Allow zero length inputs to _wc_Hash_Grow to be a succesful no-op

Added '--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP' to the make_check matrix in os-check.yml.

Author: night1rider

.github/workflows/os-check.yml

@@ -98,6 +98,7 @@ jobs:
           '--enable-curve25519=nonblock --enable-ecc=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"',
           '--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"',
           '--enable-ocsp --enable-ocsp-responder --enable-ocspstapling CPPFLAGS="-DWOLFSSL_NONBLOCK_OCSP" --enable-maxfragment',
+          '--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'

wolfcrypt/src/hash.c

@@ -1956,9 +1956,14 @@ int _wc_Hash_Grow(byte** msg, word32* used, word32* len, const byte* in,
 {
     word32 usedSz = 0;
 
-    if (inSz <= 0 || !WC_SAFE_SUM_WORD32(*used, (word32)inSz, usedSz))
+    if (inSz < 0 || !WC_SAFE_SUM_WORD32(*used, (word32)inSz, usedSz))
         return BAD_FUNC_ARG;
 
+    /* Allow zero-length input as a no-op. Some callers may pass zero-length
+     * data during hash operations and this should not be treated as an error. */
+    if (inSz == 0)
+        return 0;
+
     if (*len < usedSz) {
         if (*msg == NULL) {
             *msg = (byte*)XMALLOC(usedSz, heap, DYNAMIC_TYPE_TMP_BUFFER);