From 9b41eb8533474d264be33368ba625034111e2fd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:14:24 +0200 Subject: [PATCH] Replace hash_info_get_type with MD function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mostly a search and replace with just two manual changes: 1. Now PK and TLS need MD light, so auto-enable it. 2. Remove the old function in hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 4 +++- library/ecjpake.c | 4 ++-- library/hash_info.c | 12 ------------ library/hash_info.h | 10 ---------- library/pk.c | 2 +- library/pkcs12.c | 2 +- library/psa_crypto_rsa.c | 2 +- library/rsa.c | 14 +++++++------- library/ssl_tls12_client.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 12 files changed, 19 insertions(+), 39 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 0917bf72a0..59d18b0347 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -112,8 +112,10 @@ #if defined(MBEDTLS_ECJPAKE_C) || \ defined(MBEDTLS_PEM_PARSE_C) || \ defined(MBEDTLS_ENTROPY_C) || \ + defined(MBEDTLS_PK_C) || \ defined(MBEDTLS_PKCS12_C) || \ - defined(MBEDTLS_RSA_C) + defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_SSL_TLS_C) #define MBEDTLS_MD_LIGHT #endif diff --git a/library/ecjpake.c b/library/ecjpake.c index 7d452bcd50..6f448b0301 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -244,7 +244,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type, /* Turn it into an integer mod n */ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash, - mbedtls_hash_info_get_size(md_type))); + mbedtls_md_get_size_from_type(md_type))); MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N)); cleanup: @@ -780,7 +780,7 @@ int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; - *olen = mbedtls_hash_info_get_size(ctx->md_type); + *olen = mbedtls_md_get_size_from_type(ctx->md_type); if (len < *olen) { return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; } diff --git a/library/hash_info.c b/library/hash_info.c index 37e44c6bd2..783fb2642e 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -55,18 +55,6 @@ static const hash_entry hash_table[] = { { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; -/* Get size from MD type */ -unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->size; -} - /* Get block size from MD type */ unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type) { diff --git a/library/hash_info.h b/library/hash_info.h index f984c82427..fb041fa914 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -50,16 +50,6 @@ #define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE #endif -/** Get the output length of the given hash type from its MD type. - * - * \note To get the output length from the PSA alg, use \c PSA_HASH_LENGTH(). - * - * \param md_type The hash MD type. - * - * \return The output length in bytes, or 0 if not known. - */ -unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type); - /** Get the block size of the given hash type from its MD type. * * \note To get the output length from the PSA alg, use diff --git a/library/pk.c b/library/pk.c index d30205cf78..d731d5b2d4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -418,7 +418,7 @@ static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len) return 0; } - *hash_len = mbedtls_hash_info_get_size(md_alg); + *hash_len = mbedtls_md_get_size_from_type(md_alg); if (*hash_len == 0) { return -1; diff --git a/library/pkcs12.c b/library/pkcs12.c index 515d9e1370..2f76618d7d 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -314,7 +314,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, use_password = (pwd && pwdlen != 0); use_salt = (salt && saltlen != 0); - hlen = mbedtls_hash_info_get_size(md_type); + hlen = mbedtls_md_get_size_from_type(md_type); if (hlen <= 32) { v = 64; diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 3ff589dc88..02cade2deb 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -332,7 +332,7 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, if (*md_alg == MBEDTLS_MD_NONE) { return PSA_ERROR_NOT_SUPPORTED; } - if (mbedtls_hash_info_get_size(*md_alg) != hash_length) { + if (mbedtls_md_get_size_from_type(*md_alg) != hash_length) { return PSA_ERROR_INVALID_ARGUMENT; } } diff --git a/library/rsa.c b/library/rsa.c index 87b3311899..f7e7943269 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1229,7 +1229,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1396,7 +1396,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1596,7 +1596,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg); + size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg); if (exp_hashlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1606,7 +1606,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, } } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1744,7 +1744,7 @@ static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg, /* Are we signing hashed or raw data? */ if (md_alg != MBEDTLS_MD_NONE) { - unsigned char md_size = mbedtls_hash_info_get_size(md_alg); + unsigned char md_size = mbedtls_md_get_size_from_type(md_alg); if (md_size == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1995,7 +1995,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg); + size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg); if (exp_hashlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -2005,7 +2005,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, } } - hlen = mbedtls_hash_info_get_size(mgf1_hash_id); + hlen = mbedtls_md_get_size_from_type(mgf1_hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 691fa62dbd..b875fac53b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2408,7 +2408,7 @@ start_processing: mbedtls_pk_rsassa_pss_options rsassa_pss_options; rsassa_pss_options.mgf1_hash_id = md_alg; rsassa_pss_options.expected_salt_len = - mbedtls_hash_info_get_size(md_alg); + mbedtls_md_get_size_from_type(md_alg); if (rsassa_pss_options.expected_salt_len == 0) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index fbf9ea5c89..efa7efe728 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1200,7 +1200,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); CHK(md_info != NULL); #endif - maclen = mbedtls_hash_info_get_size(hash_id); + maclen = mbedtls_md_get_size_from_type(hash_id); CHK(maclen != 0); /* Pick hash keys */ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 65b0c0303f..65aa593a87 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1448,7 +1448,7 @@ void pk_psa_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char hash[PSA_HASH_MAX_SIZE]; - size_t hash_len = mbedtls_hash_info_get_size(md_alg); + size_t hash_len = mbedtls_md_get_size_from_type(md_alg); void const *options = NULL; mbedtls_pk_rsassa_pss_options rsassa_pss_options; memset(hash, 0x2a, sizeof(hash)); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index d93c1716db..22525d2d63 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -59,7 +59,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) } if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, - csr.sig_md, hash, mbedtls_hash_info_get_size(csr.sig_md), + csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; goto cleanup;