psa: Fix the size of hash buffers

Fix the size of hash buffers for PSA hash
operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-10-18 09:47:58 +02:00
parent 0859fe20f6
commit 3a95d2b530
5 changed files with 14 additions and 5 deletions

View File

@ -2232,7 +2232,7 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
const uint8_t *hash, const uint8_t *hash,
size_t hash_length ) size_t hash_length )
{ {
uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE]; uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length; size_t actual_hash_length;
psa_status_t status = psa_hash_finish( psa_status_t status = psa_hash_finish(
operation, operation,
@ -2275,7 +2275,7 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg,
const uint8_t *input, size_t input_length, const uint8_t *input, size_t input_length,
const uint8_t *hash, size_t hash_length ) const uint8_t *hash, size_t hash_length )
{ {
uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE]; uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length; size_t actual_hash_length;
if( !PSA_ALG_IS_HASH( alg ) ) if( !PSA_ALG_IS_HASH( alg ) )

View File

@ -127,7 +127,7 @@ static psa_status_t psa_hmac_finish_internal(
uint8_t *mac, uint8_t *mac,
size_t mac_size ) size_t mac_size )
{ {
uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; uint8_t tmp[PSA_HASH_MAX_SIZE];
psa_algorithm_t hash_alg = hmac->alg; psa_algorithm_t hash_alg = hmac->alg;
size_t hash_size = 0; size_t hash_size = 0;
size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg ); size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );

View File

@ -37,6 +37,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h> #include <string.h>
@ -3242,7 +3243,11 @@ start_processing:
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{ {
size_t sig_len, hashlen; size_t sig_len, hashlen;
unsigned char hash[64]; #if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char hash[PSA_HASH_MAX_SIZE];
#else
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#endif
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ); unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );

View File

@ -3467,7 +3467,11 @@ curve_matching_done:
{ {
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0; size_t hashlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
unsigned char hash[PSA_HASH_MAX_SIZE];
#else
unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#endif
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* /*

View File

@ -7529,7 +7529,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
goto exit; goto exit;
} }
if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE, if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
hashlen ) ) != PSA_SUCCESS ) hashlen ) ) != PSA_SUCCESS )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status ); MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );