Unify ssl_calc_verify_sha{256,384}

Saves about 40 bytes of code size on m0plus with baremetal_size.

Note: the debug messages are change to no longer include the hash name.
That's not a problem as we already know which alg is used from previous
output, and we can also know it form the size of the printed buffer.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-06-24 09:43:26 +02:00
parent 3048c8c906
commit 74970664a9

View file

@ -6600,64 +6600,89 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl,
const psa_hash_operation_t *hs_op,
size_t buffer_size,
unsigned char *hash,
size_t *hlen)
{
psa_status_t status;
psa_hash_operation_t copy = psa_hash_operation_init();
#if !defined(MBEDTLS_DEBUG_C)
(void) ssl;
#endif
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify"));
status = psa_hash_clone(hs_op, &copy);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_hash_finish(&copy, hash, buffer_size, hlen);
if (status != PSA_SUCCESS) {
goto exit;
}
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
exit:
psa_hash_abort(&copy);
return mbedtls_md_error_from_psa(status);
}
#else
static int ssl_calc_verify_tls_legacy(const mbedtls_ssl_context *ssl,
const mbedtls_md_context_t *hs_ctx,
unsigned char *hash,
size_t *hlen)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t copy;
mbedtls_md_init(&copy);
#if !defined(MBEDTLS_DEBUG_C)
(void) ssl;
#endif
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify"));
ret = mbedtls_md_setup(&copy, mbedtls_md_info_from_ctx(hs_ctx), 0);
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_clone(&copy, hs_ctx);
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_finish(&copy, hash);
if (ret != 0) {
goto exit;
}
*hlen = mbedtls_md_get_size(mbedtls_md_info_from_ctx(hs_ctx));
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
exit:
mbedtls_md_free(&copy);
return ret;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_MD_CAN_SHA256)
int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
unsigned char *hash,
size_t *hlen)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_status_t status;
psa_hash_operation_t sha256_psa = psa_hash_operation_init();
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256"));
status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size);
if (status != PSA_SUCCESS) {
goto exit;
}
*hlen = 32;
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
exit:
psa_hash_abort(&sha256_psa);
return mbedtls_md_error_from_psa(status);
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32,
hash, hlen);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha256;
mbedtls_md_init(&sha256);
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256"));
ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_finish(&sha256, hash);
if (ret != 0) {
goto exit;
}
*hlen = 32;
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
exit:
mbedtls_md_free(&sha256);
return ret;
return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256,
hash, hlen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_MD_CAN_SHA256 */
@ -6668,58 +6693,11 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
size_t *hlen)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_size;
psa_status_t status;
psa_hash_operation_t sha384_psa = psa_hash_operation_init();
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384"));
status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
if (status != PSA_SUCCESS) {
goto exit;
}
status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size);
if (status != PSA_SUCCESS) {
goto exit;
}
*hlen = 48;
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
exit:
psa_hash_abort(&sha384_psa);
return mbedtls_md_error_from_psa(status);
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48,
hash, hlen);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha384;
mbedtls_md_init(&sha384);
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384"));
ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
if (ret != 0) {
goto exit;
}
ret = mbedtls_md_finish(&sha384, hash);
if (ret != 0) {
goto exit;
}
*hlen = 48;
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
exit:
mbedtls_md_free(&sha384);
return ret;
return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384,
hash, hlen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_MD_CAN_SHA384 */