+                             const unsigned char *data,
+                             unsigned int length)
+{
+  (void)wc_Sha256Update(in, data, (word32)length);
+}
+
+static void my_sha256_final(unsigned char *digest, void *in)
+{
+  (void)wc_Sha256Final(in, digest);
 }
 
 #elif defined(USE_GNUTLS)