[Crypto] replacing OpenSSL-specific flag by new public API (project-c…

…hip#36608)

This is a follow_up to project-chip#36386 based on a post-merge comment,
- an OpenSSL-specific mInitialized flag was added to HASH_SHA256 to check if digest computation was initialised, which isn't used for other Crypto Backends
- Fix: replace by a Public API `IsInitialized`, with its implementation for OpenSSL/BoringSSL

src/crypto/CHIPCryptoPAL.h

@@ -900,6 +900,13 @@ class Hash_SHA256_stream
      */
     CHIP_ERROR Begin();
 
+    /**
+     * @brief check if the digest computation has been initialized.
+     *
+     * @return True if the context is correctly initialized; otherwise, false.
+     */
+    bool IsInitialized();
+
     /**
      * @brief Add some data to the digest computation, updating internal state.
      *
@@ -942,9 +949,6 @@ class Hash_SHA256_stream
 
 private:
     HashSHA256OpaqueContext mContext;
-#if CHIP_CRYPTO_BORINGSSL || CHIP_CRYPTO_OPENSSL
-    bool mInitialized = false;
-#endif
 };
 
 class HKDF_sha

src/crypto/CHIPCryptoPALOpenSSL.cpp

@@ -449,7 +449,7 @@ static inline EVP_MD_CTX * to_inner_hash_evp_md_ctx(HashSHA256OpaqueContext * co
     return *SafePointerCast<EVP_MD_CTX **>(context);
 }
 
-Hash_SHA256_stream::Hash_SHA256_stream() : mInitialized(false)
+Hash_SHA256_stream::Hash_SHA256_stream()
 {
     set_inner_hash_evp_md_ctx(&mContext, nullptr);
 }
@@ -470,14 +470,27 @@ CHIP_ERROR Hash_SHA256_stream::Begin()
     const int result = EVP_DigestInit_ex(mdctx, _digestForType(DigestType::SHA256), nullptr);
 
     VerifyOrReturnError(result == 1, CHIP_ERROR_INTERNAL);
-    mInitialized = true;
 
     return CHIP_NO_ERROR;
 }
 
+bool Hash_SHA256_stream::IsInitialized()
+{
+    EVP_MD_CTX * mdctx = to_inner_hash_evp_md_ctx(&mContext);
+    VerifyOrReturnValue(mdctx != nullptr, false);
+
+// Verify that the EVP_MD_CTX is initialized to SHA256 (ensures that EVP_DigestInit_ex was called)
+#if CHIP_CRYPTO_BORINGSSL
+    return EVP_MD_CTX_md(mdctx) == _digestForType(DigestType::SHA256);
+#else
+    // EVP_MD_CTX_md() was Deprecated in OPENSSL 3.0; However, BoringSSL does not support EVP_MD_CTX_get0_md() yet
+    return EVP_MD_CTX_get0_md(mdctx) == _digestForType(DigestType::SHA256);
+#endif
+}
+
 CHIP_ERROR Hash_SHA256_stream::AddData(const ByteSpan data)
 {
-    VerifyOrReturnError(mInitialized, CHIP_ERROR_UNINITIALIZED);
+    VerifyOrReturnError(IsInitialized(), CHIP_ERROR_UNINITIALIZED, Clear());
 
     EVP_MD_CTX * mdctx = to_inner_hash_evp_md_ctx(&mContext);
     VerifyOrReturnError(mdctx != nullptr, CHIP_ERROR_INTERNAL);
@@ -492,7 +505,7 @@ CHIP_ERROR Hash_SHA256_stream::AddData(const ByteSpan data)
 CHIP_ERROR Hash_SHA256_stream::GetDigest(MutableByteSpan & out_buffer)
 {
 
-    VerifyOrReturnError(mInitialized, CHIP_ERROR_UNINITIALIZED);
+    VerifyOrReturnError(IsInitialized(), CHIP_ERROR_UNINITIALIZED, Clear());
 
     EVP_MD_CTX * mdctx = to_inner_hash_evp_md_ctx(&mContext);
 
@@ -519,7 +532,7 @@ CHIP_ERROR Hash_SHA256_stream::Finish(MutableByteSpan & out_buffer)
     unsigned int size;
 
     VerifyOrReturnError(out_buffer.size() >= kSHA256_Hash_Length, CHIP_ERROR_BUFFER_TOO_SMALL);
-    VerifyOrReturnError(mInitialized, CHIP_ERROR_UNINITIALIZED);
+    VerifyOrReturnError(IsInitialized(), CHIP_ERROR_UNINITIALIZED, Clear());
 
     EVP_MD_CTX * mdctx = to_inner_hash_evp_md_ctx(&mContext);
 
@@ -541,7 +554,6 @@ void Hash_SHA256_stream::Clear()
     EVP_MD_CTX_free(mdctx);
     set_inner_hash_evp_md_ctx(&mContext, nullptr);
 
-    mInitialized = false;
     OPENSSL_cleanse(this, sizeof(*this));
 }