add wolfSSL_SHA256 function

2025-08-03 20:54:41 +02:00 · 2018-02-16 16:57:45 -07:00
parent a651b08afa
commit f569645212
7 changed files with 89 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -3752,6 +3752,7 @@ AC_ARG_ENABLE([oldnames],
 if test "x$ENABLED_OLDNAMES" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno"
 then
    AM_CFLAGS="$AM_CFLAGS -DNO_OLD_RNGNAME -DNO_OLD_WC_NAMES -DNO_OLD_SSL_NAMES"
+    AM_CFLAGS="$AM_CFLAGS -DNO_OLD_SHA256_NAMES"
 fi


--- a/src/ssl.c
+++ b/src/ssl.c
@@ -29448,6 +29448,52 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
    }
 #endif /* ! NO_SHA */

+#ifndef NO_SHA256
+    /* One shot SHA256 hash of message.
+     *
+     * d  message to hash
+     * n  size of d buffer
+     * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE.
+     *
+     * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used.
+     *       When the static buffer is used this function is not thread safe.
+     *
+     * Returns a pointer to the message digest on success and NULL on failure.
+     */
+    unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n,
+            unsigned char *md)
+    {
+        static byte dig[WC_SHA256_DIGEST_SIZE];
+        wc_Sha256 sha;
+
+        WOLFSSL_ENTER("wolfSSL_SHA256");
+
+        if (wc_InitSha256_ex(&sha, NULL, 0) != 0) {
+            WOLFSSL_MSG("SHA256 Init failed");
+            return NULL;
+        }
+
+        if (wc_Sha256Update(&sha, (const byte*)d, (word32)n) != 0) {
+            WOLFSSL_MSG("SHA256 Update failed");
+            return NULL;
+        }
+
+        if (wc_Sha256Final(&sha, dig) != 0) {
+            WOLFSSL_MSG("SHA256 Final failed");
+            return NULL;
+        }
+
+        wc_Sha256Free(&sha);
+
+        if (md != NULL) {
+            XMEMCPY(md, dig, WC_SHA256_DIGEST_SIZE);
+            return md;
+        }
+        else {
+            return (unsigned char*)dig;
+        }
+    }
+#endif /* ! NO_SHA256 */
    char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x)
    {
        int ret;
--- a/tests/api.c
+++ b/tests/api.c
@@ -16525,6 +16525,30 @@ static void test_wolfSSL_AES_ecb_encrypt(void)
 #endif
 }

+static void test_wolfSSL_SHA256(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
+    defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS)
+    unsigned char input[] =
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+    unsigned char output[] =
+        "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
+        "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
+        "\x06\xC1";
+    size_t inLen;
+    byte hash[WC_SHA256_DIGEST_SIZE];
+
+    printf(testingFmt, "wolfSSL_SHA256()");
+    inLen  = XSTRLEN((char*)input);
+
+    XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
+    AssertNotNull(SHA256(input, inLen, hash));
+    AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
+
+    printf(resultFmt, passed);
+#endif
+}
+
 static void test_no_op_functions(void)
 {
    #if defined(OPENSSL_EXTRA)
@@ -17353,6 +17377,7 @@ void ApiTest(void)
    test_wolfSSL_SHA();
    test_wolfSSL_DH_1536_prime();
    test_wolfSSL_AES_ecb_encrypt();
+    test_wolfSSL_SHA256();

    /* test the no op functions for compatibility */
    test_no_op_functions();
--- a/wolfssl/openssl/sha.h
+++ b/wolfssl/openssl/sha.h
@@ -119,6 +119,14 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
 #define SHA256_Init   wolfSSL_SHA256_Init
 #define SHA256_Update wolfSSL_SHA256_Update
 #define SHA256_Final  wolfSSL_SHA256_Final
+#if defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS)
+    /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
+     * build. */
+    #define SHA256 wolfSSL_SHA256
+    #define SHA256_BLOCK_SIZE  WC_SHA256_BLOCK_SIZE
+    #define SHA256_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
+    #define SHA256_PAD_SIZE    WC_SHA256_PAD_SIZE
+#endif


 #ifdef WOLFSSL_SHA384
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2548,6 +2548,7 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X50
 WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc);
 WOLFSSL_API void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*));
 WOLFSSL_API unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md);
+WOLFSSL_API unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, unsigned char *md);
 WOLFSSL_API int wolfSSL_X509_check_private_key(WOLFSSL_X509*, WOLFSSL_EVP_PKEY*);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk );

--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1616,6 +1616,13 @@ extern void uITRON4_free(void *p) ;
    #endif
 #endif

+#if defined(NO_OLD_WC_NAMES) || defined(OPENSSL_EXTRA)
+    /* added to have compatibility with SHA256() */
+    #if !defined(NO_OLD_SHA256_NAMES) && !defined(HAVE_FIPS)
+        #define NO_OLD_SHA256_NAMES
+    #endif
+#endif
+
 #ifdef __cplusplus
    }   /* extern "C" */
 #endif
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -77,7 +77,7 @@
    #define SHA256_NOINLINE
 #endif

-#ifndef NO_OLD_WC_NAMES
+#ifndef NO_OLD_SHA256_NAMES
    #define Sha256             wc_Sha256
    #define SHA256             WC_SHA256
    #define SHA256_BLOCK_SIZE  WC_SHA256_BLOCK_SIZE