From 8a0c0587827aae052084579ebe18b9b956b98072 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Fri, 28 Jun 2019 10:21:40 +1000
Subject: [PATCH 1/2] Support to TLS for RSA SHA-224 signatures

---
 src/internal.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index ea1b2e816..c5054f4f2 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1946,6 +1946,11 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
     #ifndef NO_SHA256
         AddSuiteHashSigAlgo(suites, sha256_mac, rsa_sa_algo, keySz, &idx);
     #endif
+#ifdef OPENSSL_ALL
+    #ifdef WOLFSSL_SHA224
+        AddSuiteHashSigAlgo(suites, sha224_mac, rsa_sa_algo, keySz, &idx);
+    #endif
+#endif
     #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
                                             defined(WOLFSSL_ALLOW_TLS_SHA1))
         AddSuiteHashSigAlgo(suites, sha_mac, rsa_sa_algo, keySz, &idx);
@@ -2913,6 +2918,12 @@ static enum wc_HashType HashAlgoToType(int hashAlgo)
         case sha256_mac:
             return WC_HASH_TYPE_SHA256;
     #endif
+#ifdef OPENSSL_ALL
+    #ifdef WOLFSSL_SHA224
+        case sha224_mac:
+            return WC_HASH_TYPE_SHA224;
+    #endif
+#endif
     #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
                              defined(WOLFSSL_ALLOW_TLS_SHA1))
         case sha_mac:
@@ -3117,6 +3128,12 @@ static int TypeHash(int hashAlgo)
         case sha256_mac:
             return SHA256h;
     #endif
+#ifdef OPENSSL_ALL
+    #ifdef WOLFSSL_SHA224
+        case sha224_mac:
+            return SHA224h;
+    #endif
+#endif
     #ifndef NO_SHA
         case sha_mac:
             return SHAh;
@@ -16818,6 +16835,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
             /* pick highest available between both server and client */
             switch (hashAlgo) {
                 case sha_mac:
+        #ifdef OPENSSL_ALL
+            #ifdef WOLFSSL_SHA224
+                case sha224_mac:
+            #endif
+        #endif
             #ifndef NO_SHA256
                 case sha256_mac:
             #endif

From 28aa99c3e33488bbd584d102e4f08e9ee9cc8c97 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Tue, 2 Jul 2019 08:27:04 +1000
Subject: [PATCH 2/2] Always have support for SHA-224 signatures when SHA-224
 built-in

---
 src/internal.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index c5054f4f2..97ad6d9aa 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1946,11 +1946,9 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
     #ifndef NO_SHA256
         AddSuiteHashSigAlgo(suites, sha256_mac, rsa_sa_algo, keySz, &idx);
     #endif
-#ifdef OPENSSL_ALL
     #ifdef WOLFSSL_SHA224
         AddSuiteHashSigAlgo(suites, sha224_mac, rsa_sa_algo, keySz, &idx);
     #endif
-#endif
     #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
                                             defined(WOLFSSL_ALLOW_TLS_SHA1))
         AddSuiteHashSigAlgo(suites, sha_mac, rsa_sa_algo, keySz, &idx);
@@ -2918,12 +2916,10 @@ static enum wc_HashType HashAlgoToType(int hashAlgo)
         case sha256_mac:
             return WC_HASH_TYPE_SHA256;
     #endif
-#ifdef OPENSSL_ALL
     #ifdef WOLFSSL_SHA224
         case sha224_mac:
             return WC_HASH_TYPE_SHA224;
     #endif
-#endif
     #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
                              defined(WOLFSSL_ALLOW_TLS_SHA1))
         case sha_mac:
@@ -3128,12 +3124,10 @@ static int TypeHash(int hashAlgo)
         case sha256_mac:
             return SHA256h;
     #endif
-#ifdef OPENSSL_ALL
     #ifdef WOLFSSL_SHA224
         case sha224_mac:
             return SHA224h;
     #endif
-#endif
     #ifndef NO_SHA
         case sha_mac:
             return SHAh;
@@ -16835,11 +16829,9 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
             /* pick highest available between both server and client */
             switch (hashAlgo) {
                 case sha_mac:
-        #ifdef OPENSSL_ALL
             #ifdef WOLFSSL_SHA224
                 case sha224_mac:
             #endif
-        #endif
             #ifndef NO_SHA256
                 case sha256_mac:
             #endif