1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46 /*
47 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
48 *
49 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
50 */
51
52 #if !defined(MBEDTLS_CONFIG_FILE)
53 #include "mbedtls/config.h"
54 #else
55 #include MBEDTLS_CONFIG_FILE
56 #endif
57
58 #if defined(MBEDTLS_SHA256_C)
59
60 #include "mbedtls/sha256.h"
61
62 #include <string.h>
63
64 #if defined(MBEDTLS_SELF_TEST)
65 #if defined(MBEDTLS_PLATFORM_C)
66 #include "mbedtls/platform.h"
67 #else
68 #include <stdio.h>
69 #include <stdlib.h>
70 #define mbedtls_printf printf
71 #define mbedtls_calloc calloc
72 #define mbedtls_free free
73 #endif /* MBEDTLS_PLATFORM_C */
74 #endif /* MBEDTLS_SELF_TEST */
75
76 #if !defined(MBEDTLS_SHA256_ALT)
77
78 /* Implementation that should never be optimized out by the compiler */
mbedtls_zeroize(void * v,size_t n)79 static void mbedtls_zeroize( void *v, size_t n ) {
80 volatile unsigned char *p = v; while( n-- ) *p++ = 0;
81 }
82
83 /*
84 * 32-bit integer manipulation macros (big endian)
85 */
86 #ifndef GET_UINT32_BE
87 #define GET_UINT32_BE(n,b,i) \
88 do { \
89 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
90 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
91 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
92 | ( (uint32_t) (b)[(i) + 3] ); \
93 } while( 0 )
94 #endif
95
96 #ifndef PUT_UINT32_BE
97 #define PUT_UINT32_BE(n,b,i) \
98 do { \
99 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
100 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
101 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
102 (b)[(i) + 3] = (unsigned char) ( (n) ); \
103 } while( 0 )
104 #endif
105
mbedtls_sha256_init(mbedtls_sha256_context * ctx)106 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
107 {
108 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
109 }
110
mbedtls_sha256_free(mbedtls_sha256_context * ctx)111 void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
112 {
113 if( ctx == NULL )
114 return;
115
116 mbedtls_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
117 }
118
mbedtls_sha256_clone(mbedtls_sha256_context * dst,const mbedtls_sha256_context * src)119 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
120 const mbedtls_sha256_context *src )
121 {
122 *dst = *src;
123 }
124
125 /*
126 * SHA-256 context setup
127 */
mbedtls_sha256_starts_ret(mbedtls_sha256_context * ctx,int is224)128 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
129 {
130 ctx->total[0] = 0;
131 ctx->total[1] = 0;
132
133 if( is224 == 0 )
134 {
135 /* SHA-256 */
136 ctx->state[0] = 0x6A09E667;
137 ctx->state[1] = 0xBB67AE85;
138 ctx->state[2] = 0x3C6EF372;
139 ctx->state[3] = 0xA54FF53A;
140 ctx->state[4] = 0x510E527F;
141 ctx->state[5] = 0x9B05688C;
142 ctx->state[6] = 0x1F83D9AB;
143 ctx->state[7] = 0x5BE0CD19;
144 }
145 else
146 {
147 /* SHA-224 */
148 ctx->state[0] = 0xC1059ED8;
149 ctx->state[1] = 0x367CD507;
150 ctx->state[2] = 0x3070DD17;
151 ctx->state[3] = 0xF70E5939;
152 ctx->state[4] = 0xFFC00B31;
153 ctx->state[5] = 0x68581511;
154 ctx->state[6] = 0x64F98FA7;
155 ctx->state[7] = 0xBEFA4FA4;
156 }
157
158 ctx->is224 = is224;
159
160 return( 0 );
161 }
162
163 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_starts(mbedtls_sha256_context * ctx,int is224)164 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
165 int is224 )
166 {
167 mbedtls_sha256_starts_ret( ctx, is224 );
168 }
169 #endif
170
171 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
172 static const uint32_t K[] =
173 {
174 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
175 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
176 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
177 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
178 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
179 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
180 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
181 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
182 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
183 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
184 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
185 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
186 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
187 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
188 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
189 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
190 };
191
192 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
193 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
194
195 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
196 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
197
198 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
199 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
200
201 #define F0(x,y,z) ((x & y) | (z & (x | y)))
202 #define F1(x,y,z) (z ^ (x & (y ^ z)))
203
204 #define R(t) \
205 ( \
206 local.W[t] = S1(local.W[t - 2]) + local.W[t - 7] + \
207 S0(local.W[t - 15]) + local.W[t - 16] \
208 )
209
210 #define P(a,b,c,d,e,f,g,h,x,K) \
211 { \
212 local.temp1 = h + S3(e) + F1(e,f,g) + K + x; \
213 local.temp2 = S2(a) + F0(a,b,c); \
214 d += local.temp1; h = local.temp1 + local.temp2; \
215 }
216
mbedtls_internal_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])217 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
218 const unsigned char data[64] )
219 {
220 struct
221 {
222 uint32_t temp1, temp2, W[64];
223 uint32_t A[8];
224 } local;
225
226 unsigned int i;
227
228 for( i = 0; i < 8; i++ )
229 local.A[i] = ctx->state[i];
230
231 #if defined(MBEDTLS_SHA256_SMALLER)
232 for( i = 0; i < 64; i++ )
233 {
234 if( i < 16 )
235 GET_UINT32_BE( local.W[i], data, 4 * i );
236 else
237 R( i );
238
239 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
240 local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
241
242 local.temp1 = local.A[7]; local.A[7] = local.A[6];
243 local.A[6] = local.A[5]; local.A[5] = local.A[4];
244 local.A[4] = local.A[3]; local.A[3] = local.A[2];
245 local.A[2] = local.A[1]; local.A[1] = local.A[0];
246 local.A[0] = local.temp1;
247 }
248 #else /* MBEDTLS_SHA256_SMALLER */
249 for( i = 0; i < 16; i++ )
250 GET_UINT32_BE( local.W[i], data, 4 * i );
251
252 for( i = 0; i < 16; i += 8 )
253 {
254 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
255 local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
256 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
257 local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
258 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
259 local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
260 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
261 local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
262 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
263 local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
264 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
265 local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
266 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
267 local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
268 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
269 local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
270 }
271
272 for( i = 16; i < 64; i += 8 )
273 {
274 P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
275 local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
276 P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
277 local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
278 P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
279 local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
280 P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
281 local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
282 P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
283 local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
284 P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
285 local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
286 P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
287 local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
288 P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
289 local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
290 }
291 #endif /* MBEDTLS_SHA256_SMALLER */
292
293 for( i = 0; i < 8; i++ )
294 ctx->state[i] += local.A[i];
295
296 /* Zeroise buffers and variables to clear sensitive data from memory. */
297 mbedtls_zeroize( &local, sizeof( local ) );
298
299 return( 0 );
300 }
301
302 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])303 void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
304 const unsigned char data[64] )
305 {
306 mbedtls_internal_sha256_process( ctx, data );
307 }
308 #endif
309 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */
310
311 /*
312 * SHA-256 process buffer
313 */
mbedtls_sha256_update_ret(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)314 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
315 const unsigned char *input,
316 size_t ilen )
317 {
318 int ret;
319 size_t fill;
320 uint32_t left;
321
322 if( ilen == 0 )
323 return( 0 );
324
325 left = ctx->total[0] & 0x3F;
326 fill = 64 - left;
327
328 ctx->total[0] += (uint32_t) ilen;
329 ctx->total[0] &= 0xFFFFFFFF;
330
331 if( ctx->total[0] < (uint32_t) ilen )
332 ctx->total[1]++;
333
334 if( left && ilen >= fill )
335 {
336 memcpy( (void *) (ctx->buffer + left), input, fill );
337
338 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
339 return( ret );
340
341 input += fill;
342 ilen -= fill;
343 left = 0;
344 }
345
346 while( ilen >= 64 )
347 {
348 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
349 return( ret );
350
351 input += 64;
352 ilen -= 64;
353 }
354
355 if( ilen > 0 )
356 memcpy( (void *) (ctx->buffer + left), input, ilen );
357
358 return( 0 );
359 }
360
361 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_update(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)362 void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
363 const unsigned char *input,
364 size_t ilen )
365 {
366 mbedtls_sha256_update_ret( ctx, input, ilen );
367 }
368 #endif
369
370 /*
371 * SHA-256 final digest
372 */
mbedtls_sha256_finish_ret(mbedtls_sha256_context * ctx,unsigned char output[32])373 int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
374 unsigned char output[32] )
375 {
376 int ret;
377 uint32_t used;
378 uint32_t high, low;
379
380 /*
381 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
382 */
383 used = ctx->total[0] & 0x3F;
384
385 ctx->buffer[used++] = 0x80;
386
387 if( used <= 56 )
388 {
389 /* Enough room for padding + length in current block */
390 memset( ctx->buffer + used, 0, 56 - used );
391 }
392 else
393 {
394 /* We'll need an extra block */
395 memset( ctx->buffer + used, 0, 64 - used );
396
397 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
398 return( ret );
399
400 memset( ctx->buffer, 0, 56 );
401 }
402
403 /*
404 * Add message length
405 */
406 high = ( ctx->total[0] >> 29 )
407 | ( ctx->total[1] << 3 );
408 low = ( ctx->total[0] << 3 );
409
410 PUT_UINT32_BE( high, ctx->buffer, 56 );
411 PUT_UINT32_BE( low, ctx->buffer, 60 );
412
413 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
414 return( ret );
415
416 /*
417 * Output final state
418 */
419 PUT_UINT32_BE( ctx->state[0], output, 0 );
420 PUT_UINT32_BE( ctx->state[1], output, 4 );
421 PUT_UINT32_BE( ctx->state[2], output, 8 );
422 PUT_UINT32_BE( ctx->state[3], output, 12 );
423 PUT_UINT32_BE( ctx->state[4], output, 16 );
424 PUT_UINT32_BE( ctx->state[5], output, 20 );
425 PUT_UINT32_BE( ctx->state[6], output, 24 );
426
427 if( ctx->is224 == 0 )
428 PUT_UINT32_BE( ctx->state[7], output, 28 );
429
430 return( 0 );
431 }
432
433 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_finish(mbedtls_sha256_context * ctx,unsigned char output[32])434 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
435 unsigned char output[32] )
436 {
437 mbedtls_sha256_finish_ret( ctx, output );
438 }
439 #endif
440
441 #endif /* !MBEDTLS_SHA256_ALT */
442
443 /*
444 * output = SHA-256( input buffer )
445 */
mbedtls_sha256_ret(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)446 int mbedtls_sha256_ret( const unsigned char *input,
447 size_t ilen,
448 unsigned char output[32],
449 int is224 )
450 {
451 int ret;
452 mbedtls_sha256_context ctx;
453
454 mbedtls_sha256_init( &ctx );
455
456 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
457 goto exit;
458
459 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
460 goto exit;
461
462 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
463 goto exit;
464
465 exit:
466 mbedtls_sha256_free( &ctx );
467
468 return( ret );
469 }
470
471 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)472 void mbedtls_sha256( const unsigned char *input,
473 size_t ilen,
474 unsigned char output[32],
475 int is224 )
476 {
477 mbedtls_sha256_ret( input, ilen, output, is224 );
478 }
479 #endif
480
481 #if defined(MBEDTLS_SELF_TEST)
482 /*
483 * FIPS-180-2 test vectors
484 */
485 static const unsigned char sha256_test_buf[3][57] =
486 {
487 { "abc" },
488 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
489 { "" }
490 };
491
492 static const size_t sha256_test_buflen[3] =
493 {
494 3, 56, 1000
495 };
496
497 static const unsigned char sha256_test_sum[6][32] =
498 {
499 /*
500 * SHA-224 test vectors
501 */
502 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
503 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
504 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
505 0xE3, 0x6C, 0x9D, 0xA7 },
506 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
507 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
508 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
509 0x52, 0x52, 0x25, 0x25 },
510 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
511 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
512 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
513 0x4E, 0xE7, 0xAD, 0x67 },
514
515 /*
516 * SHA-256 test vectors
517 */
518 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
519 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
520 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
521 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
522 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
523 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
524 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
525 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
526 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
527 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
528 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
529 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
530 };
531
532 /*
533 * Checkup routine
534 */
mbedtls_sha256_self_test(int verbose)535 int mbedtls_sha256_self_test( int verbose )
536 {
537 int i, j, k, buflen, ret = 0;
538 unsigned char *buf;
539 unsigned char sha256sum[32];
540 mbedtls_sha256_context ctx;
541
542 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
543 if( NULL == buf )
544 {
545 if( verbose != 0 )
546 mbedtls_printf( "Buffer allocation failed\n" );
547
548 return( 1 );
549 }
550
551 mbedtls_sha256_init( &ctx );
552
553 for( i = 0; i < 6; i++ )
554 {
555 j = i % 3;
556 k = i < 3;
557
558 if( verbose != 0 )
559 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
560
561 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
562 goto fail;
563
564 if( j == 2 )
565 {
566 memset( buf, 'a', buflen = 1000 );
567
568 for( j = 0; j < 1000; j++ )
569 {
570 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
571 if( ret != 0 )
572 goto fail;
573 }
574
575 }
576 else
577 {
578 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
579 sha256_test_buflen[j] );
580 if( ret != 0 )
581 goto fail;
582 }
583
584 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
585 goto fail;
586
587
588 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
589 {
590 ret = 1;
591 goto fail;
592 }
593
594 if( verbose != 0 )
595 mbedtls_printf( "passed\n" );
596 }
597
598 if( verbose != 0 )
599 mbedtls_printf( "\n" );
600
601 goto exit;
602
603 fail:
604 if( verbose != 0 )
605 mbedtls_printf( "failed\n" );
606
607 exit:
608 mbedtls_sha256_free( &ctx );
609 mbedtls_free( buf );
610
611 return( ret );
612 }
613
614 #endif /* MBEDTLS_SELF_TEST */
615
616 #endif /* MBEDTLS_SHA256_C */
617