From f5696452122f658077d4e91fa9360c5d8e0cc998 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 16 Feb 2018 16:57:45 -0700 Subject: [PATCH] add wolfSSL_SHA256 function --- configure.ac | 1 + src/ssl.c | 46 ++++++++++++++++++++++++++++++++++++ tests/api.c | 25 ++++++++++++++++++++ wolfssl/openssl/sha.h | 8 +++++++ wolfssl/ssl.h | 1 + wolfssl/wolfcrypt/settings.h | 7 ++++++ wolfssl/wolfcrypt/sha256.h | 2 +- 7 files changed, 89 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index bfe400287..77d7cd50c 100644 --- a/configure.ac +++ b/configure.ac @@ -3752,6 +3752,7 @@ AC_ARG_ENABLE([oldnames], if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" then AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES" + AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES" fi diff --git a/src/ssl.c b/src/ssl.c index 1b4d8401d..a0fe6dbea 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29448,6 +29448,52 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #endif /* ! NO_SHA */ +#ifndef NO_SHA256 + /* One shot SHA256 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA256_DIGEST_SIZE]; + wc_Sha256 sha; + + WOLFSSL_ENTER("wolfSSL_SHA256"); + + if (wc_InitSha256_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA256 Init failed"); + return NULL; + } + + if (wc_Sha256Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA256 Update failed"); + return NULL; + } + + if (wc_Sha256Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA256 Final failed"); + return NULL; + } + + wc_Sha256Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA256_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* ! NO_SHA256 */ char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { int ret; diff --git a/tests/api.c b/tests/api.c index 58e239ab9..40696a42d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -16525,6 +16525,30 @@ static void test_wolfSSL_AES_ecb_encrypt(void) #endif } +static void test_wolfSSL_SHA256(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ + defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + unsigned char input[] = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + unsigned char output[] = + "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" + "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" + "\x06\xC1"; + size_t inLen; + byte hash[WC_SHA256_DIGEST_SIZE]; + + printf(testingFmt, "wolfSSL_SHA256()"); + inLen = XSTRLEN((char*)input); + + XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE); + AssertNotNull(SHA256(input, inLen, hash)); + AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0); + + printf(resultFmt, passed); +#endif +} + static void test_no_op_functions(void) { #if defined(OPENSSL_EXTRA) @@ -17353,6 +17377,7 @@ void ApiTest(void) test_wolfSSL_SHA(); test_wolfSSL_DH_1536_prime(); test_wolfSSL_AES_ecb_encrypt(); + test_wolfSSL_SHA256(); /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 22d9e6432..51bf656b6 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -119,6 +119,14 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Init wolfSSL_SHA256_Init #define SHA256_Update wolfSSL_SHA256_Update #define SHA256_Final wolfSSL_SHA256_Final +#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS + * build. */ + #define SHA256 wolfSSL_SHA256 + #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE + #define SHA256_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define SHA256_PAD_SIZE WC_SHA256_PAD_SIZE +#endif #ifdef WOLFSSL_SHA384 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 261e04aab..6be3c4a72 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2548,6 +2548,7 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X50 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 7dcc089a0..f98f62021 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1616,6 +1616,13 @@ extern void uITRON4_free(void *p) ; #endif #endif +#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA) + /* added to have compatibility with SHA256() */ + #if !defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS) + #define NO_OLD_SHA256_NAMES + #endif +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 0be24798e..e726493ea 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -77,7 +77,7 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_WC_NAMES +#ifndef NO_OLD_SHA256_NAMES #define Sha256 wc_Sha256 #define SHA256 WC_SHA256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE