Extract SHA224/256 from bcm Change-Id: I953441ccf99321184a5b664cc446551fa5e295b4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/70947 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: Bob Beck <bbe@google.com>

commit: d9ad235cd8c203db7430c366751f1dddcf450060 [log] [tgz]
author: Bob Beck <bbe@google.com> Thu Sep 05 22:23:52 2024 +0000
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Sep 13 17:08:43 2024 +0000
tree: f7f7fe8c8c26410b78cab3b15398e89fe3f317c5
parent: eae890f1ba6dba5b2d37db9eecfbcb8544f94070 [diff] [blame]
diff --git a/crypto/fipsmodule/ecdh/ecdh.c.inc b/crypto/fipsmodule/ecdh/ecdh.c.inc
index eeb591f..d16c3c1 100644
--- a/crypto/fipsmodule/ecdh/ecdh.c.inc
+++ b/crypto/fipsmodule/ecdh/ecdh.c.inc

@@ -105,12 +105,19 @@
   }
 
   FIPS_service_indicator_lock_state();
+  SHA256_CTX ctx;
   switch (out_len) {
     case SHA224_DIGEST_LENGTH:
-      SHA224(buf, buflen, out);
+      BCM_sha224_init(&ctx);
+      BCM_sha224_update(&ctx, buf, buflen);
+      BCM_sha224_final(out, &ctx);
+      OPENSSL_cleanse(&ctx, sizeof(ctx));
       break;
     case SHA256_DIGEST_LENGTH:
-      SHA256(buf, buflen, out);
+      BCM_sha256_init(&ctx);
+      BCM_sha256_update(&ctx, buf, buflen);
+      BCM_sha256_final(out, &ctx);
+      OPENSSL_cleanse(&ctx, sizeof(ctx));
       break;
     case SHA384_DIGEST_LENGTH:
       SHA384(buf, buflen, out);
commit	d9ad235cd8c203db7430c366751f1dddcf450060	[log] [tgz]
author	Bob Beck <bbe@google.com>	Thu Sep 05 22:23:52 2024 +0000
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Fri Sep 13 17:08:43 2024 +0000
tree	f7f7fe8c8c26410b78cab3b15398e89fe3f317c5
parent	eae890f1ba6dba5b2d37db9eecfbcb8544f94070 [diff] [blame]