add support for WOLF_CRYPTO_CB_ONLY_SHA512#10550
Draft
rizlik wants to merge 2 commits into
Draft
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new “crypto-callback-only” build mode for the SHA-512 family (WOLF_CRYPTO_CB_ONLY_SHA512) and extends the crypto-callback dispatcher to support SHA-384 via a SHA-512-only device callback (by using SHA-512 core + truncation fallback behavior).
Changes:
- Introduces
WOLF_CRYPTO_CB_ONLY_SHA512settings/header gating to strip SHA-512-family software paths and disable raw/transform APIs accordingly. - Implements a CB-only SHA-512-family backend in
sha512.cthat dispatches public SHA-512/SHA-384/SHA-512/224/SHA-512/256 APIs throughwc_CryptoCb_*Hash. - Updates
wc_CryptoCb_Sha384Hash()to fall back to a SHA-512 callback (and truncate) when a SHA-384 callback is unavailable; adds CI coverage + an API test for this fallback path.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
wolfssl/wolfcrypt/sha512.h |
Disables raw/transform entry points when CB-only SHA-512 is enabled. |
wolfssl/wolfcrypt/settings.h |
Adds config validation for WOLF_CRYPTO_CB_ONLY_SHA512 (requires CB; incompatible with FIPS). |
wolfcrypt/test/test.c |
Extends CB-only test callback routing logic for SHA-384/SHA-512. |
wolfcrypt/src/sha512.c |
Adds a new CB-only SHA-512-family backend implementation. |
wolfcrypt/src/cryptocb.c |
Adds SHA-384 → SHA-512 fallback (with truncation) in the crypto callback dispatcher. |
tests/swdev/user_settings.h |
Ensures swdev build undefines WOLF_CRYPTO_CB_ONLY_SHA512 so swdev retains software hashing. |
tests/swdev/swdev.c |
Adds SHA-512-family handling in swdev callback to support CB-only test matrices. |
tests/api/test_sha512.h |
Registers new SHA-384 fallback test. |
tests/api/test_sha512.c |
Adds a unit test to validate SHA-384 fallback-to-SHA-512 behavior and state restoration. |
tests/api.c |
Excludes CB-only SHA-512 configs from certain crypto-callback API tests (like other ONLY_* modes). |
.github/workflows/cryptocb-only.yml |
Adds CI matrix entries for CB-only SHA-512 and a “general-only” variant to exercise fallback. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| int wc_InitSha512_224(wc_Sha512* sha512) | ||
| { | ||
| return wc_InitSha512_224_ex(sha512, NULL, INVALID_DEVID); |
Comment on lines
+3179
to
+3180
| { | ||
| return wc_InitSha512_256_ex(sha512, NULL, INVALID_DEVID); |
Comment on lines
+2922
to
+2945
| static int Sha512_CbReset(wc_Sha512* sha512, const word64* initDigest, | ||
| int hashType) | ||
| { | ||
| int i; | ||
|
|
||
| if (sha512 == NULL) | ||
| return BAD_FUNC_ARG; | ||
|
|
||
| for (i = 0; i < 8; i++) | ||
| sha512->digest[i] = initDigest[i]; | ||
|
|
||
| sha512->buffLen = 0; | ||
| XMEMSET(sha512->buffer, 0, sizeof(sha512->buffer)); | ||
| sha512->loLen = 0; | ||
| sha512->hiLen = 0; | ||
| #ifdef WOLFSSL_HASH_FLAGS | ||
| sha512->flags = 0; | ||
| #endif | ||
| #if defined(WOLFSSL_SHA512_HASHTYPE) | ||
| sha512->hashType = hashType; | ||
| #else | ||
| (void)hashType; | ||
| #endif | ||
| return 0; |
| void wc_Sha512Free(wc_Sha512* sha512) | ||
| { | ||
| if (sha512 == NULL) | ||
| return; |
| void wc_Sha384Free(wc_Sha384* sha384) | ||
| { | ||
| if (sha384 == NULL) | ||
| return; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description