[...]
On Tue, 3 Sept 2024 at 18:28, Raymond Mao <raymond....@linaro.org> wrote
>> > +void sha256_starts(sha256_context *ctx)
>> > +{
>> > + mbedtls_sha256_init(ctx);
>> > + mbedtls_sha256_starts(ctx, 0);
>> > +}
>> > +
>> > +void
>> > +sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length)
>> > +{
>> > + mbedtls_sha256_update(ctx, input, length);
>> > +}
>> > +
>> > +void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN])
>> > +{
>> > + mbedtls_sha256_finish(ctx, digest);
>> > + mbedtls_sha256_free(ctx);
>>
>> Patch #7 treats this differently and looks at the mbedtls_sha256_finish()
>> result (for all hashing algos). I think this one is correct and the other
>> one needs fixing
>>
> The difference is just due to different API prototypes to be ported - one
> returns void while
> the other returns int. According to this difference I decided to check the
> result of
> mbedtls_sha256_finish() or not.
You have to call free regardless of the result of the finish function
though. So patch #7 might leak some contents
/Ilias
>
> [snip]
>
> Regards,
> Raymond
