Unify ssl_calc_verify_sha{256,384}
Saves about 40 bytes of code size on m0plus with baremetal_size. Note: the debug messages are change to no longer include the hash name. That's not a problem as we already know which alg is used from previous output, and we can also know it form the size of the printed buffer. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
3048c8c906
commit
74970664a9
1 changed files with 80 additions and 102 deletions
|
@ -6600,64 +6600,89 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
static int ssl_calc_verify_tls_psa(const mbedtls_ssl_context *ssl,
|
||||
const psa_hash_operation_t *hs_op,
|
||||
size_t buffer_size,
|
||||
unsigned char *hash,
|
||||
size_t *hlen)
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_hash_operation_t copy = psa_hash_operation_init();
|
||||
|
||||
#if !defined(MBEDTLS_DEBUG_C)
|
||||
(void) ssl;
|
||||
#endif
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify"));
|
||||
status = psa_hash_clone(hs_op, ©);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_hash_finish(©, hash, buffer_size, hlen);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
|
||||
|
||||
exit:
|
||||
psa_hash_abort(©);
|
||||
return mbedtls_md_error_from_psa(status);
|
||||
}
|
||||
#else
|
||||
static int ssl_calc_verify_tls_legacy(const mbedtls_ssl_context *ssl,
|
||||
const mbedtls_md_context_t *hs_ctx,
|
||||
unsigned char *hash,
|
||||
size_t *hlen)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_context_t copy;
|
||||
|
||||
mbedtls_md_init(©);
|
||||
|
||||
#if !defined(MBEDTLS_DEBUG_C)
|
||||
(void) ssl;
|
||||
#endif
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify"));
|
||||
|
||||
ret = mbedtls_md_setup(©, mbedtls_md_info_from_ctx(hs_ctx), 0);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_md_clone(©, hs_ctx);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_md_finish(©, hash);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
*hlen = mbedtls_md_get_size(mbedtls_md_info_from_ctx(hs_ctx));
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
|
||||
|
||||
exit:
|
||||
mbedtls_md_free(©);
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
|
||||
unsigned char *hash,
|
||||
size_t *hlen)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t hash_size;
|
||||
psa_status_t status;
|
||||
psa_hash_operation_t sha256_psa = psa_hash_operation_init();
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256"));
|
||||
status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
*hlen = 32;
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
|
||||
|
||||
exit:
|
||||
psa_hash_abort(&sha256_psa);
|
||||
return mbedtls_md_error_from_psa(status);
|
||||
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha256_psa, 32,
|
||||
hash, hlen);
|
||||
#else
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_context_t sha256;
|
||||
|
||||
mbedtls_md_init(&sha256);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256"));
|
||||
|
||||
ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_md_finish(&sha256, hash);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
*hlen = 32;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
|
||||
|
||||
exit:
|
||||
mbedtls_md_free(&sha256);
|
||||
return ret;
|
||||
return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha256,
|
||||
hash, hlen);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 */
|
||||
|
@ -6668,58 +6693,11 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
|
|||
size_t *hlen)
|
||||
{
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
size_t hash_size;
|
||||
psa_status_t status;
|
||||
psa_hash_operation_t sha384_psa = psa_hash_operation_init();
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384"));
|
||||
status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
*hlen = 48;
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen);
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify"));
|
||||
|
||||
exit:
|
||||
psa_hash_abort(&sha384_psa);
|
||||
return mbedtls_md_error_from_psa(status);
|
||||
return ssl_calc_verify_tls_psa(ssl, &ssl->handshake->fin_sha384_psa, 48,
|
||||
hash, hlen);
|
||||
#else
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_context_t sha384;
|
||||
|
||||
mbedtls_md_init(&sha384);
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384"));
|
||||
|
||||
ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = mbedtls_md_finish(&sha384, hash);
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
*hlen = 48;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen);
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify"));
|
||||
|
||||
exit:
|
||||
mbedtls_md_free(&sha384);
|
||||
return ret;
|
||||
return ssl_calc_verify_tls_legacy(ssl, &ssl->handshake->fin_sha384,
|
||||
hash, hlen);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
}
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
|
|
Loading…
Reference in a new issue