diff --git a/ChangeLog b/ChangeLog index 9f04b62a3..81abd5b11 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Features * Support for DTLS 1.0 and 1.2 (RFC 6347). API Changes + * md_init_ctx() gained a new argument for optional hmac usage * Removed individual mdX_hmac and shaX_hmac functions (use generic md_hmac functions from md.h) * Change md_info_t into an opaque structure (use md_get_xxx() accessors). diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 490845a90..3d30beaa0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -142,12 +142,14 @@ void md_free( md_context_t *ctx ); * digest-specific context (ctx->md_ctx) must be NULL. It will * be allocated, and must be freed using md_free() later. * \param md_info message digest to use. + * \param hmac non-zero if you want to use this context for hmac too, + * zero otherwise (saves some memory). * * \returns \c 0 on success, \c POLARSSL_ERR_MD_BAD_INPUT_DATA on * parameter failure, \c POLARSSL_ERR_MD_ALLOC_FAILED if * allocation of the digest-specific context failed. */ -int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ); +int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac ); /** * \brief Returns the size of the message digest output. diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 2e4b682b6..295da3aa0 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -97,7 +97,7 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx, md_init( &ctx->md_ctx ); - if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 ) return( ret ); /* @@ -171,7 +171,7 @@ int hmac_drbg_init( hmac_drbg_context *ctx, md_init( &ctx->md_ctx ); - if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 ) return( ret ); md_size = md_get_size( md_info ); diff --git a/library/md.c b/library/md.c index cb6364e8a..eef9d73fc 100644 --- a/library/md.c +++ b/library/md.c @@ -199,7 +199,7 @@ void md_free( md_context_t *ctx ) polarssl_zeroize( ctx, sizeof( md_context_t ) ); } -int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) +int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac ) { if( md_info == NULL || ctx == NULL ) return( POLARSSL_ERR_MD_BAD_INPUT_DATA ); @@ -209,11 +209,14 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL ) return( POLARSSL_ERR_MD_ALLOC_FAILED ); - ctx->hmac_ctx = polarssl_malloc( 2 * md_info->block_size ); - if( ctx->hmac_ctx == NULL ) + if( hmac != 0 ) { - md_info->ctx_free_func( ctx->md_ctx ); - return( POLARSSL_ERR_MD_ALLOC_FAILED ); + ctx->hmac_ctx = polarssl_malloc( 2 * md_info->block_size ); + if( ctx->hmac_ctx == NULL ) + { + md_info->ctx_free_func( ctx->md_ctx ); + return( POLARSSL_ERR_MD_ALLOC_FAILED ); + } } ctx->md_info = md_info; @@ -382,7 +385,7 @@ int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen, md_init( &ctx ); - if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &ctx, md_info, 1 ) ) != 0 ) return( ret ); md_hmac_starts( &ctx, key, keylen ); diff --git a/library/pkcs12.c b/library/pkcs12.c index 66b29c163..1f442e6bc 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -268,7 +268,7 @@ int pkcs12_derivation( unsigned char *data, size_t datalen, md_init( &md_ctx ); - if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &md_ctx, md_info, 0 ) ) != 0 ) return( ret ); hlen = md_get_size( md_info ); diff --git a/library/pkcs5.c b/library/pkcs5.c index 280453a1c..9cc8b7d5e 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -189,7 +189,7 @@ int pkcs5_pbes2( const asn1_buf *pbe_params, int mode, memcpy( iv, enc_scheme_params.p, enc_scheme_params.len ); - if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &md_ctx, md_info, 1 ) ) != 0 ) goto exit; if( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len, @@ -365,7 +365,7 @@ int pkcs5_self_test( int verbose ) goto exit; } - if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 ) + if( ( ret = md_init_ctx( &sha1_ctx, info_sha1, 1 ) ) != 0 ) { ret = 1; goto exit; diff --git a/library/rsa.c b/library/rsa.c index d3ab4ed06..afa1c7251 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -556,7 +556,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx, memcpy( p, input, ilen ); md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + md_init_ctx( &md_ctx, md_info, 0 ); // maskedDB: Apply dbMask to DB // @@ -725,7 +725,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx, hlen = md_get_size( md_info ); md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + md_init_ctx( &md_ctx, md_info, 0 ); /* Generate lHash */ md( md_info, label, label_len, lhash ); @@ -969,7 +969,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx, p += slen; md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + md_init_ctx( &md_ctx, md_info, 0 ); // Generate H = Hash( M' ) // @@ -1201,7 +1201,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx, return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); md_init( &md_ctx ); - md_init_ctx( &md_ctx, md_info ); + md_init_ctx( &md_ctx, md_info, 0 ); mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 4fe767b90..b6fe21f0b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2173,7 +2173,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) * }; */ if( ( ret = md_init_ctx( &ctx, - md_info_from_type( md_alg ) ) ) != 0 ) + md_info_from_type( md_alg ), 0 ) ) != 0 ) { SSL_DEBUG_RET( 1, "md_init_ctx", ret ); return( ret ); diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index c2fde82a2..2b6bdc5ae 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -104,7 +104,7 @@ int ssl_cookie_setup( ssl_cookie_ctx *ctx, if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) return( ret ); - ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ) ); + ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ), 1 ); if( ret != 0 ) return( ret ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 250f95fce..49e9b5cb6 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3073,7 +3073,7 @@ curve_matching_done: * ServerDHParams params; * }; */ - if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &ctx, md_info, 0 ) ) != 0 ) { SSL_DEBUG_RET( 1, "md_init_ctx", ret ); return( ret ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a61a51a2..ded226eb4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -658,8 +658,8 @@ int ssl_derive_keys( ssl_context *ssl ) int ret; /* Initialize HMAC contexts */ - if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 || - ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 ) + if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info, 1 ) ) != 0 || + ( ret = md_init_ctx( &transform->md_ctx_dec, md_info, 1 ) ) != 0 ) { SSL_DEBUG_RET( 1, "md_init_ctx", ret ); return( ret ); diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index e61ba7d46..e14acaeae 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -101,7 +101,7 @@ int main( int argc, char *argv[] ) aes_init( &aes_ctx ); md_init( &sha_ctx ); - ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ) ); + ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ), 1 ); if( ret != 0 ) { polarssl_printf( " ! md_init_ctx() returned -0x%04x\n", -ret ); diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a1406b61d..2a3f3cc63 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -185,7 +185,7 @@ int main( int argc, char *argv[] ) polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] ); goto exit; } - md_init_ctx( &md_ctx, md_info); + md_init_ctx( &md_ctx, md_info, 1 ); /* * Read the secret key and clean the command line. diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c index f2a947e65..6cb9951cb 100644 --- a/programs/hash/generic_sum.c +++ b/programs/hash/generic_sum.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] ); return( 1 ); } - if( md_init_ctx( &md_ctx, md_info) ) + if( md_init_ctx( &md_ctx, md_info, 0 ) ) { polarssl_fprintf( stderr, "Failed to initialize context.\n" ); return( 1 ); diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 98dac475d..c0e1d44c7 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -29,7 +29,7 @@ void md_process( ) { info = md_info_from_type( *md_type_ptr ); TEST_ASSERT( info != NULL ); - TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 ); + TEST_ASSERT( md_init_ctx( &ctx, info, 0 ) == 0 ); TEST_ASSERT( md_process( &ctx, buf ) == 0 ); md_free( &ctx ); } @@ -54,8 +54,8 @@ void md_null_args( ) TEST_ASSERT( md_info_from_string( NULL ) == NULL ); - TEST_ASSERT( md_init_ctx( &ctx, NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA ); - TEST_ASSERT( md_init_ctx( NULL, info ) == POLARSSL_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( md_init_ctx( &ctx, NULL, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA ); + TEST_ASSERT( md_init_ctx( NULL, info, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( md_starts( NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA ); TEST_ASSERT( md_starts( &ctx ) == POLARSSL_ERR_MD_BAD_INPUT_DATA ); @@ -195,7 +195,7 @@ void md_text_multi( char *text_md_name, char *text_src_string, strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); md_info = md_info_from_string(md_name); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) ); + TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) ); TEST_ASSERT ( 0 == md_starts( &ctx ) ); TEST_ASSERT ( ctx.md_ctx != NULL ); @@ -233,7 +233,7 @@ void md_hex_multi( char *text_md_name, char *hex_src_string, strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); md_info = md_info_from_string(md_name); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) ); + TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) ); src_len = unhexify( src_str, hex_src_string ); @@ -307,7 +307,7 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string, strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 ); md_info = md_info_from_string( md_name ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) ); + TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 1 ) ); key_len = unhexify( key_str, hex_key_string ); src_len = unhexify( src_str, hex_src_string ); diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 6074e04ee..4240698f2 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -36,7 +36,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string, TEST_ASSERT( info != NULL ); if( info == NULL ) return; - TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 ); + TEST_ASSERT( md_init_ctx( &ctx, info, 1 ) == 0 ); TEST_ASSERT( pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len, it_cnt, key_len, key ) == 0 );