mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-31 10:20:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use reset_checksum in reset_transcript_for_hrr

Browse Source 
This function was manually resetting just the hash that would be used;
it's simpler to just call the function that resets all hashes. This also
avoids calling low-level code from TLS 1.3.

While at it, remove the guards about SHA-256 || SHA-384 that were around
update_checksum, as they are redundant: update_checksum already has
appropriate guards (and TLS 1.3 already depends on one of those tow
hashes being present anyway).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2023-02-05 10:26:49 +01:00
parent 537f231fd9
commit d7a7a23308
1 changed files with 2 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
library/ssl_tls13_generic.c
View File

@ -1399,37 +1399,9 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl)
hash_len += 4; hash_len += 4;
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) /* Reset running hash and replace it with a hash of the transcript */
if (ciphersuite_info->mac == MBEDTLS_MD_SHA256) { mbedtls_ssl_reset_checksum(ssl);
MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-256 handshake transcript",
hash_transcript, hash_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&ssl->handshake->fin_sha256_psa);
psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
#else
mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
#endif
}
#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-384 handshake transcript",
hash_transcript, hash_len);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&ssl->handshake->fin_sha384_psa);
psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
#else
mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
#endif
}
#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); ssl->handshake->update_checksum(ssl, hash_transcript, hash_len);
#endif \
/* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA || MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
return ret; return ret;
} }