Fix zephyr mbedtls

tannewt · tannewt · commit eaac3464b270 · 2026-03-23T14:38:25.000-07:00
diff --git a/shared-module/hashlib/Hash.c b/shared-module/hashlib/Hash.c
@@ -7,6 +7,10 @@
 #include "shared-bindings/hashlib/Hash.h"
 #include "shared-module/hashlib/__init__.h"
 
+#include "mbedtls/version.h"
+
+#if MBEDTLS_VERSION_MAJOR >= 4
+
 #include "psa/crypto.h"
 
 void common_hal_hashlib_hash_update(hashlib_hash_obj_t *self, const uint8_t *data, size_t datalen) {
@@ -27,3 +31,47 @@ void common_hal_hashlib_hash_digest(hashlib_hash_obj_t *self, uint8_t *data, siz
 size_t common_hal_hashlib_hash_get_digest_size(hashlib_hash_obj_t *self) {
     return PSA_HASH_LENGTH(self->hash_alg);
 }
+
+#else
+
+#include "mbedtls/ssl.h"
+
+void common_hal_hashlib_hash_update(hashlib_hash_obj_t *self, const uint8_t *data, size_t datalen) {
+    if (self->hash_type == MBEDTLS_SSL_HASH_SHA1) {
+        mbedtls_sha1_update_ret(&self->sha1, data, datalen);
+        return;
+    } else if (self->hash_type == MBEDTLS_SSL_HASH_SHA256) {
+        mbedtls_sha256_update_ret(&self->sha256, data, datalen);
+        return;
+    }
+}
+
+void common_hal_hashlib_hash_digest(hashlib_hash_obj_t *self, uint8_t *data, size_t datalen) {
+    if (datalen < common_hal_hashlib_hash_get_digest_size(self)) {
+        return;
+    }
+    if (self->hash_type == MBEDTLS_SSL_HASH_SHA1) {
+        // We copy the sha1 state so we can continue to update if needed or get
+        // the digest a second time.
+        mbedtls_sha1_context copy;
+        mbedtls_sha1_clone(&copy, &self->sha1);
+        mbedtls_sha1_finish_ret(&self->sha1, data);
+        mbedtls_sha1_clone(&self->sha1, &copy);
+    } else if (self->hash_type == MBEDTLS_SSL_HASH_SHA256) {
+        mbedtls_sha256_context copy;
+        mbedtls_sha256_clone(&copy, &self->sha256);
+        mbedtls_sha256_finish_ret(&self->sha256, data);
+        mbedtls_sha256_clone(&self->sha256, &copy);
+    }
+}
+
+size_t common_hal_hashlib_hash_get_digest_size(hashlib_hash_obj_t *self) {
+    if (self->hash_type == MBEDTLS_SSL_HASH_SHA1) {
+        return 20;
+    } else if (self->hash_type == MBEDTLS_SSL_HASH_SHA256) {
+        return 32;
+    }
+    return 0;
+}
+
+#endif
diff --git a/shared-module/hashlib/Hash.h b/shared-module/hashlib/Hash.h
@@ -6,10 +6,31 @@
 
 #pragma once
 
+#include "mbedtls/version.h"
+
+#if MBEDTLS_VERSION_MAJOR >= 4
+
 #include "psa/crypto.h"
 
 typedef struct {
     mp_obj_base_t base;
     psa_hash_operation_t hash_op;
     psa_algorithm_t hash_alg;
 } hashlib_hash_obj_t;
+
+#else
+
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+
+typedef struct {
+    mp_obj_base_t base;
+    union {
+        mbedtls_sha1_context sha1;
+        mbedtls_sha256_context sha256;
+    };
+    // Of MBEDTLS_SSL_HASH_*
+    uint8_t hash_type;
+} hashlib_hash_obj_t;
+
+#endif
diff --git a/shared-module/hashlib/__init__.c b/shared-module/hashlib/__init__.c
@@ -7,6 +7,10 @@
 #include "shared-bindings/hashlib/__init__.h"
 #include "shared-module/hashlib/__init__.h"
 
+#include "mbedtls/version.h"
+
+#if MBEDTLS_VERSION_MAJOR >= 4
+
 #include "psa/crypto.h"
 
 bool common_hal_hashlib_new(hashlib_hash_obj_t *self, const char *algorithm) {
@@ -21,3 +25,24 @@ bool common_hal_hashlib_new(hashlib_hash_obj_t *self, const char *algorithm) {
     psa_hash_setup(&self->hash_op, self->hash_alg);
     return true;
 }
+
+#else
+
+#include "mbedtls/ssl.h"
+
+bool common_hal_hashlib_new(hashlib_hash_obj_t *self, const char *algorithm) {
+    if (strcmp(algorithm, "sha1") == 0) {
+        self->hash_type = MBEDTLS_SSL_HASH_SHA1;
+        mbedtls_sha1_init(&self->sha1);
+        mbedtls_sha1_starts_ret(&self->sha1);
+        return true;
+    } else if (strcmp(algorithm, "sha256") == 0) {
+        self->hash_type = MBEDTLS_SSL_HASH_SHA256;
+        mbedtls_sha256_init(&self->sha256);
+        mbedtls_sha256_starts_ret(&self->sha256, 0);
+        return true;
+    }
+    return false;
+}
+
+#endif
