Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions src/hash/clu_hash_setup.c
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,14 @@ int wolfCLU_hashSetup(int argc, char** argv)
size = WC_SHA512_DIGEST_SIZE;
#endif

#ifndef NO_CODING
/* base64 enc/dec are not fixed-size digests; force size to 0 so
* wolfCLU_hash computes the output size from the input rather than
* inheriting the blake2b default. */
if (XSTRCMP(alg, "base64enc") == 0 || XSTRCMP(alg, "base64dec") == 0)
size = 0;
#endif

/* hashing function */
ret = wolfCLU_hash(bioIn, bioOut, alg, size);
wolfSSL_BIO_free(bioIn);
Expand Down
1 change: 1 addition & 0 deletions tests/hash/blake2b-expect.hex
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
f959d994c3efa0ff765700f1d3044cddc7c425d68ba29ded1a5132ea648b947744fc7395a2740a2774feb086b34314a038411244a43420e238091dd688f47383
23 changes: 23 additions & 0 deletions tests/hash/hash-test.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,29 @@ def test_sha512(self):
self.assertEqual(r.returncode, 0, r.stderr)
self.assertEqual(r.stdout.strip(), _read_expected("sha512-expect.hex"))

def test_blake2b(self):
"""blake2b via -hash. Regression: wolfCLU gated blake2b on the legacy
HAVE_BLAKE2 macro, which current wolfSSL replaced with HAVE_BLAKE2B, so
`-hash blake2b` returned "Invalid algorithm" on modern wolfSSL."""
r = run_wolfssl("-hash", "blake2b", "-in", CERT_FILE)
if "Invalid algorithm" in (r.stdout + r.stderr):
self.skipTest("blake2b not enabled in this wolfSSL build")
self.assertEqual(r.returncode, 0, r.stderr)
self.assertEqual(r.stdout.strip(), _read_expected("blake2b-expect.hex"))
Comment on lines +57 to +65

def test_hash_base64_large(self):
"""base64enc/base64dec via -hash on input whose base64 output exceeds
64 bytes must succeed. Regression: on blake2-enabled builds the output
size defaulted to BLAKE2B_OUTBYTES (64) for the base64 sub-command, so
encoding anything larger failed with a buffer error. ca-cert.pem is
well over 48 bytes, so its base64 output is > 64 bytes."""
enc = run_wolfssl("-hash", "base64enc", "-in", CERT_FILE)
blob = enc.stdout + enc.stderr
if "Invalid algorithm" in blob or "No coding support" in blob:
self.skipTest("base64 coding not enabled in this build")
self.assertEqual(enc.returncode, 0, enc.stderr)
self.assertGreater(len(enc.stdout.strip()), 128, enc.stderr)
Comment on lines +67 to +78


class HashShortcutTest(unittest.TestCase):
"""Tests using the shortcut subcommands (md5, sha256, etc.)."""
Expand Down
9 changes: 9 additions & 0 deletions wolfclu/clu_header_main.h
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,15 @@ extern "C" {
#include <wolfssl/wolfcrypt/sha512.h>
#endif

/* wolfSSL renamed the BLAKE2 feature macro HAVE_BLAKE2 -> HAVE_BLAKE2B and
* now #undefs the legacy HAVE_BLAKE2 in settings.h. wolfCLU's blake2b support
* keys off HAVE_BLAKE2, so map it back when only HAVE_BLAKE2B is defined to
* keep blake2b (and the base64 hash sub-command) working against current
* wolfSSL. */
#if defined(HAVE_BLAKE2B) && !defined(HAVE_BLAKE2)
#define HAVE_BLAKE2
#endif

#ifdef HAVE_BLAKE2
#include <wolfssl/wolfcrypt/blake2.h>
#endif
Expand Down
Loading