From de713618dcb59fac78515eef87e81f15396f891d Mon Sep 17 00:00:00 2001
From: Hideki Miyazaki <hide@wolfssl.com>
Date: Thu, 2 Apr 2026 13:00:01 +0900
Subject: [PATCH 1/2] fix f-1483 sha1 prefix substring matching

---
 src/hash/clu_hash.c       | 3 ++-
 src/hash/clu_hash_setup.c | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/hash/clu_hash.c b/src/hash/clu_hash.c
index 019436d3..fc28ec4f 100644
--- a/src/hash/clu_hash.c
+++ b/src/hash/clu_hash.c
@@ -121,7 +121,8 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg,
     }
 #endif
 #ifndef NO_SHA
-    if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0) {
+    if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0
+            && XSTRLEN(alg) == 3) {
         ret = wc_ShaHash(input, inputSz, output);
     }
 #endif
diff --git a/src/hash/clu_hash_setup.c b/src/hash/clu_hash_setup.c
index 86d904ae..3e3454dc 100644
--- a/src/hash/clu_hash_setup.c
+++ b/src/hash/clu_hash_setup.c
@@ -81,7 +81,7 @@ int wolfCLU_hashSetup(int argc, char** argv)
 
     for (i = 0; i < (int)algsSz; ++i) {
         /* checks for acceptable algorithms */
-        if (XSTRNCMP(argv[2], algs[i], XSTRLEN(algs[i])) == 0) {
+        if (XSTRCMP(argv[2], algs[i]) == 0) {
             alg = argv[2];
             algCheck = 1;
         }
@@ -140,7 +140,7 @@ int wolfCLU_hashSetup(int argc, char** argv)
 #endif
 
 #ifndef NO_SHA
-    if (XSTRNCMP(alg, "sha", 3) == 0)
+    if ((XSTRNCMP(alg, "sha", 3) == 0) && (XSTRLEN(alg) == 3))
         size = WC_SHA_DIGEST_SIZE;
 #endif
 

From e1ea92c4f9136a9f24c033226108b6075845ae9c Mon Sep 17 00:00:00 2001
From: Hideki Miyazaki <hide@wolfssl.com>
Date: Thu, 9 Apr 2026 10:18:37 +0900
Subject: [PATCH 2/2] Addressed Copilot review comments

---
 src/hash/clu_hash.c       | 3 +--
 src/hash/clu_hash_setup.c | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/hash/clu_hash.c b/src/hash/clu_hash.c
index fc28ec4f..3c288de4 100644
--- a/src/hash/clu_hash.c
+++ b/src/hash/clu_hash.c
@@ -121,8 +121,7 @@ int wolfCLU_hash(WOLFSSL_BIO* bioIn, WOLFSSL_BIO* bioOut, const char* alg,
     }
 #endif
 #ifndef NO_SHA
-    if (ret == WOLFCLU_SUCCESS && XSTRNCMP(alg, "sha", 3) == 0
-            && XSTRLEN(alg) == 3) {
+    if (ret == WOLFCLU_SUCCESS && XSTRCMP(alg, "sha") == 0) {
         ret = wc_ShaHash(input, inputSz, output);
     }
 #endif
diff --git a/src/hash/clu_hash_setup.c b/src/hash/clu_hash_setup.c
index 3e3454dc..e2653cfc 100644
--- a/src/hash/clu_hash_setup.c
+++ b/src/hash/clu_hash_setup.c
@@ -140,7 +140,7 @@ int wolfCLU_hashSetup(int argc, char** argv)
 #endif
 
 #ifndef NO_SHA
-    if ((XSTRNCMP(alg, "sha", 3) == 0) && (XSTRLEN(alg) == 3))
+    if (XSTRCMP(alg, "sha") == 0)
         size = WC_SHA_DIGEST_SIZE;
 #endif