From 8857984b2f87f4caab853c4bcf04934f97f19c9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 28 Mar 2023 11:20:23 +0200
Subject: [PATCH] Replace hash_info macro with MD macro
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Now the MD macro also accounts for PSA-only hashes.

Just a search-and-replace, plus manually removing the definition in
hash_info.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 library/ecjpake.c                                  |  2 +-
 library/hash_info.h                                | 14 --------------
 library/pkcs12.c                                   |  2 +-
 library/rsa.c                                      |  6 +++---
 library/ssl_tls12_client.c                         |  2 +-
 library/ssl_tls12_server.c                         |  2 +-
 library/x509_crt.c                                 |  4 ++--
 library/x509write_crt.c                            |  2 +-
 library/x509write_csr.c                            |  2 +-
 .../suites/test_suite_constant_time_hmac.function  |  2 +-
 tests/suites/test_suite_ecdsa.function             |  4 ++--
 tests/suites/test_suite_ssl.function               |  4 ++--
 12 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/library/ecjpake.c b/library/ecjpake.c
index 6f448b0301..c2ab4b86ad 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -217,7 +217,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type,
     unsigned char *p = buf;
     const unsigned char *end = buf + sizeof(buf);
     const size_t id_len = strlen(id);
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 
     /* Write things to temporary buffer */
     MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G));
diff --git a/library/hash_info.h b/library/hash_info.h
index fb041fa914..84d3d7143f 100644
--- a/library/hash_info.h
+++ b/library/hash_info.h
@@ -36,20 +36,6 @@
 #include "psa/crypto.h"
 #include "mbedtls/platform_util.h"
 
-/** \def MBEDTLS_HASH_MAX_SIZE
- *
- * Maximum size of a hash based on configuration.
- */
-#if defined(MBEDTLS_MD_C) && ( \
-    !defined(MBEDTLS_PSA_CRYPTO_C) || \
-    MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \
-    !defined(MBEDTLS_MD_C) || \
-    PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE
-#endif
-
 /** Get the block size of the given hash type from its MD type.
  *
  * \note To get the output length from the PSA alg, use
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 2f76618d7d..2e6ed7e814 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -290,7 +290,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen,
 
     unsigned char diversifier[128];
     unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 };
-    unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
     unsigned char *p;
     unsigned char c;
     int           use_password = 0;
diff --git a/library/rsa.c b/library/rsa.c
index f7e7943269..3eb7cc0dcc 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1076,7 +1076,7 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src,
     unsigned char *p;
     unsigned int hlen;
     size_t i, use_len;
-    unsigned char mask[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char mask[MBEDTLS_MD_MAX_SIZE];
     int ret = 0;
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
@@ -1380,7 +1380,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
     size_t ilen, i, pad_len;
     unsigned char *p, bad, pad_done;
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char lhash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
     unsigned int hlen;
 
     /*
@@ -1966,7 +1966,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
     size_t siglen;
     unsigned char *p;
     unsigned char *hash_start;
-    unsigned char result[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char result[MBEDTLS_MD_MAX_SIZE];
     unsigned int hlen;
     size_t observed_salt_len, msb;
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 };
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index b875fac53b..df4c00373d 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2291,7 +2291,7 @@ start_processing:
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
     if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
         size_t sig_len, hashlen;
-        unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+        unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 
         mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
         mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 3b8710e413..40e6fc9795 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3081,7 +3081,7 @@ curve_matching_done:
 
         size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
         size_t hashlen = 0;
-        unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+        unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 
         int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9c44ba6a4b..9b49a1b665 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2024,7 +2024,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
                               const mbedtls_x509_crt_profile *profile)
 {
     int flags = 0;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_algorithm_t psa_algorithm;
 #else
@@ -2133,7 +2133,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
                                     mbedtls_x509_crt_restart_ctx *rs_ctx)
 {
     size_t hash_len;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 #if !defined(MBEDTLS_USE_PSA_CRYPTO)
     const mbedtls_md_info_t *md_info;
     md_info = mbedtls_md_info_from_type(child->sig_md);
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 274eb4b7ad..c89670aa45 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -569,7 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
     unsigned char *c, *c2;
     unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
     size_t hash_length = 0;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_algorithm_t psa_algorithm;
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index deb66174b2..06f5c933bc 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -243,7 +243,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
     const char *sig_oid;
     size_t sig_oid_len = 0;
     unsigned char *c, *c2;
-    unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
     size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
     size_t len = 0;
     mbedtls_pk_type_t pk_alg;
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index 985d482ebe..55886fa7ae 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -28,7 +28,7 @@ void ssl_cf_hmac(int hash)
     size_t min_in_len, in_len, max_in_len, i;
     /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
     unsigned char add_data[13];
-    unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
     unsigned char *data = NULL;
     unsigned char *out = NULL;
     unsigned char rec_num = 0;
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 60bb6c2d2b..14fe2f058b 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -15,7 +15,7 @@ void ecdsa_prim_zero(int id)
     mbedtls_ecp_point Q;
     mbedtls_mpi d, r, s;
     mbedtls_test_rnd_pseudo_info rnd_info;
-    unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char buf[MBEDTLS_MD_MAX_SIZE];
 
     mbedtls_ecp_group_init(&grp);
     mbedtls_ecp_point_init(&Q);
@@ -47,7 +47,7 @@ void ecdsa_prim_random(int id)
     mbedtls_ecp_point Q;
     mbedtls_mpi d, r, s;
     mbedtls_test_rnd_pseudo_info rnd_info;
-    unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char buf[MBEDTLS_MD_MAX_SIZE];
 
     mbedtls_ecp_group_init(&grp);
     mbedtls_ecp_point_init(&Q);
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6f9e544138..fb71b835b0 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1974,7 +1974,7 @@ void ssl_tls13_create_psk_binder(int hash_alg,
                                  data_t *transcript,
                                  data_t *binder_expected)
 {
-    unsigned char binder[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char binder[MBEDTLS_MD_MAX_SIZE];
 
     /* Double-check that we've passed sane parameters. */
     psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
@@ -2108,7 +2108,7 @@ void ssl_tls13_key_evolution(int hash_alg,
                              data_t *input,
                              data_t *expected)
 {
-    unsigned char secret_new[MBEDTLS_HASH_MAX_SIZE];
+    unsigned char secret_new[MBEDTLS_MD_MAX_SIZE];
 
     PSA_INIT();