diff --git a/src/ssl.c b/src/ssl.c index d10cd8545..bf58cfd90 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16884,7 +16884,28 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } + #if defined(OPENSSL_EXTRA) + int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX* sha, + const unsigned char* data) + { + int ret; + + WOLFSSL_ENTER("SHA_Transform"); + #if defined(LITTLE_ENDIAN_ORDER) + { + ByteReverseWords((word32*)data, (word32*)data, WC_SHA_BLOCK_SIZE); + } + #endif + ret = wc_ShaTransform((wc_Sha*)sha, data); + /* return 1 on success, 0 otherwise */ + if (ret == 0) + return 1; + + return ret; + } + #endif + int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha) { WOLFSSL_ENTER("SHA1_Init"); @@ -16905,6 +16926,14 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("SHA1_Final"); return SHA_Final(input, sha); } + #if defined(OPENSSL_EXTRA) + int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, + const unsigned char* data) + { + WOLFSSL_ENTER("SHA1_Transform"); + return (wolfSSL_SHA_Transform(sha, data)); + } + #endif #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 @@ -42919,6 +42948,16 @@ err: defined(WOLFSSL_HAPROXY) #ifndef NO_SHA + /* One shot SHA hash of message. + * + * Wrap SHA1 one shot + */ + unsigned char *wolfSSL_SHA(const unsigned char *d, size_t n, + unsigned char *md) + { + return wolfSSL_SHA1(d, n, md); + } + /* One shot SHA1 hash of message. * * d message to hash diff --git a/tests/api.c b/tests/api.c index 893d82fb0..2c638fe07 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32794,6 +32794,11 @@ static void test_wolfSSL_SHA(void) XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); AssertNotNull(SHA1(in, XSTRLEN((char*)in), out)); AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); + + /* SHA interface test */ + XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); + AssertNotNull(SHA(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); } #endif @@ -33025,7 +33030,51 @@ static void test_wolfSSL_SHA224(void) printf(resultFmt, passed); #endif } +static void test_wolfSSL_SHA_Transform(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ + defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + byte input1[] = ""; + byte input2[] = "abc"; + byte local[WC_SHA_BLOCK_SIZE]; + word32 sLen = 0; + word32 i; + unsigned char output1[] = + "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf" + "\x93\x3a\xf7\x09"; + unsigned char output2[] = + "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d" + "\xb8\x08\x6e\x7c"; + WOLFSSL_SHA_CTX sha; + + printf(testingFmt, "wolfSSL_SHA_Transform()"); + + XMEMSET(&sha, 0, sizeof(sha)); + XMEMSET(&local, 0, sizeof(local)); + + /* Init SHA CTX */ + AssertIntEQ(wolfSSL_SHA_Init(&sha), 1); + /* Do Transform*/ + sLen = XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1); + for(i = 0; i< 5; i++) { + printf("sha->diges[%d] = 0x%08x\n", i, ((wc_Sha*)&sha)->digest[i]); + } + AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1, WC_SHA_DIGEST_SIZE), 0); + + /* Init SHA256 CTX */ + AssertIntEQ(wolfSSL_SHA_Init(&sha), 1); + sLen = XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + AssertIntEQ(wolfSSL_SHA_Transform(&sha, (const byte*)&local[0]), 1); + AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2, WC_SHA_DIGEST_SIZE), 0); + + printf(resultFmt, passed); +#endif +} static void test_wolfSSL_SHA256_Transform(void) { @@ -40978,6 +41027,7 @@ void ApiTest(void) test_wolfSSL_DH_1536_prime(); test_wolfSSL_PEM_write_DHparams(); test_wolfSSL_AES_ecb_encrypt(); + test_wolfSSL_SHA_Transform(); test_wolfSSL_SHA256(); test_wolfSSL_SHA256_Transform(); test_wolfSSL_SHA224(); diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 63f4ed402..35c1589c6 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -773,6 +773,13 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) return ret; } +#if defined(OPENSSL_EXTRA) +int wc_ShaTransform(wc_Sha* sha, const unsigned char* data) +{ + return (Transform(sha, data)); +} +#endif + #endif /* USE_SHA_SOFTWARE_IMPL */ diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index e4ff4af6c..9db9a098e 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -52,12 +52,14 @@ typedef struct WOLFSSL_SHA_CTX { WOLFSSL_API int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX*); WOLFSSL_API int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long); WOLFSSL_API int wolfSSL_SHA_Final(unsigned char*, WOLFSSL_SHA_CTX*); - +WOLFSSL_API int wolfSSL_SHA_Transform(WOLFSSL_SHA_CTX*, + const unsigned char *data); /* SHA1 points to above, shouldn't use SHA0 ever */ WOLFSSL_API int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX*); WOLFSSL_API int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX*, const void*, unsigned long); WOLFSSL_API int wolfSSL_SHA1_Final(unsigned char*, WOLFSSL_SHA_CTX*); - +WOLFSSL_API int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX*, + const unsigned char *data); enum { SHA_DIGEST_LENGTH = 20 }; @@ -68,6 +70,13 @@ typedef WOLFSSL_SHA_CTX SHA_CTX; #define SHA_Init wolfSSL_SHA_Init #define SHA_Update wolfSSL_SHA_Update #define SHA_Final wolfSSL_SHA_Final +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) + /* SHA is only available in non-fips mode or fips version > 2 mode + * because of SHA enum in FIPS build. */ + #define SHA wolfSSL_SHA +#endif #define SHA1_Init wolfSSL_SHA1_Init #define SHA1_Update wolfSSL_SHA1_Update @@ -99,9 +108,11 @@ typedef WOLFSSL_SHA224_CTX SHA224_CTX; #define SHA224_Init wolfSSL_SHA224_Init #define SHA224_Update wolfSSL_SHA224_Update #define SHA224_Final wolfSSL_SHA224_Final -#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - /* SHA224 is only available in non-fips mode because of SHA224 enum in FIPS - * build. */ +#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) + /* SHA224 is only available in non-fips mode or fips version > 2 mode + * because of SHA224 enum in FIPS build. */ #define SHA224 wolfSSL_SHA224 #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d2bdfcf09..a9f7f6738 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3638,6 +3638,7 @@ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg); WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne); +WOLFSSL_API unsigned char *wolfSSL_SHA(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA224(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 6203d648d..f074f28c4 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -169,6 +169,9 @@ WOLFSSL_API void wc_ShaFree(wc_Sha*); WOLFSSL_API int wc_ShaGetHash(wc_Sha*, byte*); WOLFSSL_API int wc_ShaCopy(wc_Sha*, wc_Sha*); +#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*); +#endif #ifdef WOLFSSL_PIC32MZ_HASH WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);