From 020d9ba4ed7f59d538898e05ca5d5f2c2777bac3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Sep 2019 10:45:14 +0200 Subject: [PATCH] Introduce abstraction mbedtls_pk_handle_t This is the first in a series of commit aimed at removing the pk_info structures when we're building with MBEDTLS_PK_SINGLE_TYPE enabled. Introducing this abstraction allows us to later make it a two-valued type (valid, invalid) instead, which is much lighter. --- include/mbedtls/pk.h | 10 +-- library/pk.c | 95 +++++++++++++++-------------- library/pkparse.c | 16 ++--- library/ssl_cli.c | 2 +- library/ssl_srv.c | 2 +- tests/suites/test_suite_pk.function | 2 +- 6 files changed, 66 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a9d763a53..476bce15f 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -127,13 +127,15 @@ typedef struct mbedtls_pk_debug_item * \brief Public key information and operations */ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; +typedef const mbedtls_pk_info_t *mbedtls_pk_handle_t; +#define MBEDTLS_PK_INVALID_HANDLE ( (mbedtls_pk_handle_t) NULL ) /** * \brief Public key container */ typedef struct mbedtls_pk_context { - const mbedtls_pk_info_t * pk_info; /**< Public key information */ + mbedtls_pk_handle_t pk_info; /**< Public key information */ void * pk_ctx; /**< Underlying public key context */ } mbedtls_pk_context; @@ -151,7 +153,7 @@ typedef struct */ typedef struct { - const mbedtls_pk_info_t * pk_info; /**< Public key information */ + mbedtls_pk_handle_t pk_info; /**< Public key information */ void * rs_ctx; /**< Underlying restart context */ } mbedtls_pk_restart_ctx; #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ @@ -213,7 +215,7 @@ typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx ); * * \return The PK info associated with the type or NULL if not found. */ -const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); +mbedtls_pk_handle_t mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ); /** * \brief Initialize a #mbedtls_pk_context (as NONE). @@ -264,7 +266,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ); * \note For contexts holding an RSA-alt key, use * \c mbedtls_pk_setup_rsa_alt() instead. */ -int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ); +int mbedtls_pk_setup( mbedtls_pk_context *ctx, mbedtls_pk_handle_t info ); #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /** diff --git a/library/pk.c b/library/pk.c index 9f85718c9..9621e9e81 100644 --- a/library/pk.c +++ b/library/pk.c @@ -1016,35 +1016,35 @@ const mbedtls_pk_info_t mbedtls_rsa_alt_info = { #if defined(MBEDTLS_PK_SINGLE_TYPE) MBEDTLS_ALWAYS_INLINE static inline mbedtls_pk_type_t pk_info_type( - const mbedtls_pk_info_t *info ) + mbedtls_pk_handle_t info ) { (void) info; return( MBEDTLS_PK_INFO_TYPE( MBEDTLS_PK_SINGLE_TYPE ) ); } MBEDTLS_ALWAYS_INLINE static inline const char * pk_info_name( - const mbedtls_pk_info_t *info ) + mbedtls_pk_handle_t info ) { (void) info; return( MBEDTLS_PK_INFO_NAME( MBEDTLS_PK_SINGLE_TYPE ) ); } MBEDTLS_ALWAYS_INLINE static inline size_t pk_info_get_bitlen( - const mbedtls_pk_info_t *info, const void *ctx ) + mbedtls_pk_handle_t info, const void *ctx ) { (void) info; return( MBEDTLS_PK_INFO_GET_BITLEN( MBEDTLS_PK_SINGLE_TYPE )( ctx ) ); } MBEDTLS_ALWAYS_INLINE static inline int pk_info_can_do( - const mbedtls_pk_info_t *info, mbedtls_pk_type_t type ) + mbedtls_pk_handle_t info, mbedtls_pk_type_t type ) { (void) info; return( MBEDTLS_PK_INFO_CAN_DO( MBEDTLS_PK_SINGLE_TYPE )( type ) ); } MBEDTLS_ALWAYS_INLINE static inline int pk_info_verify_func( - const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg, + mbedtls_pk_handle_t info, void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { @@ -1064,7 +1064,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_verify_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_sign_func( - const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg, + mbedtls_pk_handle_t info, void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), @@ -1088,7 +1088,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_sign_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_decrypt_func( - const mbedtls_pk_info_t *info, void *ctx, + mbedtls_pk_handle_t info, void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), @@ -1112,7 +1112,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_decrypt_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_encrypt_func( - const mbedtls_pk_info_t *info, void *ctx, + mbedtls_pk_handle_t info, void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), @@ -1136,7 +1136,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_encrypt_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_check_pair_func( - const mbedtls_pk_info_t *info, const void *pub, const void *prv ) + mbedtls_pk_handle_t info, const void *pub, const void *prv ) { (void) info; #if MBEDTLS_PK_INFO_CHECK_PAIR_OMIT( MBEDTLS_PK_SINGLE_TYPE ) @@ -1150,21 +1150,21 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_check_pair_func( } MBEDTLS_ALWAYS_INLINE static inline void *pk_info_ctx_alloc_func( - const mbedtls_pk_info_t *info ) + mbedtls_pk_handle_t info ) { (void) info; return( MBEDTLS_PK_INFO_CTX_ALLOC_FUNC( MBEDTLS_PK_SINGLE_TYPE )( ) ); } MBEDTLS_ALWAYS_INLINE static inline void pk_info_ctx_free_func( - const mbedtls_pk_info_t *info, void *ctx ) + mbedtls_pk_handle_t info, void *ctx ) { (void) info; MBEDTLS_PK_INFO_CTX_FREE_FUNC( MBEDTLS_PK_SINGLE_TYPE )( ctx ); } MBEDTLS_ALWAYS_INLINE static inline int pk_info_debug_func( - const mbedtls_pk_info_t *info, + mbedtls_pk_handle_t info, const void *ctx, mbedtls_pk_debug_item *items ) { (void) info; @@ -1180,31 +1180,31 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_debug_func( #else /* MBEDTLS_PK_SINGLE_TYPE */ MBEDTLS_ALWAYS_INLINE static inline mbedtls_pk_type_t pk_info_type( - const mbedtls_pk_info_t *info ) + mbedtls_pk_handle_t info ) { return( info->type ); } MBEDTLS_ALWAYS_INLINE static inline const char * pk_info_name( - const mbedtls_pk_info_t *info ) + mbedtls_pk_handle_t info ) { return( info->name ); } MBEDTLS_ALWAYS_INLINE static inline size_t pk_info_get_bitlen( - const mbedtls_pk_info_t *info, const void *ctx ) + mbedtls_pk_handle_t info, const void *ctx ) { return( info->get_bitlen( ctx ) ); } MBEDTLS_ALWAYS_INLINE static inline int pk_info_can_do( - const mbedtls_pk_info_t *info, mbedtls_pk_type_t type ) + mbedtls_pk_handle_t info, mbedtls_pk_type_t type ) { return( info->can_do( type ) ); } MBEDTLS_ALWAYS_INLINE static inline int pk_info_verify_func( - const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg, + mbedtls_pk_handle_t info, void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { @@ -1215,7 +1215,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_verify_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_sign_func( - const mbedtls_pk_info_t *info, void *ctx, mbedtls_md_type_t md_alg, + mbedtls_pk_handle_t info, void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), @@ -1229,7 +1229,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_sign_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_decrypt_func( - const mbedtls_pk_info_t *info, void *ctx, + mbedtls_pk_handle_t info, void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), @@ -1243,7 +1243,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_decrypt_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_encrypt_func( - const mbedtls_pk_info_t *info, void *ctx, + mbedtls_pk_handle_t info, void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), @@ -1257,7 +1257,7 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_encrypt_func( } MBEDTLS_ALWAYS_INLINE static inline int pk_info_check_pair_func( - const mbedtls_pk_info_t *info, const void *pub, const void *prv ) + mbedtls_pk_handle_t info, const void *pub, const void *prv ) { if( info->check_pair_func == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -1266,19 +1266,19 @@ MBEDTLS_ALWAYS_INLINE static inline int pk_info_check_pair_func( } MBEDTLS_ALWAYS_INLINE static inline void *pk_info_ctx_alloc_func( - const mbedtls_pk_info_t *info ) + mbedtls_pk_handle_t info ) { return( info->ctx_alloc_func( ) ); } MBEDTLS_ALWAYS_INLINE static inline void pk_info_ctx_free_func( - const mbedtls_pk_info_t *info, void *ctx ) + mbedtls_pk_handle_t info, void *ctx ) { info->ctx_free_func( ctx ); } MBEDTLS_ALWAYS_INLINE static inline int pk_info_debug_func( - const mbedtls_pk_info_t *info, + mbedtls_pk_handle_t info, const void *ctx, mbedtls_pk_debug_item *items ) { if( info->debug_func == NULL ) @@ -1297,7 +1297,7 @@ void mbedtls_pk_init( mbedtls_pk_context *ctx ) { PK_VALIDATE( ctx != NULL ); - ctx->pk_info = NULL; + ctx->pk_info = MBEDTLS_PK_INVALID_HANDLE; ctx->pk_ctx = NULL; } @@ -1309,7 +1309,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) if( ctx == NULL ) return; - if ( ctx->pk_info != NULL ) + if ( ctx->pk_info != MBEDTLS_PK_INVALID_HANDLE ) pk_info_ctx_free_func( ctx->pk_info, ctx->pk_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); @@ -1331,7 +1331,7 @@ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) */ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) { - if( ctx == NULL || ctx->pk_info == NULL || + if( ctx == NULL || ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE || ctx->pk_info->rs_free_func == NULL ) { return; @@ -1339,7 +1339,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) ctx->pk_info->rs_free_func( ctx->rs_ctx ); - ctx->pk_info = NULL; + ctx->pk_info = MBEDTLS_PK_INVALID_HANDLE; ctx->rs_ctx = NULL; } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ @@ -1347,7 +1347,7 @@ void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx ) /* * Get pk_info structure from type */ -const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) +mbedtls_pk_handle_t mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) { switch( pk_type ) { #if defined(MBEDTLS_RSA_C) @@ -1380,11 +1380,14 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) /* * Initialise context */ -int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) +int mbedtls_pk_setup( mbedtls_pk_context *ctx, mbedtls_pk_handle_t info ) { PK_VALIDATE_RET( ctx != NULL ); - if( info == NULL || ctx->pk_info != NULL ) + if( info == MBEDTLS_PK_INVALID_HANDLE || + ctx->pk_info != MBEDTLS_PK_INVALID_HANDLE ) + { return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + } if( ( ctx->pk_ctx = pk_info_ctx_alloc_func( info ) ) == NULL ) return( MBEDTLS_ERR_PK_ALLOC_FAILED ); @@ -1404,10 +1407,10 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, mbedtls_pk_rsa_alt_key_len_func key_len_func ) { mbedtls_rsa_alt_context *rsa_alt; - const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; + mbedtls_pk_handle_t info = &mbedtls_rsa_alt_info; PK_VALIDATE_RET( ctx != NULL ); - if( ctx->pk_info != NULL ) + if( ctx->pk_info != MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) @@ -1434,7 +1437,7 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type ) /* A context with null pk_info is not set up yet and can't do anything. * For backward compatibility, also accept NULL instead of a context * pointer. */ - if( ctx == NULL || ctx->pk_info == NULL ) + if( ctx == NULL || ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( 0 ); return( pk_info_can_do( ctx->pk_info, type ) ); @@ -1465,10 +1468,10 @@ static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len * Helper to set up a restart context if needed */ static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, - const mbedtls_pk_info_t *info ) + mbedtls_pk_handle_t info ) { /* Don't do anything if already set up or invalid */ - if( ctx == NULL || ctx->pk_info != NULL ) + if( ctx == NULL || ctx->pk_info != MBEDTLS_PK_INVALID_HANDLE ) return( 0 ); /* Should never happen when we're called */ @@ -1498,7 +1501,7 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, hash != NULL ); PK_VALIDATE_RET( sig != NULL ); - if( ctx->pk_info == NULL || + if( ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -1553,7 +1556,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, hash != NULL ); PK_VALIDATE_RET( sig != NULL ); - if( ctx->pk_info == NULL ) + if( ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ! mbedtls_pk_can_do( ctx, type ) ) @@ -1618,7 +1621,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, hash != NULL ); PK_VALIDATE_RET( sig != NULL ); - if( ctx->pk_info == NULL || + if( ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -1674,7 +1677,7 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, PK_VALIDATE_RET( output != NULL || osize == 0 ); PK_VALIDATE_RET( olen != NULL ); - if( ctx->pk_info == NULL ) + if( ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( pk_info_decrypt_func( ctx->pk_info, ctx->pk_ctx, input, ilen, @@ -1694,7 +1697,7 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, PK_VALIDATE_RET( output != NULL || osize == 0 ); PK_VALIDATE_RET( olen != NULL ); - if( ctx->pk_info == NULL ) + if( ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( pk_info_encrypt_func( ctx->pk_info, ctx->pk_ctx, input, ilen, @@ -1709,7 +1712,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte PK_VALIDATE_RET( pub != NULL ); PK_VALIDATE_RET( prv != NULL ); - if( pub->pk_info == NULL || prv->pk_info == NULL ) + if( pub->pk_info == MBEDTLS_PK_INVALID_HANDLE || prv->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) @@ -1735,7 +1738,7 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) { /* For backward compatibility, accept NULL or a context that * isn't set up yet, and return a fake value that should be safe. */ - if( ctx == NULL || ctx->pk_info == NULL ) + if( ctx == NULL || ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( 0 ); return( pk_info_get_bitlen( ctx->pk_info, ctx->pk_ctx ) ); @@ -1747,7 +1750,7 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) { PK_VALIDATE_RET( ctx != NULL ); - if( ctx->pk_info == NULL ) + if( ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( pk_info_debug_func( ctx->pk_info, ctx->pk_ctx, items ) ); @@ -1758,7 +1761,7 @@ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *item */ const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) { - if( ctx == NULL || ctx->pk_info == NULL ) + if( ctx == NULL || ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( "invalid PK" ); return( pk_info_name( ctx->pk_info ) ); @@ -1769,7 +1772,7 @@ const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx ) */ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ) { - if( ctx == NULL || ctx->pk_info == NULL ) + if( ctx == NULL || ctx->pk_info == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_PK_NONE ); return( pk_info_type( ctx->pk_info ) ); diff --git a/library/pkparse.c b/library/pkparse.c index 1a73101f9..4cff8d7e2 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -687,7 +687,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, size_t len; mbedtls_asn1_buf alg_params; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; - const mbedtls_pk_info_t *pk_info; + mbedtls_pk_handle_t pk_info; PK_VALIDATE_RET( p != NULL ); PK_VALIDATE_RET( *p != NULL ); @@ -712,7 +712,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, return( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) + if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) @@ -1150,7 +1150,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( unsigned char *p = (unsigned char *) key; unsigned char *end = p + keylen; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; - const mbedtls_pk_info_t *pk_info; + mbedtls_pk_handle_t pk_info; /* * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) @@ -1192,7 +1192,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) + if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ) @@ -1374,7 +1374,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, defined(MBEDTLS_PEM_PARSE_C) int ret; #endif - const mbedtls_pk_info_t *pk_info; + mbedtls_pk_handle_t pk_info; #if defined(MBEDTLS_PEM_PARSE_C) size_t len; mbedtls_pem_context pem; @@ -1604,7 +1604,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, int ret; unsigned char *p; #if defined(MBEDTLS_RSA_C) - const mbedtls_pk_info_t *pk_info; + mbedtls_pk_handle_t pk_info; #endif #if defined(MBEDTLS_PEM_PARSE_C) size_t len; @@ -1631,7 +1631,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, if( ret == 0 ) { p = pem.buf; - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) @@ -1679,7 +1679,7 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, #endif /* MBEDTLS_PEM_PARSE_C */ #if defined(MBEDTLS_RSA_C) - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == MBEDTLS_PK_INVALID_HANDLE ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 ) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 0a1322ab0..79d5598f1 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2383,7 +2383,7 @@ static int ssl_rsa_encrypt_partial_pms( mbedtls_ssl_context *ssl, * params currently, and there's no 'is_init' functions for PK * contexts, we need to break the abstraction and peek into * the PK context to see if it has been initialized. */ - if( ssl->handshake->peer_pubkey.pk_info != NULL ) + if( ssl->handshake->peer_pubkey.pk_info != MBEDTLS_PK_INVALID_HANDLE ) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ if( ssl->session_negotiate->peer_cert != NULL ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 69af31727..bfd659e4b 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4462,7 +4462,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) * params currently, and there's no 'is_init' functions for PK * contexts, we need to break the abstraction and peek into * the PK context to see if it has been initialized. */ - if( ssl->handshake->peer_pubkey.pk_info != NULL ) + if( ssl->handshake->peer_pubkey.pk_info != MBEDTLS_PK_INVALID_HANDLE ) peer_pk = &ssl->handshake->peer_pubkey; #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ if( ssl->session_negotiate->peer_cert != NULL ) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index fc917d003..163585584 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -107,7 +107,7 @@ void valid_parameters( ) TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) ); #endif - TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) == + TEST_ASSERT( mbedtls_pk_setup( &pk, MBEDTLS_PK_INVALID_HANDLE ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); /* In informational functions, we accept NULL where a context pointer