diff --git a/components/esp32/hwcrypto/sha.c b/components/esp32/hwcrypto/sha.c index e54ef45a8..584383eb1 100644 --- a/components/esp32/hwcrypto/sha.c +++ b/components/esp32/hwcrypto/sha.c @@ -138,10 +138,10 @@ void esp_sha256_start( SHA256_CTX *ctx, int is224 ) if ( is224 == 0 ) { /* SHA-256 */ - ctx->context_type = SHA256; + ctx->context_type = SHA2_256; } else { - /* SHA-224 */ - ctx->context_type = SHA224; + /* SHA-224 is not supported! */ + ctx->context_type = SHA_INVALID; } } @@ -158,7 +158,13 @@ void esp_sha256_update( SHA256_CTX *ctx, const unsigned char *input, size_t ilen */ void esp_sha256_finish( SHA256_CTX *ctx, unsigned char output[32] ) { - ets_sha_finish(&ctx->context, ctx->context_type, output); + if ( ctx->context_type == SHA2_256 ) { + ets_sha_finish(&ctx->context, ctx->context_type, output); + } else { + /* No hardware SHA-224 support, but mbedTLS API doesn't allow failure. + For now, zero the output to make it clear it's not valid. */ + bzero( output, 28 ); + } esp_sha_release_hardware(); } diff --git a/components/esp32/include/hwcrypto/sha.h b/components/esp32/include/hwcrypto/sha.h index a5de3d402..dbefcef06 100644 --- a/components/esp32/include/hwcrypto/sha.h +++ b/components/esp32/include/hwcrypto/sha.h @@ -109,10 +109,6 @@ void esp_sha1_finish( SHA1_CTX *ctx, unsigned char output[20] ); */ void esp_sha1_output( const unsigned char *input, size_t ilen, unsigned char output[20] ); -/// -#define SHA256 SHA2_256 -#define SHA224 4 /* TODO: check this */ - /** * \brief SHA-256 context structure */ diff --git a/components/esp32/include/rom/sha.h b/components/esp32/include/rom/sha.h index b35faa9a0..8082a394c 100644 --- a/components/esp32/include/rom/sha.h +++ b/components/esp32/include/rom/sha.h @@ -37,7 +37,8 @@ enum SHA_TYPE { SHA1 = 0, SHA2_256, SHA2_384, - SHA2_512 + SHA2_512, + SHA_INVALID = -1, }; void ets_sha_init(SHA_CTX *ctx);