From 31817ebb2aaf82e892769b4a6be98138e7034635 Mon Sep 17 00:00:00 2001
From: Vishal Pankaj Chandratreya <19171016+tfpf@users.noreply.github.com>
Date: Sun, 1 Oct 2023 11:36:11 +0530
Subject: [PATCH] Used OpenSSL correctly. (#12)

---
 CMakeLists.txt | 7 +++++++
 doc/README.md  | 6 ++++--
 lib/sha256.c   | 9 +++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ab3380b..4adeae0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -13,6 +13,13 @@ add_library(hdrbg SHARED ${sources})
 target_include_directories(hdrbg PRIVATE include)
 configure_file(hdrbg.pc.in hdrbg.pc @ONLY)
 
+find_package(OpenSSL 3.0.0)
+if(OPENSSL_FOUND)
+    target_compile_definitions(hdrbg PRIVATE TFPF_HASH_DRBG_OPENSSL_FOUND=1)
+    target_include_directories(hdrbg PRIVATE ${OPENSSL_INCLUDE_DIR})
+    target_link_libraries(hdrbg PRIVATE ${OPENSSL_CRYPTO_LIBRARIES})
+endif()
+
 set_target_properties(hdrbg PROPERTIES
     PUBLIC_HEADER include/hdrbg.h
     SOVERSION 1
diff --git a/doc/README.md b/doc/README.md
index 1a618e4..6167bef 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -7,7 +7,11 @@
 | Additional Input       | No       |
 | Personalisation String | No       |
 
+* In C, a byte need not be 8 bits wide. However, this implementation uses the term 'byte' to refer to an 8-bit number.
+  Hence, fixed-width integer types are used liberally.
 * SHA-256 has been implemented from scratch, because I wanted this package to have no dependencies.
+  * However, if OpenSSL development libraries are found, its SHA-256 implementation is used if the C compiler provides
+    8-bit bytes.
 * `/dev/urandom` is read to obtain entropy for seeding and reseeding.
   * It is assumed to always provide sufficient entropy.
 * Nonces are generated by appending a monotonically increasing sequence number to the timestamp.
@@ -17,8 +21,6 @@
     which load the library at the same time will also generate the same nonce, because the sequence number is
     initialised to 0.) Which shouldn't be a problem, because their entropy inputs will be different with high
     probability.
-* In C, a byte need not be 8 bits wide. However, this implementation uses the term 'byte' to refer to an 8-bit number.
-  Hence, fixed-width integer types are used liberally.
 * The `hd` argument of any function (where applicable) denotes the HDRBG object to use.
   * If it is `NULL`, the internal HDRBG object is used.
   * For instance, `hdrbg_rand(NULL)` and `hdrbg_rand(foo)` are both valid invocations of `hdrbg_rand`—the former
diff --git a/lib/sha256.c b/lib/sha256.c
index 9920093..fa423bb 100644
--- a/lib/sha256.c
+++ b/lib/sha256.c
@@ -1,10 +1,15 @@
 #include <inttypes.h>
+#include <limits.h>
 #include <stddef.h>
 #include <string.h>
 
 #include "extras.h"
 #include "sha.h"
 
+#ifdef TFPF_HASH_DRBG_OPENSSL_FOUND
+#include <openssl/sha.h>
+#endif
+
 #define ROTR32(x, n) ((x) >> (n) | (x) << (32 - (n)))
 
 // Hash initialiser.
@@ -46,6 +51,10 @@ sha256_bytes[32];
 uint8_t *
 sha256(uint8_t const *m_bytes_, size_t m_length_, uint8_t *h_bytes)
 {
+#if defined TFPF_HASH_DRBG_OPENSSL_FOUND && CHAR_BIT == 8
+    return SHA256(m_bytes_, m_length_, h_bytes);
+#endif
+
     // Initialise the hash.
     uint32_t h_words[8];
     memcpy(h_words, sha256_init, sizeof sha256_init);