Add int return values to SHA-256 function calls
The following function calls are being deprecated to introduce int
return values.
* mbedtls_sha256()
* mbedtls_sha256_starts()
* mbedtls_sha256_update()
* mbedtls_sha256_finish()
* mbedtls_sha256_process()
The return codes can be used to return error values. This is important
when using hardware accelerators.
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index f8041ad..3667e8c 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -32,6 +32,11 @@
#include <stddef.h>
#include <stdint.h>
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+ !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
#if !defined(MBEDTLS_SHA256_ALT)
// Regular implementation
//
@@ -80,8 +85,10 @@
*
* \param ctx context to be initialized
* \param is224 0 = use SHA256, 1 = use SHA224
+ *
+ * \return 0 if successful
*/
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
+int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 );
/**
* \brief SHA-256 process buffer
@@ -89,20 +96,105 @@
* \param ctx SHA-256 context
* \param input buffer holding the data
* \param ilen length of the input data
+ *
+ * \return 0 if successful
*/
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
- size_t ilen );
+int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen );
/**
* \brief SHA-256 final digest
*
* \param ctx SHA-256 context
* \param output SHA-224/256 checksum result
+ *
+ * \return 0 if successful
*/
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] );
+int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx,
+ unsigned char output[32] );
-/* Internal use */
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] );
+/**
+ * \brief SHA-256 process data block (internal use only)
+ *
+ * \param ctx SHA-256 context
+ * \param data buffer holding one block of data
+ *
+ * \return 0 if successful
+ */
+int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx,
+ const unsigned char data[64] );
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief SHA-256 context setup
+ *
+ * \deprecated Superseded by mbedtls_sha256_starts_ext() in 2.5.0
+ *
+ * \param ctx context to be initialized
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ */
+MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts(
+ mbedtls_sha256_context *ctx,
+ int is224 )
+{
+ mbedtls_sha256_starts_ext( ctx, is224 );
+}
+
+/**
+ * \brief SHA-256 process buffer
+ *
+ * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0
+ *
+ * \param ctx SHA-256 context
+ * \param input buffer holding the data
+ * \param ilen length of the input data
+ */
+MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update(
+ mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen )
+{
+ mbedtls_sha256_update_ext( ctx, input, ilen );
+}
+
+/**
+ * \brief SHA-256 final digest
+ *
+ * \deprecated Superseded by mbedtls_sha256_finish_ext() in 2.5.0
+ *
+ * \param ctx SHA-256 context
+ * \param output SHA-224/256 checksum result
+ */
+MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish(
+ mbedtls_sha256_context *ctx,
+ unsigned char output[32] )
+{
+ mbedtls_sha256_finish_ext( ctx, output );
+}
+
+/**
+ * \brief SHA-256 process data block (internal use only)
+ *
+ * \deprecated Superseded by mbedtls_sha256_process_ext() in 2.5.0
+ *
+ * \param ctx SHA-256 context
+ * \param data buffer holding one block of data
+ */
+MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process(
+ mbedtls_sha256_context *ctx,
+ const unsigned char data[64] )
+{
+ mbedtls_sha256_process_ext( ctx, data );
+}
+
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
@@ -123,9 +215,41 @@
* \param ilen length of the input data
* \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224
+ *
+ * \return 0 if successful
*/
-void mbedtls_sha256( const unsigned char *input, size_t ilen,
- unsigned char output[32], int is224 );
+int mbedtls_sha256_ext( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224 );
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief Output = SHA-256( input buffer )
+ *
+ * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0
+ *
+ * \param input buffer holding the data
+ * \param ilen length of the input data
+ * \param output SHA-224/256 checksum result
+ * \param is224 0 = use SHA256, 1 = use SHA224
+ */
+MBEDTLS_DEPRECATED static inline void mbedtls_sha256(
+ const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224 )
+{
+ mbedtls_sha256_ext( input, ilen, output, is224 );
+}
+
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief Checkup routine
diff --git a/library/sha256.c b/library/sha256.c
index ad25d38..337b8e6 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -100,7 +100,7 @@
/*
* SHA-256 context setup
*/
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
+int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 )
{
ctx->total[0] = 0;
ctx->total[1] = 0;
@@ -131,6 +131,8 @@
}
ctx->is224 = is224;
+
+ return( 0 );
}
#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
@@ -179,7 +181,8 @@
d += temp1; h = temp1 + temp2; \
}
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] )
+int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx,
+ const unsigned char data[64] )
{
uint32_t temp1, temp2, W[64];
uint32_t A[8];
@@ -232,20 +235,24 @@
for( i = 0; i < 8; i++ )
ctx->state[i] += A[i];
+
+ return( 0 );
}
#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
/*
* SHA-256 process buffer
*/
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input,
- size_t ilen )
+int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx,
+ const unsigned char *input,
+ size_t ilen )
{
+ int ret;
size_t fill;
uint32_t left;
if( ilen == 0 )
- return;
+ return( 0 );
left = ctx->total[0] & 0x3F;
fill = 64 - left;
@@ -259,7 +266,10 @@
if( left && ilen >= fill )
{
memcpy( (void *) (ctx->buffer + left), input, fill );
- mbedtls_sha256_process( ctx, ctx->buffer );
+
+ if( ( ret = mbedtls_sha256_process_ext( ctx, ctx->buffer ) ) != 0 )
+ return( ret );
+
input += fill;
ilen -= fill;
left = 0;
@@ -267,13 +277,17 @@
while( ilen >= 64 )
{
- mbedtls_sha256_process( ctx, input );
+ if( ( ret = mbedtls_sha256_process_ext( ctx, input ) ) != 0 )
+ return( ret );
+
input += 64;
ilen -= 64;
}
if( ilen > 0 )
memcpy( (void *) (ctx->buffer + left), input, ilen );
+
+ return( 0 );
}
static const unsigned char sha256_padding[64] =
@@ -287,8 +301,10 @@
/*
* SHA-256 final digest
*/
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] )
+int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx,
+ unsigned char output[32] )
{
+ int ret;
uint32_t last, padn;
uint32_t high, low;
unsigned char msglen[8];
@@ -303,8 +319,11 @@
last = ctx->total[0] & 0x3F;
padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
- mbedtls_sha256_update( ctx, sha256_padding, padn );
- mbedtls_sha256_update( ctx, msglen, 8 );
+ if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 )
+ return( ret );
+
+ if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 )
+ return( ret );
PUT_UINT32_BE( ctx->state[0], output, 0 );
PUT_UINT32_BE( ctx->state[1], output, 4 );
@@ -316,6 +335,8 @@
if( ctx->is224 == 0 )
PUT_UINT32_BE( ctx->state[7], output, 28 );
+
+ return( 0 );
}
#endif /* !MBEDTLS_SHA256_ALT */
@@ -323,16 +344,28 @@
/*
* output = SHA-256( input buffer )
*/
-void mbedtls_sha256( const unsigned char *input, size_t ilen,
- unsigned char output[32], int is224 )
+int mbedtls_sha256_ext( const unsigned char *input,
+ size_t ilen,
+ unsigned char output[32],
+ int is224 )
{
+ int ret;
mbedtls_sha256_context ctx;
mbedtls_sha256_init( &ctx );
- mbedtls_sha256_starts( &ctx, is224 );
- mbedtls_sha256_update( &ctx, input, ilen );
- mbedtls_sha256_finish( &ctx, output );
+
+ if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 )
+ return( ret );
+
+ if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 )
+ return( ret );
+
+ if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 )
+ return( ret );
+
mbedtls_sha256_free( &ctx );
+
+ return( 0 );
}
#if defined(MBEDTLS_SELF_TEST)
@@ -415,29 +448,31 @@
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
- mbedtls_sha256_starts( &ctx, k );
+ if( mbedtls_sha256_starts_ext( &ctx, k ) != 0 )
+ goto fail;
if( j == 2 )
{
memset( buf, 'a', buflen = 1000 );
for( j = 0; j < 1000; j++ )
- mbedtls_sha256_update( &ctx, buf, buflen );
+ if( mbedtls_sha256_update_ext( &ctx, buf, buflen ) != 0 )
+ goto fail;
+
}
else
- mbedtls_sha256_update( &ctx, sha256_test_buf[j],
- sha256_test_buflen[j] );
+ {
+ if( mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j],
+ sha256_test_buflen[j] ) != 0 )
+ goto fail;
+ }
- mbedtls_sha256_finish( &ctx, sha256sum );
+ if( mbedtls_sha256_finish_ext( &ctx, sha256sum ) != 0 )
+ goto fail;
+
if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ goto fail;
if( verbose != 0 )
mbedtls_printf( "passed\n" );
@@ -446,6 +481,14 @@
if( verbose != 0 )
mbedtls_printf( "\n" );
+ goto exit;
+
+fail:
+ if( verbose != 0 )
+ mbedtls_printf( "failed\n" );
+
+ ret = 1;
+
exit:
mbedtls_sha256_free( &ctx );
mbedtls_free( buf );