Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/library/md.c b/library/md.c
index d9ff699..28261ac 100644
--- a/library/md.c
+++ b/library/md.c
@@ -97,14 +97,16 @@
};
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
const mbedtls_md_info_t mbedtls_sha224_info = {
"SHA224",
MBEDTLS_MD_SHA224,
28,
64,
};
+#endif
+#if defined(MBEDTLS_SHA256_C)
const mbedtls_md_info_t mbedtls_sha256_info = {
"SHA256",
MBEDTLS_MD_SHA256,
@@ -146,6 +148,8 @@
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_MD_SHA256,
+#endif
+#if defined(MBEDTLS_SHA224_C)
MBEDTLS_MD_SHA224,
#endif
@@ -203,9 +207,11 @@
if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
if( !strcmp( "SHA224", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
if( !strcmp( "SHA256", md_name ) )
return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
#endif
@@ -244,9 +250,11 @@
case MBEDTLS_MD_SHA1:
return( &mbedtls_sha1_info );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
return( &mbedtls_sha224_info );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( &mbedtls_sha256_info );
#endif
@@ -302,8 +310,12 @@
mbedtls_sha1_free( ctx->md_ctx );
break;
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
+ mbedtls_sha256_free( ctx->md_ctx );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
mbedtls_sha256_free( ctx->md_ctx );
break;
@@ -372,8 +384,12 @@
mbedtls_sha1_clone( dst->md_ctx, src->md_ctx );
break;
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
+ mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
break;
@@ -440,8 +456,12 @@
ALLOC( sha1 );
break;
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
+ ALLOC( sha256 );
+ break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
ALLOC( sha256 );
break;
@@ -501,9 +521,11 @@
case MBEDTLS_MD_SHA1:
return( mbedtls_sha1_starts_ret( ctx->md_ctx ) );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
#endif
@@ -547,8 +569,11 @@
case MBEDTLS_MD_SHA1:
return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
+ return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
#endif
@@ -592,8 +617,11 @@
case MBEDTLS_MD_SHA1:
return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
+ return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
#endif
@@ -638,9 +666,11 @@
case MBEDTLS_MD_SHA1:
return( mbedtls_sha1_ret( input, ilen, output ) );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
#endif
@@ -848,8 +878,11 @@
case MBEDTLS_MD_SHA1:
return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
+ return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
#endif
diff --git a/library/md_wrap.h b/library/md_wrap.h
index bfe6537..51655f9 100644
--- a/library/md_wrap.h
+++ b/library/md_wrap.h
@@ -72,8 +72,10 @@
#if defined(MBEDTLS_SHA1_C)
extern const mbedtls_md_info_t mbedtls_sha1_info;
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
extern const mbedtls_md_info_t mbedtls_sha224_info;
+#endif
+#if defined(MBEDTLS_SHA256_C)
extern const mbedtls_md_info_t mbedtls_sha256_info;
#endif
#if defined(MBEDTLS_SHA384_C)
diff --git a/library/oid.c b/library/oid.c
index 19c8ac2..fe46366 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -345,11 +345,13 @@
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" },
MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
},
+#endif
+#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" },
MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
@@ -379,11 +381,13 @@
MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
{
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" },
MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
},
+#endif
+#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" },
MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
@@ -602,11 +606,13 @@
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
MBEDTLS_MD_SHA224,
},
+#endif
+#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" },
MBEDTLS_MD_SHA256,
@@ -654,11 +660,13 @@
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
{
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" },
MBEDTLS_MD_SHA224,
},
+#endif
+#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" },
MBEDTLS_MD_SHA256,
diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c
index 2605179..d0f986e 100644
--- a/library/psa_crypto_hash.c
+++ b/library/psa_crypto_hash.c
@@ -96,7 +96,7 @@
case PSA_ALG_SHA_1:
return( &mbedtls_sha1_info );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case PSA_ALG_SHA_224:
return( &mbedtls_sha224_info );
#endif
diff --git a/library/sha256.c b/library/sha256.c
index a94f325..264d33a 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -105,6 +105,12 @@
SHA256_VALIDATE_RET( ctx != NULL );
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+#if defined(MBEDTLS_SHA224_C)
+ SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+#else
+ SHA256_VALIDATE_RET( is224 == 0 );
+#endif
+
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -122,6 +128,7 @@
}
else
{
+#if defined(MBEDTLS_SHA224_C)
/* SHA-224 */
ctx->state[0] = 0xC1059ED8;
ctx->state[1] = 0x367CD507;
@@ -131,6 +138,7 @@
ctx->state[5] = 0x68581511;
ctx->state[6] = 0x64F98FA7;
ctx->state[7] = 0xBEFA4FA4;
+#endif
}
ctx->is224 = is224;
@@ -388,7 +396,9 @@
PUT_UINT32_BE( ctx->state[5], output, 20 );
PUT_UINT32_BE( ctx->state[6], output, 24 );
+#if defined(MBEDTLS_SHA224_C)
if( ctx->is224 == 0 )
+#endif
PUT_UINT32_BE( ctx->state[7], output, 28 );
return( 0 );
@@ -407,7 +417,12 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha256_context ctx;
+#if defined(MBEDTLS_SHA224_C)
SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+#else
+ SHA256_VALIDATE_RET( is224 == 0 );
+#endif
+
SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index fa89a07..22484f7 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -44,7 +44,7 @@
* available. Try SHA-256 first, 512 wastes resources since we need to stay
* with max 32 bytes of cookie for DTLS 1.0
*/
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
#define COOKIE_MD MBEDTLS_MD_SHA224
#define COOKIE_MD_OUTLEN 32
#define COOKIE_HMAC_LEN 28
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fbd2013..3d1b84f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6468,6 +6468,8 @@
#endif
#if defined(MBEDTLS_SHA256_C)
MBEDTLS_MD_SHA256,
+#endif
+#if defined(MBEDTLS_SHA224_C)
MBEDTLS_MD_SHA224,
#endif
#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
@@ -6815,9 +6817,11 @@
case MBEDTLS_SSL_HASH_SHA1:
return( MBEDTLS_MD_SHA1 );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_SSL_HASH_SHA224:
return( MBEDTLS_MD_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_SSL_HASH_SHA256:
return( MBEDTLS_MD_SHA256 );
#endif
@@ -6849,9 +6853,11 @@
case MBEDTLS_MD_SHA1:
return( MBEDTLS_SSL_HASH_SHA1 );
#endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
case MBEDTLS_MD_SHA224:
return( MBEDTLS_SSL_HASH_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_MD_SHA256:
return( MBEDTLS_SSL_HASH_SHA256 );
#endif
diff --git a/library/version_features.c b/library/version_features.c
index 275aaa6..39b877a 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -759,6 +759,9 @@
#if defined(MBEDTLS_SHA256_C)
"MBEDTLS_SHA256_C",
#endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA224_C)
+ "MBEDTLS_SHA224_C",
+#endif /* MBEDTLS_SHA224_C */
#if defined(MBEDTLS_SHA512_C)
"MBEDTLS_SHA512_C",
#endif /* MBEDTLS_SHA512_C */