Replace hash_info macro with MD macro

Now the MD macro also accounts for PSA-only hashes. Just a search-and-replace, plus manually removing the definition in hash_info.h. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-28 11:20:23 +02:00 · 2023-03-28 11:20:23 +02:00 · 8857984b2f
commit 8857984b2f
parent 9b41eb8533
12 changed files with 16 additions and 30 deletions
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@ -217,7 +217,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type,
    unsigned char *p = buf;
    const unsigned char *end = buf + sizeof(buf);
    const size_t id_len = strlen(id);
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];

    /* Write things to temporary buffer */
    MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G));
--- a/library/hash_info.h
+++ b/library/hash_info.h
@ -36,20 +36,6 @@
 #include "psa/crypto.h"
 #include "mbedtls/platform_util.h"

-/** \def MBEDTLS_HASH_MAX_SIZE
- *
- * Maximum size of a hash based on configuration.
- */
-#if defined(MBEDTLS_MD_C) && ( \
-    !defined(MBEDTLS_PSA_CRYPTO_C) || \
-    MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \
-    !defined(MBEDTLS_MD_C) || \
-    PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE
-#endif
-
 /** Get the block size of the given hash type from its MD type.
 *
 * \note To get the output length from the PSA alg, use
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@ -290,7 +290,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,

    unsigned char diversifier[128];
    unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 };
-    unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
    unsigned char *p;
    unsigned char c;
    int           use_password = 0;
--- a/library/rsa.c
+++ b/library/rsa.c
@ -1076,7 +1076,7 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
    unsigned char *p;
    unsigned int hlen;
    size_t i, use_len;
-    unsigned char mask[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char mask[MBEDTLS_MD_MAX_SIZE];
    int ret = 0;
    const mbedtls_md_info_t *md_info;
    mbedtls_md_context_t md_ctx;
@ -1380,7 +1380,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
    size_t ilen, i, pad_len;
    unsigned char *p, bad, pad_done;
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char lhash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
    unsigned int hlen;

    /*
@ -1966,7 +1966,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
    size_t siglen;
    unsigned char *p;
    unsigned char *hash_start;
-    unsigned char result[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char result[MBEDTLS_MD_MAX_SIZE];
    unsigned int hlen;
    size_t observed_salt_len, msb;
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 };
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@ -2291,7 +2291,7 @@ start_processing:
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
    if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
        size_t sig_len, hashlen;
-        unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+        unsigned char hash[MBEDTLS_MD_MAX_SIZE];

        mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
        mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@ -3081,7 +3081,7 @@ curve_matching_done:

        size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
        size_t hashlen = 0;
-        unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+        unsigned char hash[MBEDTLS_MD_MAX_SIZE];

        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2024,7 +2024,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
                              const mbedtls_x509_crt_profile *profile)
 {
    int flags = 0;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_algorithm_t psa_algorithm;
 #else
@ -2133,7 +2133,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
                                    mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
    size_t hash_len;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
    const mbedtls_md_info_t *md_info;
    md_info = mbedtls_md_info_from_type(child->sig_md);
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@ -569,7 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
    unsigned char *c, *c2;
    unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
    size_t hash_length = 0;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_algorithm_t psa_algorithm;
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@ -243,7 +243,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
    const char *sig_oid;
    size_t sig_oid_len = 0;
    unsigned char *c, *c2;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
    size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
    size_t len = 0;
    mbedtls_pk_type_t pk_alg;
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@ -28,7 +28,7 @@ void ssl_cf_hmac(int hash)
    size_t min_in_len, in_len, max_in_len, i;
    /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
    unsigned char add_data[13];
-    unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
    unsigned char *data = NULL;
    unsigned char *out = NULL;
    unsigned char rec_num = 0;
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@ -15,7 +15,7 @@ void ecdsa_prim_zero(int id)
    mbedtls_ecp_point Q;
    mbedtls_mpi d, r, s;
    mbedtls_test_rnd_pseudo_info rnd_info;
-    unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char buf[MBEDTLS_MD_MAX_SIZE];

    mbedtls_ecp_group_init(&grp);
    mbedtls_ecp_point_init(&Q);
@ -47,7 +47,7 @@ void ecdsa_prim_random(int id)
    mbedtls_ecp_point Q;
    mbedtls_mpi d, r, s;
    mbedtls_test_rnd_pseudo_info rnd_info;
-    unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char buf[MBEDTLS_MD_MAX_SIZE];

    mbedtls_ecp_group_init(&grp);
    mbedtls_ecp_point_init(&Q);
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -1974,7 +1974,7 @@ void ssl_tls13_create_psk_binder(int hash_alg,
                                 data_t *transcript,
                                 data_t *binder_expected)
 {
-    unsigned char binder[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char binder[MBEDTLS_MD_MAX_SIZE];

    /* Double-check that we've passed sane parameters. */
    psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
@ -2108,7 +2108,7 @@ void ssl_tls13_key_evolution(int hash_alg,
                             data_t *input,
                             data_t *expected)
 {
-    unsigned char secret_new[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char secret_new[MBEDTLS_MD_MAX_SIZE];

    PSA_INIT();