Separate SHA224 from SHA256 config options.

These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>

library/md.c

@@ -97,14 +97,16 @@ const mbedtls_md_info_t mbedtls_sha1_info = {
 };
 #endif
 
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
 const mbedtls_md_info_t mbedtls_sha224_info = {
     "SHA224",
     MBEDTLS_MD_SHA224,
     28,
     64,
 };
+#endif
 
+#if defined(MBEDTLS_SHA256_C)
 const mbedtls_md_info_t mbedtls_sha256_info = {
     "SHA256",
     MBEDTLS_MD_SHA256,
@@ -146,6 +148,8 @@ static const int supported_digests[] = {
 
 #if defined(MBEDTLS_SHA256_C)
         MBEDTLS_MD_SHA256,
+#endif
+#if defined(MBEDTLS_SHA224_C)
         MBEDTLS_MD_SHA224,
 #endif
 
@@ -203,9 +207,11 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
     if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
         return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
     if( !strcmp( "SHA224", md_name ) )
         return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
     if( !strcmp( "SHA256", md_name ) )
         return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
 #endif
@@ -244,9 +250,11 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
         case MBEDTLS_MD_SHA1:
             return( &mbedtls_sha1_info );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
             return( &mbedtls_sha224_info );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             return( &mbedtls_sha256_info );
 #endif
@@ -302,8 +310,12 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
                 mbedtls_sha1_free( ctx->md_ctx );
                 break;
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
             case MBEDTLS_MD_SHA224:
+                mbedtls_sha256_free( ctx->md_ctx );
+                break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
             case MBEDTLS_MD_SHA256:
                 mbedtls_sha256_free( ctx->md_ctx );
                 break;
@@ -372,8 +384,12 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
             mbedtls_sha1_clone( dst->md_ctx, src->md_ctx );
             break;
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
+            mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
+            break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
             break;
@@ -440,8 +456,12 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
             ALLOC( sha1 );
             break;
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
+            ALLOC( sha256 );
+            break;
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             ALLOC( sha256 );
             break;
@@ -501,9 +521,11 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx )
         case MBEDTLS_MD_SHA1:
             return( mbedtls_sha1_starts_ret( ctx->md_ctx ) );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
             return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
 #endif
@@ -547,8 +569,11 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
         case MBEDTLS_MD_SHA1:
             return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
+            return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
 #endif
@@ -592,8 +617,11 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
         case MBEDTLS_MD_SHA1:
             return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
+            return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
 #endif
@@ -638,9 +666,11 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si
         case MBEDTLS_MD_SHA1:
             return( mbedtls_sha1_ret( input, ilen, output ) );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
             return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
 #endif
@@ -848,8 +878,11 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
         case MBEDTLS_MD_SHA1:
             return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
+            return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
 #endif

library/md_wrap.h

@@ -72,8 +72,10 @@ extern const mbedtls_md_info_t mbedtls_ripemd160_info;
 #if defined(MBEDTLS_SHA1_C)
 extern const mbedtls_md_info_t mbedtls_sha1_info;
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
 extern const mbedtls_md_info_t mbedtls_sha224_info;
+#endif
+#if defined(MBEDTLS_SHA256_C)
 extern const mbedtls_md_info_t mbedtls_sha256_info;
 #endif
 #if defined(MBEDTLS_SHA384_C)

library/oid.c

@@ -345,11 +345,13 @@ static const oid_sig_alg_t oid_sig_alg[] =
         MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
     },
 #endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
     {
         { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ),     "sha224WithRSAEncryption",  "RSA with SHA-224" },
         MBEDTLS_MD_SHA224,   MBEDTLS_PK_RSA,
     },
+#endif
+#if defined(MBEDTLS_SHA256_C)
     {
         { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ),     "sha256WithRSAEncryption",  "RSA with SHA-256" },
         MBEDTLS_MD_SHA256,   MBEDTLS_PK_RSA,
@@ -379,11 +381,13 @@ static const oid_sig_alg_t oid_sig_alg[] =
         MBEDTLS_MD_SHA1,     MBEDTLS_PK_ECDSA,
     },
 #endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
     {
         { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ),     "ecdsa-with-SHA224",    "ECDSA with SHA224" },
         MBEDTLS_MD_SHA224,   MBEDTLS_PK_ECDSA,
     },
+#endif
+#if defined(MBEDTLS_SHA256_C)
     {
         { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ),     "ecdsa-with-SHA256",    "ECDSA with SHA256" },
         MBEDTLS_MD_SHA256,   MBEDTLS_PK_ECDSA,
@@ -602,11 +606,13 @@ static const oid_md_alg_t oid_md_alg[] =
         MBEDTLS_MD_SHA1,
     },
 #endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
     {
         { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ),    "id-sha224",    "SHA-224" },
         MBEDTLS_MD_SHA224,
     },
+#endif
+#if defined(MBEDTLS_SHA256_C)
     {
         { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ),    "id-sha256",    "SHA-256" },
         MBEDTLS_MD_SHA256,
@@ -654,11 +660,13 @@ static const oid_md_hmac_t oid_md_hmac[] =
         MBEDTLS_MD_SHA1,
     },
 #endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
     {
         { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ),    "hmacSHA224",    "HMAC-SHA-224" },
         MBEDTLS_MD_SHA224,
     },
+#endif
+#if defined(MBEDTLS_SHA256_C)
     {
         { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ),    "hmacSHA256",    "HMAC-SHA-256" },
         MBEDTLS_MD_SHA256,

library/psa_crypto_hash.c

@@ -96,7 +96,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
         case PSA_ALG_SHA_1:
             return( &mbedtls_sha1_info );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case PSA_ALG_SHA_224:
             return( &mbedtls_sha224_info );
 #endif

library/sha256.c

@@ -105,6 +105,12 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
     SHA256_VALIDATE_RET( ctx != NULL );
     SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
 
+#if defined(MBEDTLS_SHA224_C)
+    SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+#else
+    SHA256_VALIDATE_RET( is224 == 0 );
+#endif
+
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
@@ -122,6 +128,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
     }
     else
     {
+#if defined(MBEDTLS_SHA224_C)
         /* SHA-224 */
         ctx->state[0] = 0xC1059ED8;
         ctx->state[1] = 0x367CD507;
@@ -131,6 +138,7 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
         ctx->state[5] = 0x68581511;
         ctx->state[6] = 0x64F98FA7;
         ctx->state[7] = 0xBEFA4FA4;
+#endif
     }
 
     ctx->is224 = is224;
@@ -388,7 +396,9 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
     PUT_UINT32_BE( ctx->state[5], output, 20 );
     PUT_UINT32_BE( ctx->state[6], output, 24 );
 
+#if defined(MBEDTLS_SHA224_C)
     if( ctx->is224 == 0 )
+#endif
         PUT_UINT32_BE( ctx->state[7], output, 28 );
 
     return( 0 );
@@ -407,7 +417,12 @@ int mbedtls_sha256_ret( const unsigned char *input,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha256_context ctx;
 
+#if defined(MBEDTLS_SHA224_C)
     SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
+#else
+    SHA256_VALIDATE_RET( is224 == 0 );
+#endif
+
     SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
     SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
 

library/ssl_cookie.c

@@ -44,7 +44,7 @@
  * available. Try SHA-256 first, 512 wastes resources since we need to stay
  * with max 32 bytes of cookie for DTLS 1.0
  */
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
 #define COOKIE_MD           MBEDTLS_MD_SHA224
 #define COOKIE_MD_OUTLEN    32
 #define COOKIE_HMAC_LEN     28

library/ssl_tls.c

@@ -6468,6 +6468,8 @@ static int ssl_preset_default_hashes[] = {
 #endif
 #if defined(MBEDTLS_SHA256_C)
     MBEDTLS_MD_SHA256,
+#endif
+#if defined(MBEDTLS_SHA224_C)
     MBEDTLS_MD_SHA224,
 #endif
 #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
@@ -6815,9 +6817,11 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash )
         case MBEDTLS_SSL_HASH_SHA1:
             return( MBEDTLS_MD_SHA1 );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_SSL_HASH_SHA224:
             return( MBEDTLS_MD_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_SSL_HASH_SHA256:
             return( MBEDTLS_MD_SHA256 );
 #endif
@@ -6849,9 +6853,11 @@ unsigned char mbedtls_ssl_hash_from_md_alg( int md )
         case MBEDTLS_MD_SHA1:
             return( MBEDTLS_SSL_HASH_SHA1 );
 #endif
-#if defined(MBEDTLS_SHA256_C)
+#if defined(MBEDTLS_SHA224_C)
         case MBEDTLS_MD_SHA224:
             return( MBEDTLS_SSL_HASH_SHA224 );
+#endif
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             return( MBEDTLS_SSL_HASH_SHA256 );
 #endif

library/version_features.c

@@ -759,6 +759,9 @@ static const char * const features[] = {
 #if defined(MBEDTLS_SHA256_C)
     "MBEDTLS_SHA256_C",
 #endif /* MBEDTLS_SHA256_C */
+#if defined(MBEDTLS_SHA224_C)
+    "MBEDTLS_SHA224_C",
+#endif /* MBEDTLS_SHA224_C */
 #if defined(MBEDTLS_SHA512_C)
     "MBEDTLS_SHA512_C",
 #endif /* MBEDTLS_SHA512_C */