From 3252c4d913fa58157950d75ced27f6e7aaa1ebb5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Sep 2019 15:03:56 +0100 Subject: [PATCH] Fixup MD: Avoid always-false pointer comparison When MBEDTLS_MD_SINGLE_HASH is set, both the underlying digest context and the HMAC data are embedded into the mbedtls_md_context; otherwise, they're dynamically allocated and referenced from mbedtls_md_context. When the HMAC data is embedded in mbedtls_md_context, it's unnecessary to check whether mbedtls_md_context::hmac_ctx is NULL, because that's never the case in defined behaviour, but the check has kept for uniformity so far. However, contrary to the expectation that compilers would silently remove this check as always false, ARMC6 complains about it, breaking some tests in all.sh. This commit fixes this by guarding checks for mbedtls_md_context::hmac_ctx == NULL by !MBEDTLS_MD_SINGLE_HASH. --- library/md.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/library/md.c b/library/md.c index df010ae27..882942e13 100644 --- a/library/md.c +++ b/library/md.c @@ -529,9 +529,14 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -587,9 +592,14 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, { mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -607,9 +617,14 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -648,9 +663,14 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) mbedtls_md_handle_t md_info; - if( ctx == NULL || ctx->hmac_ctx == NULL ) + if( ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_MD_SINGLE_HASH) + if( ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); +#endif /* !MBEDTLS_MD_SINGLE_HASH */ + md_info = mbedtls_md_get_handle( ctx ); if( md_info == MBEDTLS_MD_INVALID_HANDLE ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );