1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19 /*
20 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
21 *
22 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
23 */
24
25 #include "common.h"
26
27 #if defined(MBEDTLS_SHA256_C)
28
29 #include "mbedtls/sha256.h"
30 #include "mbedtls/platform_util.h"
31 #include "mbedtls/error.h"
32
33 #include <string.h>
34
35 #if defined(MBEDTLS_SELF_TEST)
36 #if defined(MBEDTLS_PLATFORM_C)
37 #include "mbedtls/platform.h"
38 #else
39 #include <stdio.h>
40 #include <stdlib.h>
41 #define mbedtls_printf printf
42 #define mbedtls_calloc calloc
43 #define mbedtls_free free
44 #endif /* MBEDTLS_PLATFORM_C */
45 #endif /* MBEDTLS_SELF_TEST */
46
47 #define SHA256_VALIDATE_RET(cond) \
48 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
49 #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
50
51 #if !defined(MBEDTLS_SHA256_ALT)
52
53 /*
54 * 32-bit integer manipulation macros (big endian)
55 */
56 #ifndef GET_UINT32_BE
57 #define GET_UINT32_BE(n,b,i) \
58 do { \
59 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
60 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
61 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
62 | ( (uint32_t) (b)[(i) + 3] ); \
63 } while( 0 )
64 #endif
65
66 #ifndef PUT_UINT32_BE
67 #define PUT_UINT32_BE(n,b,i) \
68 do { \
69 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
70 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
71 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
72 (b)[(i) + 3] = (unsigned char) ( (n) ); \
73 } while( 0 )
74 #endif
75
mbedtls_sha256_init(mbedtls_sha256_context * ctx)76 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
77 {
78 SHA256_VALIDATE( ctx != NULL );
79
80 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
81 }
82
mbedtls_sha256_free(mbedtls_sha256_context * ctx)83 void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
84 {
85 if( ctx == NULL )
86 return;
87
88 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
89 }
90
mbedtls_sha256_clone(mbedtls_sha256_context * dst,const mbedtls_sha256_context * src)91 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
92 const mbedtls_sha256_context *src )
93 {
94 SHA256_VALIDATE( dst != NULL );
95 SHA256_VALIDATE( src != NULL );
96
97 *dst = *src;
98 }
99
100 /*
101 * SHA-256 context setup
102 */
mbedtls_sha256_starts_ret(mbedtls_sha256_context * ctx,int is224)103 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
104 {
105 SHA256_VALIDATE_RET( ctx != NULL );
106 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
107
108 ctx->total[0] = 0;
109 ctx->total[1] = 0;
110
111 if( is224 == 0 )
112 {
113 /* SHA-256 */
114 ctx->state[0] = 0x6A09E667;
115 ctx->state[1] = 0xBB67AE85;
116 ctx->state[2] = 0x3C6EF372;
117 ctx->state[3] = 0xA54FF53A;
118 ctx->state[4] = 0x510E527F;
119 ctx->state[5] = 0x9B05688C;
120 ctx->state[6] = 0x1F83D9AB;
121 ctx->state[7] = 0x5BE0CD19;
122 }
123 else
124 {
125 /* SHA-224 */
126 ctx->state[0] = 0xC1059ED8;
127 ctx->state[1] = 0x367CD507;
128 ctx->state[2] = 0x3070DD17;
129 ctx->state[3] = 0xF70E5939;
130 ctx->state[4] = 0xFFC00B31;
131 ctx->state[5] = 0x68581511;
132 ctx->state[6] = 0x64F98FA7;
133 ctx->state[7] = 0xBEFA4FA4;
134 }
135
136 ctx->is224 = is224;
137
138 return( 0 );
139 }
140
141 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_starts(mbedtls_sha256_context * ctx,int is224)142 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
143 int is224 )
144 {
145 mbedtls_sha256_starts_ret( ctx, is224 );
146 }
147 #endif
148
149 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
150 static const uint32_t K[] =
151 {
152 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
153 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
154 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
155 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
156 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
157 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
158 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
159 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
160 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
161 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
162 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
163 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
164 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
165 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
166 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
167 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
168 };
169
170 #define SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
171 #define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
172
173 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
174 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
175
176 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
177 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
178
179 #define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
180 #define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
181
182 #define R(t) \
183 ( \
184 local.W[t] = S1(local.W[(t) - 2]) + local.W[(t) - 7] + \
185 S0(local.W[(t) - 15]) + local.W[(t) - 16] \
186 )
187
188 #define P(a,b,c,d,e,f,g,h,x,K) \
189 do \
190 { \
191 local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x); \
192 local.temp2 = S2(a) + F0((a),(b),(c)); \
193 (d) += local.temp1; (h) = local.temp1 + local.temp2; \
194 } while( 0 )
195
mbedtls_internal_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])196 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
197 const unsigned char data[64] )
198 {
199 struct
200 {
201 uint32_t temp1, temp2, W[64];
202 uint32_t A[8];
203 } local;
204
205 unsigned int i;
206
207 SHA256_VALIDATE_RET( ctx != NULL );
208 SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
209
210 for( i = 0; i < 8; i++ )
211 local.A[i] = ctx->state[i];
212
213 #if defined(MBEDTLS_SHA256_SMALLER)
214 for( i = 0; i < 64; i++ )
215 {
216 if( i < 16 )
217 GET_UINT32_BE( local.W[i], data, 4 * i );
218 else
219 R( i );
220
221 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
222 local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
223
224 local.temp1 = local.A[7]; local.A[7] = local.A[6];
225 local.A[6] = local.A[5]; local.A[5] = local.A[4];
226 local.A[4] = local.A[3]; local.A[3] = local.A[2];
227 local.A[2] = local.A[1]; local.A[1] = local.A[0];
228 local.A[0] = local.temp1;
229 }
230 #else /* MBEDTLS_SHA256_SMALLER */
231 for( i = 0; i < 16; i++ )
232 GET_UINT32_BE( local.W[i], data, 4 * i );
233
234 for( i = 0; i < 16; i += 8 )
235 {
236 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
237 local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
238 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
239 local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
240 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
241 local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
242 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
243 local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
244 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
245 local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
246 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
247 local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
248 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
249 local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
250 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
251 local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
252 }
253
254 for( i = 16; i < 64; i += 8 )
255 {
256 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
257 local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
258 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
259 local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
260 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
261 local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
262 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
263 local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
264 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
265 local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
266 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
267 local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
268 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
269 local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
270 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
271 local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
272 }
273 #endif /* MBEDTLS_SHA256_SMALLER */
274
275 for( i = 0; i < 8; i++ )
276 ctx->state[i] += local.A[i];
277
278 /* Zeroise buffers and variables to clear sensitive data from memory. */
279 mbedtls_platform_zeroize( &local, sizeof( local ) );
280
281 return( 0 );
282 }
283
284 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])285 void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
286 const unsigned char data[64] )
287 {
288 mbedtls_internal_sha256_process( ctx, data );
289 }
290 #endif
291 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */
292
293 /*
294 * SHA-256 process buffer
295 */
mbedtls_sha256_update_ret(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)296 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
297 const unsigned char *input,
298 size_t ilen )
299 {
300 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
301 size_t fill;
302 uint32_t left;
303
304 SHA256_VALIDATE_RET( ctx != NULL );
305 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
306
307 if( ilen == 0 )
308 return( 0 );
309
310 left = ctx->total[0] & 0x3F;
311 fill = 64 - left;
312
313 ctx->total[0] += (uint32_t) ilen;
314 ctx->total[0] &= 0xFFFFFFFF;
315
316 if( ctx->total[0] < (uint32_t) ilen )
317 ctx->total[1]++;
318
319 if( left && ilen >= fill )
320 {
321 memcpy( (void *) (ctx->buffer + left), input, fill );
322
323 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
324 return( ret );
325
326 input += fill;
327 ilen -= fill;
328 left = 0;
329 }
330
331 while( ilen >= 64 )
332 {
333 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
334 return( ret );
335
336 input += 64;
337 ilen -= 64;
338 }
339
340 if( ilen > 0 )
341 memcpy( (void *) (ctx->buffer + left), input, ilen );
342
343 return( 0 );
344 }
345
346 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_update(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)347 void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
348 const unsigned char *input,
349 size_t ilen )
350 {
351 mbedtls_sha256_update_ret( ctx, input, ilen );
352 }
353 #endif
354
355 /*
356 * SHA-256 final digest
357 */
mbedtls_sha256_finish_ret(mbedtls_sha256_context * ctx,unsigned char output[32])358 int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
359 unsigned char output[32] )
360 {
361 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
362 uint32_t used;
363 uint32_t high, low;
364
365 SHA256_VALIDATE_RET( ctx != NULL );
366 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
367
368 /*
369 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
370 */
371 used = ctx->total[0] & 0x3F;
372
373 ctx->buffer[used++] = 0x80;
374
375 if( used <= 56 )
376 {
377 /* Enough room for padding + length in current block */
378 memset( ctx->buffer + used, 0, 56 - used );
379 }
380 else
381 {
382 /* We'll need an extra block */
383 memset( ctx->buffer + used, 0, 64 - used );
384
385 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
386 return( ret );
387
388 memset( ctx->buffer, 0, 56 );
389 }
390
391 /*
392 * Add message length
393 */
394 high = ( ctx->total[0] >> 29 )
395 | ( ctx->total[1] << 3 );
396 low = ( ctx->total[0] << 3 );
397
398 PUT_UINT32_BE( high, ctx->buffer, 56 );
399 PUT_UINT32_BE( low, ctx->buffer, 60 );
400
401 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
402 return( ret );
403
404 /*
405 * Output final state
406 */
407 PUT_UINT32_BE( ctx->state[0], output, 0 );
408 PUT_UINT32_BE( ctx->state[1], output, 4 );
409 PUT_UINT32_BE( ctx->state[2], output, 8 );
410 PUT_UINT32_BE( ctx->state[3], output, 12 );
411 PUT_UINT32_BE( ctx->state[4], output, 16 );
412 PUT_UINT32_BE( ctx->state[5], output, 20 );
413 PUT_UINT32_BE( ctx->state[6], output, 24 );
414
415 if( ctx->is224 == 0 )
416 PUT_UINT32_BE( ctx->state[7], output, 28 );
417
418 return( 0 );
419 }
420
421 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_finish(mbedtls_sha256_context * ctx,unsigned char output[32])422 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
423 unsigned char output[32] )
424 {
425 mbedtls_sha256_finish_ret( ctx, output );
426 }
427 #endif
428
429 #endif /* !MBEDTLS_SHA256_ALT */
430
431 /*
432 * output = SHA-256( input buffer )
433 */
mbedtls_sha256_ret(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)434 int mbedtls_sha256_ret( const unsigned char *input,
435 size_t ilen,
436 unsigned char output[32],
437 int is224 )
438 {
439 int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
440 mbedtls_sha256_context ctx;
441
442 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
443 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
444 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
445
446 mbedtls_sha256_init( &ctx );
447
448 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
449 goto exit;
450
451 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
452 goto exit;
453
454 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
455 goto exit;
456
457 exit:
458 mbedtls_sha256_free( &ctx );
459
460 return( ret );
461 }
462
463 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)464 void mbedtls_sha256( const unsigned char *input,
465 size_t ilen,
466 unsigned char output[32],
467 int is224 )
468 {
469 mbedtls_sha256_ret( input, ilen, output, is224 );
470 }
471 #endif
472
473 #if defined(MBEDTLS_SELF_TEST)
474 /*
475 * FIPS-180-2 test vectors
476 */
477 static const unsigned char sha256_test_buf[3][57] =
478 {
479 { "abc" },
480 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
481 { "" }
482 };
483
484 static const size_t sha256_test_buflen[3] =
485 {
486 3, 56, 1000
487 };
488
489 static const unsigned char sha256_test_sum[6][32] =
490 {
491 /*
492 * SHA-224 test vectors
493 */
494 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
495 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
496 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
497 0xE3, 0x6C, 0x9D, 0xA7 },
498 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
499 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
500 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
501 0x52, 0x52, 0x25, 0x25 },
502 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
503 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
504 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
505 0x4E, 0xE7, 0xAD, 0x67 },
506
507 /*
508 * SHA-256 test vectors
509 */
510 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
511 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
512 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
513 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
514 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
515 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
516 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
517 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
518 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
519 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
520 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
521 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
522 };
523
524 /*
525 * Checkup routine
526 */
mbedtls_sha256_self_test(int verbose)527 int mbedtls_sha256_self_test( int verbose )
528 {
529 int i, j, k, buflen, ret = 0;
530 unsigned char *buf;
531 unsigned char sha256sum[32];
532 mbedtls_sha256_context ctx;
533
534 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
535 if( NULL == buf )
536 {
537 if( verbose != 0 )
538 mbedtls_printf( "Buffer allocation failed\n" );
539
540 return( 1 );
541 }
542
543 mbedtls_sha256_init( &ctx );
544
545 for( i = 0; i < 6; i++ )
546 {
547 j = i % 3;
548 k = i < 3;
549
550 if( verbose != 0 )
551 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
552
553 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
554 goto fail;
555
556 if( j == 2 )
557 {
558 memset( buf, 'a', buflen = 1000 );
559
560 for( j = 0; j < 1000; j++ )
561 {
562 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
563 if( ret != 0 )
564 goto fail;
565 }
566
567 }
568 else
569 {
570 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
571 sha256_test_buflen[j] );
572 if( ret != 0 )
573 goto fail;
574 }
575
576 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
577 goto fail;
578
579
580 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
581 {
582 ret = 1;
583 goto fail;
584 }
585
586 if( verbose != 0 )
587 mbedtls_printf( "passed\n" );
588 }
589
590 if( verbose != 0 )
591 mbedtls_printf( "\n" );
592
593 goto exit;
594
595 fail:
596 if( verbose != 0 )
597 mbedtls_printf( "failed\n" );
598
599 exit:
600 mbedtls_sha256_free( &ctx );
601 mbedtls_free( buf );
602
603 return( ret );
604 }
605
606 #endif /* MBEDTLS_SELF_TEST */
607
608 #endif /* MBEDTLS_SHA256_C */
609