diff --git a/src/ssl.c b/src/ssl.c index 704fd2d24..8a0131bc7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29328,6 +29328,102 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } } #endif /* ! NO_SHA256 */ + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + /* One shot SHA384 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA384_DIGEST_SIZE]; + wc_Sha384 sha; + + WOLFSSL_ENTER("wolfSSL_SHA384"); + + if (wc_InitSha384_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA384 Init failed"); + return NULL; + } + + if (wc_Sha384Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA384 Update failed"); + return NULL; + } + + if (wc_Sha384Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA384 Final failed"); + return NULL; + } + + wc_Sha384Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA384_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) */ + + +#if defined(WOLFSSL_SHA512) + /* One shot SHA512 hash of message. + * + * d message to hash + * n size of d buffer + * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. + * + * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. + * When the static buffer is used this function is not thread safe. + * + * Returns a pointer to the message digest on success and NULL on failure. + */ + unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, + unsigned char *md) + { + static byte dig[WC_SHA512_DIGEST_SIZE]; + wc_Sha384 sha; + + WOLFSSL_ENTER("wolfSSL_SHA512"); + + if (wc_InitSha512_ex(&sha, NULL, 0) != 0) { + WOLFSSL_MSG("SHA512 Init failed"); + return NULL; + } + + if (wc_Sha512Update(&sha, (const byte*)d, (word32)n) != 0) { + WOLFSSL_MSG("SHA512 Update failed"); + return NULL; + } + + if (wc_Sha512Final(&sha, dig) != 0) { + WOLFSSL_MSG("SHA512 Final failed"); + return NULL; + } + + wc_Sha512Free(&sha); + + if (md != NULL) { + XMEMCPY(md, dig, WC_SHA512_DIGEST_SIZE); + return md; + } + else { + return (unsigned char*)dig; + } + } +#endif /* defined(WOLFSSL_SHA512) */ + char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) { int ret; diff --git a/tests/api.c b/tests/api.c index 9228a2d2f..2c7a6fd7c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -17708,6 +17708,52 @@ static void test_wolfSSL_SHA(void) AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); } #endif + + #if !defined(NO_SHA256) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + unsigned char out[WC_SHA256_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); + AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + unsigned char out[WC_SHA384_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE); + AssertNotNull(SHA384(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0); + } + #endif + + #if !defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" + "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" + "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" + "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" + "\xa5\x4c\xa4\x9f"; + unsigned char out[WC_SHA512_DIGEST_SIZE]; + + XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE); + AssertNotNull(SHA512(in, XSTRLEN((char*)in), out)); + AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0); + } + #endif + printf(resultFmt, passed); #endif } diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 85181bb56..b7ac3b5a8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -576,6 +576,13 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define X509_NAME_ENTRY_get_data wolfSSL_X509_NAME_ENTRY_get_data #define sk_X509_NAME_pop_free wolfSSL_sk_X509_NAME_pop_free #define SHA1 wolfSSL_SHA1 + +#ifdef OPENSSL_EXTRA +#define SHA256 wolfSSL_SHA256 +#define SHA384 wolfSSL_SHA384 +#define SHA512 wolfSSL_SHA512 +#endif + #define X509_check_private_key wolfSSL_X509_check_private_key #define SSL_dup_CA_list wolfSSL_dup_CA_list diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 61dcb886c..28c8c6698 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2586,6 +2586,8 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)); WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, unsigned char *md); +WOLFSSL_API unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, unsigned char *md); WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk ); diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 8e3519f50..6d08cf5eb 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -64,7 +64,9 @@ #ifndef NO_OLD_WC_NAMES #define Sha wc_Sha - #define SHA WC_SHA + #if !defined(OPENSSL_EXTRA) + #define SHA WC_SHA + #endif #define SHA_BLOCK_SIZE WC_SHA_BLOCK_SIZE #define SHA_DIGEST_SIZE WC_SHA_DIGEST_SIZE #define SHA_PAD_SIZE WC_SHA_PAD_SIZE diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index a2d387a13..d16a2afdf 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -81,9 +81,10 @@ #define SHA256_NOINLINE #endif -#ifndef NO_OLD_SHA256_NAMES +#if !defined(NO_OLD_SHA256_NAMES) || !defined(OPENSSL_EXTRA) #define SHA256 WC_SHA256 #endif + #ifndef NO_OLD_WC_NAMES #define Sha256 wc_Sha256 #define SHA256_BLOCK_SIZE WC_SHA256_BLOCK_SIZE diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index ec93e80ef..0d961a525 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -71,7 +71,7 @@ #define SHA512_NOINLINE #endif -#ifndef NO_OLD_WC_NAMES +#if !defined(NO_OLD_WC_NAMES) && !defined(OPENSSL_EXTRA) #define Sha512 wc_Sha512 #define SHA512 WC_SHA512 #define SHA512_BLOCK_SIZE WC_SHA512_BLOCK_SIZE @@ -123,7 +123,7 @@ WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); #ifndef HAVE_FIPS /* avoid redefinition of structs */ -#ifndef NO_OLD_WC_NAMES +#if !defined(NO_OLD_SHA_NAMES) && !defined(OPENSSL_EXTRA) #define Sha384 wc_Sha384 #define SHA384 WC_SHA384 #define SHA384_BLOCK_SIZE WC_SHA384_BLOCK_SIZE