TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / refs/heads/mbedtls-2.28 / . / library / sha256.c
blob: 74f32369bb72319e00ce60b1e47a4c1dcc594c4a [file] [log] [blame]
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]1/*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]4 * Copyright The Mbed TLS Contributors
Dave Rodgman7ff79652023-11-03 12:04:52 +0000[diff] [blame]5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]6 */
7/*
8 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
9 *
10 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
11 */
12
Gilles Peskinedb09ef62020-06-03 01:43:33 +0200[diff] [blame]13#include "common.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]14
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]15#if defined(MBEDTLS_SHA256_C)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]16
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]17#include "mbedtls/sha256.h"
Andres Amaya Garcia1f6301b2018-04-17 09:51:09 -0500[diff] [blame]18#include "mbedtls/platform_util.h"
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]19#include "mbedtls/error.h"
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]20
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]21#include <string.h>
22
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]23#include "mbedtls/platform.h"
Paul Bakker7dc4c442014-02-01 22:50:26 +0100[diff] [blame]24
Hanno Becker2f6de422018-12-20 10:22:32 +0000[diff] [blame]25#define SHA256_VALIDATE_RET(cond) \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]26 MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA)
27#define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond)
Hanno Becker2f6de422018-12-20 10:22:32 +0000[diff] [blame]28
Manuel Pégourié-Gonnard8b2641d2015-08-27 20:03:46 +0200[diff] [blame]29#if !defined(MBEDTLS_SHA256_ALT)
30
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]31void mbedtls_sha256_init(mbedtls_sha256_context *ctx)
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]32{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]33 SHA256_VALIDATE(ctx != NULL);
Andres Amaya Garcia79e593f2018-12-09 20:41:20 +0000[diff] [blame]34
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]35 memset(ctx, 0, sizeof(mbedtls_sha256_context));
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]36}
37
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]38void mbedtls_sha256_free(mbedtls_sha256_context *ctx)
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]39{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]40 if (ctx == NULL) {
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]41 return;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]42 }
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]43
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]44 mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context));
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]45}
46
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]47void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
48 const mbedtls_sha256_context *src)
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]49{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]50 SHA256_VALIDATE(dst != NULL);
51 SHA256_VALIDATE(src != NULL);
Andres Amaya Garcia79e593f2018-12-09 20:41:20 +0000[diff] [blame]52
Manuel Pégourié-Gonnard16d412f2015-07-06 15:26:26 +0200[diff] [blame]53 *dst = *src;
54}
55
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]56/*
57 * SHA-256 context setup
58 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]59int mbedtls_sha256_starts_ret(mbedtls_sha256_context *ctx, int is224)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]60{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]61 SHA256_VALIDATE_RET(ctx != NULL);
62 SHA256_VALIDATE_RET(is224 == 0 || is224 == 1);
Andres Amaya Garcia79e593f2018-12-09 20:41:20 +0000[diff] [blame]63
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]64 ctx->total[0] = 0;
65 ctx->total[1] = 0;
66
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]67 if (is224 == 0) {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]68 /* SHA-256 */
69 ctx->state[0] = 0x6A09E667;
70 ctx->state[1] = 0xBB67AE85;
71 ctx->state[2] = 0x3C6EF372;
72 ctx->state[3] = 0xA54FF53A;
73 ctx->state[4] = 0x510E527F;
74 ctx->state[5] = 0x9B05688C;
75 ctx->state[6] = 0x1F83D9AB;
76 ctx->state[7] = 0x5BE0CD19;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]77 } else {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]78 /* SHA-224 */
79 ctx->state[0] = 0xC1059ED8;
80 ctx->state[1] = 0x367CD507;
81 ctx->state[2] = 0x3070DD17;
82 ctx->state[3] = 0xF70E5939;
83 ctx->state[4] = 0xFFC00B31;
84 ctx->state[5] = 0x68581511;
85 ctx->state[6] = 0x64F98FA7;
86 ctx->state[7] = 0xBEFA4FA4;
87 }
88
89 ctx->is224 = is224;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]90
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]91 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]92}
93
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]94#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]95void mbedtls_sha256_starts(mbedtls_sha256_context *ctx,
96 int is224)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]97{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]98 mbedtls_sha256_starts_ret(ctx, is224);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]99}
100#endif
101
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]102#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]103static const uint32_t K[] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]104{
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]105 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
106 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
107 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
108 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
109 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
110 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
111 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
112 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
113 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
114 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
115 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
116 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
117 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
118 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
119 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
120 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
121};
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]122
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]123#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n))
124#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n))))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]125
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]126#define S0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
127#define S1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]128
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]129#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
130#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]131
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]132#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
133#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]134
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]135#define R(t) \
136 ( \
137 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
138 S0(local.W[(t) - 15]) + local.W[(t) - 16] \
Hanno Becker1eeca412018-10-15 12:01:35 +0100[diff] [blame]139 )
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]140
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]141#define P(a, b, c, d, e, f, g, h, x, K) \
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]142 do \
143 { \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]144 local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \
145 local.temp2 = S2(a) + F0((a), (b), (c)); \
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]146 (d) += local.temp1; (h) = local.temp1 + local.temp2; \
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]147 } while (0)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]148
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]149int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
150 const unsigned char data[64])
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]151{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]152 struct {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]153 uint32_t temp1, temp2, W[64];
154 uint32_t A[8];
155 } local;
156
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]157 unsigned int i;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]158
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]159 SHA256_VALIDATE_RET(ctx != NULL);
160 SHA256_VALIDATE_RET((const unsigned char *) data != NULL);
Andres Amaya Garcia79e593f2018-12-09 20:41:20 +0000[diff] [blame]161
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]162 for (i = 0; i < 8; i++) {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]163 local.A[i] = ctx->state[i];
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]164 }
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]165
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]166#if defined(MBEDTLS_SHA256_SMALLER)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]167 for (i = 0; i < 64; i++) {
168 if (i < 16) {
169 local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i);
170 } else {
171 R(i);
172 }
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]173
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]174 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
175 local.A[5], local.A[6], local.A[7], local.W[i], K[i]);
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]176
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]177 local.temp1 = local.A[7]; local.A[7] = local.A[6];
178 local.A[6] = local.A[5]; local.A[5] = local.A[4];
179 local.A[4] = local.A[3]; local.A[3] = local.A[2];
180 local.A[2] = local.A[1]; local.A[1] = local.A[0];
181 local.A[0] = local.temp1;
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]182 }
183#else /* MBEDTLS_SHA256_SMALLER */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]184 for (i = 0; i < 16; i++) {
185 local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i);
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]186 }
187
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]188 for (i = 0; i < 16; i += 8) {
189 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
190 local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0]);
191 P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
192 local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1]);
193 P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
194 local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2]);
195 P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
196 local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3]);
197 P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
198 local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4]);
199 P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
200 local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5]);
201 P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
202 local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6]);
203 P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
204 local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7]);
205 }
206
207 for (i = 16; i < 64; i += 8) {
208 P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
209 local.A[5], local.A[6], local.A[7], R(i+0), K[i+0]);
210 P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
211 local.A[4], local.A[5], local.A[6], R(i+1), K[i+1]);
212 P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
213 local.A[3], local.A[4], local.A[5], R(i+2), K[i+2]);
214 P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
215 local.A[2], local.A[3], local.A[4], R(i+3), K[i+3]);
216 P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
217 local.A[1], local.A[2], local.A[3], R(i+4), K[i+4]);
218 P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
219 local.A[0], local.A[1], local.A[2], R(i+5), K[i+5]);
220 P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
221 local.A[7], local.A[0], local.A[1], R(i+6), K[i+6]);
222 P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
223 local.A[6], local.A[7], local.A[0], R(i+7), K[i+7]);
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]224 }
Manuel Pégourié-Gonnardeb0d8702015-05-28 12:54:04 +0200[diff] [blame]225#endif /* MBEDTLS_SHA256_SMALLER */
Manuel Pégourié-Gonnarda7a3a5f2015-05-28 12:14:49 +0200[diff] [blame]226
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]227 for (i = 0; i < 8; i++) {
gabor-mezei-arm4cb56f82020-08-25 19:12:01 +0200[diff] [blame]228 ctx->state[i] += local.A[i];
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]229 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]230
gabor-mezei-arm76749ae2020-07-30 16:41:25 +0200[diff] [blame]231 /* Zeroise buffers and variables to clear sensitive data from memory. */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]232 mbedtls_platform_zeroize(&local, sizeof(local));
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]233
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]234 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]235}
Jaeden Amero041039f2018-02-19 15:28:08 +0000[diff] [blame]236
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]237#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]238void mbedtls_sha256_process(mbedtls_sha256_context *ctx,
239 const unsigned char data[64])
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]240{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]241 mbedtls_internal_sha256_process(ctx, data);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]242}
243#endif
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]244#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]245
246/*
247 * SHA-256 process buffer
248 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]249int mbedtls_sha256_update_ret(mbedtls_sha256_context *ctx,
250 const unsigned char *input,
251 size_t ilen)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]252{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]253 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]254 size_t fill;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]255 uint32_t left;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]256
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]257 SHA256_VALIDATE_RET(ctx != NULL);
258 SHA256_VALIDATE_RET(ilen == 0 || input != NULL);
Hanno Becker596e0142018-12-18 15:00:38 +0000[diff] [blame]259
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]260 if (ilen == 0) {
261 return 0;
262 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]263
264 left = ctx->total[0] & 0x3F;
265 fill = 64 - left;
266
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]267 ctx->total[0] += (uint32_t) ilen;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]268 ctx->total[0] &= 0xFFFFFFFF;
269
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]270 if (ctx->total[0] < (uint32_t) ilen) {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]271 ctx->total[1]++;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]272 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]273
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]274 if (left && ilen >= fill) {
275 memcpy((void *) (ctx->buffer + left), input, fill);
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]276
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]277 if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
278 return ret;
279 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]280
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]281 input += fill;
282 ilen -= fill;
283 left = 0;
284 }
285
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]286 while (ilen >= 64) {
287 if ((ret = mbedtls_internal_sha256_process(ctx, input)) != 0) {
288 return ret;
289 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]290
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]291 input += 64;
292 ilen -= 64;
293 }
294
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]295 if (ilen > 0) {
296 memcpy((void *) (ctx->buffer + left), input, ilen);
297 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]298
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]299 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]300}
301
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]302#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]303void mbedtls_sha256_update(mbedtls_sha256_context *ctx,
304 const unsigned char *input,
305 size_t ilen)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]306{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]307 mbedtls_sha256_update_ret(ctx, input, ilen);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]308}
309#endif
310
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]311/*
312 * SHA-256 final digest
313 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]314int mbedtls_sha256_finish_ret(mbedtls_sha256_context *ctx,
315 unsigned char output[32])
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]316{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]317 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]318 uint32_t used;
Paul Bakker5c2364c2012-10-01 14:41:15 +0000[diff] [blame]319 uint32_t high, low;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]320
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]321 SHA256_VALIDATE_RET(ctx != NULL);
322 SHA256_VALIDATE_RET((unsigned char *) output != NULL);
Andres Amaya Garcia79e593f2018-12-09 20:41:20 +0000[diff] [blame]323
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]324 /*
325 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
326 */
327 used = ctx->total[0] & 0x3F;
328
329 ctx->buffer[used++] = 0x80;
330
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]331 if (used <= 56) {
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]332 /* Enough room for padding + length in current block */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]333 memset(ctx->buffer + used, 0, 56 - used);
334 } else {
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]335 /* We'll need an extra block */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]336 memset(ctx->buffer + used, 0, 64 - used);
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]337
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]338 if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
339 return ret;
340 }
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]341
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]342 memset(ctx->buffer, 0, 56);
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]343 }
344
345 /*
346 * Add message length
347 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]348 high = (ctx->total[0] >> 29)
349 | (ctx->total[1] << 3);
350 low = (ctx->total[0] << 3);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]351
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]352 MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56);
353 MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]354
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]355 if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) {
356 return ret;
357 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]358
Manuel Pégourié-Gonnard1cc1fb02018-06-28 12:10:27 +0200[diff] [blame]359 /*
360 * Output final state
361 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]362 MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0);
363 MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4);
364 MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8);
365 MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12);
366 MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16);
367 MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20);
368 MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]369
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]370 if (ctx->is224 == 0) {
371 MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28);
372 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]373
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]374 return 0;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]375}
376
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]377#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]378void mbedtls_sha256_finish(mbedtls_sha256_context *ctx,
379 unsigned char output[32])
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]380{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]381 mbedtls_sha256_finish_ret(ctx, output);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]382}
383#endif
384
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]385#endif /* !MBEDTLS_SHA256_ALT */
Paul Bakker90995b52013-06-24 19:20:35 +0200[diff] [blame]386
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]387/*
388 * output = SHA-256( input buffer )
389 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]390int mbedtls_sha256_ret(const unsigned char *input,
391 size_t ilen,
392 unsigned char output[32],
393 int is224)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]394{
Janos Follath24eed8d2019-11-22 13:21:35 +0000[diff] [blame]395 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]396 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]397
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]398 SHA256_VALIDATE_RET(is224 == 0 || is224 == 1);
399 SHA256_VALIDATE_RET(ilen == 0 || input != NULL);
400 SHA256_VALIDATE_RET((unsigned char *) output != NULL);
Andres Amaya Garcia79e593f2018-12-09 20:41:20 +0000[diff] [blame]401
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]402 mbedtls_sha256_init(&ctx);
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]403
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]404 if ((ret = mbedtls_sha256_starts_ret(&ctx, is224)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]405 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]406 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]407
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]408 if ((ret = mbedtls_sha256_update_ret(&ctx, input, ilen)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]409 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]410 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]411
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]412 if ((ret = mbedtls_sha256_finish_ret(&ctx, output)) != 0) {
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]413 goto exit;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]414 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]415
Andres Amaya Garcia0963e6c2017-07-20 14:34:08 +0100[diff] [blame]416exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]417 mbedtls_sha256_free(&ctx);
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]418
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]419 return ret;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]420}
421
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]422#if !defined(MBEDTLS_DEPRECATED_REMOVED)
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]423void mbedtls_sha256(const unsigned char *input,
424 size_t ilen,
425 unsigned char output[32],
426 int is224)
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]427{
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]428 mbedtls_sha256_ret(input, ilen, output, is224);
Manuel Pégourié-Gonnard93c08472021-04-15 12:23:55 +0200[diff] [blame]429}
430#endif
431
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]432#if defined(MBEDTLS_SELF_TEST)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]433/*
434 * FIPS-180-2 test vectors
435 */
Manuel Pégourié-Gonnard28122e42015-03-11 09:13:42 +0000[diff] [blame]436static const unsigned char sha256_test_buf[3][57] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]437{
438 { "abc" },
439 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
440 { "" }
441};
442
Andres Amaya Garcia2d0aa8b2017-07-21 14:57:26 +0100[diff] [blame]443static const size_t sha256_test_buflen[3] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]444{
445 3, 56, 1000
446};
447
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]448static const unsigned char sha256_test_sum[6][32] =
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]449{
450 /*
451 * SHA-224 test vectors
452 */
453 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
454 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
455 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
456 0xE3, 0x6C, 0x9D, 0xA7 },
457 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
458 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
459 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
460 0x52, 0x52, 0x25, 0x25 },
461 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
462 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
463 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
464 0x4E, 0xE7, 0xAD, 0x67 },
465
466 /*
467 * SHA-256 test vectors
468 */
469 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
470 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
471 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
472 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
473 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
474 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
475 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
476 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
477 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
478 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
479 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
480 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
481};
482
483/*
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]484 * Checkup routine
485 */
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]486int mbedtls_sha256_self_test(int verbose)
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]487{
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]488 int i, j, k, buflen, ret = 0;
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]489 unsigned char *buf;
Paul Bakker9e36f042013-06-30 14:34:05 +0200[diff] [blame]490 unsigned char sha256sum[32];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]491 mbedtls_sha256_context ctx;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]492
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]493 buf = mbedtls_calloc(1024, sizeof(unsigned char));
494 if (NULL == buf) {
495 if (verbose != 0) {
496 mbedtls_printf("Buffer allocation failed\n");
497 }
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]498
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]499 return 1;
Russ Butlerbb83b422016-10-12 17:36:50 -0500[diff] [blame]500 }
501
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]502 mbedtls_sha256_init(&ctx);
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]503
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]504 for (i = 0; i < 6; i++) {
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]505 j = i % 3;
506 k = i < 3;
507
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]508 if (verbose != 0) {
509 mbedtls_printf(" SHA-%d test #%d: ", 256 - k * 32, j + 1);
510 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]511
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]512 if ((ret = mbedtls_sha256_starts_ret(&ctx, k)) != 0) {
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]513 goto fail;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]514 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]515
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]516 if (j == 2) {
517 memset(buf, 'a', buflen = 1000);
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]518
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]519 for (j = 0; j < 1000; j++) {
520 ret = mbedtls_sha256_update_ret(&ctx, buf, buflen);
521 if (ret != 0) {
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]522 goto fail;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]523 }
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]524 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]525
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]526 } else {
527 ret = mbedtls_sha256_update_ret(&ctx, sha256_test_buf[j],
528 sha256_test_buflen[j]);
529 if (ret != 0) {
530 goto fail;
531 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]532 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]533
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]534 if ((ret = mbedtls_sha256_finish_ret(&ctx, sha256sum)) != 0) {
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]535 goto fail;
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]536 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]537
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]538
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]539 if (memcmp(sha256sum, sha256_test_sum[i], 32 - k * 4) != 0) {
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]540 ret = 1;
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]541 goto fail;
Andres Amaya Garcia6a3f3052017-07-20 14:18:54 +0100[diff] [blame]542 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]543
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]544 if (verbose != 0) {
545 mbedtls_printf("passed\n");
546 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]547 }
548
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]549 if (verbose != 0) {
550 mbedtls_printf("\n");
551 }
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]552
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]553 goto exit;
554
555fail:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]556 if (verbose != 0) {
557 mbedtls_printf("failed\n");
558 }
Andres Amaya Garcia72a7f532017-05-02 11:38:47 +0100[diff] [blame]559
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]560exit:
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]561 mbedtls_sha256_free(&ctx);
562 mbedtls_free(buf);
Paul Bakker5b4af392014-06-26 12:09:34 +0200[diff] [blame]563
Gilles Peskine1b6c09a2023-01-11 14:52:35 +0100[diff] [blame]564 return ret;
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]565}
566
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]567#endif /* MBEDTLS_SELF_TEST */
Paul Bakker5121ce52009-01-03 21:22:43 +0000[diff] [blame]568
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]569#endif /* MBEDTLS_SHA256_C */