Merge remote-tracking branch 'origin/topic/johanna/sha512-bifs-opaqueval'

* origin/topic/johanna/sha512-bifs-opaqueval:
  Add SHA512 BiFs and OpaqueVals

CHANGES

@@ -1,3 +1,7 @@
+8.1.0-dev.646 | 2025-10-09 14:03:15 +0100
+
+  * Add SHA512 BiFs and OpaqueVals (Johanna Amann, Corelight)
+
 8.1.0-dev.644 | 2025-10-09 13:13:10 +0200
 
   * QUIC: Introduce discarded_packet() event (Arne Welzel, Corelight)

NEWS

@@ -69,6 +69,9 @@ New Functionality
   This functionality can be controlled with ``QUIC::max_discarded_packet_events``,
   setting this variable to -1 disabled the ``QUIC::discarded_packet`` event.
 
+- Added SHA256 calculation BiFs: ``sha512_hash``, ``sha512_hash_init`, ``sha512_hash_update``,
+  and ``sha512_hash_finish``.
+
 Changed Functionality
 ---------------------
 

VERSION

@@ -1 +1 @@
-8.1.0-dev.644
+8.1.0-dev.646

src/OpaqueVal.cc

@@ -221,6 +221,8 @@ constexpr size_t SHA1VAL_STATE_SIZE = sizeof(SHA_CTX);
 
 constexpr size_t SHA256VAL_STATE_SIZE = sizeof(SHA256_CTX);
 
+constexpr size_t SHA512VAL_STATE_SIZE = sizeof(SHA512_CTX);
+
 #if ( OPENSSL_VERSION_NUMBER < 0x30000000L )
 
 // -- MD5
@@ -313,6 +315,38 @@ void do_unserialize(SHA256Val::StatePtr ptr, const char* bytes, size_t len) {
 
 void do_destroy(SHA256Val::StatePtr ptr) { hash_state_free(to_digest_ptr(ptr)); }
 
+// -- SHA512
+
+auto* to_native_ptr(SHA512Val::StatePtr ptr) { return reinterpret_cast<EVP_MD_CTX*>(ptr); }
+
+auto* to_digest_ptr(SHA512Val::StatePtr ptr) { return reinterpret_cast<detail::HashDigestState*>(ptr); }
+
+void do_init(SHA512Val::StatePtr& ptr) {
+    ptr = reinterpret_cast<SHA512Val::StatePtr>(detail::hash_init(detail::Hash_SHA512));
+}
+
+void do_clone(SHA512Val::StatePtr out, SHA512Val::StatePtr in) {
+    detail::hash_copy(to_digest_ptr(out), to_digest_ptr(in));
+}
+
+void do_feed(SHA512Val::StatePtr ptr, const void* data, size_t size) {
+    detail::hash_update(to_digest_ptr(ptr), data, size);
+}
+
+void do_get(SHA512Val::StatePtr ptr, u_char* digest) { detail::hash_final_no_free(to_digest_ptr(ptr), digest); }
+
+std::string do_serialize(SHA512Val::StatePtr ptr) {
+    auto* md = reinterpret_cast<SHA512_CTX*>(EVP_MD_CTX_md_data(to_native_ptr(ptr)));
+    return {reinterpret_cast<const char*>(md), sizeof(SHA512_CTX)};
+}
+
+void do_unserialize(SHA512Val::StatePtr ptr, const char* bytes, size_t len) {
+    auto* md = reinterpret_cast<SHA512_CTX*>(EVP_MD_CTX_md_data(to_native_ptr(ptr)));
+    memcpy(md, bytes, len);
+}
+
+void do_destroy(SHA512Val::StatePtr ptr) { hash_state_free(to_digest_ptr(ptr)); }
+
 #else
 
 // -- MD5
@@ -381,6 +415,28 @@ void do_unserialize(SHA256Val::StatePtr ptr, const char* bytes, size_t len) { me
 
 void do_destroy(SHA256Val::StatePtr ptr) { delete to_native_ptr(ptr); }
 
+// -- SHA512
+
+auto* to_native_ptr(SHA512Val::StatePtr ptr) { return reinterpret_cast<SHA512_CTX*>(ptr); }
+
+void do_init(SHA512Val::StatePtr& ptr) {
+    auto ctx = new SHA512_CTX;
+    SHA512_Init(ctx);
+    ptr = reinterpret_cast<SHA512Val::StatePtr>(ctx);
+}
+
+void do_clone(SHA512Val::StatePtr out, SHA512Val::StatePtr in) { *to_native_ptr(out) = *to_native_ptr(in); }
+
+void do_feed(SHA512Val::StatePtr ptr, const void* data, size_t size) { SHA512_Update(to_native_ptr(ptr), data, size); }
+
+void do_get(SHA512Val::StatePtr ptr, u_char* digest) { SHA512_Final(digest, to_native_ptr(ptr)); }
+
+std::string do_serialize(SHA512Val::StatePtr ptr) { return {reinterpret_cast<const char*>(ptr), sizeof(SHA512_CTX)}; }
+
+void do_unserialize(SHA512Val::StatePtr ptr, const char* bytes, size_t len) { memcpy(ptr, bytes, len); }
+
+void do_destroy(SHA512Val::StatePtr ptr) { delete to_native_ptr(ptr); }
+
 #endif
 
 } // namespace
@@ -647,6 +703,91 @@ bool SHA256Val::DoUnserializeData(BrokerDataView data) {
     return true;
 }
 
+SHA512Val::SHA512Val() : HashVal(sha512_type) {}
+
+SHA512Val::~SHA512Val() {
+    if ( ctx != nullptr )
+        do_destroy(ctx);
+}
+
+ValPtr SHA512Val::DoClone(CloneState* state) {
+    auto out = make_intrusive<SHA512Val>();
+
+    if ( IsValid() ) {
+        if ( ! out->Init() )
+            return nullptr;
+
+        do_clone(out->ctx, ctx);
+    }
+
+    return state->NewClone(this, std::move(out));
+}
+
+bool SHA512Val::DoInit() {
+    assert(! IsValid());
+    do_init(ctx);
+    return true;
+}
+
+bool SHA512Val::DoFeed(const void* data, size_t size) {
+    if ( ! IsValid() )
+        return false;
+
+    do_feed(ctx, data, size);
+    return true;
+}
+
+StringValPtr SHA512Val::DoGet() {
+    if ( ! IsValid() )
+        return val_mgr->EmptyString();
+
+    u_char digest[SHA512_DIGEST_LENGTH];
+    do_get(ctx, digest);
+    return make_intrusive<StringVal>(detail::sha512_digest_print(digest));
+}
+
+IMPLEMENT_OPAQUE_VALUE(SHA512Val)
+
+std::optional<BrokerData> SHA512Val::DoSerializeData() const {
+    BrokerListBuilder builder;
+
+    if ( ! IsValid() ) {
+        builder.Add(false);
+        return std::move(builder).Build();
+    }
+
+    builder.Add(true);
+    builder.Add(do_serialize(ctx));
+    return std::move(builder).Build();
+}
+
+bool SHA512Val::DoUnserializeData(BrokerDataView data) {
+    if ( ! data.IsList() )
+        return false;
+
+    auto d = data.ToList();
+
+    if ( d.IsEmpty() || ! d[0].IsBool() )
+        return false;
+
+    if ( ! d[0].ToBool() ) {
+        assert(! IsValid()); // default set by ctor
+        return true;
+    }
+
+    if ( d.Size() != 2 || ! d[1].IsString() )
+        return false;
+
+    auto s = d[1].ToString();
+
+    if ( s.size() != SHA512VAL_STATE_SIZE )
+        return false;
+
+    Init();
+    do_unserialize(ctx, s.data(), s.size());
+    return true;
+}
+
 EntropyVal::EntropyVal() : OpaqueVal(entropy_type) {}
 
 bool EntropyVal::Feed(const void* data, size_t size) {

src/OpaqueVal.h

@@ -313,6 +313,34 @@ private:
     StatePtr ctx = nullptr;
 };
 
+class SHA512Val : public HashVal {
+public:
+    struct State;
+
+    using StatePtr = State*;
+
+    template<class T>
+    static void digest(const T& vlist, u_char result[ZEEK_SHA512_DIGEST_LENGTH]) {
+        digest_all(detail::Hash_SHA512, vlist, result);
+    }
+
+    SHA512Val();
+    ~SHA512Val() override;
+
+    ValPtr DoClone(CloneState* state) override;
+
+protected:
+    friend class Val;
+
+    bool DoInit() override;
+    bool DoFeed(const void* data, size_t size) override;
+    StringValPtr DoGet() override;
+
+    DECLARE_OPAQUE_VALUE_DATA(SHA512Val)
+private:
+    StatePtr ctx = nullptr;
+};
+
 class EntropyVal : public OpaqueVal {
 public:
     EntropyVal();

src/Type.h

@@ -1048,6 +1048,7 @@ inline const TypePtr& error_type() { return base_type(TYPE_ERROR); }
 extern zeek::OpaqueTypePtr md5_type;
 extern zeek::OpaqueTypePtr sha1_type;
 extern zeek::OpaqueTypePtr sha256_type;
+extern zeek::OpaqueTypePtr sha512_type;
 extern zeek::OpaqueTypePtr entropy_type;
 extern zeek::OpaqueTypePtr cardinality_type;
 extern zeek::OpaqueTypePtr topk_type;

src/digest.h

@@ -60,6 +60,10 @@ inline const char* sha256_digest_print(const u_char digest[ZEEK_SHA256_DIGEST_LE
     return digest_print(digest, ZEEK_SHA256_DIGEST_LENGTH);
 }
 
+inline const char* sha512_digest_print(const u_char digest[ZEEK_SHA512_DIGEST_LENGTH]) {
+    return digest_print(digest, ZEEK_SHA512_DIGEST_LENGTH);
+}
+
 struct HashDigestState;
 
 /**

src/script_opt/FuncInfo.cc

@@ -451,6 +451,10 @@ static std::unordered_map<std::string, unsigned int> func_attrs = {
     {"sha256_hash_finish", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"sha256_hash_init", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"sha256_hash_update", ATTR_NO_SCRIPT_SIDE_EFFECTS},
+    {"sha512_hash", ATTR_FOLDABLE},
+    {"sha512_hash_finish", ATTR_NO_SCRIPT_SIDE_EFFECTS},
+    {"sha512_hash_init", ATTR_NO_SCRIPT_SIDE_EFFECTS},
+    {"sha512_hash_update", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"skip_further_processing", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"skip_http_entity_data", ATTR_NO_SCRIPT_SIDE_EFFECTS},
     {"skip_smtp_data", ATTR_NO_SCRIPT_SIDE_EFFECTS},

src/zeek-setup.cc

@@ -156,6 +156,7 @@ const char* proc_status_file = nullptr;
 zeek::OpaqueTypePtr md5_type;
 zeek::OpaqueTypePtr sha1_type;
 zeek::OpaqueTypePtr sha256_type;
+zeek::OpaqueTypePtr sha512_type;
 zeek::OpaqueTypePtr entropy_type;
 zeek::OpaqueTypePtr cardinality_type;
 zeek::OpaqueTypePtr topk_type;
@@ -683,6 +684,7 @@ SetupResult setup(int argc, char** argv, Options* zopts) {
     md5_type = make_intrusive<OpaqueType>("md5");
     sha1_type = make_intrusive<OpaqueType>("sha1");
     sha256_type = make_intrusive<OpaqueType>("sha256");
+    sha512_type = make_intrusive<OpaqueType>("sha512");
     entropy_type = make_intrusive<OpaqueType>("entropy");
     cardinality_type = make_intrusive<OpaqueType>("cardinality");
     topk_type = make_intrusive<OpaqueType>("topk");

src/zeek.bif

@@ -737,6 +737,7 @@ function sleep%(i: interval%): interval
 ## .. zeek:see:: md5_hmac md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash_init sha512_hash_update sha512_hash_finish
 ##
 ## .. note::
 ##
@@ -757,6 +758,7 @@ function md5_hash%(...%): string
 ## .. zeek:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash_init sha512_hash_update sha512_hash_finish
 ##
 ## .. note::
 ##
@@ -777,6 +779,7 @@ function sha1_hash%(...%): string
 ## .. zeek:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash_init sha512_hash_update sha512_hash_finish
 ##
 ## .. note::
 ##
@@ -790,6 +793,27 @@ function sha256_hash%(...%): string
 	return zeek::make_intrusive<zeek::StringVal>(zeek::detail::sha256_digest_print(digest));
 	%}
 
+## Computes the SHA512 hash value of the provided list of arguments.
+##
+## Returns: The SHA512 hash value of the concatenated arguments.
+##
+## .. zeek:see:: md5_hash md5_hmac md5_hash_init md5_hash_update md5_hash_finish
+##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
+##    sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash_init sha512_hash_update sha512_hash_finish
+##
+## .. note::
+##
+##      This function performs a one-shot computation of its arguments.
+##      For incremental hash computation, see :zeek:id:`sha512_hash_init` and
+##      friends.
+function sha512_hash%(...%): string
+	%{
+	unsigned char digest[ZEEK_SHA512_DIGEST_LENGTH];
+	SHA512Val::digest(@ARG@, digest);
+	return zeek::make_intrusive<zeek::StringVal>(zeek::detail::sha512_digest_print(digest));
+	%}
+
 ## Computes an HMAC-MD5 hash value of the provided list of arguments. The HMAC
 ## secret key is generated from available entropy when Zeek starts up, or it can
 ## be specified for repeatability using the ``-K`` command line flag.
@@ -799,6 +823,7 @@ function sha256_hash%(...%): string
 ## .. zeek:see:: md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash_init sha512_hash_update sha512_hash_finish
 function md5_hmac%(...%): string
 	%{
 	unsigned char hmac[ZEEK_MD5_DIGEST_LENGTH];
@@ -881,6 +906,32 @@ function sha256_hash_init%(%): opaque of sha256
 	return std::move(digest);
 	%}
 
+## Constructs an SHA512 handle to enable incremental hash computation. You can
+## feed data to the returned opaque value with :zeek:id:`sha512_hash_update` and
+## finally need to call :zeek:id:`sha512_hash_finish` to finish the computation
+## and get the hash digest.
+##
+## For example, when computing incremental SHA512 values of transferred files in
+## multiple concurrent HTTP connections, one keeps an optional handle in the
+## HTTP session record. Then, one would call
+## ``c$http$sha512_handle = sha512_hash_init()`` once before invoking
+## ``sha512_hash_update(c$http$sha512_handle, some_more_data)`` in the
+## :zeek:id:`http_entity_data` event handler. When all data has arrived, a call
+## to :zeek:id:`sha512_hash_finish` returns the final hash value.
+##
+## Returns: The opaque handle associated with this hash computation.
+##
+## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
+##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
+##    sha256_hash sha256_hash_init sha256_hash_update
+##    sha512_hash sha512_hash_update sha512_hash_finish
+function sha512_hash_init%(%): opaque of sha512
+	%{
+	auto digest = zeek::make_intrusive<zeek::SHA512Val>();
+	digest->Init();
+	return std::move(digest);
+	%}
+
 ## Updates the MD5 value associated with a given index. It is required to
 ## call :zeek:id:`md5_hash_init` once before calling this
 ## function.
@@ -894,6 +945,7 @@ function sha256_hash_init%(%): opaque of sha256
 ## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash sha512_hash_update sha512_hash_finish
 function md5_hash_update%(handle: opaque of md5, data: string%): bool
 	%{
 	bool rc = static_cast<HashVal*>(handle)->Feed(data->Bytes(), data->Len());
@@ -913,6 +965,7 @@ function md5_hash_update%(handle: opaque of md5, data: string%): bool
 ## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash sha512_hash_update sha512_hash_finish
 function sha1_hash_update%(handle: opaque of sha1, data: string%): bool
 	%{
 	bool rc = static_cast<HashVal*>(handle)->Feed(data->Bytes(), data->Len());
@@ -932,12 +985,33 @@ function sha1_hash_update%(handle: opaque of sha1, data: string%): bool
 ## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_finish
+##    sha512_hash sha512_hash_update sha512_hash_finish
 function sha256_hash_update%(handle: opaque of sha256, data: string%): bool
 	%{
 	bool rc = static_cast<HashVal*>(handle)->Feed(data->Bytes(), data->Len());
 	return zeek::val_mgr->Bool(rc);
 	%}
 
+## Updates the SHA512 value associated with a given index. It is required to
+## call :zeek:id:`sha512_hash_init` once before calling this
+## function.
+##
+## handle: The opaque handle associated with this hash computation.
+##
+## data: The data to add to the hash computation.
+##
+## Returns: True on success.
+##
+## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
+##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
+##    sha256_hash sha256_hash_init sha256_hash_update
+##    sha512_hash sha512_hash_init sha512_hash_finish
+function sha512_hash_update%(handle: opaque of sha512, data: string%): bool
+	%{
+	bool rc = static_cast<HashVal*>(handle)->Feed(data->Bytes(), data->Len());
+	return zeek::val_mgr->Bool(rc);
+	%}
+
 ## Returns the final MD5 digest of an incremental hash computation.
 ##
 ## handle: The opaque handle associated with this hash computation.
@@ -947,6 +1021,7 @@ function sha256_hash_update%(handle: opaque of sha256, data: string%): bool
 ## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash sha512_hash_update sha512_hash_finish
 function md5_hash_finish%(handle: opaque of md5%): string
 	%{
 	return static_cast<HashVal*>(handle)->Get();
@@ -961,6 +1036,7 @@ function md5_hash_finish%(handle: opaque of md5%): string
 ## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update
 ##    sha256_hash sha256_hash_init sha256_hash_update sha256_hash_finish
+##    sha512_hash sha512_hash_update sha512_hash_finish
 function sha1_hash_finish%(handle: opaque of sha1%): string
 	%{
 	return static_cast<HashVal*>(handle)->Get();
@@ -975,11 +1051,27 @@ function sha1_hash_finish%(handle: opaque of sha1%): string
 ## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
 ##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
 ##    sha256_hash sha256_hash_init sha256_hash_update
+##    sha512_hash sha512_hash_update sha512_hash_finish
 function sha256_hash_finish%(handle: opaque of sha256%): string
 	%{
 	return static_cast<HashVal*>(handle)->Get();
 	%}
 
+## Returns the final SHA512 digest of an incremental hash computation.
+##
+## handle: The opaque handle associated with this hash computation.
+##
+## Returns: The hash value associated with the computation of *handle*.
+##
+## .. zeek:see:: md5_hmac md5_hash md5_hash_init md5_hash_update md5_hash_finish
+##    sha1_hash sha1_hash_init sha1_hash_update sha1_hash_finish
+##    sha256_hash sha256_hash_init sha256_hash_update
+##    sha512_hash sha512_hash_init sha512_hash_update
+function sha512_hash_finish%(handle: opaque of sha512%): string
+	%{
+	return static_cast<HashVal*>(handle)->Get();
+	%}
+
 ## Initializes and returns a new paraglob.
 ##
 ## v: Vector of patterns to initialize the paraglob with.

testing/btest/Baseline/bifs.sha512/output

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+05f70341078acf6a06d423d21720f9643d5f953626d88a02636dc3a9e79582aeb0c820857fd3f8dc502aa8360d2c8fa97a985fda5b629b809cad18ffb62d3899
+0a839843055813256c8cfe2dbe748957b66a10ed4407d4607c10bcc10b95e2e80d010e1810c4c9d4c9cc4d9964b0d07b06c4c8e9d43bbca79b222a5c9d3fe803
+05f70341078acf6a06d423d21720f9643d5f953626d88a02636dc3a9e79582aeb0c820857fd3f8dc502aa8360d2c8fa97a985fda5b629b809cad18ffb62d3899
+0a839843055813256c8cfe2dbe748957b66a10ed4407d4607c10bcc10b95e2e80d010e1810c4c9d4c9cc4d9964b0d07b06c4c8e9d43bbca79b222a5c9d3fe803

testing/btest/Baseline/broker.opaque/out

@@ -24,6 +24,9 @@ opaque of sha1
 opaque of sha256
 25b6746d5172ed6352966a013d93ac846e1110d5a25e8f183b5931f4688842a1
 25b6746d5172ed6352966a013d93ac846e1110d5a25e8f183b5931f4688842a1
+opaque of sha512
+04aebe936d8eab8a145ce973d1101ac89ea8a2192ca43d3c986ba73ad3de1a58a6a5c95d85d86fc1900d24bad1334d56e550d1a23baf3f867f56fb64aaed0d59
+04aebe936d8eab8a145ce973d1101ac89ea8a2192ca43d3c986ba73ad3de1a58a6a5c95d85d86fc1900d24bad1334d56e550d1a23baf3f867f56fb64aaed0d59
 ============ X509
 opaque of x509
 [version=3, serial=040000000001154B5AC394, subject=CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE, issuer=CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE, cn=GlobalSign Root CA, not_valid_before=XXXXXXXXXX.XXXXXX, not_valid_after=1832673600.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>, tbs_sig_alg=sha1WithRSAEncryption]

testing/btest/Baseline/language.copy-all-opaques/out

@@ -18,6 +18,8 @@
 30ae97492ce1da88d0e7117ace0a60a6f9e1e0bc
 25b6746d5172ed6352966a013d93ac846e1110d5a25e8f183b5931f4688842a1
 25b6746d5172ed6352966a013d93ac846e1110d5a25e8f183b5931f4688842a1
+04aebe936d8eab8a145ce973d1101ac89ea8a2192ca43d3c986ba73ad3de1a58a6a5c95d85d86fc1900d24bad1334d56e550d1a23baf3f867f56fb64aaed0d59
+04aebe936d8eab8a145ce973d1101ac89ea8a2192ca43d3c986ba73ad3de1a58a6a5c95d85d86fc1900d24bad1334d56e550d1a23baf3f867f56fb64aaed0d59
 ============ X509
 [version=3, serial=040000000001154B5AC394, subject=CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE, issuer=CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE, cn=GlobalSign Root CA, not_valid_before=XXXXXXXXXX.XXXXXX, not_valid_after=1832673600.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>, tbs_sig_alg=sha1WithRSAEncryption]
 [version=3, serial=040000000001154B5AC394, subject=CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE, issuer=CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE, cn=GlobalSign Root CA, not_valid_before=XXXXXXXXXX.XXXXXX, not_valid_after=1832673600.0, key_alg=rsaEncryption, sig_alg=sha1WithRSAEncryption, key_type=rsa, key_length=2048, exponent=65537, curve=<uninitialized>, tbs_sig_alg=sha1WithRSAEncryption]

testing/btest/bifs/sha512.test

@@ -0,0 +1,16 @@
+# @TEST-EXEC: zeek -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+print sha512_hash("one");
+print sha512_hash("one", "two", "three");
+
+local a = sha512_hash_init();
+local b = sha512_hash_init();
+
+sha512_hash_update(a, "one");
+sha512_hash_update(b, "one");
+sha512_hash_update(b, "two");
+sha512_hash_update(b, "three");
+
+print sha512_hash_finish(a);
+print sha512_hash_finish(b);

testing/btest/broker/opaque.zeek

@@ -77,6 +77,15 @@ event zeek_init()
 	print sha256_hash_finish(sha256a);
 	print sha256_hash_finish(sha256b);
 
+	local sha512a = sha512_hash_init();
+	sha512_hash_update(sha512a, "one");
+	local sha512b = Broker::__opaque_clone_through_serialization(sha512a);
+	print type_name(sha512b);
+	sha512_hash_update(sha512a, "two");
+	sha512_hash_update(sha512b, "two");
+	print sha512_hash_finish(sha512a);
+	print sha512_hash_finish(sha512b);
+
 	print "============ X509";
 	local x509 = x509_from_der("\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0");
 	local x5092 = Broker::__opaque_clone_through_serialization(x509);

testing/btest/language/copy-all-opaques.zeek

@@ -70,6 +70,14 @@ event zeek_init()
 	print sha256_hash_finish(sha256a);
 	print sha256_hash_finish(sha256b);
 
+	local sha512a = sha512_hash_init();
+	sha512_hash_update(sha512a, "one");
+	local sha512b = copy(sha512a);
+	sha512_hash_update(sha512a, "two");
+	sha512_hash_update(sha512b, "two");
+	print sha512_hash_finish(sha512a);
+	print sha512_hash_finish(sha512b);
+
 	print "============ X509";
 	local x509 = x509_from_der("\x30\x82\x03\x75\x30\x82\x02\x5D\xA0\x03\x02\x01\x02\x02\x0B\x04\x00\x00\x00\x00\x01\x15\x4B\x5A\xC3\x94\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x1E\x17\x0D\x39\x38\x30\x39\x30\x31\x31\x32\x30\x30\x30\x30\x5A\x17\x0D\x32\x38\x30\x31\x32\x38\x31\x32\x30\x30\x30\x30\x5A\x30\x57\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x42\x45\x31\x19\x30\x17\x06\x03\x55\x04\x0A\x13\x10\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x6E\x76\x2D\x73\x61\x31\x10\x30\x0E\x06\x03\x55\x04\x0B\x13\x07\x52\x6F\x6F\x74\x20\x43\x41\x31\x1B\x30\x19\x06\x03\x55\x04\x03\x13\x12\x47\x6C\x6F\x62\x61\x6C\x53\x69\x67\x6E\x20\x52\x6F\x6F\x74\x20\x43\x41\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xDA\x0E\xE6\x99\x8D\xCE\xA3\xE3\x4F\x8A\x7E\xFB\xF1\x8B\x83\x25\x6B\xEA\x48\x1F\xF1\x2A\xB0\xB9\x95\x11\x04\xBD\xF0\x63\xD1\xE2\x67\x66\xCF\x1C\xDD\xCF\x1B\x48\x2B\xEE\x8D\x89\x8E\x9A\xAF\x29\x80\x65\xAB\xE9\xC7\x2D\x12\xCB\xAB\x1C\x4C\x70\x07\xA1\x3D\x0A\x30\xCD\x15\x8D\x4F\xF8\xDD\xD4\x8C\x50\x15\x1C\xEF\x50\xEE\xC4\x2E\xF7\xFC\xE9\x52\xF2\x91\x7D\xE0\x6D\xD5\x35\x30\x8E\x5E\x43\x73\xF2\x41\xE9\xD5\x6A\xE3\xB2\x89\x3A\x56\x39\x38\x6F\x06\x3C\x88\x69\x5B\x2A\x4D\xC5\xA7\x54\xB8\x6C\x89\xCC\x9B\xF9\x3C\xCA\xE5\xFD\x89\xF5\x12\x3C\x92\x78\x96\xD6\xDC\x74\x6E\x93\x44\x61\xD1\x8D\xC7\x46\xB2\x75\x0E\x86\xE8\x19\x8A\xD5\x6D\x6C\xD5\x78\x16\x95\xA2\xE9\xC8\x0A\x38\xEB\xF2\x24\x13\x4F\x73\x54\x93\x13\x85\x3A\x1B\xBC\x1E\x34\xB5\x8B\x05\x8C\xB9\x77\x8B\xB1\xDB\x1F\x20\x91\xAB\x09\x53\x6E\x90\xCE\x7B\x37\x74\xB9\x70\x47\x91\x22\x51\x63\x16\x79\xAE\xB1\xAE\x41\x26\x08\xC8\x19\x2B\xD1\x46\xAA\x48\xD6\x64\x2A\xD7\x83\x34\xFF\x2C\x2A\xC1\x6C\x19\x43\x4A\x07\x85\xE7\xD3\x7C\xF6\x21\x68\xEF\xEA\xF2\x52\x9F\x7F\x93\x90\xCF\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x60\x7B\x66\x1A\x45\x0D\x97\xCA\x89\x50\x2F\x7D\x04\xCD\x34\xA8\xFF\xFC\xFD\x4B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x01\x01\x00\xD6\x73\xE7\x7C\x4F\x76\xD0\x8D\xBF\xEC\xBA\xA2\xBE\x34\xC5\x28\x32\xB5\x7C\xFC\x6C\x9C\x2C\x2B\xBD\x09\x9E\x53\xBF\x6B\x5E\xAA\x11\x48\xB6\xE5\x08\xA3\xB3\xCA\x3D\x61\x4D\xD3\x46\x09\xB3\x3E\xC3\xA0\xE3\x63\x55\x1B\xF2\xBA\xEF\xAD\x39\xE1\x43\xB9\x38\xA3\xE6\x2F\x8A\x26\x3B\xEF\xA0\x50\x56\xF9\xC6\x0A\xFD\x38\xCD\xC4\x0B\x70\x51\x94\x97\x98\x04\xDF\xC3\x5F\x94\xD5\x15\xC9\x14\x41\x9C\xC4\x5D\x75\x64\x15\x0D\xFF\x55\x30\xEC\x86\x8F\xFF\x0D\xEF\x2C\xB9\x63\x46\xF6\xAA\xFC\xDF\xBC\x69\xFD\x2E\x12\x48\x64\x9A\xE0\x95\xF0\xA6\xEF\x29\x8F\x01\xB1\x15\xB5\x0C\x1D\xA5\xFE\x69\x2C\x69\x24\x78\x1E\xB3\xA7\x1C\x71\x62\xEE\xCA\xC8\x97\xAC\x17\x5D\x8A\xC2\xF8\x47\x86\x6E\x2A\xC4\x56\x31\x95\xD0\x67\x89\x85\x2B\xF9\x6C\xA6\x5D\x46\x9D\x0C\xAA\x82\xE4\x99\x51\xDD\x70\xB7\xDB\x56\x3D\x61\xE4\x6A\xE1\x5C\xD6\xF6\xFE\x3D\xDE\x41\xCC\x07\xAE\x63\x52\xBF\x53\x53\xF4\x2B\xE9\xC7\xFD\xB6\xF7\x82\x5F\x85\xD2\x41\x18\xDB\x81\xB3\x04\x1C\xC5\x1F\xA4\x80\x6F\x15\x20\xC9\xDE\x0C\x88\x0A\x1D\xD6\x66\x55\xE2\xFC\x48\xC9\x29\x26\x69\xE0");
 	local x5092 = copy(x509);