From 40afdd2791d7f769fb131e447c274c2ced059a6a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 6 Sep 2022 13:08:28 +0200 Subject: [PATCH] Make use of MBEDTLS_MAX_HASH_SIZE macro Signed-off-by: Przemek Stekiel --- library/pkcs12.c | 2 +- library/rsa.c | 11 ++++------- library/ssl_tls12_client.c | 7 ++----- library/x509_crt.c | 5 ++--- library/x509write_crt.c | 6 ++---- tests/suites/test_suite_ecdsa.function | 6 +++--- 6 files changed, 14 insertions(+), 23 deletions(-) diff --git a/library/pkcs12.c b/library/pkcs12.c index 06b0c125a1..f33507987b 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -324,7 +324,7 @@ int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, unsigned char diversifier[128]; unsigned char salt_block[128], pwd_block[128], hash_block[128] = {0}; - unsigned char hash_output[64]; /* Maximal hash size for SHA512 */ + unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE]; unsigned char *p; unsigned char c; int use_password = 0; diff --git a/library/rsa.c b/library/rsa.c index 50d15a1e87..e59755534f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -57,12 +57,9 @@ /* We use MD first if it's available (for compatibility reasons) * and "fall back" to PSA otherwise (which needs psa_crypto_init()). */ #if defined(MBEDTLS_PKCS1_V21) -#if defined(MBEDTLS_MD_C) -#define HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE -#else /* MBEDTLS_MD_C */ +#if !defined(MBEDTLS_MD_C) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#define HASH_MAX_SIZE PSA_HASH_MAX_SIZE #endif /* MBEDTLS_MD_C */ #endif /* MBEDTLS_PKCS1_V21 */ @@ -1114,7 +1111,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, unsigned char *p; unsigned int hlen; size_t i, use_len; - unsigned char mask[HASH_MAX_SIZE]; + unsigned char mask[MBEDTLS_HASH_MAX_SIZE]; #if defined(MBEDTLS_MD_C) int ret = 0; const mbedtls_md_info_t *md_info; @@ -1469,7 +1466,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, size_t ilen, i, pad_len; unsigned char *p, bad, pad_done; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - unsigned char lhash[HASH_MAX_SIZE]; + unsigned char lhash[MBEDTLS_HASH_MAX_SIZE]; unsigned int hlen; RSA_VALIDATE_RET( ctx != NULL ); @@ -2064,7 +2061,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, size_t siglen; unsigned char *p; unsigned char *hash_start; - unsigned char result[HASH_MAX_SIZE]; + unsigned char result[MBEDTLS_HASH_MAX_SIZE]; unsigned int hlen; size_t observed_salt_len, msb; unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = {0}; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index f8140945da..d1ec55cfcb 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2330,11 +2330,8 @@ start_processing: if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) { size_t sig_len, hashlen; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char hash[PSA_HASH_MAX_SIZE]; -#else - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#endif + unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); diff --git a/library/x509_crt.c b/library/x509_crt.c index ad235bfe0c..d96abb28f4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -47,8 +47,8 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "hash_info.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#include "hash_info.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -2354,11 +2354,10 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, const mbedtls_x509_crt_profile *profile ) { int flags = 0; + unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; #if defined(MBEDTLS_USE_PSA_CRYPTO) - unsigned char hash[PSA_HASH_MAX_SIZE]; psa_algorithm_t psa_algorithm; #else - unsigned char hash[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; #endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t hash_length; diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 986e1fe128..e51a385f68 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -43,9 +43,9 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "hash_info.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#include "hash_info.h" #include "legacy_or_psa.h" void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) @@ -360,12 +360,10 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *c, *c2; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t hash_length = 0; + unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t psa_algorithm; - unsigned char hash[PSA_HASH_MAX_SIZE]; -#else - unsigned char hash[64]; #endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index a8b1e45a2e..7e1daa25a3 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -1,11 +1,11 @@ /* BEGIN_HEADER */ #include "mbedtls/ecdsa.h" +#include "hash_info.h" #include "legacy_or_psa.h" #if ( defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_SHA256_C) ) || \ ( !defined(MBEDTLS_ECDSA_DETERMINISTIC) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA) ) #define MBEDTLS_HAS_ALG_SHA_256_VIA_MD_IF_DETERMINISTIC #endif -#define MBEDTLS_TEST_HASH_MAX_SIZE 64 /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -20,7 +20,7 @@ void ecdsa_prim_zero( int id ) mbedtls_ecp_point Q; mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; - unsigned char buf[MBEDTLS_TEST_HASH_MAX_SIZE]; + unsigned char buf[MBEDTLS_HASH_MAX_SIZE]; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); @@ -52,7 +52,7 @@ void ecdsa_prim_random( int id ) mbedtls_ecp_point Q; mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; - unsigned char buf[MBEDTLS_TEST_HASH_MAX_SIZE]; + unsigned char buf[MBEDTLS_HASH_MAX_SIZE]; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q );