From 208028b1437807f84a16b87ca72fc4386cfb001e Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 2 Apr 2026 13:00:01 +0900 Subject: [PATCH 1/3] fix f-1483 sha1 prefix substring matching --- src/hash/clu_hash.c | 3 ++- src/hash/clu_hash_setup.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/hash/clu_hash.c b/src/hash/clu_hash.c index 019436d3..fc28ec4f 100644 --- a/src/hash/clu_hash.c +++ b/src/hash/clu_hash.c @@ -121,7 +121,8 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg, } #endif #ifndef NO_SHA - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0 + && XSTRLEN(alg) == 3) { ret = wc_ShaHash(input, inputSz, output); } #endif diff --git a/src/hash/clu_hash_setup.c b/src/hash/clu_hash_setup.c index 2a950bad..8616a975 100644 --- a/src/hash/clu_hash_setup.c +++ b/src/hash/clu_hash_setup.c @@ -81,7 +81,7 @@ int wolfCLU_hashSetup(int argc, char** argv) for (i = 0; i < (int)algsSz; ++i) { /* checks for acceptable algorithms */ - if (XSTRNCMP(argv[2], algs[i], XSTRLEN(algs[i])) == 0) { + if (XSTRCMP(argv[2], algs[i]) == 0) { alg = argv[2]; algCheck = 1; } @@ -140,7 +140,7 @@ int wolfCLU_hashSetup(int argc, char** argv) #endif #ifndef NO_SHA - if (XSTRNCMP(alg, "sha", 3) == 0) + if ((XSTRNCMP(alg, "sha", 3) == 0) && (XSTRLEN(alg) == 3)) size = WC_SHA_DIGEST_SIZE; #endif From 3466141bb92046b5262680d21df7978dcae4222b Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Thu, 9 Apr 2026 10:18:37 +0900 Subject: [PATCH 2/3] Addressed Copilot review comments --- src/hash/clu_hash.c | 3 +-- src/hash/clu_hash_setup.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/hash/clu_hash.c b/src/hash/clu_hash.c index fc28ec4f..3c288de4 100644 --- a/src/hash/clu_hash.c +++ b/src/hash/clu_hash.c @@ -121,8 +121,7 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg, } #endif #ifndef NO_SHA - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0 - && XSTRLEN(alg) == 3) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "sha") == 0) { ret = wc_ShaHash(input, inputSz, output); } #endif diff --git a/src/hash/clu_hash_setup.c b/src/hash/clu_hash_setup.c index 8616a975..e001a6dd 100644 --- a/src/hash/clu_hash_setup.c +++ b/src/hash/clu_hash_setup.c @@ -140,7 +140,7 @@ int wolfCLU_hashSetup(int argc, char** argv) #endif #ifndef NO_SHA - if ((XSTRNCMP(alg, "sha", 3) == 0) && (XSTRLEN(alg) == 3)) + if (XSTRCMP(alg, "sha") == 0) size = WC_SHA_DIGEST_SIZE; #endif From 77d78677040ff5286133481c729f1f3281b9eac4 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 17 Apr 2026 11:51:55 +0900 Subject: [PATCH 3/3] Addressed review comments --- src/hash/clu_hash.c | 14 +++++++------- src/hash/clu_hash_setup.c | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/hash/clu_hash.c b/src/hash/clu_hash.c index 3c288de4..0bc80ed7 100644 --- a/src/hash/clu_hash.c +++ b/src/hash/clu_hash.c @@ -101,22 +101,22 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg, /* hashes using accepted algorithm */ #ifndef NO_MD5 - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "md5", 3) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "md5") == 0) { ret = wc_Md5Hash(input, inputSz, output); } #endif #ifndef NO_SHA256 - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha256", 6) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "sha256") == 0) { ret = wc_Sha256Hash(input, inputSz, output); } #endif #ifdef WOLFSSL_SHA384 - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha384", 6) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "sha384") == 0) { ret = wc_Sha384Hash(input, inputSz, output); } #endif #ifdef WOLFSSL_SHA512 - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha512", 6) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "sha512") == 0) { ret = wc_Sha512Hash(input, inputSz, output); } #endif @@ -126,7 +126,7 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg, } #endif #ifdef HAVE_BLAKE2 - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "blake2b", 7) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "blake2b") == 0) { ret = wc_InitBlake2b(&hash, size); if (ret != 0) return ret; ret = wc_Blake2bUpdate(&hash, input, inputSz); @@ -138,11 +138,11 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg, #ifndef NO_CODING #ifdef WOLFSSL_BASE64_ENCODE - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "base64enc", 9) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "base64enc") == 0) { ret = Base64_Encode(input, inputSz, output, (word32*)&size); } #endif /* WOLFSSL_BASE64_ENCODE */ - if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "base64dec", 9) == 0) { + if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "base64dec") == 0) { ret = Base64_Decode(input, inputSz, output, (word32*)&size); } #endif /* !NO_CODING */ diff --git a/src/hash/clu_hash_setup.c b/src/hash/clu_hash_setup.c index e001a6dd..dcb00f11 100644 --- a/src/hash/clu_hash_setup.c +++ b/src/hash/clu_hash_setup.c @@ -135,7 +135,7 @@ int wolfCLU_hashSetup(int argc, char** argv) /* sets default size of algorithm */ #ifndef NO_MD5 - if (XSTRNCMP(alg, "md5", 3) == 0) + if (XSTRCMP(alg, "md5") == 0) size = WC_MD5_DIGEST_SIZE; #endif @@ -145,17 +145,17 @@ int wolfCLU_hashSetup(int argc, char** argv) #endif #ifndef NO_SHA256 - if (XSTRNCMP(alg, "sha256", 6) == 0) + if (XSTRCMP(alg, "sha256") == 0) size = WC_SHA256_DIGEST_SIZE; #endif #ifdef WOLFSSL_SHA384 - if (XSTRNCMP(alg, "sha384", 6) == 0) + if (XSTRCMP(alg, "sha384") == 0) size = WC_SHA384_DIGEST_SIZE; #endif #ifdef WOLFSSL_SHA512 - if (XSTRNCMP(alg, "sha512", 6) == 0) + if (XSTRCMP(alg, "sha512") == 0) size = WC_SHA512_DIGEST_SIZE; #endif