1 /*
2 * FIPS-180-2 compliant SHA-256 implementation
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21 /*
22 * The SHA-256 Secure Hash Standard was published by NIST in 2002.
23 *
24 * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
25 */
26
27 #if !defined(MBEDTLS_CONFIG_FILE)
28 #include "mbedtls/config.h"
29 #else
30 #include MBEDTLS_CONFIG_FILE
31 #endif
32
33 #if defined(MBEDTLS_SHA256_C)
34
35 #include "mbedtls/sha256.h"
36 #include "mbedtls/platform_util.h"
37
38 #include <string.h>
39
40 #if defined(MBEDTLS_SELF_TEST)
41 #if defined(MBEDTLS_PLATFORM_C)
42 #include "mbedtls/platform.h"
43 #else
44 #include <stdio.h>
45 #include <stdlib.h>
46 #define mbedtls_printf printf
47 #define mbedtls_calloc calloc
48 #define mbedtls_free free
49 #endif /* MBEDTLS_PLATFORM_C */
50 #endif /* MBEDTLS_SELF_TEST */
51
52 #define SHA256_VALIDATE_RET(cond) \
53 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
54 #define SHA256_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond )
55
56 #if !defined(MBEDTLS_SHA256_ALT)
57
58 /*
59 * 32-bit integer manipulation macros (big endian)
60 */
61 #ifndef GET_UINT32_BE
62 #define GET_UINT32_BE(n,b,i) \
63 do { \
64 (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
65 | ( (uint32_t) (b)[(i) + 1] << 16 ) \
66 | ( (uint32_t) (b)[(i) + 2] << 8 ) \
67 | ( (uint32_t) (b)[(i) + 3] ); \
68 } while( 0 )
69 #endif
70
71 #ifndef PUT_UINT32_BE
72 #define PUT_UINT32_BE(n,b,i) \
73 do { \
74 (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
75 (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
76 (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
77 (b)[(i) + 3] = (unsigned char) ( (n) ); \
78 } while( 0 )
79 #endif
80
mbedtls_sha256_init(mbedtls_sha256_context * ctx)81 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
82 {
83 SHA256_VALIDATE( ctx != NULL );
84
85 memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
86 }
87
mbedtls_sha256_free(mbedtls_sha256_context * ctx)88 void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
89 {
90 if( ctx == NULL )
91 return;
92
93 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
94 }
95
mbedtls_sha256_clone(mbedtls_sha256_context * dst,const mbedtls_sha256_context * src)96 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
97 const mbedtls_sha256_context *src )
98 {
99 SHA256_VALIDATE( dst != NULL );
100 SHA256_VALIDATE( src != NULL );
101
102 *dst = *src;
103 }
104
105 /*
106 * SHA-256 context setup
107 */
mbedtls_sha256_starts_ret(mbedtls_sha256_context * ctx,int is224)108 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
109 {
110 SHA256_VALIDATE_RET( ctx != NULL );
111 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
112
113 ctx->total[0] = 0;
114 ctx->total[1] = 0;
115
116 if( is224 == 0 )
117 {
118 /* SHA-256 */
119 ctx->state[0] = 0x6A09E667;
120 ctx->state[1] = 0xBB67AE85;
121 ctx->state[2] = 0x3C6EF372;
122 ctx->state[3] = 0xA54FF53A;
123 ctx->state[4] = 0x510E527F;
124 ctx->state[5] = 0x9B05688C;
125 ctx->state[6] = 0x1F83D9AB;
126 ctx->state[7] = 0x5BE0CD19;
127 }
128 else
129 {
130 /* SHA-224 */
131 ctx->state[0] = 0xC1059ED8;
132 ctx->state[1] = 0x367CD507;
133 ctx->state[2] = 0x3070DD17;
134 ctx->state[3] = 0xF70E5939;
135 ctx->state[4] = 0xFFC00B31;
136 ctx->state[5] = 0x68581511;
137 ctx->state[6] = 0x64F98FA7;
138 ctx->state[7] = 0xBEFA4FA4;
139 }
140
141 ctx->is224 = is224;
142
143 return( 0 );
144 }
145
146 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_starts(mbedtls_sha256_context * ctx,int is224)147 void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
148 int is224 )
149 {
150 mbedtls_sha256_starts_ret( ctx, is224 );
151 }
152 #endif
153
154 #if !defined(MBEDTLS_SHA256_PROCESS_ALT)
155 static const uint32_t K[] =
156 {
157 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
158 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
159 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
160 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
161 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
162 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
163 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
164 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
165 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
166 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
167 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
168 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
169 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
170 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
171 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
172 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
173 };
174
175 #define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
176 #define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
177
178 #define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
179 #define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
180
181 #define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
182 #define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
183
184 #define F0(x,y,z) ((x & y) | (z & (x | y)))
185 #define F1(x,y,z) (z ^ (x & (y ^ z)))
186
187 #define R(t) \
188 ( \
189 W[t] = S1(W[t - 2]) + W[t - 7] + \
190 S0(W[t - 15]) + W[t - 16] \
191 )
192
193 #define P(a,b,c,d,e,f,g,h,x,K) \
194 { \
195 temp1 = h + S3(e) + F1(e,f,g) + K + x; \
196 temp2 = S2(a) + F0(a,b,c); \
197 d += temp1; h = temp1 + temp2; \
198 }
199
mbedtls_internal_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])200 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
201 const unsigned char data[64] )
202 {
203 uint32_t temp1, temp2, W[64];
204 uint32_t A[8];
205 unsigned int i;
206
207 SHA256_VALIDATE_RET( ctx != NULL );
208 SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
209
210 for( i = 0; i < 8; i++ )
211 A[i] = ctx->state[i];
212
213 #if defined(MBEDTLS_SHA256_SMALLER)
214 for( i = 0; i < 64; i++ )
215 {
216 if( i < 16 )
217 GET_UINT32_BE( W[i], data, 4 * i );
218 else
219 R( i );
220
221 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] );
222
223 temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3];
224 A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1;
225 }
226 #else /* MBEDTLS_SHA256_SMALLER */
227 for( i = 0; i < 16; i++ )
228 GET_UINT32_BE( W[i], data, 4 * i );
229
230 for( i = 0; i < 16; i += 8 )
231 {
232 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i+0], K[i+0] );
233 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], W[i+1], K[i+1] );
234 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], W[i+2], K[i+2] );
235 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], W[i+3], K[i+3] );
236 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], W[i+4], K[i+4] );
237 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], W[i+5], K[i+5] );
238 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], W[i+6], K[i+6] );
239 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], W[i+7], K[i+7] );
240 }
241
242 for( i = 16; i < 64; i += 8 )
243 {
244 P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], R(i+0), K[i+0] );
245 P( A[7], A[0], A[1], A[2], A[3], A[4], A[5], A[6], R(i+1), K[i+1] );
246 P( A[6], A[7], A[0], A[1], A[2], A[3], A[4], A[5], R(i+2), K[i+2] );
247 P( A[5], A[6], A[7], A[0], A[1], A[2], A[3], A[4], R(i+3), K[i+3] );
248 P( A[4], A[5], A[6], A[7], A[0], A[1], A[2], A[3], R(i+4), K[i+4] );
249 P( A[3], A[4], A[5], A[6], A[7], A[0], A[1], A[2], R(i+5), K[i+5] );
250 P( A[2], A[3], A[4], A[5], A[6], A[7], A[0], A[1], R(i+6), K[i+6] );
251 P( A[1], A[2], A[3], A[4], A[5], A[6], A[7], A[0], R(i+7), K[i+7] );
252 }
253 #endif /* MBEDTLS_SHA256_SMALLER */
254
255 for( i = 0; i < 8; i++ )
256 ctx->state[i] += A[i];
257
258 return( 0 );
259 }
260
261 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_process(mbedtls_sha256_context * ctx,const unsigned char data[64])262 void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
263 const unsigned char data[64] )
264 {
265 mbedtls_internal_sha256_process( ctx, data );
266 }
267 #endif
268 #endif /* !MBEDTLS_SHA256_PROCESS_ALT */
269
270 /*
271 * SHA-256 process buffer
272 */
mbedtls_sha256_update_ret(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)273 int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
274 const unsigned char *input,
275 size_t ilen )
276 {
277 int ret;
278 size_t fill;
279 uint32_t left;
280
281 SHA256_VALIDATE_RET( ctx != NULL );
282 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
283
284 if( ilen == 0 )
285 return( 0 );
286
287 left = ctx->total[0] & 0x3F;
288 fill = 64 - left;
289
290 ctx->total[0] += (uint32_t) ilen;
291 ctx->total[0] &= 0xFFFFFFFF;
292
293 if( ctx->total[0] < (uint32_t) ilen )
294 ctx->total[1]++;
295
296 if( left && ilen >= fill )
297 {
298 memcpy( (void *) (ctx->buffer + left), input, fill );
299
300 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
301 return( ret );
302
303 input += fill;
304 ilen -= fill;
305 left = 0;
306 }
307
308 while( ilen >= 64 )
309 {
310 if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
311 return( ret );
312
313 input += 64;
314 ilen -= 64;
315 }
316
317 if( ilen > 0 )
318 memcpy( (void *) (ctx->buffer + left), input, ilen );
319
320 return( 0 );
321 }
322
323 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_update(mbedtls_sha256_context * ctx,const unsigned char * input,size_t ilen)324 void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
325 const unsigned char *input,
326 size_t ilen )
327 {
328 mbedtls_sha256_update_ret( ctx, input, ilen );
329 }
330 #endif
331
332 /*
333 * SHA-256 final digest
334 */
mbedtls_sha256_finish_ret(mbedtls_sha256_context * ctx,unsigned char output[32])335 int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
336 unsigned char output[32] )
337 {
338 int ret;
339 uint32_t used;
340 uint32_t high, low;
341
342 SHA256_VALIDATE_RET( ctx != NULL );
343 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
344
345 /*
346 * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
347 */
348 used = ctx->total[0] & 0x3F;
349
350 ctx->buffer[used++] = 0x80;
351
352 if( used <= 56 )
353 {
354 /* Enough room for padding + length in current block */
355 memset( ctx->buffer + used, 0, 56 - used );
356 }
357 else
358 {
359 /* We'll need an extra block */
360 memset( ctx->buffer + used, 0, 64 - used );
361
362 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
363 return( ret );
364
365 memset( ctx->buffer, 0, 56 );
366 }
367
368 /*
369 * Add message length
370 */
371 high = ( ctx->total[0] >> 29 )
372 | ( ctx->total[1] << 3 );
373 low = ( ctx->total[0] << 3 );
374
375 PUT_UINT32_BE( high, ctx->buffer, 56 );
376 PUT_UINT32_BE( low, ctx->buffer, 60 );
377
378 if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
379 return( ret );
380
381 /*
382 * Output final state
383 */
384 PUT_UINT32_BE( ctx->state[0], output, 0 );
385 PUT_UINT32_BE( ctx->state[1], output, 4 );
386 PUT_UINT32_BE( ctx->state[2], output, 8 );
387 PUT_UINT32_BE( ctx->state[3], output, 12 );
388 PUT_UINT32_BE( ctx->state[4], output, 16 );
389 PUT_UINT32_BE( ctx->state[5], output, 20 );
390 PUT_UINT32_BE( ctx->state[6], output, 24 );
391
392 if( ctx->is224 == 0 )
393 PUT_UINT32_BE( ctx->state[7], output, 28 );
394
395 return( 0 );
396 }
397
398 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256_finish(mbedtls_sha256_context * ctx,unsigned char output[32])399 void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
400 unsigned char output[32] )
401 {
402 mbedtls_sha256_finish_ret( ctx, output );
403 }
404 #endif
405
406 #endif /* !MBEDTLS_SHA256_ALT */
407
408 /*
409 * output = SHA-256( input buffer )
410 */
mbedtls_sha256_ret(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)411 int mbedtls_sha256_ret( const unsigned char *input,
412 size_t ilen,
413 unsigned char output[32],
414 int is224 )
415 {
416 int ret;
417 mbedtls_sha256_context ctx;
418
419 SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
420 SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
421 SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
422
423 mbedtls_sha256_init( &ctx );
424
425 if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
426 goto exit;
427
428 if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
429 goto exit;
430
431 if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
432 goto exit;
433
434 exit:
435 mbedtls_sha256_free( &ctx );
436
437 return( ret );
438 }
439
440 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
mbedtls_sha256(const unsigned char * input,size_t ilen,unsigned char output[32],int is224)441 void mbedtls_sha256( const unsigned char *input,
442 size_t ilen,
443 unsigned char output[32],
444 int is224 )
445 {
446 mbedtls_sha256_ret( input, ilen, output, is224 );
447 }
448 #endif
449
450 #if defined(MBEDTLS_SELF_TEST)
451 /*
452 * FIPS-180-2 test vectors
453 */
454 static const unsigned char sha256_test_buf[3][57] =
455 {
456 { "abc" },
457 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
458 { "" }
459 };
460
461 static const size_t sha256_test_buflen[3] =
462 {
463 3, 56, 1000
464 };
465
466 static const unsigned char sha256_test_sum[6][32] =
467 {
468 /*
469 * SHA-224 test vectors
470 */
471 { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
472 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
473 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
474 0xE3, 0x6C, 0x9D, 0xA7 },
475 { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
476 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
477 0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
478 0x52, 0x52, 0x25, 0x25 },
479 { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
480 0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
481 0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
482 0x4E, 0xE7, 0xAD, 0x67 },
483
484 /*
485 * SHA-256 test vectors
486 */
487 { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
488 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
489 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
490 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
491 { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
492 0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
493 0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
494 0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
495 { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
496 0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
497 0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
498 0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
499 };
500
501 /*
502 * Checkup routine
503 */
mbedtls_sha256_self_test(int verbose)504 int mbedtls_sha256_self_test( int verbose )
505 {
506 int i, j, k, buflen, ret = 0;
507 unsigned char *buf;
508 unsigned char sha256sum[32];
509 mbedtls_sha256_context ctx;
510
511 buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
512 if( NULL == buf )
513 {
514 if( verbose != 0 )
515 mbedtls_printf( "Buffer allocation failed\n" );
516
517 return( 1 );
518 }
519
520 mbedtls_sha256_init( &ctx );
521
522 for( i = 0; i < 6; i++ )
523 {
524 j = i % 3;
525 k = i < 3;
526
527 if( verbose != 0 )
528 mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
529
530 if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
531 goto fail;
532
533 if( j == 2 )
534 {
535 memset( buf, 'a', buflen = 1000 );
536
537 for( j = 0; j < 1000; j++ )
538 {
539 ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
540 if( ret != 0 )
541 goto fail;
542 }
543
544 }
545 else
546 {
547 ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
548 sha256_test_buflen[j] );
549 if( ret != 0 )
550 goto fail;
551 }
552
553 if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
554 goto fail;
555
556
557 if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
558 {
559 ret = 1;
560 goto fail;
561 }
562
563 if( verbose != 0 )
564 mbedtls_printf( "passed\n" );
565 }
566
567 if( verbose != 0 )
568 mbedtls_printf( "\n" );
569
570 goto exit;
571
572 fail:
573 if( verbose != 0 )
574 mbedtls_printf( "failed\n" );
575
576 exit:
577 mbedtls_sha256_free( &ctx );
578 mbedtls_free( buf );
579
580 return( ret );
581 }
582
583 #endif /* MBEDTLS_SELF_TEST */
584
585 #endif /* MBEDTLS_SHA256_C */
586