Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing
feat: MD: X.509 hashing
This commit is contained in:
commit
81d903f5aa
4 changed files with 140 additions and 69 deletions
2
ChangeLog.d/MD-X.509-hashing.txt
Normal file
2
ChangeLog.d/MD-X.509-hashing.txt
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
Features
|
||||||
|
* The X.509 module now uses PSA hash acceleration if present.
|
|
@ -47,7 +47,7 @@
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
#endif
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PLATFORM_C)
|
#if defined(MBEDTLS_PLATFORM_C)
|
||||||
#include "mbedtls/platform.h"
|
#include "mbedtls/platform.h"
|
||||||
|
@ -2336,8 +2336,14 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
|
||||||
const mbedtls_x509_crt_profile *profile )
|
const mbedtls_x509_crt_profile *profile )
|
||||||
{
|
{
|
||||||
int flags = 0;
|
int flags = 0;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
unsigned char hash[PSA_HASH_MAX_SIZE];
|
||||||
|
psa_algorithm_t psa_algorithm;
|
||||||
|
#else
|
||||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
size_t hash_length;
|
||||||
|
|
||||||
if( ca == NULL )
|
if( ca == NULL )
|
||||||
return( flags );
|
return( flags );
|
||||||
|
@ -2370,19 +2376,38 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
|
||||||
if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
|
if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
|
||||||
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
|
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
|
||||||
|
|
||||||
md_info = mbedtls_md_info_from_type( crl_list->sig_md );
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
|
psa_algorithm = mbedtls_psa_translate_md( crl_list->sig_md );
|
||||||
|
if( psa_hash_compute( psa_algorithm,
|
||||||
|
crl_list->tbs.p,
|
||||||
|
crl_list->tbs.len,
|
||||||
|
hash,
|
||||||
|
sizeof( hash ),
|
||||||
|
&hash_length ) != PSA_SUCCESS )
|
||||||
{
|
{
|
||||||
/* Note: this can't happen except after an internal error */
|
/* Note: this can't happen except after an internal error */
|
||||||
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
md_info = mbedtls_md_info_from_type( crl_list->sig_md );
|
||||||
|
hash_length = mbedtls_md_get_size( md_info );
|
||||||
|
if( mbedtls_md( md_info,
|
||||||
|
crl_list->tbs.p,
|
||||||
|
crl_list->tbs.len,
|
||||||
|
hash ) != 0 )
|
||||||
|
{
|
||||||
|
/* Note: this can't happen except after an internal error */
|
||||||
|
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
if( x509_profile_check_key( profile, &ca->pk ) != 0 )
|
if( x509_profile_check_key( profile, &ca->pk ) != 0 )
|
||||||
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
||||||
|
|
||||||
if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
|
if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
|
||||||
crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
|
crl_list->sig_md, hash, hash_length,
|
||||||
crl_list->sig.p, crl_list->sig.len ) != 0 )
|
crl_list->sig.p, crl_list->sig.len ) != 0 )
|
||||||
{
|
{
|
||||||
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
|
||||||
|
@ -2421,9 +2446,9 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child,
|
||||||
mbedtls_x509_crt *parent,
|
mbedtls_x509_crt *parent,
|
||||||
mbedtls_x509_crt_restart_ctx *rs_ctx )
|
mbedtls_x509_crt_restart_ctx *rs_ctx )
|
||||||
{
|
{
|
||||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
|
||||||
size_t hash_len;
|
size_t hash_len;
|
||||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
||||||
const mbedtls_md_info_t *md_info;
|
const mbedtls_md_info_t *md_info;
|
||||||
md_info = mbedtls_md_info_from_type( child->sig_md );
|
md_info = mbedtls_md_info_from_type( child->sig_md );
|
||||||
hash_len = mbedtls_md_get_size( md_info );
|
hash_len = mbedtls_md_get_size( md_info );
|
||||||
|
@ -2432,23 +2457,21 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child,
|
||||||
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
|
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
|
||||||
return( -1 );
|
return( -1 );
|
||||||
#else
|
#else
|
||||||
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
|
unsigned char hash[PSA_HASH_MAX_SIZE];
|
||||||
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
|
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
|
||||||
if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
|
status = psa_hash_compute( hash_alg,
|
||||||
return( -1 );
|
child->tbs.p,
|
||||||
|
child->tbs.len,
|
||||||
if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len )
|
hash,
|
||||||
!= PSA_SUCCESS )
|
sizeof( hash ),
|
||||||
|
&hash_len );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
{
|
{
|
||||||
return( -1 );
|
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
|
|
||||||
!= PSA_SUCCESS )
|
|
||||||
{
|
|
||||||
return( -1 );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
/* Skip expensive computation on obvious mismatch */
|
/* Skip expensive computation on obvious mismatch */
|
||||||
if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
|
if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )
|
||||||
|
|
|
@ -40,6 +40,11 @@
|
||||||
#include "mbedtls/pem.h"
|
#include "mbedtls/pem.h"
|
||||||
#endif /* MBEDTLS_PEM_WRITE_C */
|
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
#include "psa/crypto.h"
|
||||||
|
#include "mbedtls/psa_util.h"
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
|
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
|
||||||
{
|
{
|
||||||
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
|
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
|
||||||
|
@ -167,66 +172,86 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
|
static int mbedtls_x509write_crt_set_key_identifier( mbedtls_x509write_cert *ctx,
|
||||||
|
int is_ca,
|
||||||
|
unsigned char tag )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
|
||||||
unsigned char *c = buf + sizeof(buf);
|
unsigned char *c = buf + sizeof(buf);
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
size_t hash_length;
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
memset( buf, 0, sizeof(buf) );
|
memset( buf, 0, sizeof(buf) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len,
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) );
|
mbedtls_pk_write_pubkey( &c,
|
||||||
|
buf,
|
||||||
|
is_ca ?
|
||||||
|
ctx->issuer_key :
|
||||||
|
ctx->subject_key ) );
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
status = psa_hash_compute( PSA_ALG_SHA_1,
|
||||||
|
buf + sizeof(buf) - len,
|
||||||
|
len,
|
||||||
|
buf + sizeof(buf) - 20,
|
||||||
|
20,
|
||||||
|
&hash_length );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||||
|
}
|
||||||
|
#else
|
||||||
ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
|
ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
|
||||||
buf + sizeof( buf ) - 20 );
|
buf + sizeof( buf ) - 20 );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
c = buf + sizeof( buf ) - 20;
|
c = buf + sizeof( buf ) - 20;
|
||||||
len = 20;
|
len = 20;
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len,
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, tag ) );
|
||||||
mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_OCTET_STRING ) );
|
|
||||||
|
|
||||||
return mbedtls_x509write_crt_set_extension( ctx,
|
if( is_ca ) // writes AuthorityKeyIdentifier sequence
|
||||||
|
{
|
||||||
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ));
|
||||||
|
MBEDTLS_ASN1_CHK_ADD( len,
|
||||||
|
mbedtls_asn1_write_tag( &c,
|
||||||
|
buf,
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED |
|
||||||
|
MBEDTLS_ASN1_SEQUENCE ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( is_ca )
|
||||||
|
return( mbedtls_x509write_crt_set_extension( ctx,
|
||||||
|
MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
|
||||||
|
MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
|
||||||
|
0, buf + sizeof(buf) - len, len ) );
|
||||||
|
else
|
||||||
|
return( mbedtls_x509write_crt_set_extension( ctx,
|
||||||
MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
|
MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
|
||||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
|
MBEDTLS_OID_SIZE( MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER ),
|
||||||
0, buf + sizeof(buf) - len, len );
|
0, buf + sizeof(buf) - len, len ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx )
|
||||||
|
{
|
||||||
|
return mbedtls_x509write_crt_set_key_identifier( ctx,
|
||||||
|
0,
|
||||||
|
MBEDTLS_ASN1_OCTET_STRING );
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
|
int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
return mbedtls_x509write_crt_set_key_identifier( ctx,
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
|
1,
|
||||||
unsigned char *c = buf + sizeof( buf );
|
(MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0) );
|
||||||
size_t len = 0;
|
|
||||||
|
|
||||||
memset( buf, 0, sizeof(buf) );
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len,
|
|
||||||
mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
|
|
||||||
|
|
||||||
ret = mbedtls_sha1( buf + sizeof( buf ) - len, len,
|
|
||||||
buf + sizeof( buf ) - 20 );
|
|
||||||
if( ret != 0 )
|
|
||||||
return( ret );
|
|
||||||
c = buf + sizeof( buf ) - 20;
|
|
||||||
len = 20;
|
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len,
|
|
||||||
mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | 0 ) );
|
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len,
|
|
||||||
mbedtls_asn1_write_tag( &c, buf,
|
|
||||||
MBEDTLS_ASN1_CONSTRUCTED |
|
|
||||||
MBEDTLS_ASN1_SEQUENCE ) );
|
|
||||||
|
|
||||||
return mbedtls_x509write_crt_set_extension(
|
|
||||||
ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
|
|
||||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
|
|
||||||
0, buf + sizeof( buf ) - len, len );
|
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
|
||||||
|
@ -330,8 +355,16 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
|
||||||
const char *sig_oid;
|
const char *sig_oid;
|
||||||
size_t sig_oid_len = 0;
|
size_t sig_oid_len = 0;
|
||||||
unsigned char *c, *c2;
|
unsigned char *c, *c2;
|
||||||
unsigned char hash[64];
|
|
||||||
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
||||||
|
size_t hash_length = 0;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
psa_algorithm_t psa_algorithm;
|
||||||
|
unsigned char hash[PSA_HASH_MAX_SIZE];
|
||||||
|
#else
|
||||||
|
unsigned char hash[64];
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
|
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
mbedtls_pk_type_t pk_alg;
|
mbedtls_pk_type_t pk_alg;
|
||||||
|
@ -466,14 +499,30 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx,
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* Compute hash of CRT. */
|
/* Compute hash of CRT. */
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
psa_algorithm = mbedtls_psa_translate_md( ctx->md_alg );
|
||||||
|
|
||||||
|
status = psa_hash_compute( psa_algorithm,
|
||||||
|
c,
|
||||||
|
len,
|
||||||
|
hash,
|
||||||
|
sizeof( hash ),
|
||||||
|
&hash_length );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||||
|
}
|
||||||
|
#else
|
||||||
if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
|
if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c,
|
||||||
len, hash ) ) != 0 )
|
len, hash ) ) != 0 )
|
||||||
{
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
|
if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg,
|
||||||
hash, 0, sig, sizeof( sig ), &sig_len,
|
hash, hash_length, sig, sizeof( sig ), &sig_len,
|
||||||
f_rng, p_rng ) ) != 0 )
|
f_rng, p_rng ) ) != 0 )
|
||||||
{
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
|
@ -35,7 +35,7 @@
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "mbedtls/psa_util.h"
|
#include "mbedtls/psa_util.h"
|
||||||
#endif
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
@ -149,7 +149,6 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
mbedtls_pk_type_t pk_alg;
|
mbedtls_pk_type_t pk_alg;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
|
|
||||||
size_t hash_len;
|
size_t hash_len;
|
||||||
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
|
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg );
|
||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
@ -219,16 +218,14 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx,
|
||||||
* Note: hash errors can happen only after an internal error
|
* Note: hash errors can happen only after an internal error
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
|
if( psa_hash_compute( hash_alg,
|
||||||
return( MBEDTLS_ERR_X509_FATAL_ERROR );
|
c,
|
||||||
|
len,
|
||||||
if( psa_hash_update( &hash_operation, c, len ) != PSA_SUCCESS )
|
hash,
|
||||||
return( MBEDTLS_ERR_X509_FATAL_ERROR );
|
sizeof( hash ),
|
||||||
|
&hash_len ) != PSA_SUCCESS )
|
||||||
if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
|
|
||||||
!= PSA_SUCCESS )
|
|
||||||
{
|
{
|
||||||
return( MBEDTLS_ERR_X509_FATAL_ERROR );
|
return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
||||||
|
|
Loading…
Reference in a new issue