eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Introduce MD handle type

Browse source 
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
This commit is contained in:
Hanno Becker 2019-07-17 11:21:02 +01:00
parent 505be8be4d
commit a5cedbcd3f
30 changed files with 247 additions and 177 deletions
Download patch file Download diff file Expand all files Collapse all files

7
library/ecdsa.c
View file

@ -412,11 +412,14 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
size_t grp_len = ( grp->nbits + 7 ) / 8;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_mpi h;
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
mbedtls_mpi_init( &h );
mbedtls_hmac_drbg_init( &rng_ctx );

25
library/ecjpake.c
View file

@ -63,7 +63,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
{
ECJPAKE_VALIDATE( ctx != NULL );
ctx->md_info = NULL;
ctx->md_info = MBEDTLS_MD_INVALID_HANDLE;
mbedtls_ecp_group_init( &ctx->grp );
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
@ -86,7 +86,7 @@ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
if( ctx == NULL )
return;
ctx->md_info = NULL;
ctx->md_info = MBEDTLS_MD_INVALID_HANDLE;
mbedtls_ecp_group_free( &ctx->grp );
mbedtls_ecp_point_free( &ctx->Xm1 );
@ -119,8 +119,11 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
ctx->role = role;
if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
}
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );
@ -140,7 +143,7 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
{
ECJPAKE_VALIDATE_RET( ctx != NULL );
if( ctx->md_info == NULL ||
if( ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
{
@ -190,7 +193,7 @@ static int ecjpake_write_len_point( unsigned char **p,
/*
* Compute hash for ZKP (7.4.2.2.2.1)
*/
static int ecjpake_hash( const mbedtls_md_info_t *md_info,
static int ecjpake_hash( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@ -240,7 +243,7 @@ cleanup:
/*
* Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)
*/
static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
static int ecjpake_zkp_read( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@ -312,7 +315,7 @@ cleanup:
/*
* Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)
*/
static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
static int ecjpake_zkp_write( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@ -373,7 +376,7 @@ cleanup:
* Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof
* Output: verified public key X
*/
static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
static int ecjpake_kkp_read( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@ -410,7 +413,7 @@ cleanup:
* Generate an ECJPAKEKeyKP
* Output: the serialized structure, plus private/public key pair
*/
static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
static int ecjpake_kkp_write( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@ -447,7 +450,7 @@ cleanup:
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
* Ouputs: verified peer public keys Xa, Xb
*/
static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
static int ecjpake_kkpp_read( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@ -480,7 +483,7 @@ cleanup:
* Generate a ECJPAKEKeyKPPairList
* Outputs: the serialized structure, plus two private/public key pairs
*/
static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
static int ecjpake_kkpp_write( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,

6
library/hkdf.c
View file

@ -30,7 +30,7 @@
#include "mbedtls/hkdf.h"
#include "mbedtls/platform_util.h"
int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt,
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len )
@ -51,7 +51,7 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
return( ret );
}
int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
int mbedtls_hkdf_extract( mbedtls_md_handle_t md,
const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len,
unsigned char *prk )
@ -81,7 +81,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
}
int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk,
size_t prk_len, const unsigned char *info,
size_t info_len, unsigned char *okm, size_t okm_len )
{

6
library/hmac_drbg.c
View file

@ -124,7 +124,7 @@ void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
*/
int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
mbedtls_md_handle_t md_info,
const unsigned char *data, size_t data_len )
{
int ret;
@ -246,7 +246,7 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
* from the entropy source as suggested in 8.6.7.
*/
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
const mbedtls_md_info_t * md_info,
mbedtls_md_handle_t md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
@ -564,7 +564,7 @@ int mbedtls_hmac_drbg_self_test( int verbose )
{
mbedtls_hmac_drbg_context ctx;
unsigned char buf[OUTPUT_LEN];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
mbedtls_hmac_drbg_init( &ctx );

75
library/md.c
View file

@ -94,7 +94,7 @@ const int *mbedtls_md_list( void )
return( supported_digests );
}
const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name )
{
if( NULL == md_name )
return( NULL );
@ -137,7 +137,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
return( NULL );
}
const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
{
switch( md_type )
{
@ -187,7 +187,7 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx )
void mbedtls_md_free( mbedtls_md_context_t *ctx )
{
if( ctx == NULL || ctx->md_info == NULL )
if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return;
if( ctx->md_ctx != NULL )
@ -206,8 +206,8 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx )
int mbedtls_md_clone( mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src )
{
if( dst == NULL || dst->md_info == NULL ||
src == NULL || src->md_info == NULL ||
if( dst == NULL || dst->md_info == MBEDTLS_MD_INVALID_HANDLE ||
src == NULL || src->md_info == MBEDTLS_MD_INVALID_HANDLE ||
dst->md_info != src->md_info )
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@ -219,15 +219,15 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
}
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info )
{
return mbedtls_md_setup( ctx, md_info, 1 );
}
#endif
int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac )
{
if( md_info == NULL || ctx == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
@ -250,7 +250,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
int mbedtls_md_starts( mbedtls_md_context_t *ctx )
{
if( ctx == NULL || ctx->md_info == NULL )
if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( ctx->md_info->starts_func( ctx->md_ctx ) );
@ -258,7 +258,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx )
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
{
if( ctx == NULL || ctx->md_info == NULL )
if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
@ -266,23 +266,23 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
{
if( ctx == NULL || ctx->md_info == NULL )
if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( ctx->md_info->finish_func( ctx->md_ctx, output ) );
}
int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen,
unsigned char *output )
{
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( md_info->digest_func( input, ilen, output ) );
}
#if defined(MBEDTLS_FS_IO)
int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned char *output )
{
int ret;
FILE *f;
@ -290,7 +290,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne
mbedtls_md_context_t ctx;
unsigned char buf[1024];
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
if( ( f = fopen( path, "rb" ) ) == NULL )
@ -329,8 +329,12 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
unsigned char *ipad, *opad;
size_t i;
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
if( ctx == NULL ||
ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
ctx->hmac_ctx == NULL )
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
}
if( keylen > (size_t) ctx->md_info->block_size )
{
@ -371,8 +375,12 @@ cleanup:
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
{
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
if( ctx == NULL ||
ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
ctx->hmac_ctx == NULL )
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
}
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
}
@ -383,8 +391,12 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
unsigned char *opad;
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
if( ctx == NULL ||
ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
ctx->hmac_ctx == NULL )
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
}
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
@ -406,8 +418,12 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
int ret;
unsigned char *ipad;
if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
if( ctx == NULL ||
ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
ctx->hmac_ctx == NULL )
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
}
ipad = (unsigned char *) ctx->hmac_ctx;
@ -417,7 +433,7 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
ctx->md_info->block_size ) );
}
int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
int mbedtls_md_hmac( mbedtls_md_handle_t md_info,
const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output )
@ -425,7 +441,7 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
mbedtls_md_context_t ctx;
int ret;
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
mbedtls_md_init( &ctx );
@ -448,31 +464,34 @@ cleanup:
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
{
if( ctx == NULL || ctx->md_info == NULL )
if( ctx == NULL ||
ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
}
return( ctx->md_info->process_func( ctx->md_ctx, data ) );
}
unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info )
{
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( 0 );
return md_info->size;
}
mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info )
{
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_MD_NONE );
return md_info->type;
}
const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info )
{
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( NULL );
return md_info->name;

7
library/pk.c
View file

@ -205,13 +205,16 @@ int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
*/
static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
{
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
if( *hash_len != 0 )
return( 0 );
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
return( -1 );
}
*hash_len = mbedtls_md_get_size( md_info );
return( 0 );

4
library/pkcs11.c
View file

@ -183,8 +183,8 @@ int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
if( md_alg != MBEDTLS_MD_NONE )
{
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )

4
library/pkcs12.c
View file

@ -261,7 +261,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
size_t hlen, use_len, v, i;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
// This version only allows max of 64 bytes of password or salt
@ -269,7 +269,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( md_type );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
mbedtls_md_init( &md_ctx );

8
library/pkcs5.c
View file

@ -122,7 +122,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
unsigned char key[32], iv[32];
size_t olen = 0;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
const mbedtls_cipher_info_t *cipher_info;
mbedtls_md_context_t md_ctx;
mbedtls_cipher_type_t cipher_alg;
@ -157,7 +157,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
}
md_info = mbedtls_md_info_from_type( md_type );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
@ -356,14 +356,14 @@ static const unsigned char result_key[MAX_TESTS][32] =
int mbedtls_pkcs5_self_test( int verbose )
{
mbedtls_md_context_t sha1_ctx;
const mbedtls_md_info_t *info_sha1;
mbedtls_md_handle_t info_sha1;
int ret, i;
unsigned char key[64];
mbedtls_md_init( &sha1_ctx );
info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
if( info_sha1 == NULL )
if( info_sha1 == MBEDTLS_MD_INVALID_HANDLE )
{
ret = 1;
goto exit;

24
library/rsa.c
View file

@ -1128,7 +1128,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
int ret;
unsigned char *p = output;
unsigned int hlen;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
@ -1145,7 +1145,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
@ -1326,7 +1326,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
@ -1349,7 +1349,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
@ -1767,7 +1767,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
size_t slen, min_slen, hlen, offset = 0;
int ret;
size_t msb;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
@ -1789,14 +1789,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
{
/* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hashlen = mbedtls_md_get_size( md_info );
}
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
@ -1910,8 +1910,8 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
/* Are we signing hashed or raw data? */
if( md_alg != MBEDTLS_MD_NONE )
{
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
@ -2150,7 +2150,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
unsigned char zeros[8];
unsigned int hlen;
size_t observed_salt_len, msb;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
@ -2186,14 +2186,14 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
{
/* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hashlen = mbedtls_md_get_size( md_info );
}
md_info = mbedtls_md_info_from_type( mgf1_hash_id );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );

39
library/ssl_tls.c
View file

@ -660,7 +660,7 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
const unsigned char *S1, *S2;
unsigned char tmp[128];
unsigned char h_i[20];
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
@ -681,8 +681,11 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
/*
* First compute P_md5(secret,label+random)[0..dlen]
*/
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
return( ret );
@ -712,8 +715,11 @@ MBEDTLS_NO_INLINE static int tls1_prf( const unsigned char *secret, size_t slen,
/*
* XOR out with P_sha1(secret,label+random)[0..dlen]
*/
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
return( ret );
@ -763,14 +769,17 @@ int tls_prf_generic( mbedtls_md_type_t md_type,
size_t i, j, k, md_len;
unsigned char tmp[128];
unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
mbedtls_md_init( &md_ctx );
if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
if( ( md_info = mbedtls_md_info_from_type( md_type ) ) ==
MBEDTLS_MD_INVALID_HANDLE )
{
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
md_len = mbedtls_md_get_size( md_info );
@ -1244,7 +1253,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform,
unsigned keylen;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \
!defined(MBEDTLS_SSL_EXPORT_KEYS) && \
@ -1293,7 +1302,7 @@ int ssl_populate_transform( mbedtls_ssl_transform *transform,
md_info = mbedtls_md_info_from_type(
mbedtls_ssl_suite_get_mac( ciphersuite_info ) );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
mbedtls_ssl_suite_get_mac( ciphersuite_info ) ) );
@ -3368,7 +3377,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
memset( tmp, 0, sizeof( tmp ) );
switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) )
switch( mbedtls_md_get_type(
mbedtls_md_get_handle( &transform->md_ctx_dec ) ) )
{
#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
defined(MBEDTLS_SHA256_C)
@ -6890,13 +6900,16 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl,
ssl->session->peer_cert_digest;
mbedtls_md_type_t const peer_cert_digest_type =
ssl->session->peer_cert_digest_type;
mbedtls_md_info_t const * const digest_info =
mbedtls_md_handle_t digest_info =
mbedtls_md_info_from_type( peer_cert_digest_type );
unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
size_t digest_len;
if( peer_cert_digest == NULL || digest_info == NULL )
if( peer_cert_digest == NULL ||
digest_info == MBEDTLS_MD_INVALID_HANDLE )
{
return( -1 );
}
digest_len = mbedtls_md_get_size( digest_info );
if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
@ -10110,9 +10123,9 @@ static int ssl_session_load( mbedtls_ssl_session *session,
if( session->peer_cert_digest_len != 0 )
{
const mbedtls_md_info_t *md_info =
mbedtls_md_handle_t md_info =
mbedtls_md_info_from_type( session->peer_cert_digest_type );
if( md_info == NULL )
if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@ -12484,7 +12497,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
{
int ret = 0;
mbedtls_md_context_t ctx;
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
*hashlen = mbedtls_md_get_size( md_info );
mbedtls_md_init( &ctx );

2
library/x509.c
View file

@ -1065,7 +1065,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, mbedtls_pk_type_t pk_alg,
if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
{
const mbedtls_pk_rsassa_pss_options *pss_opts;
const mbedtls_md_info_t *md_info, *mgf_md_info;
mbedtls_md_handle_t md_info, mgf_md_info;
pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;

4
library/x509_crt.c
View file

@ -2088,7 +2088,7 @@ static void x509_crt_free_sig_info( mbedtls_x509_crt_sig_info *info )
static int x509_crt_get_sig_info( mbedtls_x509_crt_frame const *frame,
mbedtls_x509_crt_sig_info *info )
{
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
md_info = mbedtls_md_info_from_type( frame->sig_md );
if( mbedtls_md( md_info, frame->tbs.p, frame->tbs.len,
@ -2705,7 +2705,7 @@ static int x509_crt_verifycrl( unsigned char *crt_serial,
int ret;
int flags = 0;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
mbedtls_md_handle_t md_info;
mbedtls_x509_buf_raw ca_subject;
mbedtls_pk_context *pk;
int can_sign;