WOLF_CRYPTO_CB_ONLY_SHA256: strip software SHA-256 and dispatch via swdev

Add WOLF_CRYPTO_CB_ONLY_SHA256: when set, the SHA-256 software.
wc_Sha256FinalRaw is reduced to a stub returning NO_VALID_DEVID, and
sha256.h force-defines WOLFSSL_NO_HASH_RAW so the constant-time TLS HMAC
path falls back to its backend-opaque variant.

Incompatible with
WOLFSSL_SHA224, which aliases the SHA-256 statics; #error guard added.

Add wc_swdev support for SHA-256 for testing.
This commit is contained in:
rizlik
2026-04-29 15:02:47 +00:00
parent 65b49b2fb5
commit 61bfff1dac
8 changed files with 224 additions and 6 deletions
+7
View File
@@ -28,6 +28,13 @@ jobs:
# software path via cryptocb.
- name: RSA
cppflags: -DWOLF_CRYPTO_CB_ONLY_RSA
# WOLF_CRYPTO_CB_ONLY_SHA256: strips software SHA-256; swdev provides
# the software path via cryptocb. SHA-224 piggybacks on the SHA-256
# software core so it is incompatible with this strip and must be
# explicitly disabled (it is default-on on x86_64/aarch64).
- name: SHA256
extra_config: --disable-sha224
cppflags: -DWOLF_CRYPTO_CB_ONLY_SHA256
name: make check (${{ matrix.name }})
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04