Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package aws-c-cal for openSUSE:Factory checked in at 2025-10-16 17:39:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/aws-c-cal (Old) and /work/SRC/openSUSE:Factory/.aws-c-cal.new.18484 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-c-cal" Thu Oct 16 17:39:14 2025 rev:22 rq:1311662 version:0.9.4 Changes: -------- --- /work/SRC/openSUSE:Factory/aws-c-cal/aws-c-cal.changes 2025-09-22 17:06:38.905440599 +0200 +++ /work/SRC/openSUSE:Factory/.aws-c-cal.new.18484/aws-c-cal.changes 2025-10-16 17:40:04.035731910 +0200 @@ -1,0 +2,9 @@ +Thu Oct 16 09:18:10 UTC 2025 - John Paul Adrian Glaubitz <[email protected]> + +- Update to version 0.9.4 + * SHA512 support by @DmitriyMusatkin in (#223) + * Clean up error handling around unsupported RSA functions + by @DmitriyMusatkin in (#227) + * Fix asn.1 parser on big endian by @DmitriyMusatkin in (#228) + +------------------------------------------------------------------- Old: ---- v0.9.3.tar.gz New: ---- v0.9.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ aws-c-cal.spec ++++++ --- /var/tmp/diff_new_pack.XxuCTL/_old 2025-10-16 17:40:04.979771640 +0200 +++ /var/tmp/diff_new_pack.XxuCTL/_new 2025-10-16 17:40:04.983771809 +0200 @@ -19,7 +19,7 @@ %define library_version 1.0.0 %define library_soversion 0unstable Name: aws-c-cal -Version: 0.9.3 +Version: 0.9.4 Release: 0 Summary: AWS C99 wrapper for cryptography primitives License: Apache-2.0 ++++++ v0.9.3.tar.gz -> v0.9.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/.github/workflows/ci.yml new/aws-c-cal-0.9.4/.github/workflows/ci.yml --- old/aws-c-cal-0.9.3/.github/workflows/ci.yml 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/.github/workflows/ci.yml 2025-10-02 21:35:55.000000000 +0200 @@ -406,3 +406,31 @@ run: | aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --variant=no-tests --cmake-extra=-DBYO_CRYPTO=ON + + s390x: # big-endian + runs-on: ubuntu-24.04 + steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - uses: actions/checkout@v4 + - uses: uraimo/run-on-arch-action@v3 + name: Run commands + id: runcmd + with: + arch: s390x + distro: ubuntu22.04 + install: | + apt-get update -q -y + apt-get -y install sudo + apt-get -y install cmake + apt-get -y install make + apt-get -y install g++ + apt-get -y install python3 + apt-get -y install git + run: | + lscpu | grep Endian + python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" + chmod a+x builder + ./builder build -p ${{ env.PACKAGE_NAME }} --variant s390x --cmake-extra=-DENABLE_SANITIZERS=OFF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/builder.json new/aws-c-cal-0.9.4/builder.json --- old/aws-c-cal-0.9.3/builder.json 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/builder.json 2025-10-02 21:35:55.000000000 +0200 @@ -145,6 +145,13 @@ "!test_steps": [ "test" ] + }, + "s390x": { + "hosts": { + "ubuntu": { + "!pkg_setup": [] + } + } } }, "test_steps": [ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/include/aws/cal/hash.h new/aws-c-cal-0.9.4/include/aws/cal/hash.h --- old/aws-c-cal-0.9.3/include/aws/cal/hash.h 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/include/aws/cal/hash.h 2025-10-02 21:35:55.000000000 +0200 @@ -11,6 +11,7 @@ AWS_PUSH_SANE_WARNING_LEVEL +#define AWS_SHA512_LEN 64 #define AWS_SHA256_LEN 32 #define AWS_SHA1_LEN 20 #define AWS_MD5_LEN 16 @@ -39,6 +40,11 @@ /** * Allocates and initializes a sha256 hash instance. */ +AWS_CAL_API struct aws_hash *aws_sha512_new(struct aws_allocator *allocator); + +/** + * Allocates and initializes a sha256 hash instance. + */ AWS_CAL_API struct aws_hash *aws_sha256_new(struct aws_allocator *allocator); /** * Allocates and initializes a sha1 hash instance. @@ -79,6 +85,20 @@ size_t truncate_to); /** + * Computes the sha512 hash over input and writes the digest output to 'output'. + * Use this if you don't need to stream the data you're hashing and you can load + * the entire input to hash into memory. If you specify truncate_to to something + * other than 0, the output will be truncated to that number of bytes. For + * example, if you want a SHA512 digest as the first 16 bytes, set truncate_to + * to 16. If you want the full digest size, just set this to 0. + */ +AWS_CAL_API int aws_sha512_compute( + struct aws_allocator *allocator, + const struct aws_byte_cursor *input, + struct aws_byte_buf *output, + size_t truncate_to); + +/** * Computes the sha256 hash over input and writes the digest output to 'output'. * Use this if you don't need to stream the data you're hashing and you can load * the entire input to hash into memory. If you specify truncate_to to something @@ -116,6 +136,15 @@ AWS_CAL_API void aws_set_md5_new_fn(aws_hash_new_fn *fn); /** + * Set the implementation of sha512 to use. If you compiled without + * BYO_CRYPTO, you do not need to call this. However, if use this, we will + * honor it, regardless of compile options. This may be useful for testing + * purposes. If you did set BYO_CRYPTO, and you do not call this function + * you will segfault. + */ +AWS_CAL_API void aws_set_sha512_new_fn(aws_hash_new_fn *fn); + +/** * Set the implementation of sha256 to use. If you compiled without * BYO_CRYPTO, you do not need to call this. However, if use this, we will * honor it, regardless of compile options. This may be useful for testing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/darwin/commoncrypto_sha1.c new/aws-c-cal-0.9.4/source/darwin/commoncrypto_sha1.c --- old/aws-c-cal-0.9.3/source/darwin/commoncrypto_sha1.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/source/darwin/commoncrypto_sha1.c 2025-10-02 21:35:55.000000000 +0200 @@ -27,10 +27,6 @@ struct aws_hash *aws_sha1_default_new(struct aws_allocator *allocator) { struct cc_sha1_hash *sha1_hash = aws_mem_acquire(allocator, sizeof(struct cc_sha1_hash)); - if (!sha1_hash) { - return NULL; - } - sha1_hash->hash.allocator = allocator; sha1_hash->hash.vtable = &s_vtable; sha1_hash->hash.impl = sha1_hash; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/darwin/commoncrypto_sha256.c new/aws-c-cal-0.9.4/source/darwin/commoncrypto_sha256.c --- old/aws-c-cal-0.9.3/source/darwin/commoncrypto_sha256.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/source/darwin/commoncrypto_sha256.c 2025-10-02 21:35:55.000000000 +0200 @@ -26,10 +26,6 @@ struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) { struct cc_sha256_hash *sha256_hash = aws_mem_acquire(allocator, sizeof(struct cc_sha256_hash)); - if (!sha256_hash) { - return NULL; - } - sha256_hash->hash.allocator = allocator; sha256_hash->hash.vtable = &s_vtable; sha256_hash->hash.impl = sha256_hash; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/darwin/commoncrypto_sha512.c new/aws-c-cal-0.9.4/source/darwin/commoncrypto_sha512.c --- old/aws-c-cal-0.9.3/source/darwin/commoncrypto_sha512.c 1970-01-01 01:00:00.000000000 +0100 +++ new/aws-c-cal-0.9.4/source/darwin/commoncrypto_sha512.c 2025-10-02 21:35:55.000000000 +0200 @@ -0,0 +1,72 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include <aws/cal/hash.h> + +#include <CommonCrypto/CommonDigest.h> + +static void s_destroy(struct aws_hash *hash); +static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash); +static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output); + +static struct aws_hash_vtable s_vtable = { + .destroy = s_destroy, + .update = s_update, + .finalize = s_finalize, + .alg_name = "SHA512", + .provider = "CommonCrypto", +}; + +struct cc_sha512_hash { + struct aws_hash hash; + CC_SHA512_CTX cc_hash; +}; + +struct aws_hash *aws_sha512_default_new(struct aws_allocator *allocator) { + struct cc_sha512_hash *sha512_hash = aws_mem_acquire(allocator, sizeof(struct cc_sha512_hash)); + + sha512_hash->hash.allocator = allocator; + sha512_hash->hash.vtable = &s_vtable; + sha512_hash->hash.impl = sha512_hash; + sha512_hash->hash.digest_size = AWS_SHA512_LEN; + sha512_hash->hash.good = true; + + CC_SHA512_Init(&sha512_hash->cc_hash); + return &sha512_hash->hash; +} + +static void s_destroy(struct aws_hash *hash) { + struct cc_sha512_hash *ctx = hash->impl; + aws_mem_release(hash->allocator, ctx); +} + +static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash) { + if (!hash->good) { + return aws_raise_error(AWS_ERROR_INVALID_STATE); + } + + struct cc_sha512_hash *ctx = hash->impl; + + CC_SHA512_Update(&ctx->cc_hash, to_hash->ptr, (CC_LONG)to_hash->len); + return AWS_OP_SUCCESS; +} + +static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output) { + if (!hash->good) { + return aws_raise_error(AWS_ERROR_INVALID_STATE); + } + + struct cc_sha512_hash *ctx = hash->impl; + + size_t buffer_len = output->capacity - output->len; + + if (buffer_len < hash->digest_size) { + return aws_raise_error(AWS_ERROR_SHORT_BUFFER); + } + + CC_SHA512_Final(output->buffer + output->len, &ctx->cc_hash); + hash->good = false; + output->len += hash->digest_size; + return AWS_OP_SUCCESS; +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/der.c new/aws-c-cal-0.9.4/source/der.c --- old/aws-c-cal-0.9.3/source/der.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/source/der.c 2025-10-02 21:35:55.000000000 +0200 @@ -80,16 +80,22 @@ if (len_bytes & 0x80) { len_bytes &= 0x7f; switch (len_bytes) { - case 1: - if (!aws_byte_cursor_read_u8(cur, (uint8_t *)&len)) { + case 1: { + uint8_t len_u8; + if (!aws_byte_cursor_read_u8(cur, &len_u8)) { return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); } + len = len_u8; break; - case 2: - if (!aws_byte_cursor_read_be16(cur, (uint16_t *)&len)) { + } + case 2: { + uint16_t len_u16; + if (!aws_byte_cursor_read_be16(cur, &len_u16)) { return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); } + len = len_u16; break; + } case 4: if (!aws_byte_cursor_read_be32(cur, &len)) { return aws_raise_error(AWS_ERROR_CAL_MALFORMED_ASN1_ENCOUNTERED); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/hash.c new/aws-c-cal-0.9.4/source/hash.c --- old/aws-c-cal-0.9.3/source/hash.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/source/hash.c 2025-10-02 21:35:55.000000000 +0200 @@ -5,10 +5,12 @@ #include <aws/cal/hash.h> #ifndef BYO_CRYPTO +extern struct aws_hash *aws_sha512_default_new(struct aws_allocator *allocator); extern struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator); extern struct aws_hash *aws_sha1_default_new(struct aws_allocator *allocator); extern struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator); +static aws_hash_new_fn *s_sha512_new_fn = aws_sha512_default_new; static aws_hash_new_fn *s_sha256_new_fn = aws_sha256_default_new; static aws_hash_new_fn *s_sha1_new_fn = aws_sha1_default_new; static aws_hash_new_fn *s_md5_new_fn = aws_md5_default_new; @@ -18,6 +20,7 @@ abort(); } +static aws_hash_new_fn *s_sha512_new_fn = aws_hash_new_abort; static aws_hash_new_fn *s_sha256_new_fn = aws_hash_new_abort; static aws_hash_new_fn *s_sha1_new_fn = aws_hash_new_abort; static aws_hash_new_fn *s_md5_new_fn = aws_hash_new_abort; @@ -27,6 +30,10 @@ return s_sha1_new_fn(allocator); } +struct aws_hash *aws_sha512_new(struct aws_allocator *allocator) { + return s_sha512_new_fn(allocator); +} + struct aws_hash *aws_sha256_new(struct aws_allocator *allocator) { return s_sha256_new_fn(allocator); } @@ -39,6 +46,10 @@ s_md5_new_fn = fn; } +void aws_set_sha512_new_fn(aws_hash_new_fn *fn) { + s_sha512_new_fn = fn; +} + void aws_set_sha256_new_fn(aws_hash_new_fn *fn) { s_sha256_new_fn = fn; } @@ -112,6 +123,14 @@ return compute_hash(aws_md5_new(allocator), input, output, truncate_to); } +int aws_sha512_compute( + struct aws_allocator *allocator, + const struct aws_byte_cursor *input, + struct aws_byte_buf *output, + size_t truncate_to) { + return compute_hash(aws_sha512_new(allocator), input, output, truncate_to); +} + int aws_sha256_compute( struct aws_allocator *allocator, const struct aws_byte_cursor *input, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/unix/openssl_rsa.c new/aws-c-cal-0.9.4/source/unix/openssl_rsa.c --- old/aws-c-cal-0.9.3/source/unix/openssl_rsa.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/source/unix/openssl_rsa.c 2025-10-02 21:35:55.000000000 +0200 @@ -71,7 +71,7 @@ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key_pair_impl->key, NULL); if (ctx == NULL) { - return aws_raise_error(AWS_ERROR_CAL_CRYPTO_OPERATION_FAILED); + return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM); } if (aws_reinterpret_lc_evp_error_as_crt(EVP_PKEY_encrypt_init(ctx), "EVP_PKEY_encrypt_init", AWS_LS_CAL_RSA)) { @@ -129,7 +129,7 @@ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key_pair_impl->key, NULL); if (ctx == NULL) { - return aws_raise_error(AWS_ERROR_CAL_CRYPTO_OPERATION_FAILED); + return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM); } if (aws_reinterpret_lc_evp_error_as_crt(EVP_PKEY_decrypt_init(ctx), "EVP_PKEY_decrypt_init", AWS_LS_CAL_RSA)) { @@ -191,7 +191,14 @@ } if (aws_reinterpret_lc_evp_error_as_crt( EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()), "EVP_PKEY_CTX_set_signature_md", AWS_LS_CAL_RSA)) { - return AWS_OP_ERR; + /* + * This can fail with invalid digest on platforms that disabled sha1 for fips (ex. openssl 3.5+). + * Unfortunately, error code for invalid digest is wildly inconsistent between versions, making it + * impossible to write a backwards compatible error handling. In practice however the only way this should + * fail is when algo is not supported, so lets just hardcode the error. Still call the helper to get + * consistent logging for error. + */ + return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM); } } else if (algorithm == AWS_CAL_RSA_SIGNATURE_PSS_SHA256) { if (aws_reinterpret_lc_evp_error_as_crt( @@ -232,7 +239,7 @@ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key_pair_impl->key, NULL); if (ctx == NULL) { - return aws_raise_error(AWS_ERROR_CAL_CRYPTO_OPERATION_FAILED); + return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM); } if (aws_reinterpret_lc_evp_error_as_crt(EVP_PKEY_sign_init(ctx), "EVP_PKEY_sign_init", AWS_LS_CAL_RSA)) { @@ -290,7 +297,7 @@ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key_pair_impl->key, NULL); if (ctx == NULL) { - return aws_raise_error(AWS_ERROR_CAL_CRYPTO_OPERATION_FAILED); + return aws_raise_error(AWS_ERROR_CAL_UNSUPPORTED_ALGORITHM); } if (aws_reinterpret_lc_evp_error_as_crt(EVP_PKEY_verify_init(ctx), "EVP_PKEY_verify_init", AWS_LS_CAL_RSA)) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/unix/opensslcrypto_hash.c new/aws-c-cal-0.9.4/source/unix/opensslcrypto_hash.c --- old/aws-c-cal-0.9.3/source/unix/opensslcrypto_hash.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/source/unix/opensslcrypto_hash.c 2025-10-02 21:35:55.000000000 +0200 @@ -20,6 +20,14 @@ .provider = "OpenSSL Compatible libcrypto", }; +static struct aws_hash_vtable s_sha512_vtable = { + .destroy = s_destroy, + .update = s_update, + .finalize = s_finalize, + .alg_name = "SHA512", + .provider = "OpenSSL Compatible libcrypto", +}; + static struct aws_hash_vtable s_sha256_vtable = { .destroy = s_destroy, .update = s_update, @@ -52,10 +60,6 @@ struct aws_hash *aws_md5_default_new(struct aws_allocator *allocator) { struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash)); - if (!hash) { - return NULL; - } - hash->allocator = allocator; hash->vtable = &s_md5_vtable; hash->digest_size = AWS_MD5_LEN; @@ -63,11 +67,7 @@ hash->impl = ctx; hash->good = true; - if (!hash->impl) { - s_destroy(hash); - aws_raise_error(AWS_ERROR_OOM); - return NULL; - } + AWS_FATAL_ASSERT(hash->impl); if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_md5(), NULL)) { s_destroy(hash); @@ -78,13 +78,30 @@ return hash; } -struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) { +struct aws_hash *aws_sha512_default_new(struct aws_allocator *allocator) { struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash)); - if (!hash) { + hash->allocator = allocator; + hash->vtable = &s_sha512_vtable; + hash->digest_size = AWS_SHA512_LEN; + EVP_MD_CTX *ctx = g_aws_openssl_evp_md_ctx_table->new_fn(); + hash->impl = ctx; + hash->good = true; + + AWS_FATAL_ASSERT(hash->impl); + + if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_sha512(), NULL)) { + s_destroy(hash); + aws_raise_error(AWS_ERROR_UNKNOWN); return NULL; } + return hash; +} + +struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) { + struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash)); + hash->allocator = allocator; hash->vtable = &s_sha256_vtable; hash->digest_size = AWS_SHA256_LEN; @@ -92,11 +109,7 @@ hash->impl = ctx; hash->good = true; - if (!hash->impl) { - s_destroy(hash); - aws_raise_error(AWS_ERROR_OOM); - return NULL; - } + AWS_FATAL_ASSERT(hash->impl); if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_sha256(), NULL)) { s_destroy(hash); @@ -110,10 +123,6 @@ struct aws_hash *aws_sha1_default_new(struct aws_allocator *allocator) { struct aws_hash *hash = aws_mem_acquire(allocator, sizeof(struct aws_hash)); - if (!hash) { - return NULL; - } - hash->allocator = allocator; hash->vtable = &s_sha1_vtable; hash->digest_size = AWS_SHA1_LEN; @@ -121,11 +130,7 @@ hash->impl = ctx; hash->good = true; - if (!hash->impl) { - s_destroy(hash); - aws_raise_error(AWS_ERROR_OOM); - return NULL; - } + AWS_FATAL_ASSERT(hash->impl); if (!g_aws_openssl_evp_md_ctx_table->init_ex_fn(ctx, EVP_sha1(), NULL)) { s_destroy(hash); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/source/windows/bcrypt_hash.c new/aws-c-cal-0.9.4/source/windows/bcrypt_hash.c --- old/aws-c-cal-0.9.3/source/windows/bcrypt_hash.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/source/windows/bcrypt_hash.c 2025-10-02 21:35:55.000000000 +0200 @@ -10,6 +10,10 @@ #include <bcrypt.h> #include <winerror.h> +static BCRYPT_ALG_HANDLE s_sha512_alg = NULL; +static size_t s_sha512_obj_len = 0; +static aws_thread_once s_sha512_once = AWS_THREAD_ONCE_STATIC_INIT; + static BCRYPT_ALG_HANDLE s_sha256_alg = NULL; static size_t s_sha256_obj_len = 0; static aws_thread_once s_sha256_once = AWS_THREAD_ONCE_STATIC_INIT; @@ -26,6 +30,14 @@ static int s_update(struct aws_hash *hash, const struct aws_byte_cursor *to_hash); static int s_finalize(struct aws_hash *hash, struct aws_byte_buf *output); +static struct aws_hash_vtable s_sha512_vtable = { + .destroy = s_destroy, + .update = s_update, + .finalize = s_finalize, + .alg_name = "SHA512", + .provider = "Windows CNG", +}; + static struct aws_hash_vtable s_sha256_vtable = { .destroy = s_destroy, .update = s_update, @@ -56,6 +68,16 @@ uint8_t *hash_obj; }; +static void s_load_sha512_alg_handle(void *user_data) { + (void)user_data; + /* this function is incredibly slow, LET IT LEAK*/ + (void)BCryptOpenAlgorithmProvider(&s_sha512_alg, BCRYPT_SHA512_ALGORITHM, MS_PRIMITIVE_PROVIDER, 0); + AWS_ASSERT(s_sha512_alg); + DWORD result_length = 0; + (void)BCryptGetProperty( + s_sha512_alg, BCRYPT_OBJECT_LENGTH, (PBYTE)&s_sha512_obj_len, sizeof(s_sha512_obj_len), &result_length, 0); +} + static void s_load_sha256_alg_handle(void *user_data) { (void)user_data; /* this function is incredibly slow, LET IT LEAK*/ @@ -86,17 +108,38 @@ s_md5_alg, BCRYPT_OBJECT_LENGTH, (PBYTE)&s_md5_obj_len, sizeof(s_md5_obj_len), &result_length, 0); } -struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) { - aws_thread_call_once(&s_sha256_once, s_load_sha256_alg_handle, NULL); +struct aws_hash *aws_sha512_default_new(struct aws_allocator *allocator) { + aws_thread_call_once(&s_sha512_once, s_load_sha512_alg_handle, NULL); struct bcrypt_hash_handle *bcrypt_hash = NULL; uint8_t *hash_obj = NULL; - aws_mem_acquire_many(allocator, 2, &bcrypt_hash, sizeof(struct bcrypt_hash_handle), &hash_obj, s_sha256_obj_len); + aws_mem_acquire_many(allocator, 2, &bcrypt_hash, sizeof(struct bcrypt_hash_handle), &hash_obj, s_sha512_obj_len); - if (!bcrypt_hash) { + AWS_ZERO_STRUCT(*bcrypt_hash); + bcrypt_hash->hash.allocator = allocator; + bcrypt_hash->hash.vtable = &s_sha512_vtable; + bcrypt_hash->hash.impl = bcrypt_hash; + bcrypt_hash->hash.digest_size = AWS_SHA512_LEN; + bcrypt_hash->hash.good = true; + bcrypt_hash->hash_obj = hash_obj; + NTSTATUS status = BCryptCreateHash( + s_sha512_alg, &bcrypt_hash->hash_handle, bcrypt_hash->hash_obj, (ULONG)s_sha512_obj_len, NULL, 0, 0); + + if (((NTSTATUS)status) < 0) { + aws_mem_release(allocator, bcrypt_hash); return NULL; } + return &bcrypt_hash->hash; +} + +struct aws_hash *aws_sha256_default_new(struct aws_allocator *allocator) { + aws_thread_call_once(&s_sha256_once, s_load_sha256_alg_handle, NULL); + + struct bcrypt_hash_handle *bcrypt_hash = NULL; + uint8_t *hash_obj = NULL; + aws_mem_acquire_many(allocator, 2, &bcrypt_hash, sizeof(struct bcrypt_hash_handle), &hash_obj, s_sha256_obj_len); + AWS_ZERO_STRUCT(*bcrypt_hash); bcrypt_hash->hash.allocator = allocator; bcrypt_hash->hash.vtable = &s_sha256_vtable; @@ -122,10 +165,6 @@ uint8_t *hash_obj = NULL; aws_mem_acquire_many(allocator, 2, &bcrypt_hash, sizeof(struct bcrypt_hash_handle), &hash_obj, s_sha1_obj_len); - if (!bcrypt_hash) { - return NULL; - } - AWS_ZERO_STRUCT(*bcrypt_hash); bcrypt_hash->hash.allocator = allocator; bcrypt_hash->hash.vtable = &s_sha1_vtable; @@ -151,10 +190,6 @@ uint8_t *hash_obj = NULL; aws_mem_acquire_many(allocator, 2, &bcrypt_hash, sizeof(struct bcrypt_hash_handle), &hash_obj, s_md5_obj_len); - if (!bcrypt_hash) { - return NULL; - } - AWS_ZERO_STRUCT(*bcrypt_hash); bcrypt_hash->hash.allocator = allocator; bcrypt_hash->hash.vtable = &s_md5_vtable; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/tests/CMakeLists.txt new/aws-c-cal-0.9.4/tests/CMakeLists.txt --- old/aws-c-cal-0.9.3/tests/CMakeLists.txt 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/tests/CMakeLists.txt 2025-10-02 21:35:55.000000000 +0200 @@ -19,6 +19,18 @@ add_test_case(sha256_test_invalid_state) add_test_case(sha256_test_extra_buffer_space) +add_test_case(sha512_nist_test_case_1) +add_test_case(sha512_nist_test_case_2) +add_test_case(sha512_nist_test_case_3) +add_test_case(sha512_nist_test_case_4) +add_test_case(sha512_nist_test_case_5) +add_test_case(sha512_nist_test_case_5_truncated) +add_test_case(sha512_nist_test_case_6) +add_test_case(sha512_test_invalid_buffer) +add_test_case(sha512_test_oneshot) +add_test_case(sha512_test_invalid_state) +add_test_case(sha512_test_extra_buffer_space) + add_test_case(sha1_nist_test_case_1) add_test_case(sha1_nist_test_case_2) add_test_case(sha1_nist_test_case_3) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/tests/rsa_test.c new/aws-c-cal-0.9.4/tests/rsa_test.c --- old/aws-c-cal-0.9.3/tests/rsa_test.c 2025-09-18 05:23:41.000000000 +0200 +++ new/aws-c-cal-0.9.4/tests/rsa_test.c 2025-10-02 21:35:55.000000000 +0200 @@ -12,6 +12,25 @@ #include "test_case_helper.h" +#if defined(AWS_OS_LINUX) +# include <aws/cal/private/opensslcrypto_common.h> +#endif + +/* + * Helper to figure out whether rsa signing with sha1 is supported with currently crypto lib. + */ +static bool s_crypto_supports_sha1_signing(void) { + bool is_supported = true; +#if defined(AWS_OS_LINUX) +# if defined(OPENSSL_IS_OPENSSL) +# if OPENSSL_VERSION_NUMBER >= 0x30500000L + is_supported = false; +# endif +# endif +#endif + return is_supported; +} + /* * TODO: Need better test vectors. NIST ones are a pain to use. * For now using manually generated vectors and relying on round tripping. @@ -335,6 +354,10 @@ static int s_rsa_verify_signing_pkcs1_sha1(struct aws_allocator *allocator, void *ctx) { (void)ctx; + if (!s_crypto_supports_sha1_signing()) { + return AWS_OP_SKIP; + } + struct aws_byte_cursor message = aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING); aws_cal_library_init(allocator); @@ -626,6 +649,10 @@ static int s_rsa_signing_roundtrip_pkcs1_sha1_from_user(struct aws_allocator *allocator, void *ctx) { (void)ctx; + if (!s_crypto_supports_sha1_signing()) { + return AWS_OP_SKIP; + } + aws_cal_library_init(allocator); ASSERT_SUCCESS(s_rsa_signing_roundtrip_from_user( @@ -893,6 +920,10 @@ static int s_rsa_signing_mismatch_pkcs1_sha1(struct aws_allocator *allocator, void *ctx) { (void)ctx; + if (!s_crypto_supports_sha1_signing()) { + return AWS_OP_SKIP; + } + struct aws_byte_cursor message = aws_byte_cursor_from_c_str(TEST_ENCRYPTION_STRING); aws_cal_library_init(allocator); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/aws-c-cal-0.9.3/tests/sha512_test.c new/aws-c-cal-0.9.4/tests/sha512_test.c --- old/aws-c-cal-0.9.3/tests/sha512_test.c 1970-01-01 01:00:00.000000000 +0100 +++ new/aws-c-cal-0.9.4/tests/sha512_test.c 2025-10-02 21:35:55.000000000 +0200 @@ -0,0 +1,300 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include <aws/cal/hash.h> +#include <aws/common/byte_buf.h> +#include <aws/testing/aws_test_harness.h> + +#include "test_case_helper.h" +/* + * these are the NIST test vectors, as compiled here: + * https://www.di-mgt.com.au/sha_testvectors.html + */ + +static int s_sha512_nist_test_case_1_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abc"); + uint8_t expected[] = { + 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, 0x12, + 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, 0x21, 0x92, + 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, 0x45, 0x4d, 0x44, + 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f + + }; + struct aws_byte_cursor expected_buf = aws_byte_cursor_from_array(expected, sizeof(expected)); + + return s_verify_hash_test_case(allocator, &input, &expected_buf, aws_sha512_new); +} + +AWS_TEST_CASE(sha512_nist_test_case_1, s_sha512_nist_test_case_1_fn) + +static int s_sha512_nist_test_case_2_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + struct aws_byte_cursor input = aws_byte_cursor_from_c_str(""); + uint8_t expected[] = {0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, + 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, + 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, + 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, 0x63, 0xb9, 0x31, 0xbd, + 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e}; + struct aws_byte_cursor expected_buf = aws_byte_cursor_from_array(expected, sizeof(expected)); + + return s_verify_hash_test_case(allocator, &input, &expected_buf, aws_sha512_new); +} + +AWS_TEST_CASE(sha512_nist_test_case_2, s_sha512_nist_test_case_2_fn) + +static int s_sha512_nist_test_case_3_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + struct aws_byte_cursor input = + aws_byte_cursor_from_c_str("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"); + uint8_t expected[] = { + 0x20, 0x4a, 0x8f, 0xc6, 0xdd, 0xa8, 0x2f, 0x0a, 0x0c, 0xed, 0x7b, 0xeb, 0x8e, 0x08, 0xa4, 0x16, 0x57, + 0xc1, 0x6e, 0xf4, 0x68, 0xb2, 0x28, 0xa8, 0x27, 0x9b, 0xe3, 0x31, 0xa7, 0x03, 0xc3, 0x35, 0x96, 0xfd, + 0x15, 0xc1, 0x3b, 0x1b, 0x07, 0xf9, 0xaa, 0x1d, 0x3b, 0xea, 0x57, 0x78, 0x9c, 0xa0, 0x31, 0xad, 0x85, + 0xc7, 0xa7, 0x1d, 0xd7, 0x03, 0x54, 0xec, 0x63, 0x12, 0x38, 0xca, 0x34, 0x45 + + }; + struct aws_byte_cursor expected_buf = aws_byte_cursor_from_array(expected, sizeof(expected)); + + return s_verify_hash_test_case(allocator, &input, &expected_buf, aws_sha512_new); +} + +AWS_TEST_CASE(sha512_nist_test_case_3, s_sha512_nist_test_case_3_fn) + +static int s_sha512_nist_test_case_4_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" + "klmghijklmnhijklmnoijklmnopjklmnopqklm" + "nopqrlmnopqrsmnopqrstnopqrstu"); + uint8_t expected[] = {0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, 0x8c, 0xf4, 0xf7, 0x28, 0x14, + 0xfc, 0x14, 0x3f, 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, 0x72, 0x99, + 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, + 0xe4, 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, 0xc7, 0xd3, 0x29, 0xee, + 0xb6, 0xdd, 0x26, 0x54, 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09}; + struct aws_byte_cursor expected_buf = aws_byte_cursor_from_array(expected, sizeof(expected)); + + return s_verify_hash_test_case(allocator, &input, &expected_buf, aws_sha512_new); +} + +AWS_TEST_CASE(sha512_nist_test_case_4, s_sha512_nist_test_case_4_fn) + +static int s_sha512_nist_test_case_5_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_cal_library_test_init(allocator); + + struct aws_hash *hash = aws_sha512_new(allocator); + ASSERT_NOT_NULL(hash); + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("a"); + + for (size_t i = 0; i < 1000000; ++i) { + ASSERT_SUCCESS(aws_hash_update(hash, &input)); + } + + uint8_t output[AWS_SHA512_LEN] = {0}; + struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, sizeof(output)); + output_buf.len = 0; + ASSERT_SUCCESS(aws_hash_finalize(hash, &output_buf, 0)); + + uint8_t expected[] = { + 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, 0x8e, + 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, 0xde, 0x0f, + 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b, 0xeb, 0x00, 0x9c, + 0x5c, 0x2c, 0x49, 0xaa, 0x2e, 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b + + }; + struct aws_byte_cursor expected_buf = aws_byte_cursor_from_array(expected, sizeof(expected)); + ASSERT_BIN_ARRAYS_EQUALS(expected_buf.ptr, expected_buf.len, output_buf.buffer, output_buf.len); + + aws_hash_destroy(hash); + + aws_cal_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(sha512_nist_test_case_5, s_sha512_nist_test_case_5_fn) + +static int s_sha512_nist_test_case_5_truncated_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_cal_library_test_init(allocator); + + struct aws_hash *hash = aws_sha512_new(allocator); + ASSERT_NOT_NULL(hash); + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("a"); + + for (size_t i = 0; i < 1000000; ++i) { + ASSERT_SUCCESS(aws_hash_update(hash, &input)); + } + + uint8_t expected[] = { + 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63, + 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb, + }; + struct aws_byte_cursor expected_buf = aws_byte_cursor_from_array(expected, sizeof(expected)); + uint8_t output[AWS_SHA512_LEN] = {0}; + struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, expected_buf.len); + output_buf.len = 0; + ASSERT_SUCCESS(aws_hash_finalize(hash, &output_buf, 32)); + + ASSERT_BIN_ARRAYS_EQUALS(expected_buf.ptr, expected_buf.len, output_buf.buffer, output_buf.len); + + aws_hash_destroy(hash); + + aws_cal_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(sha512_nist_test_case_5_truncated, s_sha512_nist_test_case_5_truncated_fn) + +static int s_sha512_nist_test_case_6_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_cal_library_test_init(allocator); + + struct aws_hash *hash = aws_sha512_new(allocator); + ASSERT_NOT_NULL(hash); + struct aws_byte_cursor input = + aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"); + + for (size_t i = 0; i < 16777216; ++i) { + ASSERT_SUCCESS(aws_hash_update(hash, &input)); + } + + uint8_t output[AWS_SHA512_LEN] = {0}; + struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, sizeof(output)); + output_buf.len = 0; + ASSERT_SUCCESS(aws_hash_finalize(hash, &output_buf, 0)); + + uint8_t expected[] = {0xb4, 0x7c, 0x93, 0x34, 0x21, 0xea, 0x2d, 0xb1, 0x49, 0xad, 0x6e, 0x10, 0xfc, + 0xe6, 0xc7, 0xf9, 0x3d, 0x07, 0x52, 0x38, 0x01, 0x80, 0xff, 0xd7, 0xf4, 0x62, + 0x9a, 0x71, 0x21, 0x34, 0x83, 0x1d, 0x77, 0xbe, 0x60, 0x91, 0xb8, 0x19, 0xed, + 0x35, 0x2c, 0x29, 0x67, 0xa2, 0xe2, 0xd4, 0xfa, 0x50, 0x50, 0x72, 0x3c, 0x96, + 0x30, 0x69, 0x1f, 0x1a, 0x05, 0xa7, 0x28, 0x1d, 0xbe, 0x6c, 0x10, 0x86}; + + struct aws_byte_cursor expected_buf = aws_byte_cursor_from_array(expected, sizeof(expected)); + ASSERT_BIN_ARRAYS_EQUALS(expected_buf.ptr, expected_buf.len, output_buf.buffer, output_buf.len); + + aws_hash_destroy(hash); + + aws_cal_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(sha512_nist_test_case_6, s_sha512_nist_test_case_6_fn) + +static int s_sha512_test_invalid_buffer_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_cal_library_test_init(allocator); + + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" + "klmghijklmnhijklmnoijklmnopjklmnopqklm" + "nopqrlmnopqrsmnopqrstnopqrstu"); + uint8_t output[AWS_SHA512_LEN] = {0}; + struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, sizeof(output)); + output_buf.len = 1; + + ASSERT_ERROR(AWS_ERROR_SHORT_BUFFER, aws_sha512_compute(allocator, &input, &output_buf, 0)); + + aws_cal_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(sha512_test_invalid_buffer, s_sha512_test_invalid_buffer_fn) + +static int s_sha512_test_oneshot_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_cal_library_test_init(allocator); + + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" + "klmghijklmnhijklmnoijklmnopjklmnopqklm" + "nopqrlmnopqrsmnopqrstnopqrstu"); + uint8_t expected[] = {0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, 0x8c, 0xf4, 0xf7, 0x28, 0x14, + 0xfc, 0x14, 0x3f, 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, 0x72, 0x99, + 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, + 0xe4, 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, 0xc7, 0xd3, 0x29, 0xee, + 0xb6, 0xdd, 0x26, 0x54, 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09}; + + uint8_t output[AWS_SHA512_LEN] = {0}; + struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, sizeof(output)); + output_buf.len = 0; + + ASSERT_SUCCESS(aws_sha512_compute(allocator, &input, &output_buf, 0)); + ASSERT_BIN_ARRAYS_EQUALS(expected, sizeof(expected), output_buf.buffer, output_buf.len); + + aws_cal_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(sha512_test_oneshot, s_sha512_test_oneshot_fn) + +static int s_sha512_test_invalid_state_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_cal_library_test_init(allocator); + + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("abcdefghbcdefghicdefghijdefghijkefghijklfghij" + "klmghijklmnhijklmnoijklmnopjklmnopqklm" + "nopqrlmnopqrsmnopqrstnopqrstu"); + + struct aws_hash *hash = aws_sha512_new(allocator); + ASSERT_NOT_NULL(hash); + + uint8_t output[AWS_SHA512_LEN] = {0}; + struct aws_byte_buf output_buf = aws_byte_buf_from_array(output, sizeof(output)); + output_buf.len = 0; + + ASSERT_SUCCESS(aws_hash_update(hash, &input)); + ASSERT_SUCCESS(aws_hash_finalize(hash, &output_buf, 0)); + ASSERT_ERROR(AWS_ERROR_INVALID_STATE, aws_hash_update(hash, &input)); + ASSERT_ERROR(AWS_ERROR_INVALID_STATE, aws_hash_finalize(hash, &output_buf, 0)); + + aws_hash_destroy(hash); + + aws_cal_library_clean_up(); + + return AWS_OP_SUCCESS; +} + +AWS_TEST_CASE(sha512_test_invalid_state, s_sha512_test_invalid_state_fn) + +static int s_sha512_test_extra_buffer_space_fn(struct aws_allocator *allocator, void *ctx) { + (void)ctx; + + aws_cal_library_test_init(allocator); + + struct aws_byte_cursor input = aws_byte_cursor_from_c_str("123456789012345678901234567890123456789012345" + "67890123456789012345678901234567890"); + + struct aws_byte_buf digest_size_buf; + struct aws_byte_buf super_size_buf; + + aws_byte_buf_init(&digest_size_buf, allocator, AWS_SHA512_LEN); + aws_byte_buf_init(&super_size_buf, allocator, AWS_SHA512_LEN + 100); + + aws_sha512_compute(allocator, &input, &digest_size_buf, 0); + aws_sha512_compute(allocator, &input, &super_size_buf, 0); + + ASSERT_TRUE(aws_byte_buf_eq(&digest_size_buf, &super_size_buf)); + ASSERT_TRUE(super_size_buf.len == AWS_SHA512_LEN); + + aws_byte_buf_clean_up(&digest_size_buf); + aws_byte_buf_clean_up(&super_size_buf); + + aws_cal_library_clean_up(); + + return AWS_OP_SUCCESS; +} +AWS_TEST_CASE(sha512_test_extra_buffer_space, s_sha512_test_extra_buffer_space_fn)
